diff --git a/go.mod b/go.mod index 8d4075c9..ae8f8f45 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/imdario/mergo v0.3.16 github.com/magiconair/properties v1.8.9 github.com/mitchellh/hashstructure v1.1.0 - github.com/nais/liberator v0.0.0-20250319104751-ae803ff00b4f + github.com/nais/liberator v0.0.0-20250408101050-2ffa1b42f7f2 github.com/novln/docker-parser v1.0.0 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0 github.com/prometheus/client_golang v1.22.0 @@ -24,9 +24,9 @@ require ( github.com/stretchr/testify v1.10.0 google.golang.org/protobuf v1.36.6 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.32.1 - k8s.io/apimachinery v0.32.1 - k8s.io/client-go v0.32.1 + k8s.io/api v0.32.2 + k8s.io/apimachinery v0.32.2 + k8s.io/client-go v0.32.2 k8s.io/utils v0.0.0-20241210054802-24370beab758 sigs.k8s.io/controller-runtime v0.20.1 ) @@ -94,7 +94,7 @@ require ( gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.32.1 // indirect + k8s.io/apiextensions-apiserver v0.32.2 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect diff --git a/go.sum b/go.sum index 4de8e9b4..29f94c92 100644 --- a/go.sum +++ b/go.sum @@ -117,8 +117,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/nais/liberator v0.0.0-20250319104751-ae803ff00b4f h1:sQkwvc4OPh/vT2Bf6iarIZCxAhh1NZNxcQpeM7WhdMI= -github.com/nais/liberator v0.0.0-20250319104751-ae803ff00b4f/go.mod h1:F3YcGoCG6HAyX5R2tgGH79/R0LBAU2xtRgRaveSXKiA= +github.com/nais/liberator v0.0.0-20250408101050-2ffa1b42f7f2 h1:D0sz4dQXye5DdmW1PAMVn9f27eb+ZIoe/+vz9o+uKRo= +github.com/nais/liberator v0.0.0-20250408101050-2ffa1b42f7f2/go.mod h1:UJvCuiANXCb54BuAIKoHY4EczdVhqxi0JIoj4393lC4= github.com/novln/docker-parser v1.0.0 h1:PjEBd9QnKixcWczNGyEdfUrP6GR0YUilAqG7Wksg3uc= github.com/novln/docker-parser v1.0.0/go.mod h1:oCeM32fsoUwkwByB5wVjsrsVQySzPWkl3JdlTn1txpE= github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= @@ -268,14 +268,14 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc= -k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k= -k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw= -k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto= -k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= -k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= -k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU= -k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg= +k8s.io/api v0.32.2 h1:bZrMLEkgizC24G9eViHGOPbW+aRo9duEISRIJKfdJuw= +k8s.io/api v0.32.2/go.mod h1:hKlhk4x1sJyYnHENsrdCWw31FEmCijNGPJO5WzHiJ6Y= +k8s.io/apiextensions-apiserver v0.32.2 h1:2YMk285jWMk2188V2AERy5yDwBYrjgWYggscghPCvV4= +k8s.io/apiextensions-apiserver v0.32.2/go.mod h1:GPwf8sph7YlJT3H6aKUWtd0E+oyShk/YHWQHf/OOgCA= +k8s.io/apimachinery v0.32.2 h1:yoQBR9ZGkA6Rgmhbp/yuT9/g+4lxtsGYwW6dR6BDPLQ= +k8s.io/apimachinery v0.32.2/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.2 h1:4dYCD4Nz+9RApM2b/3BtVvBHw54QjMFUl1OLcJG5yOA= +k8s.io/client-go v0.32.2/go.mod h1:fpZ4oJXclZ3r2nDOv+Ux3XcJutfrwjKTCHz2H3sww94= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg= diff --git a/pkg/resourcecreator/aiven/aiven.go b/pkg/resourcecreator/aiven/aiven.go index 4d25dae4..85daae9e 100644 --- a/pkg/resourcecreator/aiven/aiven.go +++ b/pkg/resourcecreator/aiven/aiven.go @@ -39,6 +39,7 @@ type Config interface { GetAivenGeneration() int } +// TODO: Remove once all aiven secrets are per service func generateSharedAivenSecretName(name string, generation int) (string, error) { prefixedName := fmt.Sprintf("aiven-%s", name) year, week := time.Now().ISOWeek() @@ -48,6 +49,15 @@ func generateSharedAivenSecretName(name string, generation int) (string, error) return namegen.SuffixedShortName(prefixedName, suffix, maxLen) } +func generateAivenSecretName(name, service, generation string) (string, error) { + prefixedName := fmt.Sprintf("aiven-%s-%s", service, name) + year, week := time.Now().ISOWeek() + suffix := fmt.Sprintf("%d-%d-%s", year, week, generation) + maxLen := validation.DNS1035LabelMaxLength + + return namegen.SuffixedShortName(prefixedName, suffix, maxLen) +} + func Create(source Source, ast *resource.Ast, config