update password (#4952)

labring · Oct 23, 2024 · 786c518 · 786c518
1 parent 32f6973
commit 786c518
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 42 deletions.
diff --git a/controllers/objectstorage/api/v1/objectstorageuser_types.go b/controllers/objectstorage/api/v1/objectstorageuser_types.go
@@ -22,6 +22,8 @@ import (
 
 // ObjectStorageUserSpec defines the desired state of ObjectStorageUser
 type ObjectStorageUserSpec struct {
+	// +kubebuilder:default=0
+	SecretKeyVersion int64 `json:"secretKeyVersion,omitempty"`
 }
 
 // ObjectStorageUserStatus defines the observed state of ObjectStorageUser
@@ -34,6 +36,8 @@ type ObjectStorageUserStatus struct {
 	SecretKey    string `json:"secretKey,omitempty"`
 	Internal     string `json:"internal,omitempty"`
 	External     string `json:"external,omitempty"`
+	// +kubebuilder:default=0
+	SecretKeyVersion int64 `json:"secretKeyVersion,omitempty"`
 }
 
 //+kubebuilder:object:root=true

diff --git a/controllers/objectstorage/config/crd/bases/objectstorage.sealos.io_objectstoragebuckets.yaml b/controllers/objectstorage/config/crd/bases/objectstorage.sealos.io_objectstoragebuckets.yaml
@@ -1,17 +1,3 @@
-# Copyright © 2023 sealos.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition

diff --git a/controllers/objectstorage/config/crd/bases/objectstorage.sealos.io_objectstorageusers.yaml b/controllers/objectstorage/config/crd/bases/objectstorage.sealos.io_objectstorageusers.yaml
@@ -1,17 +1,3 @@
-# Copyright © 2023 sealos.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -48,6 +34,11 @@ spec:
               type: object
             spec:
               description: ObjectStorageUserSpec defines the desired state of ObjectStorageUser
+              properties:
+                secretKeyVersion:
+                  default: 0
+                  format: int64
+                  type: integer
               type: object
             status:
               description: ObjectStorageUserStatus defines the observed state of ObjectStorageUser
@@ -66,6 +57,10 @@ spec:
                   type: integer
                 secretKey:
                   type: string
+                secretKeyVersion:
+                  default: 0
+                  format: int64
+                  type: integer
                 size:
                   description: unit is byte
                   format: int64

diff --git a/controllers/objectstorage/config/rbac/role.yaml b/controllers/objectstorage/config/rbac/role.yaml
@@ -1,17 +1,3 @@
-# Copyright © 2023 sealos.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

diff --git a/controllers/objectstorage/controllers/objectstorageuser_controller.go b/controllers/objectstorage/controllers/objectstorageuser_controller.go
@@ -153,6 +153,15 @@ func (r *ObjectStorageUserReconciler) Reconcile(ctx context.Context, req ctrl.Re
 
 	updated := r.initObjectStorageUser(user, username, quota.Value())
 
+	pwdUpdated := false
+
+	if user.Spec.SecretKeyVersion > user.Status.SecretKeyVersion {
+		user.Status.SecretKey = rand.String(16)
+		user.Status.SecretKeyVersion = user.Spec.SecretKeyVersion
+		pwdUpdated = true
+		updated = true
+	}
+
 	accessKey := user.Status.AccessKey
 	secretKey := user.Status.SecretKey
 
@@ -170,6 +179,13 @@ func (r *ObjectStorageUserReconciler) Reconcile(ctx context.Context, req ctrl.Re
 		}
 	}
 
+	if pwdUpdated {
+		if err := r.OSAdminClient.SetUser(ctx, accessKey, secretKey, madmin.AccountEnabled); err != nil {
+			r.Logger.Error(err, "failed to set user secret key", "name", accessKey)
+		}
+		r.Logger.V(1).Info("[user] password change info", "name", user.Name, "spec secret key version", user.Spec.SecretKeyVersion)
+	}
+
 	secret := &corev1.Secret{}
 	if err := r.Get(ctx, client.ObjectKey{Name: OSKeySecret, Namespace: userNamespace}, secret); err != nil {
 		if !errors.IsNotFound(err) {