From 90277793768cdcea9f11cfd33ff717c309d69ac0 Mon Sep 17 00:00:00 2001 From: SergioLangaritaBenitez Date: Tue, 16 Jul 2024 13:40:31 +0200 Subject: [PATCH 1/5] update mount multitenancy user bucket --- pkg/handlers/create.go | 20 ++++++++++++++++++++ pkg/handlers/delete.go | 8 ++++++++ pkg/types/expose.go | 10 ++-------- 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/pkg/handlers/create.go b/pkg/handlers/create.go index 484a2945..2c72c653 100644 --- a/pkg/handlers/create.go +++ b/pkg/handlers/create.go @@ -417,6 +417,26 @@ func createBuckets(service *types.Service, cfg *types.Config, minIOAdminClient * return fmt.Errorf("error creating bucket %s: %v", splitPath[0], err) } } + if !isUpdate { + if !isAdminUser { + if len(allowed_users) == 0 { + err = minIOAdminClient.AddServiceToAllUsersGroup(splitPath[0]) + if err != nil { + return fmt.Errorf("error adding service %s to all users group: %v", splitPath[0], err) + } + } else { + err = minIOAdminClient.CreateServiceGroup(splitPath[0]) + if err != nil { + return fmt.Errorf("error creating service group for bucket %s: %v", splitPath[0], err) + } + + err = minIOAdminClient.UpdateUsersInGroup(allowed_users, splitPath[0], false) + if err != nil { + return err + } + } + } + } // Create folder(s) if len(splitPath) == 2 { // Add "/" to the end of the key in order to create a folder diff --git a/pkg/handlers/delete.go b/pkg/handlers/delete.go index 2f453e4a..19d0e126 100644 --- a/pkg/handlers/delete.go +++ b/pkg/handlers/delete.go @@ -74,6 +74,14 @@ func MakeDeleteHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand minIOAdminClient.UpdateUsersInGroup(users, bucket[0], true) } + if service.Mount.Path != "" { + path := strings.Trim(service.Mount.Path, " /") + // Split buckets and folders from path + bucket := strings.SplitN(path, "/", 2) + var users []string + minIOAdminClient.UpdateUsersInGroup(users, bucket[0], true) + } + // Disable input notifications if err := disableInputNotifications(service.GetMinIOWebhookARN(), service.Input, service.StorageProviders.MinIO[types.DefaultProvider]); err != nil { log.Printf("Error disabling MinIO input notifications for service \"%s\": %v\n", service.Name, err) diff --git a/pkg/types/expose.go b/pkg/types/expose.go index c812f5b0..0be38895 100644 --- a/pkg/types/expose.go +++ b/pkg/types/expose.go @@ -27,7 +27,6 @@ import ( autos "k8s.io/api/autoscaling/v1" v1 "k8s.io/api/core/v1" net "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/kubernetes" @@ -53,7 +52,7 @@ An exposed service can be of to types: // CreateExpose creates all the kubernetes components func CreateExpose(service Service, kubeClientset kubernetes.Interface, cfg *Config) error { - ExposeLogger.Printf("Creating exposed service: \n%v\n", service) + //ExposeLogger.Printf("Creating exposed service: \n%v\n", service) err := createDeployment(service, kubeClientset, cfg) if err != nil { return fmt.Errorf("error creating deployment for exposed service '%s': %v", service.Name, err) @@ -254,11 +253,6 @@ func getPodTemplateSpec(service Service, cfg *Config) v1.PodTemplateSpec { ContainerPort: int32(service.Expose.APIPort), }, } - podSpec.Containers[i].Resources = v1.ResourceRequirements{ - Requests: v1.ResourceList{ - "cpu": *resource.NewMilliQuantity(500, resource.DecimalSI), - }, - } podSpec.Containers[i].VolumeMounts[0].ReadOnly = false if service.Expose.DefaultCommand { podSpec.Containers[i].Command = nil @@ -516,7 +510,7 @@ func getIngressSpec(service Service, kubeClientset kubernetes.Interface, cfg *Co } annotation := map[string]string{ "nginx.ingress.kubernetes.io/rewrite-target": rewriteOption, - "kubernetes.io/ingress.class": "nginx", + "spec.ingressClassName": "nginx", "nginx.ingress.kubernetes.io/use-regex": "true", } if service.Expose.SetAuth { From 9ec0961d005a54bed8ab6ffbac47d50459b25d3d Mon Sep 17 00:00:00 2001 From: catttam Date: Wed, 17 Jul 2024 09:04:34 +0200 Subject: [PATCH 2/5] Debug logs --- pkg/handlers/create.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/handlers/create.go b/pkg/handlers/create.go index 484a2945..8064f115 100644 --- a/pkg/handlers/create.go +++ b/pkg/handlers/create.go @@ -53,6 +53,7 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand return func(c *gin.Context) { var service types.Service authHeader := c.GetHeader("Authorization") + createLogger.Printf("[*] POST header : %v", authHeader) if len(strings.Split(authHeader, "Bearer")) == 1 { isAdminUser = true service.Owner = "cluster_admin" From 60e113bdead0d8204489aba17267eebeb42703bc Mon Sep 17 00:00:00 2001 From: catttam Date: Wed, 17 Jul 2024 11:42:56 +0200 Subject: [PATCH 3/5] Debug logs --- pkg/handlers/create.