Add generic objectbucket implementation

class/defaults.yml

@@ -76,6 +76,10 @@ parameters:
         registry: ghcr.io
         repository: vshn/provider-sql
         tag: v0.11.0-vshn
+      provider-s3:
+        registry: ghcr.io
+        repository: vshn/provider-s3
+        tag: init
       sloth:
         registry: ghcr.io
         image: slok/sloth
@@ -87,7 +91,7 @@ parameters:
       appcat:
         registry: ghcr.io
         repository: vshn/appcat
-        tag: v4.185.0
+        tag: add/new_s3_implementation
       functionAppcat:
         registry: ${appcat:images:appcat:registry}
         repository: ${appcat:images:appcat:repository}
@@ -660,7 +664,17 @@ parameters:
           package: ${appcat:images:provider-sql:registry}/${appcat:images:provider-sql:repository}:${appcat:images:provider-sql:tag}
         runtimeConfig:
           serviceAccountName: provider-sql
-        providerConfigRefs: []
+        providerConfigs: []
+
+      s3:
+        enabled: false
+        apiVersion: s3.crossplane.io/v1
+        connectionSecretNamespace: syn-provider-s3-secrets
+        namespace: ${appcat:crossplane:namespace}
+        spec:
+          package: ${appcat:images:provider-s3:registry}/${appcat:images:provider-s3:repository}:${appcat:images:provider-s3:tag}
+        runtimeConfig:
+          serviceAccountName: provider-s3
         additionalProviderConfigs: []
 
     services:
@@ -1370,6 +1384,13 @@ parameters:
               grpcEndpoint: ${appcat:grpcEndpoint}
               proxyFunction: ${appcat:proxyFunction}
               providerConfig: minio
+            generic:
+              enabled: false
+              secretNamespace: ${appcat:services:generic:objectstorage:secretNamespace}
+              providerSecretNamespace: ${appcat:providers:s3:connectionSecretNamespace}
+              grpcEndpoint: ${appcat:grpcEndpoint}
+              proxyFunction: ${appcat:proxyFunction}
+              providerConfigs: []
             garage:
               enabled: false
               secretNamespace: ${appcat:services:generic:objectstorage:secretNamespace}

component/common.libsonnet

@@ -20,7 +20,7 @@ local strCloudscaleZones = std.join(', ', cloudscaleZones);
 local vars = import 'config/vars.jsonnet';
 
 local vshnServiceID(name) = 'vshn-' + std.asciiLower(name);
-local objectBucketServiceID(name) = std.asciiLower(std.rstripChars(name, '.ch')) + '-objectbucket';
+local objectBucketServiceID(name) = if std.endsWith(name, '.ch') then std.asciiLower(std.rstripChars(name, '.ch')) + '-objectbucket' else std.asciiLower(name) + '-objectbucket';
 
 local syncOptions = {
   metadata+: {

component/objectstorage.jsonnet

@@ -241,6 +241,52 @@ local garageComp(name, namespace, spec) =
     },
   };
 
