Change credentials of S3ConnectionSpec to use the common SecretClassVolume struct

Author: sbernauer

CHANGELOG.md

@@ -6,9 +6,11 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
-- `impl Into<Resourcerequirements> for Resources` set's fields to `None` instead of `Some(<empty map>)` when nothing is defined.([#398]).
+- `impl Into<Resourcerequirements> for Resources` set's fields to `None` instead of `Some(<empty map>)` when nothing is defined. ([#398]).
+- BREAKING: Change credentials of `S3ConnectionSpec` to use the common `SecretClassVolume` struct ([#405]).
 
 [#398]: https://github.com/stackabletech/operator-rs/pull/398
+[#405]: https://github.com/stackabletech/operator-rs/pull/405
 
 ## [0.20.0] - 2022-05-13
 

src/builder/pod/volume.rs

@@ -149,6 +149,11 @@ impl VolumeBuilder {
  self
  }
 
+ pub fn ephemeral(&mut self, ephemeral: impl Into<EphemeralVolumeSource>) -> &mut Self {
+ self.volume_source = VolumeSource::Ephemeral(Box::new(ephemeral.into()));
+ self
+ }
+
  /// Consumes the Builder and returns a constructed Volume
  pub fn build(&self) -> Volume {
  let name = self.name.clone();

src/commons/s3.rs

@@ -4,7 +4,7 @@
 //! Operator CRDs are expected to use the [S3BucketDef] as an entry point to this module
 //! and obtain an [InlinedS3BucketSpec] by calling [`S3BucketDef::resolve`].
 //!
-use crate::commons::tls::Tls;
+use crate::commons::{secret_class::SecretClassVolume, tls::Tls};
 use crate::error;
 use crate::{client::Client, error::OperatorResult};
 use kube::CustomResource;
@@ -82,14 +82,6 @@ impl InlinedS3BucketSpec {
  .as_ref()
  .and_then(|connection| connection.endpoint())
  }
-
- /// Shortcut to [S3ConnectionSpec::secret_class]
- pub fn secret_class(&self) -> Option<String> {
- match self.connection.as_ref() {
- Some(conn_spec) => conn_spec.secret_class.clone(),
- _ => None,
- }
- }
 }
 
 /// Operators are expected to define fields for this type in order to work with S3 buckets.
@@ -159,14 +151,23 @@ impl S3ConnectionDef {
 )]
 #[serde(rename_all = "camelCase")]
 pub struct S3ConnectionSpec {
+ /// Hostname of the S3 server without any protocol or port
  #[serde(default, skip_serializing_if = "Option::is_none")]
  pub host: Option<String>,
+ /// Port the S3 server listens on.
+ /// If not specified the products will determine the port to use.
  #[serde(default, skip_serializing_if = "Option::is_none")]
  pub port: Option<u16>,
+ /// Which access style to use.
+ /// Defaults to virtual hosted-style as most of the data products out there.
+ /// Have a look at the official documentation on <https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html>
  #[serde(default, skip_serializing_if = "Option::is_none")]
  pub access_style: Option<S3AccessStyle>,
+ /// If the S3 uses authentication you have to specify you S3 credentials.
+ /// In the most cases a SecretClass providing `accessKey` and `secretKey` is sufficient.
  #[serde(default, skip_serializing_if = "Option::is_none")]
- pub secret_class: Option<String>,
+ pub credentials: Option<SecretClassVolume>,
+ /// If you want to use TLS when talking to S3 you can enable TLS encrypted communication with this setting.
  #[serde(default, skip_serializing_if = "Option::is_none")]
  pub tls: Option<Tls>,
 }
@@ -203,7 +204,9 @@ impl S3ConnectionSpec {
 #[derive(strum::Display, Clone, Debug, Deserialize, JsonSchema, PartialEq, Serialize)]
 #[strum(serialize_all = "PascalCase")]
 pub enum S3AccessStyle {
+ /// Use path-style access as described in <https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#path-style-access>
  Path,
+ /// Use as virtual hosted-style access as described in <https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#virtual-hosted-style-access>
  VirtualHosted,
 }
 
@@ -225,7 +228,7 @@ mod test {
  connection: Some(S3ConnectionDef::Inline(S3ConnectionSpec {
  host: Some("host".to_owned()),
  port: Some(8080),
- secret_class: None,
+ credentials: None,
  access_style: Some(S3AccessStyle::VirtualHosted),
  tls: None,
  })),

src/commons/secret_class.rs

@@ -1,5 +1,5 @@
-use crate::builder::SecretOperatorVolumeSourceBuilder;
-use k8s_openapi::api::core::v1::EphemeralVolumeSource;
+use crate::builder::{SecretOperatorVolumeSourceBuilder, VolumeBuilder};
+use k8s_openapi::api::core::v1::{EphemeralVolumeSource, Volume};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
@@ -13,7 +13,7 @@ pub struct SecretClassVolume {
 }
 
 impl SecretClassVolume {
- pub fn to_ephemeral_volume(&self) -> EphemeralVolumeSource {
+ pub fn to_ephemeral_volume_source(&self) -> EphemeralVolumeSource {
  let mut secret_operator_volume_builder =
  SecretOperatorVolumeSourceBuilder::new(&self.secret_class);
 
@@ -31,6 +31,12 @@ impl SecretClassVolume {
 
  secret_operator_volume_builder.build()
  }
+
+ pub fn to_volume(&self, volume_name: &str) -> Volume {
+ VolumeBuilder::new(volume_name)
+ .ephemeral(self.to_ephemeral_volume_source())
+ .build()
+ }
 }
 
 #[derive(Clone, Debug, Deserialize, Eq, JsonSchema, PartialEq, Serialize)]
@@ -50,16 +56,16 @@ mod tests {
  use std::collections::BTreeMap;
 
  #[test]
- fn test_secret_class_volume_to_csi_volume() {
- let secret_class_volume = SecretClassVolume {
+ fn test_secret_class_volume_to_csi_volume_source() {
+ let secret_class_volume_source = SecretClassVolume {
  secret_class: "myclass".to_string(), // pragma: allowlist secret
  scope: Some(SecretClassVolumeScope {
  pod: true,
  node: false,
  services: vec!["myservice".to_string()],
  }),
  }
- .to_ephemeral_volume();
+ .to_ephemeral_volume_source();
 
  let expected_volume_attributes = BTreeMap::from([
  (
@@ -74,7 +80,7 @@ mod tests {
 
  assert_eq!(
  expected_volume_attributes,
- secret_class_volume
+ secret_class_volume_source
  .volume_claim_template
  .unwrap()
  .metadata