Config) error { secretName, err := generateSharedAivenSecretName(source.GetName(), config.GetAivenGeneration()) if err != nil { diff --git a/pkg/resourcecreator/aiven/opensearch.go b/pkg/resourcecreator/aiven/opensearch.go index f7f36df1..674e3fa6 100644 --- a/pkg/resourcecreator/aiven/opensearch.go +++ b/pkg/resourcecreator/aiven/opensearch.go @@ -18,10 +18,16 @@ func OpenSearch(ast *resource.Ast, openSearch *nais_io_v1.OpenSearch, aivenApp * return false, fmt.Errorf("OpenSearch enabled, but no instance specified") } - addOpenSearchEnvVariables(ast, aivenApp.Spec.SecretName) + secretName, err := generateAivenSecretName(aivenApp.Name, "opensearch", aivenApp.ObjectMeta.Labels["aiven.nais.io/secret-generation"]) + if err != nil { + return false, err + } + + addOpenSearchEnvVariables(ast, secretName) aivenApp.Spec.OpenSearch = &aiven_nais_io_v1.OpenSearchSpec{ - Instance: fmt.Sprintf("opensearch-%s-%s", aivenApp.GetNamespace(), openSearch.Instance), - Access: openSearch.Access, + Instance: fmt.Sprintf("opensearch-%s-%s", aivenApp.GetNamespace(), openSearch.Instance), + Access: openSearch.Access, + SecretName: secretName, } ast.Labels["aiven"] = "enabled" diff --git a/pkg/resourcecreator/testdata/naisjob/cronjob_open_search.yaml b/pkg/resourcecreator/testdata/naisjob/cronjob_open_search.yaml index fb7f8613..447b6eee 100644 --- a/pkg/resourcecreator/testdata/naisjob/cronjob_open_search.yaml +++ b/pkg/resourcecreator/testdata/naisjob/cronjob_open_search.yaml @@ -25,7 +25,8 @@ tests: name: "secret name is generated" resource: spec: - secretName: ^aiven-mynaisjob-.{8}-\d{4}-\d\d?-0$ + openSearch: + secretName: ^aiven-opensearch-mynaisjob-.{8}-\d{4}-\d\d?-0$ - name: "instance and access is propagated" type: subset resource: @@ -56,26 +57,26 @@ tests: valueFrom: secretKeyRef: key: OPEN_SEARCH_USERNAME - name: ^aiven-mynaisjob-.{8}-\d{4}-\d\d?-0$ + name: ^aiven-opensearch-mynaisjob-.{8}-\d{4}-\d\d?-0$ - name: OPEN_SEARCH_PASSWORD valueFrom: secretKeyRef: key: OPEN_SEARCH_PASSWORD - name: ^aiven-mynaisjob-.{8}-\d{4}-\d\d?-0$ + name: ^aiven-opensearch-mynaisjob-.{8}-\d{4}-\d\d?-0$ - name: OPEN_SEARCH_URI valueFrom: secretKeyRef: key: OPEN_SEARCH_URI - name: ^aiven-mynaisjob-.{8}-\d{4}-\d\d?-0$ + name: ^aiven-opensearch-mynaisjob-.{8}-\d{4}-\d\d?-0$ - name: OPEN_SEARCH_HOST valueFrom: secretKeyRef: key: OPEN_SEARCH_HOST - name: ^aiven-mynaisjob-.{8}-\d{4}-\d\d?-0$ + name: ^aiven-opensearch-mynaisjob-.{8}-\d{4}-\d\d?-0$ optional: true - name: OPEN_SEARCH_PORT valueFrom: secretKeyRef: key: OPEN_SEARCH_PORT - name: ^aiven-mynaisjob-.{8}-\d{4}-\d\d?-0$ + name: ^aiven-opensearch-mynaisjob-.{8}-\d{4}-\d\d?-0$ optional: true diff --git a/pkg/resourcecreator/testdata/open_search.yaml b/pkg/resourcecreator/testdata/open_search.yaml index 1276effd..98e341e9 100644 --- a/pkg/resourcecreator/testdata/open_search.yaml +++ b/pkg/resourcecreator/testdata/open_search.yaml @@ -24,7 +24,8 @@ tests: name: "secret name is generated" resource: spec: - secretName: ^aiven-myapplication-.{8}-\d{4}-\d\d?-0$ + openSearch: + secretName: ^aiven-opensearch-myapplication-.{8}-\d{4}-\d\d?-0$ - name: "instance and access is propagated" type: subset resource: @@ -53,26 +54,26 @@ tests: valueFrom: secretKeyRef: key: OPEN_SEARCH_USERNAME - name: ^aiven-myapplication-.{8}-\d{4}-\d\d?-0$ + name: ^aiven-opensearch-myapplication-.{8}-\d{4}-\d\d?-0$ - name: OPEN_SEARCH_PASSWORD valueFrom: secretKeyRef: key: OPEN_SEARCH_PASSWORD - name: ^aiven-myapplication-.{8}-\d{4}-\d\d?-0$ + name: ^aiven-opensearch-myapplication-.{8}-\d{4}-\d\d?-0$ - name: OPEN_SEARCH_URI valueFrom: secretKeyRef: key: OPEN_SEARCH_URI - name: ^aiven-myapplication-.{8}-\d{4}-\d\d?-0$ + name: ^aiven-opensearch-myapplication-.{8}-\d{4}-\d\d?-0$ - name: OPEN_SEARCH_HOST valueFrom: secretKeyRef: key: OPEN_SEARCH_HOST - name: ^aiven-myapplication-.{8}-\d{4}-\d\d?-0$ + name: ^aiven-opensearch-myapplication-.{8}-\d{4}-\d\d?-0$ optional: true - name: OPEN_SEARCH_PORT valueFrom: secretKeyRef: key: OPEN_SEARCH_PORT - name: ^aiven-myapplication-.{8}-\d{4}-\d\d?-0$ + name: ^aiven-opensearch-myapplication-.{8}-\d{4}-\d\d?-0$ optional: true