From 0dfb8b3d7882aeb665006ef3d500a2cee6104d75 Mon Sep 17 00:00:00 2001 From: "lukasz.widera@vshn.ch" Date: Wed, 25 Sep 2024 17:28:31 +0200 Subject: [PATCH] remove security settings --- apis/v1/objectstorage_types.go | 2 - crds/appcat.vshn.io_objectbuckets.yaml | 451 +++++++++--------- .../vshnpostgres/postgresql_deploy.go | 26 +- 3 files changed, 256 insertions(+), 223 deletions(-) diff --git a/apis/v1/objectstorage_types.go b/apis/v1/objectstorage_types.go index 08035befd7..5177bc9a28 100644 --- a/apis/v1/objectstorage_types.go +++ b/apis/v1/objectstorage_types.go @@ -17,8 +17,6 @@ const ( // BucketDeletionPolicy determines how buckets should be deleted when a Bucket is deleted. type BucketDeletionPolicy string -//go:generate yq -i e ../generated/appcat.vshn.io_objectbuckets.yaml --expression "with(.spec.versions[]; .schema.openAPIV3Schema.properties.spec.properties.parameters.properties.security.default={})" - // +kubebuilder:object:root=true // +kubebuilder:printcolumn:name="Bucket Name",type="string",JSONPath=".spec.parameters.bucketName" // +kubebuilder:printcolumn:name="Region",type="string",JSONPath=".spec.parameters.region" diff --git a/crds/appcat.vshn.io_objectbuckets.yaml b/crds/appcat.vshn.io_objectbuckets.yaml index cb9d7aee6c..d839a5f29a 100644 --- a/crds/appcat.vshn.io_objectbuckets.yaml +++ b/crds/appcat.vshn.io_objectbuckets.yaml @@ -14,234 +14,251 @@ spec: singular: objectbucket scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.parameters.bucketName - name: Bucket Name - type: string - - jsonPath: .spec.parameters.region - name: Region - type: string - name: v1 - schema: - openAPIV3Schema: - description: ObjectBucket is the API for creating S3 buckets. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ObjectBucketSpec defines the desired state of a ObjectBucket. - properties: - compositionRef: - description: A CompositionReference references a Composition. + - additionalPrinterColumns: + - jsonPath: .spec.parameters.bucketName + name: Bucket Name + type: string + - jsonPath: .spec.parameters.region + name: Region + type: string + name: v1 + schema: + openAPIV3Schema: + description: ObjectBucket is the API for creating S3 buckets. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ObjectBucketSpec defines the desired state of a ObjectBucket. + properties: + compositionRef: + description: A CompositionReference references a Composition. + properties: + name: + description: Name of the Composition. + type: string + required: + - name + type: object + parameters: + description: ObjectBucketParameters are the configurable fields of + a ObjectBucket. + properties: + bucketDeletionPolicy: + default: DeleteAll + description: |- + BucketDeletionPolicy determines how buckets should be deleted when Bucket is deleted. + `DeleteIfEmpty` only deletes the bucket if the bucket is empty. + `DeleteAll` recursively deletes all objects in the bucket and then removes it. + type: string + bucketName: + description: |- + BucketName is the name of the bucket to create. + Cannot be changed after bucket is created. + Name must be acceptable by the S3 protocol, which follows RFC 1123. + Be aware that S3 providers may require a unique name across the platform or region. + type: string + region: + description: |- + Region is the name of the region where the bucket shall be created. + The region must be available in the S3 endpoint. + type: string + security: + description: Security defines the security of a service + properties: + allowAllNamespaces: + default: false + description: AllowAllNamespaces allows the service to be accessible + from all namespaces, this supersedes the AllowedNamespaces + field + type: boolean + allowedGroups: + description: AllowedGroups defines a list of Groups that have + limited access to the instance namespace + items: + type: string + type: array + allowedNamespaces: + description: AllowedNamespaces defines a list of namespaces + from where the service can be reached in the claim namespace + items: + type: string + type: array + allowedUsers: + description: AllowedUsers defines a list of Users that have + limited access to instance namespace. + items: + type: string + type: array + deletionProtection: + default: true + description: DeletionProtection blocks the deletion of the + instance if it is enabled (enabled by default) + type: boolean + type: object + required: + - bucketName + - region + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToRef references a secret to which + the connection details will be written. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + type: string + type: object + x-kubernetes-map-type: atomic + type: object + status: + description: ObjectBucketStatus reflects the observed state of a ObjectBucket. + properties: + accessUserConditions: + description: AccessUserConditions contains a copy of the claim's underlying + user account conditions. + items: properties: - name: - description: Name of the Composition. + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string - required: - - name type: object - parameters: - description: ObjectBucketParameters are the configurable fields of a ObjectBucket. + type: array + bucketConditions: + description: BucketConditions contains a copy of the claim's underlying + bucket conditions. + items: properties: - bucketDeletionPolicy: - default: DeleteAll - description: |- - BucketDeletionPolicy determines how buckets should be deleted when Bucket is deleted. - `DeleteIfEmpty` only deletes the bucket if the bucket is empty. - `DeleteAll` recursively deletes all objects in the bucket and then removes it. + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time type: string - bucketName: - description: |- - BucketName is the name of the bucket to create. - Cannot be changed after bucket is created. - Name must be acceptable by the S3 protocol, which follows RFC 1123. - Be aware that S3 providers may require a unique name across the platform or region. + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 type: string - region: + observedGeneration: description: |- - Region is the name of the region where the bucket shall be created. - The region must be available in the S3 endpoint. + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string - security: - description: Security defines the security of a service - properties: - allowAllNamespaces: - default: false - description: AllowAllNamespaces allows the service to be accessible from all namespaces, this supersedes the AllowedNamespaces field - type: boolean - allowedGroups: - description: AllowedGroups defines a list of Groups that have limited access to the instance namespace - items: - type: string - type: array - allowedNamespaces: - description: AllowedNamespaces defines a list of namespaces from where the service can be reached in the claim namespace - items: - type: string - type: array - allowedUsers: - description: AllowedUsers defines a list of Users that have limited access to instance namespace. - items: - type: string - type: array - deletionProtection: - default: true - description: DeletionProtection blocks the deletion of the instance if it is enabled (enabled by default) - type: boolean - type: object - default: {} - required: - - bucketName - - region type: object - writeConnectionSecretToRef: - description: WriteConnectionSecretToRef references a secret to which the connection details will be written. + type: array + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. properties: - name: + lastTransitionTime: description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time type: string - namespace: + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type type: object - x-kubernetes-map-type: atomic - type: object - status: - description: ObjectBucketStatus reflects the observed state of a ObjectBucket. - properties: - accessUserConditions: - description: AccessUserConditions contains a copy of the claim's underlying user account conditions. - items: - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human-readable message indicating details about the transition. - maxLength: 32768 - type: string - observedGeneration: - description: |- - ObservedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: Reason contains a programmatic identifier indicating the reason for the condition's last transition. - maxLength: 1024 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: Status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of condition. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - type: object - type: array - bucketConditions: - description: BucketConditions contains a copy of the claim's underlying bucket conditions. - items: - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human-readable message indicating details about the transition. - maxLength: 32768 - type: string - observedGeneration: - description: |- - ObservedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: Reason contains a programmatic identifier indicating the reason for the condition's last transition. - maxLength: 1024 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: Status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of condition. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - type: object - type: array - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: |- - LastTransitionTime is the last time this condition transitioned from one - status to another. - format: date-time - type: string - message: - description: |- - A Message containing details about this condition's last transition from - one status to another, if any. - type: string - reason: - description: A Reason for this condition's last transition from one status to another. - type: string - status: - description: Status of this condition; is it currently True, False, or Unknown? - type: string - type: - description: |- - Type of this condition. At most one of each condition type may apply to - a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} diff --git a/pkg/comp-functions/functions/vshnpostgres/postgresql_deploy.go b/pkg/comp-functions/functions/vshnpostgres/postgresql_deploy.go index 8bdc9de78d..e872cebdaa 100644 --- a/pkg/comp-functions/functions/vshnpostgres/postgresql_deploy.go +++ b/pkg/comp-functions/functions/vshnpostgres/postgresql_deploy.go @@ -349,6 +349,12 @@ func createSgCluster(ctx context.Context, comp *vshnv1.VSHNPostgreSQL, svc *runt plan := comp.Spec.Parameters.Size.GetPlan(svc.Config.Data["defaultPlan"]) + x, _ := svc.GetAllObserved() + + for xx, yy := range x { + fmt.Println(string(xx), yy) + } + resources, err := utils.FetchPlansFromConfig(ctx, svc, plan) if err != nil { err = fmt.Errorf("cannot fetch plans from the composition config, maybe they are not set: %w", err) @@ -469,6 +475,9 @@ func createObjectBucket(comp *vshnv1.VSHNPostgreSQL, svc *runtime.ServiceRuntime }, } + jsonned, _ := json.Marshal(xObjectBucket) + fmt.Println(string(jsonned)) + err := svc.SetDesiredComposedResourceWithName(xObjectBucket, "pg-bucket") if err != nil { err = fmt.Errorf("cannot create xObjectBucket: %w", err) @@ -480,6 +489,15 @@ func createObjectBucket(comp *vshnv1.VSHNPostgreSQL, svc *runtime.ServiceRuntime func createSgObjectStorage(comp *vshnv1.VSHNPostgreSQL, svc *runtime.ServiceRuntime) error { + s3DependentRef := xkubev1.Reference{ + DependsOn: &xkubev1.DependsOn{ + APIVersion: "appcat.vshn.io/v1", + Kind: "XObjectBucket", + Name: comp.GetName(), + Namespace: comp.GetInstanceNamespace(), + }, + } + sgObjectStorage := &sgv1beta1.SGObjectStorage{ ObjectMeta: metav1.ObjectMeta{ Name: "sgbackup-" + comp.GetName(), @@ -507,9 +525,9 @@ func createSgObjectStorage(comp *vshnv1.VSHNPostgreSQL, svc *runtime.ServiceRunt }, }, } - err := svc.SetDesiredKubeObjectWithName(sgObjectStorage, comp.GetName()+"-object-storage", "sg-backup") + err := svc.SetDesiredKubeObjectWithName(sgObjectStorage, comp.GetName()+"-object-storage", "sg-backup", runtime.KubeOptionAddRefs(s3DependentRef)) if err != nil { - err = fmt.Errorf("cannot create xObjectBucket: %w", err) + err = fmt.Errorf("cannot create sgBackup: %w", err) return err } @@ -559,7 +577,7 @@ func createPodMonitor(comp *vshnv1.VSHNPostgreSQL, svc *runtime.ServiceRuntime) err = svc.SetDesiredKubeObjectWithName(podMonitor, comp.GetName()+"-podmonitor", "podmonitor") if err != nil { - err = fmt.Errorf("cannot create xObjectBucket: %w", err) + err = fmt.Errorf("cannot create podMonitor: %w", err) return err } return nil @@ -610,7 +628,7 @@ func createCopyJob(comp *vshnv1.VSHNPostgreSQL, svc *runtime.ServiceRuntime) err err := svc.SetDesiredKubeObjectWithName(copyJob, comp.GetName()+"-copyjob", "copy-job") if err != nil { - err = fmt.Errorf("cannot create xObjectBucket: %w", err) + err = fmt.Errorf("cannot create copyJob: %w", err) return err }