Skip to content

Commit 6105377

Browse files
AshleyDumaineAshleyDumaine
committed
simplify the fields for obj access
1 parent a95ddfa commit 6105377

27 files changed

+136
-135
lines changed

cloud/scope/common.go

+6-6
Original file line numberDiff line numberDiff line change
@@ -127,17 +127,17 @@ func CreateS3Clients(ctx context.Context, crClient clients.K8sClient, cluster in
127127

128128
// If we have a cluster object store bucket, get its configuration.
129129
if cluster.Spec.ObjectStore != nil {
130-
secret, err := getCredentials(ctx, crClient, cluster.Spec.ObjectStore.CredentialsRef, cluster.GetNamespace())
130+
objSecret, err := getCredentials(ctx, crClient, cluster.Spec.ObjectStore.CredentialsRef, cluster.GetNamespace())
131131
if err == nil {
132132
var (
133-
access_key = string(secret.Data["access_key"])
134-
secret_key = string(secret.Data["secret_key"])
135-
s3_endpoint = string(secret.Data["s3_endpoint"])
133+
access = string(objSecret.Data["access"])
134+
secret = string(objSecret.Data["secret"])
135+
endpoint = string(objSecret.Data["endpoint"])
136136
)
137137

138-
configOpts = append(configOpts, awsconfig.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(access_key, secret_key, "")))
138+
configOpts = append(configOpts, awsconfig.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(access, secret, "")))
139139
clientOpts = append(clientOpts, func(opts *s3.Options) {
140-
opts.BaseEndpoint = aws.String(s3_endpoint)
140+
opts.BaseEndpoint = aws.String(endpoint)
141141
})
142142
}
143143
}

cloud/scope/machine.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -145,7 +145,7 @@ func (m *MachineScope) GetBucketName(ctx context.Context) (string, error) {
145145
return "", errors.New("no cluster object store")
146146
}
147147

148-
name, err := getCredentialDataFromRef(ctx, m.Client, m.LinodeCluster.Spec.ObjectStore.CredentialsRef, m.LinodeCluster.GetNamespace(), "bucket_name")
148+
name, err := getCredentialDataFromRef(ctx, m.Client, m.LinodeCluster.Spec.ObjectStore.CredentialsRef, m.LinodeCluster.GetNamespace(), "bucket")
149149
if err != nil {
150150
return "", fmt.Errorf("get bucket name: %w", err)
151151
}

cloud/scope/machine_test.go

+4-4
Original file line numberDiff line numberDiff line change
@@ -268,10 +268,10 @@ func TestNewMachineScope(t *testing.T) {
268268
Call("cluster object store used", func(ctx context.Context, mck Mock) {
269269
mck.K8sClient.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx context.Context, key client.ObjectKey, obj *corev1.Secret, opts ...client.GetOption) error {
270270
secret := corev1.Secret{Data: map[string][]byte{
271-
"bucket_name": []byte("fake"),
272-
"s3_endpoint": []byte("fake"),
273-
"access_key": []byte("fake"),
274-
"secret_key": []byte("fake"),
271+
"bucket": []byte("fake"),
272+
"endpoint": []byte("fake"),
273+
"access": []byte("fake"),
274+
"secret": []byte("fake"),
275275
}}
276276
*obj = secret
277277
return nil

cloud/scope/object_storage_key.go

+2-2
Original file line numberDiff line numberDiff line change
@@ -105,8 +105,8 @@ func (s *ObjectStorageKeyScope) GenerateKeySecret(ctx context.Context, key *lino
105105

106106
if len(s.Key.Spec.Format) == 0 {
107107
secretStringData = map[string]string{
108-
"access_key": key.AccessKey,
109-
"secret_key": key.SecretKey,
108+
"access": key.AccessKey,
109+
"secret": key.SecretKey,
110110
}
111111
} else {
112112
// This should never run since the CRD has a validation marker to ensure bucketAccess has at least one item.

