diff --git a/CHANGELOG.md b/CHANGELOG.md index d473abb0..644d42fc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ ## [Unreleased] +- Support for passing CAs to GitSync ([#750]). + +[#750]: https://github.com/stackabletech/airflow-operator/pull/750 + ## [26.3.0] - 2026-03-16 ## [26.3.0-rc1] - 2026-03-16 diff --git a/Cargo.lock b/Cargo.lock index e333bd07..abaf7eab 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -97,9 +97,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.101" +version = "1.0.102" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f0e0fee31ef5ed1ba1316088939cea399010ed7731dba877ed44aeb407a75ea" +checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" [[package]] name = "arc-swap" @@ -141,7 +141,7 @@ checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -152,7 +152,7 @@ checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -290,9 +290,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.20.1" +version = "3.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c6f81257d10a0f602a294ae4182251151ff97dbb504ef9afcdda4a64b24d9b4" +checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb" [[package]] name = "bytes" @@ -342,9 +342,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.59" +version = "4.5.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5caf74d17c3aec5495110c34cc3f78644bfa89af6c8993ed4de2790e49b6499" +checksum = "2797f34da339ce31042b27d23607e051786132987f595b02ba4f6a6dffb7030a" dependencies = [ "clap_builder", "clap_derive", @@ -352,9 +352,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.59" +version = "4.5.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "370daa45065b80218950227371916a1633217ae42b2715b2287b606dcd618e24" +checksum = "24a241312cea5059b13574bb9b3861cabf758b879c15190b37b6d6fd63ab6876" dependencies = [ "anstream", "anstyle", @@ -371,7 +371,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -539,7 +539,7 @@ dependencies = [ "proc-macro2", "quote", "strsim", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -550,7 +550,7 @@ checksum = "ac3984ec7bd6cfa798e62b4a642426a5be0e68f9401cfc2a01e3fa9ea2fcdb8d" dependencies = [ "darling_core", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -561,7 +561,7 @@ checksum = "780eb241654bf097afb00fc5f054a09b687dad862e485fdcf8399bb056565370" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -585,7 +585,7 @@ checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -615,7 +615,7 @@ dependencies = [ "proc-macro2", "quote", "rustc_version", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -638,7 +638,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -690,7 +690,7 @@ dependencies = [ "enum-ordinalize", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -754,7 +754,7 @@ checksum = "8ca9601fb2d62598ee17836250842873a413586e5d7ed88b356e38ddbb0ec631" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -932,7 +932,7 @@ checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -1172,6 +1172,12 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" +[[package]] +name = "humantime" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "135b12329e5e3ce057a9f972339ea52bc954fe1e9358ef27f95e89716fbc5424" + [[package]] name = "hyper" version = "1.8.1" @@ -1479,7 +1485,7 @@ checksum = "f7946b4325269738f270bb55b3c19ab5c5040525f83fd625259422a9d25d9be5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -1568,7 +1574,7 @@ dependencies = [ [[package]] name = "k8s-version" version = "0.1.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#7486017f60827d1d769d7bf17bf56adb21f8bb02" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#936b86b03c28ef1bca6d26c34d1353afafe0c59b" dependencies = [ "darling", "regex", @@ -1649,7 +1655,7 @@ dependencies = [ "quote", "serde", "serde_json", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2076,7 +2082,7 @@ dependencies = [ "pest_meta", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2106,7 +2112,7 @@ checksum = "6e918e4ff8c4549eb882f14b3a4bc8c8bc93de829416eacf579f1207a8fbf861" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2194,7 +2200,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" dependencies = [ "proc-macro2", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2260,7 +2266,7 @@ dependencies = [ "itertools", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2379,7 +2385,7 @@ checksum = "b7186006dcb21920990093f30e3dea63b7d6e977bf1256be20c3563a5db070da" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2521,7 +2527,7 @@ dependencies = [ "regex", "relative-path", "rustc_version", - "syn 2.0.116", + "syn 2.0.117", "unicode-ident", ] @@ -2572,9 +2578,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.103.9" +version = "0.103.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53" +checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef" dependencies = [ "ring", "rustls-pki-types", @@ -2625,7 +2631,7 @@ dependencies = [ "proc-macro2", "quote", "serde_derive_internals", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2659,9 +2665,9 @@ dependencies = [ [[package]] name = "security-framework" -version = "3.6.0" +version = "3.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d17b898a6d6948c3a8ee4372c17cb384f90d2e6e912ef00895b14fd7ab54ec38" +checksum = "b7f4bc775c73d9a02cde8bf7b2ec4c9d12743edf609006c7facc23998404cd1d" dependencies = [ "bitflags", "core-foundation", @@ -2672,9 +2678,9 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.16.0" +version = "2.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "321c8673b092a9a42605034a9879d73cb79101ed5fd117bc9a597b89b4e9e61a" +checksum = "6ce2691df843ecc5d231c0b14ece2acc3efb62c0a398c7e1d875f3983ce020e3" dependencies = [ "core-foundation-sys", "libc", @@ -2723,7 +2729,7 @@ checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2734,7 +2740,7 @@ checksum = "18d26a20a969b9e3fdf2fc2d9f21eda6c40e2de84c9408bb5d3b05d499aae711" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2900,7 +2906,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2963,7 +2969,7 @@ dependencies = [ [[package]] name = "stackable-certs" version = "0.4.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#7486017f60827d1d769d7bf17bf56adb21f8bb02" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#936b86b03c28ef1bca6d26c34d1353afafe0c59b" dependencies = [ "const-oid", "ecdsa", @@ -2987,7 +2993,7 @@ dependencies = [ [[package]] name = "stackable-operator" version = "0.108.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#7486017f60827d1d769d7bf17bf56adb21f8bb02" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#936b86b03c28ef1bca6d26c34d1353afafe0c59b" dependencies = [ "clap", "const_format", @@ -3026,18 +3032,18 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#7486017f60827d1d769d7bf17bf56adb21f8bb02" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#936b86b03c28ef1bca6d26c34d1353afafe0c59b" dependencies = [ "darling", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] name = "stackable-shared" version = "0.1.