Skip to content

Commit 7710df6

Browse files
authored
Add imagePullSecretsName field on Add Tenant request (#227)
1 parent 63e1c55 commit 7710df6

File tree

4 files changed

+97
-75
lines changed

4 files changed

+97
-75
lines changed

models/create_tenant_request.go

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

restapi/admin_tenants.go

Lines changed: 84 additions & 75 deletions
Original file line numberDiff line numberDiff line change
@@ -334,7 +334,8 @@ func getListTenantsResponse(session *models.Principal, params admin_api.ListTena
334334
}
335335

336336
func getTenantCreatedResponse(session *models.Principal, params admin_api.CreateTenantParams) (*models.CreateTenantResponse, error) {
337-
minioImage := params.Body.Image
337+
tenantReq := params.Body
338+
minioImage := tenantReq.Image
338339

339340
if minioImage == "" {
340341
minImg, err := cluster.GetMinioImage()
@@ -349,20 +350,20 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
349350
return nil, err
350351
}
351352

352-
ns := *params.Body.Namespace
353+
ns := *tenantReq.Namespace
353354

354355
// if access/secret are provided, use them, else create a random pair
355356
accessKey := RandomCharString(16)
356357
secretKey := RandomCharString(32)
357358

358-
if params.Body.AccessKey != "" {
359-
accessKey = params.Body.AccessKey
359+
if tenantReq.AccessKey != "" {
360+
accessKey = tenantReq.AccessKey
360361
}
361-
if params.Body.SecretKey != "" {
362-
secretKey = params.Body.SecretKey
362+
if tenantReq.SecretKey != "" {
363+
secretKey = tenantReq.SecretKey
363364
}
364365

365-
secretName := fmt.Sprintf("%s-secret", *params.Body.Name)
366+
secretName := fmt.Sprintf("%s-secret", *tenantReq.Name)
366367
imm := true
367368

368369
instanceSecret := corev1.Secret{
@@ -384,7 +385,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
384385
//Construct a MinIO Instance with everything we are getting from parameters
385386
minInst := operator.Tenant{
386387
ObjectMeta: metav1.ObjectMeta{
387-
Name: *params.Body.Name,
388+
Name: *tenantReq.Name,
388389
},
389390
Spec: operator.TenantSpec{
390391
Image: minioImage,
@@ -397,15 +398,15 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
397398
}
398399
idpEnabled := false
399400
// Enable IDP (Active Directory) for MinIO
400-
if params.Body.Idp != nil && params.Body.Idp.ActiveDirectory != nil {
401-
url := *params.Body.Idp.ActiveDirectory.URL
402-
userNameFormat := *params.Body.Idp.ActiveDirectory.UsernameFormat
403-
userSearchFilter := *params.Body.Idp.ActiveDirectory.UserSearchFilter
404-
tlsSkipVerify := params.Body.Idp.ActiveDirectory.SkipSslVerification
405-
serverInsecure := params.Body.Idp.ActiveDirectory.ServerInsecure
406-
groupSearchDN := params.Body.Idp.ActiveDirectory.GroupSearchBaseDn
407-
groupSearchFilter := params.Body.Idp.ActiveDirectory.GroupSearchFilter
408-
groupNameAttribute := params.Body.Idp.ActiveDirectory.GroupNameAttribute
401+
if tenantReq.Idp != nil && tenantReq.Idp.ActiveDirectory != nil {
402+
url := *tenantReq.Idp.ActiveDirectory.URL
403+
userNameFormat := *tenantReq.Idp.ActiveDirectory.UsernameFormat
404+
userSearchFilter := *tenantReq.Idp.ActiveDirectory.UserSearchFilter
405+
tlsSkipVerify := tenantReq.Idp.ActiveDirectory.SkipSslVerification
406+
serverInsecure := tenantReq.Idp.ActiveDirectory.ServerInsecure
407+
groupSearchDN := tenantReq.Idp.ActiveDirectory.GroupSearchBaseDn
408+
groupSearchFilter := tenantReq.Idp.ActiveDirectory.GroupSearchFilter
409+
groupNameAttribute := tenantReq.Idp.ActiveDirectory.GroupNameAttribute
409410
if url != "" && userNameFormat != "" && userSearchFilter != "" {
410411
// CONSOLE_LDAP_ENABLED
411412
idpEnabled = true
@@ -449,24 +450,24 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
449450

