object

package
v0.0.0-...-331d270 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2024 License: Apache-2.0 Imports: 69 Imported by: 0

Documentation

Overview

Package object for the Ceph object store.

Index

Constants

View Source 
const (
	ServiceServingCertCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
	HttpTimeOut              = time.Second * 15
)
View Source 
const (

	// AppName is the name Rook uses for the object store's application
	AppName = "rook-ceph-rgw"

	AccessKeyName = "access-key"
	SecretKeyName = "secret-key"
)
View Source 
const (
	All                            action = "s3:*"
	AbortMultipartUpload           action = "s3:AbortMultipartUpload"
	CreateBucket                   action = "s3:CreateBucket"
	DeleteBucketPolicy             action = "s3:DeleteBucketPolicy"
	DeleteBucket                   action = "s3:DeleteBucket"
	DeleteBucketWebsite            action = "s3:DeleteBucketWebsite"
	DeleteObject                   action = "s3:DeleteObject"
	DeleteObjectVersion            action = "s3:DeleteObjectVersion"
	DeleteReplicationConfiguration action = "s3:DeleteReplicationConfiguration"
	GetAccelerateConfiguration     action = "s3:GetAccelerateConfiguration"
	GetBucketAcl                   action = "s3:GetBucketAcl"
	GetBucketCORS                  action = "s3:GetBucketCORS"
	GetBucketLocation              action = "s3:GetBucketLocation"
	GetBucketLogging               action = "s3:GetBucketLogging"
	GetBucketNotification          action = "s3:GetBucketNotification"
	GetBucketPolicy                action = "s3:GetBucketPolicy"
	GetBucketRequestPayment        action = "s3:GetBucketRequestPayment"
	GetBucketTagging               action = "s3:GetBucketTagging"
	GetBucketVersioning            action = "s3:GetBucketVersioning"
	GetBucketWebsite               action = "s3:GetBucketWebsite"
	GetLifecycleConfiguration      action = "s3:GetLifecycleConfiguration"
	GetObjectAcl                   action = "s3:GetObjectAcl"
	GetObject                      action = "s3:GetObject"
	GetObjectTorrent               action = "s3:GetObjectTorrent"
	GetObjectVersionAcl            action = "s3:GetObjectVersionAcl"
	GetObjectVersion               action = "s3:GetObjectVersion"
	GetObjectVersionTorrent        action = "s3:GetObjectVersionTorrent"
	GetReplicationConfiguration    action = "s3:GetReplicationConfiguration"
	ListAllMyBuckets               action = "s3:ListAllMyBuckets"
	ListBucketMultiPartUploads     action = "s3:ListBucketMultiPartUploads"
	ListBucket                     action = "s3:ListBucket"
	ListBucketVersions             action = "s3:ListBucketVersions"
	ListMultipartUploadParts       action = "s3:ListMultipartUploadParts"
	PutAccelerateConfiguration     action = "s3:PutAccelerateConfiguration"
	PutBucketAcl                   action = "s3:PutBucketAcl"
	PutBucketCORS                  action = "s3:PutBucketCORS"
	PutBucketLogging               action = "s3:PutBucketLogging"
	PutBucketNotification          action = "s3:PutBucketNotification"
	PutBucketPolicy                action = "s3:PutBucketPolicy"
	PutBucketRequestPayment        action = "s3:PutBucketRequestPayment"
	PutBucketTagging               action = "s3:PutBucketTagging"
	PutBucketVersioning            action = "s3:PutBucketVersioning"
	PutBucketWebsite               action = "s3:PutBucketWebsite"
	PutLifecycleConfiguration      action = "s3:PutLifecycleConfiguration"
	PutObjectAcl                   action = "s3:PutObjectAcl"
	PutObject                      action = "s3:PutObject"
	PutObjectVersionAcl            action = "s3:PutObjectVersionAcl"
	PutReplicationConfiguration    action = "s3:PutReplicationConfiguration"
	RestoreObject                  action = "s3:RestoreObject"
)
View Source 
const (
	StartupProbeType   ProbeType = "startup"
	ReadinessProbeType ProbeType = "readiness"

