feat: Allow adding entries to the OpenSearch keystore #76
Conversation
labrenbe
force-pushed
the
feat/snapshot-s3
branch
from
753e529 to
c77ac69
Compare
labrenbe
moved this from Development: In Progress
to Development: Waiting for Review
in Stackable Engineering
siegfriedweber
moved this from Development: Waiting for Review
to Development: In Review
in Stackable Engineering
| crd::{ | ||
| NodeRoles, | ||
| v1alpha1::{self, OpenSearchKeystore, SecretKeyRef}, | ||
| }, |
There was a problem hiding this comment.
We decided to use the versioned module explicitly.
| crd::{ | |
| NodeRoles, | |
| v1alpha1::{self, OpenSearchKeystore, SecretKeyRef}, | |
| }, | |
| crd::{NodeRoles, v1alpha1}, |
rust/operator-binary/src/controller/build/role_group_builder.rs
Outdated
Show resolved
Hide resolved
tests/templates/kuttl/snapshot-s3/20-install-opensearch.yaml.j2
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
This file is generated by make regenerate-charts.
| --- | ||
| apiVersion: opensearch.stackable.tech/v1alpha1 | ||
| kind: OpenSearchCluster | ||
| metadata: | ||
| name: opensearch | ||
| spec: | ||
| clusterConfig: | ||
| keystore: | ||
| - key: s3.client.default.access_key # <1> | ||
| secretKeyRef: | ||
| name: s3-credentials # <2> | ||
| key: accessKey # <3> | ||
| - key: s3.client.default.secret_key | ||
| secretKeyRef: | ||
| name: s3-credentials | ||
| key: secretKey | ||
| nodes: | ||
| roleGroups: | ||
| default: | ||
| replicas: 1 |
There was a problem hiding this comment.
This looks like a complete specification with the header and role group definition, but it is not working (at least the image property is missing and the TLS configuration). Should we just leave out the unnecessary fields such as nodes and replace it with ...?
| vec![v1alpha1::OpenSearchKeystore { | ||
| key: OpenSearchKeystoreKey::from_str_unsafe("Keystore1"), | ||
| secret_key_ref: v1alpha1::SecretKeyRef { | ||
| name: SecretName::from_str_unsafe("my-keystore-secret"), | ||
| key: SecretKey::from_str_unsafe("my-keystore-file"), | ||
| }, |
There was a problem hiding this comment.
OpenSearchKeystore is not used in this module and should therefore not be added.
| vec![OpenSearchKeystore { | ||
| key: OpenSearchKeystoreKey::from_str_unsafe("Keystore1"), | ||
| secret_key_ref: SecretKeyRef { | ||
| name: SecretName::from_str_unsafe("my-keystore-secret"), | ||
| key: SecretKey::from_str_unsafe("my-keystore-file"), | ||
| }, | ||
| }], |
There was a problem hiding this comment.
There is no assertion for OpenSearchKeystore. I would remove it from the test.
There was a problem hiding this comment.
These changes must also be applied to 51-install-opensearch-2.yaml.j2.
Description
Allow referencing Secret keys in the OpenSearch config to add them as entries to the OpenSearch keystore.
Part of #44.
Definition of Done Checklist
Author
Reviewer
Acceptance
type/deprecationlabel & add to the deprecation scheduletype/experimentallabel & add to the experimental features tracker