diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 48d04a6e37..27ee72a3de 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -182,6 +182,7 @@ rules: - apiGroups: - noobaa.io resources: + - noobaaaccounts - noobaas verbs: - create diff --git a/controllers/storageconsumer/consumer_test.go b/controllers/storageconsumer/consumer_test.go index 51abe8391c..d1c5ad284b 100644 --- a/controllers/storageconsumer/consumer_test.go +++ b/controllers/storageconsumer/consumer_test.go @@ -19,6 +19,9 @@ package controllers import ( "testing" + noobaaApis "github.com/noobaa/noobaa-operator/v5/pkg/apis" + "github.com/noobaa/noobaa-operator/v5/pkg/apis/noobaa/v1alpha1" + routev1 "github.com/openshift/api/route/v1" v1 "github.com/red-hat-storage/ocs-operator/api/v4/v1" ocsv1alpha1 "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1" "github.com/red-hat-storage/ocs-operator/v4/controllers/util" @@ -46,7 +49,15 @@ func createFakeScheme(t *testing.T) *runtime.Scheme { err = rookCephv1.AddToScheme(scheme) if err != nil { - assert.Fail(t, "failed to add rookCephv1scheme") + assert.Fail(t, "failed to add rookCephv1 scheme") + } + err = routev1.AddToScheme(scheme) + if err != nil { + assert.Fail(t, "failed to add routev1 scheme") + } + err = noobaaApis.AddToScheme(scheme) + if err != nil { + assert.Fail(t, "failed to add nbapis scheme") } return scheme @@ -90,7 +101,23 @@ func TestCephName(t *testing.T) { Name: "cephfs", Phase: "Ready", }, + { + Kind: "NooBaaAccount", + Name: "consumer-acc", + Phase: "Ready", + }, }, + Client: ocsv1alpha1.ClientStatus{ + ClusterID: "consumer", + }, + }, + } + r.noobaaAccount = &v1alpha1.NooBaaAccount{ + ObjectMeta: metav1.ObjectMeta{ + Name: "consumer-acc", + }, + Status: v1alpha1.NooBaaAccountStatus{ + Phase: v1alpha1.NooBaaAccountPhaseReady, }, } _, err := r.reconcilePhases() @@ -102,6 +129,11 @@ func TestCephName(t *testing.T) { Name: "healthchecker", Phase: "Ready", }, + { + Kind: "NooBaaAccount", + Name: "consumer-acc", + Phase: "Ready", + }, } assert.Equal(t, r.storageConsumer.Status.CephResources, want) @@ -138,9 +170,23 @@ func TestCephName(t *testing.T) { Name: "healthchecker", Phase: "Error", }, + { + Kind: "NooBaaAccount", + Name: "consumer-acc", + Phase: "Error", + }, }, }, } + r.noobaaAccount = &v1alpha1.NooBaaAccount{ + ObjectMeta: metav1.ObjectMeta{ + Name: "consumer-acc", + }, + Status: v1alpha1.NooBaaAccountStatus{ + Phase: v1alpha1.NooBaaAccountPhaseRejected, + }, + } + _, err = r.reconcilePhases() assert.NoError(t, err) @@ -150,6 +196,11 @@ func TestCephName(t *testing.T) { Name: "healthchecker", Phase: "Error", }, + { + Kind: "NooBaaAccount", + Name: "consumer-acc", + Phase: "Rejected", + }, } assert.Equal(t, r.storageConsumer.Status.CephResources, want) } diff --git a/controllers/storageconsumer/storageconsumer_controller.go b/controllers/storageconsumer/storageconsumer_controller.go index 97de086029..7237466f2e 100644 --- a/controllers/storageconsumer/storageconsumer_controller.go +++ b/controllers/storageconsumer/storageconsumer_controller.go @@ -21,9 +21,11 @@ import ( "crypto/md5" "encoding/hex" "encoding/json" + "fmt" "github.com/go-logr/logr" "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1" + "github.com/red-hat-storage/ocs-operator/v4/controllers/util" rookCephv1 "github.com/rook/rook/pkg/apis/ceph.rook.io/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -36,6 +38,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/predicate" + nbv1 "github.com/noobaa/noobaa-operator/v5/pkg/apis/noobaa/v1alpha1" ocsv1alpha1 "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1" "sigs.k8s.io/controller-runtime/pkg/reconcile" ) @@ -59,12 +62,14 @@ type StorageConsumerReconciler struct { storageConsumer *ocsv1alpha1.StorageConsumer cephClientHealthChecker *rookCephv1.CephClient namespace string + noobaaAccount *nbv1.NooBaaAccount } //+kubebuilder:rbac:groups=ocs.openshift.io,resources=storageconsumers,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=ceph.rook.io,resources=cephclients,verbs=get;list;watch;create;update;delete //+kubebuilder:rbac:groups=ocs.openshift.io,resources=storageconsumers/status,verbs=get;update;patch // +kubebuilder:rbac:groups=ocs.openshift.io,resources=storagerequests,verbs=get;list; +// +kubebuilder:rbac:groups=noobaa.io,resources=noobaaaccounts,verbs=get;list;watch;create;update;delete // Reconcile reads that state of the cluster for a StorageConsumer object and makes changes based on the state read // and what is in the StorageConsumer.Spec @@ -127,6 +132,10 @@ func (r *StorageConsumerReconciler) initReconciler(request reconcile.Request) { r.cephClientHealthChecker = &rookCephv1.CephClient{} r.cephClientHealthChecker.Name = GenerateHashForCephClient(r.storageConsumer.Name, "global") r.cephClientHealthChecker.Namespace = r.namespace + + r.noobaaAccount = &nbv1.NooBaaAccount{} + r.noobaaAccount.Name = "noobaa-remote-" + r.storageConsumer.Name + r.noobaaAccount.Namespace = r.storageConsumer.Namespace } func (r *StorageConsumerReconciler) reconcilePhases() (reconcile.Result, error) { @@ -145,6 +154,10 @@ func (r *StorageConsumerReconciler) reconcilePhases() (reconcile.Result, error) return reconcile.Result{}, err } + if err := r.reconcileNoobaaAccount(); err != nil { + return reconcile.Result{}, err + } + cephResourcesReady := true for _, cephResource := range r.storageConsumer.Status.CephResources { if cephResource.Phase != "Ready" { @@ -205,6 +218,25 @@ func (r *StorageConsumerReconciler) reconcileCephClientHealthChecker() error { return nil } +func (r *StorageConsumerReconciler) reconcileNoobaaAccount() error { + _, err := ctrl.CreateOrUpdate(r.ctx, r.Client, r.noobaaAccount, func() error { + if err := r.own(r.noobaaAccount); err != nil { + return err + } + // the following annotation will enable noobaa-operator to create a auth_token secret based on this account + util.AddAnnotation(r.noobaaAccount, "remote-operator", "true") + return nil + }) + if err != nil { + return fmt.Errorf("failed to create noobaa account for storageConsumer %v: %v", r.storageConsumer.Name, err) + } + + phase := string(r.noobaaAccount.Status.Phase) + r.setCephResourceStatus(r.noobaaAccount.Name, "NooBaaAccount", phase, nil) + + return nil +} + func (r *StorageConsumerReconciler) setCephResourceStatus(name string, kind string, phase string, cephClients map[string]string) { cephResourceSpec := ocsv1alpha1.CephResourcesSpec{ Name: name, diff --git a/deploy/csv-templates/ocs-operator.csv.yaml.in b/deploy/csv-templates/ocs-operator.csv.yaml.in index 309c6f715d..784264eae8 100644 --- a/deploy/csv-templates/ocs-operator.csv.yaml.in +++ b/deploy/csv-templates/ocs-operator.csv.yaml.in @@ -353,6 +353,7 @@ spec: - apiGroups: - noobaa.io resources: + - noobaaaccounts - noobaas verbs: - create diff --git a/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml b/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml index 65023d6b25..d842d60d76 100644 --- a/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml +++ b/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml @@ -362,6 +362,7 @@ spec: - apiGroups: - noobaa.io resources: + - noobaaaccounts - noobaas verbs: - create diff --git a/deploy/ocs-operator/manifests/provider-role.yaml