From ef64d52a804c1b631f8db79427c636ebd9f303b4 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 3 Jun 2026 19:59:51 +0200 Subject: [PATCH 01/16] chore: point stackable-operator at smooth-operator branch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add [patch] section to Cargo.toml pointing stackable-operator at the smooth-operator branch of operator-rs (v0.111.1). No import-path relocations were needed — all existing paths remain valid on this branch. Co-Authored-By: Claude Opus 4.8 (1M context) --- Cargo.lock | 308 ++++++++++++++++++++++++++++------------------------- Cargo.toml | 4 +- 2 files changed, 163 insertions(+), 149 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 25ac572e..1b5b6eff 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -163,9 +163,9 @@ checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" [[package]] name = "autocfg" -version = "1.5.0" +version = "1.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" +checksum = "f2032f911046de80f0a198e0901378627c33f59ea0ac00e363d481118bd70a53" [[package]] name = "axum" @@ -265,9 +265,9 @@ checksum = "5e764a1d40d510daf35e07be9eb06e75770908c27d411ee6c92109c9840eaaf7" [[package]] name = "bitflags" -version = "2.11.1" +version = "2.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3" +checksum = "84d7ced0ae9557296835c32bf1b1e02b44c746701f898460fb000d7eaa84f00a" [[package]] name = "block-buffer" @@ -280,9 +280,9 @@ dependencies = [ [[package]] name = "built" -version = "0.8.0" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4ad8f11f288f48ca24471bbd51ac257aaeaaa07adae295591266b792902ae64" +checksum = "5c0e531d93d39c34eef561e929e8a7f86d77a5af08aac4f6d6e39976c51858e9" dependencies = [ "chrono", "git2", @@ -290,9 +290,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.20.2" +version = "3.20.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb" +checksum = "72f5acc6cb2ba439de613abc23857ec3d78374d8ed5ac84e9d11336e87da8649" [[package]] name = "bytes" @@ -302,9 +302,9 @@ checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" [[package]] name = "cc" -version = "1.2.60" +version = "1.2.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43c5703da9466b66a946814e1adf53ea2c90f10063b86290cc9eb67ce3478a20" +checksum = "556e016178bb5662a08681bbe0f00f8e17631781a4dfc8c45e466e4b185ec27f" dependencies = [ "find-msvc-tools", "jobserver", @@ -633,9 +633,9 @@ dependencies = [ [[package]] name = "displaydoc" -version = "0.2.5" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" +checksum = "1ac70aa55017e108007fbaf5aa0f54b021c98f92ff8af59d42eda9da96e3dd4f" dependencies = [ "proc-macro2", "quote", @@ -696,9 +696,9 @@ dependencies = [ [[package]] name = "either" -version = "1.15.0" +version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" +checksum = "91622ff5e7162018101f2fea40d6ebf4a78bbe5a49736a2020649edf9693679e" [[package]] name = "elliptic-curve" @@ -771,7 +771,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.61.2", + "windows-sys 0.52.0", ] [[package]] @@ -950,9 +950,9 @@ checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393" [[package]] name = "futures-timer" -version = "3.0.3" +version = "3.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f288b0a4f20f9a56b5d1da57e2227c661b7b16168e2f72365f57b63326e29b24" +checksum = "af43fadb8a98512d547e37b4e92e0ced13e205c061b87b4623eff01d918d6968" [[package]] name = "futures-util" @@ -1023,15 +1023,14 @@ dependencies = [ [[package]] name = "git2" -version = "0.20.4" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b88256088d75a56f8ecfa070513a775dd9107f6530ef14919dac831af9cfe2b" +checksum = "ddddbf932745a6be37109b6112d3ee09696106f848449069d3a57bba937ab82e" dependencies = [ "bitflags", "libc", "libgit2-sys", "log", - "url", ] [[package]] @@ -1065,9 +1064,9 @@ dependencies = [ [[package]] name = "h2" -version = "0.4.13" +version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f44da3a8150a6703ed5d34e164b875fd14c2cdab9af1252a9a1020bde2bdc54" +checksum = "171fefbc92fe4a4de27e0698d6a5b392d6a0e333506bc49133760b3bcf948733" dependencies = [ "atomic-waker", "bytes", @@ -1104,9 +1103,9 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.17.0" +version = "0.17.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f467dd6dccf739c208452f8014c75c18bb8301b050ad1cfb27153803edb0f51" +checksum = "ed5909b6e89a2db4456e54cd5f673791d7eca6732202bbf2a9cc504fe2f9b84a" [[package]] name = "heck" @@ -1136,9 +1135,9 @@ dependencies = [ [[package]] name = "http" -version = "1.4.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3ba2a386d7f85a81f119ad7498ebe444d2e22c2af0b86b069416ace48b3311a" +checksum = "8be7462df143984c4598a256ef469b251d7d7f9e271135073e78fc535414f3d0" dependencies = [ "bytes", "itoa", @@ -1187,9 +1186,9 @@ checksum = "135b12329e5e3ce057a9f972339ea52bc954fe1e9358ef27f95e89716fbc5424" [[package]] name = "hyper" -version = "1.9.0" +version = "1.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6299f016b246a94207e63da54dbe807655bf9e00044f73ded42c3ac5305fbcca" +checksum = "55281c53a1894c864990125767da440a4e630446785086f52523b20033b74498" dependencies = [ "atomic-waker", "bytes", @@ -1391,9 +1390,9 @@ dependencies = [ [[package]] name = "idna_adapter" -version = "1.2.1" +version = "1.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3acae9609540aa318d1bc588455225fb2085b9ed0c4f6bd0d9d5bcd86f1a0344" +checksum = "cb68373c0d6620ef8105e855e7745e18b0d00d3bdb07fb532e434244cdb9a714" dependencies = [ "icu_normalizer", "icu_properties", @@ -1406,7 +1405,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d466e9454f08e4a911e14806c24e16fba1b4c121d1ea474396f396069cf949d9" dependencies = [ "equivalent", - "hashbrown 0.17.0", + "hashbrown 0.17.1", "serde", "serde_core", ] @@ -1426,16 +1425,6 @@ version = "2.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d98f6fed1fde3f8c21bc40a1abb88dd75e67924f9cffc3ef95607bad8017f8e2" -[[package]] -name = "iri-string" -version = "0.7.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25e659a4bb38e810ebc252e53b5814ff908a8c58c2a9ce2fae1bbec24cbf4e20" -dependencies = [ - "memchr", - "serde", -] - [[package]] name = "is_terminal_polyfill" version = "1.70.2" @@ -1470,9 +1459,9 @@ dependencies = [ [[package]] name = "jiff" -version = "0.2.23" +version = "0.2.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a3546dc96b6d42c5f24902af9e2538e82e39ad350b0c766eb3fbf2d8f3d8359" +checksum = "4603d3033e49e2b0e31229fcab20a5d40089c607d975cd9c80551dc69eed9102" dependencies = [ "jiff-static", "jiff-tzdb-platform", @@ -1480,14 +1469,14 @@ dependencies = [ "portable-atomic", "portable-atomic-util", "serde_core", - "windows-sys 0.61.2", + "windows-link", ] [[package]] name = "jiff-static" -version = "0.2.23" +version = "0.2.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a8c8b344124222efd714b73bb41f8b5120b27a7cc1c75593a6ff768d9d05aa4" +checksum = "782d32378dddf207193ac91cefb848ad41abb58195c95168e1291227a0832b47" dependencies = [ "proc-macro2", "quote", @@ -1521,9 +1510,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.95" +version = "0.3.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2964e92d1d9dc3364cae4d718d93f227e3abb088e747d92e0395bfdedf1c12ca" +checksum = "142bc4740e452c1e57ade0cbc129f139c9093e354346f0872ef985f4f5cf5f11" dependencies = [ "cfg-if", "futures-util", @@ -1533,14 +1522,15 @@ dependencies = [ [[package]] name = "json-patch" -version = "4.1.0" +version = "4.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f300e415e2134745ef75f04562dd0145405c2f7fd92065db029ac4b16b57fe90" +checksum = "7421438de105a0827e44fadd05377727847d717c80ce29a229f85fd04c427b72" dependencies = [ "jsonptr", + "schemars", "serde", "serde_json", - "thiserror 1.0.69", + "thiserror 2.0.18", ] [[package]] @@ -1582,11 +1572,11 @@ dependencies = [ [[package]] name = "k8s-version" version = "0.1.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" dependencies = [ "darling", "regex", - "snafu 0.9.0", + "snafu 0.9.1", ] [[package]] @@ -1729,15 +1719,15 @@ checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" [[package]] name = "libc" -version = "0.2.185" +version = "0.2.186" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52ff2c0fe9bc6cb6b14a0592c2ff4fa9ceb83eea9db979b0487cd054946a2b8f" +checksum = "68ab91017fe16c622486840e4c83c9a37afeff978bd239b5293d61ece587de66" [[package]] name = "libgit2-sys" -version = "0.18.3+1.9.2" +version = "0.18.5+1.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9b3acc4b91781bb0b3386669d325163746af5f6e4f73e6d2d630e09a35f3487" +checksum = "005d6ae6eac1912906073e069f7db60b1fa98e052a68227824afe3e3a1c59ca2" dependencies = [ "cc", "libc", @@ -1753,9 +1743,9 @@ checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981" [[package]] name = "libz-sys" -version = "1.1.28" +version = "1.1.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc3a226e576f50782b3305c5ccf458698f92798987f551c6a02efe8276721e22" +checksum = "85bc9657773828b90eeb625adff10eeac83cc21bbfd8e23a03eaa8a33c9e28d9" dependencies = [ "cc", "libc", @@ -1780,9 +1770,9 @@ dependencies = [ [[package]] name = "log" -version = "0.4.29" +version = "0.4.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" +checksum = "113b30b4cd05f7c06868fdb2854f66a7b9fece9a48425351cd532e810d74024f" [[package]] name = "matchers" @@ -1801,9 +1791,9 @@ checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3" [[package]] name = "memchr" -version = "2.8.0" +version = "2.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" +checksum = "6b947ae49db0d222b1dbc6b113ce7248a3fc3a6ca21b696717bfc000ba4484d8" [[package]] name = "mime" @@ -1823,9 +1813,9 @@ dependencies = [ [[package]] name = "mio" -version = "1.2.0" +version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50b7e5b27aa02a74bac8c3f23f448f8d87ff11f92d3aac1a6ed369ee08cc56c1" +checksum = "02bd0af71c67b473010cbbc60715ee815645a4dc942899111f494b4b737d6fda" dependencies = [ "libc", "wasi", @@ -1859,9 +1849,9 @@ dependencies = [ [[package]] name = "num-conv" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6673768db2d862beb9b39a78fdcb1a69439615d5794a1be50caa9bc92c81967" +checksum = "521739c6d2bac4aa25192232afe6841231376b2b26d4d9fae5ecf8ca5772e441" [[package]] name = "num-integer" @@ -2125,18 +2115,18 @@ dependencies = [ [[package]] name = "pin-project" -version = "1.1.11" +version = "1.1.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1749c7ed4bcaf4c3d0a3efc28538844fb29bcdd7d2b67b2be7e20ba861ff517" +checksum = "2466b2336ed02bcdca6b294417127b90ec92038d1d5c4fbeac971a922e0e0924" dependencies = [ "pin-project-internal", ] [[package]] name = "pin-project-internal" -version = "1.1.11" +version = "1.1.