From fdb0b0360b7ab52774150bda7c8b2d26c4d67083 Mon Sep 17 00:00:00 2001 From: Leela Venkaiah G Date: Fri, 19 Apr 2024 09:57:01 +0530 Subject: [PATCH 1/2] Revert "ux: generated code/manifests" This reverts commit 629351adafbcf527810ad6197482b9c2d0630d00. Signed-off-by: Leela Venkaiah G --- .../manifests/ocs-operator.clusterserviceversion.yaml | 4 ---- deploy/ocs-operator/manifests/ux_backend_role.yaml | 8 -------- 2 files changed, 12 deletions(-) diff --git a/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml b/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml index 83095bed03..10272e09c5 100644 --- a/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml +++ b/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml @@ -680,10 +680,6 @@ spec: - name: ONBOARDING_TOKEN_LIFETIME - name: UX_BACKEND_PORT - name: TLS_ENABLED - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace image: quay.io/ocs-dev/ocs-operator:latest imagePullPolicy: IfNotPresent name: ux-backend-server diff --git a/deploy/ocs-operator/manifests/ux_backend_role.yaml b/deploy/ocs-operator/manifests/ux_backend_role.yaml index 5f1bbd7f9d..f89b32672e 100644 --- a/deploy/ocs-operator/manifests/ux_backend_role.yaml +++ b/deploy/ocs-operator/manifests/ux_backend_role.yaml @@ -14,11 +14,3 @@ rules: verbs: - get - list -- apiGroups: - - "" - resources: - - secrets - resourceNames: - - onboarding-ticket-key - verbs: - - delete From a209a0351ce77fe9aaafede17706752a44869e82 Mon Sep 17 00:00:00 2001 From: Leela Venkaiah G Date: Fri, 19 Apr 2024 10:00:05 +0530 Subject: [PATCH 2/2] Revert "ux: implement rotating keys api" This reverts commit 015e679c419e4c938fca788778ae258bdfb40f18. Signed-off-by: Leela Venkaiah G --- rbac/ux_backend_role.yaml | 8 --- services/ux-backend/handlers/common.go | 18 ------ .../ux-backend/handlers/rotatekeys/handler.go | 62 ------------------- services/ux-backend/main.go | 27 -------- tools/csv-merger/csv-merger.go | 8 --- 5 files changed, 123 deletions(-) delete mode 100644 services/ux-backend/handlers/rotatekeys/handler.go diff --git a/rbac/ux_backend_role.yaml b/rbac/ux_backend_role.yaml index 5f1bbd7f9d..f89b32672e 100644 --- a/rbac/ux_backend_role.yaml +++ b/rbac/ux_backend_role.yaml @@ -14,11 +14,3 @@ rules: verbs: - get - list -- apiGroups: - - "" - resources: - - secrets - resourceNames: - - onboarding-ticket-key - verbs: - - delete diff --git a/services/ux-backend/handlers/common.go b/services/ux-backend/handlers/common.go index fb34e83171..b262ca7c8a 100644 --- a/services/ux-backend/handlers/common.go +++ b/services/ux-backend/handlers/common.go @@ -1,23 +1,5 @@ package handlers -import ( - "os" -) - const ( ContentTypeTextPlain = "text/plain" ) - -var namespace string - -// returns namespace found in env value, will panic if value is empty -func GetPodNamespace() string { - if namespace != "" { - return namespace - } - if ns := os.Getenv("POD_NAMESPACE"); ns != "" { - namespace = ns - return namespace - } - panic("Value for env var 'POD_NAMESPACE' is empty") -} diff --git a/services/ux-backend/handlers/rotatekeys/handler.go b/services/ux-backend/handlers/rotatekeys/handler.go deleted file mode 100644 index 0605693c5f..0000000000 --- a/services/ux-backend/handlers/rotatekeys/handler.go +++ /dev/null @@ -1,62 +0,0 @@ -package rotatekeys - -import ( - "context" - "fmt" - "net/http" - - "github.com/red-hat-storage/ocs-operator/v4/services/ux-backend/handlers" - corev1 "k8s.io/api/core/v1" - "k8s.io/klog/v2" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -const ( - onboardingValidationPublicKeySecretName = "onboarding-ticket-key" -) - -func HandleMessage(w http.ResponseWriter, r *http.Request, cl client.Client) { - switch r.Method { - case "POST": - handlePost(r.Context(), w, cl) - default: - handleUnsupportedMethod(w, r) - } -} - -func handlePost(ctx context.Context, w http.ResponseWriter, cl client.Client) { - klog.Info("POST method on /rotate-keys endpoint is invoked") - w.Header().Set("Content-Type", handlers.ContentTypeTextPlain) - - publicKeySecret := &corev1.Secret{} - publicKeySecret.Name = onboardingValidationPublicKeySecretName - publicKeySecret.Namespace = handlers.GetPodNamespace() - err := cl.Delete(ctx, publicKeySecret) - if err != nil { - klog.Errorf("failed to delete public key secret: %v", err) - w.WriteHeader(http.StatusInternalServerError) - - // TODO: should we differentiate b/n secret not found and remaining errors? - if _, err = w.Write([]byte("Failed to rotate keys")); err != nil { - klog.Errorf("failed to write data to response writer, %v", err) - } - return - } - - klog.Info("onboarding validation keys are rotated successfully") - w.WriteHeader(http.StatusOK) - if _, err = w.Write([]byte("Successfully rotated keys")); err != nil { - klog.Errorf("failed to write data to response writer, %v", err) - } -} - -func handleUnsupportedMethod(w http.ResponseWriter, r *http.Request) { - klog.Info("Only POST method should be used to send data to this endpoint /rotate-keys") - w.WriteHeader(http.StatusMethodNotAllowed) - w.Header().Set("Content-Type", handlers.ContentTypeTextPlain) - w.Header().Set("Allow", "POST") - - if _, err := w.Write([]byte(fmt.Sprintf("Unsupported method : %s", r.Method))); err != nil { - klog.Errorf("failed to write data to response writer: %v", err) - } -} diff --git a/services/ux-backend/main.go b/services/ux-backend/main.go index 2ff778d812..5651379225 100644 --- a/services/ux-backend/main.go +++ b/services/ux-backend/main.go @@ -10,9 +10,6 @@ import ( "k8s.io/klog/v2" "github.com/red-hat-storage/ocs-operator/v4/services/ux-backend/handlers/onboardingtokens" - "github.com/red-hat-storage/ocs-operator/v4/services/ux-backend/handlers/rotatekeys" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/client/config" ) type serverConfig struct { @@ -54,20 +51,6 @@ func loadAndValidateServerConfig() (*serverConfig, error) { return &config, nil } -func newKubeClient() (client.Client, error) { - cfg, err := config.GetConfig() - if err != nil { - return nil, err - } - - newClient, err := client.New(cfg, client.Options{}) - if err != nil { - return nil, err - } - - return newClient, nil -} - func main() { klog.Info("Starting ux backend server") @@ -78,19 +61,9 @@ func main() { klog.Info("shutting down!") os.Exit(-1) } - - cl, err := newKubeClient() - if err != nil { - klog.Errorf("failed to create kubernetes api client: %v", err) - klog.Exit("shutting down!") - } - http.HandleFunc("/onboarding-tokens", func(w http.ResponseWriter, r *http.Request) { onboardingtokens.HandleMessage(w, r, config.tokenLifetimeInHours) }) - http.HandleFunc("/rotate-keys", func(w http.ResponseWriter, r *http.Request) { - rotatekeys.HandleMessage(w, r, cl) - }) klog.Info("ux backend server listening on port ", config.listenPort) diff --git a/tools/csv-merger/csv-merger.go b/tools/csv-merger/csv-merger.go index 7f62481671..65c2dc30c8 100644 --- a/tools/csv-merger/csv-merger.go +++ b/tools/csv-merger/csv-merger.go @@ -663,14 +663,6 @@ func getUXBackendServerDeployment() appsv1.DeploymentSpec { Name: "TLS_ENABLED", Value: os.Getenv("TLS_ENABLED"), }, - { - Name: "POD_NAMESPACE", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ - FieldPath: "metadata.namespace", - }, - }, - }, }, SecurityContext: &corev1.SecurityContext{ RunAsNonRoot: ptr.To(true),