From 268f9a47cdd4f0629dd5803b97b225f3a4081ba1 Mon Sep 17 00:00:00 2001 From: Pierre Hubert Date: Mon, 8 May 2023 17:20:54 +0200 Subject: [PATCH] Applied first configuration --- src/main.rs | 18 ++++++++++++++++-- src/minio.rs | 24 ++++++++++++------------ src/policy_template.json | 17 +++++++++++++++++ test/bucket-policy.json | 28 ---------------------------- test/test-outside-cluster.yaml | 25 +++++++++++++++++++++++++ 5 files changed, 70 insertions(+), 42 deletions(-) create mode 100644 src/policy_template.json delete mode 100644 test/bucket-policy.json create mode 100644 test/test-outside-cluster.yaml diff --git a/src/main.rs b/src/main.rs index 3e1af02..f2279a3 100644 --- a/src/main.rs +++ b/src/main.rs @@ -88,8 +88,22 @@ async fn apply_bucket(b: &MinioBucket, client: &Client) -> anyhow::Result<()> { password: read_secret_str(&user_secret, SECRET_MINIO_BUCKET_SECRET_KEY)?, }; - println!("{:?}", service); - println!("{:?}", user); + log::debug!("Create or update bucket..."); + service.bucket_apply(&b.spec).await?; + + let policy_name = format!("bucket-{}", b.spec.name); + log::debug!("Create or update policy '{policy_name}'..."); + let policy_content = + include_str!("policy_template.json").replace("{{ bucket }}", b.spec.name.as_str()); + service.policy_apply(&policy_name, &policy_content).await?; + + log::debug!("Create or update user '{}'...", user.username); + service.user_apply(&user).await?; + + log::debug!("Attach policy '{policy_name}' to user..."); + service.policy_attach_user(&user, &policy_name).await?; + + log::debug!("Successfully applied desired configuration!"); Ok(()) } diff --git a/src/minio.rs b/src/minio.rs index 9bc3e25..6e8c7de 100644 --- a/src/minio.rs +++ b/src/minio.rs @@ -251,7 +251,7 @@ impl MinioService { } /// Apply bucket desired configuration. If bucket already exists, it is not dropped - pub async fn apply_bucket(&self, b: &MinioBucketSpec) -> anyhow::Result<()> { + pub async fn bucket_apply(&self, b: &MinioBucketSpec) -> anyhow::Result<()> { // Set base parameters let bucket_name = format!("{}/{}", MC_ALIAS_NAME, b.name); let mut args = ["mb", bucket_name.as_str(), "-p"].to_vec(); @@ -608,7 +608,7 @@ mod test { let srv = MinioTestServer::start().await.unwrap(); let service = srv.as_service(); service - .apply_bucket(&MinioBucketSpec { + .bucket_apply(&MinioBucketSpec { instance: "".to_string(), name: TEST_BUCKET_NAME.to_string(), secret: "".to_string(), @@ -630,7 +630,7 @@ mod test { let srv = MinioTestServer::start().await.unwrap(); let service = srv.as_service(); service - .apply_bucket(&MinioBucketSpec { + .bucket_apply(&MinioBucketSpec { instance: "".to_string(), name: TEST_BUCKET_NAME.to_string(), secret: "".to_string(), @@ -665,7 +665,7 @@ mod test { let srv = MinioTestServer::start().await.unwrap(); let service = srv.as_service(); service - .apply_bucket(&MinioBucketSpec { + .bucket_apply(&MinioBucketSpec { instance: "".to_string(), name: TEST_BUCKET_NAME.to_string(), secret: "".to_string(), @@ -696,7 +696,7 @@ mod test { let srv = MinioTestServer::start().await.unwrap(); let service = srv.as_service(); service - .apply_bucket(&MinioBucketSpec { + .bucket_apply(&MinioBucketSpec { instance: "".to_string(), name: TEST_BUCKET_NAME.to_string(), secret: "".to_string(), @@ -749,7 +749,7 @@ mod test { let srv = MinioTestServer::start().await.unwrap(); let service = srv.as_service(); service - .apply_bucket(&MinioBucketSpec { + .bucket_apply(&MinioBucketSpec { instance: "".to_string(), name: