POC: Typed credentials exploration for Helm binding#2148
Closed
matthiasbruns wants to merge 7 commits into
Closed
Conversation
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
2 tasks
a37c51a to
8b3eff8
Compare
✅ Deploy Preview for ocm-website canceled.
|
07f49db to
fd322c3
Compare
…ation Add typed credential and consumer identity specs alongside the existing map[string]string Resolver interface. No downstream modules are changed. New typed credential specs (per-binding): - OCICredentials/v1 (Username, Password, AccessToken, RefreshToken) - HelmCredentials/v1 (Username, Password, CertFile, KeyFile, Keyring) - RSACredentials/v1 (PublicKeyPEM, PublicKeyPEMFile, PrivateKeyPEM, PrivateKeyPEMFile) New typed identity spec: - OCIRegistryIdentity with runtime.IdentityProvider interface Core additions to credentials module: - TypedResolver interface (extends Resolver with ResolveTyped) - Graph implements both Resolver and TypedResolver - ConsumerIdentityTypeScheme and CredentialTypeScheme on Options - DirectCredentials alias registration (Credentials/v1, DirectCredentials/v1) Each binding can migrate to TypedResolver in its own PR without blocking other modules. See ADR 0015 for migration path details. Refs: ocm-project#800, ocm-project#702, ocm-project#980
On-behalf-of: SAP <matthias.bruns@sap.com> Signed-off-by: Matthias Bruns <git@matthiasbruns.com> # Conflicts: # website/assets/images/logo-image.png # website/assets/logo-image.png # website/static/images/logo-horizontal-white-text.png
On-behalf-of: SAP <matthias.bruns@sap.com> Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
51fb010 to
54e700b
Compare
4 tasks
On-behalf-of: SAP <matthias.bruns@sap.com> Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
On-behalf-of: SAP <matthias.bruns@sap.com> Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
On-behalf-of: SAP <matthias.bruns@sap.com> Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
…ckwards compatibility On-behalf-of: SAP <matthias.bruns@sap.com> Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
This was referenced Apr 20, 2026
matthiasbruns
added a commit
that referenced
this pull request
Apr 28, 2026
<!-- markdownlint-disable MD041 --> #### What this PR does / why we need it **Phase 1** of the typed credentials [ADR](https://github.com/open-component-model/open-component-model/blob/main/docs/adr/0017_typed_credentials.md) This PR only touches the credential bindings and should not break anything. #### Which issue(s) this PR fixes Contributes: open-component-model/ocm-project#704 You can see the whole picture in #2148 #### Testing ##### How to test the changes Unit & integration tests only. I ran `task init/go.work` with the updated `credentials` binding to see if the udate breaks ocm - it does not :) ##### Verification - [x] I have added/updated tests for my changes (see [Test Requirements](../CONTRIBUTING.md#test-requirements)) - [x] Tests pass locally (`task test` and `task test/integration` if applicable) - [x] My changes do not decrease test coverage --------- Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
This was referenced Apr 29, 2026
matthiasbruns
added a commit
that referenced
this pull request
May 4, 2026
<!-- markdownlint-disable MD041 --> #### What this PR does / why we need it **Phase 2** typed oci bindings [ADR](https://github.com/open-component-model/open-component-model/blob/main/docs/adr/0018_typed_credentials.md) #### Which issue(s) this PR fixes Contributes: open-component-model/ocm-project#986 You can see the whole picture in #2148 #### Testing ##### How to test the changes Unit & integration tests only. I ran `task init/go.work` with the updated `credentials` binding to see if the update breaks ocm - it does not :) ##### Verification - [x] I have added/updated tests for my changes (see [Test Requirements](../CONTRIBUTING.md#test-requirements)) - [x] Tests pass locally (`task test` and `task test/integration` if applicable) - [x] My changes do not decrease test coverage --------- Signed-off-by: Matthias Bruns <git@matthiasbruns.com> Co-authored-by: DevBot <devbot@openclaw.ai>
ocmbot2 Bot
pushed a commit
to morri-son/open-component-model
that referenced
this pull request
May 4, 2026
…del#2360) <!-- markdownlint-disable MD041 --> #### What this PR does / why we need it **Phase 2** typed oci bindings [ADR](https://github.com/open-component-model/open-component-model/blob/main/docs/adr/0018_typed_credentials.md) #### Which issue(s) this PR fixes Contributes: open-component-model/ocm-project#986 You can see the whole picture in open-component-model#2148 #### Testing ##### How to test the changes Unit & integration tests only. I ran `task init/go.work` with the updated `credentials` binding to see if the update breaks ocm - it does not :) ##### Verification - [x] I have added/updated tests for my changes (see [Test Requirements](../CONTRIBUTING.md#test-requirements)) - [x] Tests pass locally (`task test` and `task test/integration` if applicable) - [x] My changes do not decrease test coverage --------- Signed-off-by: Matthias Bruns <git@matthiasbruns.com> Co-authored-by: DevBot <devbot@openclaw.ai> 26020bb
Contributor
Author
|
closed but kept as reference |
jakobmoellerdev
pushed a commit
that referenced
this pull request
May 7, 2026
<!-- markdownlint-disable MD041 --> #### What this PR does / why we need it **Phase 2** typed signing bindings [ADR](https://github.com/open-component-model/open-component-model/blob/main/docs/adr/0018_typed_credentials.md) #### Which issue(s) this PR fixes Contributes: open-component-model/ocm-project#988 You can see the whole picture in #2148 #### Testing ##### How to test the changes Unit & integration tests only. I ran `task init/go.work` with the updated `credentials` binding to see if the update breaks ocm - it does not :) ##### Verification - [x] I have added/updated tests for my changes (see [Test Requirements](../CONTRIBUTING.md#test-requirements)) - [x] Tests pass locally (`task test` and `task test/integration` if applicable) - [x] My changes do not decrease test coverage --------- Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
matthiasbruns
added a commit
that referenced
this pull request
May 15, 2026
<!-- markdownlint-disable MD041 --> #### What this PR does / why we need it **Phase 2** typed helm bindings [ADR](https://github.com/open-component-model/open-component-model/blob/main/docs/adr/0018_typed_credentials.md) #### Which issue(s) this PR fixes Contributes: open-component-model/ocm-project#988 You can see the whole picture in #2148 #### Testing ##### How to test the changes I ran `task init/go.work` with the updated `credentials` binding to see if the update breaks ocm - it does not :) ##### Verification - [x] I have added/updated tests for my changes (see [Test Requirements](../CONTRIBUTING.md#test-requirements)) - [x] Tests pass locally (`task test` and `task test/integration` if applicable) - [x] My changes do not decrease test coverage --------- Signed-off-by: Matthias Bruns <git@matthiasbruns.com> Co-authored-by: Jakob Möller <jakob.moeller@sap.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it
Explores introducing typed credentials and consumer identity types into the OCM credential system, using the Helm binding as a reference implementation. The findings inform ADR 0015 in #2149.
Which issue(s) this PR fixes
open-component-model/ocm-project#980
ADR: #2149
Testing
How to test the changes
This is an exploration POC. To run the typed credential tests:
Verification