From 717cc926cc6613672006e782c81df92c9e25154f Mon Sep 17 00:00:00 2001 From: Katharina Przybill <30441792+kathap@users.noreply.github.com> Date: Wed, 25 Mar 2026 08:52:43 +0100 Subject: [PATCH 1/6] Enhance storage-cli webdav config --- .../templates/storage_cli_config_buildpacks.json.erb | 8 +++++--- .../templates/storage_cli_config_droplets.json.erb | 8 +++++--- .../templates/storage_cli_config_packages.json.erb | 8 +++++--- .../storage_cli_config_resource_pool.json.erb | 8 +++++--- .../templates/storage_cli_config_buildpacks.json.erb | 10 ++++++---- .../templates/storage_cli_config_droplets.json.erb | 8 +++++--- .../templates/storage_cli_config_packages.json.erb | 8 +++++--- .../storage_cli_config_resource_pool.json.erb | 8 +++++--- .../templates/storage_cli_config_buildpacks.json.erb | 8 +++++--- .../templates/storage_cli_config_droplets.json.erb | 8 +++++--- .../templates/storage_cli_config_packages.json.erb | 8 +++++--- .../storage_cli_config_resource_pool.json.erb | 8 +++++--- .../templates/storage_cli_config_buildpacks.json.erb | 8 +++++--- .../templates/storage_cli_config_droplets.json.erb | 5 +++-- .../templates/storage_cli_config_packages.json.erb | 10 ++++++---- .../storage_cli_config_resource_pool.json.erb | 8 +++++--- .../templates/storage_cli_config_buildpacks.json.erb | 8 +++++--- .../templates/storage_cli_config_droplets.json.erb | 8 +++++--- .../templates/storage_cli_config_packages.json.erb | 8 +++++--- .../storage_cli_config_resource_pool.json.erb | 10 ++++++---- 20 files changed, 101 insertions(+), 62 deletions(-) diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb index 2e6886adf7..96b8ec91d3 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb index c72cf61b76..7588e0ccc5 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb index 62b6703cfa..7c1aaaa44b 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb index 575efadebb..8714007959 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb index f5454cf125..950872dcf3 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb @@ -90,20 +90,22 @@ if provider == "aliyun" || provider == "alioss" options["endpoint"] = l.p("#{scope}.aliyun_oss_endpoint") options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end - -# WebDAV/dav support intentionally excluded (not fully implemented) + +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb index 050c260f39..cd665f1467 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb index 62b6703cfa..7c1aaaa44b 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb index cc3f84adb0..b1d4a43626 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb index 3df22410bd..7996bf9b77 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb index 4616d8afe9..5b481e5386 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb index 9b35f91c78..fa146c43b1 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb index 024e57456e..26e468f4ca 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb index 3df22410bd..7996bf9b77 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb index 45024f6ccd..fd6bff01c4 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb @@ -94,14 +94,15 @@ if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb index d345fe3d88..fa146c43b1 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb @@ -88,20 +88,22 @@ if provider == "aliyun" || provider == "alioss" options["endpoint"] = p("#{scope}.aliyun_oss_endpoint") options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end - -# WebDAV/dav support intentionally excluded (not fully implemented) + +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb index 024e57456e..26e468f4ca 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb index 3df22410bd..7996bf9b77 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb index 4616d8afe9..5b481e5386 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb index d345fe3d88..edcec945c3 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb index 024e57456e..0770196b51 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb @@ -88,20 +88,22 @@ if provider == "aliyun" || provider == "alioss" options["endpoint"] = p("#{scope}.aliyun_oss_endpoint") options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end - -# WebDAV/dav support intentionally excluded (not fully implemented) + +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end From 02c91933d496c4572ee1caf8ec561b4ff59be7f4 Mon Sep 17 00:00:00 2001 From: Katharina Przybill <30441792+kathap@users.noreply.github.com> Date: Wed, 25 Mar 2026 09:36:12 +0100 Subject: [PATCH 2/6] adapt tests --- .../storage_cli_config_jsons_spec.rb | 14 ++++++++------ .../storage_cli_config_jsons_spec.rb | 14 ++++++++------ .../storage_cli_config_jsons_spec.rb | 14 ++++++++------ .../storage_cli_config_jsons_spec.rb | 14 ++++++++------ 4 files changed, 32 insertions(+), 24 deletions(-) diff --git a/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb b/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb index 24bec8ab58..94268e4d0c 100644 --- a/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb +++ b/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb @@ -329,7 +329,7 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -337,8 +337,8 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' } + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -347,9 +347,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert', 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -357,9 +358,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' }, + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' ) end diff --git a/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb index ff1fbc52a1..ca7d5006ff 100644 --- a/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb @@ -282,7 +282,7 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -290,8 +290,8 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' } + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -300,9 +300,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert', 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -310,9 +311,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' }, + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' ) end diff --git a/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb index a44653048c..1519ab9610 100644 --- a/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb @@ -283,7 +283,7 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -291,8 +291,8 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' } + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -301,9 +301,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert', 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -311,9 +312,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' }, + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' ) end diff --git a/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb index 8d08c5f950..40cd3a463d 100644 --- a/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb @@ -282,7 +282,7 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -290,8 +290,8 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' } + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -300,9 +300,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert', 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -310,9 +311,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' }, + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' ) end From 8f6c7a389e47eff6e40ad44c8855de3b2351354c Mon Sep 17 00:00:00 2001 From: Katharina Przybill <30441792+kathap@users.noreply.github.com> Date: Thu, 26 Mar 2026 16:51:20 +0100 Subject: [PATCH 3/6] Include directory keys in WebDAV blobstore endpoint configuration Configure storage-cli WebDAV endpoints to include resource-specific directory keys (cc-droplets, cc-packages, cc-buildpacks, cc-resources) for backward compatibility with fog/webdav client. When using basic auth, endpoints are: /admin/{directory_key} When using signed URLs, endpoints are: /{directory_key} This ensures both storage-cli and fog/webdav store blobs at identical physical paths, enabling