feat(storage): prepare custom resource for storage API

2025-01-21 21:54:53 +01:00 · 2025-01-21 21:54:53 +01:00 · b55afea477
commit b55afea477
parent d02e2d4653
34 changed files with 1110 additions and 369 deletions
--- a/internal/controller/core_db_controller.go
+++ b/internal/controller/core_db_controller.go
@ -38,6 +38,7 @@ import (
 	"code.icb4dc0.de/prskr/supabase-operator/internal/db"
 	"code.icb4dc0.de/prskr/supabase-operator/internal/errx"
 	"code.icb4dc0.de/prskr/supabase-operator/internal/meta"
+	"code.icb4dc0.de/prskr/supabase-operator/internal/pw"
 	"code.icb4dc0.de/prskr/supabase-operator/internal/supabase"
 )

@ -161,11 +162,11 @@ func (r *CoreDbReconciler) ensureDbRolesSecrets(
 	)

 	roles := map[string]supabase.DBRole{
-		dbSpec.Roles.Secrets.Authenticator.Name:  supabase.DBRoleAuthenticator,
-		dbSpec.Roles.Secrets.AuthAdmin.Name:      supabase.DBRoleAuthAdmin,
-		dbSpec.Roles.Secrets.FunctionsAdmin.Name: supabase.DBRoleFunctionsAdmin,
-		dbSpec.Roles.Secrets.StorageAdmin.Name:   supabase.DBRoleStorageAdmin,
-		dbSpec.Roles.Secrets.Admin.Name:          supabase.DBRoleSupabaseAdmin,
+		dbSpec.Roles.Secrets.Authenticator:  supabase.DBRoleAuthenticator,
+		dbSpec.Roles.Secrets.AuthAdmin:      supabase.DBRoleAuthAdmin,
+		dbSpec.Roles.Secrets.FunctionsAdmin: supabase.DBRoleFunctionsAdmin,
+		dbSpec.Roles.Secrets.StorageAdmin:   supabase.DBRoleStorageAdmin,
+		dbSpec.Roles.Secrets.Admin:          supabase.DBRoleSupabaseAdmin,
 	}

 	if core.Status.Database.Roles == nil {
@ -210,7 +211,7 @@ func (r *CoreDbReconciler) ensureDbRolesSecrets(
 				if role.String() == dsnUser {
 					credentialsSecret.Data[corev1.BasicAuthPasswordKey] = []byte(dsnPW)
 				} else {
-					credentialsSecret.Data[corev1.BasicAuthPasswordKey] = GeneratePW(24, nil)
+					credentialsSecret.Data[corev1.BasicAuthPasswordKey] = pw.GeneratePW(24, nil)
 				}

 				secretLogger.Info("Update database role to match secret credentials")
--- a/internal/controller/core_gotrue_controller.go
+++ b/internal/controller/core_gotrue_controller.go
@ -115,7 +115,7 @@ func (r *CoreAuthReconciler) reconcileAuthDeployment(
 				ValueFrom: &corev1.EnvVarSource{
 					SecretKeyRef: &corev1.SecretKeySelector{
 						LocalObjectReference: corev1.LocalObjectReference{
-							Name: core.Spec.Database.Roles.Secrets.AuthAdmin.Name,
+							Name: core.Spec.Database.Roles.Secrets.AuthAdmin,
 						},
 						Key: corev1.BasicAuthPasswordKey,
 					},
--- a/internal/controller/core_jwt_controller.go
+++ b/internal/controller/core_jwt_controller.go
@ -57,7 +57,7 @@ func (r *CoreJwtReconciler) Reconcile(ctx context.Context, req ctrl.Request) (re
 	}

 	jwtSecret := &corev1.Secret{
-		ObjectMeta: metav1.ObjectMeta{Name: core.Spec.JWT.SecretRef.Name, Namespace: core.Namespace},
+		ObjectMeta: metav1.ObjectMeta{Name: core.Spec.JWT.SecretName, Namespace: core.Namespace},
 	}