cloud/scope/object_storage_key_test.go

+15-15
Original file line numberDiff line numberDiff line change
@@ -267,8 +267,8 @@ func TestGenerateKeySecret(t *testing.T) {
267267
key: &linodego.ObjectStorageKey{
268268
ID: 1,
269269
Label: "test-key",
270-
AccessKey: "access_key",
271-
SecretKey: "secret_key",
270+
AccessKey: "access",
271+
SecretKey: "secret",
272272
BucketAccess: &[]linodego.ObjectStorageKeyBucketAccess{
273273
{
274274
BucketName: "bucket",
@@ -285,8 +285,8 @@ func TestGenerateKeySecret(t *testing.T) {
285285
}).Times(1)
286286
},
287287
expectedData: map[string]string{
288-
"access_key": "access_key",
289-
"secret_key": "secret_key",
288+
"access": "access",
289+
"secret": "secret",
290290
},
291291
expectedErr: nil,
292292
},
@@ -317,8 +317,8 @@ func TestGenerateKeySecret(t *testing.T) {
317317
key: &linodego.ObjectStorageKey{
318318
ID: 1,
319319
Label: "test-key",
320-
AccessKey: "access_key",
321-
SecretKey: "secret_key",
320+
AccessKey: "access",
321+
SecretKey: "secret",
322322
BucketAccess: &[]linodego.ObjectStorageKeyBucketAccess{
323323
{
324324
BucketName: "bucket",
@@ -364,8 +364,8 @@ func TestGenerateKeySecret(t *testing.T) {
364364
key: &linodego.ObjectStorageKey{
365365
ID: 1,
366366
Label: "test-key",
367-
AccessKey: "access_key",
368-
SecretKey: "secret_key",
367+
AccessKey: "access",
368+
SecretKey: "secret",
369369
BucketAccess: &[]linodego.ObjectStorageKeyBucketAccess{
370370
{
371371
BucketName: "bucket",
@@ -389,7 +389,7 @@ func TestGenerateKeySecret(t *testing.T) {
389389
}, nil)
390390
},
391391
expectedData: map[string]string{
392-
"key": "access_key,secret_key,hostname",
392+
"key": "access,secret,hostname",
393393
},
394394
expectedErr: nil,
395395
},
@@ -421,8 +421,8 @@ func TestGenerateKeySecret(t *testing.T) {
421421
key: &linodego.ObjectStorageKey{
422422
ID: 1,
423423
Label: "test-key",
424-
AccessKey: "access_key",
425-
SecretKey: "secret_key",
424+
AccessKey: "access",
425+
SecretKey: "secret",
426426
BucketAccess: &[]linodego.ObjectStorageKeyBucketAccess{
427427
{
428428
BucketName: "bucket",
@@ -457,8 +457,8 @@ func TestGenerateKeySecret(t *testing.T) {
457457
key: &linodego.ObjectStorageKey{
458458
ID: 1,
459459
Label: "test-key",
460-
AccessKey: "access_key",
461-
SecretKey: "secret_key",
460+
AccessKey: "access",
461+
SecretKey: "secret",
462462
BucketAccess: &[]linodego.ObjectStorageKeyBucketAccess{
463463
{
464464
BucketName: "bucket",
@@ -496,8 +496,8 @@ func TestGenerateKeySecret(t *testing.T) {
496496
key: &linodego.ObjectStorageKey{
497497
ID: 1,
498498
Label: "test-key",
499-
AccessKey: "access_key",
500-
SecretKey: "secret_key",
499+
AccessKey: "access",
500+
SecretKey: "secret",
501501
BucketAccess: &[]linodego.ObjectStorageKeyBucketAccess{
502502
{
503503
BucketName: "bucket",