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#7486017f60827d1d769d7bf17bf56adb21f8bb02" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#936b86b03c28ef1bca6d26c34d1353afafe0c59b" dependencies = [ "jiff", "k8s-openapi", @@ -3054,7 +3060,7 @@ dependencies = [ [[package]] name = "stackable-telemetry" version = "0.6.2" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#7486017f60827d1d769d7bf17bf56adb21f8bb02" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#936b86b03c28ef1bca6d26c34d1353afafe0c59b" dependencies = [ "axum", "clap", @@ -3078,7 +3084,7 @@ dependencies = [ [[package]] name = "stackable-versioned" version = "0.8.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#7486017f60827d1d769d7bf17bf56adb21f8bb02" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#936b86b03c28ef1bca6d26c34d1353afafe0c59b" dependencies = [ "schemars", "serde", @@ -3091,7 +3097,7 @@ dependencies = [ [[package]] name = "stackable-versioned-macros" version = "0.8.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#7486017f60827d1d769d7bf17bf56adb21f8bb02" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#936b86b03c28ef1bca6d26c34d1353afafe0c59b" dependencies = [ "convert_case", "convert_case_extras", @@ -3103,18 +3109,19 @@ dependencies = [ "kube", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] name = "stackable-webhook" version = "0.9.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#7486017f60827d1d769d7bf17bf56adb21f8bb02" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#936b86b03c28ef1bca6d26c34d1353afafe0c59b" dependencies = [ "arc-swap", "async-trait", "axum", "futures-util", + "humantime", "hyper", "hyper-util", "k8s-openapi", @@ -3161,7 +3168,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3183,9 +3190,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.116" +version = "2.0.117" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3df424c70518695237746f84cede799c9c58fcb37450d7b23716568cc8bc69cb" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" dependencies = [ "proc-macro2", "quote", @@ -3209,7 +3216,7 @@ checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3238,7 +3245,7 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3249,7 +3256,7 @@ checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3320,7 +3327,7 @@ checksum = "2d2e76690929402faae40aebdda620a2c0e25dd6d3b9afe48867dfd95991f4bd" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3348,7 +3355,7 @@ checksum = "af407857209536a95c8e56f8231ef2c2e2aff839b22e07a1ffcbc617e9db9fa5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3418,9 +3425,9 @@ dependencies = [ [[package]] name = "tonic" -version = "0.14.4" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f32a6f80051a4111560201420c7885d0082ba9efe2ab61875c587bb6b18b9a0" +checksum = "fec7c61a0695dc1887c1b53952990f3ad2e3a31453e1f49f10e75424943a93ec" dependencies = [ "async-trait", "base64", @@ -3445,9 +3452,9 @@ dependencies = [ [[package]] name = "tonic-prost" -version = "0.14.4" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f86539c0089bfd09b1f8c0ab0239d80392af74c21bc9e0f15e1b4aca4c1647f" +checksum = "a55376a0bbaa4975a3f10d009ad763d8f4108f067c7c2e74f3001fb49778d309" dependencies = [ "bytes", "prost", @@ -3538,7 +3545,7 @@ checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3779,7 +3786,7 @@ dependencies = [ "bumpalo", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", "wasm-bindgen-shared", ] @@ -3867,7 +3874,7 @@ checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3878,7 +3885,7 @@ checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -4100,7 +4107,7 @@ dependencies = [ "heck", "indexmap", "prettyplease", - "syn 2.0.116", + "syn 2.0.117", "wasm-metadata", "wit-bindgen-core", "wit-component", @@ -4116,7 +4123,7 @@ dependencies = [ "prettyplease", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", "wit-bindgen-core", "wit-bindgen-rust", ] @@ -4203,7 +4210,7 @@ checksum = "b659052874eb698efe5b9e8cf382204678a0086ebf46982b79d6ca3182927e5d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", "synstructure", ] @@ -4224,7 +4231,7 @@ checksum = "4122cd3169e94605190e77839c9a40d40ed048d305bfdc146e7df40ab0f3e517" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -4244,7 +4251,7 @@ checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", "synstructure", ] @@ -4265,7 +4272,7 @@ checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -4298,7 +4305,7 @@ checksum = "eadce39539ca5cb3985590102671f2567e659fca9666581ad3411d59207951f3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] diff --git a/Cargo.nix b/Cargo.nix index abbbf4e5..2b92d69b 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -332,14 +332,13 @@ rec { }; "anyhow" = rec { crateName = "anyhow"; - version = "1.0.101"; + version = "1.0.102"; edition = "2021"; - sha256 = "1skmg90fnjnlgs3vl7bksw7036d3rqwqj20n2fxd2ppg67p0y3jz"; + sha256 = "0b447dra1v12z474c6z4jmicdmc5yxz5bakympdnij44ckw2s83z"; authors = [ "David Tolnay " ]; features = { - "backtrace" = [ "dep:backtrace" ]; "default" = [ "std" ]; }; resolvedDefaultFeatures = [ "default" "std" ]; @@ -440,7 +439,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" "visit-mut" ]; } ]; @@ -467,7 +466,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "clone-impls" "full" "parsing" "printing" "proc-macro" "visit-mut" ]; } @@ -931,9 +930,9 @@ rec { }; "bumpalo" = rec { crateName = "bumpalo"; - version = "3.20.1"; + version = "3.20.2"; edition = "2021"; - sha256 = "1d6r4i5sd96xzjdfy15mvfbzyl8i4n143blll81gd80hgljq2vsw"; + sha256 = "1jrgxlff76k9glam0akhwpil2fr1w32gbjdf5hpipc7ld2c7h82x"; authors = [ "Nick Fitzgerald " ]; @@ -1096,10 +1095,10 @@ rec { }; "clap" = rec { crateName = "clap"; - version = "4.5.59"; + version = "4.5.60"; edition = "2021"; crateBin = []; - sha256 = "16b4kgj909yyshz9kj7nkalbyi46yz1lrhqha54wbbn32x6zgjn5"; + sha256 = "02h3nzznssjgp815nnbzk0r62y2iw03kdli75c233kirld6z75r7"; dependencies = [ { name = "clap_builder"; @@ -1138,9 +1137,9 @@ rec { }; "clap_builder" = rec { crateName = "clap_builder"; - version = "4.5.59"; + version = "4.5.60"; edition = "2021"; - sha256 = "094fc76nsq3v52r1a9rbwix22cqnda8p2wr2a24j302v0r2sl39p"; + sha256 = "0xk8mdizvmmn6w5ij5cwhy5pbgyac4w9pfvl6nqmjl7a5hql38i4"; dependencies = [ { name = "anstream"; @@ -1196,7 +1195,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" ]; } ]; @@ -1658,7 +1657,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" "extra-traits" ]; } ]; @@ -1689,7 +1688,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; @@ -1715,7 +1714,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" "visit-mut" ]; } ]; @@ -1792,7 +1791,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "extra-traits" ]; } ]; @@ -1894,7 +1893,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; buildDependencies = [ @@ -1991,7 +1990,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; features = { @@ -2157,13 +2156,13 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; devDependencies = [ { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" ]; } ]; @@ -2364,7 +2363,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; features = { @@ -2877,7 +2876,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" ]; } ]; @@ -3696,6 +3695,14 @@ rec { ]; }; + "humantime" = rec { + crateName = "humantime"; + version = "2.3.0"; + edition = "2021"; + sha256 = "092lpipp32ayz4kyyn4k3vz59j9blng36wprm5by0g2ykqr14nqk"; + features = { + }; + }; "hyper" = rec { crateName = "hyper"; version = "1.8.1"; @@ -4798,7 +4805,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; features = { @@ -5052,9 +5059,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "7486017f60827d1d769d7bf17bf56adb21f8bb02"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "936b86b03c28ef1bca6d26c34d1353afafe0c59b"; + sha256 = "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds"; }; libName = "k8s_version"; authors = [ @@ -5520,7 +5527,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "extra-traits" ]; } ]; @@ -7026,7 +7033,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; features = { @@ -7095,7 +7102,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "parsing" "printing" "clone-impls" "proc-macro" "full" "visit-mut" ]; } @@ -7310,7 +7317,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "full" ]; } @@ -7323,7 +7330,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "clone-impls" "extra-traits" "parsing" "printing" "visit-mut" ]; } @@ -7511,7 +7518,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "extra-traits" ]; } ]; @@ -7843,7 +7850,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; @@ -8501,7 +8508,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" "parsing" "extra-traits" "visit" "visit-mut" ]; } { @@ -8658,9 +8665,9 @@ rec { }; "rustls-webpki" = rec { crateName = "rustls-webpki"; - version = "0.103.9"; + version = "0.103.10"; edition = "2021"; - sha256 = "0lwg1nnyv7pp2lfwwjhy81bxm233am99jnsp3iymdhd6k8827pyp"; + sha256 = "1vyipcdbazvhl6kyi1m8n0bg98sk25iv12bby2xcly653awb4cyz"; libName = "webpki"; dependencies = [ { @@ -8843,13 +8850,13 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; devDependencies = [ { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "extra-traits" ]; } ]; @@ -8949,9 +8956,9 @@ rec { }; "security-framework" = rec { crateName = "security-framework"; - version = "3.6.0"; - edition = "2021"; - sha256 = "0f7cajmxfkxijl4g0blidqp0vyc4ndyc2wj3xslc6j39dn58jyyi"; + version = "3.7.0"; + edition = "2024"; + sha256 = "07fd0j29j8yczb3hd430vwz784lx9knb5xwbvqna1nbkbivvrx5p"; libName = "security_framework"; authors = [ "Steven Fackler " @@ -8981,21 +8988,19 @@ rec { } ]; features = { - "OSX_10_12" = [ "security-framework-sys/OSX_10_12" ]; - "OSX_10_13" = [ "OSX_10_12" "security-framework-sys/OSX_10_13" "alpn" "session-tickets" ]; - "OSX_10_14" = [ "OSX_10_13" "security-framework-sys/OSX_10_14" ]; - "OSX_10_15" = [ "OSX_10_14" "security-framework-sys/OSX_10_15" ]; - "default" = [ "OSX_10_12" ]; + "OSX_10_15" = [ "security-framework-sys/OSX_10_15" ]; + "default" = [ "OSX_10_14" "alpn" "session-tickets" ]; "log" = [ "dep:log" ]; + "macos-12" = [ "security-framework-sys/macos-12" ]; "sync-keychain" = [ "OSX_10_13" ]; }; - resolvedDefaultFeatures = [ "OSX_10_12" "default" ]; + resolvedDefaultFeatures = [ "OSX_10_14" "alpn" "default" "session-tickets" ]; }; "security-framework-sys" = rec { crateName = "security-framework-sys"; - version = "2.16.0"; + version = "2.17.0"; edition = "2021"; - sha256 = "06p6x6s8jysrkay1glazxl0r3drwsxwrhjh30lka9acjn1rqc71j"; + sha256 = "1qr0w0y9iwvmv3hwg653q1igngnc5b74xcf0679cbv23z0fnkqkc"; libName = "security_framework_sys"; authors = [ "Steven Fackler " @@ -9012,15 +9017,8 @@ rec { } ]; features = { - "OSX_10_10" = [ "OSX_10_9" ]; - "OSX_10_11" = [ "OSX_10_10" ]; - "OSX_10_12" = [ "OSX_10_11" ]; - "OSX_10_13" = [ "OSX_10_12" ]; - "OSX_10_14" = [ "OSX_10_13" ]; - "OSX_10_15" = [ "OSX_10_14" ]; - "default" = [ "OSX_10_12" ]; + "default" = [ "OSX_10_13" ]; }; - resolvedDefaultFeatures = [ "OSX_10_10" "OSX_10_11" "OSX_10_12" "OSX_10_9" ]; }; "semver" = rec { crateName = "semver"; @@ -9142,7 +9140,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "clone-impls" "derive" "parsing" "printing" "proc-macro" ]; } @@ -9174,7 +9172,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "clone-impls" "derive" "parsing" "printing" ]; } @@ -9661,7 +9659,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" ]; } ]; @@ -9880,9 +9878,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "7486017f60827d1d769d7bf17bf56adb21f8bb02"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "936b86b03c28ef1bca6d26c34d1353afafe0c59b"; + sha256 = "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds"; }; libName = "stackable_certs"; authors = [ @@ -9983,9 +9981,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "7486017f60827d1d769d7bf17bf56adb21f8bb02"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "936b86b03c28ef1bca6d26c34d1353afafe0c59b"; + sha256 = "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds"; }; libName = "stackable_operator"; authors = [ @@ -10155,9 +10153,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "7486017f60827d1d769d7bf17bf56adb21f8bb02"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "936b86b03c28ef1bca6d26c34d1353afafe0c59b"; + sha256 = "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -10179,7 +10177,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; @@ -10190,9 +10188,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "7486017f60827d1d769d7bf17bf56adb21f8bb02"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "936b86b03c28ef1bca6d26c34d1353afafe0c59b"; + sha256 = "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds"; }; libName = "stackable_shared"; authors = [ @@ -10271,9 +10269,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "7486017f60827d1d769d7bf17bf56adb21f8bb02"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "936b86b03c28ef1bca6d26c34d1353afafe0c59b"; + sha256 = "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds"; }; libName = "stackable_telemetry"; authors = [ @@ -10381,9 +10379,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "7486017f60827d1d769d7bf17bf56adb21f8bb02"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "936b86b03c28ef1bca6d26c34d1353afafe0c59b"; + sha256 = "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds"; }; libName = "stackable_versioned"; authors = [ @@ -10425,9 +10423,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "7486017f60827d1d769d7bf17bf56adb21f8bb02"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "936b86b03c28ef1bca6d26c34d1353afafe0c59b"; + sha256 = "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds"; }; procMacro = true; libName = "stackable_versioned_macros"; @@ -10482,7 +10480,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; @@ -10493,9 +10491,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "7486017f60827d1d769d7bf17bf56adb21f8bb02"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "936b86b03c28ef1bca6d26c34d1353afafe0c59b"; + sha256 = "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds"; }; libName = "stackable_webhook"; authors = [ @@ -10519,6 +10517,10 @@ rec { name = "futures-util"; packageId = "futures-util"; } + { + name = "humantime"; + packageId = "humantime"; + } { name = "hyper"; packageId = "hyper"; @@ -10673,7 +10675,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "parsing" ]; } ]; @@ -10727,11 +10729,11 @@ rec { }; resolvedDefaultFeatures = [ "clone-impls" "default" "derive" "full" "parsing" "printing" "proc-macro" "quote" ]; }; - "syn 2.0.116" = rec { + "syn 2.0.117" = rec { crateName = "syn"; - version = "2.0.116"; + version = "2.0.117"; edition = "2021"; - sha256 = "1jv9pk48qmhn6yrdfl3lngy5i74wg7gcx13gfhvm4s8q0p3j9x1x"; + sha256 = "16cv7c0wbn8amxc54n4w15kxlx5ypdmla8s0gxr2l7bv7s0bhrg6"; authors = [ "David Tolnay " ]; @@ -10803,7 +10805,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "derive" "parsing" "printing" "clone-impls" "visit" "extra-traits" ]; } @@ -10870,7 +10872,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; @@ -10896,7 +10898,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; @@ -11113,7 +11115,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "parsing" ]; } ]; @@ -11259,7 +11261,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" ]; } ]; @@ -11486,9 +11488,9 @@ rec { }; "tonic" = rec { crateName = "tonic"; - version = "0.14.4"; + version = "0.14.5"; edition = "2021"; - sha256 = "185r31mvp1y5flcbcapyksx8402xi33j0510c0ai392i03wacckz"; + sha256 = "1v4k7aa28m7722gz9qak2jiy7lis1ycm4fdmq63iip4m0qdcdizy"; authors = [ "Lucio Franco " ]; @@ -11586,7 +11588,7 @@ rec { { name = "tokio"; packageId = "tokio"; - features = [ "rt-multi-thread" "macros" ]; + features = [ "rt-multi-thread" "macros" "test-util" ]; } { name = "tower"; @@ -11615,9 +11617,9 @@ rec { }; "tonic-prost" = rec { crateName = "tonic-prost"; - version = "0.14.4"; + version = "0.14.5"; edition = "2021"; - sha256 = "0zv4q6jard712l7rxg119kvjlfc0kliv02lc3ydx1gw902f571lz"; + sha256 = "02fkg2bv87q0yds2wz3w0s7i1x6qcgbrl00dy6ipajdapfh7clx5"; libName = "tonic_prost"; authors = [ "Lucio Franco " @@ -12017,7 +12019,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "full" "parsing" "printing" "visit-mut" "clone-impls" "extra-traits" "proc-macro" ]; } @@ -12756,7 +12758,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "visit" "visit-mut" "full" ]; } { @@ -13468,7 +13470,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "parsing" "proc-macro" "printing" "full" "clone-impls" ]; } @@ -13495,7 +13497,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "parsing" "proc-macro" "printing" "full" "clone-impls" ]; } @@ -14671,7 +14673,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "printing" ]; } { @@ -14722,7 +14724,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "printing" ]; } { @@ -15035,7 +15037,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "fold" ]; } { @@ -15103,14 +15105,14 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" ]; } ]; devDependencies = [ { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "visit" ]; } ]; @@ -15159,7 +15161,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "fold" ]; } { @@ -15213,7 +15215,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" "extra-traits" "visit" ]; } ]; @@ -15315,7 +15317,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "extra-traits" ]; } ]; diff --git a/Cargo.toml b/Cargo.toml index 8b72d390..dcb936c0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -33,5 +33,6 @@ tokio = { version = "1.40", features = ["full"] } tracing = "0.1" [patch."https://github.com/stackabletech/operator-rs.git"] -# stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" } +# TODO revert this before merging! +stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "feat/gitsync-ca-support" } # stackable-operator = { path = "../operator-rs/crates/stackable-operator" } diff --git a/crate-hashes.json b/crate-hashes.json index b8d22d86..92e2cd24 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -4,14 +4,14 @@ "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube-derive@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube-runtime@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#k8s-version@0.1.3": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#stackable-certs@0.4.0": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#stackable-operator-derive@0.3.1": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#stackable-operator@0.108.0": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#stackable-shared@0.1.0": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#stackable-telemetry@0.6.2": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#stackable-versioned-macros@0.8.3": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#stackable-versioned@0.8.3": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.108.0#stackable-webhook@0.9.0": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#k8s-version@0.1.3": "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-certs@0.4.0": "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-operator-derive@0.3.1": "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-operator@0.108.0": "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-shared@0.1.0": "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-telemetry@0.6.2": "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-versioned-macros@0.8.3": "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-versioned@0.8.3": "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-webhook@0.9.0": "1pbghzc5vg2mn6ggvbr7s2h80dr1ydbmph7n29g9f4kd1d7pa4ds", "git+https://github.com/stackabletech/product-config.git?tag=0.8.0#product-config@0.8.0": "1dz70kapm2wdqcr7ndyjji0lhsl98bsq95gnb2lw487wf6yr7987" } \ No newline at end of file diff --git a/docs/modules/airflow/examples/example-airflow-gitsync-https.yaml