	HTTPProtocol  ProtocolType = "HTTP"
	HTTPSProtocol ProtocolType = "HTTPS"
)
View Source 
const (
	RGWErrorNone = iota
	RGWErrorUnknown
	RGWErrorNotFound
	RGWErrorBadData
	RGWErrorParse
	ErrorCodeFileExists = 17
)
View Source 
const CephRegion = "us-east-1"

Region for aws golang sdk

View Source 
const (

	// DisableOBCEnvVar environment variable, if set to "true", will skip watching Object Bucket and Notification resources.
	// This variable can be added to container spec of the `rook-ceph-operator` deployment.
	DisableOBCEnvVar = "ROOK_DISABLE_OBJECT_BUCKET_CLAIM"
)
View Source 
const (
	// RGWAdminOpsUserSecretName is the secret name of the admin ops user
	//nolint:gosec // since this is not leaking any hardcoded credentials, it's just the secret name
	RGWAdminOpsUserSecretName = "rgw-admin-ops-user"
)

Variables

View Source 
var AllowedActions = []action{
	DeleteObject,
	DeleteObjectVersion,
	GetBucketAcl,
	GetBucketCORS,
	GetBucketLocation,
	GetBucketLogging,
	GetBucketNotification,
	GetBucketTagging,
	GetBucketVersioning,
	GetBucketWebsite,
	GetObject,
	GetObjectAcl,
	GetObjectTorrent,
	GetObjectVersion,
	GetObjectVersionAcl,
	GetObjectVersionTorrent,
	ListAllMyBuckets,
	ListBucket,
	ListBucketMultiPartUploads,
	ListBucketVersions,
	ListMultipartUploadParts,
	PutBucketTagging,
	PutBucketVersioning,
	PutBucketWebsite,
	PutBucketVersioning,
	PutLifecycleConfiguration,
	PutObject,
	PutObjectAcl,
	PutObjectVersionAcl,
	PutReplicationConfiguration,
	RestoreObject,
}

AllowedActions is a lenient default list of actions

View Source 
var (

	// An user with system privileges for dashboard service
	DashboardUser = "dashboard-admin"
)

Functions

func Add 

func Add(mgr manager.Manager, context *clusterd.Context, opManagerContext context.Context, opConfig opcontroller.OperatorConfig) error

Add creates a new cephObjectStore Controller and adds it to the Manager. The Manager will set fields on the Controller and Start it when the Manager is Started.

func BuildDNSEndpoint 

func BuildDNSEndpoint(domainName string, port int32, secure bool) string

BuildDNSEndpoint build the dns name to reach out the service endpoint

func BuildTransportTLS 

func BuildTransportTLS(tlsCert []byte, insecure bool) *http.Transport

func CephObjectStoreDependents 

func CephObjectStoreDependents(
	clusterdCtx *clusterd.Context,
	clusterInfo *client.ClusterInfo,
	store *v1.CephObjectStore,
	objCtx *Context,
	opsCtx *AdminOpsContext,
) (*dependents.DependentList, error)

CephObjectStoreDependents returns the buckets which exist in the object store that should block deletion. TODO: need unit tests for this - need to be able to fake the admin ops API (nontrivial)

func CheckIfZonePresentInZoneGroup 

func CheckIfZonePresentInZoneGroup(objContext *Context) (bool, error)

func CheckZoneIsMaster 

func CheckZoneIsMaster(objContext *Context) (bool, error)

func CommitConfigChanges 

func CommitConfigChanges(c *Context) error

CommitConfigChanges commits changes to RGW configs for realm/zonegroup/zone changes idempotently. Under the hood, this updates the RGW config period and commits the change if changes are detected.

