support envFrom in sidecar (minio#2279)

ramondeklein · Aug 26, 2024 · b9ee606 · b9ee606
1 parent 5f6e5cf
commit b9ee606
Show file tree

Hide file tree

Showing 6 changed files with 180 additions and 84 deletions.
diff --git a/pkg/resources/statefulsets/minio-statefulset.go b/pkg/resources/statefulsets/minio-statefulset.go
@@ -786,8 +786,6 @@ func getSideCarContainer(t *miniov2.Tenant, pool *miniov2.Pool) corev1.Container
 			"sidecar",
 			"--tenant",
 			t.Name,
-			"--config-name",
-			t.Spec.Configuration.Name,
 		},
 		Env: []corev1.EnvVar{
 			{

diff --git a/sidecar/cmd/sidecar/sidecar.go b/sidecar/cmd/sidecar/sidecar.go
@@ -36,11 +36,6 @@ var sidecarCmd = cli.Command{
 			Value: "",
 			Usage: "name of tenant being validated",
 		},
-		cli.StringFlag{
-			Name:  "config-name",
-			Value: "",
-			Usage: "secret being watched",
-		},
 	},
 }
 
@@ -50,10 +45,5 @@ func startSideCar(ctx *cli.Context) {
 		log.Println("Must pass --tenant flag")
 		os.Exit(1)
 	}
-	configName := ctx.String("config-name")
-	if configName == "" {
-		log.Println("Must pass --config-name flag")
-		os.Exit(1)
-	}
-	sidecar.StartSideCar(tenantName, configName)
+	sidecar.StartSideCar(tenantName)
 }
diff --git a/pkg/configuration/tenant_configuration.go → ...pkg/configuration/tenant_configuration.go b/pkg/configuration/tenant_configuration.go → ...pkg/configuration/tenant_configuration.go
@@ -17,8 +17,12 @@
 package configuration
 
 import (
+	"context"
+	"errors"
 	"fmt"
+	"log"
 	"sort"
+	"strconv"
 	"strings"
 
 	miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2"
@@ -31,27 +35,67 @@ const (
 	bucketDNSEnv = "MINIO_DNS_WEBHOOK_ENDPOINT"
 )
 
+type (
+	secretFunc func(ctx context.Context, name string) (*corev1.Secret, error)
+	configFunc func(ctx context.Context, name string) (*corev1.ConfigMap, error)
+)
+
+func TenantResources(ctx context.Context, tenant *miniov2.Tenant, cf configFunc, sf secretFunc) (map[string]*corev1.ConfigMap, map[string]*corev1.Secret, error) {
+	configMaps := make(map[string]*corev1.ConfigMap)
+	secrets := make(map[string]*corev1.Secret)
+
+	for _, env := range tenant.Spec.Env {
+		if env.ValueFrom != nil {
+			if env.ValueFrom.SecretKeyRef != nil {
+				secret, err := sf(ctx, env.ValueFrom.SecretKeyRef.Name)
+				if err != nil {
+					return nil, nil, err
+				}
+				secrets[env.ValueFrom.SecretKeyRef.Name] = secret
+			}
+			if env.ValueFrom.ConfigMapKeyRef != nil {
+				configmap, err := cf(ctx, env.ValueFrom.ConfigMapKeyRef.Name)
+				if err != nil {
+					return nil, nil, err
+				}
+				configMaps[env.ValueFrom.ConfigMapKeyRef.Name] = configmap
+			}
+			if env.ValueFrom.FieldRef != nil {
+				return nil, nil, errors.New("mapping fields is not supported")
+			}
+			if env.ValueFrom.ResourceFieldRef != nil {
+				return nil, nil, errors.New("mapping resource fields is not supported")
+			}
+		}
+	}
+
+	secret, err := sf(ctx, tenant.Spec.Configuration.Name)
+	if err != nil {
+		return nil, nil, err
+	}
+	secrets[tenant.Spec.Configuration.Name] = secret
+
+	return configMaps, secrets, nil
+}
+
 // GetFullTenantConfig returns the full configuration for the tenant considering the secret and the tenant spec
-func GetFullTenantConfig(tenant *miniov2.Tenant, configSecret *corev1.Secret) (string, bool, bool) {
+func GetFullTenantConfig(tenant *miniov2.Tenant, configMaps map[string]*corev1.ConfigMap, secrets map[string]*corev1.Secret) (string, bool, bool) {
+	configSecret := secrets[tenant.Spec.Configuration.Name]
+
 	seededVars := parseConfEnvSecret(configSecret)
 	rootUserFound := false
 	rootPwdFound := false
 	for _, env := range seededVars {
-		if env.Name == "MINIO_ROOT_USER" {
+		if env.Name == "MINIO_ROOT_USER" || env.Name == "MINIO_ACCESS_KEY" {
 			rootUserFound = true
 		}
-		if env.Name == "MINIO_ACCESS_KEY" {
-			rootUserFound = true
-		}
-		if env.Name == "MINIO_ROOT_PASSWORD" {
-			rootPwdFound = true
-		}
-		if env.Name == "MINIO_SECRET_KEY" {
+		if env.Name == "MINIO_ROOT_PASSWORD" || env.Name == "MINIO_SECRET_KEY" {
 			rootPwdFound = true
 		}
 	}
+
 	compiledConfig := buildTenantEnvs(tenant, seededVars)
-	configurationFileContent := envVarsToFileContent(compiledConfig)
+	configurationFileContent := envVarsToFileContent(compiledConfig, configMaps, secrets)
 	return configurationFileContent, rootUserFound, rootPwdFound
 }
 
