From 8d10c3e6eac15808b3d1b442e3c227f264fb7f29 Mon Sep 17 00:00:00 2001 From: Ishan Tyagi Date: Fri, 4 Mar 2022 13:44:51 +0530 Subject: [PATCH 1/4] To dynamically load IaaS credentials during runtime using secrets mount. --- charts/etcd/templates/etcd-statefulset.yaml | 109 ++++++++------------ 1 file changed, 44 insertions(+), 65 deletions(-) diff --git a/charts/etcd/templates/etcd-statefulset.yaml b/charts/etcd/templates/etcd-statefulset.yaml index 05cf0c575..cfa0c03ec 100644 --- a/charts/etcd/templates/etcd-statefulset.yaml +++ b/charts/etcd/templates/etcd-statefulset.yaml @@ -242,77 +242,20 @@ spec: fieldRef: fieldPath: metadata.namespace {{- if eq .Values.store.storageProvider "S3" }} - - name: "AWS_REGION" - valueFrom: - secretKeyRef: - name: {{ .Values.store.storeSecret }} - key: "region" - - name: "AWS_SECRET_ACCESS_KEY" - valueFrom: - secretKeyRef: - name: {{ .Values.store.storeSecret }} - key: "secretAccessKey" - - name: "AWS_ACCESS_KEY_ID" - valueFrom: - secretKeyRef: - name: {{ .Values.store.storeSecret }} - key: "accessKeyID" + - name: "AWS_APPLICATION_CREDENTIALS" + value: "/root/etcd-backup" {{- else if eq .Values.store.storageProvider "ABS" }} - - name: "STORAGE_ACCOUNT" - valueFrom: - secretKeyRef: - name: {{ .Values.store.storeSecret }} - key: "storageAccount" - - name: "STORAGE_KEY" - valueFrom: - secretKeyRef: - name: {{ .Values.store.storeSecret }} - key: "storageKey" + - name: "AZURE_APPLICATION_CREDENTIALS" + value: "/root/etcd-backup" {{- else if eq .Values.store.storageProvider "GCS" }} - name: "GOOGLE_APPLICATION_CREDENTIALS" value: "/root/.gcp/serviceaccount.json" {{- else if eq .Values.store.storageProvider "Swift" }} - - name: "OS_AUTH_URL" - valueFrom: - secretKeyRef: - name: {{ .Values.store.storeSecret }} - key: "authURL" - - name: "OS_DOMAIN_NAME" - valueFrom: - secretKeyRef: - name: {{ .Values.store.storeSecret }} - key: "domainName" - - name: "OS_USERNAME" - valueFrom: - secretKeyRef: - name: {{ .Values.store.storeSecret }} - key: "username" - - name: "OS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ .Values.store.storeSecret }} - key: "password" - - name: "OS_TENANT_NAME" - valueFrom: - secretKeyRef: - name: {{ .Values.store.storeSecret }} - key: "tenantName" + - name: "OPENSTACK_APPLICATION_CREDENTIALS" + value: "/root/etcd-backup" {{- else if eq .Values.store.storageProvider "OSS" }} - - name: "ALICLOUD_ENDPOINT" - valueFrom: - secretKeyRef: - name: {{ .Values.store.storeSecret }} - key: "storageEndpoint" - - name: "ALICLOUD_ACCESS_KEY_SECRET" - valueFrom: - secretKeyRef: - name: {{ .Values.store.storeSecret }} - key: "accessKeySecret" - - name: "ALICLOUD_ACCESS_KEY_ID" - valueFrom: - secretKeyRef: - name: {{ .Values.store.storeSecret }} - key: "accessKeyID" + - name: "ALICLOUD_APPLICATION_CREDENTIALS" + value: "/root/etcd-backup" {{- else if eq .Values.store.storageProvider "ECS" }} - name: "ECS_ENDPOINT" valueFrom: @@ -379,6 +322,22 @@ spec: {{- if eq .Values.store.storageProvider "GCS" }} - name: etcd-backup mountPath: "/root/.gcp/" +{{- end }} +{{- if eq .Values.store.storageProvider "S3" }} + - name: etcd-backup + mountPath: "/root/etcd-backup" +{{- end }} +{{- if eq .Values.store.storageProvider "ABS" }} + - name: etcd-backup + mountPath: "/root/etcd-backup" +{{- end }} +{{- if eq .Values.store.storageProvider "OSS" }} + - name: etcd-backup + mountPath: "/root/etcd-backup" +{{- end }} +{{- if eq .Values.store.storageProvider "Swift" }} + - name: etcd-backup + mountPath: "/root/etcd-backup" {{- end }} securityContext: capabilities: @@ -408,6 +367,26 @@ spec: - name: etcd-backup secret: secretName: {{ .Values.store.storeSecret }} +{{- end }} +{{- if eq .Values.store.storageProvider "S3" }} + - name: etcd-backup + secret: + secretName: {{ .Values.store.storeSecret }} +{{- end }} +{{- if eq .Values.store.storageProvider "ABS" }} + - name: etcd-backup + secret: + secretName: {{ .Values.store.storeSecret }} +{{- end }} +{{- if eq .Values.store.storageProvider "OSS" }} + - name: etcd-backup + secret: + secretName: {{ .Values.store.storeSecret }} +{{- end }} +{{- if eq .Values.store.storageProvider "Swift" }} + - name: etcd-backup + secret: + secretName: {{ .Values.store.storeSecret }} {{- end }} volumeClaimTemplates: - metadata: From 7eebab399c8631d9c57d2602c356ca2205e15192 Mon Sep 17 00:00:00 2001 From: Ishan Tyagi Date: Wed, 9 Mar 2022 11:20:42 +0530 Subject: [PATCH 2/4] To dynamically load IaaS credentials for copy subcommand. --- .../templates/etcd-copy-backups-job.yaml | 222 +++++++----------- 1 file changed, 89 insertions(+), 133 deletions(-) diff --git a/charts/etcd-copy-backups/templates/etcd-copy-backups-job.yaml b/charts/etcd-copy-backups/templates/etcd-copy-backups-job.yaml index 82d9a6942..14d41271c 100644 --- a/charts/etcd-copy-backups/templates/etcd-copy-backups-job.yaml +++ b/charts/etcd-copy-backups/templates/etcd-copy-backups-job.yaml @@ -76,152 +76,37 @@ spec: value: {{ .Values.sourceStore.storageContainer }} {{- end }} {{- if eq .Values.targetStore.storageProvider "S3" }} - - name: "AWS_REGION" - valueFrom: - secretKeyRef: - name: {{ .Values.targetStore.storeSecret }} - key: "region" - - name: "AWS_SECRET_ACCESS_KEY" - valueFrom: - secretKeyRef: - name: {{ .Values.targetStore.storeSecret }} - key: "secretAccessKey" - - name: "AWS_ACCESS_KEY_ID" - valueFrom: - secretKeyRef: - name: {{ .Values.targetStore.storeSecret }} - key: "accessKeyID" + - name: AWS_APPLICATION_CREDENTIALS + value: "/root/etcd-backup" {{- else if eq .Values.targetStore.storageProvider "ABS" }} - - name: "STORAGE_ACCOUNT" - valueFrom: - secretKeyRef: - name: {{ .Values.targetStore.storeSecret }} - key: "storageAccount" - - name: "STORAGE_KEY" - valueFrom: - secretKeyRef: - name: {{ .Values.targetStore.storeSecret }} - key: "storageKey" + - name: AZURE_APPLICATION_CREDENTIALS + value: "/root/etcd-backup" {{- else if eq .Values.targetStore.storageProvider "GCS" }} - - name: "GOOGLE_APPLICATION_CREDENTIALS" + - name: GOOGLE_APPLICATION_CREDENTIALS value: "/root/.gcp/serviceaccount.json" {{- else if eq .Values.targetStore.storageProvider "Swift" }} - - name: "OS_AUTH_URL" - valueFrom: - secretKeyRef: - name: {{ .Values.targetStore.storeSecret }} - key: "authURL" - - name: "OS_DOMAIN_NAME" - valueFrom: - secretKeyRef: - name: {{ .Values.targetStore.storeSecret }} - key: "domainName" - - name: "OS_USERNAME" - valueFrom: - secretKeyRef: - name: {{ .Values.targetStore.storeSecret }} - key: "username" - - name: "OS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ .Values.targetStore.storeSecret }} - key: "password" - - name: "OS_TENANT_NAME" - valueFrom: - secretKeyRef: - name: {{ .Values.targetStore.storeSecret }} - key: "tenantName" + - name: OPENSTACK_APPLICATION_CREDENTIALS + value: "/root/etcd-backup" {{- else if eq .Values.targetStore.storageProvider "OSS" }} - - name: "ALICLOUD_ENDPOINT" - valueFrom: - secretKeyRef: - name: {{ .Values.targetStore.storeSecret }} - key: "storageEndpoint" - - name: "ALICLOUD_ACCESS_KEY_SECRET" - valueFrom: - secretKeyRef: - name: {{ .Values.targetStore.storeSecret }} - key: "accessKeySecret" - - name: "ALICLOUD_ACCESS_KEY_ID" - valueFrom: - secretKeyRef: - name: {{ .Values.targetStore.storeSecret }} - key: "accessKeyID" + - name: ALICLOUD_APPLICATION_CREDENTIALS + value: "/root/etcd-backup" {{- end }} {{- if eq .Values.sourceStore.storageProvider "S3" }} - - name: "SOURCE_AWS_REGION" - valueFrom: - secretKeyRef: - name: {{ .Values.sourceStore.storeSecret }} - key: "region" - - name: "SOURCE_AWS_SECRET_ACCESS_KEY" - valueFrom: - secretKeyRef: - name: {{ .Values.sourceStore.storeSecret }} - key: "secretAccessKey" - - name: "SOURCE_AWS_ACCESS_KEY_ID" - valueFrom: - secretKeyRef: - name: {{ .Values.sourceStore.storeSecret }} - key: "accessKeyID" + - name: SOURCE_AWS_APPLICATION_CREDENTIALS + value: "/root/source-etcd-backup" {{- else