From 093f3c58cc215073aa6490190e91abcb592dd033 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Mon, 30 Sep 2024 12:01:44 +0200 Subject: [PATCH 1/2] chore: Update to operator-rs 0.77.1 and use new S3 structs --- CHANGELOG.md | 4 + Cargo.lock | 420 ++++++++++-------- Cargo.toml | 6 +- deploy/helm/druid-operator/crds/crds.yaml | 95 ++-- rust/crd/src/lib.rs | 65 ++- rust/crd/src/resource.rs | 26 +- rust/crd/src/security.rs | 47 +- .../operator-binary/src/authentication/mod.rs | 19 +- rust/operator-binary/src/druid_controller.rs | 235 +++++----- rust/operator-binary/src/extensions.rs | 8 +- rust/operator-binary/src/internal_secret.rs | 2 +- 11 files changed, 487 insertions(+), 440 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8827fca8..10684808 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,10 @@ All notable changes to this project will be documented in this file. - Replace `lazy_static` with `std::cell::LazyCell` ([#604]). - Promote Druid `30.0.0` to LTS, deprecate `26.0.0` ([#631]). +### Fixed + +- BREAKING: The fields `connection` and `host` on `S3Connection` as well as `bucketName` on `S3Bucket`are now mandatory ([#XXX]). + ### Removed - test: Remove ZooKeeper 3.8.4 ([#621]). diff --git a/Cargo.lock b/Cargo.lock index 560eb32f..9766a2fd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,18 +4,18 @@ version = 3 [[package]] name = "addr2line" -version = "0.22.0" +version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678" +checksum = "f5fb1d8e4442bd405fdfd1dacb42792696b0cf9cb15882e5d097b742a676d375" dependencies = [ "gimli", ] [[package]] -name = "adler" -version = "1.0.2" +name = "adler2" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" +checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627" [[package]] name = "ahash" @@ -96,7 +96,7 @@ version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6d36fc52c7f6c869915e99412912f22093507da8d9e942ceaf66fe4b7c14422a" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -106,14 +106,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5bf74e1b6e971609db8ca7a9ce79fd5768ab6ae46441c572e46cf596f59e57f8" dependencies = [ "anstyle", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "anyhow" -version = "1.0.86" +version = "1.0.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3d1d046238990b9cf5bcde22a3fb3584ee5cf65fb2765f454ed428c7a0063da" +checksum = "86fdf8605db99b54d3cd748a44c6d04df638eb5dafb219b135d0149bd0db01f6" [[package]] name = "async-broadcast" @@ -146,25 +146,25 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] name = "async-trait" -version = "0.1.81" +version = "0.1.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e0c28dcc82d7c8ead5cb13beb15405b57b8546e93215673ff8ca0349a028107" +checksum = "721cae7de5c34fbb2acd27e21e6d2cf7b886dce0c27388d46c4e6c47ea4318dd" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] name = "autocfg" -version = "1.3.0" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" +checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" [[package]] name = "backoff" @@ -179,17 +179,17 @@ dependencies = [ [[package]] name = "backtrace" -version = "0.3.73" +version = "0.3.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a" +checksum = "8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a" dependencies = [ "addr2line", - "cc", "cfg-if", "libc", "miniz_oxide", "object", "rustc-demangle", + "windows-targets", ] [[package]] @@ -264,15 +264,15 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.7.1" +version = "1.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50" +checksum = "428d9aa8fbc0670b7b8d6030a7fadd0f86151cae55e4dbbece15f3780a3dfaf3" [[package]] name = "cc" -version = "1.1.13" +version = "1.1.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72db2f7947ecee9b03b510377e8bb9077afa27176fdbff55c51027e976fdcc48" +checksum = "9540e661f81799159abee814118cc139a2004b3a3aa3ea37724a1b66530b90e0" dependencies = [ "jobserver", "libc", @@ -300,9 +300,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.16" +version = "4.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed6719fffa43d0d87e5fd8caeab59be1554fb028cd30edc88fc4369b17971019" +checksum = "b0956a43b323ac1afaffc053ed5c4b7c1f1800bacd1683c353aabbb752515dd3" dependencies = [ "clap_builder", "clap_derive", @@ -310,9 +310,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.15" +version = "4.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" +checksum = "4d72166dd41634086d5803a47eb71ae740e61d84709c36f3c34110173db3961b" dependencies = [ "anstream", "anstyle", @@ -322,14 +322,14 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.13" +version = "4.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "501d359d5f3dcaf6ecdeee48833ae73ec6e42723a1e52419c79abf9507eec0a0" +checksum = "4ac6a0c7b1a9e9a5186361f67dfa1b88213572f427fb9ab038efb2bd8c582dab" dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -355,18 +355,18 @@ dependencies = [ [[package]] name = "const_format" -version = "0.2.32" +version = "0.2.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3a214c7af3d04997541b18d432afaff4c455e79e2029079647e72fc2bd27673" +checksum = "50c655d81ff1114fb0dcdea9225ea9f0cc712a6f8d189378e82bdf62a473a64b" dependencies = [ "const_format_proc_macros", ] [[package]] name = "const_format_proc_macros" -version = "0.2.32" +version = "0.2.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7f6ff08fd20f4f299298a28e2dfa8a8ba1036e6cd2460ac1de7b425d76f2500" +checksum = "eff1a44b93f47b1bac19a27932f5c591e43d1ba357ee4f61526c8a25603f0eb1" dependencies = [ "proc-macro2", "quote", @@ -391,9 +391,9 @@ checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" [[package]] name = "cpufeatures" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" dependencies = [ "libc", ] @@ -444,7 +444,7 @@ dependencies = [ "proc-macro2", "quote", "strsim", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -455,18 +455,18 @@ checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806" dependencies = [ "darling_core", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] name = "delegate" -version = "0.12.0" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e018fccbeeb50ff26562ece792ed06659b9c2dae79ece77c4456bb10d9bf79b" +checksum = "5060bb0febb73fa907273f8a7ed17ab4bf831d585eac835b28ec24a1e2460956" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -583,8 +583,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "531e46835a22af56d1e3b66f04844bed63158bc094a628bec1d321d9b4c44bf2" dependencies = [ "bit-set", - "regex-automata 0.4.7", - "regex-syntax 0.8.4", + "regex-automata 0.4.8", + "regex-syntax 0.8.5", ] [[package]] @@ -688,7 +688,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -751,9 +751,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.29.0" +version = "0.31.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" +checksum = "32085ea23f3234fc7846555e85283ba4de91e21016dc0455a16286d87a292d64" [[package]] name = "git2" @@ -826,7 +826,7 @@ version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -908,7 +908,7 @@ dependencies = [ "hyper-rustls", "hyper-util", "pin-project-lite", - "rustls-native-certs", + "rustls-native-certs 0.7.3", "tokio", "tokio-rustls", "tower-service", @@ -916,9 +916,9 @@ dependencies = [ [[package]] name = "hyper-rustls" -version = "0.27.2" +version = "0.27.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ee4be2c948921a1a5320b629c4193916ed787a7f7f293fd3f7f5a6c9de74155" +checksum = "08afdbb5c31130e3034af566421053ab03787c640246a446327f550d11bcb333" dependencies = [ "futures-util", "http", @@ -926,7 +926,7 @@ dependencies = [ "hyper-util", "log", "rustls", - "rustls-native-certs", + "rustls-native-certs 0.8.0", "rustls-pki-types", "tokio", "tokio-rustls", @@ -948,9 +948,9 @@ dependencies = [ [[package]] name = "hyper-util" -version = "0.1.7" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cde7055719c54e36e95e8719f95883f22072a48ede39db7fc17a4e1d5281e9b9" +checksum = "41296eb09f183ac68eec06e03cdbea2e759633d4067b2f6552fc2e009bcad08b" dependencies = [ "bytes", "futures-channel", @@ -961,16 +961,15 @@ dependencies = [ "pin-project-lite", "socket2", "tokio", - "tower", "tower-service", "tracing", ] [[package]] name = "iana-time-zone" -version = "0.1.60" +version = "0.1.61" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141" +checksum = "235e081f3925a06703c2d0117ea8b91f042756fd6e7a6e5d901e8ca1a996b220" dependencies = [ "android_system_properties", "core-foundation-sys", @@ -1007,9 +1006,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.4.0" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93ead53efc7ea8ed3cfb0c79fc8023fbb782a5432b52830b6518941cebe6505c" +checksum = "68b900aa2f7301e21c36462b170ee99994de34dff39a4a6a528e80e7376d07e5" dependencies = [ "equivalent", "hashbrown", @@ -1117,9 +1116,9 @@ dependencies = [ [[package]] name = "k8s-openapi" -version = "0.22.0" +version = "0.23.