@@ -70,12 +114,15 @@ func parseConfEnvSecret(secret *corev1.Secret) map[string]corev1.EnvVar {
 			parts := strings.SplitN(line, "=", 2)
 			if len(parts) == 2 {
 				name := strings.TrimSpace(parts[0])
-				value := strings.Trim(strings.TrimSpace(parts[1]), "\"")
-				envVar := corev1.EnvVar{
+				value, err := strconv.Unquote(strings.TrimSpace(parts[1]))
+				if err != nil {
+					log.Printf("Syntax error for variable %s (skipped): %s", name, err)
+					continue
+				}
+				envMap[name] = corev1.EnvVar{
 					Name:  name,
 					Value: value,
 				}
-				envMap[name] = envVar
 			}
 		}
 	}
@@ -234,10 +281,19 @@ func buildTenantEnvs(tenant *miniov2.Tenant, cfgEnvExisting map[string]corev1.En
 	return envVars
 }
 
-func envVarsToFileContent(envVars []corev1.EnvVar) string {
-	content := ""
+func envVarsToFileContent(envVars []corev1.EnvVar, configMaps map[string]*corev1.ConfigMap, secrets map[string]*corev1.Secret) string {
+	var sb strings.Builder
 	for _, env := range envVars {
-		content += fmt.Sprintf("export %s=\"%s\"\n", env.Name, env.Value)
+		value := env.Value
+		if env.ValueFrom != nil {
+			if env.ValueFrom.ConfigMapKeyRef != nil {
+				value = configMaps[env.ValueFrom.ConfigMapKeyRef.Name].Data[env.ValueFrom.ConfigMapKeyRef.Key]
+			}
+			if env.ValueFrom.SecretKeyRef != nil {
+				value = string(secrets[env.ValueFrom.SecretKeyRef.Name].Data[env.ValueFrom.SecretKeyRef.Key])
+			}
+		}
+		sb.WriteString(fmt.Sprintf("export %s=\"%s\"\n", env.Name, value))
 	}
-	return content
+	return sb.String()
 }
diff --git a/...onfiguration/tenant_configuration_test.go → ...onfiguration/tenant_configuration_test.go b/...onfiguration/tenant_configuration_test.go → ...onfiguration/tenant_configuration_test.go
@@ -67,7 +67,7 @@ export MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRy
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := envVarsToFileContent(tt.args.envVars); got != tt.want {
+			if got := envVarsToFileContent(tt.args.envVars, nil, nil); got != tt.want {
 				t.Errorf("envVarsToFileContent() = `%v`, want `%v`", got, tt.want)
 			}
 		})
@@ -377,7 +377,12 @@ export TEST="value"
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			tt.args.tenant.EnsureDefaults()
-			if got, _, _ := GetFullTenantConfig(tt.args.tenant, tt.args.configSecret); got != tt.want {
+
+			var configMaps map[string]*corev1.ConfigMap
+			secrets := map[string]*corev1.Secret{
+				tt.args.tenant.ConfigurationSecretName(): tt.args.configSecret,
+			}
+			if got, _, _ := GetFullTenantConfig(tt.args.tenant, configMaps, secrets); got != tt.want {
 				t.Errorf("GetFullTenantConfig() = `%v`, want `%v`", got, tt.want)
 			}
 		})