TEST_BUCKET_NAME.to_string(), secret: "".to_string(), @@ -776,7 +776,7 @@ mod test { let srv = MinioTestServer::start().await.unwrap(); let service = srv.as_service(); service - .apply_bucket(&MinioBucketSpec { + .bucket_apply(&MinioBucketSpec { instance: "".to_string(), name: TEST_BUCKET_NAME.to_string(), secret: "".to_string(), @@ -803,7 +803,7 @@ mod test { let srv = MinioTestServer::start().await.unwrap(); let service = srv.as_service(); service - .apply_bucket(&MinioBucketSpec { + .bucket_apply(&MinioBucketSpec { instance: "".to_string(), name: TEST_BUCKET_NAME.to_string(), secret: "".to_string(), @@ -846,7 +846,7 @@ mod test { let srv = MinioTestServer::start().await.unwrap(); let service = srv.as_service(); service - .apply_bucket(&MinioBucketSpec { + .bucket_apply(&MinioBucketSpec { instance: "".to_string(), name: TEST_BUCKET_NAME.to_string(), secret: "".to_string(), @@ -891,7 +891,7 @@ mod test { let srv = MinioTestServer::start().await.unwrap(); let service = srv.as_service(); service - .apply_bucket(&MinioBucketSpec { + .bucket_apply(&MinioBucketSpec { instance: "".to_string(), name: TEST_BUCKET_NAME.to_string(), secret: "".to_string(), @@ -918,7 +918,7 @@ mod test { let srv = MinioTestServer::start().await.unwrap(); let service = srv.as_service(); service - .apply_bucket(&MinioBucketSpec { + .bucket_apply(&MinioBucketSpec { instance: "".to_string(), name: TEST_BUCKET_NAME.to_string(), secret: "".to_string(), @@ -1008,7 +1008,7 @@ mod test { let srv = MinioTestServer::start().await.unwrap(); let service = srv.as_service(); service - .apply_bucket(&MinioBucketSpec { + .bucket_apply(&MinioBucketSpec { instance: "".to_string(), name: TEST_BUCKET_NAME.to_string(), secret: "".to_string(), diff --git a/src/policy_template.json b/src/policy_template.json new file mode 100644 index 0000000..deb6ce3 --- /dev/null +++ b/src/policy_template.json @@ -0,0 +1,17 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "ListObjectsInBucket", + "Effect": "Allow", + "Action": ["s3:ListBucket"], + "Resource": ["arn:aws:s3:::{{ bucket }}"] + }, + { + "Sid": "AllObjectActions", + "Effect": "Allow", + "Action": ["s3:DeleteObject", "s3:Get*", "s3:PutObject", "s3:*Object"], + "Resource": ["arn:aws:s3:::{{ bucket }}/*"] + } + ] +} diff --git a/test/bucket-policy.json b/test/bucket-policy.json deleted file mode 100644 index 951f4d8..0000000 --- a/test/bucket-policy.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ListObjectsInBucket", - "Effect": "Allow", - "Action": [ - "s3:ListBucket" - ], - "Resource": [ - "arn:aws:s3:::bucket" - ] - }, - { - "Sid": "AllObjectActions", - "Effect": "Allow", - "Action": [ - "s3:DeleteObject", - "s3:Get*", - "s3:PutObject", - "s3:*Object" - ], - "Resource": [ - "arn:aws:s3:::bucket/*" - ] - } - ] -} \ No newline at end of file diff --git a/test/test-outside-cluster.yaml b/test/test-outside-cluster.yaml new file mode 100644 index 0000000..5f9e072 --- /dev/null +++ b/test/test-outside-cluster.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Secret +metadata: + name: minio-root +type: Opaque +data: + accessKey: bWluaW9hZG1pbg== + secretKey: bWluaW9hZG1pbg== +--- +apiVersion: "communiquons.org/v1" +kind: MinioInstance +metadata: + name: my-minio-instance +spec: + endpoint: http://localhost:9000/ + credentials: minio-root +--- +apiVersion: "communiquons.org/v1" +kind: MinioBucket +metadata: + name: first-bucket +spec: + instance: my-minio-instance + name: first-bucket + secret: first-bucket-secret \ No newline at end of file