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9b20ed30f105399776b9c883e68e536ef602a16ae6f596d2c473591d6ad64c6" +checksum = "c96395f0a926bc13b1c17622aaddda1ecb55d49c8f1bf9777e4d877800a43f8b" dependencies = [ "proc-macro2", "quote", @@ -2570,9 +2560,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.38" +version = "0.23.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69f9466fb2c14ea04357e91413efb882e2a6d4a406e625449bc0a5d360d53a21" +checksum = "ef86cd5876211988985292b91c96a8f2d298df24e75989a43a3c73f2d4d8168b" dependencies = [ "log", "once_cell", @@ -2585,9 +2575,9 @@ dependencies = [ [[package]] name = "rustls-native-certs" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "612460d5f7bea540c490b2b6395d8e34a953e52b491accd6c86c8164c5932a63" +checksum = "dab5152771c58876a2146916e53e35057e1a4dfa2b9df0f0305b07f611fdea4d" dependencies = [ "openssl-probe", "rustls-pki-types", @@ -2597,9 +2587,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.14.0" +version = "1.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" +checksum = "30a7197ae7eb376e574fe940d068c30fe0462554a3ddbe4eca7838e049c937a9" dependencies = [ "zeroize", ] @@ -2773,9 +2763,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.149" +version = "1.0.150" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +checksum = "e8014e44b4736ed0538adeecded0fce2a272f22dc9578a7eb6b2d9993c74cfb9" dependencies = [ "itoa", "memchr", @@ -2853,9 +2843,9 @@ dependencies = [ [[package]] name = "shlex" -version = "1.3.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" +checksum = "f8fadd59c855ef2080decdef8ff161eb6661b86933c9d82e5ba29dc602a55aba" [[package]] name = "signal-hook-registry" @@ -2916,11 +2906,11 @@ dependencies = [ [[package]] name = "snafu" -version = "0.9.0" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d1d4bced6a69f90b2056c03dcff2c4737f98d6fb9e0853493996e1d253ca29c6" +checksum = "d1a012328be2e3f5d5f6f3218147ca02588cea4cb865e876849ab6debcf36522" dependencies = [ - "snafu-derive 0.9.0", + "snafu-derive 0.9.1", ] [[package]] @@ -2948,9 +2938,9 @@ dependencies = [ [[package]] name = "snafu-derive" -version = "0.9.0" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54254b8531cafa275c5e096f62d48c81435d1015405a91198ddb11e967301d40" +checksum = "5f103c50866b8743da9429b8a581d81a27c2d3a9c4ac7df8f8571c1dd7896eda" dependencies = [ "heck", "proc-macro2", @@ -2960,9 +2950,9 @@ dependencies = [ [[package]] name = "socket2" -version = "0.6.3" +version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e" +checksum = "52d1cfed4120b4d927bf7c0f86d2087a4a7d6027c906d9f9d525a80573b9be51" dependencies = [ "libc", "windows-sys 0.61.2", @@ -2993,7 +2983,7 @@ checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" [[package]] name = "stackable-certs" version = "0.4.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" dependencies = [ "const-oid", "ecdsa", @@ -3005,7 +2995,7 @@ dependencies = [ "rsa", "sha2", "signature", - "snafu 0.9.0", + "snafu 0.9.1", "stackable-shared", "tokio", "tokio-rustls", @@ -3033,7 +3023,7 @@ dependencies = [ "serde", "serde_json", "serde_yaml", - "snafu 0.9.0", + "snafu 0.9.1", "stackable-operator", "strum", "tokio", @@ -3043,8 +3033,8 @@ dependencies = [ [[package]] name = "stackable-operator" -version = "0.111.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +version = "0.111.1" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" dependencies = [ "base64", "clap", @@ -3068,7 +3058,7 @@ dependencies = [ "serde", "serde_json", "serde_yaml", - "snafu 0.9.0", + "snafu 0.9.1", "stackable-operator-derive", "stackable-shared", "stackable-telemetry", @@ -3080,12 +3070,13 @@ dependencies = [ "tracing-appender", "tracing-subscriber", "url", + "uuid", ] [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" dependencies = [ "darling", "proc-macro2", @@ -3096,7 +3087,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.1.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" dependencies = [ "jiff", "k8s-openapi", @@ -3105,7 +3096,7 @@ dependencies = [ "semver", "serde", "serde_yaml", - "snafu 0.9.0", + "snafu 0.9.1", "strum", "time", ] @@ -3113,7 +3104,7 @@ dependencies = [ [[package]] name = "stackable-telemetry" version = "0.6.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" dependencies = [ "axum", "clap", @@ -3124,7 +3115,7 @@ dependencies = [ "opentelemetry-semantic-conventions", "opentelemetry_sdk", "pin-project", - "snafu 0.9.0", + "snafu 0.9.1", "strum", "tokio", "tower", @@ -3137,21 +3128,21 @@ dependencies = [ [[package]] name = "stackable-versioned" version = "0.10.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" dependencies = [ "kube", "schemars", "serde", "serde_json", "serde_yaml", - "snafu 0.9.0", + "snafu 0.9.1", "stackable-versioned-macros", ] [[package]] name = "stackable-versioned-macros" version = "0.10.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" dependencies = [ "convert_case", "convert_case_extras", @@ -3169,7 +3160,7 @@ dependencies = [ [[package]] name = "stackable-webhook" version = "0.9.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" dependencies = [ "arc-swap", "async-trait", @@ -3185,7 +3176,7 @@ dependencies = [ "rand 0.9.4", "serde", "serde_json", - "snafu 0.9.0", + "snafu 0.9.1", "stackable-certs", "stackable-shared", "stackable-telemetry", @@ -3231,6 +3222,12 @@ version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" +[[package]] +name = "symlink" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7973cce6668464ea31f176d85b13c7ab3bba2cb3b77a2ed26abd7801688010a" + [[package]] name = "syn" version = "1.0.109" @@ -3386,9 +3383,9 @@ dependencies = [ [[package]] name = "tokio" -version = "1.52.0" +version = "1.52.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a91135f59b1cbf38c91e73cf3386fca9bb77915c45ce2771460c9d92f0f3d776" +checksum = "8fc7f01b389ac15039e4dc9531aa973a135d7a4135281b12d7c1bc79fd57fffe" dependencies = [ "bytes", "libc", @@ -3458,9 +3455,9 @@ dependencies = [ [[package]] name = "toml_edit" -version = "0.25.11+spec-1.1.0" +version = "0.25.12+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b59c4d22ed448339746c59b905d24568fcbb3ab65a500494f7b8c3e97739f2b" +checksum = "d2153edc6955a6c354fad8f5efd38b6a8769bdccf9fe50f8e1329f81b0baa5d7" dependencies = [ "indexmap", "toml_datetime", @@ -3479,9 +3476,9 @@ dependencies = [ [[package]] name = "tonic" -version = "0.14.5" +version = "0.14.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fec7c61a0695dc1887c1b53952990f3ad2e3a31453e1f49f10e75424943a93ec" +checksum = "ac2a5518c70fa84342385732db33fb3f44bc4cc748936eb5833d2df34d6445ef" dependencies = [ "async-trait", "base64", @@ -3506,9 +3503,9 @@ dependencies = [ [[package]] name = "tonic-prost" -version = "0.14.5" +version = "0.14.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a55376a0bbaa4975a3f10d009ad763d8f4108f067c7c2e74f3001fb49778d309" +checksum = "50849f68853be452acf590cde0b146665b8d507b3b8af17261df47e02c209ea0" dependencies = [ "bytes", "prost", @@ -3536,9 +3533,9 @@ dependencies = [ [[package]] name = "tower-http" -version = "0.6.8" +version = "0.6.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8" +checksum = "4cfcf7e2740e6fc6d4d688b4ef00650406bb94adf4731e43c096c3a19fe40840" dependencies = [ "base64", "bitflags", @@ -3546,13 +3543,13 @@ dependencies = [ "futures-util", "http", "http-body", - "iri-string", "mime", "pin-project-lite", "tower", "tower-layer", "tower-service", "tracing", + "url", ] [[package]] @@ -3581,11 +3578,12 @@ dependencies = [ [[package]] name = "tracing-appender" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "786d480bce6247ab75f005b14ae1624ad978d3029d9113f0a22fa1ac773faeaf" +checksum = "050686193eb999b4bb3bc2acfa891a13da00f79734704c4b8b4ef1a10b368a3c" dependencies = [ "crossbeam-channel", + "symlink", "thiserror 2.0.18", "time", "tracing-subscriber", @@ -3678,9 +3676,9 @@ checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" [[package]] name = "typenum" -version = "1.19.0" +version = "1.20.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" +checksum = "b6f5e870be6c3b371b77fe0ee0bafb859fa4964b4404c27de1d380043c4dda20" [[package]] name = "ucd-trie" @@ -3696,9 +3694,9 @@ checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" [[package]] name = "unicode-segmentation" -version = "1.13.2" +version = "1.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9629274872b2bfaf8d66f5f15725007f635594914870f65218920345aa11aa8c" +checksum = "c6f5d3c3b1bf09027a88a6bc961fc00497d651009560b5463668dc81b0fa87a8" [[package]] name = "unicode-xid" @@ -3743,6 +3741,16 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" +[[package]] +name = "uuid" +version = "1.23.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d258b83ceec21034727ecee8c382cfa6c3e133699b0742c64571814fb420c9f7" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + [[package]] name = "valuable" version = "0.1.1" @@ -3778,11 +3786,11 @@ checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" [[package]] name = "wasip2" -version = "1.0.2+wasi-0.2.9" +version = "1.0.3+wasi-0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5" +checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6" dependencies = [ - "wit-bindgen", + "wit-bindgen 0.57.1", ] [[package]] @@ -3791,14 +3799,14 @@ version = "0.4.0+wasi-0.3.0-rc-2026-01-06" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" dependencies = [ - "wit-bindgen", + "wit-bindgen 0.51.0", ] [[package]] name = "wasm-bindgen" -version = "0.2.118" +version = "0.2.122" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bf938a0bacb0469e83c1e148908bd7d5a6010354cf4fb73279b7447422e3a89" +checksum = "3ed04576f974d2b2fba0f38c51dbc5518011e38c36bf1143164be765528fd409" dependencies = [ "cfg-if", "once_cell", @@ -3809,9 +3817,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.68" +version = "0.4.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f371d383f2fb139252e0bfac3b81b265689bf45b6874af544ffa4c975ac1ebf8" +checksum = "9473dbd2991ae90b6291c3c32c30c6187ac49aa32f9905d1cce280ec1e110b0f" dependencies = [ "js-sys", "wasm-bindgen", @@ -3819,9 +3827,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.118" +version = "0.2.122" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eeff24f84126c0ec2db7a449f0c2ec963c6a49efe0698c4242929da037ca28ed" +checksum = "916151b09da36bd82f6615cbf3a419e2f0ba23a03c6160e8e92eb6bd4aa1dec6" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -3829,9 +3837,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.118" +version = "0.2.122" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d08065faf983b2b80a79fd87d8254c409281cf7de75fc4b773019824196c904" +checksum = "299047362ccbfce148b67ab7e73349f77748e00c8296f9542adfad2ad82c5c5e" dependencies = [ "bumpalo", "proc-macro2", @@ -3842,9 +3850,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.118" +version = "0.2.122" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5fd04d9e306f1907bd13c6361b5c6bfc7b3b3c095ed3f8a9246390f8dbdee129" +checksum = "9a929b2c61f11ba3e9bc35b50c1f25cb38e0e892c0c231ae2b8cf78d5dad4437" dependencies = [ "unicode-ident", ] @@ -3885,9 +3893,9 @@ dependencies = [ [[package]] name = "web-sys" -version = "0.3.95" +version = "0.3.