Infer secure based on the scheme provided.

Signed-off-by: Achyut Madhusudan <amadhusu@redhat.com>
opendatahub-io · Jul 10, 2023 · 27325ee · 27325ee
1 parent 7f825a6
commit 27325ee
Show file tree

Hide file tree

Showing 12 changed files with 30 additions and 0 deletions.
diff --git a/api/v1alpha1/dspipeline_types.go b/api/v1alpha1/dspipeline_types.go
@@ -215,6 +215,9 @@ type ExternalStorage struct {
 	Bucket              string `json:"bucket"`
 	Scheme              string `json:"scheme"`
 	*S3CredentialSecret `json:"s3CredentialsSecret"`
+	// +kubebuilder:default:=true
+	// +kubebuilder:validation:Optional
+	Secure bool `json:"secure"`
 	// +kubebuilder:validation:Optional
 	Port string `json:"port"`
 }

diff --git a/...ses/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml b/...ses/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml
@@ -456,6 +456,9 @@ spec:
                         type: object
                       scheme:
                         type: string
+                      secure:
+                        default: true
+                        type: boolean
                     required:
                     - bucket
                     - host

diff --git a/config/internal/apiserver/deployment.yaml.tmpl b/config/internal/apiserver/deployment.yaml.tmpl
@@ -84,6 +84,8 @@ spec:
                 secretKeyRef:
                   key: "{{.ObjectStorageConnection.CredentialsSecret.SecretKey}}"
                   name: "{{.ObjectStorageConnection.CredentialsSecret.SecretName}}"
+            - name: OBJECTSTORECONFIG_SECURE
+              value: "{{.ObjectStorageConnection.Secure}}"
             - name: MINIO_SERVICE_SERVICE_HOST
               value: "{{.ObjectStorageConnection.Host}}"
             - name: MINIO_SERVICE_SERVICE_PORT

diff --git a/config/internal/minio/secret.yaml.tmpl b/config/internal/minio/secret.yaml.tmpl
@@ -9,6 +9,7 @@ metadata:
 stringData:
   host: "{{.ObjectStorageConnection.Host}}"
   port: "{{.ObjectStorageConnection.Port}}"
+  secure: "{{.ObjectStorageConnection.Secure}}"
 data:
   accesskey: "{{.ObjectStorageConnection.AccessKeyID}}"
   secretkey: "{{.ObjectStorageConnection.SecretAccessKey}}"
diff --git a/controllers/config/defaults.go b/controllers/config/defaults.go
@@ -42,6 +42,7 @@ const (
 	MinioHostPrefix    = "minio"
 	MinioPort          = "9000"
 	MinioScheme        = "http"
+	MinioSecure        = false
 	MinioDefaultBucket = "mlpipeline"
 	MinioPVCSize       = "10Gi"
 

diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go
@@ -66,6 +66,7 @@ type ObjectStorageConnection struct {
 	Host              string
 	Port              string
 	Scheme            string
+	Secure            bool
 	Endpoint          string // scheme://host:port
 	AccessKeyID       string
 	SecretAccessKey   string
@@ -234,6 +235,11 @@ func (p *DSPAParams) SetupObjectParams(ctx context.Context, dsp *dspa.DataScienc
 		p.ObjectStorageConnection.Bucket = dsp.Spec.ObjectStorage.ExternalStorage.Bucket
 		p.ObjectStorageConnection.Host = dsp.Spec.ObjectStorage.ExternalStorage.Host
 		p.ObjectStorageConnection.Scheme = dsp.Spec.ObjectStorage.ExternalStorage.Scheme
+		if p.ObjectStorageConnection.Scheme == "https" {
+			p.ObjectStorageConnection.Secure = true
+		} else {
+			p.ObjectStorageConnection.Secure = false
+		}
 		// Port can be empty, which is fine.
 		p.ObjectStorageConnection.Port = dsp.Spec.ObjectStorage.ExternalStorage.Port
 		customCreds = dsp.Spec.ObjectStorage.ExternalStorage.S3CredentialSecret
@@ -263,6 +269,8 @@ func (p *DSPAParams) SetupObjectParams(ctx context.Context, dsp *dspa.DataScienc
 		)
 		p.ObjectStorageConnection.Port = config.MinioPort
 		p.ObjectStorageConnection.Scheme = config.MinioScheme
+		p.ObjectStorageConnection.Secure = config.MinioSecure
+
 		if p.Minio.S3CredentialSecret != nil {
 			customCreds = p.Minio.S3CredentialSecret
 		}
@@ -341,6 +349,7 @@ func (p *DSPAParams) SetupObjectParams(ctx context.Context, dsp *dspa.DataScienc
 	}
 
 	return nil
+
 }
 
 func (p *DSPAParams) SetupMLMD(ctx context.Context, dsp *dspa.DataSciencePipelinesApplication, client client.Client, log logr.Logger) error {

diff --git a/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml
@@ -84,6 +84,8 @@ spec:
                 secretKeyRef:
                   key: "secretkey"
                   name: "mlpipeline-minio-artifact"
+            - name: OBJECTSTORECONFIG_SECURE
+              value: "false"
             - name: MINIO_SERVICE_SERVICE_HOST
               value: "minio-testdsp0.default.svc.cluster.local"
             - name: MINIO_SERVICE_SERVICE_PORT

diff --git a/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml
@@ -84,6 +84,8 @@ spec:
                 secretKeyRef:
                   key: "secretkey"
                   name: "mlpipeline-minio-artifact"
+            - name: OBJECTSTORECONFIG_SECURE
+              value: "false"
             - name: MINIO_SERVICE_SERVICE_HOST
               value: "minio-testdsp2.default.svc.cluster.local"
             - name: MINIO_SERVICE_SERVICE_PORT

diff --git a/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml
@@ -84,6 +84,8 @@ spec:
                 secretKeyRef:
                   key: "secretkey"
                   name: "mlpipeline-minio-artifact"
+            - name: OBJECTSTORECONFIG_SECURE
+              value: "true"
             - name: MINIO_SERVICE_SERVICE_HOST
               value: "teststoragehost3"
             - name: MINIO_SERVICE_SERVICE_PORT

diff --git a/controllers/testdata/declarative/case_3/expected/created/storage_secret.yaml b/controllers/testdata/declarative/case_3/expected/created/storage_secret.yaml
@@ -11,4 +11,5 @@ data:
   host: dGVzdHN0b3JhZ2Vob3N0Mw==
   port: ODA=
   secretkey: dGVzdHNlY3JldGtleXZhbHVlMw==
+  secure: dHJ1ZQ==
 type: Opaque
diff --git a/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml
@@ -84,6 +84,8 @@ spec:
                 secretKeyRef:
                   key: "secretkey"
                   name: "mlpipeline-minio-artifact"
+            - name: OBJECTSTORECONFIG_SECURE
+              value: "false"
             - name: MINIO_SERVICE_SERVICE_HOST
               value: "minio-testdsp4.default.svc.cluster.local"
             - name: MINIO_SERVICE_SERVICE_PORT

diff --git a/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml
@@ -84,6 +84,8 @@ spec:
                 secretKeyRef:
                   key: "secretkey"
                   name: "mlpipeline-minio-artifact"
+            - name: OBJECTSTORECONFIG_SECURE
+              value: "false"
             - name: MINIO_SERVICE_SERVICE_HOST
               value: "minio-testdsp5.default.svc.cluster.local"
             - name: MINIO_SERVICE_SERVICE_PORT