pierre/MinioK8sBuckets
1
0
Fork 0
Code Issues Pull Requests 9 Packages Projects Releases Wiki Activity

Read minio instance secret key

Browse Source
This commit is contained in:
Pierre HUBERT 2023-05-06 10:58:18 +02:00
parent 547cc02800
commit 36aaf5fb4d
10 changed files with 65 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.lock generated
View File

@ -871,6 +871,7 @@ dependencies = [
"schemars", "schemars",
"serde", "serde",
"serde_json", "serde_json",
"thiserror",
"tokio", "tokio",
] ]

1
Cargo.toml
View File

@ -16,3 +16,4 @@ tokio = { version = "1.28.0", features = ["full"] }
kube = { version = "0.82.2", features = ["runtime", "derive"] } kube = { version = "0.82.2", features = ["runtime", "derive"] }
k8s-openapi = { version = "0.18.0", features = ["v1_26"] } # TODO : switch to v1_27 k8s-openapi = { version = "0.18.0", features = ["v1_26"] } # TODO : switch to v1_27
futures = "0.3.28" futures = "0.3.28"
thiserror = "1.0.40"

6
src/constants.rs Normal file
View File

@ -0,0 +1,6 @@
//! # Application constants
pub const SECRET_MINIO_INSTANCE_ACCESS_KEY: &str = "accessKey";
pub const SECRET_MINIO_INSTANCE_SECRET_KEY: &str = "secretKey";
pub const SECRET_MINIO_BUCKET_ACCESS_KEY: &str = "accessKey";
pub const SECRET_MINIO_BUCKET_SECRET_KEY: &str = "secretKey";

6
src/crd.rs
View File

@ -43,7 +43,7 @@ pub struct MinioBucketSpec {
#[serde(default)] #[serde(default)]
pub anonymous_read_access: bool, pub anonymous_read_access: bool,
#[serde(default)] #[serde(default)]
versioning: bool, pub versioning: bool,
quota: Option<usize>, pub quota: Option<usize>,
retention: Option<BucketRetention>, pub retention: Option<BucketRetention>,
} }

3
src/lib.rs
View File

@ -1 +1,4 @@
pub mod constants;
pub mod crd; pub mod crd;
pub mod secrets;
pub mod minio;

24
src/main.rs
View File

@ -1,7 +1,11 @@
use futures::TryStreamExt; use futures::TryStreamExt;
use k8s_openapi::api::core::v1::Secret;
use kube::{Api, Client}; use kube::{Api, Client};
use kube::runtime::{watcher, WatchStreamExt}; use kube::runtime::{watcher, WatchStreamExt};
use minio_operator::crd::MinioBucket; use minio_operator::constants::{SECRET_MINIO_INSTANCE_ACCESS_KEY, SECRET_MINIO_INSTANCE_SECRET_KEY};
use minio_operator::crd::{MinioBucket, MinioInstance};
use minio_operator::minio::MinioService;
use minio_operator::secrets::read_secret_str;
#[tokio::main] #[tokio::main]
async fn main() -> anyhow::Result<()> { async fn main() -> anyhow::Result<()> {
@ -27,7 +31,23 @@ async fn main() -> anyhow::Result<()> {
/// Make sure a bucket is compliant with a desired configuration /// Make sure a bucket is compliant with a desired configuration
async fn apply_bucket(b: &MinioBucket, _client: &Client) -> anyhow::Result<()> { async fn apply_bucket(b: &MinioBucket, client: &Client) -> anyhow::Result<()> {
log::info!("Apply configuration for bucket {}", b.spec.name); log::info!("Apply configuration for bucket {}", b.spec.name);
// Get instance information
let instances: Api<MinioInstance> = Api::default_namespaced(client.clone());
let instance = instances.get(&b.spec.instance).await?;
// Get instance configuration
let secrets: Api<Secret> = Api::default_namespaced(client.clone());
let instance_secret = secrets.get(&instance.spec.credentials).await?;
let service = MinioService {
hostname: instance.spec.endpoint,
access_key: read_secret_str(&instance_secret, SECRET_MINIO_INSTANCE_ACCESS_KEY)?,
secret_key: read_secret_str(&instance_secret, SECRET_MINIO_INSTANCE_SECRET_KEY)?,
};
println!("{:?}", service);
Ok(()) Ok(())
} }

6
src/minio.rs Normal file
View File

@ -0,0 +1,6 @@
#[derive(Debug, Clone)]
pub struct MinioService {
pub hostname: String,
pub access_key: String,
pub secret_key: String,
}

20
src/secrets.rs Normal file
View File

@ -0,0 +1,20 @@
use k8s_openapi::api::core::v1::Secret;
#[derive(thiserror::Error, Debug)]
enum SecretError {
#[error("Secret has no data!")]
MissingData,
#[error("The key '{0}' is not present in the secret!")]
MissingKey(String),
}
/// Attempt to read a value contained in a secret. Returns an error in case
/// of failure
pub fn read_secret_str(s: &Secret, key: &str) -> anyhow::Result<String> {
let data = s.data.as_ref().ok_or(SecretError::MissingData)?;
let value = data.get(key)
.ok_or(SecretError::MissingKey(key.to_string()))?;
Ok(String::from_utf8(value.0.clone())?)
}

4
test/first-test.yaml
View File

@ -4,8 +4,8 @@ metadata:
name: minio-root name: minio-root
type: Opaque type: Opaque
data: data:
accessKey: bWluaW8= accessKey: bWluaW9hZG1pbg==
secretKey: bWluaW8= secretKey: bWluaW9hZG1pbg==
--- ---
apiVersion: "communiquons.org/v1" apiVersion: "communiquons.org/v1"
kind: MinioInstance kind: MinioInstance

2
yaml/minio-bucket.yaml
View File

@ -34,7 +34,7 @@ spec:
type: string type: string
example: mybucket example: mybucket
secret: secret:
description: The name of the secret that will receive an access key & token with write access on the bucket description: The name of the secret that will receive an access key & a secret key with write access on the bucket
type: string type: string
example: secret-name example: secret-name
anonymous_read_access: anonymous_read_access: