diff --git a/CHANGELOG.md b/CHANGELOG.md index b96724e7..26a3341f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,8 @@ All notable changes to this project will be documented in this file. - `operator-rs` `0.10.0` -> `0.15.0` ([#218], [#223], [#230]). - [BREAKING] Specifying the product version has been changed to adhere to [ADR018](https://docs.stackable.tech/home/contributor/adr/ADR018-product_image_versioning.html) instead of just specifying the product version you will now have to add the Stackable image version as well, so `version: 3.5.8` becomes (for example) `version: 3.5.8-stackable0.1.0` ([#270]) +- [BREAKING] CRD overhaul: Moved `authenticationConfig` to top level `config.authentication`. `SingleUser` now proper camelCase `singleUser`. `adminCredentialsSecret` now takes a String instead of `SecretReference` ([#277]). +- [BREAKING] CRD overhaul: Moved `sensitivePropertiesConfig` to top level `config.sensitiveProperties` ([#277]). ### Removed @@ -25,6 +27,7 @@ All notable changes to this project will be documented in this file. [#223]: https://github.com/stackabletech/nifi-operator/pull/223 [#230]: https://github.com/stackabletech/nifi-operator/pull/230 [#270]: https://github.com/stackabletech/nifi-operator/pull/270 +[#277]: https://github.com/stackabletech/nifi-operator/pull/277 ## [0.5.0] - 2022-02-14 @@ -38,6 +41,7 @@ All notable changes to this project will be documented in this file. ## [0.4.0] - 2021-12-06 ### Added + - Support for 1.15.0 ([#125]) - Sensitive property key is setable via a secret ([#125]) @@ -56,6 +60,7 @@ All notable changes to this project will be documented in this file. ## [0.3.0] - 2021-10-27 ### Added + - Added versioning code from operator-rs for up and downgrades ([#81]). - Added `ProductVersion` to status ([#81]). - Added `Condition` to status ([#81]). @@ -68,8 +73,9 @@ All notable changes to this project will be documented in this file. - `kube-rs`: `0.58` → `0.60` ([#83]). - `k8s-openapi` `0.12` → `0.13` and features: `v1_21` → `v1_22` ([#83]). - `operator-rs` `0.2.1` → `0.2.2` ([#83]). - + ### Fixed + - Fixed a bug where `wait_until_crds_present` only reacted to the main CRD, not the commands ([#92]). [#92]: https://github.com/stackabletech/nifi-operator/pull/92 @@ -80,6 +86,7 @@ All notable changes to this project will be documented in this file. ## [0.2.0] - 2021-09-14 ### Changed + - **Breaking:** Repository structure was changed and the -server crate renamed to -binary. As part of this change the -server suffix was removed from both the package name for os packages and the name of the executable ([#72]). [#72]: https://github.com/stackabletech/nifi-operator/pull/72 diff --git a/deploy/crd/nificluster.crd.yaml b/deploy/crd/nificluster.crd.yaml index fa344df0..a3dfc71e 100644 --- a/deploy/crd/nificluster.crd.yaml +++ b/deploy/crd/nificluster.crd.yaml @@ -22,38 +22,60 @@ spec: properties: spec: properties: - authenticationConfig: - description: A reference to a Secret containing username/password for the initial admin user + config: + description: Global Nifi config for e.g. authentication or sensitive properties properties: - allowAnonymousAccess: - nullable: true - type: boolean - method: - oneOf: - - required: - - SingleUser + authentication: + description: A reference to a Secret containing username/password for the initial admin user properties: - SingleUser: + allowAnonymousAccess: + nullable: true + type: boolean + method: + oneOf: + - required: + - singleUser properties: - adminCredentialsSecret: - description: SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace + singleUser: properties: - name: - description: Name is unique within a namespace to reference a secret resource. - type: string - namespace: - description: Namespace defines the space within which the secret name must be unique. + adminCredentialsSecret: type: string + autoGenerate: + default: false + type: boolean + required: + - adminCredentialsSecret type: object - autoGenerate: - default: false - type: boolean - required: - - adminCredentialsSecret type: object + required: + - method + type: object + sensitiveProperties: + description: Configuration options for how NiFi encrypts sensitive properties on disk + properties: + algorithm: + enum: + - nifiArgon2AesGcm128 + - nifiArgon2AesGcm256 + - nifiBcryptAesGcm128 + - nifiBcryptAesGcm256 + - nifiPbkdf2AesGcm128 + - nifiPbkdf2AesGcm256 + - nifiScryptAesGcm128 + - nifiScryptAesGcm256 + nullable: true + type: string + autoGenerate: + default: false + type: boolean + keySecret: + type: string + required: + - keySecret type: object required: - - method + - authentication + - sensitiveProperties type: object nodes: description: Available NiFi roles @@ -661,29 +683,6 @@ spec: required: - roleGroups type: object - sensitivePropertiesConfig: - description: Configuration options for how NiFi encrypts sensitive properties on disk - properties: - algorithm: - enum: - - nifiArgon2AesGcm128 - - nifiArgon2AesGcm256 - - nifiBcryptAesGcm128 - - nifiBcryptAesGcm256 - - nifiPbkdf2AesGcm128 - - nifiPbkdf2AesGcm256 - - nifiScryptAesGcm128 - - nifiScryptAesGcm256 - nullable: true - type: string - autoGenerate: - default: false - type: boolean - keySecret: - type: string - required: - - keySecret - type: object stopped: description: "Emergency stop button, if `true` then all pods are stopped without affecting configuration (as setting `replicas` to `0` would)" nullable: true @@ -696,8 +695,7 @@ spec: description: The reference to the ZooKeeper cluster type: string required: - - authenticationConfig - - sensitivePropertiesConfig + - config - zookeeperConfigMapName type: object status: diff --git a/deploy/helm/nifi-operator/crds/crds.yaml b/deploy/helm/nifi-operator/crds/crds.yaml index a024ff0d..66d04b10 100644 --- a/deploy/helm/nifi-operator/crds/crds.yaml +++ b/deploy/helm/nifi-operator/crds/crds.yaml @@ -24,38 +24,60 @@ spec: properties: spec: properties: - authenticationConfig: - description: A reference to a Secret containing username/password for the initial admin user + config: + description: Global Nifi config for e.g. authentication or sensitive properties properties: - allowAnonymousAccess: - nullable: true - type: boolean - method: - oneOf: - - required: - - SingleUser + authentication: + description: A reference to a Secret containing username/password for the initial admin user properties: - SingleUser: + allowAnonymousAccess: + nullable: true + type: boolean + method: + oneOf: + - required: + - singleUser properties: - adminCredentialsSecret: - description: SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace + singleUser: properties: - name: - description: Name is unique within a namespace to reference a secret resource. - type: string - namespace: - description: Namespace defines the space within which the secret name must be unique. + adminCredentialsSecret: type: string + autoGenerate: + default: false + type: boolean + required: + - adminCredentialsSecret type: object - autoGenerate: - default: false - type: boolean - required: - - adminCredentialsSecret type: object + required: + - method + type: object + sensitiveProperties: + description: Configuration options