diff --git a/acceptance/go.mod b/acceptance/go.mod index e4d3f13c1..d8ee8ee60 100644 --- a/acceptance/go.mod +++ b/acceptance/go.mod @@ -26,8 +26,8 @@ require ( buf.build/gen/go/grpc-ecosystem/grpc-gateway/protocolbuffers/go v1.36.6-20221127060915-a1ecdc58eccd.1 // indirect buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3de895655308.1 // indirect buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1 // indirect - buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2 // indirect - buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1 // indirect + buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2 // indirect + buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1 // indirect cel.dev/expr v0.24.0 // indirect cloud.google.com/go/auth v0.16.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect diff --git a/acceptance/go.sum b/acceptance/go.sum index 515f1279d..ae03ca83a 100644 --- a/acceptance/go.sum +++ b/acceptance/go.sum @@ -8,10 +8,10 @@ buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3d buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3de895655308.1/go.mod h1:RUUH9gPqxuRHYeNMFjrU5hboN4lPAz2kNeOi81gjQcI= buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1 h1:H1OQRoy/xuIh3vvAv9Gb59p/ZsrTTQyYxPyMSOQaVlc= buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1/go.mod h1:yA5Jg45dsAoOvAx1XHbDwwcWkkYW568MUeKJsa9bgrY= -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2 h1:mvC5Q7Fz56di8es2aftS5/WskFyNs2gBC9kO6LyHxQo= -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2/go.mod h1:8RVo+ufXGClw5quRMTfAj0N3mTB2lKk+CJzlYc7QO0o= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1 h1:faNTh8GShHh+aoonkwH9fISnvHxcbuPflygpqdWXu9w= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2 h1:jCG4Odp8EuikMWru6WwVylzjrSfJImAfrNeImtfp6rs= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2/go.mod h1:YY+peV2t5WRrsN5JCawfDfdePKQVNhaO+0l/9Tsi+oY= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1 h1:qbwdlxQSRcBFlq8Kcl532kcMuR+64TuvnhLC49FxzJE= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= buf.build/gen/go/redpandadata/dataplane/connectrpc/go v1.18.1-20250404200318-65f29ddd7b29.1 h1:iIj2C/0IDTFR0JtIgKfFHRtkCIb7YqQEdNylVab2pz0= buf.build/gen/go/redpandadata/dataplane/connectrpc/go v1.18.1-20250404200318-65f29ddd7b29.1/go.mod h1:72CA7I2EBjkbygOtYfvNpyLwD14RqoMa9vL9SGlWkIk= buf.build/gen/go/redpandadata/dataplane/protocolbuffers/go v1.36.5-20250404200318-65f29ddd7b29.1 h1:/i5xh4Kk3Vvbvcqyunu9NOdxIU7Mu5EuiYzczjckbgE= diff --git a/acceptance/main_test.go b/acceptance/main_test.go index 40ecb5d6f..ea0e8f902 100644 --- a/acceptance/main_test.go +++ b/acceptance/main_test.go @@ -48,7 +48,7 @@ func getSuite(t *testing.T) *framework.Suite { var setupSuite = sync.OnceValues(func() (*framework.Suite, error) { // For now we need to use nightly images so that we can use shadow links steps.DefaultRedpandaRepo = "redpandadata/redpanda-nightly" - steps.DefaultRedpandaTag = "v0.0.0-20251023git2fede32" + steps.DefaultRedpandaTag = "v0.0.0-20251103git2470d86" return framework.SuiteBuilderFromFlags(). Strict(). diff --git a/charts/console/go.mod b/charts/console/go.mod index b1efcff59..62597c142 100644 --- a/charts/console/go.mod +++ b/charts/console/go.mod @@ -21,8 +21,8 @@ require ( ) require ( - buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2 // indirect - buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1 // indirect + buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2 // indirect + buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1 // indirect connectrpc.com/connect v1.19.1 // indirect dario.cat/mergo v1.0.2 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect diff --git a/charts/console/go.sum b/charts/console/go.sum index 53741bc8f..4a3100b76 100644 --- a/charts/console/go.sum +++ b/charts/console/go.sum @@ -1,7 +1,7 @@ -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2 h1:mvC5Q7Fz56di8es2aftS5/WskFyNs2gBC9kO6LyHxQo= -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2/go.mod h1:8RVo+ufXGClw5quRMTfAj0N3mTB2lKk+CJzlYc7QO0o= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1 h1:faNTh8GShHh+aoonkwH9fISnvHxcbuPflygpqdWXu9w= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2 h1:jCG4Odp8EuikMWru6WwVylzjrSfJImAfrNeImtfp6rs= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2/go.mod h1:YY+peV2t5WRrsN5JCawfDfdePKQVNhaO+0l/9Tsi+oY= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1 h1:qbwdlxQSRcBFlq8Kcl532kcMuR+64TuvnhLC49FxzJE= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14= connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w= dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= diff --git a/charts/redpanda/go.mod b/charts/redpanda/go.mod index 787a8527b..39fbd3700 100644 --- a/charts/redpanda/go.mod +++ b/charts/redpanda/go.mod @@ -37,8 +37,8 @@ require ( buf.build/gen/go/grpc-ecosystem/grpc-gateway/protocolbuffers/go v1.36.6-20221127060915-a1ecdc58eccd.1 // indirect buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3de895655308.1 // indirect buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1 // indirect - buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2 // indirect - buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1 // indirect + buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2 // indirect + buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1 // indirect cel.dev/expr v0.24.0 // indirect cloud.google.com/go/auth v0.16.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect diff --git a/charts/redpanda/go.sum b/charts/redpanda/go.sum index 3292998c5..1e8298875 100644 --- a/charts/redpanda/go.sum +++ b/charts/redpanda/go.sum @@ -6,10 +6,10 @@ buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3d buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3de895655308.1/go.mod h1:RUUH9gPqxuRHYeNMFjrU5hboN4lPAz2kNeOi81gjQcI= buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1 h1:H1OQRoy/xuIh3vvAv9Gb59p/ZsrTTQyYxPyMSOQaVlc= buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1/go.mod h1:yA5Jg45dsAoOvAx1XHbDwwcWkkYW568MUeKJsa9bgrY= -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2 h1:mvC5Q7Fz56di8es2aftS5/WskFyNs2gBC9kO6LyHxQo= -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2/go.mod h1:8RVo+ufXGClw5quRMTfAj0N3mTB2lKk+CJzlYc7QO0o= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1 h1:faNTh8GShHh+aoonkwH9fISnvHxcbuPflygpqdWXu9w= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2 h1:jCG4Odp8EuikMWru6WwVylzjrSfJImAfrNeImtfp6rs= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2/go.mod h1:YY+peV2t5WRrsN5JCawfDfdePKQVNhaO+0l/9Tsi+oY= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1 h1:qbwdlxQSRcBFlq8Kcl532kcMuR+64TuvnhLC49FxzJE= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY= cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= cloud.google.com/go v0.121.1 h1:S3kTQSydxmu1JfLRLpKtxRPA7rSrYPRPEUmL/PavVUw= diff --git a/gen/go.mod b/gen/go.mod index 2d60762a1..9b83cee8a 100644 --- a/gen/go.mod +++ b/gen/go.mod @@ -36,8 +36,8 @@ require ( buf.build/gen/go/grpc-ecosystem/grpc-gateway/protocolbuffers/go v1.36.6-20221127060915-a1ecdc58eccd.1 // indirect buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3de895655308.1 // indirect buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1 // indirect - buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2 // indirect - buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1 // indirect + buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2 // indirect + buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1 // indirect cel.dev/expr v0.24.0 // indirect cloud.google.com/go/auth v0.16.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect diff --git a/gen/go.sum b/gen/go.sum index ce39c41e9..e5c95b84e 100644 --- a/gen/go.sum +++ b/gen/go.sum @@ -8,10 +8,10 @@ buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3d buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3de895655308.1/go.mod h1:RUUH9gPqxuRHYeNMFjrU5hboN4lPAz2kNeOi81gjQcI= buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1 h1:H1OQRoy/xuIh3vvAv9Gb59p/ZsrTTQyYxPyMSOQaVlc= buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1/go.mod h1:yA5Jg45dsAoOvAx1XHbDwwcWkkYW568MUeKJsa9bgrY= -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2 h1:mvC5Q7Fz56di8es2aftS5/WskFyNs2gBC9kO6LyHxQo= -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2/go.mod h1:8RVo+ufXGClw5quRMTfAj0N3mTB2lKk+CJzlYc7QO0o= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1 h1:faNTh8GShHh+aoonkwH9fISnvHxcbuPflygpqdWXu9w= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2 h1:jCG4Odp8EuikMWru6WwVylzjrSfJImAfrNeImtfp6rs= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2/go.mod h1:YY+peV2t5WRrsN5JCawfDfdePKQVNhaO+0l/9Tsi+oY= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1 h1:qbwdlxQSRcBFlq8Kcl532kcMuR+64TuvnhLC49FxzJE= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= buf.build/gen/go/redpandadata/dataplane/connectrpc/go v1.18.1-20250404200318-65f29ddd7b29.1 h1:iIj2C/0IDTFR0JtIgKfFHRtkCIb7YqQEdNylVab2pz0= buf.build/gen/go/redpandadata/dataplane/connectrpc/go