+local compositionGeneric(provider, compParams) =
+  kube._Object('apiextensions.crossplane.io/v1', 'Composition', provider + '.objectbuckets.appcat.vshn.io') +
+  common.SyncOptions +
+  common.VshnMetaObjectStorage(provider) +
+  {
+    spec: {
+      compositeTypeRef: comp.CompositeRef(xrd),
+      writeConnectionSecretsToNamespace: compParams.secretNamespace,
+      mode: 'Pipeline',
+      pipeline:
+        [
+          {
+            step: provider + 'bucket-func',
+            functionRef: {
+              name: common.GetCurrentFunctionName(),
+            },
+            input: kube.ConfigMap('xfn-config') + {
+              metadata: {
+                labels: {
+                  name: 'xfn-config',
+                },
+                name: 'xfn-config',
+              },
+              data: {
+                      providerConfig: provider,
+                      serviceName: 'genericbucket',
+                      serviceID: provider + '-objectbucket',
+                      providerSecretNamespace: compParams.providerSecretNamespace,
+                      crossplaneNamespace: params.crossplane.namespace,
+                    } + (if compParams.proxyFunction then {
+                           proxyEndpoint: compParams.grpcEndpoint,
+                         } else {})
+                    + common.GetOwnerLabels(xrd),
+            },
+          },
+        ],
+    },
+  };
+
+local loopCompositionGeneric() =
+  local params = objStoParams.compositions.generic;
+  [
+    compositionGeneric(config, params)
+    for config in params.providerConfigs
+  ];
+
 local compositionGarage =
   local comp = objStoParams.compositions.garage;
   [
@@ -255,4 +301,5 @@ if objStoParams.enabled && vars.isSingleOrControlPlaneCluster then {
   [if objStoParams.compositions.exoscale.enabled then '21_composition_objectstorage_exoscale']: compositionExoscale,
   [if objStoParams.compositions.minio.enabled then '21_composition_objectstorage_minio']: compositionMinio,
   [if objStoParams.compositions.garage.enabled then '21_composition_objectstorage_garage']: compositionGarage,
+  [if objStoParams.compositions.generic.enabled then '21_composition_objectstorage_generic']: loopCompositionGeneric(),
 } else {}

component/provider.jsonnet

@@ -334,6 +334,15 @@ local providerRBAC = {
       },
     ],
   },
+  s3: {
+    rules: [
+      {
+        apiGroups: [ 's3.crossplane.io' ],
+        resources: [ '*' ],
+        verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ],
+      },
+    ],
+  },
 };
 
 local additionalProviderConfigs(provider) =
@@ -367,6 +376,35 @@ local generateProviderConfigs(provider) =
     {}
   );
 
+local s3Credentials(provider) =
+  local genSecret(config, provider) = kube.Secret(config.name) {
+    metadata+: {
+      namespace: provider.namespace,
+    },
+    stringData: config.credentials,
+  };
+
+  local genProviderConfig(config, provider) = crossplane.ProviderConfig(config.name) {
+    apiVersion: provider.apiVersion,
+    spec+: {
+      credentials+: {
+        apiSecretRef: {
+          name: config.name,
+          namespace: provider.namespace,
+        },
+        source: 'InjectedIdentity',
+      },
+    },
+  };
+
+  [
+    genProviderConfig(config, provider)
+    for config in provider.providerConfigs
+  ] + [
+    genSecret(config, provider)
+    for config in provider.providerConfigs
+  ];
+
 local provider(name, provider) =
   local sa = kube.ServiceAccount(provider.runtimeConfig.serviceAccountName) {
     metadata+: {
@@ -465,7 +503,7 @@ local provider(name, provider) =
           if vars.isSingleOrControlPlaneCluster && std.objectHas(provider, 'additionalProviderConfigs') && std.length(provider.additionalProviderConfigs) > 0 then additionalProviderConfigs(provider),
           if vars.isSingleOrControlPlaneCluster && std.length(params.clusterManagementSystem.serviceClusterKubeconfigs) > 0 && (name == 'kubernetes' || name == 'helm') then generateProviderConfigs(provider),
         ]
-      ),
+      ) + (if name == 's3' then s3Credentials(provider) else []),
   };
 
 std.foldl(function(objOut, newObj) objOut + provider(newObj.name, newObj.value), std.filter(function(r) std.type(r.value) == 'object' && std.objectHas(r.value, 'enabled') && r.value.enabled, common.KeysAndValues(params.providers)), {})

docs/modules/ROOT/pages/references/service-objectstorage.adoc

@@ -78,3 +78,24 @@ Either by enabling it in `appcat.providers` or separately from this component.
 
