Skip to content

Commit 9461e90

Browse files
committed
draft
1 parent 0ead5d8 commit 9461e90

File tree

3 files changed

+80
-48
lines changed

3 files changed

+80
-48
lines changed

controllers/repo_manager/secret.go

Lines changed: 58 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -121,44 +121,41 @@ func (r *RepoManagerReconciler) createSecrets(ctx context.Context, pulp *pulpv1.
121121
func pulpServerSecret(resources controllers.FunctionResources) client.Object {
122122

123123
pulp := resources.Pulp
124-
pulp_settings := ""
124+
pulp_settings := controllers.DotNotEditMessage
125125

126-
// default settings.py configuration
127-
defaultPulpSettings(resources, &pulp_settings)
126+
// add custom settings to the secret
127+
customSettings := addCustomPulpSettings(resources, &pulp_settings)
128128

129129
// pulpcore debug log
130130
debugLogging(resources, &pulp_settings)
131131

132132
// db settings
133-
databaseSettings(resources, &pulp_settings)
133+
databaseSettings(resources, &pulp_settings, customSettings)
134134

135135
// add cache settings
136136
cacheSettings(resources, &pulp_settings)
137137

138138
// azure settings
139-
azureSettings(resources, &pulp_settings)
139+
azureSettings(resources, &pulp_settings, customSettings)
140140

141141
// s3 settings
142-
s3Settings(resources, &pulp_settings)
142+
s3Settings(resources, &pulp_settings, customSettings)
143143

144144
// configure settings.py with keycloak integration variables
145145
ssoConfig(resources, &pulp_settings)
146146

147147
// configure TOKEN_SERVER based on ingress_type
148-
tokenSettings(resources, &pulp_settings)
148+
tokenSettings(resources, &pulp_settings, customSettings)
149149

150150
// django SECRET_KEY
151-
secretKeySettings(resources, &pulp_settings)
151+
secretKeySettings(resources, &pulp_settings, customSettings)
152152

153153
// allowed content checksum
154-
allowedContentChecksumsSettings(resources, &pulp_settings)
154+
allowedContentChecksumsSettings(resources, &pulp_settings, customSettings)
155155

156156
// ldap auth config
157157
ldapSettings(resources, &pulp_settings)
158158

159-
// add custom settings to the secret
160-
addCustomPulpSettings(resources, &pulp_settings)
161-
162159
sec := &corev1.Secret{
163160
ObjectMeta: metav1.ObjectMeta{
164161
Name: settings.PulpServerSecret(pulp.Name),
@@ -244,22 +241,6 @@ func pulpContainerAuth(resources controllers.FunctionResources) client.Object {
244241
}
245242
}
246243

247-
// defaultPulpSettings appends some common settings into pulpSettings
248-
func defaultPulpSettings(resources controllers.FunctionResources, pulpSettings *string) {
249-
rootUrl := getRootURL(resources)
250-
*pulpSettings = *pulpSettings + controllers.DotNotEditMessage + `
251-
DB_ENCRYPTION_KEY = "/etc/pulp/keys/database_fields.symmetric.key"
252-
ANSIBLE_API_HOSTNAME = "` + rootUrl + `"
253-
ANSIBLE_CERTS_DIR = "/etc/pulp/keys/"
254-
CONTENT_ORIGIN = "` + rootUrl + `"
255-
PRIVATE_KEY_PATH = "/etc/pulp/keys/container_auth_private_key.pem"
256-
PUBLIC_KEY_PATH = "/etc/pulp/keys/container_auth_public_key.pem"
257-
STATIC_ROOT = "/var/lib/operator/static/"
258-
TOKEN_AUTH_DISABLED = False
259-
TOKEN_SIGNATURE_ALGORITHM = "ES256"
260-
`
261-
}
262-
263244
// cacheSettings appends redis/cache settings into pulpSettings
264245
func cacheSettings(resources controllers.FunctionResources, pulpSettings *string) {
265246
pulp := resources.Pulp
@@ -296,7 +277,11 @@ REDIS_DB = "` + cacheDB + `"
296277
}
297278