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f2dfbb17949fa2088e5d39408c48368947b86f7834484e87b73de55bc14d97d" +checksum = "6d621441cfc37b84979402712047321980c178f299193a3589d05b99e8763436" dependencies = [ "js-sys", "wasm-bindgen", @@ -4046,9 +4054,9 @@ checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" -version = "1.0.1" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09dac053f1cd375980747450bfc7250c264eaae0583872e845c0c7cd578872b5" +checksum = "0592e1c9d151f854e6fd382574c3a0855250e1d9b2f99d9281c6e6391af352f1" dependencies = [ "memchr", ] @@ -4062,6 +4070,12 @@ dependencies = [ "wit-bindgen-rust-macro", ] +[[package]] +name = "wit-bindgen" +version = "0.57.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e" + [[package]] name = "wit-bindgen-core" version = "0.51.0" @@ -4163,9 +4177,9 @@ dependencies = [ [[package]] name = "xml" -version = "1.2.1" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8aa498d22c9bbaf482329839bc5620c46be275a19a812e9a22a2b07529a642a" +checksum = "636f85e5ca6488e96401b61eb7de54f4e44755c988af0f52cf90230c312a1a89" [[package]] name = "yoke" @@ -4192,18 +4206,18 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.8.48" +version = "0.8.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eed437bf9d6692032087e337407a86f04cd8d6a16a37199ed57949d415bd68e9" +checksum = "3b065d4f0e55f82fae73202e189638116a87c55ab6b8e6c2721e13dd9d854ad1" dependencies = [ "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.8.48" +version = "0.8.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70e3cd084b1788766f53af483dd21f93881ff30d7320490ec3ef7526d203bad4" +checksum = "0b631b19d36a892ab55420c92dbc83ccd79274f25be714855d3074aa71cab639" dependencies = [ "proc-macro2", "quote", @@ -4212,9 +4226,9 @@ dependencies = [ [[package]] name = "zerofrom" -version = "0.1.7" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69faa1f2a1ea75661980b013019ed6687ed0e83d069bc1114e2cc74c6c04c4df" +checksum = "0ec05a11813ea801ff6d75110ad09cd0824ddba17dfe17128ea0d5f68e6c5272" dependencies = [ "zerofrom-derive", ] diff --git a/Cargo.toml b/Cargo.toml index 7ad6543a..b2b9cc1d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -34,6 +34,6 @@ tracing = "0.1" url = { version = "2.5.7" } xml-rs = "1.0" -# [patch."https://github.com/stackabletech/operator-rs.git"] -# stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" } +[patch."https://github.com/stackabletech/operator-rs.git"] +stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "smooth-operator"} # stackable-operator = { path = "../operator-rs/crates/stackable-operator" } From 925766d24f6150bd92591462adaccf7418290f9f Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 3 Jun 2026 20:18:38 +0200 Subject: [PATCH 02/16] feat: vendor java-properties writer and add ConfigFileName MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Vendor the `to_java_properties_string` / `to_hadoop_xml` writers from `product-config` into `controller::build::properties::writer` so the operator no longer relies on product-config for config serialization. Introduce `ConfigFileName` (the enum of NiFi config file names) and skeleton helpers `defined_entries` / `resolved_overrides` in `controller::build::properties` — these are dead-code-allowed stubs that will be wired up in Task 4. Swap the single existing call site (JVM security properties) to use the vendored writer; output is byte-identical. Co-Authored-By: Claude Opus 4.8 (1M context) --- Cargo.lock | 1 + Cargo.toml | 1 + rust/operator-binary/Cargo.toml | 1 + rust/operator-binary/src/controller.rs | 10 +-- rust/operator-binary/src/controller/build.rs | 5 ++ .../src/controller/build/properties.rs | 47 +++++++++++ .../src/controller/build/properties/writer.rs | 78 +++++++++++++++++++ 7 files changed, 138 insertions(+), 5 deletions(-) create mode 100644 rust/operator-binary/src/controller/build.rs create mode 100644 rust/operator-binary/src/controller/build/properties.rs create mode 100644 rust/operator-binary/src/controller/build/properties/writer.rs diff --git a/Cargo.lock b/Cargo.lock index 1b5b6eff..7d7f04c7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3015,6 +3015,7 @@ dependencies = [ "fnv", "futures 0.3.32", "indoc", + "java-properties", "pin-project", "product-config", "rand 0.10.1", diff --git a/Cargo.toml b/Cargo.toml index b2b9cc1d..f14b7085 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,6 +20,7 @@ const_format = "0.2" fnv = "1.0" futures = { version = "0.3", features = ["compat"] } indoc = "2.0" +java-properties = "2.0" pin-project = "1.1" rand = "0.10" rstest = "0.26" diff --git a/rust/operator-binary/Cargo.toml b/rust/operator-binary/Cargo.toml index dd6a415c..cd7fc147 100644 --- a/rust/operator-binary/Cargo.toml +++ b/rust/operator-binary/Cargo.toml @@ -18,6 +18,7 @@ const_format.workspace = true fnv.workspace = true futures.workspace = true indoc.workspace = true +java-properties.workspace = true pin-project.workspace = true rand.workspace = true semver.workspace = true diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index a2b0cd52..59fabcbd 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -6,13 +6,12 @@ use std::{ sync::Arc, }; +use crate::controller::build::properties::writer::{ + PropertiesWriterError, to_java_properties_string, +}; use const_format::concatcp; use indoc::formatdoc; -use product_config::{ - ProductConfigManager, - types::PropertyNameKind, - writer::{PropertiesWriterError, to_java_properties_string}, -}; +use product_config::{ProductConfigManager, types::PropertyNameKind}; use snafu::{OptionExt, ResultExt, Snafu}; use stackable_operator::{ builder::{ @@ -72,6 +71,7 @@ use stackable_operator::{ use strum::{EnumDiscriminants, IntoStaticStr}; use tracing::Instrument; +mod build; mod dereference; mod validate; diff --git a/rust/operator-binary/src/controller/build.rs b/rust/operator-binary/src/controller/build.rs new file mode 100644 index 00000000..bb77c4fc --- /dev/null +++ b/rust/operator-binary/src/controller/build.rs @@ -0,0 +1,5 @@ +//! Builders that assemble Kubernetes resources from a [`ValidatedCluster`]. +//! +//! [`ValidatedCluster`]: crate::controller::validate::ValidatedCluster + +pub mod properties; diff --git a/rust/operator-binary/src/controller/build/properties.rs b/rust/operator-binary/src/controller/build/properties.rs new file mode 100644 index 00000000..3f33a1bf --- /dev/null +++ b/rust/operator-binary/src/controller/build/properties.rs @@ -0,0 +1,47 @@ +//! Per-file builders for the NiFi rolegroup ConfigMap. +//! +//! Each `` module produces the rendered content for one NiFi config file. +//! The shared [`writer`] module serializes `.properties`/`.conf` key/value maps to +//! the Java-properties on-wire format. + +use std::collections::BTreeMap; + +use stackable_operator::config_overrides::KeyValueConfigOverrides; + +pub mod writer; + +/// The names of the files assembled into the NiFi rolegroup ConfigMap. +#[allow(dead_code)] // used once the per-file builders land in Task 4 +#[derive(Clone, Copy, Debug, strum::Display)] +pub enum ConfigFileName { + #[strum(serialize = "bootstrap.conf")] + BootstrapConf, + #[strum(serialize = "nifi.properties")] + NifiProperties, + #[strum(serialize = "state-management.xml")] + StateManagementXml, + #[strum(serialize = "security.properties")] + SecurityProperties, + #[strum(serialize = "login-identity-providers.xml")] + LoginIdentityProviders, + #[strum(serialize = "authorizers.xml")] + Authorizers, +} + +/// Keep only the set (`Some`) entries of a `key -> optional value` map, as `(key, value)` pairs. +#[allow(dead_code)] // used once the per-file builders land in Task 4 +fn defined_entries( + entries: BTreeMap>, +) -> impl Iterator { + entries + .into_iter() + .filter_map(|(key, value)| value.map(|value| (key, value))) +} + +/// Resolve user-provided [`KeyValueConfigOverrides`] into key/value pairs. +#[allow(dead_code)] // used once the per-file builders land in Task 4 +fn resolved_overrides( + overrides: KeyValueConfigOverrides, +) -> impl Iterator { + overrides.overrides.into_iter() +} diff --git a/rust/operator-binary/src/controller/build/properties/writer.rs b/rust/operator-binary/src/controller/build/properties/writer.rs new file mode 100644 index 00000000..a74babf0 --- /dev/null +++ b/rust/operator-binary/src/controller/build/properties/writer.rs @@ -0,0 +1,78 @@ +//! Writer for Java `.properties` files. +//! +//! Vendored from the `product-config` crate's `writer` module so the operator no +//! longer depends on `product-config` for rendering. + +use std::io::Write; + +use java_properties::{PropertiesError, PropertiesWriter}; +use snafu::{ResultExt, Snafu}; + +#[derive(Debug, Snafu)] +pub enum PropertiesWriterError { + #[snafu(display("failed to create properties file"))] + Properties { source: PropertiesError }, + + #[snafu(display("failed to convert properties file byte array to UTF-8"))] + FromUtf8 { source: std::string::FromUtf8Error }, +} + +/// Creates a common Java properties file string in the format: +/// `property_1=value_1\nproperty_2=value_2\n`. +pub fn to_java_properties_string<'a, T>(properties: T) -> Result +where + T: Iterator)>, +{ + let mut output = Vec::new(); + write_java_properties(&mut output, properties)?; + String::from_utf8(output).context(FromUtf8Snafu) +} + +/// Writes Java properties to the given writer. A `None` value is written as an +/// empty value (`key=`). +fn write_java_properties<'a, W, T>(writer: W, properties: T) -> Result<(), PropertiesWriterError> +where + W: Write, + T: Iterator)>, +{ + let mut writer = PropertiesWriter::new(writer); + for (k, v) in properties { + let property_value = v.as_deref().unwrap_or_default(); + writer.write(k, property_value).context(PropertiesSnafu)?; + } + writer.flush().context(PropertiesSnafu)?; + Ok(()) +} + +#[cfg(test)] +mod tests { + use std::collections::BTreeMap; + + use super::*; + + fn props(pairs: &[(&str, Option<&str>)]) -> String { + let map: BTreeMap> = pairs + .iter() + .map(|(k, v)| (k.to_string(), v.map(str::to_string))) + .collect(); + to_java_properties_string(map.iter()).unwrap() + } + + #[test] + fn java_properties_renders_key_value() { + assert_eq!(props(&[("a", Some("1")), ("b", Some("2"))]), "a=1\nb=2\n"); + } + + #[test] + fn java_properties_renders_none_as_empty() { + assert_eq!(props(&[("none", None)]), "none=\n"); + } + + #[test] + fn java_properties_escapes_colon_in_value() { + assert_eq!