 	_, err = controllerutil.CreateOrUpdate(ctx, r.Client, jwtSecret, func() error {
--- a/internal/controller/core_postgrest_controller.go
+++ b/internal/controller/core_postgrest_controller.go
@ -129,7 +129,7 @@ func (r *CorePostgrestReconiler) reconilePostgrestDeployment(
 				ValueFrom: &corev1.EnvVarSource{
 					SecretKeyRef: &corev1.SecretKeySelector{
 						LocalObjectReference: corev1.LocalObjectReference{
-							Name: core.Spec.Database.Roles.Secrets.Authenticator.Name,
+							Name: core.Spec.Database.Roles.Secrets.Authenticator,
 						},
 						Key: corev1.BasicAuthPasswordKey,
 					},
--- a/internal/controller/dashboard_pg-meta_controller.go
+++ b/internal/controller/dashboard_pg-meta_controller.go
@ -90,7 +90,7 @@ func (r *DashboardPGMetaReconciler) reconcilePGMetaDeployment(

 	dsnSecret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      dashboard.Spec.DBSpec.DBCredentialsRef.Name,
+			Name:      dashboard.Spec.DBSpec.DBCredentialsRef.SecretName,
 			Namespace: dashboard.Namespace,
 		},
 	}
--- a/internal/controller/permissions.go
+++ b/internal/controller/permissions.go
@ -25,6 +25,9 @@ package controller
 // +kubebuilder:rbac:groups=supabase.k8s.icb4dc0.de,resources=dashboards,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=supabase.k8s.icb4dc0.de,resources=dashboards/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=supabase.k8s.icb4dc0.de,resources=dashboards/finalizers,verbs=update
+// +kubebuilder:rbac:groups=supabase.k8s.icb4dc0.de,resources=storages,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=supabase.k8s.icb4dc0.de,resources=storages/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=supabase.k8s.icb4dc0.de,resources=storages/finalizers,verbs=update
 // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=secrets;configmaps;services,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=events,verbs=create
--- a/internal/controller/pwgen.go
+++ b/internal/controller/pwgen.go
@ -1,49 +0,0 @@
-/*
-Copyright 2025 Peter Kurfer.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package controller
-
-import (
-	"bytes"
-	"math/rand/v2"
-)
-
-func GeneratePW(length uint, random *rand.Rand) []byte {
-	var (
-		builder  = bytes.NewBuffer(nil)
-		alphabet = runes('a', 'z') + runes('A', 'Z') + runes('0', '9')
-	)
-
-	if random == nil {
-		random = rand.New(rand.NewPCG(0, 0))
-	}
-
-	for range length {
-		builder.WriteRune(rune(alphabet[random.IntN(len(alphabet))]))
-	}
-
-	return builder.Bytes()
-}
-
-func runes(start, end rune) string {
-	result := make([]rune, 0, int(end-start))
-
-	for current := start; current != end; current++ {
-		result = append(result, current)
-	}
-
-	return string(result)
-}
--- a/internal/controller/storage_controller.go
+++ b/internal/controller/storage_controller.go
@ -33,16 +33,8 @@ type StorageReconciler struct {
 	Scheme *runtime.Scheme
 }

-// +kubebuilder:rbac:groups=supabase.k8s.icb4dc0.de,resources=storages,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=supabase.k8s.icb4dc0.de,resources=storages/status,verbs=get;update;patch
-// +kubebuilder:rbac:groups=supabase.k8s.icb4dc0.de,resources=storages/finalizers,verbs=update
-
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
-// TODO(user): Modify the Reconcile function to compare the state specified by
-// the Storage object against the actual cluster state, and then
-// perform operations to make the cluster state reflect the state specified by
-// the user.
 //
 // For more details, check Reconcile and its Result here:
 // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.4/pkg/reconcile