thelabdude commented on a change in pull request #221:
URL:
https://github.com/apache/lucene-solr-operator/pull/221#discussion_r582306677
##########
File path: controllers/solrcloud_controller.go
##########
@@ -256,6 +259,74 @@ func (r *SolrCloudReconciler) Reconcile(req ctrl.Request)
(ctrl.Result, error) {
}
}
+ basicAuthHeader := ""
+ if instance.Spec.SolrSecurity != nil {
+ sec := instance.Spec.SolrSecurity
+
+ if sec.AuthenticationType != solr.Basic {
+ return requeueOrNot, fmt.Errorf("%s not supported! Only
'Basic' authentication is supported by the Solr operator.",
+ instance.Spec.SolrSecurity.AuthenticationType)
+ }
+
+ ctx := context.TODO()
+ basicAuthSecret := &corev1.Secret{}
+
+ // user has the option of providing a secret with credentials
the operator should use to make requests to Solr
+ if sec.BasicAuthSecret != "" {
+ if err := r.Get(ctx, types.NamespacedName{Name:
sec.BasicAuthSecret, Namespace: instance.Namespace}, basicAuthSecret); err !=
nil {
+ return requeueOrNot, err
+ }
+
+ err = util.ValidateBasicAuthSecret(basicAuthSecret)
+ if err != nil {
+ return requeueOrNot, err
+ }
+
+ } else {
+ // We're supplying a secret with random passwords and a
default security.json
+ // since we randomly generate the passwords, we need to
lookup the secret first and only create if not exist
+ err = r.Get(ctx, types.NamespacedName{Name:
instance.BasicAuthSecretName(), Namespace: instance.Namespace}, basicAuthSecret)
+ if err != nil && errors.IsNotFound(err) {
+ authSecret, bootstrapSecret :=
util.GenerateBasicAuthSecretWithBootstrap(instance)
+ if err :=
controllerutil.SetControllerReference(instance, authSecret, r.scheme); err !=
nil {
+ return requeueOrNot, err
+ }
+ if err :=
controllerutil.SetControllerReference(instance, bootstrapSecret, r.scheme); err
!= nil {
+ return requeueOrNot, err
+ }
+ err = r.Create(ctx, authSecret)
+ if err != nil {
+ return requeueOrNot, err
+ }
+ err = r.Create(ctx, bootstrapSecret)
+ if err == nil {
+ // supply the bootstrap security.json
to the initContainer via a simple BASE64 encoding env var
+
reconcileConfigInfo[util.SecurityJsonFile] =
string(bootstrapSecret.Data[util.SecurityJsonFile])
+ }
+
+ basicAuthSecret = authSecret
+ }
+ if err != nil {
+ return requeueOrNot, err
+ }
+
+ if reconcileConfigInfo[util.SecurityJsonFile] == "" {
Review comment:
ok good idea, let me test that ... I think it would still trigger a full
rolling restart of the STS (b/c the initContainer def changes) but you're right
we should fail if they want to delete it
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