450451
// operator request AutoCert feature
451452
encryption := false
452-
if params.Body.EnableSsl != nil {
453+
if tenantReq.EnableSsl != nil {
453454
encryption = true
454-
minInst.Spec.RequestAutoCert = *params.Body.EnableSsl
455+
minInst.Spec.RequestAutoCert = *tenantReq.EnableSsl
455456
}
456457

457458
// User provided TLS certificates (this will take priority over autoCert)
458-
if params.Body.TLS != nil && params.Body.TLS.Crt != nil && params.Body.TLS.Key != nil {
459+
if tenantReq.TLS != nil && tenantReq.TLS.Crt != nil && tenantReq.TLS.Key != nil {
459460
encryption = true
460461
externalTLSCertificateSecretName := fmt.Sprintf("%s-instance-external-certificates", secretName)
461462
// disable autoCert
462463
minInst.Spec.RequestAutoCert = false
463464

464-
tlsCrt, err := base64.StdEncoding.DecodeString(*params.Body.TLS.Crt)
465+
tlsCrt, err := base64.StdEncoding.DecodeString(*tenantReq.TLS.Crt)
465466
if err != nil {
466467
return nil, err
467468
}
468469

469-
tlsKey, err := base64.StdEncoding.DecodeString(*params.Body.TLS.Key)
470+
tlsKey, err := base64.StdEncoding.DecodeString(*tenantReq.TLS.Key)
470471
if err != nil {
471472
return nil, err
472473
}
@@ -493,19 +494,19 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
493494
}
494495
}
495496

496-
if params.Body.Encryption != nil && encryption {
497+
if tenantReq.Encryption != nil && encryption {
497498
// Enable auto encryption
498499
minInst.Spec.Env = append(minInst.Spec.Env, corev1.EnvVar{
499500
Name: "MINIO_KMS_AUTO_ENCRYPTION",
500501
Value: "on",
501502
})
502503

503-
if params.Body.Encryption.MasterKey != "" {
504+
if tenantReq.Encryption.MasterKey != "" {
504505
// Configure MinIO to use MINIO_KMS_MASTER_KEY legacy key
505506
// https://docs.min.io/docs/minio-vault-legacy.html
506507
minInst.Spec.Env = append(minInst.Spec.Env, corev1.EnvVar{
507508
Name: "MINIO_KMS_MASTER_KEY",
508-
Value: params.Body.Encryption.MasterKey,
509+
Value: tenantReq.Encryption.MasterKey,
509510
})
510511
} else {
511512
// KES configuration for Tenant instance
@@ -515,16 +516,16 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
515516
Metadata: nil,
516517
}
517518
// Using custom image for KES
518-
if params.Body.Encryption.Image != "" {
519-
minInst.Spec.KES.Image = params.Body.Encryption.Image
519+
if tenantReq.Encryption.Image != "" {
520+
minInst.Spec.KES.Image = tenantReq.Encryption.Image
520521
}
521522
// Secret to store KES server TLS certificates
522523
// TODO check if AutoCert it's already configured
523-
serverTLSCrt, err := base64.StdEncoding.DecodeString(*params.Body.Encryption.Server.Crt)
524+
serverTLSCrt, err := base64.StdEncoding.DecodeString(*tenantReq.Encryption.Server.Crt)
524525
if err != nil {
525526
return nil, err
526527
}
527-
serverTLSKey, err := base64.StdEncoding.DecodeString(*params.Body.Encryption.Server.Key)
528+
serverTLSKey, err := base64.StdEncoding.DecodeString(*tenantReq.Encryption.Server.Key)
528529
if err != nil {
529530
return nil, err
530531
}
@@ -551,11 +552,11 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
551552
}
552553

