Support locking (#275)

* Add ObjectLockConfiguration to Bucket CRD * Add ObjectLockConfigurationClient sub resource
linode · Jul 8, 2024 · 5553134 · 5553134
1 parent 4b58310
commit 5553134
Show file tree

Hide file tree

Showing 26 changed files with 2,015 additions and 71 deletions.
diff --git a/Makefile b/Makefile
@@ -365,7 +365,7 @@ nilcheck: $(NILAWAY) ## Run nil check against codemake.
 	@# Backendstore contains mostly nil safe generated files.
 	@# Lifecycleconfig_helper has false positive reports: https://github.com/uber-go/nilaway/issues/207
 	go list ./... | xargs -I {} -d '\n' $(NILAWAY) \
-		-exclude-errors-in-files $(PWD)/internal/controller/bucket/bucket_backends.go,$(PWD)/internal/rgw/lifecycleconfig_helpers.go \
+		-exclude-errors-in-files $(PWD)/internal/controller/bucket/bucket_backends.go,$(PWD)/internal/rgw/lifecycleconfig_helpers.go,$(PWD)/internal/rgw/objectlockconfiguration_helpers.go \
 		-exclude-pkgs github.com/linode/provider-ceph/apis/provider-ceph/v1alpha1,github.com/linode/provider-ceph/internal/backendstore \
 		-include-pkgs {} ./...
 

diff --git a/apis/provider-ceph/v1alpha1/bucket_types.go b/apis/provider-ceph/v1alpha1/bucket_types.go
@@ -54,6 +54,7 @@ type BucketParameters struct {
 	GrantWriteACP *string `json:"grantWriteACP,omitempty"`
 
 	// Specifies whether you want S3 Object Lock to be enabled for the new bucket.
+	// +kubebuilder:validation:Enum=true;null
 	ObjectLockEnabledForBucket *bool `json:"objectLockEnabledForBucket,omitempty"`
 
 	// The container element for object ownership for a bucket's ownership controls.
@@ -88,6 +89,10 @@ type BucketParameters struct {
 	// +optional
 	VersioningConfiguration *VersioningConfiguration `json:"versioningConfiguration,omitempty"`
 
+	// ObjectLockConfiguration describes the desired object lock state of an S3 bucket.
+	// +optional
+	ObjectLockConfiguration *ObjectLockConfiguration `json:"objectLockConfiguration,omitempty"`
+
 	// AssumeRoleTags may be used to add custom values to an AssumeRole request.
 	// +optional
 	AssumeRoleTags []Tag `json:"assumeRoleTags,omitempty"`
@@ -114,6 +119,11 @@ type BackendInfo struct {
 	// configuration on the S3 backend. Use a pointer to allow nil value when
 	// there is no versioning configuration.
 	VersioningConfigurationCondition *xpv1.Condition `json:"versioningConfigurationCondition,omitempty"`
+	// +optional
+	// ObjectLockConfigurationCondition is the condition of the object lock
+	// configuration on the S3 backend. Use a pointer to allow nil value when
+	// there is no object lock configuration.
+	ObjectLockConfigurationCondition *xpv1.Condition `json:"objectLockConfigurationCondition,omitempty"`
 }
 
 // Backends is a map of the names of the S3 backends to BackendInfo.

