issue-439, implemented opensearch user resource

instaclustr · Jun 29, 2023 · c357afe · c357afe
1 parent 1c7fd8d
commit c357afe
Show file tree

Hide file tree

Showing 19 changed files with 693 additions and 14 deletions.
diff --git a/apis/clusterresources/v1alpha1/opensearchuser_types.go b/apis/clusterresources/v1alpha1/opensearchuser_types.go
@@ -0,0 +1,75 @@
+/*
+Copyright 2022.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/instaclustr/operator/pkg/models"
+)
+
+// OpenSearchUserSpec defines the desired state of OpenSearchUser
+type OpenSearchUserSpec struct {
+	SecretRef *SecretReference `json:"secretRef"`
+}
+
+// OpenSearchUserStatus defines the observed state of OpenSearchUser
+type OpenSearchUserStatus struct {
+	State     string `json:"state"`
+	ClusterID string `json:"clusterId"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// OpenSearchUser is the Schema for the opensearchusers API
+type OpenSearchUser struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   OpenSearchUserSpec   `json:"spec,omitempty"`
+	Status OpenSearchUserStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// OpenSearchUserList contains a list of OpenSearchUser
+type OpenSearchUserList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []OpenSearchUser `json:"items"`
+}
+
+func (u *OpenSearchUser) ToInstaAPI(username, password string) *models.InstaOpenSearchUser {
+	return &models.InstaOpenSearchUser{
+		InstaUser: &models.InstaUser{
+			Username:          username,
+			Password:          password,
+			InitialPermission: "standard",
+		},
+	}
+}
+
+func (u *OpenSearchUser) NewPatch() client.Patch {
+	old := u.DeepCopy()
+	return client.MergeFrom(old)
+}
+
+func init() {
+	SchemeBuilder.Register(&OpenSearchUser{}, &OpenSearchUserList{})
+}
diff --git a/apis/clusterresources/v1alpha1/zz_generated.deepcopy.go b/apis/clusterresources/v1alpha1/zz_generated.deepcopy.go
diff --git a/apis/clusters/v1alpha1/opensearch_types.go b/apis/clusters/v1alpha1/opensearch_types.go
@@ -52,6 +52,7 @@ type OpenSearchSpec struct {
 	IndexManagementPlugin    bool                    `json:"indexManagementPlugin,omitempty"`
 	AlertingPlugin           bool                    `json:"alertingPlugin,omitempty"`
 	BundledUseOnly           bool                    `json:"bundleUseOnly,omitempty"`
+	UserRef                  *UserReference          `json:"userRef,omitempty"`
 }
 
 type OpenSearchDataCentre struct {

diff --git a/apis/clusters/v1alpha1/zz_generated.deepcopy.go b/apis/clusters/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/clusterresources.instaclustr.com_opensearchusers.yaml b/config/crd/bases/clusterresources.instaclustr.com_opensearchusers.yaml
@@ -0,0 +1,66 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.9.2
+  creationTimestamp: null
+  name: opensearchusers.clusterresources.instaclustr.com
+spec:
+  group: clusterresources.instaclustr.com
+  names:
+    kind: OpenSearchUser
+    listKind: OpenSearchUserList
+    plural: opensearchusers
+    singular: opensearchuser
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: OpenSearchUser is the Schema for the opensearchusers API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenSearchUserSpec defines the desired state of OpenSearchUser
+            properties:
+              secretRef:
+                properties:
+                  name:
+                    type: string
+                  namespace:
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - secretRef
+            type: object
+          status:
+            description: OpenSearchUserStatus defines the observed state of OpenSearchUser
+            properties:
+              clusterId:
+                type: string
+              state:
+                type: string
+            required:
+            - clusterId
+            - state
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/config/crd/bases/clusters.instaclustr.com_opensearches.yaml b/config/crd/bases/clusters.instaclustr.com_opensearches.yaml
@@ -212,6 +212,16 @@ spec:
                   - email
                   type: object
                 type: array
+              userRef:
+                properties:
+                  name:
+                    type: string
+                  namespace:
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
               version:
                 type: string
             required:

diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -25,6 +25,7 @@ resources:
 - bases/clusterresources.instaclustr.com_redisusers.yaml
 - bases/clusterresources.instaclustr.com_awsencryptionkeys.yaml
 - bases/clusterresources.instaclustr.com_cassandrausers.yaml
+- bases/clusterresources.instaclustr.com_opensearchusers.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -309,6 +309,32 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - clusterresources.instaclustr.com
+  resources:
+  - opensearchusers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - clusterresources.instaclustr.com
+  resources:
+  - opensearchusers/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - clusterresources.instaclustr.com
+  resources:
+  - opensearchusers/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - clusterresources.instaclustr.com
   resources:

diff --git a/config/samples/clusterresources_v1alpha1_opensearchuser.yaml b/config/samples/clusterresources_v1alpha1_opensearchuser.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: test-secret-1
+data:
+  username: dGVzdC11c2VyLTEK # test-user-1
+  password: VGVzdFBhc3MxMjMhCg== # TestPass123!
+---
+apiVersion: clusterresources.instaclustr.com/v1alpha1
+kind: OpenSearchUser
+metadata:
+  name: test-user-1
+spec:
+  secretRef:
+    name: "test-secret-1"
+    namespace: "default"
diff --git a/config/samples/clusters_v1alpha1_opensearch.yaml b/config/samples/clusters_v1alpha1_opensearch.yaml
@@ -14,6 +14,9 @@ spec:
   alertingPlugin: false
   anomalyDetectionPlugin: false
   asynchronousSearchPlugin: false
+#  userRef:
+#    name: "test-user-1"
+#    namespace: "default"
   clusterManagerNodes:
     - dedicatedManager: false
       nodeSize: SRH-DEV-t4g.small-5
@@ -37,7 +40,7 @@ spec:
 #    - nodeSize: SRH-DEV-t4g.small-5
 #      oidcProvider: ''
 #      version: opensearch-dashboards:2.5.0
-  version: 2.5.0
+  version: 2.7.0
   pciCompliance: false
   privateNetworkCluster: false
   reportingPlugin: false

diff --git a/controllers/clusterresources/cassandrauser_controller.go b/controllers/clusterresources/cassandrauser_controller.go
@@ -132,7 +132,7 @@ func (r *CassandraUserReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 	if u.Status.ClusterID != "" && u.Status.State != models.Created {
 		patch := u.NewPatch()
 
-		username, password, err := r.getUserCreds(s)
+		username, password, err := getUserCreds(s)
 		if err != nil {
 			l.Error(err, "Cannot get user credentials", "user", u.Name)
 			r.EventRecorder.Eventf(u, models.Warning, models.CreatingEvent,
@@ -204,24 +204,13 @@ func (r *CassandraUserReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 	return models.ExitReconcile, nil
 }
 
-func (r *CassandraUserReconciler) getUserCreds(secret *k8sCore.Secret) (username, password string, err error) {
-	password = string(secret.Data["password"])
-	username = string(secret.Data["username"])
-
-	if len(username) == 0 || len(password) == 0 {
-		return "", "", models.ErrMissingSecretKeys
-	}
-
-	return username[:len(username)-1], password[:len(password)-1], nil
-}
-
 func (r *CassandraUserReconciler) handleDeleteUser(
 	ctx context.Context,
 	l logr.Logger,
 	s *k8sCore.Secret,
 	u *clusterresourcesv1alpha1.CassandraUser,
 ) error {
-	username, _, err := r.getUserCreds(s)
+	username, _, err := getUserCreds(s)
 	if err != nil {
 		l.Error(err, "Cannot get user credentials", "user", u.Name)
 		r.EventRecorder.Eventf(u, models.Warning, models.CreatingEvent,