for how NiFi encrypts sensitive properties on disk + properties: + algorithm: + enum: + - nifiArgon2AesGcm128 + - nifiArgon2AesGcm256 + - nifiBcryptAesGcm128 + - nifiBcryptAesGcm256 + - nifiPbkdf2AesGcm128 + - nifiPbkdf2AesGcm256 + - nifiScryptAesGcm128 + - nifiScryptAesGcm256 + nullable: true + type: string + autoGenerate: + default: false + type: boolean + keySecret: + type: string + required: + - keySecret type: object required: - - method + - authentication + - sensitiveProperties type: object nodes: description: Available NiFi roles @@ -663,29 +685,6 @@ spec: required: - roleGroups type: object - sensitivePropertiesConfig: - description: Configuration options for how NiFi encrypts sensitive properties on disk - properties: - algorithm: - enum: - - nifiArgon2AesGcm128 - - nifiArgon2AesGcm256 - - nifiBcryptAesGcm128 - - nifiBcryptAesGcm256 - - nifiPbkdf2AesGcm128 - - nifiPbkdf2AesGcm256 - - nifiScryptAesGcm128 - - nifiScryptAesGcm256 - nullable: true - type: string - autoGenerate: - default: false - type: boolean - keySecret: - type: string - required: - - keySecret - type: object stopped: description: "Emergency stop button, if `true` then all pods are stopped without affecting configuration (as setting `replicas` to `0` would)" nullable: true @@ -698,8 +697,7 @@ spec: description: The reference to the ZooKeeper cluster type: string required: - - authenticationConfig - - sensitivePropertiesConfig + - config - zookeeperConfigMapName type: object status: diff --git a/deploy/manifests/crds.yaml b/deploy/manifests/crds.yaml index 50a56fa7..c3e41b8b 100644 --- a/deploy/manifests/crds.yaml +++ b/deploy/manifests/crds.yaml @@ -25,38 +25,60 @@ spec: properties: spec: properties: - authenticationConfig: - description: A reference to a Secret containing username/password for the initial admin user + config: + description: Global Nifi config for e.g. authentication or sensitive properties properties: - allowAnonymousAccess: - nullable: true - type: boolean - method: - oneOf: - - required: - - SingleUser + authentication: + description: A reference to a Secret containing username/password for the initial admin user properties: - SingleUser: + allowAnonymousAccess: + nullable: true + type: boolean + method: + oneOf: + - required: + - singleUser properties: - adminCredentialsSecret: - description: SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace + singleUser: properties: - name: - description: Name is unique within a namespace to reference a secret resource. - type: string - namespace: - description: Namespace defines the space within which the secret name must be unique. + adminCredentialsSecret: type: string + autoGenerate: + default: false + type: boolean + required: + - adminCredentialsSecret type: object - autoGenerate: - default: false - type: boolean - required: - - adminCredentialsSecret type: object + required: + - method + type: object + sensitiveProperties: + description: Configuration options for how NiFi encrypts sensitive properties on disk + properties: + algorithm: + enum: + - nifiArgon2AesGcm128 + - nifiArgon2AesGcm256 + - nifiBcryptAesGcm128 + - nifiBcryptAesGcm256 + - nifiPbkdf2AesGcm128 + - nifiPbkdf2AesGcm256 + - nifiScryptAesGcm128 + - nifiScryptAesGcm256 + nullable: true + type: string + autoGenerate: + default: false + type: boolean + keySecret: + type: string + required: + - keySecret type: object required: - - method + - authentication + - sensitiveProperties type: object nodes: description: Available NiFi roles @@ -664,29 +686,6 @@ spec: required: - roleGroups type: object - sensitivePropertiesConfig: - description: Configuration options for how NiFi encrypts sensitive properties on disk - properties: - algorithm: - enum: - - nifiArgon2AesGcm128 - - nifiArgon2AesGcm256 - - nifiBcryptAesGcm128 - - nifiBcryptAesGcm256 - - nifiPbkdf2AesGcm128 - - nifiPbkdf2AesGcm256 - - nifiScryptAesGcm128 - - nifiScryptAesGcm256 - nullable: true - type: string - autoGenerate: - default: false - type: boolean - keySecret: - type: string - required: - - keySecret - type: object stopped: description: "Emergency stop button, if `true` then all pods are stopped without affecting configuration (as setting `replicas` to `0` would)" nullable: true @@ -699,8 +698,7 @@ spec: description: The reference to the ZooKeeper cluster type: string required: - - authenticationConfig - - sensitivePropertiesConfig + - config - zookeeperConfigMapName type: object status: diff --git a/docs/modules/ROOT/pages/env_var_args.adoc b/docs/modules/ROOT/pages/env_var_args.adoc index 9f8b3111..30756b69 100644 --- a/docs/modules/ROOT/pages/env_var_args.adoc +++ b/docs/modules/ROOT/pages/env_var_args.adoc @@ -53,4 +53,3 @@ docker run \ --mount type=bind,source="$HOME/.kube/config",target="/home/stackable/.kube/config" \ docker.stackable.tech/stackable/nifi-operator:latest ---- - diff --git a/docs/modules/ROOT/pages/usage.adoc b/docs/modules/ROOT/pages/usage.adoc index 686a455c..0cdabf2f 100644 --- a/docs/modules/ROOT/pages/usage.adoc +++ b/docs/modules/ROOT/pages/usage.adoc @@ -29,14 +29,13 @@ metadata: spec: version: "1.15.0-stackable0.4.0" zookeeperConfigMapName: simple-nifi-znode - authenticationConfig: - method: - SingleUser: - adminCredentialsSecret: - name: nifi-admin-credentials-simple - namespace: default - aut - allowAnonymousAccess: true + config: + authentication: + method: + singleUser: + adminCredentialsSecret: nifi-admin-credentials-simple + sensitiveProperties: + keySecret: nifi-sensitive-property-key nodes: roleGroups: default: @@ -44,7 +43,6 @@ spec: matchLabels: kubernetes.io/os: linux config: - sensitivePropertyKeySecret: nifi-sensitive-property-key log: rootLogLevel: INFO replicas: 3 diff --git a/docs/modules/ROOT/partials/supported-versions.adoc b/docs/modules/ROOT/partials/supported-versions.adoc index d31e0d23..cd030d5b 100644 --- a/docs/modules/ROOT/partials/supported-versions.adoc +++ b/docs/modules/ROOT/partials/supported-versions.adoc @@ -2,4 +2,4 @@ // This is a separate file, since it is used by both the direct NiFi-Operator documentation, and the overarching // Stackable Platform documentation. -- 1.15.0 \ No newline at end of file +- 1.15.0 diff --git a/examples/simple-nifi-cluster.yaml b/examples/simple-nifi-cluster.yaml index f5ba9b91..8eb73698 100644 --- a/examples/simple-nifi-cluster.yaml +++ b/examples/simple-nifi-cluster.yaml @@ -39,15 +39,15 @@ metadata: spec: version: "1.15.0-stackable0.4.0" zookeeperConfigMapName: simple-nifi-znode - authenticationConfig: - method: - SingleUser: - adminCredentialsSecret: - name: nifi-admin-credentials-simple - autoGenerate: true - sensitivePropertiesConfig: - keySecret: nifi-sensitive-property-key - autoGenerate: true + config: + authentication: + method: + singleUser: + adminCredentialsSecret: nifi-admin-credentials-simple + autoGenerate: true + sensitivePropertiesConfig: + keySecret: nifi-sensitive-property-key + autoGenerate: true nodes: config: resources: diff --git a/rust/crd/src/authentication.rs b/rust/crd/src/authentication.rs index 1c5b5445..7b994458 100644 --- a/rust/crd/src/authentication.rs +++ b/rust/crd/src/authentication.rs @@ -1,12 +1,10 @@ use rand::distributions::Alphanumeric; use