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19501afb943ae5806548bc3ebd7f3374153ca057a38f480ef30adfde5ef09755" +checksum = "9c8847402328d8301354c94d605481f25a6bdc1ed65471fd96af8eca71141b13" dependencies = [ "base64 0.22.1", "chrono", @@ -1131,9 +1130,9 @@ dependencies = [ [[package]] name = "kube" -version = "0.93.1" +version = "0.95.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0365920075af1a2d23619c1ca801c492f2400157de42627f041a061716e76416" +checksum = "fa21063c854820a77c5d7f8deeb7ffa55246d8304e4bcd8cce2956752c6604f8" dependencies = [ "k8s-openapi", "kube-client", @@ -1144,9 +1143,9 @@ dependencies = [ [[package]] name = "kube-client" -version = "0.93.1" +version = "0.95.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d81336eb3a5b10a40c97a5a97ad66622e92bad942ce05ee789edd730aa4f8603" +checksum = "31c2355f5c9d8a11900e71a6fe1e47abd5ec45bf971eb4b162ffe97b46db9bb7" dependencies = [ "base64 0.22.1", "bytes", @@ -1182,9 +1181,9 @@ dependencies = [ [[package]] name = "kube-core" -version = "0.93.1" +version = "0.95.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cce373a74d787d439063cdefab0f3672860bd7bac01a38e39019177e764a0fe6" +checksum = "f3030bd91c9db544a50247e7d48d7db9cf633c172732dce13351854526b1e666" dependencies = [ "chrono", "form_urlencoded", @@ -1193,28 +1192,29 @@ dependencies = [ "k8s-openapi", "schemars", "serde", + "serde-value", "serde_json", "thiserror", ] [[package]] name = "kube-derive" -version = "0.93.1" +version = "0.95.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04a26c9844791e127329be5dce9298b03f9e2ff5939076d5438c92dea5eb78f2" +checksum = "fa98be978eddd70a773aa8e86346075365bfb7eb48783410852dbf7cb57f0c27" dependencies = [ "darling", "proc-macro2", "quote", "serde_json", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] name = "kube-runtime" -version = "0.93.1" +version = "0.95.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b84733c0fed6085c9210b43ffb96248676c1e800d0ba38d15043275a792ffa4" +checksum = "5895cb8aa641ac922408f128b935652b34c2995f16ad7db0984f6caa50217914" dependencies = [ "ahash", "async-broadcast", @@ -1246,9 +1246,9 @@ checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "libc" -version = "0.2.158" +version = "0.2.159" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" +checksum = "561d97a539a36e26a9a5fad1ea11a3039a67714694aaa379433e580854bc3dc5" [[package]] name = "libgit2-sys" @@ -1264,9 +1264,9 @@ dependencies = [ [[package]] name = "libz-sys" -version = "1.1.19" +version = "1.1.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fdc53a7799a7496ebc9fd29f31f7df80e83c9bda5299768af5f9e59eeea74647" +checksum = "d2d16453e800a8cf6dd2fc3eb4bc99b786a9b90c663b8559a5b1a041bf89e472" dependencies = [ "cc", "libc", @@ -1313,11 +1313,11 @@ checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" [[package]] name = "miniz_oxide" -version = "0.7.4" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08" +checksum = "e2d80299ef12ff69b16a84bb182e3b9df68b5a91574d3d4fa6e41b65deec4df1" dependencies = [ - "adler", + "adler2", ] [[package]] @@ -1329,7 +1329,7 @@ dependencies = [ "hermit-abi", "libc", "wasi", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -1369,18 +1369,21 @@ dependencies = [ [[package]] name = "object" -version = "0.36.3" +version = "0.36.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27b64972346851a39438c60b341ebc01bba47464ae329e55cf343eb93964efd9" +checksum = "084f1a5821ac4c651660a94a7153d27ac9d8a53736203f58b31945ded098070a" dependencies = [ "memchr", ] [[package]] name = "once_cell" -version = "1.19.0" +version = "1.20.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" +checksum = "82881c4be219ab5faaf2ad5e5e5ecdff8c66bd7402ca3160975c93b24961afd1" +dependencies = [ + "portable-atomic", +] [[package]] name = "openssl" @@ -1405,7 +1408,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -1476,7 +1479,7 @@ dependencies = [ "lazy_static", "once_cell", "opentelemetry", - "ordered-float 4.2.2", + "ordered-float 4.3.0", "percent-encoding", "rand", "thiserror", @@ -1495,9 +1498,9 @@ dependencies = [ [[package]] name = "ordered-float" -version = "4.2.2" +version = "4.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4a91171844676f8c7990ce64959210cd2eaef32c2612c50f9fae9f8aaa6065a6" +checksum = "44d501f1a72f71d3c063a6bbc8f7271fa73aa09fe5d6283b6571e2ed176a2537" dependencies = [ "num-traits", ] @@ -1510,9 +1513,9 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" [[package]] name = "parking" -version = "2.2.0" +version = "2.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae" +checksum = "f38d5652c16fde515bb1ecef450ab0f6a219d619a7274976324d5e377f7dceba" [[package]] name = "parking_lot" @@ -1555,9 +1558,9 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "pest" -version = "2.7.11" +version = "2.7.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd53dff83f26735fdc1ca837098ccf133605d794cdae66acfc2bfac3ec809d95" +checksum = "fdbef9d1d47087a895abd220ed25eb4ad973a5e26f6a4367b038c25e28dfc2d9" dependencies = [ "memchr", "thiserror", @@ -1566,9 +1569,9 @@ dependencies = [ [[package]] name = "pest_derive" -version = "2.7.11" +version = "2.7.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a548d2beca6773b1c244554d36fcf8548a8a58e74156968211567250e48e49a" +checksum = "4d3a6e3394ec80feb3b6393c725571754c6188490265c61aaf260810d6b95aa0" dependencies = [ "pest", "pest_generator", @@ -1576,22 +1579,22 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.7.11" +version = "2.7.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c93a82e8d145725dcbaf44e5ea887c8a869efdcc28706df2d08c69e17077183" +checksum = "94429506bde1ca69d1b5601962c73f4172ab4726571a59ea95931218cb0e930e" dependencies = [ "pest", "pest_meta", "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] name = "pest_meta" -version = "2.7.11" +version = "2.7.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a941429fea7e08bedec25e4f6785b6ffaacc6b755da98df5ef3e7dcf4a124c4f" +checksum = "ac8a071862e93690b6e34e9a5fb8e33ff3734473ac0245b27232222c4906a33f" dependencies = [ "once_cell", "pest", @@ -1615,7 +1618,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -1632,9 +1635,15 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkg-config" -version = "0.3.30" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2" + +[[package]] +name = "portable-atomic" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" +checksum = "cc9c68a3f6da06753e9335d63e27f6b9754dd1920d941135b7ea8224f141adb2" [[package]] name = "powerfmt" @@ -1653,9 +1662,9 @@ dependencies = [ [[package]] name = "proc-macro-crate" -version = "3.1.0" +version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d37c51ca738a55da99dc0c4a34860fd675453b8b36209178c2249bb13651284" +checksum = "8ecf48c7ca261d60b74ab1a7b20da18bede46776b2e55535cb958eb595c5fa7b" dependencies = [ "toml_edit", ] @@ -1681,15 +1690,15 @@ dependencies = [ "serde", "serde_json", "serde_yaml", - "snafu 0.8.4", + "snafu 0.8.5", "xml-rs", ] [[package]] name = "quote" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -1726,23 +1735,23 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.5.3" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4" +checksum = "9b6dfecf2c74bce2466cabf93f6664d6998a69eb21e39f4207930065b27b771f" dependencies = [ "bitflags 2.6.0", ] [[package]] name = "regex" -version = "1.10.6" +version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619" +checksum = "38200e5ee88914975b69f657f0801b6f6dccafd44fd9326302a4aaeecfacb1d8" dependencies = [ "aho-corasick", "memchr", - "regex-automata 0.4.7", - "regex-syntax 0.8.4", + "regex-automata 0.4.8", + "regex-syntax 0.8.5", ] [[package]] @@ -1756,13 +1765,13 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.7" +version = "0.