red-hat-storage · openshift-merge-bot · Sep 1, 2024 · Jul 2, 2024 · Jul 22, 2024
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -188,6 +188,7 @@ rules:
 - apiGroups:
   - noobaa.io
   resources:
+  - noobaaaccounts
   - noobaas
   verbs:
   - create

diff --git a/controllers/storageconsumer/consumer_test.go b/controllers/storageconsumer/consumer_test.go
@@ -19,6 +19,9 @@ package controllers
 import (
 	"testing"
 
+	noobaaApis "github.com/noobaa/noobaa-operator/v5/pkg/apis"
+	"github.com/noobaa/noobaa-operator/v5/pkg/apis/noobaa/v1alpha1"
+	routev1 "github.com/openshift/api/route/v1"
 	v1 "github.com/red-hat-storage/ocs-operator/api/v4/v1"
 	ocsv1alpha1 "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1"
 	"github.com/red-hat-storage/ocs-operator/v4/controllers/util"
@@ -46,7 +49,15 @@ func createFakeScheme(t *testing.T) *runtime.Scheme {
 
 	err = rookCephv1.AddToScheme(scheme)
 	if err != nil {
-		assert.Fail(t, "failed to add rookCephv1scheme")
+		assert.Fail(t, "failed to add rookCephv1 scheme")
+	}
+	err = routev1.AddToScheme(scheme)
+	if err != nil {
+		assert.Fail(t, "failed to add routev1 scheme")
+	}
+	err = noobaaApis.AddToScheme(scheme)
+	if err != nil {
+		assert.Fail(t, "failed to add nbapis scheme")
 	}
 
 	return scheme
@@ -90,7 +101,23 @@ func TestCephName(t *testing.T) {
 					Name:  "cephfs",
 					Phase: "Ready",
 				},
+				{
+					Kind:  "NooBaaAccount",
+					Name:  "consumer-acc",
+					Phase: "Ready",
+				},
 			},
+			Client: ocsv1alpha1.ClientStatus{
+				ClusterID: "consumer",
+			},
+		},
+	}
+	r.noobaaAccount = &v1alpha1.NooBaaAccount{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "consumer-acc",
+		},
+		Status: v1alpha1.NooBaaAccountStatus{
+			Phase: v1alpha1.NooBaaAccountPhaseReady,
 		},
 	}
 	_, err := r.reconcilePhases()
@@ -102,6 +129,11 @@ func TestCephName(t *testing.T) {
 			Name:  "healthchecker",
 			Phase: "Ready",
 		},
+		{
+			Kind:  "NooBaaAccount",
+			Name:  "consumer-acc",
+			Phase: "Ready",
+		},
 	}
 	assert.Equal(t, r.storageConsumer.Status.CephResources, want)
 
@@ -138,9 +170,23 @@ func TestCephName(t *testing.T) {
 					Name:  "healthchecker",
 					Phase: "Error",
 				},
+				{
+					Kind:  "NooBaaAccount",
+					Name:  "consumer-acc",
+					Phase: "Error",
+				},
 			},
 		},
 	}
+	r.noobaaAccount = &v1alpha1.NooBaaAccount{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "consumer-acc",
+		},
+		Status: v1alpha1.NooBaaAccountStatus{
+			Phase: v1alpha1.NooBaaAccountPhaseRejected,
+		},
+	}
+
 	_, err = r.reconcilePhases()
 	assert.NoError(t, err)
 
@@ -150,6 +196,11 @@ func TestCephName(t *testing.T) {
 			Name:  "healthchecker",
 			Phase: "Error",
 		},
+		{
+			Kind:  "NooBaaAccount",
+			Name:  "consumer-acc",
+			Phase: "Rejected",
+		},
 	}
 	assert.Equal(t, r.storageConsumer.Status.CephResources, want)
 }
diff --git a/controllers/storageconsumer/storageconsumer_controller.go b/controllers/storageconsumer/storageconsumer_controller.go
@@ -21,9 +21,11 @@ import (
 	"crypto/md5"
 	"encoding/hex"
 	"encoding/json"
+	"fmt"
 
 	"github.com/go-logr/logr"
 	"github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1"
+	"github.com/red-hat-storage/ocs-operator/v4/controllers/util"
 	rookCephv1 "github.com/rook/rook/pkg/apis/ceph.rook.io/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -36,6 +38,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 
+	nbv1 "github.com/noobaa/noobaa-operator/v5/pkg/apis/noobaa/v1alpha1"
 	ocsv1alpha1 "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 )
@@ -59,12 +62,14 @@ type StorageConsumerReconciler struct {
 	storageConsumer         *ocsv1alpha1.StorageConsumer
 	cephClientHealthChecker *rookCephv1.CephClient
 	namespace               string
+	noobaaAccount           *nbv1.NooBaaAccount
 }
 