rand::Rng; use serde::{Deserialize, Serialize}; -use snafu::{OptionExt, ResultExt, Snafu}; +use snafu::{ResultExt, Snafu}; use stackable_operator::builder::ObjectMetaBuilder; use stackable_operator::client::Client; -use stackable_operator::k8s_openapi::api::core::v1::{ - Secret, SecretReference, SecretVolumeSource, Volume, -}; +use stackable_operator::k8s_openapi::api::core::v1::{Secret, SecretVolumeSource, Volume}; use stackable_operator::kube::runtime::reflector::ObjectRef; use stackable_operator::schemars::{self, JsonSchema}; use std::collections::BTreeMap; @@ -59,11 +57,11 @@ pub struct NifiAuthenticationConfig { } #[derive(Clone, Debug, Deserialize, JsonSchema, PartialEq, Serialize, strum::Display)] -#[strum(serialize_all = "camelCase")] +#[serde(rename_all = "camelCase")] pub enum NifiAuthenticationMethod { #[serde(rename_all = "camelCase")] SingleUser { - admin_credentials_secret: SecretReference, + admin_credentials_secret: String, #[serde(default)] auto_generate: bool, }, @@ -85,23 +83,12 @@ pub async fn get_login_identity_provider_xml( admin_credentials_secret, auto_generate, } => { - let secret_name = admin_credentials_secret.name.clone().with_context(|| { - MissingSecretReferenceSnafu { - secret: "admin_credentials_secret".to_string(), - } - })?; - // If no namespace was specified the namespace of the NifiCluster object is assumed - let secret_namespace = admin_credentials_secret - .namespace - .clone() - .unwrap_or_else(|| current_namespace.to_string()); - // Check if the referenced secret exists and contains all necessary keys, otherwise // generate random password and default user check_or_generate_admin_credentials( client, - &secret_name, - &secret_namespace, + admin_credentials_secret, + current_namespace, auto_generate, ) .await?; @@ -126,11 +113,7 @@ pub fn get_auth_volumes( let admin_volume = Volume { name: AUTH_VOLUME_NAME.to_string(), secret: Some(SecretVolumeSource { - secret_name: Some(admin_credentials_secret.name.clone().with_context( - || MissingRequiredValueSnafu { - value: "name".to_string(), - }, - )?), + secret_name: Some(admin_credentials_secret.to_string()), ..SecretVolumeSource::default() }), ..Volume::default() diff --git a/rust/crd/src/lib.rs b/rust/crd/src/lib.rs index 0853b9a4..d537b813 100644 --- a/rust/crd/src/lib.rs +++ b/rust/crd/src/lib.rs @@ -28,6 +28,16 @@ pub const BALANCE_PORT: u16 = 6243; pub const METRICS_PORT_NAME: &str = "metrics"; pub const METRICS_PORT: u16 = 8081; +#[derive(Snafu, Debug)] +pub enum Error { + #[snafu(display("could not parse product version from image: [{image_version}]. Expected format e.g. [1.15.0-stackable0.1.0]"))] + NifiProductVersion { image_version: String }, + #[snafu(display("object has no namespace associated"))] + NoNamespace, + #[snafu(display("object defines no version"))] + ObjectHasNoVersion, +} + #[derive(Clone, CustomResource, Debug, Deserialize, JsonSchema, PartialEq, Serialize)] #[kube( group = "nifi.stackable.tech", @@ -56,10 +66,17 @@ pub struct NifiSpec { pub nodes: Option>, /// The reference to the ZooKeeper cluster pub zookeeper_config_map_name: String, + /// Global Nifi config for e.g. authentication or sensitive properties + pub config: NifiGlobalConfig, +} + +#[derive(Clone, Debug, Deserialize, JsonSchema, PartialEq, Serialize)] +#[serde(rename_all = "camelCase")] +pub struct NifiGlobalConfig { /// A reference to a Secret containing username/password for the initial admin user - pub authentication_config: NifiAuthenticationConfig, + pub authentication: NifiAuthenticationConfig, /// Configuration options for how NiFi encrypts