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" +checksum = "368758f23274712b504848e9d5a6f010445cc8b87a7cdb4d7cbee666c1288da3" dependencies = [ "aho-corasick", "memchr", - "regex-syntax 0.8.4", + "regex-syntax 0.8.5", ] [[package]] @@ -1773,9 +1782,9 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" [[package]] name = "regex-syntax" -version = "0.8.4" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" +checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" [[package]] name = "relative-path" @@ -1795,14 +1804,14 @@ dependencies = [ "libc", "spin", "untrusted", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "rstest" -version = "0.22.0" +version = "0.23.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b423f0e62bdd61734b67cd21ff50871dfaeb9cc74f869dcd6af974fbcb19936" +checksum = "0a2c585be59b6b5dd66a9d2084aa1d8bd52fbdb806eafdeffb52791147862035" dependencies = [ "futures 0.3.30", "futures-timer", @@ -1812,9 +1821,9 @@ dependencies = [ [[package]] name = "rstest_macros" -version = "0.22.0" +version = "0.23.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5e1711e7d14f74b12a58411c542185ef7fb7f2e7f8ee6e2940a883628522b42" +checksum = "825ea780781b15345a146be27eaefb05085e337e869bff01b4306a4fd4a9ad5a" dependencies = [ "cfg-if", "glob", @@ -1824,7 +1833,7 @@ dependencies = [ "regex", "relative-path", "rustc_version", - "syn 2.0.75", + "syn 2.0.79", "unicode-ident", ] @@ -1836,18 +1845,18 @@ checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" [[package]] name = "rustc_version" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" dependencies = [ "semver", ] [[package]] name = "rustls" -version = "0.23.12" +version = "0.23.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c58f8c84392efc0a126acce10fa59ff7b3d2ac06ab451a33f2741989b806b044" +checksum = "f2dabaac7466917e566adb06783a81ca48944c6898a1b08b9374106dd671f4c8" dependencies = [ "log", "once_cell", @@ -1860,9 +1869,22 @@ dependencies = [ [[package]] name = "rustls-native-certs" -version = "0.7.2" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5bfb394eeed242e909609f56089eecfe5fda225042e8b171791b9c95f5931e5" +dependencies = [ + "openssl-probe", + "rustls-pemfile", + "rustls-pki-types", + "schannel", + "security-framework", +] + +[[package]] +name = "rustls-native-certs" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04182dffc9091a404e0fc069ea5cd60e5b866c3adf881eff99a32d048242dffa" +checksum = "fcaf18a4f2be7326cd874a5fa579fae794320a0f388d365dca7e480e55f83f8a" dependencies = [ "openssl-probe", "rustls-pemfile", @@ -1883,15 +1905,15 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.8.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc0a2ce646f8655401bb81e7927b812614bd5d91dbc968696be50603510fcaf0" +checksum = "0e696e35370c65c9c541198af4543ccd580cf17fc25d8e05c5a242b202488c55" [[package]] name = "rustls-webpki" -version = "0.102.6" +version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e6b52d4fda176fd835fdc55a835d4a89b8499cad995885a21149d5ad62f852e" +checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ "ring", "rustls-pki-types", @@ -1912,11 +1934,11 @@ checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" [[package]] name = "schannel" -version = "0.1.23" +version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534" +checksum = "e9aaafd5a2b6e3d657ff009d82fbd630b6bd54dd4eb06f21693925cdf80f9b8b" dependencies = [ - "windows-sys", + "windows-sys 0.59.0", ] [[package]] @@ -1941,7 +1963,7 @@ dependencies = [ "proc-macro2", "quote", "serde_derive_internals", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -1975,9 +1997,9 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.11.1" +version = "2.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75da29fe9b9b08fe9d6b22b5b4bcbc75d8db3aa31e639aa56bb62e9d46bfceaf" +checksum = "ea4a292869320c0272d7bc55a5a6aafaff59b4f63404a003887b679a2e05b4b6" dependencies = [ "core-foundation-sys", "libc", @@ -1991,9 +2013,9 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.208" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cff085d2cb684faa248efb494c39b68e522822ac0de72ccf08109abde717cfb2" +checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" dependencies = [ "serde_derive", ] @@ -2010,13 +2032,13 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.208" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24008e81ff7613ed8e5ba0cfaf24e2c2f1e5b8a0495711e44fcd4882fca62bcf" +checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -2027,14 +2049,14 @@ checksum = "18d26a20a969b9e3fdf2fc2d9f21eda6c40e2de84c9408bb5d3b05d499aae711" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] name = "serde_json" -version = "1.0.125" +version = "1.0.128" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83c8e735a073ccf5be70aa8066aa984eaf2fa000db6c8d0100ae605b366d31ed" +checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" dependencies = [ "itoa", "memchr", @@ -2128,11 +2150,11 @@ dependencies = [ [[package]] name = "snafu" -version = "0.8.4" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b835cb902660db3415a672d862905e791e54d306c6e8189168c7f3d9ae1c79d" +checksum = "223891c85e2a29c3fe8fb900c1fae5e69c2e42415e3177752e8718475efa5019" dependencies = [ - "snafu-derive 0.8.4", + "snafu-derive 0.8.5", ] [[package]] @@ -2148,14 +2170,14 @@ dependencies = [ [[package]] name = "snafu-derive" -version = "0.8.4" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38d1e02fca405f6280643174a50c942219f0bbf4dbf7d480f1dd864d6f211ae5" +checksum = "03c3c6b7927ffe7ecaa769ee0e3994da3b8cafc8f444578982c83ecb161af917" dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -2165,7 +2187,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" dependencies = [ "libc", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -2185,7 +2207,7 @@ dependencies = [ "serde", "serde_json", "serde_yaml", - "snafu 0.8.4", + "snafu 0.8.5", "stackable-operator", "strum", "tokio", @@ -2210,7 +2232,7 @@ dependencies = [ "serde", "serde_json", "serde_yaml", - "snafu 0.8.4", + "snafu 0.8.5", "stackable-druid-crd", "stackable-operator", "strum", @@ -2220,8 +2242,8 @@ dependencies = [ [[package]] name = "stackable-operator" -version = "0.74.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.74.0#c77a5423b66bc1667b63af7d8bec00de88a5303f" +version = "0.77.1" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.77.1#cb4460f38f092ce8b9bc7452efcdd1ccde39f14a" dependencies = [ "chrono", "clap", @@ -2231,6 +2253,7 @@ dependencies = [ "dockerfile-parser", "either", "futures 0.3.30", + "indexmap", "json-patch", "k8s-openapi", "kube", @@ -2243,7 +2266,7 @@ dependencies = [ "serde", "serde_json", "serde_yaml", - "snafu 0.8.4", + "snafu 0.8.5", "stackable-operator-derive", "strum", "tokio", @@ -2257,12 +2280,12 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.74.0#c77a5423b66bc1667b63af7d8bec00de88a5303f" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.77.1#cb4460f38f092ce8b9bc7452efcdd1ccde39f14a" dependencies = [ "darling", "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -2290,7 +2313,7 @@ dependencies = [ "proc-macro2", "quote", "rustversion", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -2312,9 +2335,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.75" +version = "2.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6af063034fc1935ede7be0122941bafa9bacb949334d090b77ca98b5817c7d9" +checksum = "89132cd0bf050864e1d38dc3bbc07a0eb8e7530af26344d3d2bbbef83499f590" dependencies = [ "proc-macro2", "quote", @@ -2323,22 +2346,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.63" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0342370b38b6a11b6cc11d6a805569958d54cfa061a29969c3b5ce2ea405724" +checksum = "d50af8abc119fb8bb6dbabcfa89656f46f84aa0ac7688088608076ad2b459a84" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.63" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" +checksum = "08904e7672f5eb876eaaf87e0ce17857500934f4981c4a0ab2b4aa98baac7fc3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -2421,9 +2444,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.39.3" +version = "1.40.