cloud/services/object_storage_objects_test.go

+44-44
Original file line numberDiff line numberDiff line change
@@ -80,10 +80,10 @@ func TestCreateObject(t *testing.T) {
8080
Call("empty bucket name", func(ctx context.Context, mck Mock) {
8181
mck.K8sClient.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx context.Context, key client.ObjectKey, obj *corev1.Secret, opts ...client.GetOption) error {
8282
secret := corev1.Secret{Data: map[string][]byte{
83-
"bucket_name": nil,
84-
"s3_endpoint": []byte("fake"),
85-
"access_key": []byte("fake"),
86-
"secret_key": []byte("fake"),
83+
"bucket": nil,
84+
"endpoint": []byte("fake"),
85+
"access": []byte("fake"),
86+
"secret": []byte("fake"),
8787
}}
8888
*obj = secret
8989
return nil
@@ -108,10 +108,10 @@ func TestCreateObject(t *testing.T) {
108108
Call("fail to put object", func(ctx context.Context, mck Mock) {
109109
mck.K8sClient.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx context.Context, key client.ObjectKey, obj *corev1.Secret, opts ...client.GetOption) error {
110110
secret := corev1.Secret{Data: map[string][]byte{
111-
"bucket_name": []byte("fake"),
112-
"s3_endpoint": []byte("fake"),
113-
"access_key": []byte("fake"),
114-
"secret_key": []byte("fake"),
111+
"bucket": []byte("fake"),
112+
"endpoint": []byte("fake"),
113+
"access": []byte("fake"),
114+
"secret": []byte("fake"),
115115
}}
116116
*obj = secret
117117
return nil
@@ -137,10 +137,10 @@ func TestCreateObject(t *testing.T) {
137137
Call("fail to generate presigned url", func(ctx context.Context, mck Mock) {
138138
mck.K8sClient.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx context.Context, key client.ObjectKey, obj *corev1.Secret, opts ...client.GetOption) error {
139139
secret := corev1.Secret{Data: map[string][]byte{
140-
"bucket_name": []byte("fake"),
141-
"s3_endpoint": []byte("fake"),
142-
"access_key": []byte("fake"),
143-
"secret_key": []byte("fake"),
140+
"bucket": []byte("fake"),
141+
"endpoint": []byte("fake"),
142+
"access": []byte("fake"),
143+
"secret": []byte("fake"),
144144
}}
145145
*obj = secret
146146
return nil
@@ -167,10 +167,10 @@ func TestCreateObject(t *testing.T) {
167167
Call("create object", func(ctx context.Context, mck Mock) {
168168
mck.K8sClient.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx context.Context, key client.ObjectKey, obj *corev1.Secret, opts ...client.GetOption) error {
169169
secret := corev1.Secret{Data: map[string][]byte{
170-
"bucket_name": []byte("fake"),
171-
"s3_endpoint": []byte("fake"),
172-
"access_key": []byte("fake"),
173-
"secret_key": []byte("fake"),
170+
"bucket": []byte("fake"),
171+
"endpoint": []byte("fake"),
172+
"access": []byte("fake"),
173+
"secret": []byte("fake"),
174174
}}
175175
*obj = secret
176176
return nil
@@ -256,10 +256,10 @@ func TestDeleteObject(t *testing.T) {
256256
Call("empty bucket name", func(ctx context.Context, mck Mock) {
257257
mck.K8sClient.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx context.Context, key client.ObjectKey, obj *corev1.Secret, opts ...client.GetOption) error {
258258
secret := corev1.Secret{Data: map[string][]byte{
259-
"bucket_name": nil,
260-
"s3_endpoint": []byte("fake"),
261-
"access_key": []byte("fake"),
262-
"secret_key": []byte("fake"),
259+
"bucket": nil,
260+
"endpoint": []byte("fake"),
261+
"access": []byte("fake"),
262+
"secret": []byte("fake"),
263263
}}
264264
*obj = secret
265265
return nil
@@ -284,10 +284,10 @@ func TestDeleteObject(t *testing.T) {
284284
Call("fail to head object", func(ctx context.Context, mck Mock) {
285285
mck.K8sClient.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx context.Context, key client.ObjectKey, obj *corev1.Secret, opts ...client.GetOption) error {
286286
secret := corev1.Secret{Data: map[string][]byte{