sensitive properties on disk - pub sensitive_properties_config: NifiSensitivePropertiesConfig, + pub sensitive_properties: NifiSensitivePropertiesConfig, } #[derive(Clone, Debug, Default, Deserialize, JsonSchema, PartialEq, Serialize)] @@ -235,10 +252,6 @@ pub struct NifiStorageConfig { pub state_repo: PvcConfig, } -#[derive(Debug, Snafu)] -#[snafu(display("object has no namespace associated"))] -pub struct NoNamespaceError; - impl NifiCluster { /// The name of the role-level load-balanced Kubernetes `Service` pub fn node_role_service_name(&self) -> Option { @@ -267,7 +280,7 @@ impl NifiCluster { /// /// We try to predict the pods here rather than looking at the current cluster state in order to /// avoid instance churn. - pub fn pods(&self) -> Result + '_, NoNamespaceError> { + pub fn pods(&self) -> Result + '_, Error> { let ns = self.metadata.namespace.clone().context(NoNamespaceSnafu)?; Ok(self .spec @@ -287,6 +300,25 @@ impl NifiCluster { }) })) } + + /// Returns the provided docker image e.g. 1.15.0-stackable0 + pub fn image_version(&self) -> Result<&str, Error> { + self.spec + .version + .as_deref() + .context(ObjectHasNoVersionSnafu) + } + + /// Returns our semver representation for product config e.g. 1.15.0 + pub fn product_version(&self) -> Result<&str, Error> { + let image_version = self.image_version()?; + image_version + .split('-') + .next() + .with_context(|| NifiProductVersionSnafu { + image_version: image_version.to_string(), + }) + } } /// Reference to a single `Pod` that is a component of a [`NifiCluster`] diff --git a/rust/operator-binary/resources/singleuser-login-identity-providers.xml b/rust/operator-binary/resources/singleuser-login-identity-providers.xml index aa80c5ec..9ec0c362 100644 --- a/rust/operator-binary/resources/singleuser-login-identity-providers.xml +++ b/rust/operator-binary/resources/singleuser-login-identity-providers.xml @@ -6,4 +6,4 @@ xxx yyy - \ No newline at end of file + diff --git a/rust/operator-binary/src/config.rs b/rust/operator-binary/src/config.rs index b21cffdc..8e330db9 100644 --- a/rust/operator-binary/src/config.rs +++ b/rust/operator-binary/src/config.rs @@ -447,7 +447,8 @@ pub fn build_nifi_properties( ); let algorithm = &spec - .sensitive_properties_config + .config + .sensitive_properties .algorithm .clone() .unwrap_or_default(); @@ -493,7 +494,7 @@ pub fn build_nifi_properties( ); properties.insert( "nifi.security.allow.anonymous.authentication".to_string(), - spec.authentication_config.allow_anonymous().to_string(), + spec.config.authentication.allow_anonymous().to_string(), ); properties.insert( "nifi.cluster.protocol.is.secure".to_string(), diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index b571d469..af562c07 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -69,8 +69,6 @@ pub struct Ctx { #[strum_discriminants(derive(IntoStaticStr))] #[allow(clippy::enum_variant_names)] pub enum Error { - #[snafu(display("object defines no version"))] - ObjectHasNoVersion, #[snafu(display("object defines no name"))] ObjectHasNoName, #[snafu(display("object defines no spec"))] @@ -151,12 +149,12 @@ pub enum Error { }, #[snafu(display("Failed to find an external port to use for proxy hosts"))] ExternalPort, - #[snafu(display("Could not build role service fqdn"))] NoRoleServiceFqdn, - #[snafu(display("Bootstrap configuration error"))] BoostrapConfig { source: crate::config::Error }, + #[snafu(display("failed to parse NiFi version"))] + NifiVersionParseFailure { source: stackable_nifi_crd::Error }, } type Result = std::result::Result; @@ -170,7 +168,9 @@ impl ReconcilerError for Error { pub async fn reconcile_nifi(nifi: Arc, ctx: Context) -> Result { tracing::info!