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9babc99b9923bfa4804bd74722ff02c0381021eafa4db9949217e3be8e84fff5" +checksum = "e2b070231665d27ad9ec9b8df639893f46727666c6767db40317fbe920a5d998" dependencies = [ "backtrace", "bytes", @@ -2434,7 +2457,7 @@ dependencies = [ "signal-hook-registry", "socket2", "tokio-macros", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -2445,7 +2468,7 @@ checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -2461,9 +2484,9 @@ dependencies = [ [[package]] name = "tokio-stream" -version = "0.1.15" +version = "0.1.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "267ac89e0bec6e691e5813911606935d77c476ff49024f98abcea3e7b15e37af" +checksum = "4f4e6ce100d0eb49a2734f8c0812bcd324cf357d21810932c5df6b96ef2b86f1" dependencies = [ "futures-core", "pin-project-lite", @@ -2472,9 +2495,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.11" +version = "0.7.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cf6b47b3771c49ac75ad09a6162f53ad4b8088b76ac60e8ec1455b31a189fe1" +checksum = "61e7c3654c13bcd040d4a03abee2c75b1d14a37b423cf5a813ceae1cc903ec6a" dependencies = [ "bytes", "futures-core", @@ -2492,9 +2515,9 @@ checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41" [[package]] name = "toml_edit" -version = "0.21.1" +version = "0.22.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a8534fd7f78b5405e860340ad6575217ce99f38d4d5c8f2442cb5ecb50090e1" +checksum = "4ae48d6208a266e853d946088ed816055e556cc6028c5e8e2b84d9fa5dd7c7f5" dependencies = [ "indexmap", "toml_datetime", @@ -2581,7 +2604,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] @@ -2668,9 +2691,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "ucd-trie" -version = "0.1.6" +version = "0.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed646292ffc8188ef8ea4d1e0e0150fb15a5c2e12ad9b8fc191ae7a8a7f3c4b9" +checksum = "2896d95c02a80c6d6a5d6e953d479f5ddf2dfdb6a244441010e373ac0fb88971" [[package]] name = "unicode-bidi" @@ -2680,24 +2703,24 @@ checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75" [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" [[package]] name = "unicode-normalization" -version = "0.1.23" +version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a56d1686db2308d901306f92a263857ef59ea39678a5458e7cb17f01415101f5" +checksum = "5033c97c4262335cded6d6fc3e5c18ab755e1a3dc96376350f3d8e9f009ad956" dependencies = [ "tinyvec", ] [[package]] name = "unicode-xid" -version = "0.2.5" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "229730647fbc343e3a80e463c1db7f78f3855d3f3739bee0dda773c9a037c90a" +checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" [[package]] name = "unsafe-libyaml" @@ -2784,7 +2807,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", "wasm-bindgen-shared", ] @@ -2806,7 +2829,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2867,6 +2890,15 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets", +] + [[package]] name = "windows-targets" version = "0.52.6" @@ -2933,18 +2965,18 @@ checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" -version = "0.5.40" +version = "0.6.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f593a95398737aeed53e489c785df13f3618e41dbcd6718c6addbf1395aa6876" +checksum = "36c1fec1a2bb5866f07c25f68c26e565c4c200aebb96d7e55710c19d3e8ac49b" dependencies = [ "memchr", ] [[package]] name = "xml-rs" -version = "0.8.21" +version = "0.8.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "539a77ee7c0de333dcc6da69b177380a0b81e0dacfa4f7344c465a36871ee601" +checksum = "af4e2e2f7cba5a093896c1e150fbfe177d1883e7448200efb81d40b9d339ef26" [[package]] name = "zerocopy" @@ -2964,7 +2996,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.79", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index e13392b6..f8ff2cd4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,15 +19,15 @@ indoc = "2.0" openssl = "0.10" product-config = { git = "https://github.com/stackabletech/product-config.git", tag = "0.7.0" } pin-project = "1.1" -rstest = "0.22" +rstest = "0.23" semver = "1.0" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" serde_yaml = "0.9" snafu = "0.8" -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.74.0" } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.77.1" } strum = { version = "0.26", features = ["derive"] } -tokio = { version = "1.38", features = ["full"] } +tokio = { version = "1.40", features = ["full"] } tracing = "0.1" # [patch."https://github.com/stackabletech/operator-rs.git"] diff --git a/deploy/helm/druid-operator/crds/crds.yaml b/deploy/helm/druid-operator/crds/crds.yaml index 7671c61a..a1e148ad 100644 --- a/deploy/helm/druid-operator/crds/crds.yaml +++ b/deploy/helm/druid-operator/crds/crds.yaml @@ -65,10 +65,6 @@ spec: nullable: true type: object x-kubernetes-preserve-unknown-fields: true - required: - - nodeAffinity - - podAffinity - - podAntiAffinity type: object gracefulShutdownTimeout: description: The time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Read more about graceful shutdown in the [graceful shutdown documentation](https://docs.stackable.tech/home/nightly/druid/usage-guide/operations/graceful-shutdown). @@ -287,10 +283,6 @@ spec: nullable: true type: object x-kubernetes-preserve-unknown-fields: true - required: - - nodeAffinity - - podAffinity - - podAntiAffinity type: object gracefulShutdownTimeout: description: The time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Read more about graceful shutdown in the [graceful shutdown documentation](https://docs.stackable.tech/home/nightly/druid/usage-guide/operations/graceful-shutdown). @@ -467,13 +459,10 @@ spec: items: properties: authenticationClass: - description: A name/key which references an authentication class. To get the concrete [`AuthenticationClass`], we must resolve it. This resolution can be achieved by using [`ClientAuthenticationDetails::resolve_class`]. + description: Name of the [AuthenticationClass](https://docs.stackable.tech/home/nightly/concepts/authentication) used to authenticate users. type: string oidc: - description: |- - This field contains authentication provider specific configuration. - - Use [`ClientAuthenticationDetails::oidc_or_error`] to get the value or report an error to the user. + description: This field contains OIDC-specific configuration. It is only required in case OIDC is used. nullable: true properties: clientCredentialsSecret: @@ -549,15 +538,13 @@ spec: - reference properties: inline: - description: An inline definition, containing the S3 bucket properties. + description: S3 bucket specification containing the bucket name and an inlined or referenced connection specification. Learn more on the [S3 concept documentation](https://docs.stackable.tech/home/nightly/concepts/s3). properties: bucketName: description: The name of the S3 bucket. - nullable: true type: string connection: description: The definition of an S3 connection, either inline or as a reference. - nullable: true oneOf: - required: - inline @@ -565,14 +552,14 @@ spec: - reference properties: inline: - description: Inline definition of an S3 connection. + description: S3 connection definition as a resource. Learn more on the [S3 concept documentation](https://docs.stackable.tech/home/nightly/concepts/s3). properties: accessStyle: + default: VirtualHosted description: Which access style to use. Defaults to virtual hosted-style as most of the data products out there. Have a look at the [AWS documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html). enum: - Path - VirtualHosted - nullable: true type: string credentials: description: If the S3 uses authentication you have to specify you S3 credentials. In the most cases a [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) providing `accessKey` and `secretKey` is sufficient. @@ -582,6 +569,12 @@ spec: description: '[Scope](https://docs.stackable.tech/home/nightly/secret-operator/scope) of the [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass).' nullable: true properties: + listenerVolumes: + default: [] + description: The listener volume scope allows Node and Service scopes to be inferred from the