if eq .Values.sourceStore.storageProvider "ABS" }} - - name: "SOURCE_STORAGE_ACCOUNT" - valueFrom: - secretKeyRef: - name: {{ .Values.sourceStore.storeSecret }} - key: "storageAccount" - - name: "SOURCE_STORAGE_KEY" - valueFrom: - secretKeyRef: - name: {{ .Values.sourceStore.storeSecret }} - key: "storageKey" + - name: SOURCE_AZURE_APPLICATION_CREDENTIALS + value: "/root/source-etcd-backup" {{- else if eq .Values.sourceStore.storageProvider "GCS" }} - name: SOURCE_GOOGLE_APPLICATION_CREDENTIALS value: "/root/.source-gcp/serviceaccount.json" {{- else if eq .Values.sourceStore.storageProvider "Swift" }} - - name: "SOURCE_OS_AUTH_URL" - valueFrom: - secretKeyRef: - name: {{ .Values.sourceStore.storeSecret }} - key: "authURL" - - name: "SOURCE_OS_DOMAIN_NAME" - valueFrom: - secretKeyRef: - name: {{ .Values.sourceStore.storeSecret }} - key: "domainName" - - name: "SOURCE_OS_USERNAME" - valueFrom: - secretKeyRef: - name: {{ .Values.sourceStore.storeSecret }} - key: "username" - - name: "SOURCE_OS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ .Values.sourceStore.storeSecret }} - key: "password" - - name: "SOURCE_OS_TENANT_NAME" - valueFrom: - secretKeyRef: - name: {{ .Values.sourceStore.storeSecret }} - key: "tenantName" + - name: SOURCE_OPENSTACK_APPLICATION_CREDENTIALS + value: "/root/source-etcd-backup" {{- else if eq .Values.sourceStore.storageProvider "OSS" }} - - name: "SOURCE_ALICLOUD_ENDPOINT" - valueFrom: - secretKeyRef: - name: {{ .Values.sourceStore.storeSecret }} - key: "storageEndpoint" - - name: "SOURCE_ALICLOUD_ACCESS_KEY_SECRET" - valueFrom: - secretKeyRef: - name: {{ .Values.sourceStore.storeSecret }} - key: "accessKeySecret" - - name: "SOURCE_ALICLOUD_ACCESS_KEY_ID" - valueFrom: - secretKeyRef: - name: {{ .Values.sourceStore.storeSecret }} - key: "accessKeyID" -{{- end }} -{{- if or (eq .Values.targetStore.storageProvider "GCS") (eq .Values.sourceStore.storageProvider "GCS") }} + - name: SOURCE_ALICLOUD_APPLICATION_CREDENTIALS + value: "/root/source-etcd-backup" +{{- end }} volumeMounts: {{- if eq .Values.targetStore.storageProvider "GCS" }} - name: etcd-backup @@ -230,6 +115,38 @@ spec: {{- if eq .Values.sourceStore.storageProvider "GCS" }} - name: source-etcd-backup mountPath: "/root/.source-gcp/" +{{- end }} +{{- if eq .Values.targetStore.storageProvider "S3" }} + - name: etcd-backup + mountPath: "/root/etcd-backup" +{{- end }} +{{- if eq .Values.sourceStore.storageProvider "S3" }} + - name: source-etcd-backup + mountPath: "/root/source-etcd-backup" +{{- end }} +{{- if eq .Values.targetStore.storageProvider "ABS" }} + - name: etcd-backup + mountPath: "/root/etcd-backup" +{{- end }} +{{- if eq .Values.sourceStore.storageProvider "ABS" }} + - name: source-etcd-backup + mountPath: "/root/source-etcd-backup" +{{- end }} +{{- if eq .Values.targetStore.storageProvider "OSS" }} + - name: etcd-backup + mountPath: "/root/etcd-backup" +{{- end }} +{{- if eq .Values.sourceStore.storageProvider "OSS" }} + - name: source-etcd-backup + mountPath: "/root/source-etcd-backup" +{{- end }} +{{- if eq .Values.targetStore.storageProvider "Swift" }} + - name: etcd-backup + mountPath: "/root/etcd-backup" +{{- end }} +{{- if eq .Values.sourceStore.storageProvider "Swift" }} + - name: source-etcd-backup + mountPath: "/root/source-etcd-backup" {{- end }} volumes: {{- if eq .Values.targetStore.storageProvider "GCS" }} @@ -242,4 +159,43 @@ spec: secret: secretName: {{ .Values.sourceStore.storeSecret }} {{- end }} +{{- if eq .Values.targetStore.storageProvider "S3" }} + - name: etcd-backup + secret: + secretName: {{ .Values.targetStore.storeSecret }} +{{- end }} +{{- if eq .Values.sourceStore.storageProvider "S3" }} + - name: source-etcd-backup + secret: + secretName: {{ .Values.sourceStore.storeSecret }} +{{- end }} +{{- if eq .Values.targetStore.storageProvider "ABS" }} + - name: etcd-backup + secret: + secretName: {{ .Values.targetStore.storeSecret }} +{{- end }} +{{- if eq .Values.sourceStore.storageProvider "ABS" }} + - name: source-etcd-backup + secret: + secretName: {{ .Values.sourceStore.storeSecret }} +{{- end }} +{{- if eq .Values.targetStore.storageProvider "OSS" }} + - name: etcd-backup + secret: + secretName: {{ .Values.targetStore.storeSecret }} +{{- end }} +{{- if eq .Values.sourceStore.storageProvider "OSS" }} + - name: source-etcd-backup + secret: + secretName: {{ .Values.sourceStore.storeSecret }} +{{- end }} +{{- if eq .Values.targetStore.storageProvider "Swift" }} + - name: etcd-backup + secret: + secretName: {{ .Values.targetStore.storeSecret }} +{{- end }} +{{- if eq .Values.sourceStore.storageProvider "Swift" }} + - name: source-etcd-backup + secret: + secretName: {{ .Values.sourceStore.storeSecret }} {{- end }} \ No newline at end of file From e8ac991fc91a6fc0d5ba243c844d82f434bd33ad Mon Sep 17 00:00:00 2001 From: Ishan Tyagi Date: Wed, 9 Mar 2022 17:00:25 +0530 Subject: [PATCH 3/4] Mount the secret to volume for compaction-job. --- controllers/compaction_lease_controller.go | 24 +++++++++------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/controllers/compaction_lease_controller.go b/controllers/compaction_lease_controller.go index bc479ac67..814b7c84b 100644 --- a/controllers/compaction_lease_controller.go +++ b/controllers/compaction_lease_controller.go @@ -364,6 +364,11 @@ func getCmpctJobVolumeMounts(etcd *druidv1alpha1.Etcd, logger logr.Logger) []v1. Name: "etcd-backup", MountPath: "/root/.gcp/", }) + } else if provider == "S3" || provider == "ABS" || provider == "OSS" || provider == "Swift" { + vms = append(vms, v1.VolumeMount{ + Name: "etcd-backup", + MountPath: "/root/etcd-backup/", + }) } return vms @@ -390,7 +395,7 @@ func getCmpctJobVolumes(etcd *druidv1alpha1.Etcd, logger logr.Logger) []v1.Volum return vs } - if provider == "GCS" { + if provider == "GCS" || provider == "S3" || provider == "OSS" || provider == "ABS" || provider == "Swift" { vs = append(vs, v1.Volume{ Name: "etcd-backup", VolumeSource: v1.VolumeSource{ @@ -422,14 +427,11 @@ func getCmpctJobEnvVar(etcd *druidv1alpha1.Etcd, logger logr.Logger) []v1.EnvVar } if provider == "S3" { - env = append(env, getEnvVarFromSecrets("AWS_REGION", storeValues.SecretRef.Name, "region")) - env = append(env, getEnvVarFromSecrets("AWS_SECRET_ACCESS_KEY", storeValues.SecretRef.Name, "secretAccessKey")) - env = append(env, getEnvVarFromSecrets("AWS_ACCESS_KEY_ID", storeValues.SecretRef.Name, "accessKeyID")) + env = append(env, getEnvVarFromValues("AWS_APPLICATION_CREDENTIALS", "/root/etcd-backup")) } if provider == "ABS" { - env = append(env, getEnvVarFromSecrets("STORAGE_ACCOUNT", storeValues.SecretRef.Name, "storageAccount")) - env = append(env, getEnvVarFromSecrets("STORAGE_KEY", storeValues.SecretRef.Name, "storageKey")) + env = append(env, getEnvVarFromValues("AZURE_APPLICATION_CREDENTIALS", "/root/etcd-backup")) } if provider == "GCS" { @@ -437,17 +439,11 @@ func getCmpctJobEnvVar(etcd *druidv1alpha1.Etcd, logger logr.Logger) []v1.EnvVar } if provider == "Swift" { - env = append(env, getEnvVarFromSecrets("OS_AUTH_URL", storeValues.SecretRef.Name, "authURL")) - env = append(env, getEnvVarFromSecrets("OS_DOMAIN_NAME", storeValues.SecretRef.Name, "domainName")) - env = append(env, getEnvVarFromSecrets("OS_USERNAME", storeValues.SecretRef.Name, "username")) - env = append(env, getEnvVarFromSecrets("OS_PASSWORD", storeValues.SecretRef.Name, "password")) - env = append(env, getEnvVarFromSecrets("OS_TENANT_NAME", storeValues.SecretRef.Name, "tenantName")) + env = append(env, getEnvVarFromValues("OPENSTACK_APPLICATION_CREDENTIALS", "/root/etcd-backup")) } if provider == "OSS" { - env = append(env, getEnvVarFromSecrets("ALICLOUD_ENDPOINT", storeValues.SecretRef.Name, "storageEndpoint")) - env = append(env, getEnvVarFromSecrets("ALICLOUD_ACCESS_KEY_SECRET", storeValues.SecretRef.Name, "accessKeySecret")) - env = append(env, getEnvVarFromSecrets("ALICLOUD_ACCESS_KEY_ID", storeValues.SecretRef.Name, "accessKeyID")) + env = append(env, getEnvVarFromValues("ALICLOUD_APPLICATION_CREDENTIALS", "/root/etcd-backup")) } if provider == "ECS" { From 0035330c7b074fa4630f2b29dc27ed617f38baa7 Mon Sep 17 00:00:00 2001 From: Ishan Tyagi Date: Wed, 9 Mar 2022 19:43:37 +0530 Subject: [PATCH 4/4] Fix the unit tests. --- .../compaction_lease_controller_test.go | 191 +++++------------- controllers/etcd_controller_test.go | 191 +++++------------- .../etcdcopybackupstask_controller_test.go | 72 +++---- 3 files changed, 135 insertions(+), 319 deletions(-) diff --git a/controllers/compaction_lease_controller_test.go b/controllers/compaction_lease_controller_test.go index 67c926ef1..29fce7151 100644 --- a/controllers/compaction_lease_controller_test.go +++ b/controllers/compaction_lease_controller_test.go @@ -535,42 +535,23 @@ func validateStoreAWSForCmpctJob(instance *druidv1alpha1.Etcd, j *batchv1.Job) { })), })), }), - "AWS_REGION": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("AWS_REGION"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("region"), - })), - })), - }), - "AWS_SECRET_ACCESS_KEY": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("AWS_SECRET_ACCESS_KEY"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("secretAccessKey"), - })), - })), - }), - "AWS_ACCESS_KEY_ID": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("AWS_ACCESS_KEY_ID"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("accessKeyID"), - })), - })), + "AWS_APPLICATION_CREDENTIALS": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("AWS_APPLICATION_CREDENTIALS"), + "Value": Equal("/root/etcd-backup"), }), }), }), }), + "Volumes": MatchElements(volumeIterator, IgnoreExtras, Elements{ + "etcd-backup": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("etcd-backup"), + "VolumeSource": MatchFields(IgnoreExtras, Fields{ + "Secret": PointTo(MatchFields(IgnoreExtras, Fields{ + "SecretName": Equal(instance.Spec.Backup.Store.SecretRef.Name), + })), + }), + }), + }), }), }), }), @@ -602,31 +583,23 @@ func validateStoreAzureForCmpctJob(instance *druidv1alpha1.Etcd, j *batchv1.Job) })), })), }), - "STORAGE_ACCOUNT": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("STORAGE_ACCOUNT"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("storageAccount"), - })), - })), - }), - "STORAGE_KEY": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("STORAGE_KEY"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("storageKey"), - })), - })), + "AZURE_APPLICATION_CREDENTIALS": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("AZURE_APPLICATION_CREDENTIALS"), + "Value": Equal("/root/etcd-backup"), }), }), }), }), + "Volumes": MatchElements(volumeIterator, IgnoreExtras, Elements{ + "etcd-backup": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("etcd-backup"), + "VolumeSource": MatchFields(IgnoreExtras, Fields{ + "Secret": PointTo(MatchFields(IgnoreExtras, Fields{ + "SecretName": Equal(instance.Spec.Backup.Store.SecretRef.Name), + })), + }), + }), + }), }), }), }), @@ -658,64 +631,23 @@ func validateStoreOpenstackForCmpctJob(instance *druidv1alpha1.Etcd, j *batchv1. })), })), }), - "OS_AUTH_URL": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("OS_AUTH_URL"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("authURL"), - })), - })), - }), - "OS_USERNAME": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("OS_USERNAME"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("username"), - })), - })), - }), - "OS_TENANT_NAME": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("OS_TENANT_NAME"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("tenantName"), - })), - })), - }), - "OS_PASSWORD": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("OS_PASSWORD"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("password"), - })), - })), - }), - "OS_DOMAIN_NAME": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("OS_DOMAIN_NAME"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("domainName"), - })), - })), + "OPENSTACK_APPLICATION_CREDENTIALS": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("OPENSTACK_APPLICATION_CREDENTIALS"), + "Value": Equal("/root/etcd-backup"), }), }), }), }), + "Volumes": MatchElements(volumeIterator, IgnoreExtras, Elements{ + "etcd-backup": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("etcd-backup"), + "VolumeSource": MatchFields(IgnoreExtras, Fields{ + "Secret": PointTo(MatchFields(IgnoreExtras, Fields{ + "SecretName": Equal(instance.Spec.Backup.Store.SecretRef.Name), + })), + }), + }), + }), }), }), }), @@ -748,42 +680,23 @@ func validateStoreAlicloudForCmpctJob(instance *druidv1alpha1.Etcd, j *batchv1.J })), })), }), - "ALICLOUD_ENDPOINT": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("ALICLOUD_ENDPOINT"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("storageEndpoint"), - })), - })), - }), - "ALICLOUD_ACCESS_KEY_SECRET": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("ALICLOUD_ACCESS_KEY_SECRET"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("accessKeySecret"), - })), - })), - }), - "ALICLOUD_ACCESS_KEY_ID": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("ALICLOUD_ACCESS_KEY_ID"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("accessKeyID"), - })), - })), + "ALICLOUD_APPLICATION_CREDENTIALS": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("ALICLOUD_APPLICATION_CREDENTIALS"), + "Value": Equal("/root/etcd-backup"), }), }), }), }), + "Volumes": MatchElements(volumeIterator, IgnoreExtras, Elements{ + "etcd-backup": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("etcd-backup"), + "VolumeSource": MatchFields(IgnoreExtras, Fields{ + "Secret": PointTo(MatchFields(IgnoreExtras, Fields{ + "SecretName": Equal(instance.Spec.Backup.Store.SecretRef.Name), + })), + }), + }), + }), }), }), }), diff --git a/controllers/etcd_controller_test.go b/controllers/etcd_controller_test.go index 228268780..aa107c871 100644 --- a/controllers/etcd_controller_test.go +++ b/controllers/etcd_controller_test.go @@ -1706,31 +1706,23 @@ func validateStoreAzure(instance *druidv1alpha1.Etcd, s *appsv1.StatefulSet, cm })), })), }), - "STORAGE_ACCOUNT": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("STORAGE_ACCOUNT"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("storageAccount"), - })), - })), - }), - "STORAGE_KEY": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("STORAGE_KEY"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("storageKey"), - })), - })), + "AZURE_APPLICATION_CREDENTIALS": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("AZURE_APPLICATION_CREDENTIALS"), + "Value": Equal("/root/etcd-backup"), }), }), }), }), + "Volumes": MatchElements(volumeIterator, IgnoreExtras, Elements{ + "etcd-backup": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("etcd-backup"), + "VolumeSource": MatchFields(IgnoreExtras, Fields{ + "Secret": PointTo(MatchFields(IgnoreExtras, Fields{ + "SecretName": Equal(instance.Spec.Backup.Store.SecretRef.Name), + })), + }), + }), + }), }), }), }), @@ -1770,64 +1762,23 @@ func validateStoreOpenstack(instance *druidv1alpha1.Etcd, s *appsv1.StatefulSet, })), })), }), - "OS_AUTH_URL": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("OS_AUTH_URL"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("authURL"), - })), - })), - }), - "OS_USERNAME": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("OS_USERNAME"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("username"), - })), - })), - }), - "OS_TENANT_NAME": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("OS_TENANT_NAME"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("tenantName"), - })), - })), - }), - "OS_PASSWORD": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("OS_PASSWORD"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("password"), - })), - })), - }), - "OS_DOMAIN_NAME": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("OS_DOMAIN_NAME"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("domainName"), - })), - })), + "OPENSTACK_APPLICATION_CREDENTIALS": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("OPENSTACK_APPLICATION_CREDENTIALS"), + "Value": Equal("/root/etcd-backup"), }), }), }), }), + "Volumes": MatchElements(volumeIterator, IgnoreExtras, Elements{ + "etcd-backup": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("etcd-backup"), + "VolumeSource": MatchFields(IgnoreExtras, Fields{ + "Secret": PointTo(MatchFields(IgnoreExtras, Fields{ + "SecretName": Equal(instance.Spec.Backup.Store.SecretRef.Name), + })), + }), + }), + }), }), }), }), @@ -1869,42 +1820,23 @@ func validateStoreAlicloud(instance *druidv1alpha1.Etcd, s *appsv1.StatefulSet, })), })), }), - "ALICLOUD_ENDPOINT": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("ALICLOUD_ENDPOINT"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("storageEndpoint"), - })), - })), - }), - "ALICLOUD_ACCESS_KEY_SECRET": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("ALICLOUD_ACCESS_KEY_SECRET"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("accessKeySecret"), - })), - })), - }), - "ALICLOUD_ACCESS_KEY_ID": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("ALICLOUD_ACCESS_KEY_ID"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("accessKeyID"), - })), - })), + "ALICLOUD_APPLICATION_CREDENTIALS": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("ALICLOUD_APPLICATION_CREDENTIALS"), + "Value": Equal("/root/etcd-backup"), }), }), }), }), + "Volumes": MatchElements(volumeIterator, IgnoreExtras, Elements{ + "etcd-backup": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("etcd-backup"), + "VolumeSource": MatchFields(IgnoreExtras, Fields{ + "Secret": PointTo(MatchFields(IgnoreExtras, Fields{ + "SecretName": Equal(instance.Spec.Backup.Store.SecretRef.Name), + })), + }), + }), + }), }), }), }), @@ -1946,42 +1878,23 @@ func validateStoreAWS(instance *druidv1alpha1.Etcd, s *appsv1.StatefulSet, cm *c })), })), }), - "AWS_REGION": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("AWS_REGION"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("region"), - })), - })), - }), - "AWS_SECRET_ACCESS_KEY": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("AWS_SECRET_ACCESS_KEY"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("secretAccessKey"), - })), - })), - }), - "AWS_ACCESS_KEY_ID": MatchFields(IgnoreExtras, Fields{ - "Name": Equal("AWS_ACCESS_KEY_ID"), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchFields(IgnoreExtras, Fields{ - "Name": Equal(instance.Spec.Backup.Store.SecretRef.Name), - }), - "Key": Equal("accessKeyID"), - })), - })), + "AWS_APPLICATION_CREDENTIALS": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("AWS_APPLICATION_CREDENTIALS"), + "Value": Equal("/root/etcd-backup"), }), }), }), }), + "Volumes": MatchElements(volumeIterator, IgnoreExtras, Elements{ + "etcd-backup": MatchFields(IgnoreExtras, Fields{ + "Name": Equal("etcd-backup"), + "VolumeSource": MatchFields(IgnoreExtras, Fields{ + "Secret": PointTo(MatchFields(IgnoreExtras, Fields{ + "SecretName": Equal(instance.Spec.Backup.Store.SecretRef.Name), + })), + }), + }), + }), }), }), }), diff --git a/controllers/etcdcopybackupstask_controller_test.go b/controllers/etcdcopybackupstask_controller_test.go index 98c219f85..ca4d7c0fc 100644 --- a/controllers/etcdcopybackupstask_controller_test.go +++ b/controllers/etcdcopybackupstask_controller_test.go @@ -331,14 +331,17 @@ func getProviderEnvElements(storeProvider, prefix, volumePrefix string, store *d switch storeProvider { case "S3": return Elements{ - prefix + "AWS_REGION": matchEnvValueFrom(prefix+"AWS_REGION", store, "region"), - prefix + "AWS_SECRET_ACCESS_KEY": matchEnvValueFrom(prefix+"AWS_SECRET_ACCESS_KEY", store, "secretAccessKey"), - prefix + "AWS_ACCESS_KEY_ID": matchEnvValueFrom(prefix+"AWS_ACCESS_KEY_ID", store, "accessKeyID"), + prefix + "AWS_APPLICATION_CREDENTIALS": MatchFields(IgnoreExtras, Fields{ + "Name": Equal(prefix + "AWS_APPLICATION_CREDENTIALS"), + "Value": Equal(fmt.Sprintf("/root/%setcd-backup", volumePrefix)), + }), } case "ABS": return Elements{ - prefix + "STORAGE_ACCOUNT": matchEnvValueFrom(prefix+"STORAGE_ACCOUNT", store, "storageAccount"), - prefix + "STORAGE_KEY": matchEnvValueFrom(prefix+"STORAGE_KEY", store, "storageKey"), + prefix + "AZURE_APPLICATION_CREDENTIALS": MatchFields(IgnoreExtras, Fields{ + "Name": Equal(prefix + "AZURE_APPLICATION_CREDENTIALS"), + "Value": Equal(fmt.Sprintf("/root/%setcd-backup", volumePrefix)), + }), } case "GCS": return Elements{ @@ -349,17 +352,17 @@ func getProviderEnvElements(storeProvider, prefix, volumePrefix string, store *d } case "Swift": return Elements{ - prefix + "OS_AUTH_URL": matchEnvValueFrom(prefix+"OS_AUTH_URL", store, "authURL"), - prefix + "OS_DOMAIN_NAME": matchEnvValueFrom(prefix+"OS_DOMAIN_NAME", store, "domainName"), - prefix + "OS_USERNAME": matchEnvValueFrom(prefix+"OS_USERNAME", store, "username"), - prefix + "OS_PASSWORD": matchEnvValueFrom(prefix+"OS_PASSWORD", store, "password"), - prefix + "OS_TENANT_NAME": matchEnvValueFrom(prefix+"OS_TENANT_NAME", store, "tenantName"), + prefix + "OPENSTACK_APPLICATION_CREDENTIALS": MatchFields(IgnoreExtras, Fields{ + "Name": Equal(prefix + "OPENSTACK_APPLICATION_CREDENTIALS"), + "Value": Equal(fmt.Sprintf("/root/%setcd-backup", volumePrefix)), + }), } case "OSS": return Elements{ - prefix + "ALICLOUD_ENDPOINT": matchEnvValueFrom(prefix+"ALICLOUD_ENDPOINT", store, "storageEndpoint"), - prefix + "ALICLOUD_ACCESS_KEY_SECRET": matchEnvValueFrom(prefix+"ALICLOUD_ACCESS_KEY_SECRET", store, "accessKeySecret"), - prefix + "ALICLOUD_ACCESS_KEY_ID": matchEnvValueFrom(prefix+"ALICLOUD_ACCESS_KEY_ID", store, "accessKeyID"), + prefix + "ALICLOUD_APPLICATION_CREDENTIALS": MatchFields(IgnoreExtras, Fields{ + "Name": Equal(prefix + "ALICLOUD_APPLICATION_CREDENTIALS"), + "Value": Equal(fmt.Sprintf("/root/%setcd-backup", volumePrefix)), + }), } default: return nil @@ -376,40 +379,27 @@ func getVolumeMountsElements(storeProvider, volumePrefix string) Elements { }), } default: - return nil - } -} - -func getVolumesElements(storeProvider, volumePrefix string, store *druidv1alpha1.StoreSpec) Elements { - switch storeProvider { - case "GCS": return Elements{ - volumePrefix + "etcd-backup": MatchAllFields(Fields{ - "Name": Equal(volumePrefix + "etcd-backup"), - "VolumeSource": MatchFields(IgnoreExtras, Fields{ - "Secret": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretName": Equal(store.SecretRef.Name), - })), - }), + volumePrefix + "etcd-backup": MatchFields(IgnoreExtras, Fields{ + "Name": Equal(volumePrefix + "etcd-backup"), + "MountPath": Equal(fmt.Sprintf("/root/%setcd-backup", volumePrefix)), }), } - default: - return nil } } -func matchEnvValueFrom(name string, store *druidv1alpha1.StoreSpec, key string) gomegatypes.GomegaMatcher { - return MatchFields(IgnoreExtras, Fields{ - "Name": Equal(name), - "ValueFrom": PointTo(MatchFields(IgnoreExtras, Fields{ - "SecretKeyRef": PointTo(MatchFields(IgnoreExtras, Fields{ - "LocalObjectReference": MatchAllFields(Fields{ - "Name": Equal(store.SecretRef.Name), - }), - "Key": Equal(key), - })), - })), - }) +func getVolumesElements(storeProvider, volumePrefix string, store *druidv1alpha1.StoreSpec) Elements { + + return Elements{ + volumePrefix + "etcd-backup": MatchAllFields(Fields{ + "Name": Equal(volumePrefix + "etcd-backup"), + "VolumeSource": MatchFields(IgnoreExtras, Fields{ + "Secret": PointTo(MatchFields(IgnoreExtras, Fields{ + "SecretName": Equal(store.SecretRef.Name), + })), + }), + }), + } } func getJobStatus(conditionType batchv1.JobConditionType, reason, message string) *batchv1.JobStatus {