Read minio instance secret key

2023-05-06 10:58:18 +02:00 · 2023-05-06 10:58:18 +02:00 · 36aaf5fb4d
commit 36aaf5fb4d
parent 547cc02800
10 changed files with 65 additions and 8 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -871,6 +871,7 @@ dependencies = [
 "schemars",
 "serde",
 "serde_json",
+ "thiserror",
 "tokio",
 ]

--- a/Cargo.toml
+++ b/Cargo.toml
@ -16,3 +16,4 @@ tokio = { version = "1.28.0", features = ["full"] }
 kube = { version = "0.82.2", features = ["runtime", "derive"] }
 k8s-openapi = { version = "0.18.0", features = ["v1_26"] } # TODO : switch to v1_27
 futures = "0.3.28"
+thiserror = "1.0.40"
--- a/src/constants.rs
+++ b/src/constants.rs
@ -0,0 +1,6 @@
+//! # Application constants
+pub const SECRET_MINIO_INSTANCE_ACCESS_KEY: &str = "accessKey";
+pub const SECRET_MINIO_INSTANCE_SECRET_KEY: &str = "secretKey";
+
+pub const SECRET_MINIO_BUCKET_ACCESS_KEY: &str = "accessKey";
+pub const SECRET_MINIO_BUCKET_SECRET_KEY: &str = "secretKey";
--- a/src/crd.rs
+++ b/src/crd.rs
@ -43,7 +43,7 @@ pub struct MinioBucketSpec {
    #[serde(default)]
    pub anonymous_read_access: bool,
    #[serde(default)]
-    versioning: bool,
-    quota: Option<usize>,
-    retention: Option<BucketRetention>,
+    pub versioning: bool,
+    pub quota: Option<usize>,
+    pub retention: Option<BucketRetention>,
 }
--- a/src/lib.rs
+++ b/src/lib.rs
@ -1 +1,4 @@
+pub mod constants;
 pub mod crd;
+pub mod secrets;
+pub mod minio;
--- a/src/main.rs
+++ b/src/main.rs
@ -1,7 +1,11 @@
 use futures::TryStreamExt;
+use k8s_openapi::api::core::v1::Secret;
 use kube::{Api, Client};
 use kube::runtime::{watcher, WatchStreamExt};
-use minio_operator::crd::MinioBucket;
+use minio_operator::constants::{SECRET_MINIO_INSTANCE_ACCESS_KEY, SECRET_MINIO_INSTANCE_SECRET_KEY};
+use minio_operator::crd::{MinioBucket, MinioInstance};
+use minio_operator::minio::MinioService;
+use minio_operator::secrets::read_secret_str;

 #[tokio::main]
 async fn main() -> anyhow::Result<()> {
@ -27,7 +31,23 @@ async fn main() -> anyhow::Result<()> {


 /// Make sure a bucket is compliant with a desired configuration
-async fn apply_bucket(b: &MinioBucket, _client: &Client) -> anyhow::Result<()> {
+async fn apply_bucket(b: &MinioBucket, client: &Client) -> anyhow::Result<()> {
    log::info!("Apply configuration for bucket {}", b.spec.name);
+
+    // Get instance information
+    let instances: Api<MinioInstance> = Api::default_namespaced(client.clone());
+    let instance = instances.get(&b.spec.instance).await?;
+
+    // Get instance configuration
+    let secrets: Api<Secret> = Api::default_namespaced(client.clone());
+    let instance_secret = secrets.get(&instance.spec.credentials).await?;
+    let service = MinioService {
+        hostname: instance.spec.endpoint,
+        access_key: read_secret_str(&instance_secret, SECRET_MINIO_INSTANCE_ACCESS_KEY)?,
+        secret_key: read_secret_str(&instance_secret, SECRET_MINIO_INSTANCE_SECRET_KEY)?,
+    };
+    
+    println!("{:?}", service);
+
    Ok(())
 }
--- a/src/minio.rs
+++ b/src/minio.rs
@ -0,0 +1,6 @@
+#[derive(Debug, Clone)]
+pub struct MinioService {
+    pub hostname: String,
+    pub access_key: String,
+    pub secret_key: String,
+}
--- a/src/secrets.rs
+++ b/src/secrets.rs
@ -0,0 +1,20 @@
+use k8s_openapi::api::core::v1::Secret;
+
+#[derive(thiserror::Error, Debug)]
+enum SecretError {
+    #[error("Secret has no data!")]
+    MissingData,
+    #[error("The key '{0}' is not present in the secret!")]
+    MissingKey(String),
+}
+
+/// Attempt to read a value contained in a secret. Returns an error in case
+/// of failure
+pub fn read_secret_str(s: &Secret, key: &str) -> anyhow::Result<String> {
+    let data =  s.data.as_ref().ok_or(SecretError::MissingData)?;
+
+    let value = data.get(key)
+        .ok_or(SecretError::MissingKey(key.to_string()))?;
+
+    Ok(String::from_utf8(value.0.clone())?)
+}
--- a/test/first-test.yaml
+++ b/test/first-test.yaml
@ -4,8 +4,8 @@ metadata:
  name: minio-root
 type: Opaque
 data:
-  accessKey: bWluaW8=
-  secretKey: bWluaW8=
+  accessKey: bWluaW9hZG1pbg==
+  secretKey: bWluaW9hZG1pbg==
 ---
 apiVersion: "communiquons.org/v1"
 kind: MinioInstance
--- a/yaml/minio-bucket.yaml
+++ b/yaml/minio-bucket.yaml
@ -34,7 +34,7 @@ spec:
                  type: string
                  example: mybucket
                secret:
-                  description: The name of the secret that will receive an access key & token with write access on the bucket
+                  description: The name of the secret that will receive an access key & a secret key with write access on the bucket
                  type: string
                  example: secret-name
                anonymous_read_access: