-
Notifications
You must be signed in to change notification settings - Fork 2.7k
/
object_user.go
122 lines (105 loc) · 4.61 KB
/
object_user.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
/*
Copyright 2018 The Rook Authors. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package clients
import (
"context"
b64 "encoding/base64"
"fmt"
"strings"
"github.com/rook/rook/pkg/daemon/ceph/client"
rgw "github.com/rook/rook/pkg/operator/ceph/object"
"github.com/rook/rook/tests/framework/installer"
"github.com/rook/rook/tests/framework/utils"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// ObjectUserOperation is wrapper for k8s rook object user operations
type ObjectUserOperation struct {
k8sh *utils.K8sHelper
manifests installer.CephManifests
}
var (
// #nosec G101 since this is not leaking any hardcoded credentials, it's just prefix for the secret name
objectStoreUserSecretPrefix = "rook-ceph-object-user-"
)
// CreateObjectUserOperation creates new rook object user client
func CreateObjectUserOperation(k8sh *utils.K8sHelper, manifests installer.CephManifests) *ObjectUserOperation {
return &ObjectUserOperation{k8sh, manifests}
}
// ObjectUserGet Function to get the details of an object user from radosgw
func (o *ObjectUserOperation) GetUser(namespace string, store string, userid string) (*rgw.ObjectUser, error) {
ctx := o.k8sh.MakeContext()
clusterInfo := client.AdminTestClusterInfo(namespace)
objectStore, err := o.k8sh.RookClientset.CephV1().CephObjectStores(namespace).Get(context.TODO(), store, metav1.GetOptions{})
if err != nil {
return nil, fmt.Errorf("failed to get objectstore info: %+v", err)
}
rgwcontext, err := rgw.NewMultisiteContext(ctx, clusterInfo, objectStore)
if err != nil {
return nil, fmt.Errorf("failed to get RGW context: %+v", err)
}
userinfo, _, err := rgw.GetUser(rgwcontext, userid)
if err != nil {
return nil, fmt.Errorf("failed to get user info: %+v", err)
}
return userinfo, nil
}
// UserSecretExists Function to check that user secret was created
func (o *ObjectUserOperation) UserSecretExists(namespace string, store string, userid string) bool {
message, err := o.k8sh.GetResource("-n", namespace, "secrets", "-l", "rook_object_store="+store, "-l", "user="+userid)
//GetResource(blah) returns success if blah is or is not found.
//err = success and found_sec not "No resources found." means it was found
//err = success and found_sec contains "No resources found." means it was not found
//err != success is an other error
if err == nil && !strings.Contains(message, "No resources found") {
logger.Infof("Object User Secret Exists")
return true
}
logger.Infof("Unable to find user secret")
return false
}
// ObjectUserCreate Function to create a object store user in rook
func (o *ObjectUserOperation) Create(userid, displayName, store, usercaps, maxsize string, maxbuckets, maxobjects int) error {
logger.Infof("creating the object store user via CRD")
if err := o.k8sh.ResourceOperation("apply", o.manifests.GetObjectStoreUser(userid, displayName, store, usercaps, maxsize, maxbuckets, maxobjects)); err != nil {
return err
}
return nil
}
func (o *ObjectUserOperation) Delete(namespace string, userid string) error {
logger.Infof("Deleting the object store user via CRD")
if err := o.k8sh.DeleteResource("-n", namespace, "CephObjectStoreUser", userid); err != nil {
return err
}
return nil
}
// Fetch SecretKey, AccessKey for s3 client.
func (o *ObjectUserOperation) GetAccessKey(namespace, store, userid string) (string, error) {
SecretName := objectStoreUserSecretPrefix + store + "-" + userid
args := []string{"-n", namespace, "get", "secret", SecretName, "-o", "jsonpath={@.data.AccessKey}"}
AccessKey, err := o.k8sh.Kubectl(args...)
if err != nil {
return "", fmt.Errorf("Unable to find access key -- %s", err)
}
decode, _ := b64.StdEncoding.DecodeString(AccessKey)
return string(decode), nil
}
func (o *ObjectUserOperation) GetSecretKey(namespace, store, userid string) (string, error) {
SecretName := objectStoreUserSecretPrefix + store + "-" + userid
args := []string{"-n", namespace, "get", "secret", SecretName, "-o", "jsonpath={@.data.SecretKey}"}
SecretKey, err := o.k8sh.Kubectl(args...)
if err != nil {
return "", fmt.Errorf("Unable to find secret key-- %s", err)
}
decode, _ := b64.StdEncoding.DecodeString(SecretKey)
return string(decode), nil
}