553554
// Secret to store KES clients TLS certificates (mTLS authentication)
554-
clientTLSCrt, err := base64.StdEncoding.DecodeString(*params.Body.Encryption.Client.Crt)
555+
clientTLSCrt, err := base64.StdEncoding.DecodeString(*tenantReq.Encryption.Client.Crt)
555556
if err != nil {
556557
return nil, err
557558
}
558-
clientTLSKey, err := base64.StdEncoding.DecodeString(*params.Body.Encryption.Client.Key)
559+
clientTLSKey, err := base64.StdEncoding.DecodeString(*tenantReq.Encryption.Client.Key)
559560
if err != nil {
560561
return nil, err
561562
}
@@ -621,66 +622,66 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
621622
Keys: kes.Keys{},
622623
}
623624
// if encryption is enabled and encryption is configured to use Vault
624-
if params.Body.Encryption.Vault != nil {
625+
if tenantReq.Encryption.Vault != nil {
625626
// Initialize Vault Config
626627
kesConfig.Keys.Vault = &kes.Vault{
627-
Endpoint: *params.Body.Encryption.Vault.Endpoint,
628-
EnginePath: params.Body.Encryption.Vault.Engine,
629-
Namespace: params.Body.Encryption.Vault.Namespace,
630-
Prefix: params.Body.Encryption.Vault.Prefix,
628+
Endpoint: *tenantReq.Encryption.Vault.Endpoint,
629+
EnginePath: tenantReq.Encryption.Vault.Engine,
630+
Namespace: tenantReq.Encryption.Vault.Namespace,
631+
Prefix: tenantReq.Encryption.Vault.Prefix,
631632
Status: &kes.VaultStatus{
632633
Ping: 10 * time.Second,
633634
},
634635
}
635636
// Vault AppRole credentials
636-
if params.Body.Encryption.Vault.Approle != nil {
637+
if tenantReq.Encryption.Vault.Approle != nil {
637638
kesConfig.Keys.Vault.AppRole = &kes.AppRole{
638-
EnginePath: params.Body.Encryption.Vault.Approle.Engine,
639-
ID: *params.Body.Encryption.Vault.Approle.ID,
640-
Secret: *params.Body.Encryption.Vault.Approle.Secret,
639+
EnginePath: tenantReq.Encryption.Vault.Approle.Engine,
640+
ID: *tenantReq.Encryption.Vault.Approle.ID,
641+
Secret: *tenantReq.Encryption.Vault.Approle.Secret,
641642
Retry: 15 * time.Second,
642643
}
643644
} else {
644645
return nil, errors.New("approle credentials missing for kes")
645646
}
646-
} else if params.Body.Encryption.Aws != nil {
647+
} else if tenantReq.Encryption.Aws != nil {
647648
// Initialize AWS
648649
kesConfig.Keys.Aws = &kes.Aws{
649650
SecretsManager: &kes.AwsSecretManager{},
650651
}
651652
// AWS basic configuration
652-
if params.Body.Encryption.Aws.Secretsmanager != nil {
653-
kesConfig.Keys.Aws.SecretsManager.Endpoint = *params.Body.Encryption.Aws.Secretsmanager.Endpoint
654-
kesConfig.Keys.Aws.SecretsManager.Region = *params.Body.Encryption.Aws.Secretsmanager.Region
655-
kesConfig.Keys.Aws.SecretsManager.KmsKey = params.Body.Encryption.Aws.Secretsmanager.Kmskey
653+