zero-downtime rollback between the two clients. Updated all job templates and RSpec tests to expect directory keys in endpoint paths. --- .../storage_cli_config_buildpacks.json.erb | 22 ++++++++++++--- .../storage_cli_config_droplets.json.erb | 22 ++++++++++++--- .../storage_cli_config_packages.json.erb | 22 ++++++++++++--- .../storage_cli_config_resource_pool.json.erb | 22 ++++++++++++--- .../storage_cli_config_buildpacks.json.erb | 22 ++++++++++++--- .../storage_cli_config_droplets.json.erb | 22 ++++++++++++--- .../storage_cli_config_packages.json.erb | 22 ++++++++++++--- .../storage_cli_config_resource_pool.json.erb | 22 ++++++++++++--- .../storage_cli_config_buildpacks.json.erb | 22 ++++++++++++--- .../storage_cli_config_droplets.json.erb | 22 ++++++++++++--- .../storage_cli_config_packages.json.erb | 22 ++++++++++++--- .../storage_cli_config_resource_pool.json.erb | 22 ++++++++++++--- .../storage_cli_config_buildpacks.json.erb | 22 ++++++++++++--- .../storage_cli_config_droplets.json.erb | 28 +++++++++++++++---- .../storage_cli_config_packages.json.erb | 22 ++++++++++++--- .../storage_cli_config_resource_pool.json.erb | 22 ++++++++++++--- .../storage_cli_config_buildpacks.json.erb | 22 ++++++++++++--- .../storage_cli_config_droplets.json.erb | 22 ++++++++++++--- .../storage_cli_config_packages.json.erb | 22 ++++++++++++--- .../storage_cli_config_resource_pool.json.erb | 22 ++++++++++++--- .../storage_cli_config_jsons_spec.rb | 23 +++++++++++---- .../storage_cli_config_jsons_spec.rb | 23 +++++++++++---- .../storage_cli_config_jsons_spec.rb | 19 ++++++++++--- .../storage_cli_config_jsons_spec.rb | 23 +++++++++++---- 24 files changed, 431 insertions(+), 103 deletions(-) diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb index 96b8ec91d3..cc4e5bfb53 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb index 7588e0ccc5..6479375c34 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.droplets.droplet_directory_key", "cc-droplets") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb index 7c1aaaa44b..0f0d596b36 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.packages.app_package_directory_key", "cc-packages") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb index 8714007959..e94a4a0922 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.resource_pool.resource_directory_key", "cc-resources") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb index 950872dcf3..f481343d96 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb index cd665f1467..b1669d5f29 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.droplets.droplet_directory_key", "cc-droplets") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb index 7c1aaaa44b..0f0d596b36 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.packages.app_package_directory_key", "cc-packages") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb index b1d4a43626..c77101ac6d 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.resource_pool.resource_directory_key", "cc-resources") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb index 7996bf9b77..9e8b4422cc 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb index 5b481e5386..e482cf91ef 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.droplets.droplet_directory_key", "cc-droplets") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb index fa146c43b1..a810016898 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.packages.app_package_directory_key", "cc-packages") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb index 26e468f4ca..3b11b00cc7 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.resource_pool.resource_directory_key", "cc-resources") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb index 7996bf9b77..9e8b4422cc 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb index fd6bff01c4..b1e60479e8 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb @@ -21,6 +21,11 @@ end scope = "cc.droplets.connection_config" provider = p("cc.droplets.blobstore_provider", nil) + +# Normalize legacy fog provider names to storage-cli names +# Legacy fog name support to be REMOVED May 2026 +provider = "dav" if provider == "webdav" + options = {} # Support both native storage-cli types (azurebs) AND legacy fog names (AzureRM) @@ -89,13 +94,26 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) -if provider == "webdav" || provider == "dav" - options["provider"] = provider +if provider == "dav" + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.droplets.droplet_directory_key", "cc-droplets") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb index fa146c43b1..a810016898 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.packages.app_package_directory_key", "cc-packages") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb index 26e468f4ca..3b11b00cc7 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.resource_pool.resource_directory_key", "cc-resources") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb index 7996bf9b77..9e8b4422cc 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb index 5b481e5386..e482cf91ef 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.droplets.droplet_directory_key", "cc-droplets") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb index edcec945c3..d688769ae1 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.packages.app_package_directory_key", "cc-packages") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb index 0770196b51..3dc3809e89 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.resource_pool.resource_directory_key", "cc-resources") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb b/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb index 94268e4d0c..61fab22105 100644 --- a/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb +++ b/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb @@ -320,13 +320,24 @@ def props_for_provider(provider) let(:links) { [cc_link] } let(:props) { {} } + # Helper to determine expected directory key based on template path + def expected_directory_key(template_path) + case template_path + when /droplets/ then 'cc-droplets' + when /packages/ then 'cc-packages' + when /buildpacks/ then 'cc-buildpacks' + when /resource_pool/ then 'cc-resources' + end + end + TEMPLATES.each_value do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } + let(:directory_key) { expected_directory_key(template_path) } it 'maps required properties into the rendered config' do set(link_props, keypath, { - 'provider' => 'webdav', + 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.com', @@ -334,17 +345,17 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/admin/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end it 'includes optional properties when provided' do set(link_props, keypath, { - 'provider' => 'webdav', + 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.com', @@ -355,10 +366,10 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', 'signing_method' => 'md5', diff --git a/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb index ca7d5006ff..7c904a6d8e 100644 --- a/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb @@ -273,13 +273,24 @@ def props_for_provider(provider) describe 'when provider is webdav' do let(:props) { props_for_provider('webdav') } + # Helper to determine expected directory key based on template path + def expected_directory_key(template_path) + case template_path + when /droplets/ then 'cc-droplets' + when /packages/ then 'cc-packages' + when /buildpacks/ then 'cc-buildpacks' + when /resource_pool/ then 'cc-resources' + end + end + TEMPLATES.each_value do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } + let(:directory_key) { expected_directory_key(template_path) } it 'maps required properties into the rendered config' do set(props, keypath, { - 'provider' => 'webdav', + 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.com', @@ -287,17 +298,17 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/admin/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end it 'includes optional properties when provided' do set(props, keypath, { - 