diff --git a/apis/provider-ceph/v1alpha1/objectlockconfiguration_types.go b/apis/provider-ceph/v1alpha1/objectlockconfiguration_types.go
@@ -0,0 +1,53 @@
+package v1alpha1
+
+type ObjectLockEnabled string
+
+const (
+	ObjectLockEnabledEnabled ObjectLockEnabled = "Enabled"
+)
+
+type DefaultRetentionMode string
+
+const (
+	ModeGovernance DefaultRetentionMode = "GOVERNANCE"
+	ModeCompliance DefaultRetentionMode = "COMPLIANCE"
+)
+
+// ObjectLockConfiguration describes the object lock state of an S3 bucket.
+type ObjectLockConfiguration struct {
+	// +optional.
+	// Indicates whether this bucket has an Object Lock configuration enabled. Enable
+	// ObjectLockEnabled when you apply ObjectLockConfiguration to a bucket.
+	// +kubebuilder:validation:Enum=Enabled
+	ObjectLockEnabled *ObjectLockEnabled `json:"objectLockEnabled,omitempty"`
+	// +optional.
+	// Specifies the Object Lock rule for the specified object. Enable this rule
+	// when you apply ObjectLockConfiguration to a bucket. Bucket settings require
+	// both a mode and a period. The period can be either Days or Years but you must
+	// select one. You cannot specify Days and Years at the same time.
+	Rule *ObjectLockRule `json:"objectLockRule,omitempty"`
+}
+
+type ObjectLockRule struct {
+	// +optional.
+	// The default Object Lock retention mode and period that you want to apply to new
+	// objects placed in the specified bucket. Bucket settings require both a mode and
+	// a period. The period can be either Days or Years but you must select one. You
+	// cannot specify Days and Years at the same time.
+	DefaultRetention *DefaultRetention `json:"defaultRetention,omitempty"`
+}
+
+type DefaultRetention struct {
+	// +optional.
+	// The number of days that you want to specify for the default retention period.
+	// Must be used with Mode.
+	Days *int32 `json:"days,omitempty"`
+	// The default Object Lock retention mode you want to apply to new objects placed
+	// in the specified bucket. Must be used with either Days or Years.
+	// +kubebuilder:validation:Enum=GOVERNANCE;COMPLIANCE
+	Mode DefaultRetentionMode `json:"mode,omitempty"`
+	// +optional.
+	// The number of years that you want to specify for the default retention period.
+	// Must be used with Mode.
+	Years *int32 `json:"years,omitempty"`
+}
diff --git a/apis/provider-ceph/v1alpha1/zz_generated.deepcopy.go b/apis/provider-ceph/v1alpha1/zz_generated.deepcopy.go
diff --git a/e2e/tests/ceph/chainsaw-test.yaml b/e2e/tests/ceph/chainsaw-test.yaml
@@ -62,7 +62,9 @@ spec:
           spec:
             providers:
             - ceph-cluster
-            forProvider: {} 
+            forProvider:
+              objectLockEnabledForBucket: true
+
     - apply:
         resource:
           apiVersion: provider-ceph.ceph.crossplane.io/v1alpha1
@@ -135,7 +137,7 @@ spec:
         - $CEPH_ADDRESS
         entrypoint: ../../../hack/expect_bucket.sh
 
-  - name: Apply lifecycle configuration and versioning configuration to test-bucket.
+  - name: Apply lifecycle, versioning and object lock configurations to test-bucket.
     try:
     - apply:
         resource: 
@@ -147,6 +149,13 @@ spec:
             providers:
             - ceph-cluster
             forProvider:
+              objectLockEnabledForBucket: true
+              objectLockConfiguration:
+                objectLockEnabled: "Enabled"
+                objectLockRule:
+                  defaultRetention:
+                    days: 1 
+                    mode: "COMPLIANCE"
               versioningConfiguration:
                 status: "Enabled"
               lifecycleConfiguration:
@@ -201,6 +210,10 @@ spec:
                     reason: Available
                     status: "True"
                     type: Ready
+                  objectLockConfigurationCondition:
+                    reason: Available
+                    status: "True"
+                    type: Ready
             conditions:
             - reason: Available
               status: "True"
@@ -209,7 +222,7 @@ spec:
               status: "True"
               type: Synced
 
-  - name: Disable lifecycle configuration and remove versioning configuration on test-bucket.
+  - name: Disable lifecycle configuration and edit object lock configuration on test-bucket.
     try:
     - apply:
         resource:
@@ -224,7 +237,11 @@ spec:
             - ceph-cluster
             lifecycleConfigurationDisabled: true
             forProvider:
+              objectLockEnabledForBucket: true
+              objectLockConfiguration:
+                objectLockEnabled: "Enabled"
               versioningConfiguration:
+                status: "Enabled"
               lifecycleConfiguration:
                 # Example rules https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html
                 rules: