Skip to content

Commit 803c4c7

Browse files
brettmthompsonbrettmthompson
authored
Add Support for Configuring S3 Storage via Secret Data (#900)
* adding support for configuring s3 storage via secret data and standardizing s3 storage env variable injection Signed-off-by: Brett Thompson <[email protected]> * apply precommit Signed-off-by: Brett Thompson <[email protected]> --------- Signed-off-by: Brett Thompson <[email protected]>
1 parent 68797c8 commit 803c4c7

File tree

6 files changed

+1052
-75
lines changed

6 files changed

+1052
-75
lines changed

pkg/credentials/s3/s3_secret.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ const (
4242
AWSAnonymousCredential = "awsAnonymousCredential"
4343
AWSCABundle = "AWS_CA_BUNDLE"
4444
AWSCABundleConfigMap = "AWS_CA_BUNDLE_CONFIGMAP"
45+
ODHS3Endpoint = "AWS_S3_ENDPOINT" // ODH only
4546
)
4647

4748
type S3Config struct {
@@ -105,7 +106,7 @@ func BuildSecretEnvs(secret *corev1.Secret, s3Config *S3Config) []corev1.EnvVar
105106
},
106107
}
107108

108-
envs = append(envs, BuildS3EnvVars(secret.Annotations, s3Config)...)
109+
envs = append(envs, BuildS3EnvVars(secret.Annotations, &secret.Data, s3Config)...)
109110

110111
return envs
111112
}

pkg/credentials/s3/s3_secret_test.go

Lines changed: 194 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ func TestS3Secret(t *testing.T) {
3030
secret *corev1.Secret
3131
expected []corev1.EnvVar
3232
}{
33-
"S3SecretEnvs": {
33+
"S3SecretAnnotationEnvs": {
3434
secret: &corev1.Secret{
3535
ObjectMeta: metav1.ObjectMeta{
3636
Name: "s3-secret",
@@ -73,7 +73,96 @@ func TestS3Secret(t *testing.T) {
7373
},
7474
},
7575

76-
"S3SecretHttpsOverrideEnvs": {
76+
"S3SecretDataEnvs": {
77+
secret: &corev1.Secret{
78+
ObjectMeta: metav1.ObjectMeta{
79+
Name: "s3-secret",
80+
},
81+
Data: map[string][]byte{
82+
S3Endpoint: []byte("s3.aws.com"),
83+
},
84+
},
85+
expected: []corev1.EnvVar{
86+
{
87+
Name: AWSAccessKeyId,
88+
ValueFrom: &corev1.EnvVarSource{
89+
SecretKeyRef: &corev1.SecretKeySelector{
90+
LocalObjectReference: corev1.LocalObjectReference{
91+
Name: "s3-secret",
92+
},
93+
Key: AWSAccessKeyIdName,
94+
},
95+
},
96+
},
97+
{
98+
Name: AWSSecretAccessKey,
99+
ValueFrom: &corev1.EnvVarSource{
100+
SecretKeyRef: &corev1.SecretKeySelector{
101+
LocalObjectReference: corev1.LocalObjectReference{
102+
Name: "s3-secret",
103+
},
104+
Key: AWSSecretAccessKeyName,
105+
},
106+
},
107+
},
108+
{
109+
Name: S3Endpoint,
110+
Value: "s3.aws.com",
111+
},
112+
{
113+
Name: AWSEndpointUrl,
114+
Value: "https://s3.aws.com",
115+
},
116+
},
117+
},
118+
119+
"S3SecretODHS3EndpointEnvs": {
120+
secret: &corev1.Secret{
121+
ObjectMeta: metav1.ObjectMeta{
122+
Name: "s3-secret",
123+
Annotations: map[string]string{
124+
InferenceServiceS3SecretEndpointAnnotation: "s3.aws.com",
125+
},
126+
},
127+
Data: map[string][]byte{
128+
ODHS3Endpoint: []byte("odh-s3.aws.com"),
129+
},
130+
},
131+
expected: []corev1.EnvVar{
132+
{
133+
Name: AWSAccessKeyId,
134+
ValueFrom: &corev1.EnvVarSource{
135+
SecretKeyRef: &corev1.SecretKeySelector{
136+
LocalObjectReference: corev1.LocalObjectReference{
137+
Name: "s3-secret",
138+
},
139+
Key: AWSAccessKeyIdName,
140+
},
141+
},
142+
},
143+
{
144+
Name: AWSSecretAccessKey,
145+
ValueFrom: &corev1.EnvVarSource{
146+
SecretKeyRef: &corev1.SecretKeySelector{
147+
LocalObjectReference: corev1.LocalObjectReference{
148+
Name: "s3-secret",
149+
},
150+
Key: AWSSecretAccessKeyName,
151+
},
152+
},
153+
},
154+
{
155+
Name: S3Endpoint,
156+
Value: "odh-s3.aws.com",
157+
},
158+
{
159+
Name: AWSEndpointUrl,
160+
Value: "https://odh-s3.aws.com",
161+
},
162+
},
163+
},
164+
165+
"S3SecretAnnotationHttpsOverrideEnvs": {
77166
secret: &corev1.Secret{
78167
ObjectMeta: metav1.ObjectMeta{
79168
Name: "s3-secret",
@@ -127,7 +216,61 @@ func TestS3Secret(t *testing.T) {
127216
},
128217
},
129218

130-
"S3SecretEnvsWithAnonymousCredentials": {
219+
"S3SecretDataHttpsOverrideEnvs": {
220+
secret: &corev1.Secret{
221+
ObjectMeta: metav1.ObjectMeta{
222+
Name: "s3-secret",
223+
},
224+
Data: map[string][]byte{
225+
S3Endpoint: []byte("s3.aws.com"),
226+
S3UseHttps: []byte("0"),
227+
S3VerifySSL: []byte("0"),
228+
},
229+
},
230+
231+
expected: []corev1.EnvVar{
232+
{
233+
Name: AWSAccessKeyId,
234+
ValueFrom: &corev1.EnvVarSource{
235+
SecretKeyRef: &corev1.SecretKeySelector{
236+
LocalObjectReference: corev1.LocalObjectReference{
237+
Name: "s3-secret",
238+
},
239+
Key: AWSAccessKeyIdName,
240+
},
241+
},
242+
},
243+
{
244+
Name: AWSSecretAccessKey,
245+
ValueFrom: &corev1.EnvVarSource{
246+
SecretKeyRef: &corev1.SecretKeySelector{
247+
LocalObjectReference: corev1.LocalObjectReference{
248+
Name: "s3-secret",
249+
},
250+
Key: AWSSecretAccessKeyName,
251+
},
252+
},
253+
},
254+
{
255+
Name: S3UseHttps,
256+
Value: "0",
257+
},
258+
{
259+
Name: S3Endpoint,
260+
Value: "s3.aws.com",
261+
},
262+
{
263+
Name: AWSEndpointUrl,
264+
Value: "http://s3.aws.com",
265+
},
266+
{
267+
Name: S3VerifySSL,
268+
Value: "0",
269+
},
270+
},
271+
},
272+
273+
"S3SecretAnnotationEnvsWithAnonymousCredentials": {
131274
secret: &corev1.Secret{
132275
ObjectMeta: metav1.ObjectMeta{
133276
Name: "s3-secret",
@@ -175,6 +318,54 @@ func TestS3Secret(t *testing.T) {
175318
},
176319
},
177320

321+
"S3SecretDataEnvsWithAnonymousCredentials": {
322+
secret: &corev1.Secret{
323+
ObjectMeta: metav1.ObjectMeta{
324+
Name: "s3-secret",
325+
},
326+
Data: map[string][]byte{
327+
S3Endpoint: []byte("s3.aws.com"),
328+
AWSAnonymousCredential: []byte("true"),
329+
},
330+
},
331+
expected: []corev1.EnvVar{
332+
{
333+
Name: AWSAccessKeyId,
334+
ValueFrom: &corev1.EnvVarSource{
335+
SecretKeyRef: &corev1.SecretKeySelector{
336+
LocalObjectReference: corev1.LocalObjectReference{
337+
Name: "s3-secret",
338+
},
339+
Key: AWSAccessKeyIdName,
340+
},
341+
},
342+
},
343+
{
344+
Name: AWSSecretAccessKey,
345+
ValueFrom: &corev1.EnvVarSource{
346+
SecretKeyRef: &corev1.SecretKeySelector{
347+
LocalObjectReference: corev1.LocalObjectReference{
348+
Name: "s3-secret",
349+
},
350+
Key: AWSSecretAccessKeyName,
351+
},
352+
},
353+
},
354+
{
355+
Name: S3Endpoint,
356+
Value: "s3.aws.com",
357+
},
358+
{
359+
Name: AWSEndpointUrl,
360+
Value: "https://s3.aws.com",
361+
},
362+
{
363+
Name: AWSAnonymousCredential,
364+
Value: "true",
365+
},
366+
},
367+
},
368+
178369
"S3Config": {
179370
config: S3Config{
180371
S3AccessKeyIDName: "test-keyId",

pkg/credentials/s3/s3_service_account.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ Boto: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuratio
2929
func BuildServiceAccountEnvs(serviceAccount *corev1.ServiceAccount, s3Config *S3Config) []corev1.EnvVar {
3030
envs := []corev1.EnvVar{}
3131

32-
envs = append(envs, BuildS3EnvVars(serviceAccount.Annotations, s3Config)...)
32+
envs = append(envs, BuildS3EnvVars(serviceAccount.Annotations, nil, s3Config)...)
3333

3434
return envs
3535
}

0 commit comments

Comments
 (0)