'provider' => 'webdav', + 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.com', @@ -308,10 +319,10 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', 'signing_method' => 'md5', diff --git a/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb index 1519ab9610..b0f95fbf5b 100644 --- a/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb @@ -274,9 +274,20 @@ def props_for_provider(provider) describe 'when provider is webdav' do let(:props) { props_for_provider('webdav') } + # Helper to determine expected directory key based on template path + def expected_directory_key(template_path) + case template_path + when /droplets/ then 'cc-droplets' + when /packages/ then 'cc-packages' + when /buildpacks/ then 'cc-buildpacks' + when /resource_pool/ then 'cc-resources' + end + end + TEMPLATES.each_value do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } + let(:directory_key) { expected_directory_key(template_path) } it 'maps required properties into the rendered config' do set(props, keypath, { @@ -288,10 +299,10 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/admin/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -309,10 +320,10 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', 'signing_method' => 'md5', diff --git a/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb index 40cd3a463d..97c20c6152 100644 --- a/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb @@ -273,13 +273,24 @@ def props_for_provider(provider) describe 'when provider is webdav' do let(:props) { props_for_provider('webdav') } + # Helper to determine expected directory key based on template path + def expected_directory_key(template_path) + case template_path + when /droplets/ then 'cc-droplets' + when /packages/ then 'cc-packages' + when /buildpacks/ then 'cc-buildpacks' + when /resource_pool/ then 'cc-resources' + end + end + TEMPLATES.each_value do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } + let(:directory_key) { expected_directory_key(template_path) } it 'maps required properties into the rendered config' do set(props, keypath, { - 'provider' => 'webdav', + 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.com', @@ -287,17 +298,17 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/admin/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end it 'includes optional properties when provided' do set(props, keypath, { - 'provider' => 'webdav', + 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.com', @@ -308,10 +319,10 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', 'signing_method' => 'md5', From 80450c8d585a185bace29fffc2be9bb7b72dadcb Mon Sep 17 00:00:00 2001 From: Katharina Przybill <30441792+kathap@users.noreply.github.com> Date: Mon, 11 May 2026 13:25:33 +0200 Subject: [PATCH 4/6] Configure WebDAV templates for storage-cli lazy signing Refactors WebDAV configuration in storage-cli templates to support dual-endpoint lazy signing: - Always use /admin/{resource_dir} for endpoint (internal) - Add public_endpoint configuration (external users) - Replace signing_method with signed_url_format - Simplify endpoint logic (remove secret-based conditional) - Fix TLS ca_cert nil check Required for storage-cli sign-internal and sign-public commands to generate URLs with correct endpoints for Diego (internal) vs external users (public). --- .../storage_cli_config_buildpacks.json.erb | 19 +++++++-------- .../storage_cli_config_droplets.json.erb | 19 +++++++-------- .../storage_cli_config_packages.json.erb | 19 +++++++-------- .../storage_cli_config_resource_pool.json.erb | 19 +++++++-------- .../storage_cli_config_buildpacks.json.erb | 19 +++++++-------- .../storage_cli_config_droplets.json.erb | 19 +++++++-------- .../storage_cli_config_packages.json.erb | 19 +++++++-------- .../storage_cli_config_resource_pool.json.erb | 19 +++++++-------- .../storage_cli_config_buildpacks.json.erb | 19 +++++++-------- .../storage_cli_config_droplets.json.erb | 19 +++++++-------- .../storage_cli_config_packages.json.erb | 19 +++++++-------- .../storage_cli_config_resource_pool.json.erb | 19 +++++++-------- .../storage_cli_config_buildpacks.json.erb | 19 +++++++-------- .../storage_cli_config_droplets.json.erb | 23 +++++++++---------- .../storage_cli_config_packages.json.erb | 19 +++++++-------- .../storage_cli_config_resource_pool.json.erb | 19 +++++++-------- .../storage_cli_config_buildpacks.json.erb | 18 ++++++--------- .../storage_cli_config_droplets.json.erb | 18 ++++++--------- .../storage_cli_config_packages.json.erb | 18 ++++++--------- .../storage_cli_config_resource_pool.json.erb | 18 ++++++--------- 20 files changed, 159 insertions(+), 221 deletions(-) diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb index cc4e5bfb53..2e11d70240 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb @@ -101,24 +101,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = l.p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = l.p("#{scope}.secret", nil) - base_endpoint = l.p("#{scope}.private_endpoint") + private_base = l.p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = l.p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) + add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb index 6479375c34..f623cdd959 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb @@ -101,24 +101,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = l.p("cc.droplets.droplet_directory_key", "cc-droplets") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = l.p("#{scope}.secret", nil) - base_endpoint = l.p("#{scope}.private_endpoint") + private_base = l.p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = l.p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) + add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb index 0f0d596b36..3774a62102 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb @@ -101,24 +101,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = l.p("cc.packages.app_package_directory_key", "cc-packages") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = l.p("#{scope}.secret", nil) - base_endpoint = l.p("#{scope}.private_endpoint") + private_base = l.p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = l.p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) + add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb index e94a4a0922..aab693ec41 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb @@ -101,24 +101,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = l.p("cc.resource_pool.resource_directory_key", "cc-resources") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = l.p("#{scope}.secret", nil) - base_endpoint = l.p("#{scope}.private_endpoint") + private_base = l.p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = l.p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) + add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb index f481343d96..c17a3b9e0d 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb @@ -101,24 +101,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = l.p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = l.p("#{scope}.secret", nil) - base_endpoint = l.p("#{scope}.private_endpoint") + private_base = l.p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = l.p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) + add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb index b1669d5f29..7abc12e412 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb @@ -101,24 +101,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = l.p("cc.droplets.droplet_directory_key", "cc-droplets") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = l.p("#{scope}.secret", nil) - base_endpoint = l.p("#{scope}.private_endpoint") + private_base = l.p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = l.p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) + add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb index 0f0d596b36..3774a62102 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb @@ -101,24 +101,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = l.p("cc.packages.app_package_directory_key", "cc-packages") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = l.p("#{scope}.secret", nil) - base_endpoint = l.p("#{scope}.private_endpoint") + private_base = l.p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = l.p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) + add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb index c77101ac6d..57a504bf97 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb @@ -101,24 +101,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = l.p("cc.resource_pool.resource_directory_key", "cc-resources") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = l.p("#{scope}.secret", nil) - base_endpoint = l.p("#{scope}.private_endpoint") + private_base = l.p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = l.p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) + add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb index 9e8b4422cc..37c9f76e00 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb @@ -99,24 +99,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = p("#{scope}.secret", nil) - base_endpoint = p("#{scope}.private_endpoint") + private_base = p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) + add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb index e482cf91ef..cd5e02f8b7 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb @@ -99,24 +99,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = p("cc.droplets.droplet_directory_key", "cc-droplets") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = p("#{scope}.secret", nil) - base_endpoint = p("#{scope}.private_endpoint") + private_base = p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) + add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb index a810016898..c338ceb1b3 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb @@ -99,24 +99,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = p("cc.packages.app_package_directory_key", "cc-packages") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = p("#{scope}.secret", nil) - base_endpoint = p("#{scope}.private_endpoint") + private_base = p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) + add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb index 3b11b00cc7..79a53880fe 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb @@ -99,24 +99,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = p("cc.resource_pool.resource_directory_key", "cc-resources") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = p("#{scope}.secret", nil) - base_endpoint = p("#{scope}.private_endpoint") + private_base = p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) + add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb index 9e8b4422cc..37c9f76e00 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb @@ -99,24 +99,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = p("#{scope}.secret", nil) - base_endpoint = p("#{scope}.private_endpoint") + private_base = p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) + add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb index b1e60479e8..c1188e3e31 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb @@ -102,24 +102,23 @@ if provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = p("cc.droplets.droplet_directory_key", "cc-droplets") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = p("#{scope}.secret", nil) - base_endpoint = p("#{scope}.private_endpoint") - - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + # Private endpoint includes /admin/ for Basic Auth operations (PUT, GET, DELETE, COPY, etc) + private_base = p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" + + # Public endpoint (optional) for user-facing signed URLs (API downloads via gorouter) + public_base = p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) + add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb index a810016898..c338ceb1b3 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb @@ -99,24 +99,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = p("cc.packages.app_package_directory_key", "cc-packages") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = p("#{scope}.secret", nil) - base_endpoint = p("#{scope}.private_endpoint") + private_base = p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) + add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb index 3b11b00cc7..79a53880fe 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb @@ -99,24 +99,21 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = p("cc.resource_pool.resource_directory_key", "cc-resources") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = p("#{scope}.secret", nil) - base_endpoint = p("#{scope}.private_endpoint") + private_base = p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + public_base = p("#{scope}.public_endpoint", nil) + if public_base && !public_base.empty? + options["public_endpoint"] = public_base end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) + add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb index 9e8b4422cc..928722ae46 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb @@ -99,24 +99,20 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = p("#{scope}.secret", nil) - base_endpoint = p("#{scope}.private_endpoint") + private_base = p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + if_p("#{scope}.public_endpoint") do |public_endpoint| + options["public_endpoint"] = public_endpoint end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) + add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb index e482cf91ef..0fe740dff3 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb @@ -99,24 +99,20 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = p("cc.droplets.droplet_directory_key", "cc-droplets") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = p("#{scope}.secret", nil) - base_endpoint = p("#{scope}.private_endpoint") + private_base = p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + if_p("#{scope}.public_endpoint") do |public_endpoint| + options["public_endpoint"] = public_endpoint end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) + add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb index d688769ae1..28f9c2253c 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb @@ -99,24 +99,20 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = p("cc.packages.app_package_directory_key", "cc-packages") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = p("#{scope}.secret", nil) - base_endpoint = p("#{scope}.private_endpoint") + private_base = p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + if_p("#{scope}.public_endpoint") do |public_endpoint| + options["public_endpoint"] = public_endpoint end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) + add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb index 3dc3809e89..0a7592f5ad 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb @@ -99,24 +99,20 @@ if provider == "webdav" || provider == "dav" # Resource-specific directory for compatibility with fog/webdav resource_dir = p("cc.resource_pool.resource_directory_key", "cc-resources") - # When using signed URLs (secret present), endpoint points to resource directory - # When using basic auth only (no secret), endpoint includes /admin/ prefix - secret = p("#{scope}.secret", nil) - base_endpoint = p("#{scope}.private_endpoint") + private_base = p("#{scope}.private_endpoint") + options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if secret.nil? || secret.empty? - options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" - else - options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + if_p("#{scope}.public_endpoint") do |public_endpoint| + options["public_endpoint"] = public_endpoint end - add_optional(options, "secret", secret) - add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) + add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) - unless ca_cert.empty? + unless ca_cert.nil? || ca_cert.empty? options["tls"]={"cert"=>{"ca"=>ca_cert}} end end From c6562866e64b468512bdbed2c05d98c2bfa21a56 Mon Sep 17 00:00:00 2001 From: Katharina Przybill <30441792+kathap@users.noreply.github.com> Date: Mon, 11 May 2026 13:45:23 +0200 Subject: [PATCH 5/6] Adapt storage-cli config template tests --- .../storage_cli_config_jsons_spec.rb | 52 ++++++++++++++++--- .../storage_cli_config_jsons_spec.rb | 52 ++++++++++++++++--- .../storage_cli_config_jsons_spec.rb | 52 ++++++++++++++++--- .../storage_cli_config_jsons_spec.rb | 52 ++++++++++++++++--- 4 files changed, 176 insertions(+), 32 deletions(-) diff --git a/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb b/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb index 61fab22105..4cb0400a3d 100644 --- a/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb +++ b/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb @@ -340,7 +340,7 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', - 'private_endpoint' => 'https://webdav.com', + 'private_endpoint' => 'https://webdav.internal', 'ca_cert' => 'some_cert' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -348,7 +348,28 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => "https://webdav.com/admin/#{directory_key}", + 'endpoint' => "https://webdav.internal/admin/#{directory_key}", + 'tls' => { 'cert' => { 'ca' => 'some_cert' } } + ) + expect(json).not_to have_key('public_endpoint') + end + + it 'includes public_endpoint when provided' do + set(link_props, keypath, { + 'provider' => 'dav', + 'username' => 'user', + 'password' => 'secret', + 'private_endpoint' => 'https://webdav.internal', + 'public_endpoint' => 'https://webdav.example.com', + 'ca_cert' => 'some_cert' + }) + json = YAML.safe_load(template.render(props, consumes: links)) + expect(json).to include( + 'provider' => 'dav', + 'user' => 'user', + 'password' => 'secret', + 'endpoint' => "https://webdav.internal/admin/#{directory_key}", + 'public_endpoint' => 'https://webdav.example.com', 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -358,10 +379,11 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', - 'private_endpoint' => 'https://webdav.com', + 'private_endpoint' => 'https://webdav.internal', + 'public_endpoint' => 'https://webdav.example.com', 'ca_cert' => 'some_cert', - 'secret' => 'secret', - 'signing_method' => 'md5', + 'secret' => 'my-secret', + 'signed_url_format' => 'external-nginx-secure-link-signer', 'retry_attempts' => '4' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -369,13 +391,27 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => "https://webdav.com/#{directory_key}", + 'endpoint' => "https://webdav.internal/admin/#{directory_key}", + 'public_endpoint' => 'https://webdav.example.com', 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, - 'secret' => 'secret', - 'signing_method' => 'md5', + 'secret' => 'my-secret', + 'signed_url_format' => 'external-nginx-secure-link-signer', 'retry_attempts' => '4' ) end + + it 'omits public_endpoint when empty' do + set(link_props, keypath, { + 'provider' => 'dav', + 'username' => 'user', + 'password' => 'secret', + 'private_endpoint' => 'https://webdav.internal', + 'public_endpoint' => '', + 'ca_cert' => 'some_cert' + }) + json = YAML.safe_load(template.render(props, consumes: links)) + expect(json).not_to have_key('public_endpoint') + end end end end diff --git a/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb index 7c904a6d8e..3e9d96363e 100644 --- a/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb @@ -293,7 +293,7 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', - 'private_endpoint' => 'https://webdav.com', + 'private_endpoint' => 'https://webdav.internal', 'ca_cert' => 'some_cert' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -301,7 +301,28 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => "https://webdav.com/admin/#{directory_key}", + 'endpoint' => "https://webdav.internal/admin/#{directory_key}", + 'tls' => { 'cert' => { 'ca' => 'some_cert' } } + ) + expect(json).not_to have_key('public_endpoint') + end + + it 'includes public_endpoint when provided' do + set(props, keypath, { + 'provider' => 'dav', + 'username' => 'user', + 'password' => 'secret', + 'private_endpoint' => 'https://webdav.internal', + 'public_endpoint' => 'https://webdav.example.com', + 'ca_cert' => 'some_cert' + }) + json = YAML.safe_load(template.render(props, consumes: links)) + expect(json).to include( + 'provider' => 'dav', + 'user' => 'user', + 'password' => 'secret', + 'endpoint' => "https://webdav.internal/admin/#{directory_key}", + 'public_endpoint' => 'https://webdav.example.com', 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -311,10 +332,11 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', - 'private_endpoint' => 'https://webdav.com', + 'private_endpoint' => 'https://webdav.internal', + 'public_endpoint' => 'https://webdav.example.com', 'ca_cert' => 'some_cert', - 'secret' => 'secret', - 'signing_method' => 'md5', + 'secret' => 'my-secret', + 'signed_url_format' => 'external-nginx-secure-link-signer', 'retry_attempts' => '4' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -322,13 +344,27 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => "https://webdav.com/#{directory_key}", + 'endpoint' => "https://webdav.internal/admin/#{directory_key}", + 'public_endpoint' => 'https://webdav.example.com', 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, - 'secret' => 'secret', - 'signing_method' => 'md5', + 'secret' => 'my-secret', + 'signed_url_format' => 'external-nginx-secure-link-signer', 'retry_attempts' => '4' ) end + + it 'omits public_endpoint when empty' do + set(props, keypath, { + 'provider' => 'dav', + 'username' => 'user', + 'password' => 'secret', + 'private_endpoint' => 'https://webdav.internal', + 'public_endpoint' => '', + 'ca_cert' => 'some_cert' + }) + json = YAML.safe_load(template.render(props, consumes: links)) + expect(json).not_to have_key('public_endpoint') + end end end end diff --git a/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb index b0f95fbf5b..2ffdaec0a3 100644 --- a/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb @@ -294,7 +294,7 @@ def expected_directory_key(template_path) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'private_endpoint' => 'https://webdav.com', + 'private_endpoint' => 'https://webdav.internal', 'ca_cert' => 'some_cert' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -302,7 +302,28 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => "https://webdav.com/admin/#{directory_key}", + 'endpoint' => "https://webdav.internal/admin/#{directory_key}", + 'tls' => { 'cert' => { 'ca' => 'some_cert' } } + ) + expect(json).not_to have_key('public_endpoint') + end + + it 'includes public_endpoint when provided' do + set(props, keypath, { + 'provider' => 'webdav', + 'username' => 'user', + 'password' => 'secret', + 'private_endpoint' => 'https://webdav.internal', + 'public_endpoint' => 'https://webdav.example.com', + 'ca_cert' => 'some_cert' + }) + json = YAML.safe_load(template.render(props, consumes: links)) + expect(json).to include( + 'provider' => 'dav', + 'user' => 'user', + 'password' => 'secret', + 'endpoint' => "https://webdav.internal/admin/#{directory_key}", + 'public_endpoint' => 'https://webdav.example.com', 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -312,10 +333,11 @@ def expected_directory_key(template_path) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'private_endpoint' => 'https://webdav.com', + 'private_endpoint' => 'https://webdav.internal', + 'public_endpoint' => 'https://webdav.example.com', 'ca_cert' => 'some_cert', - 'secret' => 'secret', - 'signing_method' => 'md5', + 'secret' => 'my-secret', + 'signed_url_format' => 'external-nginx-secure-link-signer', 'retry_attempts' => '4' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -323,13 +345,27 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => "https://webdav.com/#{directory_key}", + 'endpoint' => "https://webdav.internal/admin/#{directory_key}", + 'public_endpoint' => 'https://webdav.example.com', 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, - 'secret' => 'secret', - 'signing_method' => 'md5', + 'secret' => 'my-secret', + 'signed_url_format' => 'external-nginx-secure-link-signer', 