("Starting reconcile"); let client = &ctx.get_ref().client; - let nifi_version = nifi_version(&nifi)?; + let nifi_product_version = nifi + .product_version() + .context(NifiVersionParseFailureSnafu)?; let namespace = &nifi .metadata .namespace @@ -182,7 +182,7 @@ pub async fn reconcile_nifi(nifi: Arc, ctx: Context) -> Result let validated_config = validated_product_config( &nifi, - nifi_version, + nifi_product_version, nifi.spec.nodes.as_ref().context(NoNodesDefinedSnafu)?, &ctx.get_ref().product_config, ) @@ -305,7 +305,13 @@ pub fn build_node_role_service(nifi: &NifiCluster) -> Result { .name(&role_svc_name) .ownerreference_from_resource(nifi, None, Some(true)) .context(ObjectMissingMetadataForOwnerRefSnafu)? - .with_recommended_labels(nifi, APP_NAME, nifi_version(nifi)?, &role_name, "global") + .with_recommended_labels( + nifi, + APP_NAME, + nifi.image_version().context(NifiVersionParseFailureSnafu)?, + &role_name, + "global", + ) .build(), spec: Some(ServiceSpec { ports: Some(vec![ServicePort { @@ -350,7 +356,7 @@ fn build_node_rolegroup_log_config_map( .with_recommended_labels( nifi, APP_NAME, - nifi_version(nifi)?, + nifi.image_version().context(NifiVersionParseFailureSnafu)?, &rolegroup.role, &rolegroup.role_group, ) @@ -392,7 +398,7 @@ async fn build_node_rolegroup_config_map( .with_recommended_labels( nifi, APP_NAME, - nifi_version(nifi)?, + nifi.image_version().context(NifiVersionParseFailureSnafu)?, &rolegroup.role, &rolegroup.role_group, ) @@ -429,7 +435,7 @@ async fn build_node_rolegroup_config_map( "login-identity-providers.xml", stackable_nifi_crd::authentication::get_login_identity_provider_xml( client, - &nifi.spec.authentication_config, + &nifi.spec.config.authentication, namespace, ) .await @@ -458,7 +464,7 @@ fn build_node_rolegroup_service( .with_recommended_labels( nifi, APP_NAME, - nifi_version(nifi)?, + nifi.image_version().context(NifiVersionParseFailureSnafu)?, &rolegroup.role, &rolegroup.role_group, ) @@ -588,8 +594,8 @@ fn build_node_rolegroup_statefulset( let rolegroup = role.role_groups.get(&rolegroup_ref.role_group); - let nifi_version = nifi_version(nifi)?; - let image = format!("docker.stackable.tech/stackable/nifi:{}", nifi_version); + let image_version = nifi.image_version().context(NifiVersionParseFailureSnafu)?; + let image = format!("docker.stackable.tech/stackable/nifi:{}", image_version); let node_address = format!( "$POD_NAME.{}-node-{}.{}.svc.cluster.local", @@ -602,9 +608,9 @@ fn build_node_rolegroup_statefulset( .with_context(|| ObjectHasNoNamespaceSnafu {})? ); - let sensitive_key_secret = &nifi.spec.sensitive_properties_config.key_secret; + let sensitive_key_secret = &nifi.spec.config.sensitive_properties.key_secret; - let auth_volumes = get_auth_volumes(&nifi.spec.authentication_config.method) + let auth_volumes = get_auth_volumes(&nifi.spec.config.authentication.method) .context(MaterializeAuthConfigSnafu)?; let mut container_prepare = ContainerBuilder::new("prepare") @@ -756,7 +762,7 @@ fn build_node_rolegroup_statefulset( m.with_recommended_labels( nifi, APP_NAME, - nifi_version, + image_version, &rolegroup_ref.role, &rolegroup_ref.role_group, ) @@ -853,7 +859,7 @@ fn build_node_rolegroup_statefulset( .with_recommended_labels( nifi, APP_NAME, - nifi_version, + image_version, &rolegroup_ref.role, &rolegroup_ref.role_group, ) @@ -928,6 +934,9 @@ fn build_reporting_task_job( ) -> Result { let rolegroup_obj_name = rolegroup_ref.object_name(); let namespace: &str = &nifi.namespace().context(ObjectHasNoNamespaceSnafu)?; + let product_version = nifi + .product_version() + .context(NifiVersionParseFailureSnafu)?; let nifi_connect_url = format!