From f9a4683c9805a845695d5e85479dcd20e15ba3c8 Mon Sep 17 00:00:00 2001 From: Ivan Sabelnikov Date: Mon, 6 Jan 2025 17:07:33 +0000 Subject: [PATCH 1/6] Allow to specify user+password and token secrets in Account --- controllers/jetstream/consumer.go | 130 ++----------- controllers/jetstream/controller.go | 175 ++++++++++++++++++ controllers/jetstream/stream.go | 130 ++----------- .../apis/jetstream/v1beta2/accounttypes.go | 8 +- pkg/jetstream/apis/jetstream/v1beta2/types.go | 11 ++ 5 files changed, 213 insertions(+), 241 deletions(-) diff --git a/controllers/jetstream/consumer.go b/controllers/jetstream/consumer.go index 52f3f532..83520514 100644 --- a/controllers/jetstream/consumer.go +++ b/controllers/jetstream/consumer.go @@ -4,10 +4,7 @@ import ( "context" "errors" "fmt" - "os" - "path/filepath" "strconv" - "strings" "time" "github.com/nats-io/jsm.go" @@ -49,70 +46,9 @@ func (c *Controller) processConsumerObject(cns *apis.Consumer, jsm jsmClientFunc spec := cns.Spec ifc := c.ji.Consumers(ns) - var ( - remoteClientCert string - remoteClientKey string - remoteRootCA string - accServers []string - accUserCreds string - ) - if spec.Account != "" && c.opts.CRDConnect { - // Lookup the account using the REST client. - ctx, done := context.WithTimeout(context.Background(), 5*time.Second) - defer done() - acc, err := c.ji.Accounts(ns).Get(ctx, spec.Account, k8smeta.GetOptions{}) - if err != nil { - return err - } - - accServers = acc.Spec.Servers - - // Lookup the TLS secrets - if acc.Spec.TLS != nil && acc.Spec.TLS.Secret != nil { - secretName := acc.Spec.TLS.Secret.Name - secret, err := c.ki.Secrets(ns).Get(c.ctx, secretName, k8smeta.GetOptions{}) - if err != nil { - return err - } - - // Write this to the cacheDir - accDir := filepath.Join(c.cacheDir, ns, spec.Account) - if err := os.MkdirAll(accDir, 0755); err != nil { - return err - } - - remoteClientCert = filepath.Join(accDir, acc.Spec.TLS.ClientCert) - remoteClientKey = filepath.Join(accDir, acc.Spec.TLS.ClientKey) - remoteRootCA = filepath.Join(accDir, acc.Spec.TLS.RootCAs) - - for k, v := range secret.Data { - if err := os.WriteFile(filepath.Join(accDir, k), v, 0o644); err != nil { - return err - } - } - } - // Lookup the UserCredentials. - if acc.Spec.Creds != nil { - secretName := acc.Spec.Creds.Secret.Name - secret, err := c.ki.Secrets(ns).Get(c.ctx, secretName, k8smeta.GetOptions{}) - if err != nil { - return err - } - - // Write the user credentials to the cache dir. - accDir := filepath.Join(c.cacheDir, ns, spec.Account) - if err := os.MkdirAll(accDir, 0755); err != nil { - return err - } - for k, v := range secret.Data { - if k == acc.Spec.Creds.File { - accUserCreds = filepath.Join(c.cacheDir, ns, spec.Account, k) - if err := os.WriteFile(filepath.Join(accDir, k), v, 0o644); err != nil { - return err - } - } - } - } + acc, err := c.getAccountOverrides(spec.Account, ns) + if err != nil { + return err } defer func() { @@ -128,58 +64,14 @@ func (c *Controller) processConsumerObject(cns *apis.Consumer, jsm jsmClientFunc type operator func(ctx context.Context, c jsmClient, spec apis.ConsumerSpec) (err error) natsClientUtil := func(op operator) error { - servers := spec.Servers - if c.opts.CRDConnect { - // Create a new client - natsCtx := &natsContext{} - // Use JWT/NKEYS based credentials if present. - if spec.Creds != "" { - natsCtx.Credentials = spec.Creds - } else if spec.Nkey != "" { - natsCtx.Nkey = spec.Nkey - } - if spec.TLS.ClientCert != "" && spec.TLS.ClientKey != "" { - natsCtx.TLSCert = spec.TLS.ClientCert - natsCtx.TLSKey = spec.TLS.ClientKey - } - - // Use fetched secrets for the account and server if defined. - if remoteClientCert != "" && remoteClientKey != "" { - natsCtx.TLSCert = remoteClientCert - natsCtx.TLSKey = remoteClientKey - } - if remoteRootCA != "" { - natsCtx.TLSCAs = []string{remoteRootCA} - } - if accUserCreds != "" { - natsCtx.Credentials = accUserCreds - } - if len(spec.TLS.RootCAs) > 0 { - natsCtx.TLSCAs = spec.TLS.RootCAs - } - - natsServers := strings.Join(append(servers, accServers...), ",") - natsCtx.URL = natsServers - c.normalEvent(cns, "Connecting", "Connecting to new nats-servers") - jsmc, err := jsm(natsCtx) - if err != nil { - return err - } - defer jsmc.Close() - - if err := op(c.ctx, jsmc, spec); err != nil { - return err - } - } else { - jsmc, err := jsm(&natsContext{}) - if err != nil { - return err - } - if err := op(c.ctx, jsmc, spec); err != nil { - return err - } - } - return nil + return c.runWithJsmc(jsm, acc, &jsmcSpecOverrides{ + servers: spec.Servers, + tls: spec.TLS, + creds: spec.Creds, + nkey: spec.Nkey, + }, cns, func(jsmc jsmClient) error { + return op(c.ctx, jsmc, spec) + }) } deleteOK := cns.GetDeletionTimestamp() != nil diff --git a/controllers/jetstream/controller.go b/controllers/jetstream/controller.go index 785b3559..6b3495c8 100644 --- a/controllers/jetstream/controller.go +++ b/controllers/jetstream/controller.go @@ -17,6 +17,7 @@ import ( "context" "fmt" "os" + "path/filepath" "strings" "time" @@ -414,6 +415,180 @@ func (c *Controller) warningEvent(o runtime.Object, reason, message string) { } } +type accountOverrides struct { + remoteClientCert string + remoteClientKey string + remoteRootCA string + servers []string + userCreds string + user string + password string + token string +} + +func (c *Controller) getAccountOverrides(account string, ns string) (*accountOverrides, error) { + overrides := &accountOverrides{} + + if account == "" || !c.opts.CRDConnect { + return overrides, nil + } + + // Lookup the account using the REST client. + ctx, done := context.WithTimeout(context.Background(), 5*time.Second) + defer done() + acc, err := c.ji.Accounts(ns).Get(ctx, account, k8smeta.GetOptions{}) + if err != nil { + return nil, err + } + + overrides.servers = acc.Spec.Servers + + // Lookup the TLS secrets + if acc.Spec.TLS != nil && acc.Spec.TLS.Secret != nil { + secretName := acc.Spec.TLS.Secret.Name + secret, err := c.ki.Secrets(ns).Get(c.ctx, secretName, k8smeta.GetOptions{}) + if err != nil { + return nil, err + } + + // Write this to the cacheDir. + accDir := filepath.Join(c.cacheDir, ns, account) + if err := os.MkdirAll(accDir, 0o755); err != nil { + return nil, err + } + + overrides.remoteClientCert = filepath.Join(accDir, acc.Spec.TLS.ClientCert) + overrides.remoteClientKey = filepath.Join(accDir, acc.Spec.TLS.ClientKey) + overrides.remoteRootCA = filepath.Join(accDir, acc.Spec.TLS.RootCAs) + + for k, v := range secret.Data { + if err := os.WriteFile(filepath.Join(accDir, k), v, 0o644); err != nil { + return nil, err + } + } + } + // Lookup the UserCredentials. + if acc.Spec.Creds != nil { + secretName := acc.Spec.Creds.Secret.Name + secret, err := c.ki.Secrets(ns).Get(c.ctx, secretName, k8smeta.GetOptions{}) + if err != nil { + return nil, err + } + + // Write the user credentials to the cache dir. + accDir := filepath.Join(c.cacheDir, ns, account) + if err := os.MkdirAll(accDir, 0o755); err != nil { + return nil, err + } + for k, v := range secret.Data { + if k == acc.Spec.Creds.File { + overrides.userCreds = filepath.Join(c.cacheDir, ns, account, k) + if err := os.WriteFile(filepath.Join(accDir, k), v, 0o644); err != nil { + return nil, err + } + } + } + } + + // Lookup the Token. + if acc.Spec.Token != nil { + secretName := acc.Spec.Token.Secret.Name + secret, err := c.ki.Secrets(ns).Get(c.ctx, secretName, k8smeta.GetOptions{}) + if err != nil { + return nil, err + } + + for k, v := range secret.Data { + if k == acc.Spec.Token.Token { + overrides.token = string(v) + } + } + } + + // Lookup the UserWithPassword. + if acc.Spec.UserWithPassword != nil { + secretName := acc.Spec.UserWithPassword.Secret.Name + secret, err := c.ki.Secrets(ns).Get(c.ctx, secretName, k8smeta.GetOptions{}) + if err != nil { + return nil, err + } + + for k, v := range secret.Data { + if k == acc.Spec.UserWithPassword.User { + overrides.user = string(v) + } + if k == acc.Spec.UserWithPassword.Password { + overrides.password = string(v) + } + } + } + + return overrides, nil +} + +type jsmcSpecOverrides struct { + servers []string + tls apis.TLS + creds string + nkey string +} + +func (c *Controller) runWithJsmc(jsm jsmClientFunc, acc *accountOverrides, spec *jsmcSpecOverrides, o runtime.Object, op func(jsmClient) error) error { + if !c.opts.CRDConnect { + jsmc, err := jsm(&natsContext{}) + if err != nil { + return err + } + + return op(jsmc) + } + + // Create a new client + natsCtx := &natsContext{} + // Use JWT/NKEYS based credentials if present. + if spec.creds != "" { + natsCtx.Credentials = spec.creds + } else if spec.nkey != "" { + natsCtx.Nkey = spec.nkey + } + if spec.tls.ClientCert != "" && spec.tls.ClientKey != "" { + natsCtx.TLSCert = spec.tls.ClientCert + natsCtx.TLSKey = spec.tls.ClientKey + } + + // Use fetched secrets for the account and server if defined. + if acc.remoteClientCert != "" && acc.remoteClientKey != "" { + natsCtx.TLSCert = acc.remoteClientCert + natsCtx.TLSKey = acc.remoteClientKey + } + if acc.remoteRootCA != "" { + natsCtx.TLSCAs = []string{acc.remoteRootCA} + } + if acc.userCreds != "" { + natsCtx.Credentials = acc.userCreds + } + + natsCtx.Username = acc.user + natsCtx.Password = acc.password + natsCtx.Token = acc.token + + if len(spec.tls.RootCAs) > 0 { + natsCtx.TLSCAs = spec.tls.RootCAs + } + + natsServers := strings.Join(append(spec.servers, acc.servers...), ",") + natsCtx.URL = natsServers + c.normalEvent(o, "Connecting", "Connecting to new nats-servers") + jsmc, err := jsm(natsCtx) + if err != nil { + return fmt.Errorf("failed to connect to nats-servers(%s): %w", natsServers, err) + } + + defer jsmc.Close() + + return op(jsmc) +} + func splitNamespaceName(item interface{}) (ns string, name string, err error) { defer func() { if err != nil { diff --git a/controllers/jetstream/stream.go b/controllers/jetstream/stream.go index 7dc2ec89..5fae6744 100644 --- a/controllers/jetstream/stream.go +++ b/controllers/jetstream/stream.go @@ -17,9 +17,6 @@ import ( "context" "errors" "fmt" - "os" - "path/filepath" - "strings" "time" jsm "github.com/nats-io/jsm.go" @@ -63,71 +60,9 @@ func (c *Controller) processStreamObject(str *apis.Stream, jsm jsmClientFunc) (e ns := str.Namespace readOnly := c.opts.ReadOnly - var ( - remoteClientCert string - remoteClientKey string - remoteRootCA string - accServers []string - acc *apis.Account - accUserCreds string - ) - if spec.Account != "" && c.opts.CRDConnect { - // Lookup the account using the REST client. - ctx, done := context.WithTimeout(context.Background(), 5*time.Second) - defer done() - acc, err = c.ji.Accounts(ns).Get(ctx, spec.Account, k8smeta.GetOptions{}) - if err != nil { - return err - } - - accServers = acc.Spec.Servers - - // Lookup the TLS secrets - if acc.Spec.TLS != nil && acc.Spec.TLS.Secret != nil { - secretName := acc.Spec.TLS.Secret.Name - secret, err := c.ki.Secrets(ns).Get(c.ctx, secretName, k8smeta.GetOptions{}) - if err != nil { - return err - } - - // Write this to the cacheDir. - accDir := filepath.Join(c.cacheDir, ns, spec.Account) - if err := os.MkdirAll(accDir, 0o755); err != nil { - return err - } - - remoteClientCert = filepath.Join(accDir, acc.Spec.TLS.ClientCert) - remoteClientKey = filepath.Join(accDir, acc.Spec.TLS.ClientKey) - remoteRootCA = filepath.Join(accDir, acc.Spec.TLS.RootCAs) - - for k, v := range secret.Data { - if err := os.WriteFile(filepath.Join(accDir, k), v, 0o644); err != nil { - return err - } - } - } - // Lookup the UserCredentials. - if acc.Spec.Creds != nil { - secretName := acc.Spec.Creds.Secret.Name - secret, err := c.ki.Secrets(ns).Get(c.ctx, secretName, k8smeta.GetOptions{}) - if err != nil { - return err - } - - // Write the user credentials to the cache dir. - accDir := filepath.Join(c.cacheDir, ns, spec.Account) - if err := os.MkdirAll(accDir, 0o755); err != nil { - return err - } - for k, v := range secret.Data { - if k == acc.Spec.Creds.File { - accUserCreds = filepath.Join(c.cacheDir, ns, spec.Account, k) - if err := os.WriteFile(filepath.Join(accDir, k), v, 0o644); err != nil { - return err - } - } - } - } + acc, err := c.getAccountOverrides(spec.Account, ns) + if err != nil { + return err } defer func() { @@ -143,57 +78,14 @@ func (c *Controller) processStreamObject(str *apis.Stream, jsm jsmClientFunc) (e type operator func(ctx context.Context, c jsmClient, spec apis.StreamSpec) (err error) natsClientUtil := func(op operator) error { - servers := spec.Servers - if c.opts.CRDConnect { - // Create a new client - natsCtx := &natsContext{} - // Use JWT/NKEYS based credentials if present. - if spec.Creds != "" { - natsCtx.Credentials = spec.Creds - } else if spec.Nkey != "" { - natsCtx.Nkey = spec.Nkey - } - if spec.TLS.ClientCert != "" && spec.TLS.ClientKey != "" { - natsCtx.TLSCert = spec.TLS.ClientCert - natsCtx.TLSKey = spec.TLS.ClientKey - } - - // Use fetched secrets for the account and server if defined. - if remoteClientCert != "" && remoteClientKey != "" { - natsCtx.TLSCert = remoteClientCert - natsCtx.TLSKey = remoteClientKey - } - if remoteRootCA != "" { - natsCtx.TLSCAs = []string{remoteRootCA} - } - if accUserCreds != "" { - natsCtx.Credentials = accUserCreds - } - if len(spec.TLS.RootCAs) > 0 { - natsCtx.TLSCAs = spec.TLS.RootCAs - } - - natsServers := strings.Join(append(servers, accServers...), ",") - natsCtx.URL = natsServers - c.normalEvent(str, "Connecting", "Connecting to new nats-servers") - jsmc, err := jsm(natsCtx) - if err != nil { - return fmt.Errorf("failed to connect to nats-servers(%s): %w", natsServers, err) - } - defer jsmc.Close() - if err := op(c.ctx, jsmc, spec); err != nil { - return err - } - } else { - jsmc, err := jsm(&natsContext{}) - if err != nil { - return err - } - if err := op(c.ctx, jsmc, spec); err != nil { - return err - } - } - return nil + return c.runWithJsmc(jsm, acc, &jsmcSpecOverrides{ + servers: spec.Servers, + tls: spec.TLS, + creds: spec.Creds, + nkey: spec.Nkey, + }, str, func(jsmc jsmClient) error { + return op(c.ctx, jsmc, spec) + }) } deleteOK := str.GetDeletionTimestamp() != nil diff --git a/pkg/jetstream/apis/jetstream/v1beta2/accounttypes.go b/pkg/jetstream/apis/jetstream/v1beta2/accounttypes.go index 01679053..f5f99a14 100644 --- a/pkg/jetstream/apis/jetstream/v1beta2/accounttypes.go +++ b/pkg/jetstream/apis/jetstream/v1beta2/accounttypes.go @@ -22,9 +22,11 @@ func (c *Account) GetSpec() interface{} { // AccountSpec is the spec for a Account resource type AccountSpec struct { - Servers []string `json:"servers"` - TLS *TLSSecret `json:"tls"` - Creds *CredsSecret `json:"creds"` + Servers []string `json:"servers"` + TLS *TLSSecret `json:"tls"` + Creds *CredsSecret `json:"creds"` + Token *TokenSecret `json:"token"` + UserWithPassword *UserWithPassword `json:"userWithPassword"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/pkg/jetstream/apis/jetstream/v1beta2/types.go b/pkg/jetstream/apis/jetstream/v1beta2/types.go index 099c7bd6..e71a28c4 100644 --- a/pkg/jetstream/apis/jetstream/v1beta2/types.go +++ b/pkg/jetstream/apis/jetstream/v1beta2/types.go @@ -40,6 +40,17 @@ type CredsSecret struct { Secret SecretRef `json:"secret"` } +type TokenSecret struct { + Token string `json:"token"` + Secret SecretRef `json:"secret"` +} + +type UserWithPassword struct { + User string `json:"user"` + Password string `json:"password"` + Secret SecretRef `json:"secret"` +} + type SecretRef struct { Name string `json:"name"` } From e10d60a4fd7d2fd58ba77926ace791db48d3ab9b Mon Sep 17 00:00:00 2001 From: Ivan Sabelnikov Date: Mon, 6 Jan 2025 17:59:48 +0000 Subject: [PATCH 2/6] Update CRDs + Code generation --- deploy/crds.yml | 29 ++++++++++ .../v1beta2/zz_generated.deepcopy.go | 44 +++++++++++++++ .../jetstream/v1beta2/accountspec.go | 24 +++++++-- .../jetstream/v1beta2/tokensecret.go | 45 ++++++++++++++++ .../jetstream/v1beta2/userwithpassword.go | 54 +++++++++++++++++++ .../generated/applyconfiguration/utils.go | 4 ++ 6 files changed, 197 insertions(+), 3 deletions(-) create mode 100644 pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/tokensecret.go create mode 100644 pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/userwithpassword.go diff --git a/deploy/crds.yml b/deploy/crds.yml index bcfb9a13..658ca23d 100644 --- a/deploy/crds.yml +++ b/deploy/crds.yml @@ -1013,3 +1013,32 @@ spec: file: description: Credentials file, generated with github.com/nats-io/nsc tool. type: string + token: + description: The token to be used to connect to the NATS Service. + type: object + properties: + secret: + type: object + properties: + name: + description: Name of the secret with the token. + type: string + token: + description: Key in the secret that contains the token. + type: string + userWithPassword: + description: The user and password to be used to connect to the NATS Service. + type: object + properties: + secret: + type: object + properties: + name: + description: Name of the secret with the user and password. + type: string + user: + description: Key in the secret that contains the user. + type: string + password: + description: Key in the secret that contains the password. + type: string diff --git a/pkg/jetstream/apis/jetstream/v1beta2/zz_generated.deepcopy.go b/pkg/jetstream/apis/jetstream/v1beta2/zz_generated.deepcopy.go index 5525e111..89a9ca28 100644 --- a/pkg/jetstream/apis/jetstream/v1beta2/zz_generated.deepcopy.go +++ b/pkg/jetstream/apis/jetstream/v1beta2/zz_generated.deepcopy.go @@ -101,6 +101,16 @@ func (in *AccountSpec) DeepCopyInto(out *AccountSpec) { *out = new(CredsSecret) **out = **in } + if in.Token != nil { + in, out := &in.Token, &out.Token + *out = new(TokenSecret) + **out = **in + } + if in.UserWithPassword != nil { + in, out := &in.UserWithPassword, &out.UserWithPassword + *out = new(UserWithPassword) + **out = **in + } return } @@ -547,3 +557,37 @@ func (in *TLSSecret) DeepCopy() *TLSSecret { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenSecret) DeepCopyInto(out *TokenSecret) { + *out = *in + out.Secret = in.Secret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenSecret. +func (in *TokenSecret) DeepCopy() *TokenSecret { + if in == nil { + return nil + } + out := new(TokenSecret) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserWithPassword) DeepCopyInto(out *UserWithPassword) { + *out = *in + out.Secret = in.Secret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserWithPassword. +func (in *UserWithPassword) DeepCopy() *UserWithPassword { + if in == nil { + return nil + } + out := new(UserWithPassword) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/accountspec.go b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/accountspec.go index a3a27b65..5f3d641c 100644 --- a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/accountspec.go +++ b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/accountspec.go @@ -18,9 +18,11 @@ package v1beta2 // AccountSpecApplyConfiguration represents an declarative configuration of the AccountSpec type for use // with apply. type AccountSpecApplyConfiguration struct { - Servers []string `json:"servers,omitempty"` - TLS *TLSSecretApplyConfiguration `json:"tls,omitempty"` - Creds *CredsSecretApplyConfiguration `json:"creds,omitempty"` + Servers []string `json:"servers,omitempty"` + TLS *TLSSecretApplyConfiguration `json:"tls,omitempty"` + Creds *CredsSecretApplyConfiguration `json:"creds,omitempty"` + Token *TokenSecretApplyConfiguration `json:"token,omitempty"` + UserWithPassword *UserWithPasswordApplyConfiguration `json:"userWithPassword,omitempty"` } // AccountSpecApplyConfiguration constructs an declarative configuration of the AccountSpec type for use with @@ -54,3 +56,19 @@ func (b *AccountSpecApplyConfiguration) WithCreds(value *CredsSecretApplyConfigu b.Creds = value return b } + +// WithToken sets the Token field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Token field is set to the value of the last call. +func (b *AccountSpecApplyConfiguration) WithToken(value *TokenSecretApplyConfiguration) *AccountSpecApplyConfiguration { + b.Token = value + return b +} + +// WithUserWithPassword sets the UserWithPassword field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UserWithPassword field is set to the value of the last call. +func (b *AccountSpecApplyConfiguration) WithUserWithPassword(value *UserWithPasswordApplyConfiguration) *AccountSpecApplyConfiguration { + b.UserWithPassword = value + return b +} diff --git a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/tokensecret.go b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/tokensecret.go new file mode 100644 index 00000000..4ca03c17 --- /dev/null +++ b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/tokensecret.go @@ -0,0 +1,45 @@ +// Copyright 2020 The NATS Authors +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1beta2 + +// TokenSecretApplyConfiguration represents an declarative configuration of the TokenSecret type for use +// with apply. +type TokenSecretApplyConfiguration struct { + Token *string `json:"token,omitempty"` + Secret *SecretRefApplyConfiguration `json:"secret,omitempty"` +} + +// TokenSecretApplyConfiguration constructs an declarative configuration of the TokenSecret type for use with +// apply. +func TokenSecret() *TokenSecretApplyConfiguration { + return &TokenSecretApplyConfiguration{} +} + +// WithToken sets the Token field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Token field is set to the value of the last call. +func (b *TokenSecretApplyConfiguration) WithToken(value string) *TokenSecretApplyConfiguration { + b.Token = &value + return b +} + +// WithSecret sets the Secret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Secret field is set to the value of the last call. +func (b *TokenSecretApplyConfiguration) WithSecret(value *SecretRefApplyConfiguration) *TokenSecretApplyConfiguration { + b.Secret = value + return b +} diff --git a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/userwithpassword.go b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/userwithpassword.go new file mode 100644 index 00000000..c4441c14 --- /dev/null +++ b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/userwithpassword.go @@ -0,0 +1,54 @@ +// Copyright 2020 The NATS Authors +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1beta2 + +// UserWithPasswordApplyConfiguration represents an declarative configuration of the UserWithPassword type for use +// with apply. +type UserWithPasswordApplyConfiguration struct { + User *string `json:"user,omitempty"` + Password *string `json:"password,omitempty"` + Secret *SecretRefApplyConfiguration `json:"secret,omitempty"` +} + +// UserWithPasswordApplyConfiguration constructs an declarative configuration of the UserWithPassword type for use with +// apply. +func UserWithPassword() *UserWithPasswordApplyConfiguration { + return &UserWithPasswordApplyConfiguration{} +} + +// WithUser sets the User field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the User field is set to the value of the last call. +func (b *UserWithPasswordApplyConfiguration) WithUser(value string) *UserWithPasswordApplyConfiguration { + b.User = &value + return b +} + +// WithPassword sets the Password field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Password field is set to the value of the last call. +func (b *UserWithPasswordApplyConfiguration) WithPassword(value string) *UserWithPasswordApplyConfiguration { + b.Password = &value + return b +} + +// WithSecret sets the Secret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Secret field is set to the value of the last call. +func (b *UserWithPasswordApplyConfiguration) WithSecret(value *SecretRefApplyConfiguration) *UserWithPasswordApplyConfiguration { + b.Secret = value + return b +} diff --git a/pkg/jetstream/generated/applyconfiguration/utils.go b/pkg/jetstream/generated/applyconfiguration/utils.go index 4e1751e0..17616aeb 100644 --- a/pkg/jetstream/generated/applyconfiguration/utils.go +++ b/pkg/jetstream/generated/applyconfiguration/utils.go @@ -58,6 +58,10 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &jetstreamv1beta2.TLSApplyConfiguration{} case v1beta2.SchemeGroupVersion.WithKind("TLSSecret"): return &jetstreamv1beta2.TLSSecretApplyConfiguration{} + case v1beta2.SchemeGroupVersion.WithKind("TokenSecret"): + return &jetstreamv1beta2.TokenSecretApplyConfiguration{} + case v1beta2.SchemeGroupVersion.WithKind("UserWithPassword"): + return &jetstreamv1beta2.UserWithPasswordApplyConfiguration{} } return nil From f7cce73f65e2fa2714d7b5ad6bb07f5e5556a53a Mon Sep 17 00:00:00 2001 From: Ivan Sabelnikov Date: Tue, 28 Jan 2025 19:40:06 +0000 Subject: [PATCH 3/6] Fix PR comments --- controllers/jetstream/controller.go | 70 ++++++++++++++----- deploy/crds.yml | 26 ++++++- .../apis/jetstream/v1beta2/accounttypes.go | 10 +-- .../apis/jetstream/v1beta2/consumertypes.go | 3 + .../apis/jetstream/v1beta2/streamtypes.go | 3 + pkg/jetstream/apis/jetstream/v1beta2/types.go | 2 +- .../v1beta2/zz_generated.deepcopy.go | 12 ++-- 7 files changed, 95 insertions(+), 31 deletions(-) diff --git a/controllers/jetstream/controller.go b/controllers/jetstream/controller.go index 6b3495c8..e91ff14f 100644 --- a/controllers/jetstream/controller.go +++ b/controllers/jetstream/controller.go @@ -457,12 +457,34 @@ func (c *Controller) getAccountOverrides(account string, ns string) (*accountOve return nil, err } - overrides.remoteClientCert = filepath.Join(accDir, acc.Spec.TLS.ClientCert) - overrides.remoteClientKey = filepath.Join(accDir, acc.Spec.TLS.ClientKey) - overrides.remoteRootCA = filepath.Join(accDir, acc.Spec.TLS.RootCAs) + filesToWrite := make(map[string]string) - for k, v := range secret.Data { - if err := os.WriteFile(filepath.Join(accDir, k), v, 0o644); err != nil { + getSecretValue := func(key string) string { + value, ok := secret.Data[key] + if !ok { + return "" + } + return string(value) + } + + remoteClientCertValue := getSecretValue(acc.Spec.TLS.ClientCert) + remoteClientKeyValue := getSecretValue(acc.Spec.TLS.ClientKey) + if remoteClientCertValue != "" && remoteClientKeyValue != "" { + overrides.remoteClientCert = filepath.Join(accDir, acc.Spec.TLS.ClientCert) + overrides.remoteClientKey = filepath.Join(accDir, acc.Spec.TLS.ClientKey) + + filesToWrite[acc.Spec.TLS.ClientCert] = remoteClientCertValue + filesToWrite[acc.Spec.TLS.ClientKey] = remoteClientKeyValue + } + + remoteRootCAValue := getSecretValue(acc.Spec.TLS.RootCAs) + if remoteRootCAValue != "" { + overrides.remoteRootCA = filepath.Join(accDir, acc.Spec.TLS.RootCAs) + filesToWrite[acc.Spec.TLS.RootCAs] = remoteRootCAValue + } + + for file, v := range filesToWrite { + if err := os.WriteFile(filepath.Join(accDir, file), []byte(v), 0o644); err != nil { return nil, err } } @@ -505,19 +527,19 @@ func (c *Controller) getAccountOverrides(account string, ns string) (*accountOve } } - // Lookup the UserWithPassword. - if acc.Spec.UserWithPassword != nil { - secretName := acc.Spec.UserWithPassword.Secret.Name + // Lookup the User. + if acc.Spec.User != nil { + secretName := acc.Spec.User.Secret.Name secret, err := c.ki.Secrets(ns).Get(c.ctx, secretName, k8smeta.GetOptions{}) if err != nil { return nil, err } for k, v := range secret.Data { - if k == acc.Spec.UserWithPassword.User { + if k == acc.Spec.User.User { overrides.user = string(v) } - if k == acc.Spec.UserWithPassword.Password { + if k == acc.Spec.User.Password { overrides.password = string(v) } } @@ -527,10 +549,13 @@ func (c *Controller) getAccountOverrides(account string, ns string) (*accountOve } type jsmcSpecOverrides struct { - servers []string - tls apis.TLS - creds string - nkey string + servers []string + tls apis.TLS + creds string + nkey string + userName string + userPassword string + token string } func (c *Controller) runWithJsmc(jsm jsmClientFunc, acc *accountOverrides, spec *jsmcSpecOverrides, o runtime.Object, op func(jsmClient) error) error { @@ -545,7 +570,7 @@ func (c *Controller) runWithJsmc(jsm jsmClientFunc, acc *accountOverrides, spec // Create a new client natsCtx := &natsContext{} - // Use JWT/NKEYS based credentials if present. + // Use JWT/NKEYS/user-password/token based credentials if present. if spec.creds != "" { natsCtx.Credentials = spec.creds } else if spec.nkey != "" { @@ -555,6 +580,12 @@ func (c *Controller) runWithJsmc(jsm jsmClientFunc, acc *accountOverrides, spec natsCtx.TLSCert = spec.tls.ClientCert natsCtx.TLSKey = spec.tls.ClientKey } + if spec.userName != "" && spec.userPassword != "" { + natsCtx.Username = spec.userName + natsCtx.Password = spec.userPassword + } else if spec.token != "" { + natsCtx.Token = spec.token + } // Use fetched secrets for the account and server if defined. if acc.remoteClientCert != "" && acc.remoteClientKey != "" { @@ -568,9 +599,12 @@ func (c *Controller) runWithJsmc(jsm jsmClientFunc, acc *accountOverrides, spec natsCtx.Credentials = acc.userCreds } - natsCtx.Username = acc.user - natsCtx.Password = acc.password - natsCtx.Token = acc.token + if acc.user != "" && acc.password != "" { + natsCtx.Username = acc.user + natsCtx.Password = acc.password + } else if acc.token != "" { + natsCtx.Token = acc.token + } if len(spec.tls.RootCAs) > 0 { natsCtx.TLSCAs = spec.tls.RootCAs diff --git a/deploy/crds.yml b/deploy/crds.yml index 658ca23d..65e9f6c6 100644 --- a/deploy/crds.yml +++ b/deploy/crds.yml @@ -191,6 +191,18 @@ spec: description: NATS user NKey for connecting to servers. type: string default: '' + userName: + description: NATS user name for connecting to servers. + type: string + default: '' + userPassword: + description: NATS user password for connecting to servers. + type: string + default: '' + token: + description: The token to be used to connect to the NATS Service. + type: string + default: '' tls: description: A client's TLS certs and keys. type: object @@ -638,6 +650,18 @@ spec: description: NATS user NKey for connecting to servers. type: string default: '' + userName: + description: NATS user name for connecting to servers. + type: string + default: '' + userPassword: + description: NATS user password for connecting to servers. + type: string + default: '' + token: + description: The token to be used to connect to the NATS Service. + type: string + default: '' account: description: Name of the account to which the Consumer belongs. type: string @@ -1026,7 +1050,7 @@ spec: token: description: Key in the secret that contains the token. type: string - userWithPassword: + user: description: The user and password to be used to connect to the NATS Service. type: object properties: diff --git a/pkg/jetstream/apis/jetstream/v1beta2/accounttypes.go b/pkg/jetstream/apis/jetstream/v1beta2/accounttypes.go index f5f99a14..444eeb42 100644 --- a/pkg/jetstream/apis/jetstream/v1beta2/accounttypes.go +++ b/pkg/jetstream/apis/jetstream/v1beta2/accounttypes.go @@ -22,11 +22,11 @@ func (c *Account) GetSpec() interface{} { // AccountSpec is the spec for a Account resource type AccountSpec struct { - Servers []string `json:"servers"` - TLS *TLSSecret `json:"tls"` - Creds *CredsSecret `json:"creds"` - Token *TokenSecret `json:"token"` - UserWithPassword *UserWithPassword `json:"userWithPassword"` + Servers []string `json:"servers"` + TLS *TLSSecret `json:"tls"` + Creds *CredsSecret `json:"creds"` + Token *TokenSecret `json:"token"` + User *User `json:"user"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/pkg/jetstream/apis/jetstream/v1beta2/consumertypes.go b/pkg/jetstream/apis/jetstream/v1beta2/consumertypes.go index d565e5c5..c10b1e3d 100644 --- a/pkg/jetstream/apis/jetstream/v1beta2/consumertypes.go +++ b/pkg/jetstream/apis/jetstream/v1beta2/consumertypes.go @@ -46,6 +46,9 @@ type ConsumerSpec struct { MaxWaiting int `json:"maxWaiting"` MemStorage bool `json:"memStorage"` Nkey string `json:"nkey"` + UserName string `json:"userName"` + UserPassword string `json:"userPassword"` + Token string `json:"token"` OptStartSeq int `json:"optStartSeq"` OptStartTime string `json:"optStartTime"` RateLimitBps int `json:"rateLimitBps"` diff --git a/pkg/jetstream/apis/jetstream/v1beta2/streamtypes.go b/pkg/jetstream/apis/jetstream/v1beta2/streamtypes.go index 1128d1c4..f63f7b17 100644 --- a/pkg/jetstream/apis/jetstream/v1beta2/streamtypes.go +++ b/pkg/jetstream/apis/jetstream/v1beta2/streamtypes.go @@ -43,6 +43,9 @@ type StreamSpec struct { Mirror *StreamSource `json:"mirror"` Name string `json:"name"` Nkey string `json:"nkey"` + UserName string `json:"userName"` + UserPassword string `json:"userPassword"` + Token string `json:"token"` NoAck bool `json:"noAck"` Placement *StreamPlacement `json:"placement"` Replicas int `json:"replicas"` diff --git a/pkg/jetstream/apis/jetstream/v1beta2/types.go b/pkg/jetstream/apis/jetstream/v1beta2/types.go index e71a28c4..18504510 100644 --- a/pkg/jetstream/apis/jetstream/v1beta2/types.go +++ b/pkg/jetstream/apis/jetstream/v1beta2/types.go @@ -45,7 +45,7 @@ type TokenSecret struct { Secret SecretRef `json:"secret"` } -type UserWithPassword struct { +type User struct { User string `json:"user"` Password string `json:"password"` Secret SecretRef `json:"secret"` diff --git a/pkg/jetstream/apis/jetstream/v1beta2/zz_generated.deepcopy.go