( + props(&[("url", Some("file://this/location/file.abc"))]), + "url=file\\://this/location/file.abc\n" + ); + } +} From b1906abaf99b6935328ba0691fa2945f0d488028 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 3 Jun 2026 20:50:32 +0200 Subject: [PATCH 03/16] feat: validate rolegroups via vendored v2 role_utils shim MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Introduces a typed, merged-per-rolegroup config path using a vendored trino-style framework/role_utils.rs shim. Adds NifiRoleGroupConfig type alias, build_role_group_configs() helper, and role_group_configs field to ValidatedInputs (strangler pattern — old validated_role_config kept intact). Also adds Merge impl for NifiConfigOverrides and Ord/Eq/Hash derives to NifiRole to satisfy generic bounds required by with_validated_config. Co-Authored-By: Claude Opus 4.8 (1M context) --- .../src/controller/validate.rs | 41 ++++- rust/operator-binary/src/crd/mod.rs | 112 ++++++++++++- rust/operator-binary/src/framework.rs | 8 + .../src/framework/role_utils.rs | 156 ++++++++++++++++++ rust/operator-binary/src/main.rs | 1 + 5 files changed, 315 insertions(+), 3 deletions(-) create mode 100644 rust/operator-binary/src/framework.rs create mode 100644 rust/operator-binary/src/framework/role_utils.rs diff --git a/rust/operator-binary/src/controller/validate.rs b/rust/operator-binary/src/controller/validate.rs index e0b6d3e4..8f7e436c 100644 --- a/rust/operator-binary/src/controller/validate.rs +++ b/rust/operator-binary/src/controller/validate.rs @@ -3,14 +3,16 @@ //! Synchronously validates inputs that don't require Kubernetes API calls. Produces //! [`ValidatedInputs`], consumed by the rest of `reconcile_nifi`. -use std::collections::HashSet; +use std::collections::{BTreeMap, HashSet}; use product_config::ProductConfigManager; use snafu::{OptionExt, ResultExt, Snafu}; use stackable_operator::{ cli::OperatorEnvironmentOptions, commons::product_image_selection::{self, ResolvedProductImage}, + kube::ResourceExt as _, product_config_utils::ValidatedRoleConfigByPropertyKind, + role_utils::JavaCommonConfig, utils::cluster_info::KubernetesClusterInfo, }; use strum::{EnumDiscriminants, IntoStaticStr}; @@ -18,7 +20,8 @@ use strum::{EnumDiscriminants, IntoStaticStr}; use crate::{ config::{self, validated_product_config}, controller::dereference::DereferencedObjects, - crd::{HTTPS_PORT, v1alpha1}, + crd::{HTTPS_PORT, NifiConfig, NifiRole, v1alpha1}, + framework::role_utils::with_validated_config, reporting_task, security::{ authentication::{self, NifiAuthenticationConfig}, @@ -51,8 +54,19 @@ pub enum Error { ReportingTask { source: crate::reporting_task::Error, }, + + #[snafu(display("failed to validate config fragment for a rolegroup"))] + InvalidConfigFragment { + source: stackable_operator::config::fragment::ValidationError, + }, } +pub type NifiRoleGroupConfig = crate::framework::role_utils::RoleGroupConfig< + NifiConfig, + JavaCommonConfig, + v1alpha1::NifiConfigOverrides, +>; + type Result = std::result::Result; /// Synchronous inputs the rest of `reconcile_nifi` needs after dereferencing. @@ -63,6 +77,9 @@ pub struct ValidatedInputs { pub validated_role_config: ValidatedRoleConfigByPropertyKind, // Comma-separated NiFi proxy hosts, or `"*"` if `spec.clusterConfig.hostHeaderCheck.allowAll` is set. pub proxy_hosts: String, + // Not yet consumed — Tasks 4-6 will use this to replace the product-config pipeline. + #[allow(dead_code)] + pub role_group_configs: BTreeMap>, } /// Validates the cluster spec and the dereferenced inputs. @@ -108,9 +125,29 @@ pub fn validate( authorization_config, validated_role_config, proxy_hosts, + role_group_configs: build_role_group_configs(nifi)?, }) } +fn build_role_group_configs( + nifi: &v1alpha1::NifiCluster, +) -> Result>> { + let role = nifi.spec.nodes.as_ref().context(NoNodesDefinedSnafu)?; + let default_config = NifiConfig::default_config(&nifi.name_any(), &NifiRole::Node); + + let mut groups: BTreeMap = BTreeMap::new(); + for (rg_name, rg) in &role.role_groups { + let validated_rg = + with_validated_config::(rg, role, &default_config) + .context(InvalidConfigFragmentSnafu)?; + groups.insert(rg_name.clone(), validated_rg); + } + + let mut role_group_configs = BTreeMap::new(); + role_group_configs.insert(NifiRole::Node, groups); + Ok(role_group_configs) +} + fn compute_proxy_hosts( nifi: &v1alpha1::NifiCluster, cluster_info: &KubernetesClusterInfo, diff --git a/rust/operator-binary/src/crd/mod.rs b/rust/operator-binary/src/crd/mod.rs index b84b5da7..d2209b0f 100644 --- a/rust/operator-binary/src/crd/mod.rs +++ b/rust/operator-binary/src/crd/mod.rs @@ -229,6 +229,28 @@ impl KeyValueOverridesProvider for v1alpha1::NifiConfigOverrides { } } +impl Merge for v1alpha1::NifiConfigOverrides { + /// Merges per-file overrides: individual key-value pairs from `defaults` are + /// inserted only when the same key is absent from `self`. + fn merge(&mut self, defaults: &Self) { + fn merge_kv( + target: &mut Option, + default: &Option, + ) { + if let Some(default_kv) = default { + let target_kv = target.get_or_insert_with(Default::default); + for (k, v) in &default_kv.overrides { + target_kv.overrides.entry(k.clone()).or_insert(v.clone()); + } + } + } + + merge_kv(&mut self.bootstrap_conf, &defaults.bootstrap_conf); + merge_kv(&mut self.nifi_properties, &defaults.nifi_properties); + merge_kv(&mut self.security_properties, &defaults.security_properties); + } +} + impl HasStatusCondition for v1alpha1::NifiCluster { fn conditions(&self) -> Vec { match &self.status { @@ -353,7 +375,10 @@ impl CreateReportingTaskJob { } } -#[derive(strum::Display)] +#[derive( + Clone, Debug, Deserialize, Eq, JsonSchema, Ord, PartialEq, PartialOrd, Serialize, strum::Display, +)] +#[serde(rename_all = "camelCase")] #[strum(serialize_all = "camelCase")] pub enum NifiRole { #[strum(serialize = "node")] @@ -586,6 +611,91 @@ fn node_default_listener_class() -> String { "cluster-internal".to_string() } +#[cfg(test)] +mod merge_tests { + use std::collections::BTreeMap; + + use stackable_operator::config::merge::Merge as _; + use stackable_operator::config_overrides::KeyValueConfigOverrides; + + use super::v1alpha1::NifiConfigOverrides; + + fn kv(pairs: &[(&str, &str)]) -> KeyValueConfigOverrides { + KeyValueConfigOverrides { + overrides: pairs + .iter() + .map(|(k, v)| (k.to_string(), v.to_string())) + .collect::>(), + } + } + + fn overrides( + bootstrap: Option, + nifi: Option, + security: Option, + ) -> NifiConfigOverrides { + NifiConfigOverrides { + bootstrap_conf: bootstrap, + nifi_properties: nifi, + security_properties: security, + } + } + + #[test] + fn rolegroup_key_wins_over_role_key() { + let mut rg = overrides(Some(kv(&[("nifi.bootstrap.key", "rg-value")])), None, None); + let role = overrides( + Some(kv(&[("nifi.bootstrap.key", "role-value")])), + None, + None, + ); + rg.merge(&role); + assert_eq!( + rg.bootstrap_conf.unwrap().overrides["nifi.bootstrap.key"], + "rg-value" + ); + } + + #[test] + fn role_key_fills_gap_absent_from_rolegroup() { + let mut rg = overrides(Some(kv(&[("rg.only.key", "rg-value")])), None, None); + let role = overrides( + Some(kv(&[ + ("rg.only.key", "role-value"), + ("role.only.key", "role-default"), + ])), + None, + None, + ); + rg.merge(&role); + let result = rg.bootstrap_conf.unwrap(); + assert_eq!(result.overrides["rg.only.key"], "rg-value"); + assert_eq!(result.overrides["role.only.key"], "role-default"); + } + + #[test] + fn none_field_adopts_role_values() { + let mut rg = overrides(None, Some(kv(&[("nifi.some.prop", "rg-val")])), None); + let role = overrides( + Some(kv(&[("nifi.bootstrap.key", "role-default")])), + Some(kv(&[ + ("nifi.some.prop", "role-val"), + ("nifi.other.prop", "role-other"), + ])), + None, + ); + rg.merge(&role); + assert_eq!( + rg.bootstrap_conf.as_ref().unwrap().overrides["nifi.bootstrap.key"], + "role-default" + ); + let nifi = rg.nifi_properties.as_ref().unwrap(); + assert_eq!(nifi.overrides["nifi.some.prop"], "rg-val"); + assert_eq!(nifi.overrides["nifi.other.prop"], "role-other"); + assert!(rg.security_properties.is_none()); + } +} + #[cfg(test)] mod tests { use stackable_operator::versioned::test_utils::RoundtripTestData; diff --git a/rust/operator-binary/src/framework.rs b/rust/operator-binary/src/framework.rs new file mode 100644 index 00000000..0f5717f4 --- /dev/null +++ b/rust/operator-binary/src/framework.rs @@ -0,0 +1,8 @@ +//! Local additions to `stackable-operator` that are not yet (well) generalized in +//! `stackable_operator::v2::*`. +//! +//! Follow-up: replace these with `stackable_operator::v2::*` imports once upstream +//! reconciles `with_validated_config` (it currently returns a bare `RoleGroup`, and +//! the upstream `RoleGroupConfig` uses `EnvVarSet` rather than a plain map). + +pub mod role_utils; diff --git a/rust/operator-binary/src/framework/role_utils.rs b/rust/operator-binary/src/framework/role_utils.rs new file mode 100644 index 00000000..d426b7a2 --- /dev/null +++ b/rust/operator-binary/src/framework/role_utils.rs @@ -0,0 +1,156 @@ +//! Vendored variant of `stackable_operator::v2::role_utils` from the +//! `smooth-operator` branch, with simplifications appropriate for nifi-operator. +//! +//! Differences from upstream: +//! - `env_overrides` is `HashMap` instead of `EnvVarSet`. +//! - No `cli_overrides_to_vec` helper, `ResourceNames`, or service-account helpers. +//! - The `CommonConfig` (a.k.a. `product_specific_common_config`) does NOT need to +//! implement `Merge`. Upstream Trino uses `JavaCommonConfig`, which intentionally +//! does not implement `Merge` because its inner `JvmArgumentOverrides::try_merge` +//! is fallible (regex validation). Merging JVM argument overrides for Trino is +//! handled separately via `Role::get_merged_jvm_argument_overrides`. The +//! `RoleGroupConfig::product_specific_common_config` field here simply carries +//! the role-group level value through. +//! +//! Replace with `stackable_operator::v2::role_utils::*` once upstream publishes +//! the module. + +use std::collections::BTreeMap; + +use serde::Serialize; +use stackable_operator::{ + config::{ + fragment::{self, FromFragment}, + merge::{Merge, merge}, + }, + k8s_openapi::{DeepMerge, api::core::v1::PodTemplateSpec}, + role_utils::{Role, RoleGroup}, + schemars::JsonSchema, +}; + +/// Trino-friendly view of a validated, merged `RoleGroup`. +/// +/// Mirrors `stackable_operator::v2::role_utils::RoleGroupConfig` on the +/// `smooth-operator` branch, with `env_overrides: BTreeMap` +/// instead of the upstream `EnvVarSet`. +#[derive(Clone, Debug, PartialEq)] +pub struct RoleGroupConfig { + pub replicas: u16, + pub config: Config, + pub config_overrides: ConfigOverrides, + pub env_overrides: BTreeMap, + pub cli_overrides: BTreeMap, + pub pod_overrides: PodTemplateSpec, + pub product_specific_common_config: CommonConfig, +} + +/// Merges and validates the `RoleGroup` with the given `role` and `default_config`, +/// returning a `RoleGroupConfig`. +/// +/// Merge order matches `with_validated_config` on `smooth-operator`: +/// - `Config` (Fragment): `default_config <- role.config <- rg.config` via `Merge::merge`, +/// then validated to `ValidatedConfig` via `FromFragment`. +/// - `ConfigOverrides`: `role.config_overrides <- rg.config_overrides` via `Merge::merge`. +/// - `env_overrides` / `cli_overrides`: `extend` (rg keys overwrite role keys). +/// - `pod_overrides`: `DeepMerge::merge_from` (rg overrides role). +/// - `product_specific_common_config`: passes through the role-group level value +/// (see module docs for rationale). +pub fn with_validated_config( + role_group: &RoleGroup, + role: &Role, + default_config: &Config, +) -> Result< + RoleGroupConfig, + fragment::ValidationError, +> +where + ValidatedConfig: FromFragment, + CommonConfig: Clone + Default + JsonSchema + Serialize, + Config: Clone + Merge, + RoleConfig: Default + JsonSchema + Serialize, + ConfigOverrides: Clone + Default + JsonSchema + Merge + Serialize, +{ + let validated_config = validate_config(role_group, role, default_config)?; + Ok(RoleGroupConfig { + replicas: role_group.replicas.unwrap_or(1), + config: validated_config, + config_overrides: merged_config_overrides( + &role.config.config_overrides, + role_group.config.config_overrides.clone(), + ), + env_overrides: merged_env_overrides( + role.config + .env_overrides + .iter() + .map(|(k, v)| (k.clone(), v.clone())) + .collect(), + role_group + .config + .env_overrides + .iter() + .map(|(k, v)| (k.clone(), v.clone())) + .collect(), + ), + cli_overrides: merged_cli_overrides( + role.config.cli_overrides.clone(), + role_group.config.cli_overrides.clone(), + ), + pod_overrides: merged_pod_overrides( + role.config.pod_overrides.clone(), + role_group.config.pod_overrides.clone(), + ), + product_specific_common_config: role_group.config.product_specific_common_config.clone(), + }) +} + +fn validate_config( + role_group: &RoleGroup, + role: &Role, + default_config: &Config, +) -> Result +where + ValidatedConfig: FromFragment, + CommonConfig: Default + JsonSchema + Serialize, + Config: Clone + Merge, + RoleConfig: Default + JsonSchema + Serialize, + ConfigOverrides: Default + JsonSchema + Serialize, +{ + role_group.validate_config(role, default_config) +} + +fn merged_config_overrides( + role_config_overrides: &ConfigOverrides, + role_group_config_overrides: ConfigOverrides, +) -> ConfigOverrides +where + ConfigOverrides: Merge, +{ + merge(role_group_config_overrides, role_config_overrides) +} + +fn merged_env_overrides( + role_env_overrides: BTreeMap, + role_group_env_overrides: BTreeMap, +) -> BTreeMap { + let mut merged = role_env_overrides; + merged.extend(role_group_env_overrides); + merged +} + +fn merged_cli_overrides( + role_cli_overrides: BTreeMap, + role_group_cli_overrides: BTreeMap, +) -> BTreeMap { + let mut merged = role_cli_overrides; + merged.extend(role_group_cli_overrides); + merged +} + +fn merged_pod_overrides( + role_pod_overrides: PodTemplateSpec, + role_group_pod_overrides: PodTemplateSpec, +) -> PodTemplateSpec { + let mut merged = role_pod_overrides; + merged.merge_from(role_group_pod_overrides); + merged +} diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs index d20eea0d..94d50ca9 100644 --- a/rust/operator-binary/src/main.rs +++ b/rust/operator-binary/src/main.rs @@ -41,6 +41,7 @@ use crate::{ mod config; mod controller; mod crd; +mod framework; mod listener; mod operations; mod product_logging; From 12cde33ca5ec08f2f5ecb06fb27f753453716156 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 3 Jun 2026 21:09:03 +0200 Subject: [PATCH 04/16] refactor: ValidatedInputs -> ValidatedCluster with nested cluster_config Rename ValidatedInputs to ValidatedCluster and introduce a nested ValidatedClusterConfig grouping authentication, authorization, and proxy_hosts. Add a name field (dead_code for now). Add #[derive(Clone)] to NifiAuthenticationConfig and ResolvedNifiAuthorizationConfig so reconcile_nifi can clone fields while keeping the validated binding alive for later tasks. Co-Authored-By: Claude Opus 4.8 (1M context) --- rust/operator-binary/src/controller.rs | 16 +++++--- .../src/controller/validate.rs | 40 ++++++++++++------- .../src/security/authentication.rs | 1 + .../src/security/authorization.rs | 1 + 4 files changed, 39 insertions(+), 19 deletions(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 59fabcbd..e5b58ef0 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -379,11 +379,17 @@ pub async fn reconcile_nifi( ) .context(ValidateClusterSnafu)?; - let resolved_product_image = validated.image; - let authentication_config = validated.authentication_config; - let authorization_config = validated.authorization_config; - let validated_config = validated.validated_role_config; - let proxy_hosts = validated.proxy_hosts; + let validate::ValidatedCluster { + image: resolved_product_image, + cluster_config: + validate::ValidatedClusterConfig { + authentication: authentication_config, + authorization: authorization_config, + proxy_hosts, + }, + validated_role_config: validated_config, + .. + } = validated; tracing::info!("Checking for sensitive key configuration"); check_or_generate_sensitive_key(client, nifi) diff --git a/rust/operator-binary/src/controller/validate.rs b/rust/operator-binary/src/controller/validate.rs index 8f7e436c..f90542c8 100644 --- a/rust/operator-binary/src/controller/validate.rs +++ b/rust/operator-binary/src/controller/validate.rs @@ -1,7 +1,7 @@ //! The validate step in the NifiCluster controller //! //! Synchronously validates inputs that don't require Kubernetes API calls. Produces -//! [`ValidatedInputs`], consumed by the rest of `reconcile_nifi`. +//! [`ValidatedCluster`], consumed by the rest of `reconcile_nifi`. use std::collections::{BTreeMap, HashSet}; @@ -69,17 +69,26 @@ pub type NifiRoleGroupConfig = crate::framework::role_utils::RoleGroupConfig< type Result = std::result::Result; -/// Synchronous inputs the rest of `reconcile_nifi` needs after dereferencing. -pub struct ValidatedInputs { +/// The validated NifiCluster: everything `reconcile_nifi` needs after dereferencing, +/// in fail-safe / resolved form. The raw `NifiCluster` should only be needed for +/// OwnerReferences after this point. +pub struct ValidatedCluster { + #[allow(dead_code)] + pub name: String, pub image: ResolvedProductImage, - pub authentication_config: NifiAuthenticationConfig, - pub authorization_config: ResolvedNifiAuthorizationConfig, - pub validated_role_config: ValidatedRoleConfigByPropertyKind, - // Comma-separated NiFi proxy hosts, or `"*"` if `spec.clusterConfig.hostHeaderCheck.allowAll` is set. - pub proxy_hosts: String, // Not yet consumed — Tasks 4-6 will use this to replace the product-config pipeline. #[allow(dead_code)] pub role_group_configs: BTreeMap>, + pub cluster_config: ValidatedClusterConfig, + // Temporary: retained until a later task migrates the configmap builder off product-config. + pub validated_role_config: ValidatedRoleConfigByPropertyKind, +} + +pub struct ValidatedClusterConfig { + pub authentication: NifiAuthenticationConfig, + pub authorization: ResolvedNifiAuthorizationConfig, + /// Comma-separated NiFi proxy hosts, or `"*"` if `hostHeaderCheck.allowAll` is set. + pub proxy_hosts: String, } /// Validates the cluster spec and the dereferenced inputs. @@ -89,7 +98,7 @@ pub fn validate( operator_environment: &OperatorEnvironmentOptions, product_config: &ProductConfigManager, cluster_info: &KubernetesClusterInfo, -) -> Result { +) -> Result { let image = nifi .spec .image @@ -119,13 +128,16 @@ pub fn validate( let proxy_hosts = compute_proxy_hosts(nifi, cluster_info)?; - Ok(ValidatedInputs { + Ok(ValidatedCluster { + name: nifi.name_any(), image, - authentication_config, - authorization_config, - validated_role_config, - proxy_hosts, role_group_configs: build_role_group_configs(nifi)?, + cluster_config: ValidatedClusterConfig { + authentication: authentication_config, + authorization: authorization_config, + proxy_hosts, + }, + validated_role_config, }) } diff --git a/rust/operator-binary/src/security/authentication.rs b/rust/operator-binary/src/security/authentication.rs index e91a5e3b..44cd8ac5 100644 --- a/rust/operator-binary/src/security/authentication.rs +++ b/rust/operator-binary/src/security/authentication.rs @@ -119,6 +119,7 @@ impl DereferencedAuthenticationClasses { } #[allow(clippy::large_enum_variant)] +#[derive(Clone)] pub enum NifiAuthenticationConfig { SingleUser { provider: r#static::v1alpha1::AuthenticationProvider, diff --git a/rust/operator-binary/src/security/authorization.rs b/rust/operator-binary/src/security/authorization.rs index df8d1d99..cd63bf57 100644 --- a/rust/operator-binary/src/security/authorization.rs +++ b/rust/operator-binary/src/security/authorization.rs @@ -37,6 +37,7 @@ pub enum Error { }, } +#[derive(Clone)] pub enum ResolvedNifiAuthorizationConfig { Opa { config: OpaConfig, From 8df8d18439e2e81f1553f5b07285904895acb405 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 3 Jun 2026 21:31:07 +0200 Subject: [PATCH 05/16] feat: per-file build() modules under controller/build/properties Create one build() module per NiFi config file (bootstrap.conf, nifi.properties, state-management.xml, security.properties, login-identity-providers.xml, authorizers.xml) behind the ConfigFileName enum, sourcing user overrides from the typed NifiRoleGroupConfig instead of the product-config PropertyNameKind::File maps. Wire the new builders into build_node_rolegroup_config_map, keeping validated alive in reconcile_nifi and looking up the typed rg per loop iteration. Add clustering_backend and sensitive_properties_algorithm to ValidatedClusterConfig; validate the algorithm at the validate() step. Move bootstrap.conf tests (now byte-identical) to bootstrap_conf.rs. Co-Authored-By: Claude Opus 4.8 (1M context) --- rust/operator-binary/src/config/mod.rs | 818 +----------------- rust/operator-binary/src/controller.rs | 147 ++-- .../src/controller/build/properties.rs | 25 +- .../build/properties/authorizers.rs | 11 + .../build/properties/bootstrap_conf.rs | 199 +++++ .../properties/login_identity_providers.rs | 10 + .../build/properties/nifi_properties.rs | 586 +++++++++++++ .../build/properties/security_properties.rs | 70 ++ .../build/properties/state_management_xml.rs | 68 ++ .../src/controller/validate.rs | 25 +- .../src/security/authentication.rs | 3 - 11 files changed, 1052 