if tenantReq.Encryption.Aws.Secretsmanager != nil {
654+
kesConfig.Keys.Aws.SecretsManager.Endpoint = *tenantReq.Encryption.Aws.Secretsmanager.Endpoint
655+
kesConfig.Keys.Aws.SecretsManager.Region = *tenantReq.Encryption.Aws.Secretsmanager.Region
656+
kesConfig.Keys.Aws.SecretsManager.KmsKey = tenantReq.Encryption.Aws.Secretsmanager.Kmskey
656657
// AWS credentials
657-
if params.Body.Encryption.Aws.Secretsmanager.Credentials != nil {
658+
if tenantReq.Encryption.Aws.Secretsmanager.Credentials != nil {
658659
kesConfig.Keys.Aws.SecretsManager.Login = &kes.AwsSecretManagerLogin{
659-
AccessKey: *params.Body.Encryption.Aws.Secretsmanager.Credentials.Accesskey,
660-
SecretKey: *params.Body.Encryption.Aws.Secretsmanager.Credentials.Secretkey,
661-
SessionToken: params.Body.Encryption.Aws.Secretsmanager.Credentials.Token,
660+
AccessKey: *tenantReq.Encryption.Aws.Secretsmanager.Credentials.Accesskey,
661+
SecretKey: *tenantReq.Encryption.Aws.Secretsmanager.Credentials.Secretkey,
662+
SessionToken: tenantReq.Encryption.Aws.Secretsmanager.Credentials.Token,
662663
}
663664
}
664665
}
665-
} else if params.Body.Encryption.Gemalto != nil {
666+
} else if tenantReq.Encryption.Gemalto != nil {
666667
// Initialize Gemalto
667668
kesConfig.Keys.Gemalto = &kes.Gemalto{
668669
KeySecure: &kes.GemaltoKeySecure{},
669670
}
670671
// Gemalto Configuration
671-
if params.Body.Encryption.Gemalto.Keysecure != nil {
672-
kesConfig.Keys.Gemalto.KeySecure.Endpoint = *params.Body.Encryption.Gemalto.Keysecure.Endpoint
672+
if tenantReq.Encryption.Gemalto.Keysecure != nil {
673+
kesConfig.Keys.Gemalto.KeySecure.Endpoint = *tenantReq.Encryption.Gemalto.Keysecure.Endpoint
673674
// Gemalto TLS configuration
674-
if params.Body.Encryption.Gemalto.Keysecure.TLS != nil {
675+
if tenantReq.Encryption.Gemalto.Keysecure.TLS != nil {
675676
kesConfig.Keys.Gemalto.KeySecure.TLS = &kes.GemaltoTLS{
676-
CAPath: *params.Body.Encryption.Gemalto.Keysecure.TLS.Ca,
677+
CAPath: *tenantReq.Encryption.Gemalto.Keysecure.TLS.Ca,
677678
}
678679
}
679680
// Gemalto Login
680-
if params.Body.Encryption.Gemalto.Keysecure.Credentials != nil {
681+
if tenantReq.Encryption.Gemalto.Keysecure.Credentials != nil {
681682
kesConfig.Keys.Gemalto.KeySecure.Credentials = &kes.GemaltoCredentials{
682-
Token: *params.Body.Encryption.Gemalto.Keysecure.Credentials.Token,
683-
Domain: *params.Body.Encryption.Gemalto.Keysecure.Credentials.Domain,
683+
Token: *tenantReq.Encryption.Gemalto.Keysecure.Credentials.Token,
684+
Domain: *tenantReq.Encryption.Gemalto.Keysecure.Credentials.Domain,
684685
Retry: 15 * time.Second,
685686
}
686687
}
@@ -718,12 +719,12 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
718719
var consoleSecret string
719720