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pkg/handlers/create.go b/pkg/handlers/create.go index 8064f115..2595febf 100644 --- a/pkg/handlers/create.go +++ b/pkg/handlers/create.go @@ -55,6 +55,7 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand authHeader := c.GetHeader("Authorization") createLogger.Printf("[*] POST header : %v", authHeader) if len(strings.Split(authHeader, "Bearer")) == 1 { + createLogger.Printf(">>> is admin") isAdminUser = true service.Owner = "cluster_admin" createLogger.Printf("Creating service for user: %s", service.Owner) @@ -67,12 +68,13 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand // Check service values and set defaults checkValues(&service, cfg) - + createLogger.Printf(">>> checked values") // Check if users in allowed_users have a MinIO associated user minIOAdminClient, _ := utils.MakeMinIOAdminClient(cfg) // Service is created by an EGI user if !isAdminUser { + createLogger.Printf(">>> not admin") uid, err := auth.GetUIDFromContext(c) if err != nil { c.String(http.StatusInternalServerError, fmt.Sprintln(err)) @@ -99,6 +101,10 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand break } } + } else { + if len(cfg.OIDCGroups) != 0 { + c.String(http.StatusBadRequest, fmt.Sprintln("service must be part of one of the following VO: ", cfg.OIDCGroups)) + } } if len(service.AllowedUsers) > 0 { @@ -130,6 +136,7 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand } // Create the service + createLogger.Printf(">>> service uid: %s", service.Owner) if err := back.CreateService(service); err != nil { // Check if error is caused because the service name provided already exists if k8sErrors.IsAlreadyExists(err) { From dd2716c7fdcdce038eb083496d06eb5ebf69b26a Mon Sep 17 00:00:00 2001 From: catttam Date: Thu, 25 Jul 2024 12:04:42 +0200 Subject: [PATCH 4/5] Updated ui submodule --- ui | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui b/ui index b64d9452..98de936c 160000 --- a/ui +++ b/ui @@ -1 +1 @@ -Subproject commit b64d94529ea18799faec87cfbd6030aa81af998a +Subproject commit 98de936c5923d3b3ccaef500c1a92f35009bbf53 From a98d86ed76e555db74df34fa4b286c18374eb2b4 Mon Sep 17 00:00:00 2001 From: catttam Date: Thu, 25 Jul 2024 12:30:16 +0200 Subject: [PATCH 5/5] Deleted debug comments --- pkg/handlers/create.go | 5 ----- pkg/types/mount.go | 1 + 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/pkg/handlers/create.go b/pkg/handlers/create.go index c2a41864..79844911 100644 --- a/pkg/handlers/create.go +++ b/pkg/handlers/create.go @@ -53,9 +53,7 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand return func(c *gin.Context) { var service types.Service authHeader := c.GetHeader("Authorization") - createLogger.Printf("[*] POST header : %v", authHeader) if len(strings.Split(authHeader, "Bearer")) == 1 { - createLogger.Printf(">>> is admin") isAdminUser = true service.Owner = "cluster_admin" createLogger.Printf("Creating service for user: %s", service.Owner) @@ -68,13 +66,11 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand // Check service values and set defaults checkValues(&service, cfg) - createLogger.Printf(">>> checked values") // Check if users in allowed_users have a MinIO associated user minIOAdminClient, _ := utils.MakeMinIOAdminClient(cfg) // Service is created by an EGI user if !isAdminUser { - createLogger.Printf(">>> not admin") uid, err := auth.GetUIDFromContext(c) if err != nil { c.String(http.StatusInternalServerError, fmt.Sprintln(err)) @@ -136,7 +132,6 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand } // Create the service - createLogger.Printf(">>> service uid: %s", service.Owner) if err := back.CreateService(service); err != nil { // Check if error is caused because the service name provided already exists if k8sErrors.IsAlreadyExists(err) { diff --git a/pkg/types/mount.go b/pkg/types/mount.go index 1bfd0df2..4c2e5621 100644 --- a/pkg/types/mount.go +++ b/pkg/types/mount.go @@ -46,6 +46,7 @@ done` ephemeralVolumeMount = "/tmpfolder" ) +// SetMount Creates the sidecar container that mounts the source volume onto the pod volume func SetMount(podSpec *v1.PodSpec, service Service, cfg *Config) { podSpec.Containers = append(podSpec.Containers, sidecarPodSpec(service)) termination := int64(5)