 //+kubebuilder:rbac:groups=ocs.openshift.io,resources=storageconsumers,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=ceph.rook.io,resources=cephclients,verbs=get;list;watch;create;update;delete
 //+kubebuilder:rbac:groups=ocs.openshift.io,resources=storageconsumers/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=ocs.openshift.io,resources=storagerequests,verbs=get;list;
+// +kubebuilder:rbac:groups=noobaa.io,resources=noobaaaccounts,verbs=get;list;watch;create;update;delete
 
 // Reconcile reads that state of the cluster for a StorageConsumer object and makes changes based on the state read
 // and what is in the StorageConsumer.Spec
@@ -127,6 +132,10 @@ func (r *StorageConsumerReconciler) initReconciler(request reconcile.Request) {
 	r.cephClientHealthChecker = &rookCephv1.CephClient{}
 	r.cephClientHealthChecker.Name = GenerateHashForCephClient(r.storageConsumer.Name, "global")
 	r.cephClientHealthChecker.Namespace = r.namespace
+
+	r.noobaaAccount = &nbv1.NooBaaAccount{}
+	r.noobaaAccount.Name = "noobaa-remote-" + r.storageConsumer.Name
+	r.noobaaAccount.Namespace = r.storageConsumer.Namespace
 }
 
 func (r *StorageConsumerReconciler) reconcilePhases() (reconcile.Result, error) {
@@ -145,6 +154,10 @@ func (r *StorageConsumerReconciler) reconcilePhases() (reconcile.Result, error)
 			return reconcile.Result{}, err
 		}
 
+		if err := r.reconcileNoobaaAccount(); err != nil {
+			return reconcile.Result{}, err
+		}
+
 		cephResourcesReady := true
 		for _, cephResource := range r.storageConsumer.Status.CephResources {
 			if cephResource.Phase != "Ready" {
@@ -205,6 +218,25 @@ func (r *StorageConsumerReconciler) reconcileCephClientHealthChecker() error {
 	return nil
 }
 
+func (r *StorageConsumerReconciler) reconcileNoobaaAccount() error {
+	_, err := ctrl.CreateOrUpdate(r.ctx, r.Client, r.noobaaAccount, func() error {
+		if err := r.own(r.noobaaAccount); err != nil {
+			return err
+		}
+		// the following annotation will enable noobaa-operator to create a auth_token secret based on this account
+		util.AddAnnotation(r.noobaaAccount, "remote-operator", "true")
+		return nil
+	})
+	if err != nil {
+		return fmt.Errorf("failed to create noobaa account for storageConsumer %v: %v", r.storageConsumer.Name, err)
+	}
+
+	phase := string(r.noobaaAccount.Status.Phase)
+	r.setCephResourceStatus(r.noobaaAccount.Name, "NooBaaAccount", phase, nil)
+
+	return nil
+}
+
 func (r *StorageConsumerReconciler) setCephResourceStatus(name string, kind string, phase string, cephClients map[string]string) {
 	cephResourceSpec := ocsv1alpha1.CephResourcesSpec{
 		Name:        name,

diff --git a/deploy/csv-templates/ocs-operator.csv.yaml.in b/deploy/csv-templates/ocs-operator.csv.yaml.in
@@ -359,6 +359,7 @@ spec:
         - apiGroups:
           - noobaa.io
           resources:
+          - noobaaaccounts
           - noobaas
           verbs:
           - create

diff --git a/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml b/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml
@@ -368,6 +368,7 @@ spec:
         - apiGroups:
           - noobaa.io
           resources:
+          - noobaaaccounts
           - noobaas
           verbs:
           - create

diff --git a/deploy/ocs-operator/manifests/provider-role.yaml b/deploy/ocs-operator/manifests/provider-role.yaml
@@ -68,3 +68,10 @@ rules:
   verbs:
   - get
   - list
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - get
+  - list
diff --git a/rbac/provider-role.yaml b/rbac/provider-role.yaml
@@ -68,3 +68,10 @@ rules:
   verbs:
   - get
   - list
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - get
+  - list
diff --git a/services/provider/server/consumer_test.go b/services/provider/server/consumer_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"testing"
 
+	routev1 "github.com/openshift/api/route/v1"
 	opv1a1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
 	api "github.com/red-hat-storage/ocs-operator/api/v4/v1"
 	ocsv1alpha1 "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1"
@@ -13,7 +14,6 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
-
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 )
@@ -67,6 +67,8 @@ func newFakeClient(t *testing.T, obj ...client.Object) client.Client {
 	err = opv1a1.AddToScheme(scheme)
 	assert.NoError(t, err, "failed to add opv1a1 scheme")
 
+	err = routev1.AddToScheme(scheme)
+	assert.NoError(t, err, "failed to add routev1 scheme")
 	return fake.NewClientBuilder().
 		WithScheme(scheme).
 		WithObjects(obj...).

diff --git a/services/provider/server/server.go b/services/provider/server/server.go
@@ -19,20 +19,22 @@ import (
 	"time"
 
