-
-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathmod.rs
More file actions
132 lines (111 loc) · 5.17 KB
/
mod.rs
File metadata and controls
132 lines (111 loc) · 5.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
//! GitSync structure for CRDs
use std::{collections::BTreeMap, path::PathBuf};
use schemars::{self, JsonSchema};
use serde::{Deserialize, Serialize};
use stackable_shared::time::Duration;
use url::Url;
use crate::{
commons::tls_verification::TlsClientDetailsWithSecureDefaults,
crd::git_sync::v1alpha2::Credentials, versioned::versioned,
};
mod v1alpha1_impl;
mod v1alpha2_impl;
#[versioned(version(name = "v1alpha1"), version(name = "v1alpha2"))]
pub mod versioned {
pub mod v1alpha1 {
pub use v1alpha1_impl::{Error, GitSyncResources};
}
pub mod v1alpha2 {
pub use v1alpha2_impl::{Error, GitSyncResources};
}
#[derive(Clone, Debug, Deserialize, JsonSchema, PartialEq, Eq, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct GitSync {
/// The git repository URL that will be cloned, for example: `https://github.com/stackabletech/airflow-operator` or `ssh://git@github.com:stackable-airflow/dags.git`.
pub repo: Url,
/// The branch to clone; defaults to `main`.
///
/// Since git-sync v4.x.x this field is mapped to the flag `--ref`.
#[serde(default = "default_branch")]
pub branch: String,
/// Location in the Git repository containing the resource; defaults to the root folder.
///
/// It can optionally start with `/`, however, no trailing slash is recommended.
/// An empty string (``) or slash (`/`) corresponds to the root folder in Git.
#[serde(default = "default_git_folder")]
pub git_folder: PathBuf,
/// The depth of syncing, i.e. the number of commits to clone; defaults to 1.
#[serde(default = "default_depth")]
pub depth: u32,
/// The synchronization interval, e.g. `20s` or `5m`; defaults to `20s`.
///
/// Since git-sync v4.x.x this field is mapped to the flag `--period`.
#[serde(default = "default_wait")]
pub wait: Duration,
/// A map of optional configuration settings that are listed in the git-sync [documentation].
///
/// Also read the git-sync [example] in our documentation. These settings are not verified.
///
/// [documentation]: https://github.com/kubernetes/git-sync/tree/v4.2.4?tab=readme-ov-file#manual
/// [example]: DOCS_BASE_URL_PLACEHOLDER/airflow/usage-guide/mounting-dags#_example
#[serde(default)]
pub git_sync_conf: BTreeMap<String, String>,
/// An optional secret used for git access.
#[versioned(changed(
since = "v1alpha2",
from_name = "credentials_secret",
from_type = "Option<String>",
upgrade_with = credentials_secret_to_basic_auth,
downgrade_with = credentials_to_secret
))]
pub credentials: Option<Credentials>,
/// An optional field used for referencing CA certificates that will be used to verify the git server's TLS certificate by passing it to the git config option `http.sslCAInfo` passed with the gitsync command. The secret must have a key named `ca.crt` whose value is the PEM-encoded certificate bundle.
/// If `http.sslCAInfo` is also set via `gitSyncConf` (the `--git-config` option) then a warning will be logged.
/// If not specified no TLS will be used, defaulting to github/lab using commonly-recognised certificates.
#[serde(flatten)]
pub tls: TlsClientDetailsWithSecureDefaults,
}
#[derive(strum::Display, Clone, Debug, Deserialize, Eq, JsonSchema, PartialEq, Serialize)]
#[serde(rename_all = "camelCase")]
#[schemars(rename_all = "camelCase")]
pub enum Credentials {
/// The name of the Secret used to access the repository via Basic Authentication if it is not public.
///
/// The referenced Secret must include two fields: `user` and `password`.
/// The `password` field can either be an actual password (not recommended) or a GitHub token,
/// as described in the git-sync [documentation].
///
/// [documentation]: https://github.com/kubernetes/git-sync/tree/v4.2.4?tab=readme-ov-file#manual
BasicAuthSecretName(String),
/// The name of the Secret used for SSH access to the repository.
///
/// The referenced Secret must include two fields: `key` and `knownHosts`.
///
/// [documentation]: https://github.com/kubernetes/git-sync/tree/v4.2.4?tab=readme-ov-file#manual
SshPrivateKeySecretName(String),
}
}
pub(crate) fn default_branch() -> String {
"main".to_string()
}
pub(crate) fn default_git_folder() -> PathBuf {
PathBuf::from("/")
}
pub(crate) fn default_depth() -> u32 {
1
}
pub(crate) fn default_wait() -> Duration {
Duration::from_secs(20)
}
pub fn credentials_to_secret(input: Option<Credentials>) -> Option<String> {
if let Some(Credentials::BasicAuthSecretName(credentials_secret)) = input {
Some(credentials_secret)
} else {
// We cannot downgrade SshPrivateKeySecretName as it does not map onto
// anything in v1alpha1
None
}
}
pub fn credentials_secret_to_basic_auth(input: Option<String>) -> Option<Credentials> {
input.map(Credentials::BasicAuthSecretName)
}