applicable listeners. This must correspond to Volume names in the Pod that mount Listeners. + items: + type: string + type: array node: default: false description: The node scope is resolved to the name of the Kubernetes Node object that the Pod is running on. This will typically be the DNS name of the node. @@ -604,8 +597,7 @@ spec: - secretClass type: object host: - description: 'Hostname of the S3 server without any protocol or port. For example: `west1.my-cloud.com`.' - nullable: true + description: 'Host of the S3 server without any protocol or port. For example: `west1.my-cloud.com`.' type: string port: description: Port the S3 server listens on. If not specified the product will determine the port to use. @@ -614,7 +606,7 @@ spec: nullable: true type: integer tls: - description: If you want to use TLS when talking to S3 you can enable TLS encrypted communication with this setting. + description: Use a TLS connection. If not specified no TLS will be used. nullable: true properties: verification: @@ -653,14 +645,17 @@ spec: required: - verification type: object + required: + - host type: object reference: - description: A reference to an S3Connection resource. type: string type: object + required: + - bucketName + - connection type: object reference: - description: A reference to an S3 bucket object. This is simply the name of the `S3Bucket` resource. type: string type: object required: @@ -687,14 +682,14 @@ spec: - reference properties: inline: - description: Inline definition of an S3 connection. + description: S3 connection definition as a resource. Learn more on the [S3 concept documentation](https://docs.stackable.tech/home/nightly/concepts/s3). properties: accessStyle: + default: VirtualHosted description: Which access style to use. Defaults to virtual hosted-style as most of the data products out there. Have a look at the [AWS documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html). enum: - Path - VirtualHosted - nullable: true type: string credentials: description: If the S3 uses authentication you have to specify you S3 credentials. In the most cases a [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) providing `accessKey` and `secretKey` is sufficient. @@ -704,6 +699,12 @@ spec: description: '[Scope](https://docs.stackable.tech/home/nightly/secret-operator/scope) of the [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass).' nullable: true properties: + listenerVolumes: + default: [] + description: The listener volume scope allows Node and Service scopes to be inferred from the applicable listeners. This must correspond to Volume names in the Pod that mount Listeners. + items: + type: string + type: array node: default: false description: The node scope is resolved to the name of the Kubernetes Node object that the Pod is running on. This will typically be the DNS name of the node. @@ -726,8 +727,7 @@ spec: - secretClass type: object host: - description: 'Hostname of the S3 server without any protocol or port. For example: `west1.my-cloud.com`.' - nullable: true + description: 'Host of the S3 server without any protocol or port. For example: `west1.my-cloud.com`.' type: string port: description: Port the S3 server listens on. If not specified the product will determine the port to use. @@ -736,7 +736,7 @@ spec: nullable: true type: integer tls: - description: If you want to use TLS when talking to S3 you can enable TLS encrypted communication with this setting. + description: Use a TLS connection. If not specified no TLS will be used. nullable: true properties: verification: @@ -775,9 +775,10 @@ spec: required: - verification type: object + required: + - host type: object reference: - description: A reference to an S3Connection resource. type: string type: object type: object @@ -904,10 +905,6 @@ spec: nullable: true type: object x-kubernetes-preserve-unknown-fields: true - required: - - nodeAffinity - - podAffinity - - podAntiAffinity type: object gracefulShutdownTimeout: description: The time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Read more about graceful shutdown in the [graceful shutdown documentation](https://docs.stackable.tech/home/nightly/druid/usage-guide/operations/graceful-shutdown). @@ -1126,10 +1123,6 @@ spec: nullable: true type: object x-kubernetes-preserve-unknown-fields: true - required: - - nodeAffinity - - podAffinity - - podAntiAffinity type: object gracefulShutdownTimeout: description: The time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Read more about graceful shutdown in the [graceful shutdown documentation](https://docs.stackable.tech/home/nightly/druid/usage-guide/operations/graceful-shutdown). @@ -1328,10 +1321,6 @@ spec: nullable: true type: object x-kubernetes-preserve-unknown-fields: true - required: - - nodeAffinity - - podAffinity - - podAntiAffinity type: object gracefulShutdownTimeout: description: The time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Read more about graceful shutdown in the [graceful shutdown documentation](https://docs.stackable.tech/home/nightly/druid/usage-guide/operations/graceful-shutdown). @@ -1581,10 +1570,6 @@ spec: nullable: true type: object x-kubernetes-preserve-unknown-fields: true - required: - - nodeAffinity - - podAffinity - - podAntiAffinity type: object gracefulShutdownTimeout: description: The time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Read more about graceful shutdown in the [graceful shutdown documentation](https://docs.stackable.tech/home/nightly/druid/usage-guide/operations/graceful-shutdown). @@ -1806,8 +1791,10 @@ spec: description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string + required: + - name type: object nullable: true type: array @@ -1860,10 +1847,6 @@ spec: nullable: true type: object x-kubernetes-preserve-unknown-fields: true - required: - - nodeAffinity - - podAffinity - - podAntiAffinity type: object gracefulShutdownTimeout: description: The time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Read more about graceful shutdown in the [graceful shutdown documentation](https://docs.stackable.tech/home/nightly/druid/usage-guide/operations/graceful-shutdown). @@ -2082,10 +2065,6 @@ spec: nullable: true type: object x-kubernetes-preserve-unknown-fields: true - required: - - nodeAffinity - - podAffinity - - podAntiAffinity type: object gracefulShutdownTimeout: description: The time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Read more about graceful shutdown in the [graceful shutdown documentation](https://docs.stackable.tech/home/nightly/druid/usage-guide/operations/graceful-shutdown). @@ -2284,10 +2263,6 @@ spec: nullable: true type: object x-kubernetes-preserve-unknown-fields: true - required: - - nodeAffinity - - podAffinity - - podAntiAffinity type: object gracefulShutdownTimeout: description: The time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Read more about graceful shutdown in the [graceful shutdown documentation](https://docs.stackable.tech/home/nightly/druid/usage-guide/operations/graceful-shutdown). @@ -2506,10 +2481,6 @@ spec: nullable: true type: object x-kubernetes-preserve-unknown-fields: true - required: - - nodeAffinity - - podAffinity - - podAntiAffinity type: object gracefulShutdownTimeout: description: The time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Read more about graceful shutdown in the [graceful shutdown documentation](https://docs.stackable.tech/home/nightly/druid/usage-guide/operations/graceful-shutdown). diff --git a/rust/crd/src/lib.rs b/rust/crd/src/lib.rs index 6cd855d0..4f7f202c 100644 --- a/rust/crd/src/lib.rs +++ b/rust/crd/src/lib.rs @@ -22,14 +22,13 @@ use stackable_operator::{ client::Client, commons::{ affinity::StackableAffinity, - authentication::{ - tls::{CaCert, Tls, TlsServerVerification, TlsVerification}, - ClientAuthenticationDetails, - }, + authentication::ClientAuthenticationDetails, cluster_operation::ClusterOperation, product_image_selection::ProductImage, resources::{NoRuntimeLimits, Resources}, - s3::{InlinedS3BucketSpec, S3BucketDef, S3ConnectionDef, S3ConnectionSpec}, + s3::{ + ResolvedS3Connection, S3BucketInlineOrReference, S3ConnectionInlineOrReference, S3Error, + }, }, config::{ fragment::{self, Fragment, FromFragment, ValidationError}, @@ -155,14 +154,10 @@ const DEFAULT_HISTORICAL_GRACEFUL_SHUTDOWN_TIMEOUT: Duration = Duration::from_mi #[allow(clippy::enum_variant_names)] pub enum Error { #[snafu(display("failed to resolve S3 connection"))] - ResolveS3Connection { - source: stackable_operator::commons::s3::Error, - }, + ResolveS3Connection { source: S3Error }, #[snafu(display("failed to resolve S3 bucket"))] - ResolveS3Bucket { - source: stackable_operator::commons::s3::Error, - }, + ResolveS3Bucket { source: S3Error }, #[snafu(display("2 differing s3 connections were given, this is unsupported by Druid"))] IncompatibleS3Connections, @@ -523,19 +518,14 @@ impl DruidRole { pub fn main_container_prepare_commands( &self, - s3_connection: Option<&S3ConnectionSpec>, + s3: Option<&ResolvedS3Connection>, ) -> Vec { let mut commands = vec![]; - if let Some(s3_connection) = s3_connection { - if let Some(Tls { - verification: - TlsVerification::Server(TlsServerVerification { - ca_cert: CaCert::SecretClass(secret_class), - }), - }) = &s3_connection.tls - { - commands.push(format!