Add listener volume scope for secret volume builders (#858)

nightkr · web-flow · commit 04f3b1171972 · 2024-09-09T11:14:46.000Z
* Add listener volume scope for secret volume builders See https://docs.stackable.tech/home/stable/secret-operator/scope#listener-volume * changelog * remove duplicated link * Because I'm dumb and linked to the wrong PR * Fix old changelog formatting errors
diff --git a/crates/stackable-operator/CHANGELOG.md b/crates/stackable-operator/CHANGELOG.md
@@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file.
 ### Added
 
 - Add `Hostname` and `KerberosRealmName` types extracted from secret-operator ([#851]).
+- Add support for listener volume scopes to `SecretOperatorVolumeSourceBuilder` ([#858]).
 
 ### Changed
 
@@ -20,6 +21,7 @@ All notable changes to this project will be documented in this file.
 [#846]: https://github.com/stackabletech/operator-rs/pull/846
 [#851]: https://github.com/stackabletech/operator-rs/pull/851
 [#855]: https://github.com/stackabletech/operator-rs/pull/855
+[#858]: https://github.com/stackabletech/operator-rs/pull/858
 
 ## [0.74.0] - 2024-08-22
 
@@ -72,7 +74,6 @@ All notable changes to this project will be documented in this file.
 
 [#821]: https://github.com/stackabletech/operator-rs/pull/821
 [#827]: https://github.com/stackabletech/operator-rs/pull/827
-[#840]: https://github.com/stackabletech/operator-rs/pull/840
 
 ## [0.71.0] - 2024-07-29
 
@@ -516,9 +517,6 @@ Only rust documentation was changed.
 - `PodListeners` CRD ([#644]).
 - Add support for tls pkcs12 password to secret operator volume builder ([#645]).
 
-[#644]: https://github.com/stackabletech/operator-rs/pull/644
-[#645]: https://github.com/stackabletech/operator-rs/pull/645
-
 ### Changed
 
 - Derive `Eq` and `Copy` where applicable for listener CRDs ([#644]).
@@ -1185,7 +1183,7 @@ This is a rerelease of 0.25.1 which some last-minute incompatible API changes to
 
 ### Changed
 
-- BREAKING: kube 0.68 -> 0.69.1 ([#319, [#322]]).
+- BREAKING: kube 0.68 -> 0.69.1 ([#319], [#322]).
 
 ### Removed
 
diff --git a/crates/stackable-operator/src/builder/pod/volume.rs b/crates/stackable-operator/src/builder/pod/volume.rs
@@ -309,6 +309,12 @@ impl SecretOperatorVolumeSourceBuilder {
         self
     }
 
+    pub fn with_listener_volume_scope(&mut self, name: impl Into<String>) -> &mut Self {
+        self.scopes
+            .push(SecretOperatorVolumeScope::ListenerVolume { name: name.into() });
+        self
+    }
+
     pub fn with_format(&mut self, format: SecretFormat) -> &mut Self {
         self.format = Some(format);
         self
@@ -394,6 +400,7 @@ pub enum SecretOperatorVolumeScope {
     Node,
     Pod,
     Service { name: String },
+    ListenerVolume { name: String },
 }
 
 /// Reference to a listener class or listener name
diff --git a/crates/stackable-operator/src/commons/secret_class.rs b/crates/stackable-operator/src/commons/secret_class.rs
@@ -52,6 +52,9 @@ impl SecretClassVolume {
             for service in &scope.services {
                 secret_operator_volume_builder.with_service_scope(service);
             }
+            for listener_volume in &scope.listener_volumes {
+                secret_operator_volume_builder.with_listener_volume_scope(listener_volume);
+            }
         }
 
         secret_operator_volume_builder
@@ -84,6 +87,11 @@ pub struct SecretClassVolumeScope {
     /// This should typically correspond to Service objects that the Pod participates in.
     #[serde(default)]
     pub services: Vec<String>,
+
+    /// The listener volume scope allows Node and Service scopes to be inferred from the applicable listeners.
+    /// This must correspond to Volume names in the Pod that mount Listeners.
+    #[serde(default)]
+    pub listener_volumes: Vec<String>,
 }
 
 #[cfg(test)]
@@ -99,6 +107,7 @@ mod tests {
                 pod: true,
                 node: false,
                 services: vec!["myservice".to_string()],
+                listener_volumes: vec!["mylistener".to_string()],
             }),
         }
         .to_ephemeral_volume_source()
@@ -111,7 +120,7 @@ mod tests {
             ),
             (
                 "secrets.stackable.tech/scope".to_string(),
-                "pod,service=myservice".to_string(),
+                "pod,service=myservice,listener-volume=mylistener".to_string(),
             ),
         ]);
 
diff --git a/crates/stackable-operator/src/kvp/annotation/mod.rs b/crates/stackable-operator/src/kvp/annotation/mod.rs
@@ -104,6 +104,10 @@ impl Annotation {
                     value.push_str("service=");
                     value.push_str(name);
                 }
+                SecretOperatorVolumeScope::ListenerVolume { name } => {
+                    value.push_str("listener-volume=");
+                    value.push_str(name);
+                }
             }
         }
 

Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,10 @@ impl Annotation {`
`104`	`104`	`value.push_str("service=");`
`105`	`105`	`value.push_str(name);`
`106`	`106`	`}`
	`107`	`+ SecretOperatorVolumeScope::ListenerVolume { name } => {`
	`108`	`+ value.push_str("listener-volume=");`
	`109`	`+ value.push_str(name);`
	`110`	`+ }`
`107`	`111`	`}`
`108`	`112`	`}`
`109`	`113`