insertions(+), 910 deletions(-) create mode 100644 rust/operator-binary/src/controller/build/properties/authorizers.rs create mode 100644 rust/operator-binary/src/controller/build/properties/bootstrap_conf.rs create mode 100644 rust/operator-binary/src/controller/build/properties/login_identity_providers.rs create mode 100644 rust/operator-binary/src/controller/build/properties/nifi_properties.rs create mode 100644 rust/operator-binary/src/controller/build/properties/security_properties.rs create mode 100644 rust/operator-binary/src/controller/build/properties/state_management_xml.rs diff --git a/rust/operator-binary/src/config/mod.rs b/rust/operator-binary/src/config/mod.rs index 5e4d1945..cff95f96 100644 --- a/rust/operator-binary/src/config/mod.rs +++ b/rust/operator-binary/src/config/mod.rs @@ -3,33 +3,17 @@ use std::{ fmt::Write, }; -use jvm::build_merged_jvm_config; use product_config::{ProductConfigManager, types::PropertyNameKind}; -use snafu::{ResultExt, Snafu, ensure}; -use stackable_operator::{ - commons::resources::Resources, - crd::git_sync, - memory::MemoryQuantity, - product_config_utils::{ - ValidatedRoleConfigByPropertyKind, transform_all_roles_to_config, - validate_all_roles_and_groups_config, - }, +use snafu::{ResultExt, Snafu}; +use stackable_operator::product_config_utils::{ + ValidatedRoleConfigByPropertyKind, transform_all_roles_to_config, + validate_all_roles_and_groups_config, }; use strum::{Display, EnumIter}; use crate::{ - crd::{ - HTTPS_PORT, NifiConfig, NifiRole, NifiRoleType, NifiStorageConfig, PROTOCOL_PORT, - sensitive_properties, - v1alpha1::{self, NifiClusteringBackend}, - }, - operations::graceful_shutdown::graceful_shutdown_config_properties, - security::{ - authentication::{ - NifiAuthenticationConfig, STACKABLE_SERVER_TLS_DIR, STACKABLE_TLS_STORE_PASSWORD, - }, - oidc::{self, add_oidc_config_to_properties}, - }, + crd::{NifiRole, NifiRoleType, v1alpha1}, + security::oidc, }; pub mod jvm; @@ -43,12 +27,6 @@ pub const NIFI_PROPERTIES: &str = "nifi.properties"; pub const NIFI_STATE_MANAGEMENT_XML: &str = "state-management.xml"; pub const JVM_SECURITY_PROPERTIES_FILE: &str = "security.properties"; -// Keep some overhead for NiFi volumes, since cleanup is an asynchronous process that can stall active jobs -const STORAGE_PROVENANCE_UTILIZATION_FACTOR: f32 = 0.9; -const STORAGE_FLOW_ARCHIVE_UTILIZATION_FACTOR: f32 = 0.9; -// Content archive only counts _old_ data, so we want to allow some space for active data as well -const STORAGE_CONTENT_ARCHIVE_UTILIZATION_FACTOR: f32 = 0.5; - #[derive(Debug, Display, EnumIter)] pub enum NifiRepository { #[strum(serialize = "filebased")] @@ -76,6 +54,7 @@ impl NifiRepository { } #[derive(Snafu, Debug)] +#[snafu(visibility(pub(crate)))] pub enum Error { #[snafu(display("invalid product config"))] InvalidProductConfig { @@ -106,642 +85,6 @@ pub enum Error { "NiFi 1.x requires ZooKeeper (hint: upgrade to NiFi 2.x or set .spec.clusterConfig.zookeeperConfigMapName)" ))] Nifi1RequiresZookeeper, - - #[snafu(display("failed to configure sensitive properties"))] - ConfigureSensitiveProperties { source: sensitive_properties::Error }, -} - -/// Create the NiFi bootstrap.conf -pub fn build_bootstrap_conf( - merged_config: &NifiConfig, - overrides: BTreeMap, - role: &NifiRoleType, - role_group: &str, - authorization_config: Option<&crate::security::authorization::ResolvedNifiAuthorizationConfig>, -) -> Result { - let mut bootstrap = BTreeMap::new(); - // Java command to use when running NiFi - bootstrap.insert("java".to_string(), "java".to_string()); - // Username to use when running NiFi. This value will be ignored on Windows. - bootstrap.insert("run.as".to_string(), "".to_string()); - // Preserve shell environment while running as "run.as" user - bootstrap.insert("preserve.environment".to_string(), "false".to_string()); - // Configure where NiFi's lib and conf directories live - bootstrap.insert("lib.dir".to_string(), "./lib".to_string()); - bootstrap.insert("conf.dir".to_string(), "./conf".to_string()); - bootstrap.extend(graceful_shutdown_config_properties(merged_config)); - - let merged_jvm_config = - build_merged_jvm_config(merged_config, role, role_group, authorization_config) - .context(InvalidJVMConfigSnafu)?; - - for (index, argument) in merged_jvm_config - .effective_jvm_config_after_merging() - .iter() - .enumerate() - { - bootstrap.insert(format!("java.arg.{}", index + 1), argument.clone()); - } - - // configOverrides come last - bootstrap.extend(overrides); - - Ok(format_properties(bootstrap)) -} - -/// Create the NiFi nifi.properties -pub fn build_nifi_properties( - spec: &v1alpha1::NifiClusterSpec, - resource_config: &Resources, - proxy_hosts: &str, - auth_config: &NifiAuthenticationConfig, - overrides: BTreeMap, - product_version: &str, - git_sync_resources: &git_sync::v1alpha2::GitSyncResources, -) -> Result { - // TODO: Remove once we dropped support for all NiFi 1.x versions - let is_nifi_1 = product_version.starts_with("1."); - - let mut properties = BTreeMap::new(); - // Core Properties - // According to https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance#MigrationGuidance-Migratingto2.0.0-M1 - // The nifi.flow.configuration.file property in nifi.properties must be changed to reference - // "flow.json.gz" instead of "flow.xml.gz" - // TODO: Remove once we dropped support for all 1.x.x versions - // TODO(malte): In order to use CLI tools like: ./bin/nifi.sh set-sensitive-properties-algorithm NIFI_PBKDF2_AES_GCM_256 - // we have to set both "nifi.flow.configuration.file" and "nifi.flow.configuration.json.file" in NiFi 1.x.x. - if is_nifi_1 { - properties.insert( - "nifi.flow.configuration.file".to_string(), - NifiRepository::Database.mount_path() + "/flow.xml.gz", - ); - properties.insert( - "nifi.flow.configuration.json.file".to_string(), - NifiRepository::Database.mount_path() + "/flow.json.gz", - ); - } else { - properties.insert( - "nifi.flow.configuration.file".to_string(), - NifiRepository::Database.mount_path() + "/flow.json.gz", - ); - } - - properties.insert( - "nifi.flow.configuration.archive.enabled".to_string(), - "true".to_string(), - ); - properties.insert( - "nifi.flow.configuration.archive.dir".to_string(), - "/stackable/nifi/conf/archive/".to_string(), - ); - properties.insert( - "nifi.flow.configuration.archive.max.time".to_string(), - "".to_string(), - ); - if let Some(capacity) = resource_config.storage.flowfile_repo.capacity.as_ref() { - properties.insert( - "nifi.flow.configuration.archive.max.storage".to_string(), - storage_quantity_to_nifi( - MemoryQuantity::try_from(capacity).context(CalculateStorageQuotaSnafu { - repo: NifiRepository::Flowfile, - })? * STORAGE_FLOW_ARCHIVE_UTILIZATION_FACTOR, - ), - ); - } - properties.insert( - "nifi.flow.configuration.archive.max.count".to_string(), - "".to_string(), - ); - properties.insert( - "nifi.flowcontroller.autoResumeState".to_string(), - "true".to_string(), - ); - properties.insert( - "nifi.flowcontroller.graceful.shutdown.period".to_string(), - "10 sec".to_string(), - ); - properties.insert( - "nifi.flowservice.writedelay.interval".to_string(), - "500 ms".to_string(), - ); - properties.insert( - "nifi.administrative.yield.duration".to_string(), - "30 sec".to_string(), - ); - - properties.insert( - "nifi.authorizer.configuration.file".to_string(), - "/stackable/nifi/conf/authorizers.xml".to_string(), - ); - properties.insert( - "nifi.login.identity.provider.configuration.file".to_string(), - "/stackable/nifi/conf/login-identity-providers.xml".to_string(), - ); - properties.insert( - "nifi.templates.directory".to_string(), - "./conf/templates".to_string(), - ); - properties.insert("nifi.ui.banner.text".to_string(), "".to_string()); - properties.insert( - "nifi.ui.autorefresh.interval".to_string(), - "30 sec".to_string(), - ); - properties.insert( - "nifi.nar.library.directory".to_string(), - "./lib".to_string(), - ); - properties.insert( - "nifi.nar.library.autoload.directory".to_string(), - "./extensions".to_string(), - ); - properties.insert( - "nifi.nar.working.directory".to_string(), - "./work/nar/".to_string(), - ); - properties.insert( - "nifi.documentation.working.directory".to_string(), - "./work/docs/components".to_string(), - ); - - //################### - // State Management # - //################### - properties.insert( - "nifi.state.management.configuration.file".to_string(), - "./conf/state-management.xml".to_string(), - ); - // The ID of the local state provider - properties.insert( - "nifi.state.management.provider.local".to_string(), - "local-provider".to_string(), - ); - // The ID of the cluster-wide state provider. This will be ignored if NiFi is not clustered but must be populated if running in a cluster. - properties.insert( - "nifi.state.management.provider.cluster".to_string(), - match spec.cluster_config.clustering_backend { - v1alpha1::NifiClusteringBackend::ZooKeeper { .. } => "zk-provider".to_string(), - v1alpha1::NifiClusteringBackend::Kubernetes { .. } => "kubernetes-provider".to_string(), - }, - ); - // Specifies whether or not this instance of NiFi should run an embedded ZooKeeper server - properties.insert( - "nifi.state.management.embedded.zookeeper.start".to_string(), - "false".to_string(), - ); - - // H2 Settings - properties.insert( - "nifi.database.directory".to_string(), - NifiRepository::Database.mount_path(), - ); - properties.insert( - "nifi.h2.url.append".to_string(), - ";LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE".to_string(), - ); - - // FlowFile Repository - properties.insert( - "nifi.flowfile.repository.implementation".to_string(), - "org.apache.nifi.controller.repository.WriteAheadFlowFileRepository".to_string(), - ); - properties.insert( - "nifi.flowfile.repository.wal.implementation".to_string(), - "org.apache.nifi.wali.SequentialAccessWriteAheadLog".to_string(), - ); - properties.insert( - "nifi.flowfile.repository.directory".to_string(), - NifiRepository::Flowfile.mount_path(), - ); - properties.insert( - "nifi.flowfile.repository.checkpoint.interval".to_string(), - "20 secs".to_string(), - ); - properties.insert( - "nifi.flowfile.repository.always.sync".to_string(), - "false".to_string(), - ); - properties.insert( - "nifi.flowfile.repository.retain.orphaned.flowfiles".to_string(), - "true".to_string(), - ); - - properties.insert( - "nifi.swap.manager.implementation".to_string(), - "org.apache.nifi.controller.FileSystemSwapManager".to_string(), - ); - properties.insert("nifi.queue.swap.threshold".to_string(), "20000".to_string()); - - // Content Repository - properties.insert( - "nifi.content.repository.implementation".to_string(), - "org.apache.nifi.controller.repository.FileSystemRepository".to_string(), - ); - properties.insert( - "nifi.content.claim.max.appendable.size".to_string(), - "1 MB".to_string(), - ); - properties.insert( - "nifi.content.repository.directory.default".to_string(), - NifiRepository::Content.mount_path(), - ); - // Cap archived content age so the archive directory stays bounded in - // file count. NiFi treats empty as Long.MAX_VALUE, leaving size-based - // purge as the only trigger; that lets the archive grow to whatever - // half the PVC holds, and the startup directory scan in - // FileSystemRepository.initializeRepository scales with file count. - // 3 days covers a Friday-incident-investigated-Monday window for - // content replay; users with longer requirements can extend via - // configOverrides. The percentage-based threshold below acts as a - // safety net if write rate outpaces time-based purge. - // Also see https://github.com/stackabletech/nifi-operator/issues/354 - properties.insert( - "nifi.content.repository.archive.max.retention.period".to_string(), - "3 days".to_string(), - ); - properties.insert( - "nifi.content.repository.archive.max.usage.percentage".to_string(), - format!