287-
"bucket_name": []byte("fake"),
288-
"s3_endpoint": []byte("fake"),
289-
"access_key": []byte("fake"),
290-
"secret_key": []byte("fake"),
287+
"bucket": []byte("fake"),
288+
"endpoint": []byte("fake"),
289+
"access": []byte("fake"),
290+
"secret": []byte("fake"),
291291
}}
292292
*obj = secret
293293
return nil
@@ -313,10 +313,10 @@ func TestDeleteObject(t *testing.T) {
313313
Call("fail to delete object", func(ctx context.Context, mck Mock) {
314314
mck.K8sClient.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx context.Context, key client.ObjectKey, obj *corev1.Secret, opts ...client.GetOption) error {
315315
secret := corev1.Secret{Data: map[string][]byte{
316-
"bucket_name": []byte("fake"),
317-
"s3_endpoint": []byte("fake"),
318-
"access_key": []byte("fake"),
319-
"secret_key": []byte("fake"),
316+
"bucket": []byte("fake"),
317+
"endpoint": []byte("fake"),
318+
"access": []byte("fake"),
319+
"secret": []byte("fake"),
320320
}}
321321
*obj = secret
322322
return nil
@@ -344,10 +344,10 @@ func TestDeleteObject(t *testing.T) {
344344
Path(Call("delete object (no such key)", func(ctx context.Context, mck Mock) {
345345
mck.K8sClient.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx context.Context, key client.ObjectKey, obj *corev1.Secret, opts ...client.GetOption) error {
346346
secret := corev1.Secret{Data: map[string][]byte{
347-
"bucket_name": []byte("fake"),
348-
"s3_endpoint": []byte("fake"),
349-
"access_key": []byte("fake"),
350-
"secret_key": []byte("fake"),
347+
"bucket": []byte("fake"),
348+
"endpoint": []byte("fake"),
349+
"access": []byte("fake"),
350+
"secret": []byte("fake"),
351351
}}
352352
*obj = secret
353353
return nil
@@ -357,10 +357,10 @@ func TestDeleteObject(t *testing.T) {
357357
Path(Call("delete object (no such bucket)", func(ctx context.Context, mck Mock) {
358358
mck.K8sClient.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx context.Context, key client.ObjectKey, obj *corev1.Secret, opts ...client.GetOption) error {
359359
secret := corev1.Secret{Data: map[string][]byte{
360-
"bucket_name": []byte("fake"),
361-
"s3_endpoint": []byte("fake"),
362-
"access_key": []byte("fake"),
363-
"secret_key": []byte("fake"),
360+
"bucket": []byte("fake"),
361+
"endpoint": []byte("fake"),
362+
"access": []byte("fake"),
363+
"secret": []byte("fake"),
364364
}}
365365
*obj = secret
366366
return nil
@@ -370,10 +370,10 @@ func TestDeleteObject(t *testing.T) {
370370
Path(Call("delete object (not found)", func(ctx context.Context, mck Mock) {
371371
mck.K8sClient.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx context.Context, key client.ObjectKey, obj *corev1.Secret, opts ...client.GetOption) error {
372372
secret := corev1.Secret{Data: map[string][]byte{
373-
"bucket_name": []byte("fake"),
374-
"s3_endpoint": []byte("fake"),
375-
"access_key": []byte("fake"),
376-
"secret_key": []byte("fake"),
373+
"bucket": []byte("fake"),
374+
"endpoint": []byte("fake"),
375+
"access": []byte("fake"),
376+
"secret": []byte("fake"),
377377
}}
378378
*obj = secret
379379
return nil
@@ -383,10 +383,10 @@ func TestDeleteObject(t *testing.T) {
383383
Path(Call("delete object", func(ctx context.Context, mck Mock) {
384384
mck.K8sClient.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(ctx context.Context, key client.ObjectKey, obj *corev1.Secret, opts ...client.GetOption) error {
385385
secret := corev1.Secret{Data: map[string][]byte{
386-
"bucket_name": []byte("fake"),
387-
"s3_endpoint": []byte("fake"),
388-
"access_key": []byte("fake"),
389-
"secret_key": []byte("fake"),
386+
"bucket": []byte("fake"),
387+
"endpoint": []byte("fake"),
388+
"access": []byte("fake"),
389+
"secret": []byte("fake"),
390390
}}
391391
*obj = secret
392392
return nil