v1.18.1-20250404200318-65f29ddd7b29.1/go.mod h1:72CA7I2EBjkbygOtYfvNpyLwD14RqoMa9vL9SGlWkIk= buf.build/gen/go/redpandadata/dataplane/protocolbuffers/go v1.36.5-20250404200318-65f29ddd7b29.1 h1:/i5xh4Kk3Vvbvcqyunu9NOdxIU7Mu5EuiYzczjckbgE= diff --git a/go.work.sum b/go.work.sum index 54012cdff..3881178b4 100644 --- a/go.work.sum +++ b/go.work.sum @@ -23,10 +23,10 @@ buf.build/gen/go/redpandadata/common/connectrpc/go v1.16.2-20240508150812-e0d0fb buf.build/gen/go/redpandadata/common/connectrpc/go v1.18.1-20240917150400-3f349e63f44a.1 h1:EPRfGAJDTnM3J3MPGMPEs+HBezpiE/8lTWB3kdlQTGI= buf.build/gen/go/redpandadata/common/connectrpc/go v1.18.1-20240917150400-3f349e63f44a.1/go.mod h1:ZNgPT3k1W0p+EkMibCzOqoHOhNDi1ym6RH7/kGEHeKE= buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.34.2-20240715174743-9c0afe867874.2/go.mod h1:wThyg02xJx4K/DA5fg0QlKts8XVPyTT86JC8hPfEzno= -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2 h1:mvC5Q7Fz56di8es2aftS5/WskFyNs2gBC9kO6LyHxQo= -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2/go.mod h1:8RVo+ufXGClw5quRMTfAj0N3mTB2lKk+CJzlYc7QO0o= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1 h1:faNTh8GShHh+aoonkwH9fISnvHxcbuPflygpqdWXu9w= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2 h1:jCG4Odp8EuikMWru6WwVylzjrSfJImAfrNeImtfp6rs= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2/go.mod h1:YY+peV2t5WRrsN5JCawfDfdePKQVNhaO+0l/9Tsi+oY= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1 h1:qbwdlxQSRcBFlq8Kcl532kcMuR+64TuvnhLC49FxzJE= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= buf.build/gen/go/redpandadata/dataplane/connectrpc/go v1.16.2-20240620104934-3415ce922cfb.1/go.mod h1:R0DNyd3sxZqaTQrcjSgGaJqHndFCf3kKHBbXgKYzKDY= buf.build/gen/go/redpandadata/dataplane/protocolbuffers/go v1.34.2-20240620104934-3415ce922cfb.2/go.mod h1:AcLjVYZHtwlZvBrjuqyjtZtHv9BbDaHD6C92lO/gJFI= buf.build/gen/go/redpandadata/dataplane/protocolbuffers/go v1.36.2-20250404200318-65f29ddd7b29.1/go.mod h1:zTNjffbkXs9K5/sbSlagide7l0hSTs+Oa1j39yENO8M= @@ -589,8 +589,6 @@ cloud.google.com/go/workflows v1.14.0 h1:v833xTriIU1xdPpGIBO+d3EHmbZPU+8dD8n/ueo cloud.google.com/go/workflows v1.14.0/go.mod h1:kjar2tf4qQu7VoCTFX+L3yy+2dIFTWr6R4i52DN6ySk= cloud.google.com/go/workflows v1.14.2/go.mod h1:5nqKjMD+MsJs41sJhdVrETgvD5cOK3hUcAs8ygqYvXQ= connectrpc.com/connect v1.16.2/go.mod h1:n2kgwskMHXC+lVqb18wngEpF95ldBHXjZYJussz5FRc= -connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14= -connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w= connectrpc.com/grpcreflect v1.2.0 h1:Q6og1S7HinmtbEuBvARLNwYmTbhEGRpHDhqrPNlmK+U= connectrpc.com/grpcreflect v1.2.0/go.mod h1:nwSOKmE8nU5u/CidgHtPYk1PFI3U9ignz7iDMxOYkSY= connectrpc.com/grpcreflect v1.3.0/go.mod h1:nfloOtCS8VUQOQ1+GTdFzVg2CJo4ZGaat8JIovCtDYs= diff --git a/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinkconsumeroffsetsyncoptions.go b/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinkconsumeroffsetsyncoptions.go index 70dae4a9b..ad5734936 100644 --- a/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinkconsumeroffsetsyncoptions.go +++ b/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinkconsumeroffsetsyncoptions.go @@ -19,7 +19,7 @@ import ( // with apply. type ShadowLinkConsumerOffsetSyncOptionsApplyConfiguration struct { Interval *v1.Duration `json:"interval,omitempty"` - Enabled *bool `json:"enabled,omitempty"` + Paused *bool `json:"paused,omitempty"` GroupFilters []NameFilterApplyConfiguration `json:"groupFilters,omitempty"` } @@ -37,11 +37,11 @@ func (b *ShadowLinkConsumerOffsetSyncOptionsApplyConfiguration) WithInterval(val return b } -// WithEnabled sets the Enabled field in the declarative configuration to the given value +// WithPaused sets the Paused field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Enabled field is set to the value of the last call. -func (b *ShadowLinkConsumerOffsetSyncOptionsApplyConfiguration) WithEnabled(value bool) *ShadowLinkConsumerOffsetSyncOptionsApplyConfiguration { - b.Enabled = &value +// If called multiple times, the Paused field is set to the value of the last call. +func (b *ShadowLinkConsumerOffsetSyncOptionsApplyConfiguration) WithPaused(value bool) *ShadowLinkConsumerOffsetSyncOptionsApplyConfiguration { + b.Paused = &value return b } diff --git a/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinkschemaregistrysyncoptions.go b/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinkschemaregistrysyncoptions.go new file mode 100644 index 000000000..495603569 --- /dev/null +++ b/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinkschemaregistrysyncoptions.go @@ -0,0 +1,36 @@ +// Copyright 2025 Redpanda Data, Inc. +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.md +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + redpandav1alpha2 "github.com/redpanda-data/redpanda-operator/operator/api/redpanda/v1alpha2" +) + +// ShadowLinkSchemaRegistrySyncOptionsApplyConfiguration represents a declarative configuration of the ShadowLinkSchemaRegistrySyncOptions type for use +// with apply. +type ShadowLinkSchemaRegistrySyncOptionsApplyConfiguration struct { + Mode *redpandav1alpha2.ShadowLinkSchemaRegistrySyncOptionsMode `json:"schema_registry_shadowing_mode,omitempty"` +} + +// ShadowLinkSchemaRegistrySyncOptionsApplyConfiguration constructs a declarative configuration of the ShadowLinkSchemaRegistrySyncOptions type for use with +// apply. +func ShadowLinkSchemaRegistrySyncOptions() *ShadowLinkSchemaRegistrySyncOptionsApplyConfiguration { + return &ShadowLinkSchemaRegistrySyncOptionsApplyConfiguration{} +} + +// WithMode sets the Mode field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Mode field is set to the value of the last call. +func (b *ShadowLinkSchemaRegistrySyncOptionsApplyConfiguration) WithMode(value redpandav1alpha2.ShadowLinkSchemaRegistrySyncOptionsMode) *ShadowLinkSchemaRegistrySyncOptionsApplyConfiguration { + b.Mode = &value + return b +} diff --git a/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinksecuritysettingssyncoptions.go b/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinksecuritysettingssyncoptions.go index ac048232a..2543a0917 100644 --- a/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinksecuritysettingssyncoptions.go +++ b/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinksecuritysettingssyncoptions.go @@ -19,7 +19,7 @@ import ( // with apply. type ShadowLinkSecuritySettingsSyncOptionsApplyConfiguration struct { Interval *v1.Duration `json:"interval,omitempty"` - Enabled *bool `json:"enabled,omitempty"` + Paused *bool `json:"paused,omitempty"` ACLFilters []ACLFilterApplyConfiguration `json:"aclFilters,omitempty"` } @@ -37,11 +37,11 @@ func (b *ShadowLinkSecuritySettingsSyncOptionsApplyConfiguration) WithInterval(v return b } -// WithEnabled sets the Enabled field in the declarative configuration to the given value +// WithPaused sets the Paused field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Enabled field is set to the value of the last call. -func (b *ShadowLinkSecuritySettingsSyncOptionsApplyConfiguration) WithEnabled(value bool) *ShadowLinkSecuritySettingsSyncOptionsApplyConfiguration { - b.Enabled = &value +// If called multiple times, the Paused field is set to the value of the last call. +func (b *ShadowLinkSecuritySettingsSyncOptionsApplyConfiguration) WithPaused(value bool) *ShadowLinkSecuritySettingsSyncOptionsApplyConfiguration { + b.Paused = &value return b } diff --git a/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinkspec.go b/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinkspec.go index f9b6c9ecc..df30a6cb6 100644 --- a/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinkspec.go +++ b/operator/api/applyconfiguration/redpanda/v1alpha2/shadowlinkspec.go @@ -19,6 +19,7 @@ type ShadowLinkSpecApplyConfiguration struct { TopicMetadataSyncOptions *ShadowLinkTopicMetadataSyncOptionsApplyConfiguration `json:"topicMetadataSyncOptions,omitempty"` ConsumerOffsetSyncOptions *ShadowLinkConsumerOffsetSyncOptionsApplyConfiguration `json:"consumerOffsetSyncOptions,omitempty"` SecuritySyncOptions *ShadowLinkSecuritySettingsSyncOptionsApplyConfiguration `json:"securitySyncOptions,omitempty"` + SchemaRegistrySyncOptions *ShadowLinkSchemaRegistrySyncOptionsApplyConfiguration `json:"schemaRegistrySyncOptions,omitempty"` } // ShadowLinkSpecApplyConfiguration constructs a declarative configuration of the ShadowLinkSpec type for use with @@ -66,3 +67,11 @@ func (b *ShadowLinkSpecApplyConfiguration) WithSecuritySyncOptions(value *Shadow b.SecuritySyncOptions = value return b } + +// WithSchemaRegistrySyncOptions sets the SchemaRegistrySyncOptions field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SchemaRegistrySyncOptions field is set to the value of the last call. +func (b *ShadowLinkSpecApplyConfiguration) WithSchemaRegistrySyncOptions(value *ShadowLinkSchemaRegistrySyncOptionsApplyConfiguration) *ShadowLinkSpecApplyConfiguration { + b.SchemaRegistrySyncOptions = value + return b +} diff --git