'retry_attempts' => '4' ) end + + it 'omits public_endpoint when empty' do + set(props, keypath, { + 'provider' => 'webdav', + 'username' => 'user', + 'password' => 'secret', + 'private_endpoint' => 'https://webdav.internal', + 'public_endpoint' => '', + 'ca_cert' => 'some_cert' + }) + json = YAML.safe_load(template.render(props, consumes: links)) + expect(json).not_to have_key('public_endpoint') + end end end end diff --git a/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb index 97c20c6152..3a0972df45 100644 --- a/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb @@ -293,7 +293,7 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', - 'private_endpoint' => 'https://webdav.com', + 'private_endpoint' => 'https://webdav.internal', 'ca_cert' => 'some_cert' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -301,7 +301,28 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => "https://webdav.com/admin/#{directory_key}", + 'endpoint' => "https://webdav.internal/admin/#{directory_key}", + 'tls' => { 'cert' => { 'ca' => 'some_cert' } } + ) + expect(json).not_to have_key('public_endpoint') + end + + it 'includes public_endpoint when provided' do + set(props, keypath, { + 'provider' => 'dav', + 'username' => 'user', + 'password' => 'secret', + 'private_endpoint' => 'https://webdav.internal', + 'public_endpoint' => 'https://webdav.example.com', + 'ca_cert' => 'some_cert' + }) + json = YAML.safe_load(template.render(props, consumes: links)) + expect(json).to include( + 'provider' => 'dav', + 'user' => 'user', + 'password' => 'secret', + 'endpoint' => "https://webdav.internal/admin/#{directory_key}", + 'public_endpoint' => 'https://webdav.example.com', 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -311,10 +332,11 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', - 'private_endpoint' => 'https://webdav.com', + 'private_endpoint' => 'https://webdav.internal', + 'public_endpoint' => 'https://webdav.example.com', 'ca_cert' => 'some_cert', - 'secret' => 'secret', - 'signing_method' => 'md5', + 'secret' => 'my-secret', + 'signed_url_format' => 'external-nginx-secure-link-signer', 'retry_attempts' => '4' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -322,13 +344,27 @@ def expected_directory_key(template_path) 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => "https://webdav.com/#{directory_key}", + 'endpoint' => "https://webdav.internal/admin/#{directory_key}", + 'public_endpoint' => 'https://webdav.example.com', 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, - 'secret' => 'secret', - 'signing_method' => 'md5', + 'secret' => 'my-secret', + 'signed_url_format' => 'external-nginx-secure-link-signer', 'retry_attempts' => '4' ) end + + it 'omits public_endpoint when empty' do + set(props, keypath, { + 'provider' => 'dav', + 'username' => 'user', + 'password' => 'secret', + 'private_endpoint' => 'https://webdav.internal', + 'public_endpoint' => '', + 'ca_cert' => 'some_cert' + }) + json = YAML.safe_load(template.render(props, consumes: links)) + expect(json).not_to have_key('public_endpoint') + end end end end From 7633e15398aeb4f7b1b1afb6eda6311863139906 Mon Sep 17 00:00:00 2001 From: Katharina Przybill <30441792+kathap@users.noreply.github.com> Date: Mon, 11 May 2026 14:13:08 +0200 Subject: [PATCH 6/6] Adjust tests, simplify public_endpoint in config templates for dav --- .../storage_cli_config_buildpacks.json.erb | 6 +-- .../storage_cli_config_droplets.json.erb | 6 +-- .../storage_cli_config_packages.json.erb | 6 +-- .../storage_cli_config_resource_pool.json.erb | 6 +-- .../storage_cli_config_buildpacks.json.erb | 6 +-- .../storage_cli_config_droplets.json.erb | 6 +-- .../storage_cli_config_packages.json.erb | 6 +-- .../storage_cli_config_resource_pool.json.erb | 6 +-- .../storage_cli_config_buildpacks.json.erb | 6 +-- .../storage_cli_config_droplets.json.erb | 6 +-- .../storage_cli_config_packages.json.erb | 6 +-- .../storage_cli_config_resource_pool.json.erb | 6 +-- .../storage_cli_config_buildpacks.json.erb | 6 +-- .../storage_cli_config_droplets.json.erb | 5 +-- .../storage_cli_config_packages.json.erb | 6 +-- .../storage_cli_config_resource_pool.json.erb | 6 +-- .../storage_cli_config_buildpacks.json.erb | 5 +-- .../storage_cli_config_droplets.json.erb | 5 +-- .../storage_cli_config_packages.json.erb | 5 +-- .../storage_cli_config_resource_pool.json.erb | 5 +-- .../storage_cli_config_jsons_spec.rb | 30 ++++++++------- .../storage_cli_config_jsons_spec.rb | 38 ++++++++++--------- .../storage_cli_config_jsons_spec.rb | 33 ++++++++-------- .../storage_cli_config_jsons_spec.rb | 38 ++++++++++--------- 24 files changed, 93 insertions(+), 161 deletions(-) diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb index 2e11d70240..8317e6d134 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb @@ -104,11 +104,7 @@ if provider == "webdav" || provider == "dav" private_base = l.p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = l.p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", l.p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", l.p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb index f623cdd959..61cb14b3ed 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb @@ -104,11 +104,7 @@ if provider == "webdav" || provider == "dav" private_base = l.p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = l.p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", l.p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", l.p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb index 3774a62102..65ae733f99 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb @@ -104,11 +104,7 @@ if provider == "webdav" || provider == "dav" private_base = l.p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = l.p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", l.p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", l.p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb index aab693ec41..573cf18262 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb @@ -104,11 +104,7 @@ if provider == "webdav" || provider == "dav" private_base = l.p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = l.p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", l.p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", l.p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb index c17a3b9e0d..d3361af8e9 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb @@ -104,11 +104,7 @@ if provider == "webdav" || provider == "dav" private_base = l.p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = l.p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", l.p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", l.p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb index 7abc12e412..26a5a84996 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb @@ -104,11 +104,7 @@ if provider == "webdav" || provider == "dav" private_base = l.p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = l.p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", l.p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", l.p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb index 3774a62102..65ae733f99 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb @@ -104,11 +104,7 @@ if provider == "webdav" || provider == "dav" private_base = l.p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = l.p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", l.p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", l.p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb index 57a504bf97..81ede9da33 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb @@ -104,11 +104,7 @@ if provider == "webdav" || provider == "dav" private_base = l.p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = l.p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", l.p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", l.p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", l.p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb index 37c9f76e00..52eb1d04d4 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb @@ -102,11 +102,7 @@ if provider == "webdav" || provider == "dav" private_base = p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb index cd5e02f8b7..89002191a8 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb @@ -102,11 +102,7 @@ if provider == "webdav" || provider == "dav" private_base = p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb index c338ceb1b3..6e391a6061 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb @@ -102,11 +102,7 @@ if provider == "webdav" || provider == "dav" private_base = p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb index 79a53880fe..36401322e7 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb @@ -102,11 +102,7 @@ if provider == "webdav" || provider == "dav" private_base = p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb index 37c9f76e00..52eb1d04d4 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb @@ -102,11 +102,7 @@ if provider == "webdav" || provider == "dav" private_base = p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb index c1188e3e31..bde13bdb34 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb @@ -107,10 +107,7 @@ if provider == "dav" options["endpoint"] = "#{private_base}/admin/#{resource_dir}" # Public endpoint (optional) for user-facing signed URLs (API downloads via gorouter) - public_base = p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end + add_optional(options, "public_endpoint", p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb index c338ceb1b3..6e391a6061 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb @@ -102,11 +102,7 @@ if provider == "webdav" || provider == "dav" private_base = p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb index 79a53880fe..36401322e7 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb @@ -102,11 +102,7 @@ if provider == "webdav" || provider == "dav" private_base = p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - public_base = p("#{scope}.public_endpoint", nil) - if public_base && !public_base.empty? - options["public_endpoint"] = public_base - end - + add_optional(options, "public_endpoint", p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb index 928722ae46..52eb1d04d4 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb @@ -102,10 +102,7 @@ if provider == "webdav" || provider == "dav" private_base = p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if_p("#{scope}.public_endpoint") do |public_endpoint| - options["public_endpoint"] = public_endpoint - end - + add_optional(options, "public_endpoint", p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb index 0fe740dff3..89002191a8 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb @@ -102,10 +102,7 @@ if provider == "webdav" || provider == "dav" private_base = p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if_p("#{scope}.public_endpoint") do |public_endpoint| - options["public_endpoint"] = public_endpoint - end - + add_optional(options, "public_endpoint", p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb index 28f9c2253c..c31a33b6a0 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb @@ -102,10 +102,7 @@ if provider == "webdav" || provider == "dav" private_base = p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if_p("#{scope}.public_endpoint") do |public_endpoint| - options["public_endpoint"] = public_endpoint - end - + add_optional(options, "public_endpoint", p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb index 0a7592f5ad..b3e65773a5 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb @@ -102,10 +102,7 @@ if provider == "webdav" || provider == "dav" private_base = p("#{scope}.private_endpoint") options["endpoint"] = "#{private_base}/admin/#{resource_dir}" - if_p("#{scope}.public_endpoint") do |public_endpoint| - options["public_endpoint"] = public_endpoint - end - + add_optional(options, "public_endpoint", p("#{scope}.public_endpoint", nil)) add_optional(options, "secret", p("#{scope}.secret", nil)) add_optional(options, "signed_url_format", p("#{scope}.signed_url_format", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) diff --git a/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb b/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb index 4cb0400a3d..8ba6c47ce2 100644 --- a/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb +++ b/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb @@ -4,18 +4,20 @@ require 'yaml' require 'bosh/template/test' -TEMPLATES = { - droplets: ['config/storage_cli_config_droplets.json', %w[cc droplets connection_config]], - buildpacks: ['config/storage_cli_config_buildpacks.json', %w[cc buildpacks connection_config]], - packages: ['config/storage_cli_config_packages.json', %w[cc packages connection_config]], - resource_pool: ['config/storage_cli_config_resource_pool.json', %w[cc resource_pool connection_config]] -}.freeze - module Bosh module Template module Test RSpec.describe 'storage-cli JSON templates' do - let(:release_path) { File.join(File.dirname(__FILE__), '../..') } + def self.storage_cli_templates + [ + ['config/storage_cli_config_droplets.json', %w[cc droplets connection_config]], + ['config/storage_cli_config_buildpacks.json', %w[cc buildpacks connection_config]], + ['config/storage_cli_config_packages.json', %w[cc packages connection_config]], + ['config/storage_cli_config_resource_pool.json', %w[cc resource_pool connection_config]] + ] + end + + let(:release_path) { File.expand_path('../..', __dir__) } let(:release) { ReleaseDir.new(release_path) } let(:job) { release.job('cc_deployment_updater') } @@ -47,7 +49,7 @@ def props_for_provider(provider) let(:links) { [cc_link] } let(:props) { {} } - TEMPLATES.each_value do |(template_path, _keypath)| + storage_cli_templates.each do |(template_path, _keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -70,7 +72,7 @@ def props_for_provider(provider) let(:links) { [cc_link] } let(:props) { {} } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -118,7 +120,7 @@ def props_for_provider(provider) let(:links) { [cc_link] } let(:props) { {} } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -230,7 +232,7 @@ def props_for_provider(provider) let(:links) { [cc_link] } let(:props) { {} } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -284,7 +286,7 @@ def props_for_provider(provider) let(:links) { [cc_link] } let(:props) { {} } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -330,7 +332,7 @@ def expected_directory_key(template_path) end end - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } let(:directory_key) { expected_directory_key(template_path) } diff --git a/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb index 3e9d96363e..a8b71761bb 100644 --- a/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb @@ -4,18 +4,20 @@ require 'yaml' require 'bosh/template/test' -TEMPLATES = { - droplets: ['config/storage_cli_config_droplets.json', %w[cc droplets connection_config]], - buildpacks: ['config/storage_cli_config_buildpacks.json', %w[cc buildpacks connection_config]], - packages: ['config/storage_cli_config_packages.json', %w[cc packages connection_config]], - resource_pool: ['config/storage_cli_config_resource_pool.json', %w[cc resource_pool connection_config]] -}.freeze - module Bosh module Template module Test RSpec.describe 'storage-cli JSON templates' do - let(:release_path) { File.join(File.dirname(__FILE__), '../..') } + def self.storage_cli_templates + [ + ['config/storage_cli_config_droplets.json', %w[cc droplets connection_config]], + ['config/storage_cli_config_buildpacks.json', %w[cc buildpacks connection_config]], + ['config/storage_cli_config_packages.json', %w[cc packages connection_config]], + ['config/storage_cli_config_resource_pool.json', %w[cc resource_pool connection_config]] + ] + end + + let(:release_path) { File.expand_path('../..', __dir__) } let(:release) { ReleaseDir.new(release_path) } let(:job) { release.job('cloud_controller_clock') } let(:links) { {} } @@ -40,7 +42,7 @@ def props_for_provider(provider) describe 'unsupported provider' do let(:props) { props_for_provider('Unsupported') } - TEMPLATES.each_value