("keytool -importcert -file {CERTS_DIR}/{secret_class}-tls-certificate/ca.crt -alias stackable-{secret_class} -keystore {STACKABLE_TRUST_STORE} -storepass {STACKABLE_TRUST_STORE_PASSWORD} -noprompt")); + if let Some(s3) = s3 { + if let Some(ca_cert_file) = s3.tls.tls_ca_cert_mount_path() { + // The alias can not clash, as we only support a single S3Connection + commands.push(format!("keytool -importcert -file {ca_cert_file} -alias stackable-s3-ca-cert -keystore {STACKABLE_TRUST_STORE} -storepass {STACKABLE_TRUST_STORE_PASSWORD} -noprompt")); } } @@ -740,7 +730,7 @@ impl DruidCluster { pub async fn get_s3_connection( &self, client: &Client, - ) -> Result, Error> { + ) -> Result, Error> { // retrieve connection for ingestion (can be None) let ingestion_conn = if let Some(ic) = self .spec @@ -750,16 +740,17 @@ impl DruidCluster { .and_then(|is| is.s3connection.as_ref()) { Some( - ic.resolve( - client, - self.namespace() - .context(MissingNamespaceSnafu { - name: &self.name_unchecked(), - })? - .as_ref(), - ) - .await - .context(ResolveS3ConnectionSnafu)?, + ic.clone() + .resolve( + client, + self.namespace() + .context(MissingNamespaceSnafu { + name: &self.name_unchecked(), + })? + .as_ref(), + ) + .await + .context(ResolveS3ConnectionSnafu)?, ) } else { None @@ -768,8 +759,9 @@ impl DruidCluster { // retrieve connection for deep storage (can be None) let storage_conn = match &self.spec.cluster_config.deep_storage { DeepStorageSpec::S3(s3_spec) => { - let inlined_bucket: InlinedS3BucketSpec = s3_spec + let inlined_bucket = s3_spec .bucket + .clone() .resolve( client, self.namespace() @@ -780,7 +772,7 @@ impl DruidCluster { ) .await .context(ResolveS3BucketSnafu)?; - inlined_bucket.connection + Some(inlined_bucket.connection) } _ => None, }; @@ -1061,7 +1053,8 @@ pub struct HdfsDeepStorageSpec { pub struct S3DeepStorageSpec { /// The S3 bucket to use for deep storage. Can either be defined inline or as a reference, /// read the [S3 bucket docs](DOCS_BASE_URL_PLACEHOLDER/concepts/s3) to learn more. - pub bucket: S3BucketDef, + pub bucket: S3BucketInlineOrReference, + /// The `baseKey` is similar to the `directory` in HDFS; it is the root key at which /// Druid will create its deep storage. If no `baseKey` is given, the bucket root /// will be used. @@ -1075,7 +1068,7 @@ pub struct IngestionSpec { /// However, the S3 connection has to be specified in advance and only a single S3 connection is supported. /// S3 connections can either be specified `inline` or as a `reference`. /// Read the [S3 resource concept docs](DOCS_BASE_URL_PLACEHOLDER/concepts/s3) to learn more. - pub s3connection: Option, + pub s3connection: Option, } #[derive(Clone, Debug, Default, Fragment, JsonSchema, PartialEq)] diff --git a/rust/crd/src/resource.rs b/rust/crd/src/resource.rs index 70826aa7..f122a566 100644 --- a/rust/crd/src/resource.rs +++ b/rust/crd/src/resource.rs @@ -5,6 +5,7 @@ use crate::memory::{HistoricalDerivedSettings, RESERVED_OS_MEMORY}; use crate::storage::{self, default_free_percentage_empty_dir_fragment}; use crate::{DruidRole, PATH_SEGMENT_CACHE, PROP_SEGMENT_CACHE_LOCATIONS}; use snafu::{OptionExt, ResultExt, Snafu}; +use stackable_operator::builder; use stackable_operator::memory::MemoryQuantity; use stackable_operator::{ builder::pod::{container::ContainerBuilder, volume::VolumeBuilder, PodBuilder}, @@ -29,14 +30,25 @@ const SEGMENT_CACHE_VOLUME_NAME: &str = "segment-cache"; pub enum Error { #[snafu(display("failed to derive Druid settings from resources"))] DeriveMemorySettings { source: crate::memory::Error }, + #[snafu(display("failed to get memory limits"))] GetMemoryLimit, + #[snafu(display("failed to parse memory quantity"))] ParseMemoryQuantity { source: stackable_operator::memory::Error, }, + #[snafu(display("the operator produced an internally inconsistent state"))] InconsistentConfiguration, + + #[snafu(display("failed to add needed volume"))] + AddVolume { source: builder::pod::Error }, + + #[snafu(display("failed to add needed volumeMount"))] + AddVolumeMount { + source: builder::pod::container::Error, + }, } #[derive(Debug, Clone, PartialEq)] @@ -88,9 +100,14 @@ impl RoleResource { Ok(()) } - pub fn update_volumes_and_volume_mounts(&self, cb: &mut ContainerBuilder, pb: &mut PodBuilder) { + pub fn update_volumes_and_volume_mounts( + &self, + cb: &mut ContainerBuilder, + pb: &mut PodBuilder, + ) -> Result<(), Error> { if let Self::Historical(r) = self { - cb.add_volume_mount(SEGMENT_CACHE_VOLUME_NAME, PATH_SEGMENT_CACHE); + cb.add_volume_mount(SEGMENT_CACHE_VOLUME_NAME, PATH_SEGMENT_CACHE) + .context(AddVolumeMountSnafu)?; pb.add_volume( VolumeBuilder::new(SEGMENT_CACHE_VOLUME_NAME) .empty_dir(EmptyDirVolumeSource { @@ -98,8 +115,11 @@ impl RoleResource { size_limit: Some(r.storage.segment_cache.empty_dir.capacity.clone()), }) .build(), - ); + ) + .context(AddVolumeSnafu)?; } + + Ok(()) } /// Computes the heap and direct access memory sizes per role. The settings can be used to configure diff --git a/rust/crd/src/security.rs b/rust/crd/src/security.rs index 1a25e077..e4b74ad6 100644 --- a/rust/crd/src/security.rs +++ b/rust/crd/src/security.rs @@ -5,13 +5,16 @@ use crate::{ use crate::{STACKABLE_TRUST_STORE, STACKABLE_TRUST_STORE_PASSWORD}; use snafu::{ResultExt, Snafu}; use stackable_operator::{ - builder::pod::{ - container::ContainerBuilder, - volume::{ - SecretFormat, SecretOperatorVolumeSourceBuilder, - SecretOperatorVolumeSourceBuilderError, VolumeBuilder, + builder::{ + self, + pod::{ + container::ContainerBuilder, + volume::{ + SecretFormat, SecretOperatorVolumeSourceBuilder, + SecretOperatorVolumeSourceBuilderError, VolumeBuilder, + }, + PodBuilder, }, - PodBuilder, }, k8s_openapi::{ api::core::v1::{ContainerPort, Probe, ServicePort, TCPSocketAction}, @@ -30,6 +33,14 @@ pub enum Error { SecretVolumeBuild { source: SecretOperatorVolumeSourceBuilderError, }, + + #[snafu(display("failed to add needed volume"))] + AddVolume { source: builder::pod::Error }, + + #[snafu(display("failed to add needed volumeMount"))] + AddVolumeMount { + source: builder::pod::container::Error, + }, } /// Helper struct combining TLS settings for server and internal tls with the resolved AuthenticationClasses @@ -195,18 +206,28 @@ impl DruidTlsSecurity { .context(SecretVolumeBuildSnafu)?, ) .build(), - ); - prepare.add_volume_mount(TLS_MOUNT_VOLUME_NAME, STACKABLE_MOUNT_TLS_DIR); - druid.add_volume_mount(TLS_MOUNT_VOLUME_NAME, STACKABLE_MOUNT_TLS_DIR); + ) + .context(AddVolumeSnafu)?; + prepare + .add_volume_mount(TLS_MOUNT_VOLUME_NAME, STACKABLE_MOUNT_TLS_DIR) + .context(AddVolumeMountSnafu)?; + druid + .add_volume_mount(TLS_MOUNT_VOLUME_NAME, STACKABLE_MOUNT_TLS_DIR) + .context(AddVolumeMountSnafu)?; pod.add_volume( VolumeBuilder::new(TLS_VOLUME_NAME) .with_empty_dir(Option::<&str>::None, None) .build(), - ); - - prepare.add_volume_mount(TLS_VOLUME_NAME, STACKABLE_TLS_DIR); - druid.add_volume_mount(TLS_VOLUME_NAME, STACKABLE_TLS_DIR); + ) + .context(AddVolumeSnafu)?; + + prepare + .add_volume_mount(TLS_VOLUME_NAME, STACKABLE_TLS_DIR) + .context(AddVolumeMountSnafu)?; + druid + .add_volume_mount(TLS_VOLUME_NAME, STACKABLE_TLS_DIR) + .context(AddVolumeMountSnafu)?; } Ok(()) } diff --git a/rust/operator-binary/src/authentication/mod.rs b/rust/operator-binary/src/authentication/mod.rs index 48ab33f4..ad48dc79 100644 --- a/rust/operator-binary/src/authentication/mod.rs +++ b/rust/operator-binary/src/authentication/mod.rs @@ -8,9 +8,14 @@ use stackable_druid_crd::{ }; use stackable_operator::{ builder::pod::{container::ContainerBuilder, PodBuilder}, - commons::authentication::{ - ldap::AuthenticationProvider as LdapAuthenticationProvider, - oidc::{AuthenticationProvider as OidcAuthenticationProvider, ClientAuthenticationOptions}, + commons::{ + authentication::{ + ldap::AuthenticationProvider as LdapAuthenticationProvider, + oidc::{ + AuthenticationProvider as OidcAuthenticationProvider, ClientAuthenticationOptions, + }, + }, + tls_verification::TlsClientDetailsError, }, k8s_openapi::api::core::v1::EnvVar, }; @@ -28,18 +33,20 @@ pub enum Error { CreateLdapEndpointUrl { source: stackable_operator::commons::authentication::ldap::Error, }, + #[snafu(display("failed to create LDAP endpoint url."))] CreateOidcEndpointUrl { source: stackable_operator::commons::authentication::oidc::Error, }, + #[snafu(display("failed to add LDAP Volumes and VolumeMounts to the Pod and containers"))] AddLdapVolumes { source: stackable_operator::commons::authentication::ldap::Error, }, + #[snafu(display("failed to add OIDC Volumes and VolumeMounts to the Pod and containers"))] - AddOidcVolumes { - source: stackable_operator::commons::authentication::tls::TlsClientDetailsError, - }, + AddOidcVolumes { source: TlsClientDetailsError }, + #[snafu(display( "failed to access bind credentials although they are required for LDAP to work" ))] diff --git a/rust/operator-binary/src/druid_controller.rs b/rust/operator-binary/src/druid_controller.rs index 5190d88c..3b0cb936 100644 --- a/rust/operator-binary/src/druid_controller.rs +++ b/rust/operator-binary/src/druid_controller.rs @@ -16,32 +16,29 @@ use stackable_druid_crd::{ authentication::AuthenticationClassesResolved, authorization::DruidAuthorization, build_recommended_labels, build_string_list, security::DruidTlsSecurity, CommonRoleGroupConfig, Container, DeepStorageSpec, DruidCluster, DruidClusterStatus, DruidRole, APP_NAME, - AUTH_AUTHORIZER_OPA_URI, CERTS_DIR, CREDENTIALS_SECRET_PROPERTY, DB_PASSWORD_ENV, - DB_USERNAME_ENV, DRUID_CONFIG_DIRECTORY, DS_BUCKET, EXTENSIONS_LOADLIST, HDFS_CONFIG_DIRECTORY, - JVM_CONFIG, JVM_SECURITY_PROPERTIES_FILE, LOG_CONFIG_DIRECTORY, LOG_DIR, - MAX_DRUID_LOG_FILES_SIZE, RUNTIME_PROPS, RW_CONFIG_DIRECTORY, S3_ACCESS_KEY, S3_ENDPOINT_URL, - S3_PATH_STYLE_ACCESS, S3_SECRET_DIR_NAME, S3_SECRET_KEY, SECRET_KEY_S3_ACCESS_KEY, - SECRET_KEY_S3_SECRET_KEY, ZOOKEEPER_CONNECTION_STRING, + AUTH_AUTHORIZER_OPA_URI, CREDENTIALS_SECRET_PROPERTY, DB_PASSWORD_ENV, DB_USERNAME_ENV, + DRUID_CONFIG_DIRECTORY, DS_BUCKET, EXTENSIONS_LOADLIST, HDFS_CONFIG_DIRECTORY, JVM_CONFIG, + JVM_SECURITY_PROPERTIES_FILE, LOG_CONFIG_DIRECTORY, LOG_DIR, MAX_DRUID_LOG_FILES_SIZE, + RUNTIME_PROPS, RW_CONFIG_DIRECTORY, S3_ACCESS_KEY, S3_ENDPOINT_URL, S3_PATH_STYLE_ACCESS, + S3_SECRET_KEY, ZOOKEEPER_CONNECTION_STRING, }; use stackable_operator::{ builder::{ + self, configmap::ConfigMapBuilder, meta::ObjectMetaBuilder, pod::{ - container::ContainerBuilder, - resources::ResourceRequirementsBuilder, - security::PodSecurityContextBuilder, - volume::{SecretOperatorVolumeSourceBuilder, VolumeBuilder}, - PodBuilder, + container::ContainerBuilder, resources::ResourceRequirementsBuilder, + security::PodSecurityContextBuilder, volume::VolumeBuilder, PodBuilder, }, }, cluster_resources::{ClusterResourceApplyStrategy, ClusterResources}, commons::{ - authentication::tls::{CaCert, TlsVerification}, opa::OpaApiVersion, product_image_selection::ResolvedProductImage, rbac::{build_rbac_resources, service_account_name}, - s3::{S3AccessStyle, S3ConnectionSpec}, + s3::{S3AccessStyle, S3ConnectionSpec, S3Error}, + tls_verification::TlsClientDetailsError, }, k8s_openapi::{ api::{ @@ -60,6 +57,7 @@ use stackable_operator::{ product_config_utils::{transform_all_roles_to_config, validate_all_roles_and_groups_config}, product_logging::{ self, + framework::LoggingError, spec::{ ConfigMapLogConfig, ContainerLogConfig, ContainerLogConfigChoice, CustomContainerLogConfig, @@ -172,10 +170,14 @@ pub enum Error { #[snafu(display("failed to get valid S3 connection"))] GetS3Connection { source: stackable_druid_crd::Error }, + #[snafu(display("failed to configure S3 connection"))] + ConfigureS3 { source: S3Error }, + + #[snafu(display("failed to configure S3 TLS client details"))] + ConfigureS3TlsClientDetails { source: TlsClientDetailsError }, + #[snafu(display("failed to get deep storage bucket"))] - GetDeepStorageBucket { - source: stackable_operator::commons::s3::Error, - }, + GetDeepStorageBucket { source: S3Error }, #[snafu(display( "failed to get ZooKeeper connection string from config map {}", @@ -345,6 +347,17 @@ pub enum Error { GenerateAuthenticationRuntimeSettings { source: crate::authentication::Error, }, + + #[snafu(display("failed to build vector container"))] + BuildVectorContainer { source: LoggingError }, + + #[snafu(display("failed to add needed volume"))] + AddVolume { source: builder::pod::Error }, + + #[snafu(display("failed to add needed volumeMount"))] + AddVolumeMount { + source: builder::pod::container::Error, + }, } type Result = std::result::Result; @@ -413,14 +426,15 @@ pub async fn reconcile_druid(druid: Arc, ctx: Arc) -> Result< .context(GetS3ConnectionSnafu)?; let deep_storage_bucket_name = match &druid.spec.cluster_config.deep_storage { - DeepStorageSpec::S3(s3_spec) => { + DeepStorageSpec::S3(s3_spec) => Some( s3_spec .bucket + .clone() .resolve(client, namespace) .await .context(GetDeepStorageBucketSnafu)? - .bucket_name - } + .bucket_name, + ), _ => None, }; @@ -709,34 +723,26 @@ fn build_rolegroup_config_map( ); }; - if let Some(conn) = s3_conn { - if let Some(endpoint) = conn.endpoint() { - conf.insert(S3_ENDPOINT_URL.to_string(), Some(endpoint)); - } + if let Some(s3) = s3_conn { + conf.insert( + S3_ENDPOINT_URL.to_string(), + Some(s3.endpoint().context(ConfigureS3Snafu)?.to_string()), + ); - if conn.credentials.is_some() { + if let Some((access_key_file, secret_key_file)) = s3.credentials_mount_paths() { conf.insert( S3_ACCESS_KEY.to_string(), - Some(format!( - "${{file:UTF-8:{S3_SECRET_DIR_NAME}/{SECRET_KEY_S3_ACCESS_KEY}}}" - )), + Some(format!("${{file:UTF-8:{access_key_file}}}")), ); conf.insert( S3_SECRET_KEY.to_string(), - Some(format!( - "${{file:UTF-8:{S3_SECRET_DIR_NAME}/{SECRET_KEY_S3_SECRET_KEY}}}" - )), + Some(format!("${{file:UTF-8:{secret_key_file}}}")), ); } - // We did choose a match statement here to detect new access styles in the future - let path_style_access = match conn.access_style.clone().unwrap_or_default() { - S3AccessStyle::Path => true, - S3AccessStyle::VirtualHosted => false, - }; conf.insert( S3_PATH_STYLE_ACCESS.to_string(), - Some(path_style_access.to_string()), + Some((s3.access_style == S3AccessStyle::Path).to_string()), ); } conf.insert( @@ -967,23 +973,32 @@ fn build_rolegroup_statefulset( druid_tls_security .add_tls_volume_and_volume_mounts(&mut cb_prepare, &mut cb_druid, &mut pb) .context(FailedToInitializeSecurityContextSnafu)?; - add_s3_volume_and_volume_mounts(s3_conn, &mut cb_druid, &mut pb)?; - add_config_volume_and_volume_mounts(rolegroup_ref, &mut cb_druid, &mut pb); + + if let Some(s3) = s3_conn { + if s3.tls.uses_tls() && !s3.tls.uses_tls_verification() { + S3TlsNoVerificationNotSupportedSnafu.fail()?; + } + s3.add_volumes_and_mounts(&mut pb, vec![&mut cb_druid]) + .context(ConfigureS3Snafu)?; + } + + add_config_volume_and_volume_mounts(rolegroup_ref, &mut cb_druid, &mut pb)?; add_log_config_volume_and_volume_mounts( rolegroup_ref, merged_rolegroup_config, &mut cb_druid, &mut pb, - ); - add_log_volume_and_volume_mounts(&mut cb_druid, &mut cb_prepare, &mut pb); + )?; + add_log_volume_and_volume_mounts(&mut cb_druid, &mut cb_prepare, &mut