298279
// databaseSettings appends postgres settings into pulpSettings
299-
func databaseSettings(resources controllers.FunctionResources, pulpSettings *string) {
280+
func databaseSettings(resources controllers.FunctionResources, pulpSettings *string, customSettings map[string]struct{}) {
281+
if _, exists := customSettings["DATABASES"]; exists {
282+
return
283+
}
284+
300285
pulp := resources.Pulp
301286
logger := resources.Logger
302287
context := resources.Context
@@ -352,7 +337,11 @@ func databaseSettings(resources controllers.FunctionResources, pulpSettings *str
352337
}
353338

354339
// azureSettings appends azure blob object storage settings into pulpSettings
355-
func azureSettings(resources controllers.FunctionResources, pulpSettings *string) {
340+
func azureSettings(resources controllers.FunctionResources, pulpSettings *string, customSettings map[string]struct{}) {
341+
if _, exists := customSettings["STORAGES"]; exists {
342+
return
343+
}
344+
356345
pulp := resources.Pulp
357346
logger := resources.Logger
358347
context := resources.Context
@@ -392,7 +381,10 @@ STORAGES = {
392381
}
393382

394383
// s3Settings appends s3 object storage settings into pulpSettings
395-
func s3Settings(resources controllers.FunctionResources, pulpSettings *string) {
384+
func s3Settings(resources controllers.FunctionResources, pulpSettings *string, customSettings map[string]struct{}) {
385+
if _, exists := customSettings["STORAGES"]; exists {
386+
return
387+
}
396388
pulp := resources.Pulp
397389
logger := resources.Logger
398390
context := resources.Context
@@ -459,9 +451,13 @@ STORAGES = {
459451
}
460452

461453
// tokenSettings appends the TOKEN_SERVER setting into pulpSettings
462-
func tokenSettings(resources controllers.FunctionResources, pulpSettings *string) {
454+
func tokenSettings(resources controllers.FunctionResources, pulpSettings *string, customSettings map[string]struct{}) {
455+
if _, exists := customSettings["TOKEN_SERVER"]; exists {
456+
return
457+
}
458+
463459
pulp := resources.Pulp
464-
rootUrl := getRootURL(resources)
460+
rootUrl := getRootURL(*pulp)
465461

466462
// configure TOKEN_SERVER based on ingress_type
467463
tokenServer := "http://" + pulp.Name + "-api-svc." + pulp.Namespace + ".svc.cluster.local:24817/token/"
@@ -478,7 +474,11 @@ func tokenSettings(resources controllers.FunctionResources, pulpSettings *string
478474
}
479475

480476
// secretKeySettings appends djange SECRET_KEY setting into pulpSettings
481-
func secretKeySettings(resources controllers.FunctionResources, pulpSettings *string) {
477+
func secretKeySettings(resources controllers.FunctionResources, pulpSettings *string, customSettings map[string]struct{}) {
478+
if _, exists := customSettings["SECRET_KEY"]; exists {
479+
return
480+
}
481+
482482
pulp := resources.Pulp
483483
logger := resources.Logger
484484
pulpSecretKey := pulp.Spec.PulpSecretKey
@@ -494,7 +494,11 @@ func secretKeySettings(resources controllers.FunctionResources, pulpSettings *st
494494
}
495495

496496
// allowedContentChecksumsSettings appends the allowed_content_checksums into pulpSettings
497-
func allowedContentChecksumsSettings(resources controllers.FunctionResources, pulpSettings *string) {
497+
func allowedContentChecksumsSettings(resources controllers.FunctionResources, pulpSettings *string, customSettings map[string]struct{}) {
498+
if _, exists := customSettings["ALLOWED_CONTENT_CHECKSUMS"]; exists {
499+
return
500+
}
501+
498502
pulp := resources.Pulp
499503
if len(pulp.Spec.AllowedContentChecksums) == 0 {
500504
return
@@ -503,23 +507,36 @@ func allowedContentChecksumsSettings(resources controllers.FunctionResources, pu
503507
*pulpSettings = *pulpSettings + fmt.Sprintln("ALLOWED_CONTENT_CHECKSUMS = ", string(settings))
504508
}
505509

506-
func addCustomPulpSettings(resources controllers.FunctionResources, pulpSettings *string) {
510+
func addCustomPulpSettings(resources controllers.FunctionResources, pulpSettings *string) map[string]struct{} {
507511
pulp := resources.Pulp
512+
rootUrl := getRootURL(*pulp)
513+
514+
defaultSettings := settings.DefaultPulpSettings(rootUrl)
508515

