pierre/MinioK8sBuckets
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: pierre:8de11a955c499921f1e30f770b117e362036d3af
Branches Tags
pierre:master
..
compare: pierre:fb9823acb785942ece66ffdfd0674fd5da4b1578
Branches Tags
pierre:master

1 Commits
8de11a955c ... fb9823acb7

Author SHA1 Message Date
Pierre Hubert
fb9823acb7 Update Rust crate serde_json to 1.0.106
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
2023-09-10 00:29:04 +00:00
8 changed files with 411 additions and 686 deletions
Expand all files Collapse all files

987
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

24
Cargo.toml
View File

@@ -6,17 +6,17 @@ edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies] [dependencies]
log = "0.4.21" log = "0.4.20"
env_logger = "0.10.1" env_logger = "0.10.0"
anyhow = "1.0.79" anyhow = "1.0.75"
serde = { version = "1.0.195", features = ["derive"] } serde = { version = "1.0.185", features = ["derive"] }
serde_json = "1.0.114" serde_json = "1.0.106"
schemars = "0.8.16" schemars = "0.8.13"
tokio = { version = "1.35.1", features = ["full"] } tokio = { version = "1.32.0", features = ["full"] }
kube = { version = "0.87.2", features = ["runtime", "derive"] } kube = { version = "0.85.0", features = ["runtime", "derive"] }
k8s-openapi = { version = "0.20.0", features = ["v1_27"] } k8s-openapi = { version = "0.19.0", features = ["v1_27"] }
futures = "0.3.30" futures = "0.3.28"
thiserror = "1.0.56" thiserror = "1.0.48"
rand = "0.8.5" rand = "0.8.5"
mktemp = "0.5.1" mktemp = "0.5.1"
reqwest = "0.11.23" reqwest = "0.11.20"

2
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM debian:bookworm-slim FROM debian:bullseye-slim
COPY minio-operator /usr/local/bin/minio-operator COPY minio-operator /usr/local/bin/minio-operator
COPY mc /usr/local/bin/mc COPY mc /usr/local/bin/mc

1
src/lib.rs
View File

@@ -4,5 +4,4 @@ pub mod minio;
#[cfg(test)] #[cfg(test)]
pub mod minio_test_server; pub mod minio_test_server;
pub mod secrets; pub mod secrets;
pub mod temp;
pub mod utils; pub mod utils;

23
src/minio.rs
View File

@@ -5,7 +5,6 @@ use serde::Deserialize;
use crate::constants::{MC_EXE, SECRET_MINIO_BUCKET_ACCESS_LEN, SECRET_MINIO_BUCKET_SECRET_LEN}; use crate::constants::{MC_EXE, SECRET_MINIO_BUCKET_ACCESS_LEN, SECRET_MINIO_BUCKET_SECRET_LEN};
use crate::crd::{BucketRetention, MinioBucketSpec, RetentionType}; use crate::crd::{BucketRetention, MinioBucketSpec, RetentionType};
use crate::temp;
use crate::utils::rand_str; use crate::utils::rand_str;
const MC_ALIAS_NAME: &str = "managedminioinst"; const MC_ALIAS_NAME: &str = "managedminioinst";
@@ -174,7 +173,7 @@ impl MinioService {
{ {
log::debug!("exec_mc_cmd with args {:?}", args); log::debug!("exec_mc_cmd with args {:?}", args);
let conf_dir = temp::create_temp_dir()?; let conf_dir = mktemp::Temp::new_dir()?;
let global_flags = ["--config-dir", conf_dir.to_str().unwrap(), "--json"]; let global_flags = ["--config-dir", conf_dir.to_str().unwrap(), "--json"];
// First, set our alias to mc in a temporary directory // First, set our alias to mc in a temporary directory
@@ -262,7 +261,7 @@ impl MinioService {
} }
let res = self.exec_mc_cmd::<BasicMinioResult>(&args).await?; let res = self.exec_mc_cmd::<BasicMinioResult>(&args).await?;
if res.first().map(|r| r.success()) != Some(true) { if res.get(0).map(|r| r.success()) != Some(true) {
return Err(MinioError::MakeBucketFailed.into()); return Err(MinioError::MakeBucketFailed.into());
} }
@@ -293,7 +292,7 @@ impl MinioService {
]) ])
.await?; .await?;
if res.first().map(|r| r.success()) != Some(true) { if res.get(0).map(|r| r.success()) != Some(true) {
return Err(MinioError::SetQuotaFailed.into()); return Err(MinioError::SetQuotaFailed.into());
} }
Ok(()) Ok(())
@@ -331,7 +330,7 @@ impl MinioService {
]) ])
.await?; .await?;
if res.first().map(|r| r.success()) != Some(true) { if res.get(0).map(|r| r.success()) != Some(true) {
return Err(MinioError::SetAnonymousAcccessFailed.into()); return Err(MinioError::SetAnonymousAcccessFailed.into());
} }
@@ -368,7 +367,7 @@ impl MinioService {
.await? .await?
}; };
if res.first().map(|r| r.success()) != Some(true) { if res.get(0).map(|r| r.success()) != Some(true) {
return Err(MinioError::SetQuotaFailed.into()); return Err(MinioError::SetQuotaFailed.into());
} }
Ok(()) Ok(())
@@ -416,7 +415,7 @@ impl MinioService {
.await? .await?
}; };
if res.first().map(|r| r.success()) != Some(true) { if res.get(0).map(|r| r.success()) != Some(true) {
return Err(MinioError::SetRetentionFailed.into()); return Err(MinioError::SetRetentionFailed.into());
} }
@@ -459,7 +458,7 @@ impl MinioService {
/// Apply a bucket policy /// Apply a bucket policy
pub async fn policy_apply(&self, name: &str, content: &str) -> anyhow::Result<()> { pub async fn policy_apply(&self, name: &str, content: &str) -> anyhow::Result<()> {
let tmp_file = temp::create_temp_file()?; let tmp_file = mktemp::Temp::new_file()?;
std::fs::write(&tmp_file, content)?; std::fs::write(&tmp_file, content)?;
let res = self let res = self
@@ -473,7 +472,7 @@ impl MinioService {
]) ])
.await?; .await?;
if res.first().map(|r| r.success()) != Some(true) { if res.get(0).map(|r| r.success()) != Some(true) {
return Err(MinioError::ApplyPolicyFailed.into()); return Err(MinioError::ApplyPolicyFailed.into());
} }
@@ -513,7 +512,7 @@ impl MinioService {
]) ])
.await?; .await?;
if res.first().map(|r| r.success()) != Some(true) { if res.get(0).map(|r| r.success()) != Some(true) {
return Err(MinioError::CreateUserFailed.into()); return Err(MinioError::CreateUserFailed.into());
} }
@@ -553,7 +552,7 @@ impl MinioService {
]) ])
.await?; .await?;
if res.first().map(|r| r.success()) != Some(true) { if res.get(0).map(|r| r.success()) != Some(true) {
return Err(MinioError::CreateUserFailed.into()); return Err(MinioError::CreateUserFailed.into());
} }
@@ -580,7 +579,7 @@ impl MinioService {
.userMappings; .userMappings;
if let Some(mapping) = res { if let Some(mapping) = res {
if let Some(e) = mapping.first() { if let Some(e) = mapping.get(0) {
return Ok(e.policies.clone()); return Ok(e.policies.clone());
} }
} }

