From a8ee948ab2f554a1cf8f55409fde83bd22e8b52b Mon Sep 17 00:00:00 2001 From: Nitin Goyal Date: Wed, 29 May 2024 16:23:37 +0530 Subject: [PATCH] noobaa: provide denyHTTP option to NooBaa CR Signed-off-by: Nitin Goyal --- api/v1/storagecluster_types.go | 4 ++++ config/crd/bases/ocs.openshift.io_storageclusters.yaml | 4 ++++ controllers/storagecluster/noobaa_system_reconciler.go | 2 ++ .../crds/ocs/ocs.openshift.io_storageclusters.yaml | 4 ++++ deploy/ocs-operator/manifests/storagecluster.crd.yaml | 4 ++++ .../ocs-operator/api/v4/v1/storagecluster_types.go | 4 ++++ .../ocs-operator/api/v4/v1/storagecluster_types.go | 4 ++++ 7 files changed, 26 insertions(+) diff --git a/api/v1/storagecluster_types.go b/api/v1/storagecluster_types.go index a576d64a34..caf16d3ff9 100644 --- a/api/v1/storagecluster_types.go +++ b/api/v1/storagecluster_types.go @@ -411,6 +411,10 @@ type MultiCloudGatewaySpec struct { // Allows Noobaa to connect to an external Postgres server // +optional ExternalPgConfig *ExternalPGSpec `json:"externalPgConfig,omitempty"` + + // DenyHTTP (optional) if given will deny access to the NooBaa S3 service using HTTP (only HTTPS) + // +optional + DenyHTTP bool `json:"denyHTTP,omitempty"` } type ExternalPGSpec struct { diff --git a/config/crd/bases/ocs.openshift.io_storageclusters.yaml b/config/crd/bases/ocs.openshift.io_storageclusters.yaml index 6b94c99c7f..303f7daa55 100644 --- a/config/crd/bases/ocs.openshift.io_storageclusters.yaml +++ b/config/crd/bases/ocs.openshift.io_storageclusters.yaml @@ -2254,6 +2254,10 @@ spec: description: DbStorageClassName specifies the default storage class for nooba-db pods type: string + denyHTTP: + description: DenyHTTP (optional) if given will deny access to + the NooBaa S3 service using HTTP (only HTTPS) + type: boolean disableLoadBalancerService: description: DisableLoadBalancerService (optional) sets the service type to ClusterIP instead of LoadBalancer diff --git a/controllers/storagecluster/noobaa_system_reconciler.go b/controllers/storagecluster/noobaa_system_reconciler.go index 99fd223913..561011af8b 100644 --- a/controllers/storagecluster/noobaa_system_reconciler.go +++ b/controllers/storagecluster/noobaa_system_reconciler.go @@ -183,6 +183,8 @@ func (r *StorageClusterReconciler) setNooBaaDesiredState(nb *nbv1.NooBaa, sc *oc // Override with MCG options specified in the storage cluster spec if sc.Spec.MultiCloudGateway != nil { + nb.Spec.DenyHTTP = sc.Spec.MultiCloudGateway.DenyHTTP + dbStorageClass := sc.Spec.MultiCloudGateway.DbStorageClassName if dbStorageClass != "" { nb.Spec.DBStorageClass = &dbStorageClass diff --git a/deploy/csv-templates/crds/ocs/ocs.openshift.io_storageclusters.yaml b/deploy/csv-templates/crds/ocs/ocs.openshift.io_storageclusters.yaml index 6b94c99c7f..303f7daa55 100644 --- a/deploy/csv-templates/crds/ocs/ocs.openshift.io_storageclusters.yaml +++ b/deploy/csv-templates/crds/ocs/ocs.openshift.io_storageclusters.yaml @@ -2254,6 +2254,10 @@ spec: description: DbStorageClassName specifies the default storage class for nooba-db pods type: string + denyHTTP: + description: DenyHTTP (optional) if given will deny access to + the NooBaa S3 service using HTTP (only HTTPS) + type: boolean disableLoadBalancerService: description: DisableLoadBalancerService (optional) sets the service type to ClusterIP instead of LoadBalancer diff --git a/deploy/ocs-operator/manifests/storagecluster.crd.yaml b/deploy/ocs-operator/manifests/storagecluster.crd.yaml index bbdc5bd8a2..da4c69c085 100644 --- a/deploy/ocs-operator/manifests/storagecluster.crd.yaml +++ b/deploy/ocs-operator/manifests/storagecluster.crd.yaml @@ -2253,6 +2253,10 @@ spec: description: DbStorageClassName specifies the default storage class for nooba-db pods type: string + denyHTTP: + description: DenyHTTP (optional) if given will deny access to + the NooBaa S3 service using HTTP (only HTTPS) + type: boolean disableLoadBalancerService: description: DisableLoadBalancerService (optional) sets the service type to ClusterIP instead of LoadBalancer diff --git a/metrics/vendor/github.com/red-hat-storage/ocs-operator/api/v4/v1/storagecluster_types.go b/metrics/vendor/github.com/red-hat-storage/ocs-operator/api/v4/v1/storagecluster_types.go index a576d64a34..caf16d3ff9 100644 --- a/metrics/vendor/github.com/red-hat-storage/ocs-operator/api/v4/v1/storagecluster_types.go +++ b/metrics/vendor/github.com/red-hat-storage/ocs-operator/api/v4/v1/storagecluster_types.go @@ -411,6 +411,10 @@ type MultiCloudGatewaySpec struct { // Allows Noobaa to connect to an external Postgres server // +optional ExternalPgConfig *ExternalPGSpec `json:"externalPgConfig,omitempty"` + + // DenyHTTP (optional) if given will deny access to the NooBaa S3 service using HTTP (only HTTPS) + // +optional + DenyHTTP bool `json:"denyHTTP,omitempty"` } type ExternalPGSpec struct { diff --git a/vendor/github.com/red-hat-storage/ocs-operator/api/v4/v1/storagecluster_types.go b/vendor/github.com/red-hat-storage/ocs-operator/api/v4/v1/storagecluster_types.go index a576d64a34..caf16d3ff9 100644 --- a/vendor/github.com/red-hat-storage/ocs-operator/api/v4/v1/storagecluster_types.go +++ b/vendor/github.com/red-hat-storage/ocs-operator/api/v4/v1/storagecluster_types.go @@ -411,6 +411,10 @@ type MultiCloudGatewaySpec struct { // Allows Noobaa to connect to an external Postgres server // +optional ExternalPgConfig *ExternalPGSpec `json:"externalPgConfig,omitempty"` + + // DenyHTTP (optional) if given will deny access to the NooBaa S3 service using HTTP (only HTTPS) + // +optional + DenyHTTP bool `json:"denyHTTP,omitempty"` } type ExternalPGSpec struct {