func ConfigurePools 

func ConfigurePools(context *Context, cluster *cephv1.ClusterSpec, metadataPool, dataPool cephv1.PoolSpec, sharedPools cephv1.ObjectSharedPoolsSpec) error

func ConfigureSharedPoolsForZone 

func ConfigureSharedPoolsForZone(objContext *Context, sharedPools cephv1.ObjectSharedPoolsSpec) error

func DecodeSecret 

func DecodeSecret(secret *v1.Secret, keyName string) (string, error)

func DecodeZoneGroupConfig 

func DecodeZoneGroupConfig(data string) (zoneGroupType, error)

func DeletePools 

func DeletePools(ctx *Context, lastStore bool, poolPrefix string) error

func DeleteUser 

func DeleteUser(c *Context, id string, opts ...string) (string, error)

DeleteUser deletes the user with the given ID. Even though we should be using the Admin Ops API, we keep this on purpose until the entire migration is completed Used for the dashboard user

func EmptyPool 

func EmptyPool(pool cephv1.PoolSpec) bool

func GenerateCephUserSecretName 

func GenerateCephUserSecretName(store, username string) string

func GetAdminOPSUserCredentials 

func GetAdminOPSUserCredentials(objContext *Context, spec *cephv1.ObjectStoreSpec) (string, string, error)

func GetBucketsStats 

func GetBucketsStats(c *Context) (map[string]ObjectBucketStats, error)

func GetDomainName 

func GetDomainName(s *cephv1.CephObjectStore) string

GetDomainName build the dns name to reach out the service endpoint

func GetHostnameFromEndpoint 

func GetHostnameFromEndpoint(endpoint string) (string, error)

func GetObjectBucketProvisioner 

func GetObjectBucketProvisioner(data map[string]string, namespace string) (string, error)

GetObjectBucketProvisioner returns the bucket provisioner name appended with operator namespace if OBC is watching on it

func GetRealmKeyArgs 

func GetRealmKeyArgs(ctx context.Context, clusterdContext *clusterd.Context, realmName, namespace string) (string, string, error)

func GetRealmKeyArgsFromSecret 

func GetRealmKeyArgsFromSecret(realmSecret *v1.Secret, realmName types.NamespacedName) (string, string, error)

func GetRealmKeySecret 

func GetRealmKeySecret(ctx context.Context, clusterdContext *clusterd.Context, realmName types.NamespacedName) (*v1.Secret, error)

func GetStableDomainName 

func GetStableDomainName(s *cephv1.CephObjectStore) string

func GetTlsCaCert 

func GetTlsCaCert(objContext *Context, objectStoreSpec *cephv1.ObjectStoreSpec) ([]byte, bool, error)

GetTLSCACert fetch cacert for internal RGW requests

func JoinMultisite 

func JoinMultisite(objContext *Context, endpointArg, zoneEndpoints, namespace string) error

func ListUserBuckets 

func ListUserBuckets(c *Context, id string, opts ...string) (string, error)

func NewDebugHTTPClient 

func NewDebugHTTPClient(client admin.HTTPClient, logger *capnslog.PackageLogger) *debugHTTPClient

NewDebugHTTPClient helps us mutating the HTTP client to debug the request/response

func ParseDomainName 

func ParseDomainName(domainName string) (types.NamespacedName, error)

ParseDomainName parse the name and namespace from the dns name

func ReconcileCephUserSecret 

func ReconcileCephUserSecret(ctx context.Context, k8sclient client.Client, scheme *runtime.Scheme, ownerRef metav1.Object, userConfig *admin.User, endpoint, namespace, storeName, tlsSecretName string) (reconcile.Result, error)

func RunAdminCommandNoMultisite 

func RunAdminCommandNoMultisite(c *Context, expectJSON bool, args ...string) (string, error)

RunAdminCommandNoMultisite is for running radosgw-admin commands in scenarios where an object-store has not been created yet or for commands on the realm or zonegroup (ex: radosgw-admin zonegroup get) This function times out after a fixed interval if no response is received. The function will return a Kubernetes error "NotFound" when exec fails when the pod does not exist

func ShouldUpdateZoneEndpointList 

func ShouldUpdateZoneEndpointList(zones []zoneType, desiredEndpointList []string, zoneName string) (bool, error)