docs/src/topics/backups.md

+2-2
Original file line numberDiff line numberDiff line change
@@ -104,8 +104,8 @@ metadata:
104104
controller: true
105105
uid: <unique-uid>
106106
data:
107-
access_key: <base64-encoded-access-key>
108-
secret_key: <base64-encoded-secret-key>
107+
access: <base64-encoded-access-key>
108+
secret: <base64-encoded-secret-key>
109109
```
110110

111111
The secret is owned and managed by CAPL during the life of the `LinodeObjectStorageBucket`.

docs/src/topics/cluster-object-store.md

+8-8
Original file line numberDiff line numberDiff line change
@@ -29,12 +29,12 @@ kind: Secret
2929
metadata:
3030
name: ${CLUSTER_NAME}-object-store-credentials
3131
data:
32-
bucket_name: ${BUCKET_NAME}
32+
bucket: ${BUCKET_NAME}
3333
# Service endpoint
3434
# See: https://docs.aws.amazon.com/general/latest/gr/s3.html
35-
s3_endpoint: ${S3_ENDPOINT}
36-
access_key: ${ACCESS_KEY}
37-
secret_key: ${SECRET_KEY}
35+
endpoint: ${S3_ENDPOINT}
36+
access: ${ACCESS_KEY}
37+
secret: ${SECRET_KEY}
3838
```
3939
4040
Alternatively, the `LinodeObjectStorageBucket` and `LinodeObjectStorageKey` resources can be used:
@@ -86,10 +86,10 @@ spec:
8686
generatedSecret:
8787
type: Opaque
8888
format:
89-
bucket_name: '{{ .BucketName }}'
90-
s3_endpoint: '{{ .S3Endpoint }}'
91-
access_key: '{{ .AccessKey }}'
92-
secret_key: '{{ .SecretKey }}'
89+
bucket: '{{ .BucketName }}'
90+
endpoint: '{{ .S3Endpoint }}'
91+
access: '{{ .AccessKey }}'
92+
secret: '{{ .SecretKey }}'
9393
```
9494

9595
## Capabilities

e2e/capl-cluster-flavors/kubeadm-full-capl-cluster/chainsaw-test.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -376,8 +376,8 @@ spec:
376376
set -e
377377
378378
# Getting the keys from the CAPL cluster
379-
access_key=$(KUBECONFIG=$CAPL_KUBECONFIG kubectl get secret $SECRET_NAME -n kube-system -o=jsonpath='{.data.access_key}' | base64 -d)
380-
secret_key=$(KUBECONFIG=$CAPL_KUBECONFIG kubectl get secret $SECRET_NAME -n kube-system -o=jsonpath='{.data.secret_key}' | base64 -d)
379+
access_key=$(KUBECONFIG=$CAPL_KUBECONFIG kubectl get secret $SECRET_NAME -n kube-system -o=jsonpath='{.data.access}' | base64 -d)
380+
secret_key=$(KUBECONFIG=$CAPL_KUBECONFIG kubectl get secret $SECRET_NAME -n kube-system -o=jsonpath='{.data.secret}' | base64 -d)
381381
382382
#Storing the keys into a config file
383383
cat <<EOL > .s5cfg

e2e/linodemachine-controller/cluster-object-store/assert-key-and-secret.yaml

+4-4
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ kind: Secret
1414
metadata:
1515
name: ($key_secret)
1616
data:
17-
(bucket_name != null): true
18-
(s3_endpoint != null): true
19-
(access_key != null): true
20-
(secret_key != null): true
17+
(bucket != null): true
18+
(endpoint != null): true
19+
(access != null): true
20+
(secret != null): true

e2e/linodemachine-controller/cluster-object-store/create-linodeobjectstoragekey.yaml

+5-4
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
12
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
23
kind: LinodeObjectStorageKey
34
metadata:
@@ -10,7 +11,7 @@ spec:
1011
generatedSecret:
1112
name: ($key_secret)
1213
format:
13-
bucket_name: '{{ .BucketName }}'
14-
s3_endpoint: '{{ .S3Endpoint }}'
15-
access_key: '{{ .AccessKey }}'
16-
secret_key: '{{ .SecretKey }}'
14+
bucket: '{{ .BucketName }}'
15+
endpoint: '{{ .S3Endpoint }}'
16+
access: '{{ .AccessKey }}'
17+
secret: '{{ .SecretKey }}'

0 commit comments

Comments
 (0)