 You can also have a look at the xref:tutorials/install-cloudscale.adoc[tutorial for installing the Cloudscale stack.]
 ====
+
+== `compositions.generic`
+[horizontal]
+type:: dict
+
+Configuration of the generic composition for objecstorage.
+
+You have to option to enable or disable it through the `enabled` parameter and can set the `secretNamespace`,  `providerSecretNamespace`, which configures where the provider will store connection secrets for managed resources, and `bucketDeletionPolicy`
+
+The composition is enabled by default.
+The parameter `secretNamespace`,  `providerSecretNamespace`, and `bucketDeletionPolicy` will default to the top level configuration.
+
+`providerConfigs` is a list of providerconfig names as specified under `appcat.providers.s3.providerConfigs`.
+
+[IMPORTANT]
+====
+If you enable the generic composition, make sure that the provider s3 is deployed.
+Either by enabling it in `appcat.providers` or separately from this component.
+
+You can also have a look at the xref:tutorials/install-cloudscale.adoc[tutorial for installing the Cloudscale stack.]
+====

tests/dev.yml

@@ -104,6 +104,15 @@ parameters:
       postgres:
         enabled: true
     providers:
+      s3:
+        enabled: false
+        providerConfigs:
+          - name: switch
+            endpoint: https://zhw-a.s3.cloud.switch.ch
+            credentials:
+              AWS_SECRET_ACCESS_KEY: minioadmin
+              AWS_ACCESS_KEY_ID: minioadmin
+
       exoscale:
         enabled: false
       cloudscale:
@@ -268,6 +277,10 @@ parameters:
               enabled: false
             minio:
               enabled: false
+            generic:
+              enabled: false
+              providerConfigs:
+                - switch
             garage:
               enabled: true
               instances:

tests/golden/control-plane/appcat/appcat/10_function_appcat.yaml

@@ -4,9 +4,9 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
     argocd.argoproj.io/sync-wave: '-40'
-  name: function-appcat-master-v4-185-0
+  name: function-appcat-master-add-new-s3-implementation
 spec:
-  package: ghcr.io/vshn/appcat:v4.185.0-func
+  package: ghcr.io/vshn/appcat:add_new_s3_implementation-func
   packagePullPolicy: IfNotPresent
   runtimeConfigRef:
     name: function-appcat
@@ -18,7 +18,7 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
     argocd.argoproj.io/sync-wave: '-40'
-  name: function-appcat-v3-68-2-v4-182-1
+  name: function-appcat-v3-68-3-v4-182-1
 spec:
   package: ghcr.io/vshn/appcat:v4.182.1-func
   packagePullPolicy: IfNotPresent
@@ -32,9 +32,9 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
     argocd.argoproj.io/sync-wave: '-40'
-  name: function-appcat-v3-68-3-v4-182-1
+  name: function-appcat-v3-69-0-v4-183-0
 spec:
-  package: ghcr.io/vshn/appcat:v4.182.1-func
+  package: ghcr.io/vshn/appcat:v4.183.0-func
   packagePullPolicy: IfNotPresent
   runtimeConfigRef:
     name: function-appcat
@@ -46,9 +46,9 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
     argocd.argoproj.io/sync-wave: '-40'
-  name: function-appcat-v3-69-0-v4-183-0
+  name: function-appcat-v3-70-0-v4-184-0
 spec:
-  package: ghcr.io/vshn/appcat:v4.183.0-func
+  package: ghcr.io/vshn/appcat:v4.184.0-func
   packagePullPolicy: IfNotPresent
   runtimeConfigRef:
     name: function-appcat
@@ -60,9 +60,9 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
     argocd.argoproj.io/sync-wave: '-40'
-  name: function-appcat-v3-70-0-v4-184-0
+  name: function-appcat-v3-70-1-v4-184-1
 spec:
-  package: ghcr.io/vshn/appcat:v4.184.0-func
+  package: ghcr.io/vshn/appcat:v4.184.1-func
   packagePullPolicy: IfNotPresent
   runtimeConfigRef:
     name: function-appcat
@@ -74,9 +74,9 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
     argocd.argoproj.io/sync-wave: '-40'
-  name: function-appcat-v3-70-1-v4-184-1
+  name: function-appcat-v3-71-0-v4-185-0
 spec:
-  package: ghcr.io/vshn/appcat:v4.184.1-func
+  package: ghcr.io/vshn/appcat:v4.185.0-func
   packagePullPolicy: IfNotPresent
   runtimeConfigRef:
     name: function-appcat