3
src/minio_test_server.rs
View File

@@ -3,7 +3,6 @@
//! Used for testing only //! Used for testing only
use crate::minio::MinioService; use crate::minio::MinioService;
use crate::temp;
use crate::utils::rand_str; use crate::utils::rand_str;
use rand::RngCore; use rand::RngCore;
use std::io::ErrorKind; use std::io::ErrorKind;
@@ -21,7 +20,7 @@ pub struct MinioTestServer {
impl MinioTestServer { impl MinioTestServer {
pub async fn start() -> anyhow::Result<Self> { pub async fn start() -> anyhow::Result<Self> {
let storage_dir = temp::create_temp_dir()?; let storage_dir = mktemp::Temp::new_dir()?;
let root_user = rand_str(30); let root_user = rand_str(30);
let root_password = rand_str(30); let root_password = rand_str(30);

26
src/temp.rs
View File

@@ -1,26 +0,0 @@
use std::path::{Path, PathBuf};
/// Get the directory where temp files should be created
fn temp_path() -> Option<PathBuf> {
std::env::var("TEMP_DIR")
.as_deref()
.ok()
.map(Path::new)
.map(|p| p.to_path_buf())
}
/// Create a temporary directory
pub fn create_temp_dir() -> std::io::Result<mktemp::Temp> {
match temp_path() {
None => mktemp::Temp::new_dir(),
Some(p) => mktemp::Temp::new_dir_in(p),
}
}
/// Create a temporary file
pub fn create_temp_file() -> std::io::Result<mktemp::Temp> {
match temp_path() {
None => mktemp::Temp::new_file(),
Some(p) => mktemp::Temp::new_file_in(p),
}
}

17
yaml/deployment.yaml
View File

@@ -13,10 +13,10 @@ metadata:
name: minio-operator name: minio-operator
namespace: default namespace: default
rules: rules:
- apiGroups: ["communiquons.org"] - apiGroups: ["communiquons.org"]
resources: ["minioinstances", "miniobuckets"] resources: ["minioinstances", "miniobuckets"]
verbs: ["get", "list", "watch"] verbs: ["get", "list", "watch"]
- apiGroups: [""] - apiGroups: [""]
resources: ["secrets"] resources: ["secrets"]
verbs: ["get", "create"] verbs: ["get", "create"]
--- ---
@@ -26,7 +26,7 @@ metadata:
name: minio-operator name: minio-operator
namespace: default namespace: default
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: minio-operator name: minio-operator
namespace: default namespace: default
roleRef: roleRef:
@@ -63,19 +63,8 @@ spec:
requests: requests:
memory: 150Mi memory: 150Mi
cpu: "0.01" cpu: "0.01"
volumeMounts:
- mountPath: /tmp
readOnly: false
name: tempdir
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
capabilities: capabilities:
drop: drop:
- ALL - ALL
volumes:
- name: tempdir
emptyDir:
sizeLimit: 500Mi