Automatically create secret for bucket if missing
This commit is contained in:
43
src/main.rs
43
src/main.rs
@@ -1,11 +1,15 @@
|
||||
use std::collections::BTreeMap;
|
||||
use futures::TryStreamExt;
|
||||
use k8s_openapi::api::core::v1::Secret;
|
||||
use kube::{Api, Client};
|
||||
use kube::runtime::{watcher, WatchStreamExt};
|
||||
use minio_operator::constants::{SECRET_MINIO_INSTANCE_ACCESS_KEY, SECRET_MINIO_INSTANCE_SECRET_KEY};
|
||||
use kube::{Api, Client};
|
||||
use minio_operator::constants::{
|
||||
SECRET_MINIO_BUCKET_ACCESS_KEY, SECRET_MINIO_BUCKET_SECRET_KEY,
|
||||
SECRET_MINIO_INSTANCE_ACCESS_KEY, SECRET_MINIO_INSTANCE_SECRET_KEY,
|
||||
};
|
||||
use minio_operator::crd::{MinioBucket, MinioInstance};
|
||||
use minio_operator::minio::MinioService;
|
||||
use minio_operator::secrets::read_secret_str;
|
||||
use minio_operator::minio::{MinioService, MinioUser};
|
||||
use minio_operator::secrets::{create_secret, read_secret_str};
|
||||
|
||||
#[tokio::main]
|
||||
async fn main() -> anyhow::Result<()> {
|
||||
@@ -22,14 +26,17 @@ async fn main() -> anyhow::Result<()> {
|
||||
|
||||
while let Some(b) = bw.try_next().await? {
|
||||
if let Err(e) = apply_bucket(&b, &client).await {
|
||||
log::error!("Failed to apply desired configuration for applied bucket {} : {}", b.spec.name, e)
|
||||
log::error!(
|
||||
"Failed to apply desired configuration for applied bucket {} : {}",
|
||||
b.spec.name,
|
||||
e
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
||||
/// Make sure a bucket is compliant with a desired configuration
|
||||
async fn apply_bucket(b: &MinioBucket, client: &Client) -> anyhow::Result<()> {
|
||||
log::info!("Apply configuration for bucket {}", b.spec.name);
|
||||
@@ -46,8 +53,28 @@ async fn apply_bucket(b: &MinioBucket, client: &Client) -> anyhow::Result<()> {
|
||||
access_key: read_secret_str(&instance_secret, SECRET_MINIO_INSTANCE_ACCESS_KEY)?,
|
||||
secret_key: read_secret_str(&instance_secret, SECRET_MINIO_INSTANCE_SECRET_KEY)?,
|
||||
};
|
||||
|
||||
|
||||
// Get user key & password
|
||||
let user_secret = match secrets.get_opt(&b.spec.secret).await? {
|
||||
Some(s) => s,
|
||||
None => {
|
||||
log::info!("Needs to create the secret {} for the bucket {}", b.spec.secret, b.spec.name);
|
||||
|
||||
// The secret needs to be created
|
||||
let new_user = MinioUser::gen_random();
|
||||
create_secret(&secrets, &b.spec.secret, BTreeMap::from([
|
||||
(SECRET_MINIO_BUCKET_ACCESS_KEY.to_string(), new_user.username),
|
||||
(SECRET_MINIO_BUCKET_SECRET_KEY.to_string(), new_user.password)
|
||||
])).await?
|
||||
}
|
||||
};
|
||||
let user = MinioUser {
|
||||
username: read_secret_str(&user_secret, SECRET_MINIO_BUCKET_ACCESS_KEY)?,
|
||||
password: read_secret_str(&user_secret, SECRET_MINIO_BUCKET_SECRET_KEY)?,
|
||||
};
|
||||
|
||||
println!("{:?}", service);
|
||||
println!("{:?}", user);
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user