 	"github.com/blang/semver/v4"
+	nbv1 "github.com/noobaa/noobaa-operator/v5/pkg/apis/noobaa/v1alpha1"
 	quotav1 "github.com/openshift/api/quota/v1"
+	routev1 "github.com/openshift/api/route/v1"
+	opv1a1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
 	ocsv1 "github.com/red-hat-storage/ocs-operator/api/v4/v1"
 	ocsv1alpha1 "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1"
 	controllers "github.com/red-hat-storage/ocs-operator/v4/controllers/storageconsumer"
 	"github.com/red-hat-storage/ocs-operator/v4/controllers/util"
+	"github.com/red-hat-storage/ocs-operator/v4/services"
 	pb "github.com/red-hat-storage/ocs-operator/v4/services/provider/pb"
 	ocsVersion "github.com/red-hat-storage/ocs-operator/v4/version"
 	rookCephv1 "github.com/rook/rook/pkg/apis/ceph.rook.io/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	csiopv1a1 "github.com/ceph/ceph-csi-operator/api/v1alpha1"
-	opv1a1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
-	"github.com/red-hat-storage/ocs-operator/v4/services"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
@@ -148,7 +150,6 @@ func (s *OCSProviderServer) AcknowledgeOnboarding(ctx context.Context, req *pb.A
 		}
 		return nil, status.Errorf(codes.Internal, "Failed to update the storageConsumer. %v", err)
 	}
-
 	return &pb.AcknowledgeOnboardingResponse{}, nil
 }
 
@@ -198,12 +199,10 @@ func (s *OCSProviderServer) GetStorageConfig(ctx context.Context, req *pb.Storag
 
 // OffboardConsumer RPC call to delete the StorageConsumer CR
 func (s *OCSProviderServer) OffboardConsumer(ctx context.Context, req *pb.OffboardConsumerRequest) (*pb.OffboardConsumerResponse, error) {
-
 	err := s.consumerManager.Delete(ctx, req.StorageConsumerUUID)
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to delete storageConsumer resource with the provided UUID. %v", err)
 	}
-
 	return &pb.OffboardConsumerResponse{}, nil
 }
 
@@ -254,6 +253,10 @@ func newClient() (client.Client, error) {
 	if err != nil {
 		return nil, fmt.Errorf("failed to add ocsv1 to scheme. %v", err)
 	}
+	err = routev1.AddToScheme(scheme)
+	if err != nil {
+		return nil, fmt.Errorf("failed to add routev1 to scheme. %v", err)
+	}
 
 	config, err := config.GetConfig()
 	if err != nil {
@@ -427,6 +430,54 @@ func (s *OCSProviderServer) getExternalResources(ctx context.Context, consumerRe
 
 	}
 
+	// Fetch noobaa remote secret and management address and append to extResources
+	consumerName := consumerResource.Name
+	noobaaOperatorSecret := &v1.Secret{}
+	noobaaOperatorSecret.Name = fmt.Sprintf("noobaa-account-%s", consumerName)
+	noobaaOperatorSecret.Namespace = s.namespace
+
+	if err := s.client.Get(ctx, client.ObjectKeyFromObject(noobaaOperatorSecret), noobaaOperatorSecret); err != nil {
+		return nil, fmt.Errorf("failed to get %s secret. %v", noobaaOperatorSecret.Name, err)
+	}
+
+	authToken, ok := noobaaOperatorSecret.Data["auth_token"]
+	if !ok || len(authToken) == 0 {
+		return nil, fmt.Errorf("auth_token not found in %s secret", noobaaOperatorSecret.Name)
+	}
+
+	noobaMgmtRoute := &routev1.Route{}
+	noobaMgmtRoute.Name = "noobaa-mgmt"
+	noobaMgmtRoute.Namespace = s.namespace
+
+	if err = s.client.Get(ctx, client.ObjectKeyFromObject(noobaMgmtRoute), noobaMgmtRoute); err != nil {
+		return nil, fmt.Errorf("failed to get noobaa-mgmt route. %v", err)
+	}
+	if noobaMgmtRoute.Status.Ingress == nil || len(noobaMgmtRoute.Status.Ingress) == 0 {
+		return nil, fmt.Errorf("no Ingress available in noobaa-mgmt route")
+	}
+
+	noobaaMgmtAddress := noobaMgmtRoute.Status.Ingress[0].Host
+	if noobaaMgmtAddress == "" {
+		return nil, fmt.Errorf("no Host found in noobaa-mgmt route Ingress")
+	}
+	extR = append(extR, &pb.ExternalResource{
+		Name: "noobaa-remote-join-secret",
+		Kind: "Secret",
+		Data: mustMarshal(map[string][]byte{
+			"auth_token": authToken,
+			"mgmt_addr":  []byte(noobaaMgmtAddress),
+		}),
+	})
+
+	extR = append(extR, &pb.ExternalResource{
+		Name: "noobaa-remote",
+		Kind: "Noobaa",
+		Data: mustMarshal(&nbv1.NooBaaSpec{
+			JoinSecret: &v1.SecretReference{
+				Name: "noobaa-remote-join-secret",
+			},
+		}),
+	})
 	return extR, nil
 }