diff --git a/ceph-rgw/templates/bin/rgw/_rgw-s3-admin.sh.tpl b/ceph-rgw/templates/bin/rgw/_rgw-s3-admin.sh.tpl deleted file mode 100644 index c17c0fc74..000000000 --- a/ceph-rgw/templates/bin/rgw/_rgw-s3-admin.sh.tpl +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -{{/* -Copyright 2018 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex - -function create_admin_user () { - radosgw-admin user create \ - --uid=${S3_ADMIN_USERNAME} \ - --display-name=${S3_ADMIN_USERNAME} - - radosgw-admin caps add \ - --uid=${S3_ADMIN_USERNAME} \ - --caps={{ .Values.conf.rgw_s3.admin_caps | quote }} - - radosgw-admin key create \ - --uid=${S3_ADMIN_USERNAME} \ - --key-type=s3 \ - --access-key ${S3_ADMIN_ACCESS_KEY} \ - --secret-key ${S3_ADMIN_SECRET_KEY} -} - -radosgw-admin user stats --uid=${S3_ADMIN_USERNAME} || \ - create_admin_user diff --git a/ceph-rgw/templates/configmap-bin.yaml b/ceph-rgw/templates/configmap-bin.yaml index 4c417712a..79666d391 100644 --- a/ceph-rgw/templates/configmap-bin.yaml +++ b/ceph-rgw/templates/configmap-bin.yaml @@ -39,7 +39,7 @@ data: ceph-admin-keyring.sh: | {{ tuple "bin/_ceph-admin-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} rgw-s3-admin.sh: | -{{ tuple "bin/rgw/_rgw-s3-admin.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- include "helm-toolkit.scripts.create_s3_user" . | indent 4 }} helm-tests.sh: | {{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- end }} diff --git a/ceph-rgw/templates/job-s3-admin.yaml b/ceph-rgw/templates/job-s3-admin.yaml index 71c246c59..2d0c173bb 100644 --- a/ceph-rgw/templates/job-s3-admin.yaml +++ b/ceph-rgw/templates/job-s3-admin.yaml @@ -92,17 +92,17 @@ spec: imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.rgw_s3_admin | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} env: - - name: S3_ADMIN_USERNAME + - name: S3_USERNAME valueFrom: secretKeyRef: name: {{ $s3AdminSecret }} key: S3_ADMIN_USERNAME - - name: S3_ADMIN_ACCESS_KEY + - name: S3_ACCESS_KEY valueFrom: secretKeyRef: name: {{ $s3AdminSecret }} key: S3_ADMIN_ACCESS_KEY - - name: S3_ADMIN_SECRET_KEY + - name: S3_SECRET_KEY valueFrom: secretKeyRef: name: {{ $s3AdminSecret }} diff --git a/helm-toolkit/templates/scripts/_create-s3-user.sh.tpl b/helm-toolkit/templates/scripts/_create-s3-user.sh.tpl index 9f4582e85..09bb9437a 100644 --- a/helm-toolkit/templates/scripts/_create-s3-user.sh.tpl +++ b/helm-toolkit/templates/scripts/_create-s3-user.sh.tpl @@ -22,15 +22,51 @@ set -ex function create_s3_user () { radosgw-admin user create \ --uid=${S3_USERNAME} \ - --display-name=${S3_USERNAME} - - radosgw-admin key create \ - --uid=${S3_USERNAME} \ + --display-name=${S3_USERNAME} \ --key-type=s3 \ --access-key ${S3_ACCESS_KEY} \ --secret-key ${S3_SECRET_KEY} } -radosgw-admin user stats --uid=${S3_USERNAME} || \ +function update_s3_user () { + # Retrieve old access keys, if they exist + old_access_keys=$(radosgw-admin user info --uid=${S3_USERNAME} \ + | jq -r '.keys[].access_key' || true) + + if [[ ! -z ${old_access_keys} ]]; then + for access_key in $old_access_keys; do + # If current access key is the same as the key supplied, do nothing. + if [ "$access_key" == "${S3_ACCESS_KEY}" ]; then + echo "Current key pair exists." + continue + else + # If keys differ, remove previous key + radosgw-admin key rm --uid=${S3_USERNAME} --key-type=s3 --access-key=$access_key + fi + done + fi + + # Perform one more additional check to account for scenarios where multiple + # key pairs existed previously, but one existing key was the supplied key + current_access_key=$(radosgw-admin user info --uid=${S3_USERNAME} \ + | jq -r '.keys[].access_key' || true) + + # If the supplied key does not exist, modify the user + if [[ -z ${current_access_key} ]]; then + # Modify user with new access and secret keys + echo "Updating key pair" + radosgw-admin user modify \ + --uid=${S3_USERNAME}\ + --access-key ${S3_ACCESS_KEY} \ + --secret-key ${S3_SECRET_KEY} + fi +} + +user_exists=$(radosgw-admin user info --uid=${S3_USERNAME} || true) +if [[ -z ${user_exists} ]]; then create_s3_user +else + update_s3_user +fi + {{- end }} diff --git a/tools/deployment/armada/manifests/armada-lma.yaml b/tools/deployment/armada/manifests/armada-lma.yaml index de433cefd..b27ee9e5b 100644 --- a/tools/deployment/armada/manifests/armada-lma.yaml +++ b/tools/deployment/armada/manifests/armada-lma.yaml @@ -123,10 +123,10 @@ data: delete: - type: job labels: - release_group: osh-infra-radosgw-osh-infra + release_group: osh-infra-osh-infra-radosgw - type: pod labels: - release_group: osh-infra-radosgw-osh-infra + release_group: osh-infra-osh-infra-radosgw component: test values: release_uuid: ${RELEASE_UUID}