tests/golden/control-plane/appcat/appcat/21_composition_objectstorage_minio.yaml

@@ -21,7 +21,7 @@ spec:
   mode: Pipeline
   pipeline:
     - functionRef:
-        name: function-appcat-master-v4-185-0
+        name: function-appcat-master-add-new-s3-implementation
       input:
         apiVersion: v1
         data:

tests/golden/control-plane/appcat/appcat/21_composition_vshn_codey.yaml

@@ -13,7 +13,7 @@ metadata:
     metadata.appcat.vshn.io/zone: rma1
   labels:
     metadata.appcat.vshn.io/offered: 'true'
-    metadata.appcat.vshn.io/revision: master-v4.185.0
+    metadata.appcat.vshn.io/revision: master-add_new_s3_implementation
     metadata.appcat.vshn.io/serviceID: vshn-codey
     name: codey.io
   name: codey.io

tests/golden/control-plane/appcat/appcat/21_composition_vshn_forgejo.yaml

@@ -13,7 +13,7 @@ metadata:
     metadata.appcat.vshn.io/zone: rma1
   labels:
     metadata.appcat.vshn.io/offered: 'true'
-    metadata.appcat.vshn.io/revision: master-v4.185.0
+    metadata.appcat.vshn.io/revision: master-add_new_s3_implementation
     metadata.appcat.vshn.io/serviceID: vshn-forgejo
     name: vshnforgejo.vshn.appcat.vshn.io
   name: vshnforgejo.vshn.appcat.vshn.io
@@ -24,7 +24,7 @@ spec:
   mode: Pipeline
   pipeline:
     - functionRef:
-        name: function-appcat-master-v4-185-0
+        name: function-appcat-master-add-new-s3-implementation
       input:
         apiVersion: v1
         data:
@@ -47,7 +47,7 @@ spec:
           emailAlertingSmtpUsername: appcat@appuio.cloud
           ignoreNamespaceForBilling: vshn-test
           imageRegistry: code.forgejo.org
-          imageTag: v4.185.0
+          imageTag: add_new_s3_implementation
           ingress_annotations: |
             cert-manager.io/cluster-issuer: letsencrypt-production
           isOpenshift: 'false'

tests/golden/control-plane/appcat/appcat/21_composition_vshn_garage.yaml

@@ -13,7 +13,7 @@ metadata:
     metadata.appcat.vshn.io/zone: rma1
   labels:
     metadata.appcat.vshn.io/offered: 'true'
-    metadata.appcat.vshn.io/revision: master-v4.185.0
+    metadata.appcat.vshn.io/revision: master-add_new_s3_implementation
     metadata.appcat.vshn.io/serviceID: vshn-garage
     name: vshngarage.vshn.appcat.vshn.io
   name: vshngarage.vshn.appcat.vshn.io
@@ -24,7 +24,7 @@ spec:
   mode: Pipeline
   pipeline:
     - functionRef:
-        name: function-appcat-master-v4-185-0
+        name: function-appcat-master-add-new-s3-implementation
       input:
         apiVersion: v1
         data:
@@ -46,7 +46,7 @@ spec:
           emailAlertingSmtpUsername: appcat@appuio.cloud
           ignoreNamespaceForBilling: vshn-test
           imageRegistry: ''
-          imageTag: v4.185.0
+          imageTag: add_new_s3_implementation
           isOpenshift: 'false'
           maintenanceSA: helm-based-service-maintenance
           maintenanceURL: ''