I am writing my own cluster driver, and am trying to find out how cloud credentials are sent to the driver. Does anyone have information around cloud credentials and cluster drivers? Thank you

The official docs are a good place to start https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permiss[…]ion/about-provisioning-drivers/manage-cluster-drivers. There's a linked example as well

I'm trying to find the link between creating the cloud cred on the UI, and how the driver gets the corresponding creds

To confirm, the correct fields are shown in the ui when creating the cloud credential associated with your cluster driver provider.... but in the POST to create the cloud credential they're missing?

That's right, I can set the credential via the UI, but I'm not sure how the creds are sent back to the cluster driver itself

The cluster credentials will be stored as a

<http://provisioning.cattle.io/cloud-credential|provisioning.cattle.io/cloud-credential>

resource containing a property, named after the provider, with the provider specific values in. For instance, DO cloud credentials look like...

{
  "type": "<http://provisioning.cattle.io/cloud-credential|provisioning.cattle.io/cloud-credential>",
  "metadata": {
    "generateName": "cc-",
    "namespace": "fleet-default"
  },
  "_name": "asdasd",
  "annotations": {
    "<http://provisioning.cattle.io/driver|provisioning.cattle.io/driver>": "digitalocean"
  },
  "digitaloceancredentialConfig": {
    "accessToken": "<snip>"
  },
  "_type": "<http://provisioning.cattle.io/cloud-credential|provisioning.cattle.io/cloud-credential>",
  "name": "asdasd"
}

Hopefully you should see a POST to

v2/cloudcredentials

with something like above. However.... i'm not sure how those are found and used within the cluster driver context.

Yes, I found that too. That API is capable of authorizing the user's access to a given cloud credential and querying the cloud credential secret

those with the correct permissions should be able to get the associated

v3/secret

by with the same id (swapping : with /)

FYI I figured out how cluster drivers are getting the cloud credentials. rancher has a concept of kontainerengine drivers, and "KEv2" drivers, both of with are "cluster drivers"