ShouldUpdateZoneEndpointList checks whether zone endpoint list need to be updated or not

func UpdateEndpoint 

func UpdateEndpoint(objContext *Context, store *cephv1.CephObjectStore) error

UpdateEndpoint updates an object.Context using the latest info from the CephObjectStore spec

Types

type AdminOpsContext 

type AdminOpsContext struct {
	Context
	TlsCert               []byte
	AdminOpsUserAccessKey string
	AdminOpsUserSecretKey string
	AdminOpsClient        *admin.API
}

AdminOpsContext holds the object store context as well as information for connecting to the admin ops API.

func NewMultisiteAdminOpsContext 

func NewMultisiteAdminOpsContext(
	objContext *Context,
	spec *cephv1.ObjectStoreSpec,
) (*AdminOpsContext, error)

type BucketPolicy 

type BucketPolicy struct {
	// Id (optional) identifies the bucket policy
	Id string `json:"Id"`
	// Version is the version of the BucketPolicy data structure
	// should always be '2012-10-17'
	Version   string            `json:"Version"`
	Statement []PolicyStatement `json:"Statement"`
}

BucketPolicy represents set of policy statements for a single bucket.

func NewBucketPolicy 

func NewBucketPolicy(ps ...PolicyStatement) *BucketPolicy

NewBucketPolicy obviously returns a new BucketPolicy. PolicyStatements may be passed in at creation or added after the fact. BucketPolicies should be passed to PutBucketPolicy().

func (*BucketPolicy) DropPolicyStatements 

func (bp *BucketPolicy) DropPolicyStatements(sid ...string) *BucketPolicy

func (*BucketPolicy) EjectPrincipals 

func (bp *BucketPolicy) EjectPrincipals(users ...string) *BucketPolicy

func (*BucketPolicy) ModifyBucketPolicy 

func (bp *BucketPolicy) ModifyBucketPolicy(ps ...PolicyStatement) *BucketPolicy

ModifyBucketPolicy new and old statement SIDs and overwrites on a match. This allows users to Get, modify, and Replace existing statements as well as add new ones.

type Context 

type Context struct {
	Context *clusterd.Context

	Name      string
	UID       string
	Endpoint  string
	Realm     string
	ZoneGroup string
	Zone      string
	// contains filtered or unexported fields
}

Context holds the context for the object store.

func NewContext 

func NewContext(context *clusterd.Context, clusterInfo *cephclient.ClusterInfo, name string) *Context

NewContext creates a new object store context.

func NewMultisiteContext 

func NewMultisiteContext(context *clusterd.Context, clusterInfo *cephclient.ClusterInfo, store *cephv1.CephObjectStore) (*Context, error)

type MockClient 

type MockClient struct {
	// MockDo is a type that mock the Do method from the HTTP package
	MockDo MockDoType
}

MockClient is the mock of the HTTP Client It can be used to mock HTTP request/response from the rgw admin ops API

func (*MockClient) Do 

func (m *MockClient) Do(req *http.Request) (*http.Response, error)

Do is the mock client's `Do` func

type MockDoType 

type MockDoType func(req *http.Request) (*http.Response, error)

MockDoType is a custom type that allows setting the function that our Mock Do func will run instead

type ObjectBucket 

type ObjectBucket struct {
	Name string `json:"name"`
	ObjectBucketMetadata
	ObjectBucketStats
}

func GetBucket 

func GetBucket(c *Context, bucket string) (*ObjectBucket, int, error)

type ObjectBucketMetadata 

type ObjectBucketMetadata struct {
	Owner     string    `json:"owner"`
	CreatedAt time.Time `json:"createdAt"`
}

type ObjectBucketStats 

type ObjectBucketStats struct {
	Size            uint64 `json:"size"`
	NumberOfObjects uint64 `json:"numberOfObjects"`
}