do |(template_path, _keypath)| + storage_cli_templates.each do |(template_path, _keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -55,7 +57,7 @@ def props_for_provider(provider) describe 'when provider is AzureRM' do let(:props) { props_for_provider('AzureRM') } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -95,7 +97,7 @@ def props_for_provider(provider) describe 'when provider is AWS' do let(:props) { props_for_provider('AWS') } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -199,7 +201,7 @@ def props_for_provider(provider) describe 'when provider is Google' do let(:props) { props_for_provider('Google') } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -245,7 +247,7 @@ def props_for_provider(provider) describe 'when provider is aliyun' do let(:props) { props_for_provider('aliyun') } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -283,14 +285,14 @@ def expected_directory_key(template_path) end end - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } let(:directory_key) { expected_directory_key(template_path) } it 'maps required properties into the rendered config' do set(props, keypath, { - 'provider' => 'dav', + 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.internal', @@ -309,7 +311,7 @@ def expected_directory_key(template_path) it 'includes public_endpoint when provided' do set(props, keypath, { - 'provider' => 'dav', + 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.internal', @@ -329,7 +331,7 @@ def expected_directory_key(template_path) it 'includes optional properties when provided' do set(props, keypath, { - 'provider' => 'dav', + 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.internal', @@ -355,7 +357,7 @@ def expected_directory_key(template_path) it 'omits public_endpoint when empty' do set(props, keypath, { - 'provider' => 'dav', + 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.internal', diff --git a/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb index 2ffdaec0a3..34170a6878 100644 --- a/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb @@ -1,22 +1,23 @@ # frozen_string_literal: true require 'rspec' -require 'yaml' # frozen_string_literal: true - +require 'yaml' require 'bosh/template/test' -TEMPLATES = { - droplets: ['config/storage_cli_config_droplets.json', %w[cc droplets connection_config]], - buildpacks: ['config/storage_cli_config_buildpacks.json', %w[cc buildpacks connection_config]], - packages: ['config/storage_cli_config_packages.json', %w[cc packages connection_config]], - resource_pool: ['config/storage_cli_config_resource_pool.json', %w[cc resource_pool connection_config]] -}.freeze - module Bosh module Template module Test RSpec.describe 'storage-cli JSON templates' do - let(:release_path) { File.join(File.dirname(__FILE__), '../..') } + def self.storage_cli_templates + [ + ['config/storage_cli_config_droplets.json', %w[cc droplets connection_config]], + ['config/storage_cli_config_buildpacks.json', %w[cc buildpacks connection_config]], + ['config/storage_cli_config_packages.json', %w[cc packages connection_config]], + ['config/storage_cli_config_resource_pool.json', %w[cc resource_pool connection_config]] + ] + end + + let(:release_path) { File.expand_path('../..', __dir__) } let(:release) { ReleaseDir.new(release_path) } let(:job) { release.job('cloud_controller_ng') } let(:links) { {} } @@ -41,7 +42,7 @@ def props_for_provider(provider) describe 'unsupported provider' do let(:props) { props_for_provider('Unsupported') } - TEMPLATES.each_value do |(template_path, _keypath)| + storage_cli_templates.each do |(template_path, _keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -56,7 +57,7 @@ def props_for_provider(provider) describe 'when provider is AzureRM' do let(:props) { props_for_provider('AzureRM') } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -96,7 +97,7 @@ def props_for_provider(provider) describe 'when provider is AWS' do let(:props) { props_for_provider('AWS') } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -200,7 +201,7 @@ def props_for_provider(provider) describe 'when provider is Google' do let(:props) { props_for_provider('Google') } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -246,7 +247,7 @@ def props_for_provider(provider) describe 'when provider is aliyun' do let(:props) { props_for_provider('aliyun') } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -284,7 +285,7 @@ def expected_directory_key(template_path) end end - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } let(:directory_key) { expected_directory_key(template_path) } diff --git a/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb index 3a0972df45..41f36ee898 100644 --- a/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb @@ -4,18 +4,20 @@ require 'yaml' require 'bosh/template/test' -TEMPLATES = { - droplets: ['config/storage_cli_config_droplets.json', %w[cc droplets connection_config]], - buildpacks: ['config/storage_cli_config_buildpacks.json', %w[cc buildpacks connection_config]], - packages: ['config/storage_cli_config_packages.json', %w[cc packages connection_config]], - resource_pool: ['config/storage_cli_config_resource_pool.json', %w[cc resource_pool connection_config]] -}.freeze - module Bosh module Template module Test RSpec.describe 'storage-cli JSON templates' do - let(:release_path) { File.join(File.dirname(__FILE__), '../..') } + def self.storage_cli_templates + [ + ['config/storage_cli_config_droplets.json', %w[cc droplets connection_config]], + ['config/storage_cli_config_buildpacks.json', %w[cc buildpacks connection_config]], + ['config/storage_cli_config_packages.json', %w[cc packages connection_config]], + ['config/storage_cli_config_resource_pool.json', %w[cc resource_pool connection_config]] + ] + end + + let(:release_path) { File.expand_path('../..', __dir__) } let(:release) { ReleaseDir.new(release_path) } let(:job) { release.job('cloud_controller_worker') } let(:links) { {} } @@ -40,7 +42,7 @@ def props_for_provider(provider) describe 'unsupported provider' do let(:props) { props_for_provider('Unsupported') } - TEMPLATES.each_value do |(template_path, _keypath)| + storage_cli_templates.each do |(template_path, _keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -55,7 +57,7 @@ def props_for_provider(provider) describe 'when provider is AzureRM' do let(:props) { props_for_provider('AzureRM') } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -95,7 +97,7 @@ def props_for_provider(provider) describe 'when provider is AWS' do let(:props) { props_for_provider('AWS') } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -199,7 +201,7 @@ def props_for_provider(provider) describe 'when provider is Google' do let(:props) { props_for_provider('Google') } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -245,7 +247,7 @@ def props_for_provider(provider) describe 'when provider is aliyun' do let(:props) { props_for_provider('aliyun') } - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } @@ -283,14 +285,14 @@ def expected_directory_key(template_path) end end - TEMPLATES.each_value do |(template_path, keypath)| + storage_cli_templates.each do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } let(:directory_key) { expected_directory_key(template_path) } it 'maps required properties into the rendered config' do set(props, keypath, { - 'provider' => 'dav', + 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.internal', @@ -309,7 +311,7 @@ def expected_directory_key(template_path) it 'includes public_endpoint when provided' do set(props, keypath, { - 'provider' => 'dav', + 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.internal', @@ -329,7 +331,7 @@ def expected_directory_key(template_path) it 'includes optional properties when provided' do set(props, keypath, { - 'provider' => 'dav', + 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.internal', @@ -355,7 +357,7 @@ def expected_directory_key(template_path) it 'omits public_endpoint when empty' do set(props, keypath, { - 'provider' => 'dav', + 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.internal',