("{}%", STORAGE_CONTENT_ARCHIVE_UTILIZATION_FACTOR * 100.0), - ); - properties.insert( - "nifi.content.repository.archive.enabled".to_string(), - "true".to_string(), - ); - properties.insert( - "nifi.content.repository.always.sync".to_string(), - "false".to_string(), - ); - properties.insert( - "nifi.content.viewer.url".to_string(), - "../nifi-content-viewer/".to_string(), - ); - - // Provenance Repository Properties - properties.insert( - "nifi.provenance.repository.implementation".to_string(), - "org.apache.nifi.provenance.WriteAheadProvenanceRepository".to_string(), - ); - - // Persistent Provenance Repository Properties - properties.insert( - "nifi.provenance.repository.directory.default".to_string(), - NifiRepository::Provenance.mount_path(), - ); - properties.insert( - "nifi.provenance.repository.max.storage.time".to_string(), - "".to_string(), - ); - if let Some(capacity) = resource_config.storage.provenance_repo.capacity.as_ref() { - properties.insert( - "nifi.provenance.repository.max.storage.size".to_string(), - storage_quantity_to_nifi( - MemoryQuantity::try_from(capacity).context(CalculateStorageQuotaSnafu { - repo: NifiRepository::Provenance, - })? * STORAGE_PROVENANCE_UTILIZATION_FACTOR, - ), - ); - } - properties.insert( - "nifi.provenance.repository.rollover.time".to_string(), - "10 mins".to_string(), - ); - properties.insert( - "nifi.provenance.repository.rollover.size".to_string(), - "100 MB".to_string(), - ); - properties.insert( - "nifi.provenance.repository.query.threads".to_string(), - "2".to_string(), - ); - properties.insert( - "nifi.provenance.repository.index.threads".to_string(), - "2".to_string(), - ); - properties.insert( - "nifi.provenance.repository.compress.on.rollover".to_string(), - "true".to_string(), - ); - properties.insert( - "nifi.provenance.repository.always.sync".to_string(), - "false".to_string(), - ); - // Comma-separated list of fields. Fields that are not indexed will not be searchable. Valid fields are: - // EventType, FlowFileUUID, Filename, TransitURI, ProcessorID, AlternateIdentifierURI, Relationship, Details - properties.insert( - "nifi.provenance.repository.indexed.fields".to_string(), - "EventType, FlowFileUUID, Filename, ProcessorID, Relationship".to_string(), - ); - // FlowFile Attributes that should be indexed and made searchable. Some examples to consider are filename, uuid, mime.type - properties.insert( - "nifi.provenance.repository.indexed.attributes".to_string(), - "".to_string(), - ); - // Large values for the shard size will result in more Java heap usage when searching the Provenance Repository - // but should provide better performance - properties.insert( - "nifi.provenance.repository.index.shard.size".to_string(), - "500 MB".to_string(), - ); - // Indicates the maximum length that a FlowFile attribute can be when retrieving a Provenance Event from - // the repository. If the length of any attribute exceeds this value, it will be truncated when the event is retrieved. - properties.insert( - "nifi.provenance.repository.max.attribute.length".to_string(), - "65536".to_string(), - ); - properties.insert( - "nifi.provenance.repository.concurrent.merge.threads".to_string(), - "2".to_string(), - ); - - // Volatile Provenance Repository Properties - properties.insert( - "nifi.provenance.repository.buffer.size".to_string(), - "100000".to_string(), - ); - - // Component Status Repository - properties.insert( - "nifi.components.status.repository.implementation".to_string(), - "org.apache.nifi.controller.status.history.VolatileComponentStatusRepository".to_string(), - ); - properties.insert( - "nifi.components.status.repository.buffer.size".to_string(), - "1440".to_string(), - ); - properties.insert( - "nifi.components.status.snapshot.frequency".to_string(), - "1 min".to_string(), - ); - - // QuestDB Status History Repository Properties - properties.insert( - "nifi.status.repository.questdb.persist.node.days".to_string(), - "14".to_string(), - ); - properties.insert( - "nifi.status.repository.questdb.persist.component.days".to_string(), - "3".to_string(), - ); - properties.insert( - "nifi.status.repository.questdb.persist.location".to_string(), - "./status_repository".to_string(), - ); - - //############################################# - properties.insert( - "nifi.web.https.host".to_string(), - "${env:NODE_ADDRESS}".to_string(), - ); - properties.insert("nifi.web.https.port".to_string(), HTTPS_PORT.to_string()); - properties.insert( - "nifi.web.https.network.interface.default".to_string(), - "".to_string(), - ); - // Specifically listen on eth0 and lo interfaces. - // Listening on lo allows k8s port-forward to work. - // Once we listen on lo, we need to explicitly listen on eth0 so the server can be exposed (including health probes). - // NOTE: We assume "eth0" is always the external interface in containers launched in Kubernetes. - // It is possible that some container runtime will name it differently, but we haven't yet observed that. - properties.insert( - "nifi.web.https.network.interface.eth0".to_string(), - "eth0".to_string(), - ); - properties.insert( - "nifi.web.https.network.interface.lo".to_string(), - "lo".to_string(), - ); - //############################################# - properties.insert( - "nifi.web.jetty.working.directory".to_string(), - "./work/jetty".to_string(), - ); - properties.insert("nifi.web.jetty.threads".to_string(), "200".to_string()); - properties.insert("nifi.web.max.header.size".to_string(), "16 KB".to_string()); - properties.insert("nifi.web.proxy.context.path".to_string(), "".to_string()); - properties.insert("nifi.web.proxy.host".to_string(), proxy_hosts.to_string()); - - properties.insert( - "nifi.sensitive.props.key".to_string(), - "${file:UTF-8:/stackable/sensitiveproperty/nifiSensitivePropsKey}".to_string(), - ); - properties.insert( - "nifi.sensitive.props.key.protected".to_string(), - "".to_string(), - ); - - let sensitive_properties_algorithm = &spec - .cluster_config - .sensitive_properties - .algorithm - .clone() - .unwrap_or_default(); - - sensitive_properties_algorithm - .check_for_nifi_version(spec.image.product_version()) - .context(ConfigureSensitivePropertiesSnafu)?; - - properties.insert( - "nifi.sensitive.props.algorithm".to_string(), - sensitive_properties_algorithm.to_string(), - ); - - // key and trust store - // these properties are ok to hard code here, because the cannot be configured and are - // generated with fixed values in the init container - properties.insert( - "nifi.security.keystore".to_string(), - format!( - "{keystore_path}/keystore.p12", - keystore_path = STACKABLE_SERVER_TLS_DIR - ), - ); - properties.insert( - "nifi.security.keystoreType".to_string(), - "PKCS12".to_string(), - ); - properties.insert( - "nifi.security.keystorePasswd".to_string(), - STACKABLE_TLS_STORE_PASSWORD.to_string(), - ); - properties.insert( - "nifi.security.truststore".to_string(), - format!( - "{keystore_path}/truststore.p12", - keystore_path = STACKABLE_SERVER_TLS_DIR - ), - ); - properties.insert( - "nifi.security.truststoreType".to_string(), - "PKCS12".to_string(), - ); - properties.insert( - "nifi.security.truststorePasswd".to_string(), - STACKABLE_TLS_STORE_PASSWORD.to_string(), - ); - properties.insert( - "nifi.security.user.login.identity.provider".to_string(), - "login-identity-provider".to_string(), - ); - properties.insert( - "nifi.security.user.authorizer".to_string(), - "authorizer".to_string(), - ); - properties.insert( - "nifi.security.allow.anonymous.authentication".to_string(), - "false".to_string(), - ); - properties.insert( - "nifi.cluster.protocol.is.secure".to_string(), - "true".to_string(), - ); - - if let NifiAuthenticationConfig::Oidc { provider, oidc, .. } = auth_config { - add_oidc_config_to_properties(provider, oidc, &mut properties) - .context(GenerateOidcConfigSnafu)?; - }; - - // cluster node properties (only configure for cluster nodes) - properties.insert("nifi.cluster.is.node".to_string(), "true".to_string()); - properties.insert( - "nifi.cluster.node.address".to_string(), - "${env:NODE_ADDRESS}".to_string(), - ); - properties.insert( - "nifi.cluster.node.protocol.port".to_string(), - PROTOCOL_PORT.to_string(), - ); - properties.insert( - "nifi.cluster.flow.election.max.candidates".to_string(), - "".to_string(), - ); - - match spec.cluster_config.clustering_backend { - v1alpha1::NifiClusteringBackend::ZooKeeper { .. } => { - properties.insert( - "nifi.cluster.leader.election.implementation".to_string(), - "CuratorLeaderElectionManager".to_string(), - ); - - // this will be replaced via a container command script - properties.insert( - "nifi.zookeeper.connect.string".to_string(), - "${env:ZOOKEEPER_HOSTS}".to_string(), - ); - - // this will be replaced via a container command script - properties.insert( - "nifi.zookeeper.root.node".to_string(), - "${env:ZOOKEEPER_CHROOT}".to_string(), - ); - } - - v1alpha1::NifiClusteringBackend::Kubernetes {} => { - ensure!