720721
enableConsole := true
721-
if params.Body.EnableConsole != nil {
722-
enableConsole = *params.Body.EnableConsole
722+
if tenantReq.EnableConsole != nil {
723+
enableConsole = *tenantReq.EnableConsole
723724
}
724725

725726
if enableConsole {
726-
consoleSelector := fmt.Sprintf("%s-console", *params.Body.Name)
727+
consoleSelector := fmt.Sprintf("%s-console", *tenantReq.Name)
727728
consoleSecretName := fmt.Sprintf("%s-secret", consoleSelector)
728729
consoleAccess = RandomCharString(16)
729730
consoleSecret = RandomCharString(32)
@@ -743,10 +744,10 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
743744
}
744745

745746
// Enable IDP (Open ID Connect) for console
746-
if !idpEnabled && params.Body.Idp != nil && params.Body.Idp.Oidc != nil {
747-
url := *params.Body.Idp.Oidc.URL
748-
clientID := *params.Body.Idp.Oidc.ClientID
749-
secretID := *params.Body.Idp.Oidc.SecretID
747+
if !idpEnabled && tenantReq.Idp != nil && tenantReq.Idp.Oidc != nil {
748+
url := *tenantReq.Idp.Oidc.URL
749+
clientID := *tenantReq.Idp.Oidc.ClientID
750+
secretID := *tenantReq.Idp.Oidc.SecretID
750751
if url != "" && clientID != "" && secretID != "" {
751752
instanceSecret.Data["CONSOLE_IDP_URL"] = []byte(url)
752753
instanceSecret.Data["CONSOLE_IDP_CLIENT_ID"] = []byte(clientID)
@@ -782,11 +783,11 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
782783
}
783784

784785
// set the service name if provided
785-
if params.Body.ServiceName != "" {
786-
minInst.Spec.ServiceName = params.Body.ServiceName
786+
if tenantReq.ServiceName != "" {
787+
minInst.Spec.ServiceName = tenantReq.ServiceName
787788
}
788789
// set the zones if they are provided
789-
for _, zone := range params.Body.Zones {
790+
for _, zone := range tenantReq.Zones {
790791
zone, err := parseTenantZoneRequest(zone)
791792
if err != nil {
792793
return nil, err
@@ -795,15 +796,22 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
795796
}
796797

797798
// Set Mount Path if provided
798-
if params.Body.MounthPath != "" {
799-
minInst.Spec.Mountpath = params.Body.MounthPath
799+
if tenantReq.MounthPath != "" {
800+
minInst.Spec.Mountpath = tenantReq.MounthPath
800801
}
801802
// add annotations
802-
if len(params.Body.Annotations) > 0 {
803+
if len(tenantReq.Annotations) > 0 {
803804
if minInst.Spec.Metadata == nil {
804805
minInst.Spec.Metadata = &metav1.ObjectMeta{}
805806
}
806-
minInst.Spec.Metadata.Annotations = params.Body.Annotations
807+
minInst.Spec.Metadata.Annotations = tenantReq.Annotations
808+
}
809+
810+
// Set Image Pull Secrets Name if defined
811+
if tenantReq.ImagePullSecretsName != "" {
812+
minInst.Spec.ImagePullSecret = corev1.LocalObjectReference{
813+
Name: tenantReq.ImagePullSecretsName,
814+
}
807815
}
808816

809817
opClient, err := cluster.OperatorClient(session.SessionToken)
@@ -818,7 +826,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
818826

819827
// Integratrions
820828
if os.Getenv("GKE_INTEGRATION") != "" {
821-
err := gkeIntegration(clientset, *params.Body.Name, ns, session.SessionToken)
829+
err := gkeIntegration(clientset, *tenantReq.Name, ns, session.SessionToken)
822830
if err != nil {
823831
return nil, err
824832
}
@@ -829,9 +837,10 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
829837
}
830838
// Attach Console Credentials
831839
if enableConsole {
832-
response.Console = &models.CreateTenantResponseConsole{}
833-
response.Console.AccessKey = consoleAccess
834-
response.Console.SecretKey = consoleSecret
840+
response.Console = &models.CreateTenantResponseConsole{
841+
AccessKey: consoleAccess,
842+
SecretKey: consoleSecret,
843+
}
835844
}
836845
return response, nil
837846
}

restapi/embedded_spec.go

Lines changed: 6 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)