b/pkg/jetstream/apis/jetstream/v1beta2/zz_generated.deepcopy.go index 89a9ca28..24e52c7e 100644 --- a/pkg/jetstream/apis/jetstream/v1beta2/zz_generated.deepcopy.go +++ b/pkg/jetstream/apis/jetstream/v1beta2/zz_generated.deepcopy.go @@ -106,9 +106,9 @@ func (in *AccountSpec) DeepCopyInto(out *AccountSpec) { *out = new(TokenSecret) **out = **in } - if in.UserWithPassword != nil { - in, out := &in.UserWithPassword, &out.UserWithPassword - *out = new(UserWithPassword) + if in.User != nil { + in, out := &in.User, &out.User + *out = new(User) **out = **in } return @@ -576,18 +576,18 @@ func (in *TokenSecret) DeepCopy() *TokenSecret { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UserWithPassword) DeepCopyInto(out *UserWithPassword) { +func (in *User) DeepCopyInto(out *User) { *out = *in out.Secret = in.Secret return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserWithPassword. -func (in *UserWithPassword) DeepCopy() *UserWithPassword { +func (in *User) DeepCopy() *User { if in == nil { return nil } - out := new(UserWithPassword) + out := new(User) in.DeepCopyInto(out) return out } From d1465a8225a69d4d206bb89d8b26f86c5abb65c8 Mon Sep 17 00:00:00 2001 From: Ivan Sabelnikov Date: Tue, 28 Jan 2025 19:44:55 +0000 Subject: [PATCH 4/6] Build --- .../v1beta2/zz_generated.deepcopy.go | 2 +- .../jetstream/v1beta2/accountspec.go | 18 ++++++------- .../jetstream/v1beta2/consumerspec.go | 27 +++++++++++++++++++ .../jetstream/v1beta2/streamspec.go | 27 +++++++++++++++++++ .../v1beta2/{userwithpassword.go => user.go} | 16 +++++------ .../generated/applyconfiguration/utils.go | 4 +-- 6 files changed, 74 insertions(+), 20 deletions(-) rename pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/{userwithpassword.go => user.go} (70%) diff --git a/pkg/jetstream/apis/jetstream/v1beta2/zz_generated.deepcopy.go b/pkg/jetstream/apis/jetstream/v1beta2/zz_generated.deepcopy.go index 24e52c7e..29e4521d 100644 --- a/pkg/jetstream/apis/jetstream/v1beta2/zz_generated.deepcopy.go +++ b/pkg/jetstream/apis/jetstream/v1beta2/zz_generated.deepcopy.go @@ -582,7 +582,7 @@ func (in *User) DeepCopyInto(out *User) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserWithPassword. +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new User. func (in *User) DeepCopy() *User { if in == nil { return nil diff --git a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/accountspec.go b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/accountspec.go index 5f3d641c..09dd5464 100644 --- a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/accountspec.go +++ b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/accountspec.go @@ -18,11 +18,11 @@ package v1beta2 // AccountSpecApplyConfiguration represents an declarative configuration of the AccountSpec type for use // with apply. type AccountSpecApplyConfiguration struct { - Servers []string `json:"servers,omitempty"` - TLS *TLSSecretApplyConfiguration `json:"tls,omitempty"` - Creds *CredsSecretApplyConfiguration `json:"creds,omitempty"` - Token *TokenSecretApplyConfiguration `json:"token,omitempty"` - UserWithPassword *UserWithPasswordApplyConfiguration `json:"userWithPassword,omitempty"` + Servers []string `json:"servers,omitempty"` + TLS *TLSSecretApplyConfiguration `json:"tls,omitempty"` + Creds *CredsSecretApplyConfiguration `json:"creds,omitempty"` + Token *TokenSecretApplyConfiguration `json:"token,omitempty"` + User *UserApplyConfiguration `json:"user,omitempty"` } // AccountSpecApplyConfiguration constructs an declarative configuration of the AccountSpec type for use with @@ -65,10 +65,10 @@ func (b *AccountSpecApplyConfiguration) WithToken(value *TokenSecretApplyConfigu return b } -// WithUserWithPassword sets the UserWithPassword field in the declarative configuration to the given value +// WithUser sets the User field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the UserWithPassword field is set to the value of the last call. -func (b *AccountSpecApplyConfiguration) WithUserWithPassword(value *UserWithPasswordApplyConfiguration) *AccountSpecApplyConfiguration { - b.UserWithPassword = value +// If called multiple times, the User field is set to the value of the last call. +func (b *AccountSpecApplyConfiguration) WithUser(value *UserApplyConfiguration) *AccountSpecApplyConfiguration { + b.User = value return b } diff --git a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/consumerspec.go b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/consumerspec.go index 02683d96..b86e6a8b 100644 --- a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/consumerspec.go +++ b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/consumerspec.go @@ -42,6 +42,9 @@ type ConsumerSpecApplyConfiguration struct { MaxWaiting *int `json:"maxWaiting,omitempty"` MemStorage *bool `json:"memStorage,omitempty"` Nkey *string `json:"nkey,omitempty"` + UserName *string `json:"userName,omitempty"` + UserPassword *string `json:"userPassword,omitempty"` + Token *string `json:"token,omitempty"` OptStartSeq *int `json:"optStartSeq,omitempty"` OptStartTime *string `json:"optStartTime,omitempty"` RateLimitBps *int `json:"rateLimitBps,omitempty"` @@ -257,6 +260,30 @@ func (b *ConsumerSpecApplyConfiguration) WithNkey(value string) *ConsumerSpecApp return b } +// WithUserName sets the UserName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UserName field is set to the value of the last call. +func (b *ConsumerSpecApplyConfiguration) WithUserName(value string) *ConsumerSpecApplyConfiguration { + b.UserName = &value + return b +} + +// WithUserPassword sets the UserPassword field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UserPassword field is set to the value of the last call. +func (b *ConsumerSpecApplyConfiguration) WithUserPassword(value string) *ConsumerSpecApplyConfiguration { + b.UserPassword = &value + return b +} + +// WithToken sets the Token field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Token field is set to the value of the last call. +func (b *ConsumerSpecApplyConfiguration) WithToken(value string) *ConsumerSpecApplyConfiguration { + b.Token = &value + return b +} + // WithOptStartSeq sets the OptStartSeq field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the OptStartSeq field is set to the value of the last call. diff --git a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/streamspec.go b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/streamspec.go index e52a845a..b7762619 100644 --- a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/streamspec.go +++ b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/streamspec.go @@ -43,6 +43,9 @@ type StreamSpecApplyConfiguration