a/operator/api/redpanda/v1alpha2/common.go b/operator/api/redpanda/v1alpha2/common.go index f788cc3d1..ad9b3bd3c 100644 --- a/operator/api/redpanda/v1alpha2/common.go +++ b/operator/api/redpanda/v1alpha2/common.go @@ -26,8 +26,10 @@ import ( var ErrUnsupportedSASLMechanism = errors.New("unsupported SASL mechanism") // KafkaAPISpec configures client configuration settings for connecting to Redpanda brokers. +// +kubebuilder:validation:XValidation:rule="has(self.tls) == has(oldSelf.tls)",message="kafka tls settings are immutable" type KafkaAPISpec struct { // Specifies a list of broker addresses in the format : + // +kubebuilder:validation:MinItems=1 Brokers []string `json:"brokers"` // Defines TLS configuration settings for Redpanda clusters that have TLS enabled. // +optional @@ -38,6 +40,12 @@ type KafkaAPISpec struct { } // KafkaSASL configures credentials to connect to Redpanda cluster that has authentication enabled. +// +kubebuilder:validation:XValidation:message="username and passwordSecretRef must be set when mechanism is plain",rule="self.mechanism.lowerAscii() != 'plain' || (self.username != \"\" && has(self.passwordSecretRef))" +// +kubebuilder:validation:XValidation:message="username and passwordSecretRef must be set when mechanism is sha-256",rule="self.mechanism.lowerAscii() != 'scram-sha-256' || (self.username != \"\" && has(self.passwordSecretRef))" +// +kubebuilder:validation:XValidation:message="username and passwordSecretRef must be set when mechanism is sha-512",rule="self.mechanism.lowerAscii() != 'scram-sha-512' || (self.username != \"\" && has(self.passwordSecretRef))" +// +kubebuilder:validation:XValidation:message="oauth must be set when mechanism is oauth",rule="self.mechanism.lowerAscii() != 'oauthbearer' || has(self.oauth)" +// +kubebuilder:validation:XValidation:message="gssapi must be set when mechanism is gssapi",rule="self.mechanism.lowerAscii() != 'gssapi' || has(self.gssapi)" +// +kubebuilder:validation:XValidation:message="awsMskIam must be set when mechanism is aws_msk_iam",rule="self.mechanism.lowerAscii() != 'aws_msk_iam' || has(self.awsMskIam)" type KafkaSASL struct { // Specifies the username. // +optional @@ -312,7 +320,6 @@ type StaticConfigurationSource struct { // ClusterSource defines how to connect to a particular Redpanda cluster. // +kubebuilder:validation:XValidation:message="either clusterRef or staticConfiguration must be set",rule="has(self.clusterRef) || has(self.staticConfiguration)" -// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ClusterSource is immutable" type ClusterSource struct { // ClusterRef is a reference to the cluster where the object should be created. // It is used in constructing the client created to configure a cluster. diff --git a/operator/api/redpanda/v1alpha2/console_types.go b/operator/api/redpanda/v1alpha2/console_types.go index 62febb42e..70e3ec4a1 100644 --- a/operator/api/redpanda/v1alpha2/console_types.go +++ b/operator/api/redpanda/v1alpha2/console_types.go @@ -53,7 +53,6 @@ func (c *ConsoleList) GetItems() []*Console { type ConsoleSpec struct { ConsoleValues `json:",inline"` - ClusterSource *ClusterSource `json:"cluster,omitempty"` } diff --git a/operator/api/redpanda/v1alpha2/role_types.go b/operator/api/redpanda/v1alpha2/role_types.go index 793ad61dd..53cd56ab0 100644 --- a/operator/api/redpanda/v1alpha2/role_types.go +++ b/operator/api/redpanda/v1alpha2/role_types.go @@ -79,6 +79,7 @@ type RoleSpec struct { // It is used in constructing the client created to configure a cluster. // +kubebuilder:validation:XValidation:message="spec.cluster.staticConfiguration.admin: required value",rule=`!has(self.staticConfiguration) || has(self.staticConfiguration.admin)` // +kubebuilder:validation:XValidation:message="spec.cluster.staticConfiguration.kafka: required value",rule=`!has(self.staticConfiguration) || has(self.staticConfiguration.kafka)` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ClusterSource is immutable" // +required ClusterSource *ClusterSource `json:"cluster"` // Principals defines the list of users assigned to this role. diff --git a/operator/api/redpanda/v1alpha2/schema_types.go b/operator/api/redpanda/v1alpha2/schema_types.go index 2b64743ea..9de1815d8 100644 --- a/operator/api/redpanda/v1alpha2/schema_types.go +++ b/operator/api/redpanda/v1alpha2/schema_types.go @@ -124,6 +124,7 @@ type SchemaSpec struct { // It is used in constructing the client created to configure a cluster. // +required // +kubebuilder:validation:XValidation:message="spec.cluster.staticConfiguration.schemaRegistry: required value",rule=`!has(self.staticConfiguration) || has(self.staticConfiguration.schemaRegistry)` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ClusterSource is immutable" ClusterSource *ClusterSource `json:"cluster"` // Text is the actual unescaped text of a schema. // +required diff --git a/operator/api/redpanda/v1alpha2/shadow_link_types.go b/operator/api/redpanda/v1alpha2/shadow_link_types.go index 295dc0e08..da0697d40 100644 --- a/operator/api/redpanda/v1alpha2/shadow_link_types.go +++ b/operator/api/redpanda/v1alpha2/shadow_link_types.go @@ -138,7 +138,10 @@ type ShadowLinkSpec struct { // "configurations", "client_options", "bootstrap_servers" // "configurations", "client_options", "tls_settings" + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ClusterSource is immutable" ShadowCluster *ClusterSource `json:"shadowCluster"` + // +kubebuilder:validation:XValidation:rule="(!has(self.clusterRef) && !has(oldSelf.clusterRef)) || (self.clusterRef == oldSelf.clusterRef)",message="ClusterSource clusterRef is immutable" + // +kubebuilder:validation:XValidation:rule="!has(self.staticConfiguration) || has(self.staticConfiguration.kafka)",message="static configuration must contain a kafka block" SourceCluster *ClusterSource `json:"sourceCluster"` // Topic metadata sync options @@ -147,6 +150,8 @@ type ShadowLinkSpec struct { ConsumerOffsetSyncOptions *ShadowLinkConsumerOffsetSyncOptions `json:"consumerOffsetSyncOptions,omitempty"` // Security settings sync options SecuritySyncOptions *ShadowLinkSecuritySettingsSyncOptions `json:"securitySyncOptions,omitempty"` + // options for schema registry + SchemaRegistrySyncOptions *ShadowLinkSchemaRegistrySyncOptions `json:"schemaRegistrySyncOptions,omitempty"` } // FilterType specifies the type, either include or exclude of a consumer group filter. @@ -286,7 +291,7 @@ type ShadowLinkConsumerOffsetSyncOptions struct { // +kubebuilder:default="30s" Interval *metav1.Duration `json:"interval,omitempty"` // Whether it's enabled - Enabled bool `json:"enabled,omitempty"` + Paused bool `json:"paused,omitempty"` // The filters GroupFilters []NameFilter `json:"groupFilters,omitempty"` } @@ -298,7 +303,19 @@ type ShadowLinkSecuritySettingsSyncOptions struct { // +kubebuilder:default="30s" Interval *metav1.Duration `json:"interval,omitempty"` // Whether or not it's enabled - Enabled bool `json:"enabled,omitempty"` + Paused bool `json:"paused,omitempty"` // ACL filters ACLFilters []ACLFilter `json:"aclFilters,omitempty"` } + +type ShadowLinkSchemaRegistrySyncOptionsMode string + +const ( + ShadowLinkSchemaRegistrySyncOptionsModeNone ShadowLinkSchemaRegistrySyncOptionsMode = "" + ShadowLinkSchemaRegistrySyncOptionsModeTopic ShadowLinkSchemaRegistrySyncOptionsMode = "topic" +) + +// Options for syncing schema registry settings +type ShadowLinkSchemaRegistrySyncOptions struct { + Mode ShadowLinkSchemaRegistrySyncOptionsMode `json:"schema_registry_shadowing_mode,omitempty"` +} diff --git a/operator/api/redpanda/v1alpha2/shadow_link_types_test.go b/operator/api/redpanda/v1alpha2/shadow_link_types_test.go index 4e0b68209..fb13955a7 100644 --- a/operator/api/redpanda/v1alpha2/shadow_link_types_test.go +++ b/operator/api/redpanda/v1alpha2/shadow_link_types_test.go @@ -88,6 +88,46 @@ func TestShadowLinkValidation(t *testing.T) { } }, }, + "error on changing shadow cluster clusterRef": { + mutateUpdate: func(link *ShadowLink) { + link.Spec.ShadowCluster = &ClusterSource{ + ClusterRef: &ClusterRef{ + Name: "different-cluster", + }, + } + }, + updateErrors: []string{`ClusterSource is immutable`}, + }, + "error on changing source cluster clusterRef": { + mutateUpdate: func(link *ShadowLink) { + link.Spec.SourceCluster = &ClusterSource{ + ClusterRef: &ClusterRef{ + Name: "different-cluster", + }, + } + }, + updateErrors: []string{`ClusterSource clusterRef is immutable`}, + }, + "error on setting no static kafka brokers": { + mutate: func(link *ShadowLink) { + link.Spec.SourceCluster = &ClusterSource{ + StaticConfiguration: &StaticConfigurationSource{ + Kafka: &KafkaAPISpec{ + Brokers: []string{}, + }, + }, + } + }, + errors: []string{`should have at least 1 item`}, + }, + "error on not setting static kafka block": { + mutate: func(link *ShadowLink) { + link.Spec.SourceCluster = &ClusterSource{ + StaticConfiguration: &StaticConfigurationSource{}, + } + }, + errors: []string{`static configuration must contain a kafka block`}, + }, "no errors on update when using SASL on static config": { doUpdate: true, rawManifest: ` diff --git a/operator/api/redpanda/v1alpha2/testdata/crd-docs.adoc b/operator/api/redpanda/v1alpha2/testdata/crd-docs.adoc index bbb9b3773..38248b289 100644 --- a/operator/api/redpanda/v1alpha2/testdata/crd-docs.adoc +++ b/operator/api/redpanda/v1alpha2/testdata/crd-docs.adoc @@ -1520,7 +1520,8 @@ KafkaAPISpec configures client configuration settings for connecting to Redpanda [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`brokers`* __string array__ | Specifies a list of broker addresses in the format : + | | +| *`brokers`* __string array__ | Specifies a list of broker addresses in the format : + | | MinItems: 1 + + | *`tls`* __xref:{anchor_prefix}-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-commontls[$$CommonTLS$$]__ | Defines TLS configuration settings for Redpanda clusters that have TLS enabled. + | | | *`sasl`* __xref:{anchor_prefix}-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasasl[$$KafkaSASL$$]__ | Defines authentication configuration settings for Redpanda clusters that have authentication enabled. + | | |=== diff --git a/operator/api/redpanda/v1alpha2/topic_types.go b/operator/api/redpanda/v1alpha2/topic_types.go index 420194664..e9c9f26c1 100644 --- a/operator/api/redpanda/v1alpha2/topic_types.go +++ b/operator/api/redpanda/v1alpha2/topic_types.go @@ -48,6 +48,7 @@ type TopicSpec struct { // ClusterSource is a reference to the cluster where the user should be created. // It is used in constructing the client created to configure a cluster. // +kubebuilder:validation:XValidation:message="spec.cluster.staticConfiguration.kafka: required value",rule=`!has(self.staticConfiguration) || has(self.staticConfiguration.kafka)` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ClusterSource is immutable" ClusterSource *ClusterSource `json:"cluster,omitempty"` // Defines client configuration for connecting to Redpanda brokers. diff --git a/operator/api/redpanda/v1alpha2/user_types.go b/operator/api/redpanda/v1alpha2/user_types.go index 86e32d58b..1874bc54b 100644 --- a/operator/api/redpanda/v1alpha2/user_types.go +++ b/operator/api/redpanda/v1alpha2/user_types.go @@ -86,6 +86,7 @@ type UserSpec struct { // It is used in constructing the client created to configure a cluster. // +kubebuilder:validation:XValidation:message="spec.cluster.staticConfiguration.admin: required value",rule=`!has(self.staticConfiguration) || has(self.staticConfiguration.admin)` // +kubebuilder:validation:XValidation:message="spec.cluster.staticConfiguration.kafka: required value",rule=`!has(self.staticConfiguration) || has(self.staticConfiguration.kafka)` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ClusterSource is immutable" // +required ClusterSource *ClusterSource `json:"cluster"` // Authentication defines the authentication information for a user. If no diff --git a/operator/api/redpanda/v1alpha2/zz_generated.deepcopy.go b/operator/api/redpanda/v1alpha2/zz_generated.deepcopy.go index 120474208..0cd997b0e 100644 --- a/operator/api/redpanda/v1alpha2/zz_generated.deepcopy.go +++ b/operator/api/redpanda/v1alpha2/zz_generated.deepcopy.go @@ -4867,6 +4867,21 @@ func (in *ShadowLinkList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ShadowLinkSchemaRegistrySyncOptions) DeepCopyInto(out *ShadowLinkSchemaRegistrySyncOptions) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShadowLinkSchemaRegistrySyncOptions. +func (in *ShadowLinkSchemaRegistrySyncOptions) DeepCopy() *ShadowLinkSchemaRegistrySyncOptions { + if in == nil { + return nil + } + out := new(ShadowLinkSchemaRegistrySyncOptions) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ShadowLinkSecuritySettingsSyncOptions) DeepCopyInto(out *ShadowLinkSecuritySettingsSyncOptions) { *out = *in @@ -4922,6 +4937,11 @@ func (in *ShadowLinkSpec) DeepCopyInto(out *ShadowLinkSpec) { *out = new(ShadowLinkSecuritySettingsSyncOptions) (*in).DeepCopyInto(*out) } + if in.SchemaRegistrySyncOptions != nil { + in, out := &in.SchemaRegistrySyncOptions, &out.SchemaRegistrySyncOptions + *out = new(ShadowLinkSchemaRegistrySyncOptions) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShadowLinkSpec. diff --git a/operator/config/crd/bases/cluster.redpanda.com_consoles.yaml b/operator/config/crd/bases/cluster.redpanda.com_consoles.yaml index 18cbb7e69..5e3d4ae2a 100644 --- a/operator/config/crd/bases/cluster.redpanda.com_consoles.yaml +++ b/operator/config/crd/bases/cluster.redpanda.com_consoles.yaml @@ -1136,6 +1136,7 @@ spec: format : items: type: string + minItems: 1 type: array sasl: description: Defines authentication configuration settings @@ -1294,6 +1295,27 @@ spec: required: - mechanism type: object + x-kubernetes-validations: + - message: username and passwordSecretRef must be set + when mechanism is plain + rule: self.mechanism.lowerAscii() != 'plain' || (self.username + != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-256 + rule: self.mechanism.lowerAscii() != 'scram-sha-256' + || (self.username != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-512 + rule: self.mechanism.lowerAscii() != 'scram-sha-512' + || (self.username != "" && has(self.passwordSecretRef)) + - message: oauth must be set when mechanism is oauth + rule: self.mechanism.lowerAscii() != 'oauthbearer' || + has(self.oauth) + - message: gssapi must be set when mechanism is gssapi + rule: self.mechanism.lowerAscii() != 'gssapi' || has(self.gssapi) + - message: awsMskIam must be set when mechanism is aws_msk_iam + rule: self.mechanism.lowerAscii() != 'aws_msk_iam' || + has(self.awsMskIam) tls: description: Defines TLS configuration settings for Redpanda clusters that have TLS enabled. @@ -1362,6 +1384,9 @@ spec: required: - brokers type: object + x-kubernetes-validations: + - message: kafka tls settings are immutable + rule: has(self.tls) == has(oldSelf.tls) schemaRegistry: description: |- SchemaRegistry is the configuration information for communicating with the Schema Registry @@ -1490,8 +1515,6 @@ spec: x-kubernetes-validations: - message: either clusterRef or staticConfiguration must be set rule: has(self.clusterRef) || has(self.staticConfiguration) - - message: ClusterSource is immutable - rule: self == oldSelf commonLabels: additionalProperties: type: string diff --git a/operator/config/crd/bases/cluster.redpanda.com_redpandaroles.yaml b/operator/config/crd/bases/cluster.redpanda.com_redpandaroles.yaml index 9667b052b..fab88658c 100644 --- a/operator/config/crd/bases/cluster.redpanda.com_redpandaroles.yaml +++ b/operator/config/crd/bases/cluster.redpanda.com_redpandaroles.yaml @@ -343,6 +343,7 @@ spec: format : items: type: string + minItems: 1 type: array sasl: description: Defines authentication configuration settings @@ -501,6 +502,27 @@ spec: required: - mechanism type: object + x-kubernetes-validations: + - message: username and passwordSecretRef must be set + when mechanism is plain + rule: self.mechanism.lowerAscii() != 'plain' || (self.username + != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-256 + rule: self.mechanism.lowerAscii() != 'scram-sha-256' + || (self.username != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-512 + rule: self.mechanism.lowerAscii() != 'scram-sha-512' + || (self.username != "" && has(self.passwordSecretRef)) + - message: oauth must be set when mechanism is oauth + rule: self.mechanism.lowerAscii() != 'oauthbearer' || + has(self.oauth) + - message: gssapi must be set when mechanism is gssapi + rule: self.mechanism.lowerAscii() != 'gssapi' || has(self.gssapi) + - message: awsMskIam must be set when mechanism is aws_msk_iam + rule: self.mechanism.lowerAscii() != 'aws_msk_iam' || + has(self.awsMskIam) tls: description: Defines TLS configuration settings for Redpanda clusters that have TLS enabled. @@ -569,6 +591,9 @@ spec: required: - brokers type: object + x-kubernetes-validations: + - message: kafka tls settings are immutable + rule: has(self.tls) == has(oldSelf.tls) schemaRegistry: description: |- SchemaRegistry is the configuration information for communicating with the Schema Registry @@ -699,10 +724,10 @@ spec: rule: '!has(self.staticConfiguration) || has(self.staticConfiguration.admin)' - message: 'spec.cluster.staticConfiguration.kafka: required value' rule: '!has(self.staticConfiguration) || has(self.staticConfiguration.kafka)' - - message: either clusterRef or staticConfiguration must be set - rule: has(self.clusterRef) || has(self.staticConfiguration) - message: ClusterSource is immutable rule: self == oldSelf + - message: either clusterRef or staticConfiguration must be set + rule: has(self.clusterRef) || has(self.staticConfiguration) principals: description: |- Principals defines the list of users assigned to this role. diff --git a/operator/config/crd/bases/cluster.redpanda.com_schemas.yaml b/operator/config/crd/bases/cluster.redpanda.com_schemas.yaml index ddf847189..df2bd5bf2 100644 --- a/operator/config/crd/bases/cluster.redpanda.com_schemas.yaml +++ b/operator/config/crd/bases/cluster.redpanda.com_schemas.yaml @@ -212,6 +212,7 @@ spec: format : items: type: string + minItems: 1 type: array sasl: description: Defines authentication configuration settings @@ -370,6 +371,27 @@ spec: required: - mechanism type: object + x-kubernetes-validations: + - message: username and passwordSecretRef must be set + when mechanism is plain + rule: self.mechanism.lowerAscii() != 'plain' || (self.username + != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-256 + rule: self.mechanism.lowerAscii() != 'scram-sha-256' + || (self.username != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-512 + rule: self.mechanism.lowerAscii() != 'scram-sha-512' + || (self.username != "" && has(self.passwordSecretRef)) + - message: oauth must be set when mechanism is oauth + rule: self.mechanism.lowerAscii() != 'oauthbearer' || + has(self.oauth) + - message: gssapi must be set when mechanism is gssapi + rule: self.mechanism.lowerAscii() != 'gssapi' || has(self.gssapi) + - message: awsMskIam must be set when mechanism is aws_msk_iam + rule: self.mechanism.lowerAscii() != 'aws_msk_iam' || + has(self.awsMskIam) tls: description: Defines TLS configuration settings for Redpanda clusters that have TLS enabled. @@ -438,6 +460,9 @@ spec: required: - brokers type: object + x-kubernetes-validations: + - message: kafka tls settings are immutable + rule: has(self.tls) == has(oldSelf.tls) schemaRegistry: description: |- SchemaRegistry is the configuration information for communicating with the Schema Registry @@ -567,10 +592,10 @@ spec: - message: 'spec.cluster.staticConfiguration.schemaRegistry: required value' rule: '!has(self.staticConfiguration) || has(self.staticConfiguration.schemaRegistry)' - - message: either clusterRef or staticConfiguration must be set - rule: has(self.clusterRef) || has(self.staticConfiguration) - message: ClusterSource is immutable rule: self == oldSelf + - message: either clusterRef or staticConfiguration must be set + rule: has(self.clusterRef) || has(self.staticConfiguration) compatibilityLevel: default: Backward description: CompatibilityLevel sets the compatibility level for the diff --git a/operator/config/crd/bases/cluster.redpanda.com_shadowlinks.yaml b/operator/config/crd/bases/cluster.redpanda.com_shadowlinks.yaml index 9b4be7547..964831d4b 100644 --- a/operator/config/crd/bases/cluster.redpanda.com_shadowlinks.yaml +++ b/operator/config/crd/bases/cluster.redpanda.com_shadowlinks.yaml @@ -47,9 +47,6 @@ spec: consumerOffsetSyncOptions: description: Consumer offset sync options properties: - enabled: - description: Whether it's enabled - type: boolean groupFilters: description: The filters items: @@ -91,6 +88,15 @@ spec: Sync interval If 0 provided, defaults to 30 seconds type: string + paused: + description: Whether it's enabled + type: boolean + type: object + schemaRegistrySyncOptions: + description: options for schema registry + properties: + schema_registry_shadowing_mode: + type: string type: object securitySyncOptions: description: Security settings sync options @@ -157,15 +163,15 @@ spec: - resourceFilter type: object type: array - enabled: - description: Whether or not it's enabled - type: boolean interval: default: 30s description: |- Sync interval If 0 provided, defaults to 30 seconds type: string + paused: + description: Whether or not it's enabled + type: boolean type: object shadowCluster: description: ClusterSource defines how to connect to a particular @@ -330,6 +336,7 @@ spec: format : items: type: string + minItems: 1 type: array sasl: description: Defines authentication configuration settings @@ -488,6 +495,27 @@ spec: required: - mechanism type: object + x-kubernetes-validations: + - message: username and passwordSecretRef must be set + when mechanism is plain + rule: self.mechanism.lowerAscii() != 'plain' || (self.username + != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-256 + rule: self.mechanism.lowerAscii() != 'scram-sha-256' + || (self.username != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-512 + rule: self.mechanism.lowerAscii() != 'scram-sha-512' + || (self.username != "" && has(self.passwordSecretRef)) + - message: oauth must be set when mechanism is oauth + rule: self.mechanism.lowerAscii() != 'oauthbearer' || + has(self.oauth) + - message: gssapi must be set when mechanism is gssapi + rule: self.mechanism.lowerAscii() != 'gssapi' || has(self.gssapi) + - message: awsMskIam must be set when mechanism is aws_msk_iam + rule: self.mechanism.lowerAscii() != 'aws_msk_iam' || + has(self.awsMskIam) tls: description: Defines TLS configuration settings for Redpanda clusters that have TLS enabled. @@ -556,6 +584,9 @@ spec: required: - brokers type: object + x-kubernetes-validations: + - message: kafka tls settings are immutable + rule: has(self.tls) == has(oldSelf.tls) schemaRegistry: description: |- SchemaRegistry is the configuration information for communicating with the Schema Registry @@ -682,10 +713,10 @@ spec: type: object type: object x-kubernetes-validations: - - message: either clusterRef or staticConfiguration must be set - rule: has(self.clusterRef) || has(self.staticConfiguration) - message: ClusterSource is immutable rule: self == oldSelf + - message: either clusterRef or staticConfiguration must be set + rule: has(self.clusterRef) || has(self.staticConfiguration) sourceCluster: description: ClusterSource defines how to connect to a particular Redpanda cluster. @@ -849,6 +880,7 @@ spec: format : items: type: string + minItems: 1 type: array sasl: description: Defines authentication configuration settings @@ -1007,6 +1039,27 @@ spec: required: - mechanism type: object + x-kubernetes-validations: + - message: username and passwordSecretRef must be set + when mechanism is plain + rule: self.mechanism.lowerAscii() != 'plain' || (self.username + != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-256 + rule: self.mechanism.lowerAscii() != 'scram-sha-256' + || (self.username != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-512 + rule: self.mechanism.lowerAscii() != 'scram-sha-512' + || (self.username != "" && has(self.passwordSecretRef)) + - message: oauth must be set when mechanism is oauth + rule: self.mechanism.lowerAscii() != 'oauthbearer' || + has(self.oauth) + - message: gssapi must be set when mechanism is gssapi + rule: self.mechanism.lowerAscii() != 'gssapi' || has(self.gssapi) + - message: awsMskIam must be set when mechanism is aws_msk_iam + rule: self.mechanism.lowerAscii() != 'aws_msk_iam' || + has(self.awsMskIam) tls: description: Defines TLS configuration settings for Redpanda clusters that have TLS enabled. @@ -1075,6 +1128,9 @@ spec: required: - brokers type: object + x-kubernetes-validations: + - message: kafka tls settings are immutable + rule: has(self.tls) == has(oldSelf.tls) schemaRegistry: description: |- SchemaRegistry is the configuration information for communicating with the Schema Registry @@ -1201,10 +1257,13 @@ spec: type: object type: object x-kubernetes-validations: + - message: ClusterSource clusterRef is immutable + rule: (!has(self.clusterRef) && !has(oldSelf.clusterRef)) || (self.clusterRef + == oldSelf.clusterRef) + - message: static configuration must contain a kafka block + rule: '!has(self.staticConfiguration) || has(self.staticConfiguration.kafka)' - message: either clusterRef or staticConfiguration must be set rule: has(self.clusterRef) || has(self.staticConfiguration) - - message: ClusterSource is immutable - rule: self == oldSelf topicMetadataSyncOptions: description: Topic metadata sync options properties: diff --git a/operator/config/crd/bases/cluster.redpanda.com_topics.yaml b/operator/config/crd/bases/cluster.redpanda.com_topics.yaml index 258525a85..b0d62f127 100644 --- a/operator/config/crd/bases/cluster.redpanda.com_topics.yaml +++ b/operator/config/crd/bases/cluster.redpanda.com_topics.yaml @@ -215,6 +215,7 @@ spec: format : items: type: string + minItems: 1 type: array sasl: description: Defines authentication configuration settings @@ -373,6 +374,27 @@ spec: required: - mechanism type: object + x-kubernetes-validations: + - message: username and passwordSecretRef must be set + when mechanism is plain + rule: self.mechanism.lowerAscii() != 'plain' || (self.username + != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-256 + rule: self.mechanism.lowerAscii() != 'scram-sha-256' + || (self.username != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-512 + rule: self.mechanism.lowerAscii() != 'scram-sha-512' + || (self.username != "" && has(self.passwordSecretRef)) + - message: oauth must be set when mechanism is oauth + rule: self.mechanism.lowerAscii() != 'oauthbearer' || + has(self.oauth) + - message: gssapi must be set when mechanism is gssapi + rule: self.mechanism.lowerAscii() != 'gssapi' || has(self.gssapi) + - message: awsMskIam must be set when mechanism is aws_msk_iam + rule: self.mechanism.lowerAscii() != 'aws_msk_iam' || + has(self.awsMskIam) tls: description: Defines TLS configuration settings for Redpanda clusters that have TLS enabled. @@ -441,6 +463,9 @@ spec: required: - brokers type: object + x-kubernetes-validations: + - message: kafka tls settings are immutable + rule: has(self.tls) == has(oldSelf.tls) schemaRegistry: description: |- SchemaRegistry is the configuration information for communicating with the Schema Registry @@ -569,10 +594,10 @@ spec: x-kubernetes-validations: - message: 'spec.cluster.staticConfiguration.kafka: required value' rule: '!has(self.staticConfiguration) || has(self.staticConfiguration.kafka)' - - message: either clusterRef or staticConfiguration must be set - rule: has(self.clusterRef) || has(self.staticConfiguration) - message: ClusterSource is immutable rule: self == oldSelf + - message: either clusterRef or staticConfiguration must be set + rule: has(self.clusterRef) || has(self.staticConfiguration) interval: default: 3s description: |- @@ -591,6 +616,7 @@ spec: : items: type: string + minItems: 1 type: array sasl: description: Defines authentication configuration settings for @@ -744,6 +770,25 @@ spec: required: - mechanism type: object + x-kubernetes-validations: + - message: username and passwordSecretRef must be set when mechanism + is plain + rule: self.mechanism.lowerAscii() != 'plain' || (self.username + != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set when mechanism + is sha-256 + rule: self.mechanism.lowerAscii() != 'scram-sha-256' || (self.username + != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set when mechanism + is sha-512 + rule: self.mechanism.lowerAscii() != 'scram-sha-512' || (self.username + != "" && has(self.passwordSecretRef)) + - message: oauth must be set when mechanism is oauth + rule: self.mechanism.lowerAscii() != 'oauthbearer' || has(self.oauth) + - message: gssapi must be set when mechanism is gssapi + rule: self.mechanism.lowerAscii() != 'gssapi' || has(self.gssapi) + - message: awsMskIam must be set when mechanism is aws_msk_iam + rule: self.mechanism.lowerAscii() != 'aws_msk_iam' || has(self.awsMskIam) tls: description: Defines TLS configuration settings for Redpanda clusters that have TLS enabled. @@ -812,6 +857,9 @@ spec: required: - brokers type: object + x-kubernetes-validations: + - message: kafka tls settings are immutable + rule: has(self.tls) == has(oldSelf.tls) metricsNamespace: description: |- Overwrites the fully-qualified @@ -1201,6 +1249,7 @@ spec: format : items: type: string + minItems: 1 type: array sasl: description: Defines authentication configuration settings @@ -1359,6 +1408,27 @@ spec: required: - mechanism type: object + x-kubernetes-validations: + - message: username and passwordSecretRef must be set + when mechanism is plain + rule: self.mechanism.lowerAscii() != 'plain' || (self.username + != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-256 + rule: self.mechanism.lowerAscii() != 'scram-sha-256' + || (self.username != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-512 + rule: self.mechanism.lowerAscii() != 'scram-sha-512' + || (self.username != "" && has(self.passwordSecretRef)) + - message: oauth must be set when mechanism is oauth + rule: self.mechanism.lowerAscii() != 'oauthbearer' || + has(self.oauth) + - message: gssapi must be set when mechanism is gssapi + rule: self.mechanism.lowerAscii() != 'gssapi' || has(self.gssapi) + - message: awsMskIam must be set when mechanism is aws_msk_iam + rule: self.mechanism.lowerAscii() != 'aws_msk_iam' || + has(self.awsMskIam) tls: description: Defines TLS configuration settings for Redpanda clusters that have TLS enabled. @@ -1427,6 +1497,9 @@ spec: required: - brokers type: object + x-kubernetes-validations: + - message: kafka tls settings are immutable + rule: has(self.tls) == has(oldSelf.tls) schemaRegistry: description: |- SchemaRegistry is the configuration information for communicating with the Schema Registry @@ -1555,10 +1628,10 @@ spec: x-kubernetes-validations: - message: 'spec.cluster.staticConfiguration.kafka: required value' rule: '!has(self.staticConfiguration) || has(self.staticConfiguration.kafka)' - - message: either clusterRef or staticConfiguration must be set - rule: has(self.clusterRef) || has(self.staticConfiguration) - message: ClusterSource is immutable rule: self == oldSelf + - message: either clusterRef or staticConfiguration must be set + rule: has(self.clusterRef) || has(self.staticConfiguration) interval: default: 3s description: |- @@ -1577,6 +1650,7 @@ spec: : items: type: string + minItems: 1 type: array sasl: description: Defines authentication configuration settings for @@ -1730,6 +1804,25 @@ spec: required: - mechanism type: object + x-kubernetes-validations: + - message: username and passwordSecretRef must be set when mechanism + is plain + rule: self.mechanism.lowerAscii() != 'plain' || (self.username + != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set when mechanism + is sha-256 + rule: self.mechanism.lowerAscii() != 'scram-sha-256' || (self.username + != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set when mechanism + is sha-512 + rule: self.mechanism.lowerAscii() != 'scram-sha-512' || (self.username + != "" && has(self.passwordSecretRef)) + - message: oauth must be set when mechanism is oauth + rule: self.mechanism.lowerAscii() != 'oauthbearer' || has(self.oauth) + - message: gssapi must be set when mechanism is gssapi + rule: self.mechanism.lowerAscii() != 'gssapi' || has(self.gssapi) + - message: awsMskIam must be set when mechanism is aws_msk_iam + rule: self.mechanism.lowerAscii() != 'aws_msk_iam' || has(self.awsMskIam) tls: description: Defines TLS configuration settings for Redpanda clusters that have TLS enabled. @@ -1798,6 +1891,9 @@ spec: required: - brokers type: object + x-kubernetes-validations: + - message: kafka tls settings are immutable + rule: has(self.tls) == has(oldSelf.tls) metricsNamespace: description: |- Overwrites the fully-qualified diff --git a/operator/config/crd/bases/cluster.redpanda.com_users.yaml b/operator/config/crd/bases/cluster.redpanda.com_users.yaml index c9fc113f8..7eb7c9eb4 100644 --- a/operator/config/crd/bases/cluster.redpanda.com_users.yaml +++ b/operator/config/crd/bases/cluster.redpanda.com_users.yaml @@ -426,6 +426,7 @@ spec: format : items: type: string + minItems: 1 type: array sasl: description: Defines authentication configuration settings @@ -584,6 +585,27 @@ spec: required: - mechanism type: object + x-kubernetes-validations: + - message: username and passwordSecretRef must be set + when mechanism is plain + rule: self.mechanism.lowerAscii() != 'plain' || (self.username + != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-256 + rule: self.mechanism.lowerAscii() != 'scram-sha-256' + || (self.username != "" && has(self.passwordSecretRef)) + - message: username and passwordSecretRef must be set + when mechanism is sha-512 + rule: self.mechanism.lowerAscii() != 'scram-sha-512' + || (self.username != "" && has(self.passwordSecretRef)) + - message: oauth must be set when mechanism is oauth + rule: self.mechanism.lowerAscii() != 'oauthbearer' || + has(self.oauth) + - message: gssapi must be set when mechanism is gssapi + rule: self.mechanism.lowerAscii() != 'gssapi' || has(self.gssapi) + - message: awsMskIam must be set when mechanism is aws_msk_iam + rule: self.mechanism.lowerAscii() != 'aws_msk_iam' || + has(self.awsMskIam) tls: description: Defines TLS configuration settings for Redpanda clusters that have TLS enabled. @@ -652,6 +674,9 @@ spec: required: - brokers type: object + x-kubernetes-validations: + - message: kafka tls settings are immutable + rule: has(self.tls) == has(oldSelf.tls) schemaRegistry: description: |- SchemaRegistry is the configuration information for communicating with the Schema Registry @@ -782,10 +807,10 @@ spec: rule: '!has(self.staticConfiguration) || has(self.staticConfiguration.admin)' - message: 'spec.cluster.staticConfiguration.kafka: required value' rule: '!has(self.staticConfiguration) || has(self.staticConfiguration.kafka)' - - message: either clusterRef or staticConfiguration must be set - rule: has(self.clusterRef) || has(self.staticConfiguration) - message: ClusterSource is immutable rule: self == oldSelf + - message: either clusterRef or staticConfiguration must be set + rule: has(self.clusterRef) || has(self.staticConfiguration) template: description: Template to specify how user secrets are generated. properties: diff --git a/operator/go.mod b/operator/go.mod index 264d68cbf..0edc4429d 100644 --- a/operator/go.mod +++ b/operator/go.mod @@ -3,7 +3,7 @@ module github.com/redpanda-data/redpanda-operator/operator go 1.24.3 require ( - buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1 + buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1 connectrpc.com/connect v1.19.1 github.com/Masterminds/semver/v3 v3.3.1 github.com/Masterminds/sprig/v3 v3.3.0 @@ -71,7 +71,7 @@ require ( buf.build/gen/go/redpandadata/cloud/connectrpc/go v1.18.1-20250616170632-3de895655308.1 // indirect buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3de895655308.1 // indirect buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1 // indirect - buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2 // indirect + buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2 // indirect buf.build/gen/go/redpandadata/dataplane/connectrpc/go v1.18.1-20250404200318-65f29ddd7b29.1 // indirect buf.build/gen/go/redpandadata/dataplane/protocolbuffers/go v1.36.5-20250404200318-65f29ddd7b29.1 // indirect buf.build/gen/go/redpandadata/gatekeeper/connectrpc/go v1.18.1-20241209180130-05cf059c71c1.1 // indirect diff --git a/operator/go.sum b/operator/go.sum index 1f62a2047..044ea644c 100644 --- a/operator/go.sum +++ b/operator/go.sum @@ -8,10 +8,10 @@ buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3d buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3de895655308.1/go.mod h1:RUUH9gPqxuRHYeNMFjrU5hboN4lPAz2kNeOi81gjQcI= buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1 h1:H1OQRoy/xuIh3vvAv9Gb59p/ZsrTTQyYxPyMSOQaVlc= buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1/go.mod h1:yA5Jg45dsAoOvAx1XHbDwwcWkkYW568MUeKJsa9bgrY= -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2 h1:mvC5Q7Fz56di8es2aftS5/WskFyNs2gBC9kO6LyHxQo= -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2/go.mod h1:8RVo+ufXGClw5quRMTfAj0N3mTB2lKk+CJzlYc7QO0o= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1 h1:faNTh8GShHh+aoonkwH9fISnvHxcbuPflygpqdWXu9w= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2 h1:jCG4Odp8EuikMWru6WwVylzjrSfJImAfrNeImtfp6rs= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2/go.mod h1:YY+peV2t5WRrsN5JCawfDfdePKQVNhaO+0l/9Tsi+oY= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1 h1:qbwdlxQSRcBFlq8Kcl532kcMuR+64TuvnhLC49FxzJE= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= buf.build/gen/go/redpandadata/dataplane/connectrpc/go v1.18.1-20250404200318-65f29ddd7b29.1 h1:iIj2C/0IDTFR0JtIgKfFHRtkCIb7YqQEdNylVab2pz0= buf.build/gen/go/redpandadata/dataplane/connectrpc/go v1.18.1-20250404200318-65f29ddd7b29.1/go.mod h1:72CA7I2EBjkbygOtYfvNpyLwD14RqoMa9vL9SGlWkIk= buf.build/gen/go/redpandadata/dataplane/protocolbuffers/go v1.36.5-20250404200318-65f29ddd7b29.1 h1:/i5xh4Kk3Vvbvcqyunu9NOdxIU7Mu5EuiYzczjckbgE= diff --git a/operator/pkg/client/shadow/conversion.go b/operator/pkg/client/shadow/conversion.go index b59d38d0b..2123dbfed 100644 --- a/operator/pkg/client/shadow/conversion.go +++ b/operator/pkg/client/shadow/conversion.go @@ -13,7 +13,7 @@ import ( "sort" adminv2api "buf.build/gen/go/redpandadata/core/protocolbuffers/go/redpanda/core/admin/v2" - "buf.build/gen/go/redpandadata/core/protocolbuffers/go/redpanda/core/common" + commonv1 "buf.build/gen/go/redpandadata/core/protocolbuffers/go/redpanda/core/common/v1" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/timestamppb" "k8s.io/utils/ptr" @@ -58,17 +58,30 @@ func convertCRDToAPIShadowLinkConfiguration(link *redpandav1alpha2.ShadowLink, r TopicMetadataSyncOptions: convertCRDToAPIShadowLinkTopicMetadataSyncOptions(link.Spec.TopicMetadataSyncOptions), ConsumerOffsetSyncOptions: convertCRDToAPIShadowLinkConsumerOffsetSyncOptions(link.Spec.ConsumerOffsetSyncOptions), SecuritySyncOptions: convertCRDToAPIShadowLinkSecuritySyncOptions(link.Spec.SecuritySyncOptions), + SchemaRegistrySyncOptions: convertCRDToAPISchemaRegistrySyncOptions(link.Spec.SchemaRegistrySyncOptions), } } -func convertTLSSettingsToAPITLSConfig(tlsSettings *TLSSettings) *adminv2api.TLSSettings { +func convertCRDToAPISchemaRegistrySyncOptions(options *redpandav1alpha2.ShadowLinkSchemaRegistrySyncOptions) *adminv2api.SchemaRegistrySyncOptions { + if options == nil { + return nil + } + apiOptions := &adminv2api.SchemaRegistrySyncOptions{} + switch options.Mode { + case redpandav1alpha2.ShadowLinkSchemaRegistrySyncOptionsModeTopic: + apiOptions.SetShadowSchemaRegistryTopic(&adminv2api.SchemaRegistrySyncOptions_ShadowSchemaRegistryTopic{}) + } + return apiOptions +} + +func convertTLSSettingsToAPITLSConfig(tlsSettings *TLSSettings) *commonv1.TLSSettings { if tlsSettings == nil { return nil } - settings := &adminv2api.TLSSettings{ + settings := &commonv1.TLSSettings{ Enabled: true, } - settings.SetTlsPemSettings(&adminv2api.TLSPEMSettings{ + settings.SetTlsPemSettings(&commonv1.TLSPEMSettings{ Ca: tlsSettings.CA, Cert: tlsSettings.Cert, Key: tlsSettings.Key, @@ -112,7 +125,7 @@ func convertCRDToAPIShadowLinkConsumerOffsetSyncOptions(options *redpandav1alpha } return &adminv2api.ConsumerOffsetSyncOptions{ Interval: durationpb.New(options.Interval.Duration), - Enabled: options.Enabled, + Paused: options.Paused, GroupFilters: functional.MapFn(convertCRDToAPINameFilter, options.GroupFilters), } } @@ -158,73 +171,73 @@ func setStartOffsetFromCRD(payload *adminv2api.TopicMetadataSyncOptions, options switch *options.StartOffset { case redpandav1alpha2.TopicMetadataSyncOffsetEarliest: - payload.SetEarliest(ptr.To(adminv2api.TopicMetadataSyncOptions_EarliestOffset{})) + payload.SetStartAtEarliest(ptr.To(adminv2api.TopicMetadataSyncOptions_EarliestOffset{})) case redpandav1alpha2.TopicMetadataSyncOffsetLatest: - payload.SetLatest(ptr.To(adminv2api.TopicMetadataSyncOptions_LatestOffset{})) + payload.SetStartAtLatest(ptr.To(adminv2api.TopicMetadataSyncOptions_LatestOffset{})) case redpandav1alpha2.TopicMetadataSyncOffsetTimestamp: if options.StartOffsetTimestamp == nil { return payload } - payload.SetTimestamp(timestamppb.New(options.StartOffsetTimestamp.Time)) + payload.SetStartAtTimestamp(timestamppb.New(options.StartOffsetTimestamp.Time)) } return payload } -func convertCRDToCommonPatternType(patternType *redpandav1alpha2.PatternType) common.ACLPattern { +func convertCRDToCommonPatternType(patternType *redpandav1alpha2.PatternType) commonv1.ACLPattern { if patternType == nil { - return common.ACLPattern_ACL_PATTERN_ANY + return commonv1.ACLPattern_ACL_PATTERN_ANY } - return map[redpandav1alpha2.PatternType]common.ACLPattern{ - redpandav1alpha2.PatternTypeLiteral: common.ACLPattern_ACL_PATTERN_LITERAL, - redpandav1alpha2.PatternTypePrefixed: common.ACLPattern_ACL_PATTERN_PREFIXED, - redpandav1alpha2.PatternTypeMatch: common.ACLPattern_ACL_PATTERN_MATCH, + return map[redpandav1alpha2.PatternType]commonv1.ACLPattern{ + redpandav1alpha2.PatternTypeLiteral: commonv1.ACLPattern_ACL_PATTERN_LITERAL, + redpandav1alpha2.PatternTypePrefixed: commonv1.ACLPattern_ACL_PATTERN_PREFIXED, + redpandav1alpha2.PatternTypeMatch: commonv1.ACLPattern_ACL_PATTERN_MATCH, }[*patternType] } -func convertCRDToCommonResourceType(resourceType *redpandav1alpha2.ResourceType) common.ACLResource { +func convertCRDToCommonResourceType(resourceType *redpandav1alpha2.ResourceType) commonv1.ACLResource { if resourceType == nil { - return common.ACLResource_ACL_RESOURCE_ANY + return commonv1.ACLResource_ACL_RESOURCE_ANY } - return map[redpandav1alpha2.ResourceType]common.ACLResource{ - redpandav1alpha2.ResourceTypeTopic: common.ACLResource_ACL_RESOURCE_TOPIC, - redpandav1alpha2.ResourceTypeGroup: common.ACLResource_ACL_RESOURCE_GROUP, - redpandav1alpha2.ResourceTypeCluster: common.ACLResource_ACL_RESOURCE_CLUSTER, - redpandav1alpha2.ResourceTypeTransactionalID: common.ACLResource_ACL_RESOURCE_TXN_ID, - redpandav1alpha2.ResourceTypeSchemaRegistrySubject: common.ACLResource_ACL_RESOURCE_SR_SUBJECT, - redpandav1alpha2.ResourceTypeSchemaRegistryRegistry: common.ACLResource_ACL_RESOURCE_SR_REGISTRY, + return map[redpandav1alpha2.ResourceType]commonv1.ACLResource{ + redpandav1alpha2.ResourceTypeTopic: commonv1.ACLResource_ACL_RESOURCE_TOPIC, + redpandav1alpha2.ResourceTypeGroup: commonv1.ACLResource_ACL_RESOURCE_GROUP, + redpandav1alpha2.ResourceTypeCluster: commonv1.ACLResource_ACL_RESOURCE_CLUSTER, + redpandav1alpha2.ResourceTypeTransactionalID: commonv1.ACLResource_ACL_RESOURCE_TXN_ID, + redpandav1alpha2.ResourceTypeSchemaRegistrySubject: commonv1.ACLResource_ACL_RESOURCE_SR_SUBJECT, + redpandav1alpha2.ResourceTypeSchemaRegistryRegistry: commonv1.ACLResource_ACL_RESOURCE_SR_REGISTRY, }[*resourceType] } -func convertCRDToCommonOperationType(operationType *redpandav1alpha2.ACLOperation) common.ACLOperation { +func convertCRDToCommonOperationType(operationType *redpandav1alpha2.ACLOperation) commonv1.ACLOperation { if operationType == nil { - return common.ACLOperation_ACL_OPERATION_ANY + return commonv1.ACLOperation_ACL_OPERATION_ANY } - return map[redpandav1alpha2.ACLOperation]common.ACLOperation{ - redpandav1alpha2.ACLOperationRead: common.ACLOperation_ACL_OPERATION_READ, - redpandav1alpha2.ACLOperationWrite: common.ACLOperation_ACL_OPERATION_WRITE, - redpandav1alpha2.ACLOperationDelete: common.ACLOperation_ACL_OPERATION_REMOVE, - redpandav1alpha2.ACLOperationAlter: common.ACLOperation_ACL_OPERATION_ALTER, - redpandav1alpha2.ACLOperationDescribe: common.ACLOperation_ACL_OPERATION_DESCRIBE, - redpandav1alpha2.ACLOperationIdempotentWrite: common.ACLOperation_ACL_OPERATION_IDEMPOTENT_WRITE, - redpandav1alpha2.ACLOperationClusterAction: common.ACLOperation_ACL_OPERATION_CLUSTER_ACTION, - redpandav1alpha2.ACLOperationCreate: common.ACLOperation_ACL_OPERATION_CREATE, - redpandav1alpha2.ACLOperationAlterConfigs: common.ACLOperation_ACL_OPERATION_ALTER_CONFIGS, - redpandav1alpha2.ACLOperationDescribeConfigs: common.ACLOperation_ACL_OPERATION_DESCRIBE_CONFIGS, + return map[redpandav1alpha2.ACLOperation]commonv1.ACLOperation{ + redpandav1alpha2.ACLOperationRead: commonv1.ACLOperation_ACL_OPERATION_READ, + redpandav1alpha2.ACLOperationWrite: commonv1.ACLOperation_ACL_OPERATION_WRITE, + redpandav1alpha2.ACLOperationDelete: commonv1.ACLOperation_ACL_OPERATION_REMOVE, + redpandav1alpha2.ACLOperationAlter: commonv1.ACLOperation_ACL_OPERATION_ALTER, + redpandav1alpha2.ACLOperationDescribe: commonv1.ACLOperation_ACL_OPERATION_DESCRIBE, + redpandav1alpha2.ACLOperationIdempotentWrite: commonv1.ACLOperation_ACL_OPERATION_IDEMPOTENT_WRITE, + redpandav1alpha2.ACLOperationClusterAction: commonv1.ACLOperation_ACL_OPERATION_CLUSTER_ACTION, + redpandav1alpha2.ACLOperationCreate: commonv1.ACLOperation_ACL_OPERATION_CREATE, + redpandav1alpha2.ACLOperationAlterConfigs: commonv1.ACLOperation_ACL_OPERATION_ALTER_CONFIGS, + redpandav1alpha2.ACLOperationDescribeConfigs: commonv1.ACLOperation_ACL_OPERATION_DESCRIBE_CONFIGS, }[*operationType] } -func convertCRDToCommonPermissionType(aclType *redpandav1alpha2.ACLType) common.ACLPermissionType { +func convertCRDToCommonPermissionType(aclType *redpandav1alpha2.ACLType) commonv1.ACLPermissionType { if aclType == nil { - return common.ACLPermissionType_ACL_PERMISSION_TYPE_ANY + return commonv1.ACLPermissionType_ACL_PERMISSION_TYPE_ANY } - return map[redpandav1alpha2.ACLType]common.ACLPermissionType{ - redpandav1alpha2.ACLTypeAllow: common.ACLPermissionType_ACL_PERMISSION_TYPE_ALLOW, - redpandav1alpha2.ACLTypeDeny: common.ACLPermissionType_ACL_PERMISSION_TYPE_DENY, + return map[redpandav1alpha2.ACLType]commonv1.ACLPermissionType{ + redpandav1alpha2.ACLTypeAllow: commonv1.ACLPermissionType_ACL_PERMISSION_TYPE_ALLOW, + redpandav1alpha2.ACLTypeDeny: commonv1.ACLPermissionType_ACL_PERMISSION_TYPE_DENY, }[*aclType] } @@ -258,7 +271,7 @@ func convertCRDToAPIShadowLinkSecuritySyncOptions(options *redpandav1alpha2.Shad } return &adminv2api.SecuritySettingsSyncOptions{ Interval: durationpb.New(options.Interval.Duration), - Enabled: options.Enabled, + Paused: options.Paused, // TODO: the following were recently (temporarily?) removed // RoleFilters: functional.MapFn(convertCRDToAPINameFilter, options.RoleFilters), // ScramCredFilters: functional.MapFn(convertCRDToAPINameFilter, options.ScramCredentialFilters), diff --git a/operator/pkg/client/shadow/syncer.go b/operator/pkg/client/shadow/syncer.go index f9709b16a..8193d0144 100644 --- a/operator/pkg/client/shadow/syncer.go +++ b/operator/pkg/client/shadow/syncer.go @@ -79,12 +79,7 @@ func (s *Syncer) Sync(ctx context.Context, o *redpandav1alpha2.ShadowLink, remot update, err := s.client.ShadowLinkService().UpdateShadowLink(ctx, connect.NewRequest(&adminv2api.UpdateShadowLinkRequest{ ShadowLink: convertCRDToAPIShadowLink(o, remoteClusterSettings), UpdateMask: &fieldmaskpb.FieldMask{ - // From: https://github.com/redpanda-data/redpanda/blob/60c590be34d5b2bd2934ac2143105ee7e2442388/src/v/redpanda/admin/services/shadow_link/shadow_link.cc#L64C1-L66C57 - // "configurations", "client_options", "bootstrap_servers" - // "configurations", "client_options", "tls_settings" - // - // update all fields - Paths: []string{"configurations.topic_metadata_sync_options", "configurations.consumer_offset_sync_options", "configurations.security_sync_options"}, + Paths: []string{"configurations.client_options", "configurations.topic_metadata_sync_options", "configurations.consumer_offset_sync_options", "configurations.security_sync_options", "configurations.schema_registry_sync_options"}, }, })) if err != nil { diff --git a/operator/pkg/client/shadow/syncer_test.go b/operator/pkg/client/shadow/syncer_test.go index 5216eda5b..d4a50d615 100644 --- a/operator/pkg/client/shadow/syncer_test.go +++ b/operator/pkg/client/shadow/syncer_test.go @@ -41,7 +41,7 @@ func getTestImage() string { // this is the latest nightly image that contains shadow links, once a release // with shadow links is actually cut, we can switch to the typical release // images - return "redpandadata/redpanda-nightly:v0.0.0-20251023git2fede32" + return "redpandadata/redpanda-nightly:v0.0.0-20251103git2470d86" } func TestSyncer(t *testing.T) { @@ -54,8 +54,8 @@ func TestSyncer(t *testing.T) { // in nightly builds. syncTime := ptr.To(metav1.Duration{Duration: 2 * time.Second}) linkName := "link" - topicName := "topic" - topicTwo := "other" + topicName := "foo-topic-sentinel" + topicTwo := "bar-topic-sentinel" user := "user" password := "password" @@ -102,7 +102,6 @@ func TestSyncer(t *testing.T) { }, ConsumerOffsetSyncOptions: &redpandav1alpha2.ShadowLinkConsumerOffsetSyncOptions{ Interval: syncTime, - Enabled: true, GroupFilters: []redpandav1alpha2.NameFilter{{ Name: consumer, FilterType: redpandav1alpha2.FilterTypeInclude, @@ -111,7 +110,6 @@ func TestSyncer(t *testing.T) { }, SecuritySyncOptions: &redpandav1alpha2.ShadowLinkSecuritySettingsSyncOptions{ Interval: syncTime, - Enabled: true, ACLFilters: []redpandav1alpha2.ACLFilter{{ ResourceFilter: redpandav1alpha2.ACLResourceFilter{ Name: "*", @@ -138,6 +136,12 @@ func TestSyncer(t *testing.T) { // initial check that the link is active require.Equal(t, redpandav1alpha2.ShadowLinkStateActive, status.State) + defer func() { + if t.Failed() { + clusterTwo.dumpLogs(t, ctx) + } + }() + // wrap in a retry since the update of state is asynchronous require.Eventually(t, func() bool { return clusterTwo.hasActiveMirroredTopics(t, ctx, linkName, topicName) @@ -157,13 +161,9 @@ func TestSyncer(t *testing.T) { return clusterOneOffset == clusterTwoOffset }, syncRetryPeriod, 1*time.Second, "cluster offsets not equal expected: %d, actual: %d", clusterOneOffset, clusterTwoOffset) - if t.Failed() { - clusterTwo.dumpLogs(t, ctx) - } - // Update link.Spec.TopicMetadataSyncOptions.AutoCreateShadowTopicFilters[0].Name = topicTwo - _, err = syncer.Sync(ctx, link, clusterTwo.remoteClusterSettings()) + _, err = syncer.Sync(ctx, link, clusterOne.remoteClusterSettings()) require.NoError(t, err) require.Eventually(t, func() bool { @@ -204,9 +204,9 @@ func runShadowLinkEnabledCluster(t *testing.T, ctx context.Context, name, userna }, nil) require.NoError(t, err) + require.NoError(t, rpadminClient.SetLogLevel(ctx, "kafka/client", "trace", 120)) require.NoError(t, rpadminClient.SetLogLevel(ctx, "cluster_link", "trace", 120)) require.NoError(t, rpadminClient.SetLogLevel(ctx, "shadow_link_service", "trace", 120)) - kafkaClient, err := kgo.NewClient(kgo.SeedBrokers(kafkaAddress), kgo.SASL(scram.Auth{ User: username, Pass: password, diff --git a/pkg/go.mod b/pkg/go.mod index 3660fc0bc..d9a9d115d 100644 --- a/pkg/go.mod +++ b/pkg/go.mod @@ -60,8 +60,8 @@ require ( buf.build/gen/go/grpc-ecosystem/grpc-gateway/protocolbuffers/go v1.36.6-20221127060915-a1ecdc58eccd.1 // indirect buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3de895655308.1 // indirect buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1 // indirect - buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2 // indirect - buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1 // indirect + buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2 // indirect + buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1 // indirect cel.dev/expr v0.24.0 // indirect cloud.google.com/go v0.121.1 // indirect cloud.google.com/go/auth v0.16.1 // indirect diff --git a/pkg/go.sum b/pkg/go.sum index cc3e2053e..2c21495d2 100644 --- a/pkg/go.sum +++ b/pkg/go.sum @@ -6,10 +6,10 @@ buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3d buf.build/gen/go/redpandadata/cloud/protocolbuffers/go v1.36.6-20250616170632-3de895655308.1/go.mod h1:RUUH9gPqxuRHYeNMFjrU5hboN4lPAz2kNeOi81gjQcI= buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1 h1:H1OQRoy/xuIh3vvAv9Gb59p/ZsrTTQyYxPyMSOQaVlc= buf.build/gen/go/redpandadata/common/protocolbuffers/go v1.36.6-20250623133515-cbe59d22e104.1/go.mod h1:yA5Jg45dsAoOvAx1XHbDwwcWkkYW568MUeKJsa9bgrY= -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2 h1:mvC5Q7Fz56di8es2aftS5/WskFyNs2gBC9kO6LyHxQo= -buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251023115415-1f602d02339b.2/go.mod h1:8RVo+ufXGClw5quRMTfAj0N3mTB2lKk+CJzlYc7QO0o= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1 h1:faNTh8GShHh+aoonkwH9fISnvHxcbuPflygpqdWXu9w= -buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251023115415-1f602d02339b.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2 h1:jCG4Odp8EuikMWru6WwVylzjrSfJImAfrNeImtfp6rs= +buf.build/gen/go/redpandadata/core/connectrpc/go v1.19.1-20251031193904-15e1d027dabd.2/go.mod h1:YY+peV2t5WRrsN5JCawfDfdePKQVNhaO+0l/9Tsi+oY= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1 h1:qbwdlxQSRcBFlq8Kcl532kcMuR+64TuvnhLC49FxzJE= +buf.build/gen/go/redpandadata/core/protocolbuffers/go v1.36.10-20251031193904-15e1d027dabd.1/go.mod h1:QenSPzqxZpyo9hHIpRzTetvDchelVDzimnmaggHKenc= cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY= cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= cloud.google.com/go v0.121.1 h1:S3kTQSydxmu1JfLRLpKtxRPA7rSrYPRPEUmL/PavVUw=