wip

Signed-off-by: Lenin Alevski <[email protected]>

Author: Alevsk

operatorapi/operator_subscription.go

@@ -20,7 +20,6 @@ package operatorapi
 import (
 	"context"
 	"errors"
-	"log"
 	"time"
 
 	"github.com/minio/console/pkg/subnet"
@@ -118,7 +117,7 @@ func getSubscriptionLicense(ctx context.Context, clientSet K8sClientI, namespace
 }
 
 // addSubscriptionLicenseToTenant replace existing console tenant secret and adds the subnet license key
-func addSubscriptionLicenseToTenant(ctx context.Context, clientSet K8sClientI, license string, tenant *miniov2.Tenant) error {
+func addSubscriptionLicenseToTenant(ctx context.Context, clientSet K8sClientI, opClient OperatorClientI, license string, tenant *miniov2.Tenant) error {
 	// If Tenant has a configuration secret update the license there and MinIO pods doesn't need to get restarted
 	if tenant.HasConfigurationSecret() {
 		// Update the Tenant Configuration
@@ -146,8 +145,36 @@ func addSubscriptionLicenseToTenant(ctx context.Context, clientSet K8sClientI, l
 			}
 		}
 	} else {
-		// Create new tenant configuration secret
-		log.Println("no tenant secret yet :(")
+		// If configuration file is not present set the license to the container env
+		updatedTenant := tenant.DeepCopy()
+		// reset container env vars
+		updatedTenant.Spec.Env = []corev1.EnvVar{}
+		var licenseIsSet bool
+		for _, env := range tenant.GetEnvVars() {
+			// check if license already exists and override
+			if env.Name == "MINIO_SUBNET_LICENSE" {
+				updatedTenant.Spec.Env = append(updatedTenant.Spec.Env, corev1.EnvVar{
+					Name:  "MINIO_SUBNET_LICENSE",
+					Value: license,
+				})
+				licenseIsSet = true
+			} else {
+				// copy existing container env variables
+				updatedTenant.Spec.Env = append(updatedTenant.Spec.Env, env)
+			}
+		}
+		// if license didnt exists append it
+		if !licenseIsSet {
+			updatedTenant.Spec.Env = append(updatedTenant.Spec.Env, corev1.EnvVar{
+				Name:  "MINIO_SUBNET_LICENSE",
+				Value: license,
+			})
+		}
+		// this will start MinIO pods rolling restart
+		_, err := opClient.TenantUpdate(ctx, updatedTenant, metav1.UpdateOptions{})
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }
@@ -184,7 +211,7 @@ func getSubscriptionRefreshResponse(session *models.Principal) (*models.License,
 	if err != nil {
 		return nil, prepareError(err)
 	}
-	opClient := &operatorClient{
+	opClient := operatorClient{
 		client: opClientClientSet,
 	}
 	// iterate over all tenants and update licenses
@@ -193,7 +220,7 @@ func getSubscriptionRefreshResponse(session *models.Principal) (*models.License,
 		return nil, prepareError(err)
 	}
 	for _, tenant := range tenants.Items {
-		if err = addSubscriptionLicenseToTenant(ctx, &k8sClient, licenseRaw, &tenant); err != nil {
+		if err = addSubscriptionLicenseToTenant(ctx, &k8sClient, &opClient, licenseRaw, &tenant); err != nil {
 			return nil, prepareError(err)
 		}
 	}
@@ -342,10 +369,10 @@ func getSubscriptionActivateResponse(session *models.Principal, namespace, tenan
 	if err != nil {
 		return prepareError(errorGeneric, nil, err)
 	}
-	opClient := &operatorClient{
+	opClient := operatorClient{
 		client: opClientClientSet,
 	}
-	tenant, err := getTenant(ctx, opClient, namespace, tenantName)
+	tenant, err := getTenant(ctx, &opClient, namespace, tenantName)
 	if err != nil {
 		return prepareError(err, errorGeneric)
 	}
@@ -359,7 +386,7 @@ func getSubscriptionActivateResponse(session *models.Principal, namespace, tenan
 		return prepareError(errInvalidCredentials, nil, err)
 	}
 	// add subscription license to existing console Tenant
-	if err = addSubscriptionLicenseToTenant(ctx, &k8sClient, license, tenant); err != nil {
+	if err = addSubscriptionLicenseToTenant(ctx, &k8sClient, &opClient, license, tenant); err != nil {
 		return prepareError(err, errorGeneric)
 	}
 	return nil

operatorapi/operator_tenants.go

@@ -351,28 +351,21 @@ type tenantKeys struct {
 }
 
 func getTenantCreds(ctx context.Context, client K8sClientI, tenant *miniov2.Tenant) (*tenantKeys, error) {
-	if tenant == nil || tenant.Spec.CredsSecret == nil {
-		return nil, errors.New("invalid arguments")
-	}
-	// get admin credentials from secret
-	creds, err := client.getSecret(ctx, tenant.Namespace, tenant.Spec.CredsSecret.Name, metav1.GetOptions{})
+	tenantConfiguration, err := GetTenantConfiguration(ctx, client, tenant)
 	if err != nil {
 		return nil, err
 	}
-	tenantAccessKey, ok := creds.Data["accesskey"]
+	tenantAccessKey, ok := tenantConfiguration["accesskey"]
 	if !ok {
 		restapi.LogError("tenant's secret doesn't contain accesskey")
 		return nil, restapi.ErrorGeneric
 	}
-	tenantSecretKey, ok := creds.Data["secretkey"]
+	tenantSecretKey, ok := tenantConfiguration["secretkey"]
 	if !ok {
 		restapi.LogError("tenant's secret doesn't contain secretkey")
 		return nil, restapi.ErrorGeneric
 	}
-	// TODO:
-	// We need to avoid using minio root credentials to talk to tenants, and instead use a different user credentials
-	// when that its implemented we also need to check here if the tenant has LDAP enabled so we authenticate first against AD
-	return &tenantKeys{accessKey: string(tenantAccessKey), secretKey: string(tenantSecretKey)}, nil
+	return &tenantKeys{accessKey: tenantAccessKey, secretKey: tenantSecretKey}, nil
 }
 
 func getTenant(ctx context.Context, operatorClient OperatorClientI, namespace, tenantName string) (*miniov2.Tenant, error) {

operatorapi/utils.go

@@ -18,19 +18,21 @@ package operatorapi
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 func GetTenantConfiguration(ctx context.Context, clientSet K8sClientI, tenant *miniov2.Tenant) (map[string]string, error) {
+	if tenant == nil {
+		return nil, errors.New("tenant cannot be nil")
+	}
 	tenantConfiguration := map[string]string{}
-
 	for _, config := range tenant.GetEnvVars() {
 		tenantConfiguration[config.Name] = config.Value
 	}
-
 	if tenant.HasCredsSecret() {
 		minioSecret, err := clientSet.getSecret(ctx, tenant.Namespace, tenant.Spec.CredsSecret.Name, metav1.GetOptions{})
 		if err != nil {
@@ -41,7 +43,6 @@ func GetTenantConfiguration(ctx context.Context, clientSet K8sClientI, tenant *m
 			tenantConfiguration[key] = string(val)
 		}
 	}
-
 	if tenant.HasConfigurationSecret() {
 		minioConfigurationSecret, err := clientSet.getSecret(ctx, tenant.Namespace, tenant.Spec.Configuration.Name, metav1.GetOptions{})
 		if err == nil {