func GetBucketStats 

func GetBucketStats(c *Context, bucketName string) (*ObjectBucketStats, bool, error)

type ObjectBuckets 

type ObjectBuckets []ObjectBucket

func (ObjectBuckets) Len 

func (slice ObjectBuckets) Len() int

func (ObjectBuckets) Less 

func (slice ObjectBuckets) Less(i, j int) bool

func (ObjectBuckets) Swap 

func (slice ObjectBuckets) Swap(i, j int)

type ObjectUser 

type ObjectUser struct {
	UserID       string              `json:"userId"`
	DisplayName  *string             `json:"displayName"`
	Email        *string             `json:"email"`
	AccessKey    *string             `json:"accessKey"`
	SecretKey    *string             `json:"secretKey"`
	SystemUser   bool                `json:"systemuser"`
	AdminOpsUser bool                `json:"adminopsuser"`
	MaxBuckets   int                 `json:"max_buckets"`
	UserQuota    admin.QuotaSpec     `json:"user_quota"`
	Caps         []admin.UserCapSpec `json:"caps"`
}

An ObjectUser defines the details of an object store user.

func CreateOrRecreateUserIfExists 

func CreateOrRecreateUserIfExists(c *Context, user ObjectUser, force bool) (*ObjectUser, int, error)

CreateOrRecreateUserIfExists if the user doesn't exist, it is created, should it already exist it is deleted and re-created It is called from the rgw dashboard setup logic.

func CreateUser 

func CreateUser(c *Context, user ObjectUser, force bool) (*ObjectUser, int, error)

CreateUser creates a new user with the information given. The function is used **ONCE** only to provision so the RGW Admin Ops User Subsequent interaction with the API will be done with the created user

func GetUser 

func GetUser(c *Context, id string) (*ObjectUser, int, error)

GetUser returns the user with the given ID. The function is used **ONCE** only to provision so the RGW Admin Ops User Subsequent interaction with the API will be done with the created user

type PolicyStatement 

type PolicyStatement struct {
	// Sid (optional) is the PolicyStatement's unique  identifier
	Sid string `json:"Sid"`
	// Effect determines whether the Action(s) are 'Allow'ed or 'Deny'ed.
	Effect effect `json:"Effect"`
	// Principle is/are the Ceph user names affected by this PolicyStatement
	// Must be in the format of 'arn:aws:iam:::user/<ceph-user>'
	Principal map[string][]string `json:"Principal"`
	// Action is a list of s3:* actions
	Action []action `json:"Action"`
	// Resource is the ARN identifier for the S3 resource (bucket)
	// Must be in the format of 'arn:aws:s3:::<bucket>'
	Resource []string `json:"Resource"`
}

PolicyStatement is the Go representation of a PolicyStatement json struct it defines what Actions that a Principle can or cannot perform on a Resource

func NewPolicyStatement 

func NewPolicyStatement() *PolicyStatement

NewPolicyStatement generates a new PolicyStatement. PolicyStatement methods are designed to be chain called with dot notation to allow for easy configuration at creation. This is preferable to a long parameter list.

func (*PolicyStatement) Actions 

func (ps *PolicyStatement) Actions(actions ...action) *PolicyStatement

Actions is the set of "s3:*" actions for the PolicyStatement is concerned

func (*PolicyStatement) Allows 

func (ps *PolicyStatement) Allows() *PolicyStatement

Allows sets the effect of the PolicyStatement to allow PolicyStatement's Actions

func (*PolicyStatement) Denies 

func (ps *PolicyStatement) Denies() *PolicyStatement

Denies sets the effect of the PolicyStatement to deny the PolicyStatement's Actions

func (*PolicyStatement) EjectPrincipals 

func (ps *PolicyStatement) EjectPrincipals(users ...string)

func (*PolicyStatement) ForPrincipals 

func (ps *PolicyStatement) ForPrincipals(users ...string) *PolicyStatement

ForPrincipals adds users to the PolicyStatement

func (*PolicyStatement) ForResources 

func (ps *PolicyStatement) ForResources(resources ...string) *PolicyStatement

ForResources adds resources (buckets) to the PolicyStatement with the appropriate ARN prefix

