|
| 1 | +package bucketaccessrequest |
| 2 | + |
| 3 | +import ( |
| 4 | + "context" |
| 5 | + |
| 6 | + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" |
| 7 | + |
| 8 | + "github.com/kubernetes-sigs/container-object-storage-interface-api/apis/objectstorage.k8s.io/v1alpha1" |
| 9 | + bucketclientset "github.com/kubernetes-sigs/container-object-storage-interface-api/clientset" |
| 10 | + bucketcontroller "github.com/kubernetes-sigs/container-object-storage-interface-api/controller" |
| 11 | + "github.com/kubernetes-sigs/container-object-storage-interface-controller/pkg/util" |
| 12 | + kubeclientset "k8s.io/client-go/kubernetes" |
| 13 | + |
| 14 | + "github.com/golang/glog" |
| 15 | +) |
| 16 | + |
| 17 | +type bucketAccessRequestListener struct { |
| 18 | + kubeClient kubeclientset.Interface |
| 19 | + bucketClient bucketclientset.Interface |
| 20 | +} |
| 21 | + |
| 22 | +func NewListener() bucketcontroller.BucketAccessRequestListener { |
| 23 | + return &bucketAccessRequestListener{} |
| 24 | +} |
| 25 | + |
| 26 | +func (b *bucketAccessRequestListener) InitializeKubeClient(k kubeclientset.Interface) { |
| 27 | + b.kubeClient = k |
| 28 | +} |
| 29 | + |
| 30 | +func (b *bucketAccessRequestListener) InitializeBucketClient(bc bucketclientset.Interface) { |
| 31 | + b.bucketClient = bc |
| 32 | +} |
| 33 | + |
| 34 | +func (b *bucketAccessRequestListener) Add(ctx context.Context, obj *v1alpha1.BucketAccessRequest) error { |
| 35 | + glog.V(1).Infof("add called for bucketaccessrequest %s", obj.Name) |
| 36 | + bucketAccessRequest := obj |
| 37 | + |
| 38 | + err := b.provisionBucketAccess(ctx, bucketAccessRequest) |
| 39 | + if err != nil { |
| 40 | + // Provisioning is 100% finished / not in progress. |
| 41 | + switch err { |
| 42 | + case util.ErrInvalidBucketAccessClass: |
| 43 | + glog.V(5).Infof("Bucket access class specified does not exist. Stop provisioning, removing bucket access request %s from bucket access requests in progress", bucketAccessRequest.UID) |
| 44 | + err = nil |
| 45 | + case util.ErrBucketAccessAlreadyExists: |
| 46 | + glog.V(5).Infof("Bucket access already exist for this bucket request. Stop provisioning, removing bucket access request %s from bucket access requests in progress", bucketAccessRequest.UID) |
| 47 | + err = nil |
| 48 | + default: |
| 49 | + glog.V(2).Infof("Final error received, removing bucket access request %s from bucket access requests in progress", bucketAccessRequest.Name) |
| 50 | + } |
| 51 | + return err |
| 52 | + } |
| 53 | + |
| 54 | + glog.V(5).Infof("BucketAccessRequest processing succeeded, removing bucket access request %s from bucket access requests in progress", bucketAccessRequest.Name) |
| 55 | + return nil |
| 56 | +} |
| 57 | + |
| 58 | +func (b *bucketAccessRequestListener) Update(ctx context.Context, old, new *v1alpha1.BucketAccessRequest) error { |
| 59 | + glog.V(1).Infof("update called for bucket %v", old) |
| 60 | + return nil |
| 61 | +} |
| 62 | + |
| 63 | +func (b *bucketAccessRequestListener) Delete(ctx context.Context, obj *v1alpha1.BucketAccessRequest) error { |
| 64 | + glog.V(1).Infof("delete called for bucket %v", obj) |
| 65 | + return nil |
| 66 | +} |
| 67 | + |
| 68 | +// provisionBucketAccess attempts to provision a BucketAccess for the given bucketAccessRequest. |
| 69 | +// Returns nil error only when the bucketaccess was provisioned. An error is return if we cannot create bucket access. |
| 70 | +// A normal error is returned when bucket acess was not provisioned and provisioning should be retried (requeue the bucketAccessRequest), |