b/docs/modules/airflow/examples/example-airflow-gitsync-https.yaml index 7589c9eb..63db20cb 100644 --- a/docs/modules/airflow/examples/example-airflow-gitsync-https.yaml +++ b/docs/modules/airflow/examples/example-airflow-gitsync-https.yaml @@ -22,7 +22,11 @@ spec: --rev: HEAD # <10> # --rev: git-sync-tag # N.B. tag must be covered by "depth" (the number of commits to clone) # --rev: 39ee3598bd9946a1d958a448c9f7d3774d7a8043 # N.B. commit must be covered by "depth" - --git-config: http.sslCAInfo:/tmp/ca-cert/ca.crt # <11> + tls: + verification: + server: + caCert: + secretClass: git-ca-cert # <11> webservers: ... --- diff --git a/docs/modules/airflow/pages/usage-guide/mounting-dags.adoc b/docs/modules/airflow/pages/usage-guide/mounting-dags.adoc index cd03fc3b..c81b1066 100644 --- a/docs/modules/airflow/pages/usage-guide/mounting-dags.adoc +++ b/docs/modules/airflow/pages/usage-guide/mounting-dags.adoc @@ -65,10 +65,15 @@ include::example$example-airflow-gitsync-https.yaml[] This should include two fields: `user` and `password` (which can be either a password -- which is not recommended -- or a GitHub token, as described https://github.com/kubernetes/git-sync/tree/v3.6.4#flags-which-configure-authentication[here]) <9> A map of optional configuration settings that are listed in https://github.com/kubernetes/git-sync/tree/v4.2.1?tab=readme-ov-file#manual[this] configuration section (and the ones that follow on that link) <10> An example showing how to specify a target revision (the default is HEAD). - The revision can also be a tag or a commit, though this assumes that the target hash is contained within the number of commits specified by `depth`. - If a tag or commit hash is specified, then git-sync recognizes this and does not perform further cloning. -<11> Git-sync settings can be provided inline, although some of these (`--dest`, `--root`) are specified internally in the operator and are ignored if provided by the user. - Git-config settings can also be specified, although a warning is logged if `safe.directory` is specified as this is defined internally, and should not be defined by the user. + The revision can also be a tag or a commit, though this assumes that the target hash is contained within the number of commits specified by `depth`. + If a tag or commit hash is specified, then git-sync recognizes this and does not perform further cloning. + Git-sync settings can be provided inline, although some of these (`--dest`, `--root`) are specified internally in the operator and are ignored if provided by the user. + Git-config settings can also be specified, although a warning is logged if `safe.directory` is specified as this is defined internally, and should not be defined by the user. +<11> An optional reference to the SecretClass used for holding CA certificates that will be used to verify the git server's TLS certificate by passing it to the git config option `http.sslCAInfo` passed with the gitsync command. + The associated secret must have a key named `ca.crt` whose value is the PEM-encoded certificate bundle. + If this field is set to `webPki: {}` or is omitted altogether, then no changes will be made to the gitsync command and it will default to presenting no certificate to the backend. + Omitting this field is non-breaking behaviour and as such it does *not* set `http.sslverify` to `false` as disabling security checks should be a last resort and not something activated by default. + This can still be achieved explicitly: either by setting `tls: verification: none: {}` or by passing `--git-config: http.sslverify=false` as part of the `gitSyncConf` field. .git-sync usage example: ssh [source,yaml] diff --git a/extra/crds.yaml b/extra/crds.yaml index 288919db..7789bf19 100644 --- a/extra/crds.yaml +++ b/extra/crds.yaml @@ -414,7 +414,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -926,7 +926,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -1048,6 +1048,16 @@ spec: description: This field contains OIDC-specific configuration. It is only required in case OIDC is used. nullable: true properties: + clientAuthenticationMethod: + default: client_secret_basic + description: 'The client authentication method used when communicating with the token endpoint. Defaults to `client_secret_basic`. The required contents of `clientCredentialsSecret` depend on the chosen method: secret-based methods (`client_secret_basic`, `client_secret_post`, `client_secret_jwt`) expect a client secret, while `private_key_jwt` expects a private key.' + enum: + - client_secret_basic + - client_secret_post + - client_secret_jwt + - private_key_jwt + - none + type: string clientCredentialsSecret: description: |- A reference to the OIDC client credentials secret. The secret contains @@ -1213,6 +1223,56 @@ spec: description: 'The git repository URL that will be cloned, for example: `https://github.com/stackabletech/airflow-operator` or `ssh://git@github.com:stackable-airflow/dags.git`.' format: uri type: string + tls: + default: + verification: + server: + caCert: + webPki: {} + description: Configure a TLS connection. If not specified it will default to webPki validation. + nullable: true + properties: + verification: + description: The verification method used to verify the certificates of the server and/or the client. + oneOf: + - required: + - none + - required: + - server + properties: + none: + description: Use TLS but don't verify certificates. + type: object + server: + description: Use TLS and a CA certificate to verify the server. + properties: + caCert: + description: CA cert to verify the server. + oneOf: + - required: + - webPki + - required: + - secretClass + properties: + secretClass: + description: |- + Name of the [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) which will provide the CA certificate. + Note that a SecretClass does not need to have a key but can also work with just a CA certificate, + so if you got provided with a CA cert but don't have access to the key you can still use this method. + type: string + webPki: + description: |- + Use TLS and the CA certificates trusted by the common web browsers to verify the server. + This can be useful when you e.g. use public AWS S3 or other public available services. + type: object + type: object + required: + - caCert + type: object + type: object + required: + - verification + type: object wait: default: 20s description: |- @@ -1679,7 +1739,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -2191,7 +2251,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -2731,7 +2791,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -3222,7 +3282,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -3734,7 +3794,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -4219,7 +4279,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -4731,7 +4791,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -5216,7 +5276,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -5733,7 +5793,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -6293,7 +6353,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -6805,7 +6865,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -6927,6 +6987,16 @@ spec: description: This field contains OIDC-specific configuration. It is only required in case OIDC is used. nullable: true properties: + clientAuthenticationMethod: + default: client_secret_basic + description: 'The client authentication method used when communicating with the token endpoint. Defaults to `client_secret_basic`. The required contents of `clientCredentialsSecret` depend on the chosen method: secret-based methods (`client_secret_basic`, `client_secret_post`, `client_secret_jwt`) expect a client secret, while `private_key_jwt` expects a private key.' + enum: + - client_secret_basic + - client_secret_post + - client_secret_jwt + - private_key_jwt + - none + type: string clientCredentialsSecret: description: |- A reference to the OIDC client credentials secret. The secret contains @@ -7068,6 +7138,56 @@ spec: description: 'The git repository URL that will be cloned, for example: `https://github.com/stackabletech/airflow-operator` or `ssh://git@github.com:stackable-airflow/dags.git`.' format: uri type: string + tls: + default: + verification: + server: + caCert: + webPki: {} + description: Configure a TLS connection. If not specified it will default to webPki validation. + nullable: true + properties: + verification: + description: The verification method used to verify the certificates of the server and/or the client. + oneOf: + - required: + - none + - required: + - server + properties: + none: + description: Use TLS but don't verify certificates. + type: object + server: + description: Use TLS and a CA certificate to verify the server. + properties: + caCert: + description: CA cert to verify the server. + oneOf: + - required: + - webPki + - required: + - secretClass + properties: + secretClass: + description: |- + Name of the [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) which will provide the CA certificate. + Note that a SecretClass does not need to have a key but can also work with just a CA certificate, + so if you got provided with a CA cert but don't have access to the key you can still use this method. + type: string + webPki: + description: |- + Use TLS and the CA certificates trusted by the common web browsers to verify the server. + This can be useful when you e.g. use public AWS S3 or other public available services. + type: object + type: object + required: + - caCert + type: object + type: object + required: + - verification + type: object wait: default: 20s description: |- @@ -7534,7 +7654,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -8046,7 +8166,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -8586,7 +8706,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -9077,7 +9197,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -9589,7 +9709,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -10074,7 +10194,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -10586,7 +10706,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -11071,7 +11191,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object @@ -11588,7 +11708,7 @@ spec: type: object type: object enableVectorAgent: - description: Wether or not to deploy a container with the Vector log agent. + description: Whether or not to deploy a container with the Vector log agent. nullable: true type: boolean type: object diff --git a/rust/operator-binary/src/airflow_controller.rs b/rust/operator-binary/src/airflow_controller.rs index 4930c575..d2f065c6 100644 --- a/rust/operator-binary/src/airflow_controller.rs +++ b/rust/operator-binary/src/airflow_controller.rs @@ -1457,6 +1457,8 @@ fn add_git_sync_resources( .context(AddVolumeSnafu)?; pb.add_volumes(git_sync_resources.git_ssh_volumes.to_owned()) .context(AddVolumeSnafu)?; + pb.add_volumes(git_sync_resources.git_ca_cert_volumes.to_owned()) + .context(AddVolumeSnafu)?; cb.add_volume_mounts(git_sync_resources.git_content_volume_mounts.to_owned()) .context(AddVolumeMountSnafu)?; diff --git a/rust/operator-binary/src/config.rs b/rust/operator-binary/src/config.rs index 7d5382e3..07b7802a 100644 --- a/rust/operator-binary/src/config.rs +++ b/rust/operator-binary/src/config.rs @@ -460,6 +460,8 @@ mod tests { oidc: oidc::v1alpha1::ClientAuthenticationOptions { client_credentials_secret_ref: "test-client-secret1".to_string(), extra_scopes: vec!["roles".to_string()], + client_authentication_method: + oidc::v1alpha1::ClientAuthenticationMethod::ClientSecretBasic, product_specific_fields: (), }, }, @@ -468,6 +470,8 @@ mod tests { oidc: oidc::v1alpha1::ClientAuthenticationOptions { client_credentials_secret_ref: "test-client-secret2".to_string(), extra_scopes: vec![], + client_authentication_method: + oidc::v1alpha1::ClientAuthenticationMethod::ClientSecretBasic, product_specific_fields: (), }, }, diff --git a/rust/operator-binary/src/crd/authentication.rs b/rust/operator-binary/src/crd/authentication.rs index 6f9a6d53..7b02057c 100644 --- a/rust/operator-binary/src/crd/authentication.rs +++ b/rust/operator-binary/src/crd/authentication.rs @@ -472,6 +472,8 @@ mod tests { oidc: oidc::v1alpha1::ClientAuthenticationOptions { client_credentials_secret_ref: "airflow-oidc-client1".into(), extra_scopes: vec!["groups".into()], + client_authentication_method: + oidc::v1alpha1::ClientAuthenticationMethod::ClientSecretBasic, product_specific_fields: () } }, @@ -488,6 +490,8 @@ mod tests { oidc: oidc::v1alpha1::ClientAuthenticationOptions { client_credentials_secret_ref: "airflow-oidc-client2".into(), extra_scopes: Vec::new(), + client_authentication_method: + oidc::v1alpha1::ClientAuthenticationMethod::ClientSecretBasic, product_specific_fields: () } } diff --git a/tests/templates/kuttl/ca-cert/00-patch-ns.yaml.j2 b/tests/templates/kuttl/ca-cert/00-patch-ns.yaml.j2 new file mode 100644 index 00000000..67185acf --- /dev/null +++ b/tests/templates/kuttl/ca-cert/00-patch-ns.yaml.j2 @@ -0,0 +1,9 @@ +{% if test_scenario['values']['openshift'] == 'true' %} +# see https://github.com/stackabletech/issues/issues/566 +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: kubectl patch namespace $NAMESPACE -p '{"metadata":{"labels":{"pod-security.kubernetes.io/enforce":"privileged"}}}' + timeout: 120 +{% endif %} diff --git a/tests/templates/kuttl/ca-cert/00-rbac.yaml.j2 b/tests/templates/kuttl/ca-cert/00-rbac.yaml.j2 new file mode 100644 index 00000000..0b9df7d2 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/00-rbac.yaml.j2 @@ -0,0 +1,38 @@ +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +rules: + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - get + - patch +{% if test_scenario['values']['openshift'] == "true" %} + - apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +{% endif %} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: integration-tests-sa +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +subjects: + - kind: ServiceAccount + name: integration-tests-sa +roleRef: + kind: Role + name: use-integration-tests-scc + apiGroup: rbac.authorization.k8s.io diff --git a/tests/templates/kuttl/ca-cert/03-assert.yaml b/tests/templates/kuttl/ca-cert/03-assert.yaml new file mode 100644 index 00000000..319e927a --- /dev/null +++ b/tests/templates/kuttl/ca-cert/03-assert.