Skip to content

Commit

Permalink
feature: Add 'caCertificate' parameter to Minio EventSource (#2903)
Browse files Browse the repository at this point in the history
Signed-off-by: Ross Golder <[email protected]>
  • Loading branch information
rossigee authored Nov 16, 2023
1 parent d6ec145 commit 6d982b3
Show file tree
Hide file tree
Showing 8 changed files with 194 additions and 92 deletions.
3 changes: 3 additions & 0 deletions api/jsonschema/schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,9 @@
"bucket": {
"$ref": "#/definitions/io.argoproj.common.S3Bucket"
},
"caCertificate": {
"$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector"
},
"endpoint": {
"type": "string"
},
Expand Down
3 changes: 3 additions & 0 deletions api/openapi-spec/swagger.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

36 changes: 32 additions & 4 deletions eventsources/sources/minio/start.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,11 @@ package minio

import (
"context"
"crypto/tls"
"crypto/x509"
"encoding/json"
"fmt"
"net/http"
"time"

"github.com/minio/minio-go/v7"
Expand Down Expand Up @@ -80,10 +83,35 @@ func (el *EventListener) StartListening(ctx context.Context, dispatch func([]byt
return fmt.Errorf("failed to retrieve the secret key for event source %s, %w", el.GetEventName(), err)
}

log.Info("setting up a minio client...")
minioClient, err := minio.New(minioEventSource.Endpoint, &minio.Options{
Creds: credentials.NewStaticV4(accessKey, secretKey, ""), Secure: !minioEventSource.Insecure})
if err != nil {
var minioClient *minio.Client
var clientErr error
if minioEventSource.CACertificate != nil {
log.Info("retrieving CA certificate...")
caCertificate, err := common.GetSecretFromVolume(minioEventSource.CACertificate)
if err != nil {
return fmt.Errorf("failed to get the CA certificate for event source %s, %w", el.GetEventName(), err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM([]byte(caCertificate))
tlsConfig := &tls.Config{
RootCAs: caCertPool,
}
log.Info("setting up a minio client with custom CA...")
minioClient, clientErr = minio.New(minioEventSource.Endpoint, &minio.Options{
Creds: credentials.NewStaticV4(accessKey, secretKey, ""),
Secure: !minioEventSource.Insecure,
Transport: &http.Transport{
TLSClientConfig: tlsConfig,
},
})
} else {
log.Info("setting up a minio client...")
minioClient, clientErr = minio.New(minioEventSource.Endpoint, &minio.Options{
Creds: credentials.NewStaticV4(accessKey, secretKey, ""),
Secure: !minioEventSource.Insecure,
})
}
if clientErr != nil {
return fmt.Errorf("failed to create a client for event source %s, %w", el.GetEventName(), err)
}

Expand Down
5 changes: 5 additions & 0 deletions pkg/apis/common/deepcopy_generated.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

230 changes: 142 additions & 88 deletions pkg/apis/common/generated.pb.go

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions pkg/apis/common/generated.proto

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions pkg/apis/common/openapi_generated.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions pkg/apis/common/s3.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ type S3Artifact struct {
Events []string `json:"events,omitempty" protobuf:"bytes,7,rep,name=events"`
Filter *S3Filter `json:"filter,omitempty" protobuf:"bytes,8,opt,name=filter"`
Metadata map[string]string `json:"metadata,omitempty" protobuf:"bytes,9,opt,name=metadata"`

CACertificate *corev1.SecretKeySelector `json:"caCertificate,omitempty" protobuf:"bytes,10,opt,name=caCertificate"`
}

// S3Bucket contains information to describe an S3 Bucket
Expand Down

0 comments on commit 6d982b3

Please sign in to comment.