use created and policy in the bucket status (#18)

snapp-incubator · Nov 6, 2023 · 8226785 · 8226785
1 parent d599a76
commit 8226785
Show file tree

Hide file tree

Showing 9 changed files with 25 additions and 43 deletions.
diff --git a/api/v1alpha1/s3bucket_types.go b/api/v1alpha1/s3bucket_types.go
@@ -38,13 +38,13 @@ type S3BucketSpec struct {
 type S3BucketStatus struct {
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:default=false
-	Ready bool `json:"ready,omitempty"`
+	Created bool `json:"created,omitempty"`
 
 	// +kubebuilder:validation:Optional
 	Reason string `json:"reason,omitempty"`
 
 	// +kubebuilder:validation:Optional
-	S3SubuserBinding []SubuserBinding `json:"s3SubuserBinding,omitempty"`
+	Policy string `json:"policy,omitempty"`
 }
 
 //+kubebuilder:object:root=true

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/s3.snappcloud.io_s3buckets.yaml b/config/crd/bases/s3.snappcloud.io_s3buckets.yaml
@@ -72,28 +72,13 @@ spec:
           status:
             description: S3BucketStatus defines the observed state of S3Bucket
             properties:
-              ready:
+              created:
                 default: false
                 type: boolean
+              policy:
+                type: string
               reason:
                 type: string
-              s3SubuserBinding:
-                items:
-                  properties:
-                    access:
-                      default: read
-                      description: access of the subuser which can be read or write
-                      enum:
-                      - read
-                      - write
-                      type: string
-                    name:
-                      description: name of the subuser
-                      type: string
-                  required:
-                  - name
-                  type: object
-                type: array
             type: object
         type: object
     served: true

diff --git a/internal/controllers/s3bucket/cleaner.go b/internal/controllers/s3bucket/cleaner.go
@@ -45,7 +45,7 @@ func (r *Reconciler) removeOrRetainBucket(ctx context.Context) (*ctrl.Result, er
 		}
 		r.logger.Error(err, "failed to remove the bucket")
 		// update bucket status with failure reason; e.g. Bucket is not empty
-		r.updateBucketStatus(ctx, false, err.Error())
+		r.updateBucketStatus(ctx, true, err.Error(), "unknown")
 		return subreconciler.Requeue()
 	}
 	return subreconciler.ContinueReconciling()

diff --git a/internal/controllers/s3bucket/handler.go b/internal/controllers/s3bucket/handler.go
@@ -38,6 +38,7 @@ type Reconciler struct {
 	cephTenant       string
 	cephUserFullId   string
 	subuserAccessMap map[string]string
+	bucketPolicy     string
 }
 
 func NewReconciler(mgr manager.Manager, cfg *config.Config) *Reconciler {

diff --git a/internal/controllers/s3bucket/provisioner.go b/internal/controllers/s3bucket/provisioner.go
@@ -43,25 +43,26 @@ func (r *Reconciler) ensureBucket(ctx context.Context) (*ctrl.Result, error) {
 }
 
 func (r *Reconciler) ensureBucketPolicy(ctx context.Context) (*ctrl.Result, error) {
-	err := r.s3Agent.SetBucketPolicy(r.subuserAccessMap,
+	var err error
+	r.bucketPolicy, err = r.s3Agent.SetBucketPolicy(r.subuserAccessMap,
 		r.cephTenant, r.s3UserRef, r.s3BucketName)
 	if err != nil {
 		r.logger.Error(err, "failed to set the bucket policy")
-		r.updateBucketStatus(ctx, false, err.Error())
+		r.updateBucketStatus(ctx, true, err.Error(), r.bucketPolicy)
 		return subreconciler.Requeue()
 	}
 	return subreconciler.ContinueReconciling()
 }
 
 func (r *Reconciler) updateBucketStatusSuccess(ctx context.Context) (*ctrl.Result, error) {
-	return r.updateBucketStatus(ctx, true, "")
+	return r.updateBucketStatus(ctx, true, "", r.bucketPolicy)
 }
 func (r *Reconciler) updateBucketStatus(ctx context.Context,
-	ready bool, reason string) (*ctrl.Result, error) {
+	created bool, reason string, policy string) (*ctrl.Result, error) {
 	status := s3v1alpha1.S3BucketStatus{
-		Ready:            ready,
-		Reason:           reason,
-		S3SubuserBinding: r.s3Bucket.Spec.S3SubuserBinding,
+		Created: created,
+		Reason:  reason,
+		Policy:  policy,
 	}
 
 	if !apiequality.Semantic.DeepEqual(r.s3Bucket.Status, status) {

diff --git a/internal/s3_agent/s3_agent.go b/internal/s3_agent/s3_agent.go
@@ -79,7 +79,7 @@ func (s *S3Agent) DeleteBucket(name string) error {
 }
 
 func (s *S3Agent) SetBucketPolicy(subuserAccessMap map[string]string, tenant string,
-	owner string, bucket string) error {
+	owner string, bucket string) (string, error) {
 	// The map of access levels to the AWS IAM names slice
 	accessAWSIAMMap := make(map[string][]string)
 	policy := map[string]interface{}{
@@ -113,7 +113,7 @@ func (s *S3Agent) SetBucketPolicy(subuserAccessMap map[string]string, tenant str
 		if actions, exists := bucketAccessAction[access]; exists {
 			statement["Action"] = actions
 		} else {
-			return fmt.Errorf("the access %s doesn't exists", access)
+			return "", fmt.Errorf("the access %s doesn't exists", access)
 		}
 		// Append the statement
 		statementSlice = append(statementSlice, statement)
@@ -124,13 +124,13 @@ func (s *S3Agent) SetBucketPolicy(subuserAccessMap map[string]string, tenant str
 	policyInput := s3.PutBucketPolicyInput{Bucket: aws.String(bucket),
 		Policy: aws.String(string(policyMarshal))}
 	if err != nil {
-		return err
+		return "", err
 	}
 	_, err = s.Client.PutBucketPolicy(&policyInput)
 	if err != nil {
-		return err
+		return "", err
 	}
-	return nil
+	return string(policyMarshal), nil
 }
 
 func generateBucketAccessAction() map[string][]string {

diff --git a/testing/e2e/03-assert.yaml b/testing/e2e/03-assert.yaml
@@ -5,7 +5,7 @@ metadata:
   name: s3bucket-sample-delete
   namespace: s3-test
 status:
-  ready: true
+  created: true
 
 ---
 # Check CR of the retain mode
@@ -15,7 +15,7 @@ metadata:
   name: s3bucket-sample-retain
   namespace: s3-test
 status:
-  ready: true
+  created: true
 
 ---
 
@@ -46,4 +46,4 @@ metadata:
   name: s3bucket-extra-delete
   namespace: s3-test
 status:
-  ready: true
+  created: true
diff --git a/testing/e2e/s3bucket-ok.yaml b/testing/e2e/s3bucket-ok.yaml
@@ -7,4 +7,4 @@ metadata:
 spec:
   s3UserRef: s3userclaim-sample
 status:
-  ready: true
+  created: true