516+
// if custom_pulp_settings is not defined, append the default values and return
509517
if pulp.Spec.CustomPulpSettings == "" {
510-
return
518+
for _, k := range sortKeys(defaultSettings) {
519+
*pulpSettings = *pulpSettings + fmt.Sprintf("%v = %v\n", k, defaultSettings[k])
520+
}
521+
return nil
511522
}
512523

513524
settingsCM := &corev1.ConfigMap{}
514525
resources.Client.Get(resources.Context, types.NamespacedName{Name: pulp.Spec.CustomPulpSettings, Namespace: pulp.Namespace}, settingsCM)
515526

516-
settings := ""
527+
settings := map[string]struct{}{}
517528
for _, k := range sortKeys(settingsCM.Data) {
518-
settings = settings + fmt.Sprintf("%v = %v\n", strings.ToUpper(k), settingsCM.Data[k])
519-
}
529+
*pulpSettings = *pulpSettings + fmt.Sprintf("%v = %v\n", strings.ToUpper(k), settingsCM.Data[k])
530+
settings[strings.ToUpper(k)] = struct{}{}
520531

521-
*pulpSettings = *pulpSettings + settings
532+
// remove the settings from defaultSettings dict to avoid duplicate config
533+
delete(defaultSettings, strings.ToUpper(k))
534+
}
522535

536+
for _, k := range sortKeys(defaultSettings) {
537+
*pulpSettings = *pulpSettings + fmt.Sprintf("%v = %v\n", k, defaultSettings[k])
538+
}
539+
return settings
523540
}
524541

525542
// debugLogging will set the log level from Pulpcore pods to DEBUG

controllers/repo_manager/utils.go

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -371,20 +371,20 @@ func (r *RepoManagerReconciler) isNginxIngress(pulp *pulpv1.Pulp) bool {
371371
}
372372

373373
// getRootURL handles user facing URLs
374-
func getRootURL(resource controllers.FunctionResources) string {
374+
func getRootURL(pulp pulpv1.Pulp) string {
375375
scheme := "https"
376-
if isIngress(resource.Pulp) {
377-
if resource.Pulp.Spec.IngressTLSSecret == "" {
376+
if isIngress(&pulp) {
377+
if pulp.Spec.IngressTLSSecret == "" {
378378
scheme = "http"
379379
}
380-
hostname := resource.Pulp.Spec.IngressHost
380+
hostname := pulp.Spec.IngressHost
381381
return scheme + "://" + hostname
382382
}
383-
if isRoute(resource.Pulp) {
384-
return "https://" + pulp_ocp.GetRouteHost(resource.Pulp)
383+
if isRoute(&pulp) {
384+
return "https://" + pulp_ocp.GetRouteHost(&pulp)
385385
}
386386

387-
return "http://" + settings.PulpWebService(resource.Pulp.Name) + "." + resource.Pulp.Namespace + ".svc.cluster.local:24880"
387+
return "http://" + settings.PulpWebService(pulp.Name) + "." + pulp.Namespace + ".svc.cluster.local:24880"
388388
}
389389

390390
// ignoreUpdateCRStatusPredicate filters update events on pulpbackup CR status

controllers/settings/secrets.go

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,3 +39,18 @@ func RedHatOperatorPullSecret(pulpName string) string {
3939
func DefaultDBSecret(pulpName string) string {
4040
return pulpName + "-" + postgresConfiguration
4141
}
42+
43+
// Default configurations for settings.py
44+
func DefaultPulpSettings(rootUrl string) map[string]string {
45+
return map[string]string{
46+
"DB_ENCRYPTION_KEY": `"/etc/pulp/keys/database_fields.symmetric.key"`,
47+
"ANSIBLE_CERTS_DIR": `"/etc/pulp/keys/"`,
48+
"PRIVATE_KEY_PATH": `"/etc/pulp/keys/container_auth_private_key.pem"`,
49+
"PUBLIC_KEY_PATH": `"/etc/pulp/keys/container_auth_public_key.pem"`,
50+
"STATIC_ROOT": `"/var/lib/operator/static/"`,
51+
"TOKEN_AUTH_DISABLED": "False",
52+
"TOKEN_SIGNATURE_ALGORITHM": `"ES256"`,
53+
"ANSIBLE_API_HOSTNAME": `"` + rootUrl + `"`,
54+
"CONTENT_ORIGIN": `"` + rootUrl + `"`,
55+
}
56+
}

0 commit comments

Comments
 (0)