pb)?; add_hdfs_cm_volume_and_volume_mounts( &druid.spec.cluster_config.deep_storage, &mut cb_druid, &mut pb, - ); + )?; merged_rolegroup_config .resources - .update_volumes_and_volume_mounts(&mut cb_druid, &mut pb); + .update_volumes_and_volume_mounts(&mut cb_druid, &mut pb) + .context(UpdateDruidConfigFromResourcesSnafu)?; cb_prepare .image_from_product_image(resolved_product_image) @@ -1076,8 +1091,10 @@ fn build_rolegroup_statefulset( ?role, "Adding user specified extra volume", ); - pb.add_volume(volume.clone()); - cb_druid.add_volume_mount(volume_name, mount_point); + pb.add_volume(volume.clone()).context(AddVolumeSnafu)?; + cb_druid + .add_volume_mount(volume_name, mount_point) + .context(AddVolumeMountSnafu)?; } let metadata = ObjectMetaBuilder::new() @@ -1105,21 +1122,24 @@ fn build_rolegroup_statefulset( ); if merged_rolegroup_config.logging.enable_vector_agent { - pb.add_container(product_logging::framework::vector_container( - resolved_product_image, - DRUID_CONFIG_VOLUME_NAME, - LOG_VOLUME_NAME, - merged_rolegroup_config - .logging - .containers - .get(&Container::Vector), - ResourceRequirementsBuilder::new() - .with_cpu_request("250m") - .with_cpu_limit("500m") - .with_memory_request("128Mi") - .with_memory_limit("128Mi") - .build(), - )); + pb.add_container( + product_logging::framework::vector_container( + resolved_product_image, + DRUID_CONFIG_VOLUME_NAME, + LOG_VOLUME_NAME, + merged_rolegroup_config + .logging + .containers + .get(&Container::Vector), + ResourceRequirementsBuilder::new() + .with_cpu_request("250m") + .with_cpu_limit("500m") + .with_memory_request("128Mi") + .with_memory_limit("128Mi") + .build(), + ) + .context(BuildVectorContainerSnafu)?, + ); } let mut pod_template = pb.build_template(); @@ -1172,35 +1192,48 @@ fn add_hdfs_cm_volume_and_volume_mounts( deep_storage_spec: &DeepStorageSpec, cb_druid: &mut ContainerBuilder, pb: &mut PodBuilder, -) { +) -> Result<()> { // hdfs deep storage mount if let DeepStorageSpec::HDFS(hdfs) = deep_storage_spec { - cb_druid.add_volume_mount(HDFS_CONFIG_VOLUME_NAME, HDFS_CONFIG_DIRECTORY); + cb_druid + .add_volume_mount(HDFS_CONFIG_VOLUME_NAME, HDFS_CONFIG_DIRECTORY) + .context(AddVolumeMountSnafu)?; pb.add_volume( VolumeBuilder::new(HDFS_CONFIG_VOLUME_NAME) .with_config_map(&hdfs.config_map_name) .build(), - ); + ) + .context(AddVolumeSnafu)?; } + + Ok(()) } fn add_config_volume_and_volume_mounts( rolegroup_ref: &RoleGroupRef, cb_druid: &mut ContainerBuilder, pb: &mut PodBuilder, -) { - cb_druid.add_volume_mount(DRUID_CONFIG_VOLUME_NAME, DRUID_CONFIG_DIRECTORY); +) -> Result<()> { + cb_druid + .add_volume_mount(DRUID_CONFIG_VOLUME_NAME, DRUID_CONFIG_DIRECTORY) + .context(AddVolumeMountSnafu)?; pb.add_volume( VolumeBuilder::new(DRUID_CONFIG_VOLUME_NAME) .with_config_map(rolegroup_ref.object_name()) .build(), - ); - cb_druid.add_volume_mount(RW_CONFIG_VOLUME_NAME, RW_CONFIG_DIRECTORY); + ) + .context(AddVolumeSnafu)?; + cb_druid + .add_volume_mount(RW_CONFIG_VOLUME_NAME, RW_CONFIG_DIRECTORY) + .context(AddVolumeMountSnafu)?; pb.add_volume( VolumeBuilder::new(RW_CONFIG_VOLUME_NAME) .with_empty_dir(Some(""), None) .build(), - ); + ) + .context(AddVolumeSnafu)?; + + Ok(()) } fn add_log_config_volume_and_volume_mounts( @@ -1208,8 +1241,10 @@ fn add_log_config_volume_and_volume_mounts( merged_rolegroup_config: &CommonRoleGroupConfig, cb_druid: &mut ContainerBuilder, pb: &mut PodBuilder, -) { - cb_druid.add_volume_mount(LOG_CONFIG_VOLUME_NAME, LOG_CONFIG_DIRECTORY); +) -> Result<()> { + cb_druid + .add_volume_mount(LOG_CONFIG_VOLUME_NAME, LOG_CONFIG_DIRECTORY) + .context(AddVolumeMountSnafu)?; let config_map = if let Some(ContainerLogConfig { choice: @@ -1230,16 +1265,23 @@ fn add_log_config_volume_and_volume_mounts( VolumeBuilder::new(LOG_CONFIG_VOLUME_NAME) .with_config_map(config_map) .build(), - ); + ) + .context(AddVolumeSnafu)?; + + Ok(()) } fn add_log_volume_and_volume_mounts( cb_druid: &mut ContainerBuilder, cb_prepare: &mut ContainerBuilder, pb: &mut PodBuilder, -) { - cb_druid.add_volume_mount(LOG_VOLUME_NAME, LOG_DIR); - cb_prepare.add_volume_mount(LOG_VOLUME_NAME, LOG_DIR); +) -> Result<()> { + cb_druid + .add_volume_mount(LOG_VOLUME_NAME, LOG_DIR) + .context(AddVolumeMountSnafu)?; + cb_prepare + .add_volume_mount(LOG_VOLUME_NAME, LOG_DIR) + .context(AddVolumeMountSnafu)?; pb.add_volume( VolumeBuilder::new(LOG_VOLUME_NAME) .with_empty_dir( @@ -1249,51 +1291,8 @@ fn add_log_volume_and_volume_mounts( )), ) .build(), - ); -} - -fn add_s3_volume_and_volume_mounts( - s3_conn: Option<&S3ConnectionSpec>, - cb_druid: &mut ContainerBuilder, - pb: &mut PodBuilder, -) -> Result<()> { - if let Some(s3_conn) = s3_conn { - if let Some(credentials) = &s3_conn.credentials { - pb.add_volume( - credentials - .to_volume("s3-credentials") - .context(S3CredentialsSecretClassVolumeBuildSnafu)?, - ); - cb_druid.add_volume_mount("s3-credentials", S3_SECRET_DIR_NAME); - } - - if let Some(tls) = &s3_conn.tls { - match &tls.verification { - TlsVerification::None {} => return S3TlsNoVerificationNotSupportedSnafu.fail(), - TlsVerification::Server(server_verification) => { - match &server_verification.ca_cert { - CaCert::WebPki {} => {} - CaCert::SecretClass(secret_class) => { - let volume_name = format!("{secret_class}-tls-certificate"); - - let volume = VolumeBuilder::new(&volume_name) - .ephemeral( - SecretOperatorVolumeSourceBuilder::new(secret_class) - .build() - .context(TlsCertSecretClassVolumeBuildSnafu)?, - ) - .build(); - pb.add_volume(volume); - cb_druid.add_volume_mount( - &volume_name, - format!("{CERTS_DIR}/{volume_name}"), - ); - } - } - } - } - } - } + ) + .context(AddVolumeSnafu)?; Ok(()) } diff --git a/rust/operator-binary/src/extensions.rs b/rust/operator-binary/src/extensions.rs index 90dfd76a..847ffc6f 100644 --- a/rust/operator-binary/src/extensions.rs +++ b/rust/operator-binary/src/extensions.rs @@ -73,9 +73,9 @@ mod tests { use stackable_druid_crd::authentication::{ AuthenticationClassResolved, AuthenticationClassesResolved, }; - use stackable_operator::commons::authentication::{ - oidc::{AuthenticationProvider, ClientAuthenticationOptions}, - tls::TlsClientDetails, + use stackable_operator::commons::{ + authentication::oidc::{AuthenticationProvider, ClientAuthenticationOptions}, + tls_verification::TlsClientDetails, }; use super::*; @@ -108,7 +108,7 @@ mod tests { auth_classes: vec![AuthenticationClassResolved::Oidc { auth_class_name: "oidc".to_string(), provider: AuthenticationProvider::new( - "".to_string(), + "my-oidc-provider".to_string().try_into().unwrap(), None, "".to_string(), TlsClientDetails { tls: None }, diff --git a/rust/operator-binary/src/internal_secret.rs b/rust/operator-binary/src/internal_secret.rs index 149f2479..677b5d41 100644 --- a/rust/operator-binary/src/internal_secret.rs +++ b/rust/operator-binary/src/internal_secret.rs @@ -185,7 +185,7 @@ pub fn env_var_from_secret(secret_name: &str, secret_key: Option<&str>, env_var: value_from: Some(EnvVarSource { secret_key_ref: Some(SecretKeySelector { optional: Some(false), - name: Some(secret_name.to_string()), + name: secret_name.to_string(), key: secret_key.unwrap_or(env_var).to_string(), }), ..EnvVarSource::default() From 9f6531c3b3f7ad5a804ad4551946428239976baf Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Mon, 30 Sep 2024 12:08:26 +0200 Subject: [PATCH 2/2] changelog --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 10684808..d432f57f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,7 @@ All notable changes to this project will be documented in this file. ### Fixed -- BREAKING: The fields `connection` and `host` on `S3Connection` as well as `bucketName` on `S3Bucket`are now mandatory ([#XXX]). +- BREAKING: The fields `connection` and `host` on `S3Connection` as well as `bucketName` on `S3Bucket`are now mandatory ([#632]). ### Removed @@ -26,6 +26,7 @@ All notable changes to this project will be documented in this file. [#604]: https://github.com/stackabletech/druid-operator/pull/604 [#621]: https://github.com/stackabletech/druid-operator/pull/621 [#631]: https://github.com/stackabletech/druid-operator/pull/631 +[#632]: https://github.com/stackabletech/druid-operator/pull/632 ## [24.7.0] - 2024-07-24