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: test-airflow-postgresql +timeout: 480 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: airflow-postgresql +status: + readyReplicas: 1 + replicas: 1 diff --git a/tests/templates/kuttl/ca-cert/03-install-postgresql.yaml b/tests/templates/kuttl/ca-cert/03-install-postgresql.yaml new file mode 100644 index 00000000..dc25ba20 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/03-install-postgresql.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: >- + helm install airflow-postgresql + --namespace $NAMESPACE + --version 16.4.2 + -f helm-bitnami-postgresql-values.yaml + oci://registry-1.docker.io/bitnamicharts/postgresql + timeout: 600 diff --git a/tests/templates/kuttl/ca-cert/05-assert.yaml.j2 b/tests/templates/kuttl/ca-cert/05-assert.yaml.j2 new file mode 100644 index 00000000..50b1d4c3 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/05-assert.yaml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +{% if lookup('env', 'VECTOR_AGGREGATOR') %} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: vector-aggregator-discovery +{% endif %} diff --git a/tests/templates/kuttl/ca-cert/05-install-vector-aggregator-discovery-configmap.yaml.j2 b/tests/templates/kuttl/ca-cert/05-install-vector-aggregator-discovery-configmap.yaml.j2 new file mode 100644 index 00000000..2d6a0df5 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/05-install-vector-aggregator-discovery-configmap.yaml.j2 @@ -0,0 +1,9 @@ +{% if lookup('env', 'VECTOR_AGGREGATOR') %} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: vector-aggregator-discovery +data: + ADDRESS: {{ lookup('env', 'VECTOR_AGGREGATOR') }} +{% endif %} diff --git a/tests/templates/kuttl/ca-cert/15-assert.yaml b/tests/templates/kuttl/ca-cert/15-assert.yaml new file mode 100644 index 00000000..3c2158b4 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/15-assert.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: create-ca-cert +status: + succeeded: 1 diff --git a/tests/templates/kuttl/ca-cert/15-create-ca-cert.yaml b/tests/templates/kuttl/ca-cert/15-create-ca-cert.yaml new file mode 100644 index 00000000..82ddc82c --- /dev/null +++ b/tests/templates/kuttl/ca-cert/15-create-ca-cert.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: | + kubectl apply -n "$NAMESPACE" -f - </dev/null \ + | grep -q "SSL certificate problem: unable to get local issuer certificate" && exit 0 + + exit 1 diff --git a/tests/templates/kuttl/ca-cert/25-install-airflow-wrong-cert.yaml b/tests/templates/kuttl/ca-cert/25-install-airflow-wrong-cert.yaml new file mode 100644 index 00000000..189523aa --- /dev/null +++ b/tests/templates/kuttl/ca-cert/25-install-airflow-wrong-cert.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +timeout: 120 +commands: + - script: | + envsubst < 25_airflow-wrong-cert.yaml | kubectl apply -n $NAMESPACE -f - diff --git a/tests/templates/kuttl/ca-cert/25_airflow-wrong-cert.yaml.j2 b/tests/templates/kuttl/ca-cert/25_airflow-wrong-cert.yaml.j2 new file mode 100644 index 00000000..6e7244ec --- /dev/null +++ b/tests/templates/kuttl/ca-cert/25_airflow-wrong-cert.yaml.j2 @@ -0,0 +1,67 @@ +--- +apiVersion: secrets.stackable.tech/v1alpha1 +kind: SecretClass +metadata: + name: git-wrong-ca-cert +spec: + backend: + k8sSearch: + searchNamespace: + pod: {} +--- +apiVersion: airflow.stackable.tech/v1alpha2 +kind: AirflowCluster +metadata: + name: airflow-wrong-cert +spec: + image: +{% if test_scenario['values']['airflow-latest'].find(",") > 0 %} + custom: "{{ test_scenario['values']['airflow-latest'].split(',')[1] }}" + productVersion: "{{ test_scenario['values']['airflow-latest'].split(',')[0] }}" +{% else %} + productVersion: "{{ test_scenario['values']['airflow-latest'] }}" +{% endif %} + pullPolicy: IfNotPresent + clusterConfig: +{% if lookup('env', 'VECTOR_AGGREGATOR') %} + vectorAggregatorConfigMapName: vector-aggregator-discovery +{% endif %} + credentialsSecret: test-airflow-credentials + dagsGitSync: + - repo: https://git-proxy.$NAMESPACE.svc.cluster.local/stackable-airflow/dags + credentials: + basicAuthSecretName: git-credentials + gitFolder: "mount-dags-gitsync/dags_airflow3" + wait: 5s + tls: + verification: + server: + caCert: + secretClass: git-wrong-ca-cert + webservers: + roleConfig: + listenerClass: external-unstable + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + roleGroups: + default: + replicas: 1 + kubernetesExecutors: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + schedulers: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + roleGroups: + default: + replicas: 1 + dagProcessors: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + roleGroups: + default: + replicas: 1 diff --git a/tests/templates/kuttl/ca-cert/30-assert.yaml.j2 b/tests/templates/kuttl/ca-cert/30-assert.yaml.j2 new file mode 100644 index 00000000..37f7c5b8 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/30-assert.yaml.j2 @@ -0,0 +1,30 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: test-airflow-cluster +timeout: 1200 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: airflow-webserver-default +status: + readyReplicas: 1 + replicas: 1 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: airflow-scheduler-default +status: + readyReplicas: 1 + replicas: 1 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: airflow-dagprocessor-default +status: + readyReplicas: 1 + replicas: 1 diff --git a/tests/templates/kuttl/ca-cert/30-install-airflow-cluster.yaml b/tests/templates/kuttl/ca-cert/30-install-airflow-cluster.yaml new file mode 100644 index 00000000..a14a37fd --- /dev/null +++ b/tests/templates/kuttl/ca-cert/30-install-airflow-cluster.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +metadata: + name: install-airflow +timeout: 480 +commands: + - script: | + kubectl delete airflowcluster airflow-wrong-cert -n $NAMESPACE --wait=false + envsubst < 30_airflow-cluster.yaml | kubectl apply -n $NAMESPACE -f - diff --git a/tests/templates/kuttl/ca-cert/30_airflow-cluster.yaml.j2 b/tests/templates/kuttl/ca-cert/30_airflow-cluster.yaml.j2 new file mode 100644 index 00000000..2e16038b --- /dev/null +++ b/tests/templates/kuttl/ca-cert/30_airflow-cluster.yaml.j2 @@ -0,0 +1,67 @@ +--- +apiVersion: secrets.stackable.tech/v1alpha1 +kind: SecretClass +metadata: + name: git-ca-cert +spec: + backend: + k8sSearch: + searchNamespace: + pod: {} +--- +apiVersion: airflow.stackable.tech/v1alpha2 +kind: AirflowCluster +metadata: + name: airflow +spec: + image: +{% if test_scenario['values']['airflow-latest'].find(",") > 0 %} + custom: "{{ test_scenario['values']['airflow-latest'].split(',')[1] }}" + productVersion: "{{ test_scenario['values']['airflow-latest'].split(',')[0] }}" +{% else %} + productVersion: "{{ test_scenario['values']['airflow-latest'] }}" +{% endif %} + pullPolicy: IfNotPresent + clusterConfig: +{% if lookup('env', 'VECTOR_AGGREGATOR') %} + vectorAggregatorConfigMapName: vector-aggregator-discovery +{% endif %} + credentialsSecret: test-airflow-credentials + dagsGitSync: + - repo: https://git-proxy.$NAMESPACE.svc.cluster.local/stackable-airflow/dags + credentials: + basicAuthSecretName: git-credentials + gitFolder: "mount-dags-gitsync/dags_airflow3" + wait: 5s + tls: + verification: + server: + caCert: + secretClass: git-ca-cert + webservers: + roleConfig: + listenerClass: external-unstable + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + roleGroups: + default: + replicas: 1 + kubernetesExecutors: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + schedulers: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + roleGroups: + default: + replicas: 1 + dagProcessors: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + roleGroups: + default: + replicas: 1 diff --git a/tests/templates/kuttl/ca-cert/31-assert.yaml b/tests/templates/kuttl/ca-cert/31-assert.yaml new file mode 100644 index 00000000..0a11bc12 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/31-assert.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 120 +commands: + - script: | + kubectl logs -n "$NAMESPACE" airflow-dagprocessor-default-0 -c git-sync-0 2>/dev/null \ + | grep -q "updated successfully" && echo "git-sync: repo updated successfully via CA-cert-authenticated proxy" diff --git a/tests/templates/kuttl/ca-cert/40-assert.yaml b/tests/templates/kuttl/ca-cert/40-assert.yaml new file mode 100644 index 00000000..6edaa3c3 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/40-assert.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: test-airflow-python +timeout: 240 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-airflow-python +status: + readyReplicas: 1 + replicas: 1 diff --git a/tests/templates/kuttl/ca-cert/40-install-airflow-python.yaml b/tests/templates/kuttl/ca-cert/40-install-airflow-python.yaml new file mode 100644 index 00000000..c3f865a0 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/40-install-airflow-python.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-airflow-python + labels: + app: test-airflow-python +spec: + replicas: 1 + selector: + matchLabels: + app: test-airflow-python + template: + metadata: + labels: + app: test-airflow-python + spec: + containers: + - name: test-airflow-python + image: oci.stackable.tech/sdp/testing-tools:0.2.0-stackable0.0.0-dev + imagePullPolicy: IfNotPresent + stdin: true + tty: true diff --git a/tests/templates/kuttl/ca-cert/50-assert.yaml.j2 b/tests/templates/kuttl/ca-cert/50-assert.yaml.j2 new file mode 100644 index 00000000..b85052aa --- /dev/null +++ b/tests/templates/kuttl/ca-cert/50-assert.yaml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: test-airflow-webserver-health-check +timeout: 480 +commands: +{% if test_scenario['values']['airflow-latest'].find(",") > 0 %} + - script: kubectl exec -n $NAMESPACE test-airflow-python-0 -- python /tmp/health.py --airflow-version "{{ test_scenario['values']['airflow-latest'].split(',')[0] }}" +{% else %} + - script: kubectl exec -n $NAMESPACE test-airflow-python-0 -- python /tmp/health.py --airflow-version "{{ test_scenario['values']['airflow-latest'] }}" +{% endif %} diff --git a/tests/templates/kuttl/ca-cert/50-health-check.yaml b/tests/templates/kuttl/ca-cert/50-health-check.yaml new file mode 100644 index 00000000..5d3b329f --- /dev/null +++ b/tests/templates/kuttl/ca-cert/50-health-check.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +timeout: 480 +commands: + - script: kubectl cp -n $NAMESPACE ../../../../templates/kuttl/commons/health.py test-airflow-python-0:/tmp + timeout: 240 diff --git a/tests/templates/kuttl/ca-cert/helm-bitnami-postgresql-values.yaml.j2 b/tests/templates/kuttl/ca-cert/helm-bitnami-postgresql-values.yaml.j2 new file mode 100644 index 00000000..80c50924 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/helm-bitnami-postgresql-values.yaml.j2 @@ -0,0 +1,37 @@ +--- +global: + security: + allowInsecureImages: true + +image: + repository: bitnamilegacy/postgresql + +volumePermissions: + enabled: false + image: + repository: bitnamilegacy/os-shell + securityContext: + runAsUser: auto + +metrics: + image: + repository: bitnamilegacy/postgres-exporter + +primary: + podSecurityContext: +{% if test_scenario['values']['openshift'] == 'true' %} + enabled: false +{% else %} + enabled: true +{% endif %} + containerSecurityContext: + enabled: false + +shmVolume: + chmod: + enabled: false + +auth: + username: airflow + password: airflow + database: airflow diff --git a/tests/templates/kuttl/mount-dags-gitsync/30-install-airflow-cluster.yaml.j2 b/tests/templates/kuttl/mount-dags-gitsync/30-install-airflow-cluster.yaml.j2 index 1e3620dd..1ff2110a 100644 --- a/tests/templates/kuttl/mount-dags-gitsync/30-install-airflow-cluster.yaml.j2 +++ b/tests/templates/kuttl/mount-dags-gitsync/30-install-airflow-cluster.yaml.j2 @@ -91,8 +91,6 @@ spec: wait: 5s {% endif %} gitSyncConf: - # supply some config to check that safe.directory is correctly set - --git-config: http.sslVerify:false # N.B. dags definitions changed from 2.x to 3.x: # this test assumes airflow-latest > 2 gitFolder: "mount-dags-gitsync/dags_airflow3" diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index 512e237a..6c7b486c 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -108,6 +108,10 @@ tests: dimensions: - airflow-latest - openshift + - name: ca-cert + dimensions: + - airflow-latest + - openshift suites: - name: nightly # Run nightly with the latest airflow