func (*PolicyStatement) ForSubResources 

func (ps *PolicyStatement) ForSubResources(resources ...string) *PolicyStatement

ForSubResources add contents inside the bucket to the PolicyStatement with the appropriate ARN prefix

func (*PolicyStatement) WithSID 

func (ps *PolicyStatement) WithSID(sid string) *PolicyStatement

type ProbeType 

type ProbeType string

type ProtocolType 

type ProtocolType string

type ReconcileCephObjectStore 

type ReconcileCephObjectStore struct {
	// contains filtered or unexported fields
}

ReconcileCephObjectStore reconciles a cephObjectStore object

func (*ReconcileCephObjectStore) Reconcile 

func (r *ReconcileCephObjectStore) Reconcile(context context.Context, request reconcile.Request) (reconcile.Result, error)

Reconcile reads that state of the cluster for a cephObjectStore object and makes changes based on the state read and what is in the cephObjectStore.Spec The Controller will requeue the Request to be processed again if the returned error is non-nil or Result.Requeue is true, otherwise upon completion it will remove the work from the queue.

type S3Agent 

type S3Agent struct {
	Client *s3.S3
}

S3Agent wraps the s3.S3 structure to allow for wrapper methods

func NewInsecureS3Agent 

func NewInsecureS3Agent(accessKey, secretKey, endpoint string, debug bool) (*S3Agent, error)

func NewS3Agent 

func NewS3Agent(accessKey, secretKey, endpoint string, debug bool, tlsCert []byte) (*S3Agent, error)

func (*S3Agent) CreateBucket 

func (s *S3Agent) CreateBucket(name string) error

CreateBucket creates a bucket with the given name

func (*S3Agent) CreateBucketNoInfoLogging 

func (s *S3Agent) CreateBucketNoInfoLogging(name string) error

CreateBucket creates a bucket with the given name

func (*S3Agent) DeleteBucket 

func (s *S3Agent) DeleteBucket(name string) (bool, error)

DeleteBucket function deletes given bucket using s3 client

func (*S3Agent) DeleteObjectInBucket 

func (s *S3Agent) DeleteObjectInBucket(bucketname string, key string) (bool, error)

DeleteObjectInBucket function deletes given bucket using s3 client

func (*S3Agent) GetBucketPolicy 

func (s *S3Agent) GetBucketPolicy(bucket string) (*BucketPolicy, error)

func (*S3Agent) GetObjectInBucket 

func (s *S3Agent) GetObjectInBucket(bucketname string, key string) (string, error)

GetObjectInBucket function retrieves an object from a bucket using s3 client

func (*S3Agent) PutBucketPolicy 

func (s *S3Agent) PutBucketPolicy(bucket string, policy BucketPolicy) (*s3.PutBucketPolicyOutput, error)

PutBucketPolicy applies the policy to the bucket

func (*S3Agent) PutObjectInBucket 

func (s *S3Agent) PutObjectInBucket(bucketname string, body string, key string,
	contentType string) (bool, error)

PutObjectInBucket function puts an object in a bucket using s3 client

Source Files

View all Source files

Directories

Path Synopsis
Package cosi implements the controller for the Ceph COSI Driver.
 Package cosi implements the controller for the Ceph COSI Driver.
Package notification to manage a rook bucket notifications.
 Package notification to manage a rook bucket notifications.
Package objectrealm to manage a rook object realm.
 Package objectrealm to manage a rook object realm.
Package topic to manage a rook bucket topics.
 Package topic to manage a rook bucket topics.
Package objectuser to manage a rook object store user.
 Package objectuser to manage a rook object store user.
Package zone to manage a rook object zone.
 Package zone to manage a rook object zone.
Package objectzonegroup to manage a rook object zonegroup.
 Package objectzonegroup to manage a rook object zonegroup.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.