struct { Mirror *StreamSourceApplyConfiguration `json:"mirror,omitempty"` Name *string `json:"name,omitempty"` Nkey *string `json:"nkey,omitempty"` + UserName *string `json:"userName,omitempty"` + UserPassword *string `json:"userPassword,omitempty"` + Token *string `json:"token,omitempty"` NoAck *bool `json:"noAck,omitempty"` Placement *StreamPlacementApplyConfiguration `json:"placement,omitempty"` Replicas *int `json:"replicas,omitempty"` @@ -233,6 +236,30 @@ func (b *StreamSpecApplyConfiguration) WithNkey(value string) *StreamSpecApplyCo return b } +// WithUserName sets the UserName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UserName field is set to the value of the last call. +func (b *StreamSpecApplyConfiguration) WithUserName(value string) *StreamSpecApplyConfiguration { + b.UserName = &value + return b +} + +// WithUserPassword sets the UserPassword field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UserPassword field is set to the value of the last call. +func (b *StreamSpecApplyConfiguration) WithUserPassword(value string) *StreamSpecApplyConfiguration { + b.UserPassword = &value + return b +} + +// WithToken sets the Token field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Token field is set to the value of the last call. +func (b *StreamSpecApplyConfiguration) WithToken(value string) *StreamSpecApplyConfiguration { + b.Token = &value + return b +} + // WithNoAck sets the NoAck field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the NoAck field is set to the value of the last call. diff --git a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/userwithpassword.go b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/user.go similarity index 70% rename from pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/userwithpassword.go rename to pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/user.go index c4441c14..68483048 100644 --- a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/userwithpassword.go +++ b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/user.go @@ -15,24 +15,24 @@ package v1beta2 -// UserWithPasswordApplyConfiguration represents an declarative configuration of the UserWithPassword type for use +// UserApplyConfiguration represents an declarative configuration of the User type for use // with apply. -type UserWithPasswordApplyConfiguration struct { +type UserApplyConfiguration struct { User *string `json:"user,omitempty"` Password *string `json:"password,omitempty"` Secret *SecretRefApplyConfiguration `json:"secret,omitempty"` } -// UserWithPasswordApplyConfiguration constructs an declarative configuration of the UserWithPassword type for use with +// UserApplyConfiguration constructs an declarative configuration of the User type for use with // apply. -func UserWithPassword() *UserWithPasswordApplyConfiguration { - return &UserWithPasswordApplyConfiguration{} +func User() *UserApplyConfiguration { + return &UserApplyConfiguration{} } // WithUser sets the User field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the User field is set to the value of the last call. -func (b *UserWithPasswordApplyConfiguration) WithUser(value string) *UserWithPasswordApplyConfiguration { +func (b *UserApplyConfiguration) WithUser(value string) *UserApplyConfiguration { b.User = &value return b } @@ -40,7 +40,7 @@ func (b *UserWithPasswordApplyConfiguration) WithUser(value string) *UserWithPas // WithPassword sets the Password field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Password field is set to the value of the last call. -func (b *UserWithPasswordApplyConfiguration) WithPassword(value string) *UserWithPasswordApplyConfiguration { +func (b *UserApplyConfiguration) WithPassword(value string) *UserApplyConfiguration { b.Password = &value return b } @@ -48,7 +48,7 @@ func (b *UserWithPasswordApplyConfiguration) WithPassword(value string) *UserWit // WithSecret sets the Secret field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Secret field is set to the value of the last call. -func (b *UserWithPasswordApplyConfiguration) WithSecret(value *SecretRefApplyConfiguration) *UserWithPasswordApplyConfiguration { +func (b *UserApplyConfiguration) WithSecret(value *SecretRefApplyConfiguration) *UserApplyConfiguration { b.Secret = value return b } diff --git a/pkg/jetstream/generated/applyconfiguration/utils.go b/pkg/jetstream/generated/applyconfiguration/utils.go index 17616aeb..1e43a122 100644 --- a/pkg/jetstream/generated/applyconfiguration/utils.go +++ b/pkg/jetstream/generated/applyconfiguration/utils.go @@ -60,8 +60,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &jetstreamv1beta2.TLSSecretApplyConfiguration{} case v1beta2.SchemeGroupVersion.WithKind("TokenSecret"): return &jetstreamv1beta2.TokenSecretApplyConfiguration{} - case v1beta2.SchemeGroupVersion.WithKind("UserWithPassword"): - return &jetstreamv1beta2.UserWithPasswordApplyConfiguration{} + case v1beta2.SchemeGroupVersion.WithKind("User"): + return &jetstreamv1beta2.UserApplyConfiguration{} } return nil From eb33c85859903cc2b4c8c0c3a612f6153ca2f548 Mon Sep 17 00:00:00 2001 From: Ivan Sabelnikov Date: Thu, 30 Jan 2025 16:50:50 +0000 Subject: [PATCH 5/6] Remove user name and password from consumer and stream types --- controllers/jetstream/controller.go | 17 ++++--------- deploy/crds.yml | 24 ------------------- .../apis/jetstream/v1beta2/consumertypes.go | 3 --- .../apis/jetstream/v1beta2/streamtypes.go | 3 --- 4 files changed, 4 insertions(+), 43 deletions(-) diff --git a/controllers/jetstream/controller.go b/controllers/jetstream/controller.go index e91ff14f..35b35b4b 100644 --- a/controllers/jetstream/controller.go +++ b/controllers/jetstream/controller.go @@ -549,13 +549,10 @@ func (c *Controller) getAccountOverrides(account string, ns string) (*accountOve } type jsmcSpecOverrides struct { - servers []string - tls apis.TLS - creds string - nkey string - userName string - userPassword string - token string + servers []string + tls apis.TLS + creds string + nkey string } func (c *Controller) runWithJsmc(jsm jsmClientFunc, acc *accountOverrides, spec *jsmcSpecOverrides, o runtime.Object, op func(jsmClient) error) error { @@ -580,12 +577,6 @@ func (c *Controller) runWithJsmc(jsm jsmClientFunc, acc *accountOverrides, spec natsCtx.TLSCert = spec.tls.ClientCert natsCtx.TLSKey = spec.tls.ClientKey } - if spec.userName != "" && spec.userPassword != "" { - natsCtx.Username = spec.userName - natsCtx.Password = spec.userPassword - } else if spec.token != "" { - natsCtx.Token = spec.token - } // Use fetched secrets for the account and server if defined. if acc.remoteClientCert != "" && acc.remoteClientKey != "" { diff --git a/deploy/crds.yml b/deploy/crds.yml index 65e9f6c6..6171ff99 100644 --- a/deploy/crds.yml +++ b/deploy/crds.yml @@ -191,18 +191,6 @@ spec: description: NATS user NKey for connecting to servers. type: string default: '' - userName: - description: NATS user name for connecting to servers. - type: string - default: '' - userPassword: - description: NATS user password for connecting to servers. - type: string - default: '' - token: - description: The token to be used to connect to the NATS Service. - type: string - default: '' tls: description: A client's TLS certs and keys. type: object @@ -650,18 +638,6 @@ spec: description: NATS user NKey for connecting to servers. type: string default: '' - userName: - description: NATS user name for connecting to servers. - type: string - default: '' - userPassword: - description: NATS user password for connecting to servers. - type: string - default: '' - token: - description: The token to be used to connect to the NATS Service. - type: string - default: '' account: description: Name of the account to which the Consumer belongs. type: string diff --git a/pkg/jetstream/apis/jetstream/v1beta2/consumertypes.go b/pkg/jetstream/apis/jetstream/v1beta2/consumertypes.go index c10b1e3d..d565e5c5 100644 --- a/pkg/jetstream/apis/jetstream/v1beta2/consumertypes.go +++ b/pkg/jetstream/apis/jetstream/v1beta2/consumertypes.go @@ -46,9 +46,6 @@ type ConsumerSpec struct { MaxWaiting int `json:"maxWaiting"` MemStorage bool `json:"memStorage"` Nkey string `json:"nkey"` - UserName string `json:"userName"` - UserPassword string `json:"userPassword"` - Token string `json:"token"` OptStartSeq int `json:"optStartSeq"` OptStartTime string `json:"optStartTime"` RateLimitBps int `json:"rateLimitBps"` diff --git a/pkg/jetstream/apis/jetstream/v1beta2/streamtypes.go b/pkg/jetstream/apis/jetstream/v1beta2/streamtypes.go index f63f7b17..1128d1c4 100644 --- a/pkg/jetstream/apis/jetstream/v1beta2/streamtypes.go +++ b/pkg/jetstream/apis/jetstream/v1beta2/streamtypes.go @@ -43,9 +43,6 @@ type StreamSpec struct { Mirror *StreamSource `json:"mirror"` Name string `json:"name"` Nkey string `json:"nkey"` - UserName string `json:"userName"` - UserPassword string `json:"userPassword"` - Token string `json:"token"` NoAck bool `json:"noAck"` Placement *StreamPlacement `json:"placement"` Replicas int `json:"replicas"` From c832e61a1e1443afe6fb5a50f831235467e0394f Mon Sep 17 00:00:00 2001 From: Ivan Sabelnikov Date: Thu, 30 Jan 2025 18:11:31 +0000 Subject: [PATCH 6/6] Build --- .../jetstream/v1beta2/consumerspec.go | 27 ------------------- .../jetstream/v1beta2/streamspec.go | 27 ------------------- 2 files changed, 54 deletions(-) diff --git a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/consumerspec.go b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/consumerspec.go index b86e6a8b..02683d96 100644 --- a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/consumerspec.go +++ b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/consumerspec.go @@ -42,9 +42,6 @@ type ConsumerSpecApplyConfiguration struct { MaxWaiting *int `json:"maxWaiting,omitempty"` MemStorage *bool `json:"memStorage,omitempty"` Nkey *string `json:"nkey,omitempty"` - UserName *string `json:"userName,omitempty"` - UserPassword *string `json:"userPassword,omitempty"` - Token *string `json:"token,omitempty"` OptStartSeq *int `json:"optStartSeq,omitempty"` OptStartTime *string `json:"optStartTime,omitempty"` RateLimitBps *int `json:"rateLimitBps,omitempty"` @@ -260,30 +257,6 @@ func (b *ConsumerSpecApplyConfiguration) WithNkey(value string) *ConsumerSpecApp return b } -// WithUserName sets the UserName field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the UserName field is set to the value of the last call. -func (b *ConsumerSpecApplyConfiguration) WithUserName(value string) *ConsumerSpecApplyConfiguration { - b.UserName = &value - return b -} - -// WithUserPassword sets the UserPassword field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the UserPassword field is set to the value of the last call. -func (b *ConsumerSpecApplyConfiguration) WithUserPassword(value string) *ConsumerSpecApplyConfiguration { - b.UserPassword = &value - return b -} - -// WithToken sets the Token field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Token field is set to the value of the last call. -func (b *ConsumerSpecApplyConfiguration) WithToken(value string) *ConsumerSpecApplyConfiguration { - b.Token = &value - return b -} - // WithOptStartSeq sets the OptStartSeq field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the OptStartSeq field is set to the value of the last call. diff --git a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/streamspec.go b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/streamspec.go index b7762619..e52a845a 100644 --- a/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/streamspec.go +++ b/pkg/jetstream/generated/applyconfiguration/jetstream/v1beta2/streamspec.go @@ -43,9 +43,6 @@ type StreamSpecApplyConfiguration struct { Mirror *StreamSourceApplyConfiguration `json:"mirror,omitempty"` Name *string `json:"name,omitempty"` Nkey *string `json:"nkey,omitempty"` - UserName *string `json:"userName,omitempty"` - UserPassword *string `json:"userPassword,omitempty"` - Token *string `json:"token,omitempty"` NoAck *bool `json:"noAck,omitempty"` Placement *StreamPlacementApplyConfiguration `json:"placement,omitempty"` Replicas *int `json:"replicas,omitempty"` @@ -236,30 +233,6 @@ func (b *StreamSpecApplyConfiguration) WithNkey(value string) *StreamSpecApplyCo return b } -// WithUserName sets the UserName field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the UserName field is set to the value of the last call. -func (b *StreamSpecApplyConfiguration) WithUserName(value string) *StreamSpecApplyConfiguration { - b.UserName = &value - return b -} - -// WithUserPassword sets the UserPassword field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the UserPassword field is set to the value of the last call. -func (b *StreamSpecApplyConfiguration) WithUserPassword(value string) *StreamSpecApplyConfiguration { - b.UserPassword = &value - return b -} - -// WithToken sets the Token field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Token field is set to the value of the last call. -func (b *StreamSpecApplyConfiguration) WithToken(value string) *StreamSpecApplyConfiguration { - b.Token = &value - return b -} - // WithNoAck sets the NoAck field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the NoAck field is set to the value of the last call.