( "https://{rolegroup}-0.{rolegroup}.{namespace}.svc.cluster.local:{port}/nifi-api", rolegroup = rolegroup_obj_name, @@ -943,7 +952,7 @@ fn build_reporting_task_job( &format!("-n {}", nifi_connect_url), &format!("-u $(cat {}/username)", AUTH_VOLUME_MOUNT_PATH), &format!("-p $(cat {}/password)", AUTH_VOLUME_MOUNT_PATH), - &format!("-v {}", nifi_version(nifi)?), + &format!("-v {}", product_version), &format!("-m {}", METRICS_PORT), &format!("-c {}/ca.crt", KEYSTORE_REPORTING_TASK_MOUNT), ] @@ -960,7 +969,7 @@ fn build_reporting_task_job( let mut volumes = vec![build_keystore_volume(KEYSTORE_VOLUME_NAME)]; // Volume and Volume mounts for the authentication secret - let auth_volumes = get_auth_volumes(&nifi.spec.authentication_config.method) + let auth_volumes = get_auth_volumes(&nifi.spec.config.authentication.method) .context(MaterializeAuthConfigSnafu)?; for (name, (mount_path, volume)) in auth_volumes { @@ -978,7 +987,7 @@ fn build_reporting_task_job( let job_name = format!( "{}-create-reporting-task-{}", nifi.name(), - nifi_version(nifi)?.replace('.', "-") + product_version.replace('.', "-") ); let pod = PodTemplateSpec { @@ -1022,7 +1031,7 @@ async fn check_or_generate_sensitive_key( client: &Client, nifi: &NifiCluster, ) -> Result { - let sensitive_config = &nifi.spec.sensitive_properties_config; + let sensitive_config = &nifi.spec.config.sensitive_properties; let namespace: &str = &nifi.namespace().context(ObjectHasNoNamespaceSnafu)?; match client @@ -1173,13 +1182,6 @@ async fn get_proxy_hosts( Ok(proxy_setting.join(",")) } -pub fn nifi_version(nifi: &NifiCluster) -> Result<&str> { - nifi.spec - .version - .as_deref() - .context(ObjectHasNoVersionSnafu) -} - pub fn error_policy(_error: &Error, _ctx: Context) -> Action { Action::requeue(Duration::from_secs(10)) } diff --git a/tests/templates/kuttl/resources/01-install-nifi.yaml.j2 b/tests/templates/kuttl/resources/01-install-nifi.yaml.j2 index 41223e09..d44a74d7 100644 --- a/tests/templates/kuttl/resources/01-install-nifi.yaml.j2 +++ b/tests/templates/kuttl/resources/01-install-nifi.yaml.j2 @@ -21,13 +21,13 @@ metadata: spec: version: {{ test_scenario['values']['nifi'] }} zookeeperConfigMapName: test-nifi-znode - authenticationConfig: - method: - SingleUser: - adminCredentialsSecret: - name: nifi-admin-credentials-simple - sensitivePropertiesConfig: - keySecret: nifi-sensitive-property-key + config: + authentication: + method: + singleUser: + adminCredentialsSecret: nifi-admin-credentials-simple + sensitiveProperties: + keySecret: nifi-sensitive-property-key nodes: config: resources: diff --git a/tests/templates/kuttl/smoke/01-install-nifi.yaml.j2 b/tests/templates/kuttl/smoke/01-install-nifi.yaml.j2 index 37e58921..b0c54542 100644 --- a/tests/templates/kuttl/smoke/01-install-nifi.yaml.j2 +++ b/tests/templates/kuttl/smoke/01-install-nifi.yaml.j2 @@ -21,13 +21,13 @@ metadata: spec: version: {{ test_scenario['values']['nifi'] }} zookeeperConfigMapName: test-nifi-znode - authenticationConfig: - method: - SingleUser: - adminCredentialsSecret: - name: nifi-admin-credentials-simple - sensitivePropertiesConfig: - keySecret: nifi-sensitive-property-key + config: + authentication: + method: + singleUser: + adminCredentialsSecret: nifi-admin-credentials-simple + sensitiveProperties: + keySecret: nifi-sensitive-property-key nodes: roleGroups: default: @@ -38,4 +38,3 @@ spec: log: rootLogLevel: INFO replicas: 2 -