b/deploy/ocs-operator/manifests/provider-role.yaml index aea3ada2e5..b1cb627919 100644 --- a/deploy/ocs-operator/manifests/provider-role.yaml +++ b/deploy/ocs-operator/manifests/provider-role.yaml @@ -68,3 +68,10 @@ rules: verbs: - get - list +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list diff --git a/rbac/provider-role.yaml b/rbac/provider-role.yaml index aea3ada2e5..b1cb627919 100644 --- a/rbac/provider-role.yaml +++ b/rbac/provider-role.yaml @@ -68,3 +68,10 @@ rules: verbs: - get - list +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list diff --git a/services/provider/server/consumer_test.go b/services/provider/server/consumer_test.go index ad0f30acb8..f3b60293bc 100644 --- a/services/provider/server/consumer_test.go +++ b/services/provider/server/consumer_test.go @@ -4,6 +4,7 @@ import ( "context" "testing" + routev1 "github.com/openshift/api/route/v1" opv1a1 "github.com/operator-framework/api/pkg/operators/v1alpha1" api "github.com/red-hat-storage/ocs-operator/api/v4/v1" ocsv1alpha1 "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1" @@ -13,7 +14,6 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" ) @@ -67,6 +67,8 @@ func newFakeClient(t *testing.T, obj ...client.Object) client.Client { err = opv1a1.AddToScheme(scheme) assert.NoError(t, err, "failed to add opv1a1 scheme") + err = routev1.AddToScheme(scheme) + assert.NoError(t, err, "failed to add routev1 scheme") return fake.NewClientBuilder(). WithScheme(scheme). WithObjects(obj...). diff --git a/services/provider/server/server.go b/services/provider/server/server.go index 1d005fba11..a41b934f59 100644 --- a/services/provider/server/server.go +++ b/services/provider/server/server.go @@ -19,11 +19,15 @@ import ( "time" "github.com/blang/semver/v4" + nbv1 "github.com/noobaa/noobaa-operator/v5/pkg/apis/noobaa/v1alpha1" quotav1 "github.com/openshift/api/quota/v1" + routev1 "github.com/openshift/api/route/v1" + opv1a1 "github.com/operator-framework/api/pkg/operators/v1alpha1" ocsv1 "github.com/red-hat-storage/ocs-operator/api/v4/v1" ocsv1alpha1 "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1" controllers "github.com/red-hat-storage/ocs-operator/v4/controllers/storageconsumer" "github.com/red-hat-storage/ocs-operator/v4/controllers/util" + "github.com/red-hat-storage/ocs-operator/v4/services" pb "github.com/red-hat-storage/ocs-operator/v4/services/provider/pb" ocsVersion "github.com/red-hat-storage/ocs-operator/v4/version" rookCephv1 "github.com/rook/rook/pkg/apis/ceph.rook.io/v1" @@ -31,8 +35,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" csiopv1a1 "github.com/ceph/ceph-csi-operator/api/v1alpha1" - opv1a1 "github.com/operator-framework/api/pkg/operators/v1alpha1" - "github.com/red-hat-storage/ocs-operator/v4/services" "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" @@ -148,7 +150,6 @@ func (s *OCSProviderServer) AcknowledgeOnboarding(ctx context.Context, req *pb.A } return nil, status.Errorf(codes.Internal, "Failed to update the storageConsumer. %v", err) } - return &pb.AcknowledgeOnboardingResponse{}, nil } @@ -198,12 +199,10 @@ func (s *OCSProviderServer) GetStorageConfig(ctx context.Context, req *pb.Storag // OffboardConsumer RPC call to delete the StorageConsumer CR func (s *OCSProviderServer) OffboardConsumer(ctx context.Context, req *pb.OffboardConsumerRequest) (*pb.OffboardConsumerResponse, error) { - err := s.consumerManager.Delete(ctx, req.StorageConsumerUUID) if err != nil { return nil, status.Errorf(codes.Internal, "failed to delete storageConsumer resource with the provided UUID. %v", err) } - return &pb.OffboardConsumerResponse{}, nil } @@ -254,6 +253,10 @@ func newClient() (client.Client, error) { if err != nil { return nil, fmt.Errorf("failed to add ocsv1 to scheme. %v", err) } + err = routev1.AddToScheme(scheme) + if err != nil { + return nil, fmt.Errorf("failed to add routev1 to scheme. %v", err) + } config, err := config.GetConfig() if err != nil { @@ -427,6 +430,54 @@ func (s *OCSProviderServer) getExternalResources(ctx context.Context, consumerRe } + // Fetch noobaa remote secret and management address and append to extResources + consumerName := consumerResource.Name + noobaaOperatorSecret := &v1.Secret{} + noobaaOperatorSecret.Name = fmt.Sprintf("noobaa-account-%s", consumerName) + noobaaOperatorSecret.Namespace = s.namespace + + if err := s.client.Get(ctx, client.ObjectKeyFromObject(noobaaOperatorSecret), noobaaOperatorSecret); err != nil { + return nil, fmt.Errorf("failed to get %s secret. %v", noobaaOperatorSecret.Name, err) + } + + authToken, ok := noobaaOperatorSecret.Data["auth_token"] + if !ok || len(authToken) == 0 { + return nil, fmt.Errorf("auth_token not found in %s secret", noobaaOperatorSecret.Name) + } + + noobaMgmtRoute := &routev1.Route{} + noobaMgmtRoute.Name = "noobaa-mgmt" + noobaMgmtRoute.Namespace = s.namespace + + if err = s.client.Get(ctx, client.ObjectKeyFromObject(noobaMgmtRoute), noobaMgmtRoute); err != nil { + return nil, fmt.Errorf("failed to get noobaa-mgmt route. %v", err) + } + if noobaMgmtRoute.Status.Ingress == nil || len(noobaMgmtRoute.Status.Ingress) == 0 { + return nil, fmt.Errorf("no Ingress available in noobaa-mgmt route") + } + + noobaaMgmtAddress := noobaMgmtRoute.Status.Ingress[0].Host + if noobaaMgmtAddress == "" { + return nil, fmt.Errorf("no Host found in noobaa-mgmt route Ingress") + } + extR = append(extR, &pb.ExternalResource{ + Name: "noobaa-remote-join-secret", + Kind: "Secret", + Data: mustMarshal(map[string][]byte{ + "auth_token": authToken, + "mgmt_addr": []byte(noobaaMgmtAddress), + }), + }) + + extR = append(extR, &pb.ExternalResource{ + Name: "noobaa-remote", + Kind: "Noobaa", + Data: mustMarshal(&nbv1.NooBaaSpec{ + JoinSecret: &v1.SecretReference{ + Name: "noobaa-remote-join-secret", + }, + }), + }) return extR, nil } diff --git a/services/provider/server/server_test.go b/services/provider/server/server_test.go index b02d274d39..f103724990 100644 --- a/services/provider/server/server_test.go +++ b/services/provider/server/server_test.go @@ -8,7 +8,9 @@ import ( "testing" csiopv1a1 "github.com/ceph/ceph-csi-operator/api/v1alpha1" + nbv1 "github.com/noobaa/noobaa-operator/v5/pkg/apis/noobaa/v1alpha1" quotav1 "github.com/openshift/api/quota/v1" + routev1 "github.com/openshift/api/route/v1" opv1a1 "github.com/operator-framework/api/pkg/operators/v1alpha1" ocsv1 "github.com/red-hat-storage/ocs-operator/api/v4/v1" ocsv1alpha1 "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1" @@ -56,6 +58,16 @@ var ocsSubscriptionSpec = &opv1a1.SubscriptionSpec{ Channel: "1.0", Package: "ocs-operator", } +var noobaaSpec = &nbv1.NooBaaSpec{ + JoinSecret: &v1.SecretReference{ + Name: "noobaa-remote-join-secret", + }, +} + +var joinSecret = map[string][]byte{ + "auth_token": []byte("authToken"), + "mgmt_addr": []byte("noobaaMgmtAddress"), +} var mockExtR = map[string]*externalResource{ "rook-ceph-mon-endpoints": { @@ -100,6 +112,16 @@ var mockExtR = map[string]*externalResource{ "QuotaForConsumer": fmt.Sprintf("%+v\n", clusterResourceQuotaSpec), }, }, + "noobaa-remote-join-secret": { + Name: "noobaa-remote-join-secret", + Kind: "Secret", + Data: joinSecret, + }, + "noobaa-remote": { + Name: "noobaa-remote", + Kind: "Noobaa", + Data: noobaaSpec, + }, "monitor-endpoints": { Name: "monitor-endpoints", Kind: "CephConnection", @@ -264,9 +286,34 @@ func TestGetExternalResources(t *testing.T) { }, } + noobaaRemoteJoinSecretConsumer := &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{Name: "noobaa-account-consumer", Namespace: server.namespace}, + Data: map[string][]byte{ + "auth_token": []byte("authToken"), + }, + } + + noobaaRemoteJoinSecretConsumer6 := &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{Name: "noobaa-account-consumer6", Namespace: server.namespace}, + Data: map[string][]byte{ + "auth_token": []byte("authToken"), + }, + } + + noobaaMgmtRoute := &routev1.Route{ + ObjectMeta: metav1.ObjectMeta{Name: "noobaa-mgmt", Namespace: server.namespace}, + Status: routev1.RouteStatus{ + Ingress: []routev1.RouteIngress{{Host: "noobaaMgmtAddress"}}, + }, + } + assert.NoError(t, client.Create(ctx, cephClient)) assert.NoError(t, client.Create(ctx, secret)) + assert.NoError(t, client.Create(ctx, noobaaRemoteJoinSecretConsumer)) + assert.NoError(t, client.Create(ctx, noobaaRemoteJoinSecretConsumer6)) + assert.NoError(t, client.Create(ctx, noobaaMgmtRoute)) + monCm, monSc := createMonConfigMapAndSecret(server) assert.NoError(t, client.Create(ctx, monCm)) assert.NoError(t, client.Create(ctx, monSc)) @@ -290,9 +337,20 @@ func TestGetExternalResources(t *testing.T) { mockResoruce, ok := mockExtR[extResource.Name] assert.True(t, ok) - data, err := json.Marshal(mockResoruce.Data) - assert.NoError(t, err) - assert.Equal(t, string(extResource.Data), string(data)) + if extResource.Kind == "Noobaa" { + var extNoobaaSpec, mockNoobaaSpec nbv1.NooBaaSpec + err = json.Unmarshal(extResource.Data, &extNoobaaSpec) + assert.NoError(t, err) + data, err := json.Marshal(mockResoruce.Data) + assert.NoError(t, err) + err = json.Unmarshal(data, &mockNoobaaSpec) + assert.NoError(t, err) + assert.Equal(t, extNoobaaSpec.JoinSecret, mockNoobaaSpec.JoinSecret) + } else { + data, err := json.Marshal(mockResoruce.Data) + assert.NoError(t, err) + assert.Equal(t, string(extResource.Data), string(data)) + } assert.Equal(t, extResource.Kind, mockResoruce.Kind) assert.Equal(t, extResource.Name, mockResoruce.Name) } @@ -310,15 +368,24 @@ func TestGetExternalResources(t *testing.T) { mockResoruce, ok := mockExtR[extResource.Name] assert.True(t, ok) - data, err := json.Marshal(mockResoruce.Data) - assert.NoError(t, err) if extResource.Kind == "ClusterResourceQuota" { var clusterResourceQuotaSpec quotav1.ClusterResourceQuotaSpec err = json.Unmarshal([]byte(extResource.Data), &clusterResourceQuotaSpec) assert.NoError(t, err) quantity, _ := resource.ParseQuantity("10240G") assert.Equal(t, clusterResourceQuotaSpec.Quota.Hard["requests.storage"], quantity) + } else if extResource.Kind == "Noobaa" { + var extNoobaaSpec, mockNoobaaSpec nbv1.NooBaaSpec + err = json.Unmarshal(extResource.Data, &extNoobaaSpec) + assert.NoError(t, err) + data, err := json.Marshal(mockResoruce.Data) + assert.NoError(t, err) + err = json.Unmarshal(data, &mockNoobaaSpec) + assert.NoError(t, err) + assert.Equal(t, mockNoobaaSpec.JoinSecret, extNoobaaSpec.JoinSecret) } else { + data, err := json.Marshal(mockResoruce.Data) + assert.NoError(t, err) assert.Equal(t, string(extResource.Data), string(data)) } @@ -1034,7 +1101,6 @@ func TestOCSProviderServerGetStorageClaimConfig(t *testing.T) { } mockResoruce, ok := mockShareFilesystemClaimExtR[name] assert.True(t, ok) - data, err := json.Marshal(mockResoruce.Data) assert.NoError(t, err) assert.Equal(t, string(extResource.Data), string(data))