| 71 | +// or a special error errBucketAccessAlreadyExists, errInvalidBucketAccessClass is returned when provisioning was impossible and |
| 72 | +// no further attempts to provision should be tried. |
| 73 | +func (b *bucketAccessRequestListener) provisionBucketAccess(ctx context.Context, bucketAccessRequest *v1alpha1.BucketAccessRequest) error { |
| 74 | + bucketAccessClassName := bucketAccessRequest.Spec.BucketAccessClassName |
| 75 | + |
| 76 | + bucketaccess := b.FindBucketAccess(ctx, bucketAccessRequest) |
| 77 | + if bucketaccess != nil { |
| 78 | + // bucketaccess has provisioned, nothing to do. |
| 79 | + return util.ErrBucketAccessAlreadyExists |
| 80 | + } |
| 81 | + |
| 82 | + bucketAccessClass, err := b.bucketClient.ObjectstorageV1alpha1().BucketAccessClasses().Get(ctx, bucketAccessClassName, metav1.GetOptions{}) |
| 83 | + if bucketAccessClass == nil { |
| 84 | + // bucket access class is invalid or not specified, cannot continue with provisioning. |
| 85 | + return util.ErrInvalidBucketAccessClass |
| 86 | + } |
| 87 | + |
| 88 | + bucketRequest, err := b.bucketClient.ObjectstorageV1alpha1().BucketRequests(bucketAccessRequest.Namespace).Get(ctx, bucketAccessRequest.Spec.BucketRequestName, metav1.GetOptions{}) |
| 89 | + if bucketRequest == nil { |
| 90 | + // bucket request does not exist, we have to reject this provision. |
| 91 | + return util.ErrInvalidBucketRequest |
| 92 | + } |
| 93 | + if err != nil { |
| 94 | + return err |
| 95 | + } |
| 96 | + |
| 97 | + if bucketRequest.Spec.BucketInstanceName == "" { |
| 98 | + return util.ErrWaitForBucketProvisioning |
| 99 | + } |
| 100 | + |
| 101 | + bucketaccess = &v1alpha1.BucketAccess{} |
| 102 | + bucketaccess.Name = util.GetUUID() |
| 103 | + |
| 104 | + bucketaccess.Spec.BucketInstanceName = bucketRequest.Spec.BucketInstanceName |
| 105 | + bucketaccess.Spec.BucketAccessRequest = bucketAccessRequest.Name |
| 106 | + bucketaccess.Spec.ServiceAccount = bucketAccessRequest.Spec.ServiceAccountName |
| 107 | + // bucketaccess.Spec.MintedSecretName - set by the driver |
| 108 | + bucketaccess.Spec.PolicyActionsConfigMapData, err = util.ReadConfigData(b.kubeClient, bucketAccessClass.PolicyActionsConfigMap) |
| 109 | + if err != nil { |
| 110 | + return err |
| 111 | + } |
| 112 | + // bucketaccess.Spec.Principal - set by the driver |
| 113 | + |
| 114 | + bucketaccess.Spec.Provisioner = bucketAccessClass.Provisioner |
| 115 | + bucketaccess.Spec.Parameters = util.CopySS(bucketAccessClass.Parameters) |
| 116 | + |
| 117 | + bucketaccess, err = b.bucketClient.ObjectstorageV1alpha1().BucketAccesses().Create(context.Background(), bucketaccess, metav1.CreateOptions{}) |
| 118 | + if err != nil { |
| 119 | + return err |
| 120 | + } |
| 121 | + |
| 122 | + glog.Infof("Finished providioning bucket access for %v", bucketAccessRequest.Name) |
| 123 | + return nil |
| 124 | +} |
| 125 | + |
| 126 | +func (b *bucketAccessRequestListener) FindBucketAccess(ctx context.Context, bar *v1alpha1.BucketAccessRequest) *v1alpha1.BucketAccess { |
| 127 | + bucketAccessList, err := b.bucketClient.ObjectstorageV1alpha1().BucketAccesses().List(ctx, metav1.ListOptions{}) |
| 128 | + if err != nil || len(bucketAccessList.Items) <= 0 { |
| 129 | + return nil |
| 130 | + } |
| 131 | + for _, bucketaccess := range bucketAccessList.Items { |
| 132 | + if bucketaccess.Spec.BucketAccessRequest == bar.Name { |
| 133 | + return &bucketaccess |
| 134 | + } |
| 135 | + } |
| 136 | + return nil |
| 137 | +} |
0 commit comments