(!is_nifi_1, Nifi1RequiresZookeeperSnafu); - - properties.insert( - "nifi.cluster.leader.election.implementation".to_string(), - "KubernetesLeaderElectionManager".to_string(), - ); - - // this will be replaced via a container command script - properties.insert( - "nifi.cluster.leader.election.kubernetes.lease.prefix".to_string(), - "${env:STACKLET_NAME}".to_string(), - ); - } - } - - //#################### - // Custom components # - //#################### - // NiFi 1.x does not support Python components and the Python configuration below is just - // ignored. - - // The command used to launch Python. - // This property must be set to enable Python-based processors. - properties.insert("nifi.python.command".to_string(), "python3".to_string()); - - // The directory that contains the Python framework for communicating between the Python and - // Java processes. - properties.insert( - "nifi.python.framework.source.directory".to_string(), - "/stackable/nifi/python/framework/".to_string(), - ); - - // The working directory where NiFi should store artifacts; - // This property defaults to ./work/python but if you want to mount an emptyDir for the working - // directory then another directory has to be set to avoid ownership conflicts with ./work/nar. - properties.insert( - "nifi.python.working.directory".to_string(), - NIFI_PYTHON_WORKING_DIRECTORY.to_string(), - ); - - // The default directory that NiFi should look in to find custom Python-based components. - // This directory is mentioned in the documentation - // (docs/modules/nifi/pages/usage_guide/custom-components.adoc), so do not change it! - properties.insert( - "nifi.python.extensions.source.directory.default".to_string(), - "/stackable/nifi/python/extensions/".to_string(), - ); - - for (i, git_folder) in git_sync_resources - .git_content_folders_as_string() - .into_iter() - .enumerate() - { - // The directory that NiFi should look in to find custom Python-based components. - properties.insert( - format!("nifi.python.extensions.source.directory.{i}"), - git_folder.clone(), - ); - - // The directory that NiFi should look in to find custom Java-based components. - properties.insert(format!("nifi.nar.library.directory.{i}"), git_folder); - } - //########################## - - // override with config overrides - properties.extend(overrides); - - Ok(format_properties(properties)) -} - -pub fn build_state_management_xml(clustering_backend: &NifiClusteringBackend) -> String { - // Inert providers are ignored by NiFi itself, but templating still fails if they refer to invalid environment variables, - // so only include the actually used provider. - let cluster_provider = match clustering_backend { - NifiClusteringBackend::ZooKeeper { .. } => { - r#" - zk-provider - org.apache.nifi.controller.state.providers.zookeeper.ZooKeeperStateProvider - ${env:ZOOKEEPER_HOSTS} - ${env:ZOOKEEPER_CHROOT} - 10 seconds - Open - "# - } - NifiClusteringBackend::Kubernetes {} => { - r#" - kubernetes-provider - org.apache.nifi.kubernetes.state.provider.KubernetesConfigMapStateProvider - ${env:STACKLET_NAME} - "# - } - }; - format!( - r#" - - - local-provider - org.apache.nifi.controller.state.providers.local.WriteAheadLocalStateProvider - {local_state_path} - false - 16 - 2 mins - - {cluster_provider} - "#, - local_state_path = NifiRepository::State.mount_path(), - ) } /// Defines all required roles and their required configuration. In this case we need three files: @@ -787,7 +130,7 @@ pub fn validated_product_config( // TODO: Use crate like https://crates.io/crates/java-properties (currently does not work for Nifi // because of escapes), to have save handling of escapes etc. -fn format_properties(properties: BTreeMap) -> String { +pub(crate) fn format_properties(properties: BTreeMap) -> String { let mut result = String::new(); for (key, value) in properties { @@ -796,148 +139,3 @@ fn format_properties(properties: BTreeMap) -> String { result } - -fn storage_quantity_to_nifi(quantity: MemoryQuantity) -> String { - format!( - "{}MB", - quantity - .scale_to(stackable_operator::memory::BinaryMultiple::Mebi) - .value - ) -} - -#[cfg(test)] -mod tests { - use indoc::indoc; - - use super::*; - use crate::{config::build_bootstrap_conf, crd::v1alpha1}; - - #[test] - fn test_build_bootstrap_conf_defaults() { - let input = r#" - apiVersion: nifi.stackable.tech/v1alpha1 - kind: NifiCluster - metadata: - name: simple-nifi - spec: - image: - productVersion: 2.9.0 - clusterConfig: - authentication: - - authenticationClass: nifi-admin-credentials-simple - sensitiveProperties: - keySecret: simple-nifi-sensitive-property-key - autoGenerate: true - nodes: - roleGroups: - default: - replicas: 1 - "#; - let bootstrap_conf = construct_bootstrap_conf(input); - - assert_eq!( - bootstrap_conf, - indoc! {" - conf.dir=./conf - graceful.shutdown.seconds=300 - java=java - java.arg.1=-Xmx3276m - java.arg.10=-Djavax.security.auth.useSubjectCredsOnly=true - java.arg.11=-Dzookeeper.admin.enableServer=false - java.arg.12=-Djava.security.properties=/stackable/nifi/conf/security.properties - java.arg.2=-Xms3276m - java.arg.3=-XX:+UseG1GC - java.arg.4=-Djava.awt.headless=true - java.arg.5=-Dorg.apache.jasper.compiler.disablejsr199=true - java.arg.6=-Djava.net.preferIPv4Stack=true - java.arg.7=-Dsun.net.http.allowRestrictedHeaders=true - java.arg.8=-Djava.protocol.handler.pkgs=sun.net.www.protocol - java.arg.9=-Djava.security.egd=file:/dev/urandom - lib.dir=./lib - preserve.environment=false - run.as= - "} - ); - } - - #[test] - fn test_build_bootstrap_conf_jvm_argument_overrides() { - let input = r#" - apiVersion: nifi.stackable.tech/v1alpha1 - kind: NifiCluster - metadata: - name: simple-nifi - spec: - image: - productVersion: 2.9.0 - clusterConfig: - authentication: - - authenticationClass: nifi-admin-credentials-simple - sensitiveProperties: - keySecret: simple-nifi-sensitive-property-key - autoGenerate: true - nodes: - config: - resources: - memory: - limit: 42Gi - jvmArgumentOverrides: - remove: - - -XX:+UseG1GC - add: - - -Dhttps.proxyHost=proxy.my.corp - - -Dhttps.proxyPort=8080 - - -Djava.net.preferIPv4Stack=true - roleGroups: - default: - replicas: 1 - jvmArgumentOverrides: - # We need more memory! - removeRegex: - - -Xmx.* - - -Dhttps.proxyPort=.* - add: - - -Xmx40000m - - -Dhttps.proxyPort=1234 - "#; - let bootstrap_conf = construct_bootstrap_conf(input); - - assert_eq!( - bootstrap_conf, - indoc! {" - conf.dir=./conf - graceful.shutdown.seconds=300 - java=java - java.arg.1=-Xms34406m - java.arg.10=-Djava.security.properties=/stackable/nifi/conf/security.properties - java.arg.11=-Dhttps.proxyHost=proxy.my.corp - java.arg.12=-Djava.net.preferIPv4Stack=true - java.arg.13=-Xmx40000m - java.arg.14=-Dhttps.proxyPort=1234 - java.arg.2=-Djava.awt.headless=true - java.arg.3=-Dorg.apache.jasper.compiler.disablejsr199=true - java.arg.4=-Djava.net.preferIPv4Stack=true - java.arg.5=-Dsun.net.http.allowRestrictedHeaders=true - java.arg.6=-Djava.protocol.handler.pkgs=sun.net.www.protocol - java.arg.7=-Djava.security.egd=file:/dev/urandom - java.arg.8=-Djavax.security.auth.useSubjectCredsOnly=true - java.arg.9=-Dzookeeper.admin.enableServer=false - lib.dir=./lib - preserve.environment=false - run.as= - "} - ); - } - - fn construct_bootstrap_conf(nifi_cluster: &str) -> String { - let nifi: v1alpha1::NifiCluster = - serde_yaml::from_str(nifi_cluster).expect("illegal test input"); - - let nifi_role = NifiRole::Node; - let role = nifi.spec.nodes.as_ref().unwrap(); - let merged_config = nifi.merged_config(&nifi_role, "default").unwrap(); - - build_bootstrap_conf(&merged_config, BTreeMap::new(), role, "default", None).unwrap() - } -} diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index e5b58ef0..099a4197 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -6,9 +6,7 @@ use std::{ sync::Arc, }; -use crate::controller::build::properties::writer::{ - PropertiesWriterError, to_java_properties_string, -}; +use crate::controller::build::properties::writer::PropertiesWriterError; use const_format::concatcp; use indoc::formatdoc; use product_config::{ProductConfigManager, types::PropertyNameKind}; @@ -78,9 +76,12 @@ mod validate; use crate::{ OPERATOR_NAME, config::{ - self, JVM_SECURITY_PROPERTIES_FILE, NIFI_BOOTSTRAP_CONF, NIFI_CONFIG_DIRECTORY, - NIFI_PROPERTIES, NIFI_PYTHON_WORKING_DIRECTORY, NIFI_STATE_MANAGEMENT_XML, NifiRepository, - build_bootstrap_conf, build_nifi_properties, build_state_management_xml, + self, JVM_SECURITY_PROPERTIES_FILE, NIFI_CONFIG_DIRECTORY, NIFI_PYTHON_WORKING_DIRECTORY, + NifiRepository, + }, + controller::build::properties::{ + ConfigFileName, authorizers, bootstrap_conf, login_identity_providers, nifi_properties, + security_properties, state_management_xml, }, crd::{ APP_NAME, BALANCE_PORT, BALANCE_PORT_NAME, Container, HTTPS_PORT, HTTPS_PORT_NAME, @@ -101,7 +102,6 @@ use crate::{ reporting_task::{build_maybe_reporting_task, build_reporting_task_service_name}, security::{ authentication::{ - AUTHORIZERS_XML_FILE_NAME, LOGIN_IDENTITY_PROVIDERS_XML_FILE_NAME, NifiAuthenticationConfig, STACKABLE_SERVER_TLS_DIR, STACKABLE_TLS_STORE_PASSWORD, }, authorization::{self, OPA_TLS_MOUNT_PATH, ResolvedNifiAuthorizationConfig}, @@ -110,6 +110,7 @@ use crate::{ }, service::{build_rolegroup_headless_service, build_rolegroup_metrics_service}, }; +use validate::{NifiRoleGroupConfig, ValidatedCluster}; pub const NIFI_CONTROLLER_NAME: &str = "nificluster"; pub const NIFI_FULL_CONTROLLER_NAME: &str = concatcp!(NIFI_CONTROLLER_NAME, '.', OPERATOR_NAME); @@ -341,6 +342,9 @@ pub enum Error { #[snafu(display("failed to build authorization configuration"))] AuthorizationConfiguration { source: authorization::Error }, + + #[snafu(display("missing role group config for rolegroup {rolegroup_name}"))] + MissingRoleGroupConfig { rolegroup_name: String }, } type Result = std::result::Result; @@ -379,17 +383,10 @@ pub async fn reconcile_nifi( ) .context(ValidateClusterSnafu)?; - let validate::ValidatedCluster { - image: resolved_product_image, - cluster_config: - validate::ValidatedClusterConfig { - authentication: authentication_config, - authorization: authorization_config, - proxy_hosts, - }, - validated_role_config: validated_config, - .. - } = validated; + let resolved_product_image = &validated.image; + let authentication_config = &validated.cluster_config.authentication; + let authorization_config = &validated.cluster_config.authorization; + let validated_config = &validated.validated_role_config; tracing::info!("Checking for sensitive key configuration"); check_or_generate_sensitive_key(client, nifi) @@ -478,9 +475,17 @@ pub async fn reconcile_nifi( .merged_config(&NifiRole::Node, rolegroup_name) .context(FailedToResolveConfigSnafu)?; + let rg = validated + .role_group_configs + .get(&NifiRole::Node) + .and_then(|g| g.get(rolegroup_name)) + .context(MissingRoleGroupConfigSnafu { + rolegroup_name: rolegroup_name.clone(), + })?; + let git_sync_resources = git_sync::v1alpha2::GitSyncResources::new( &nifi.spec.cluster_config.custom_components_git_sync, - &resolved_product_image, + resolved_product_image, &env_vars_from_rolegroup_config(rolegroup_config), &[], LOG_VOLUME_NAME, @@ -514,14 +519,13 @@ pub async fn reconcile_nifi( // For more information see let rg_configmap = build_node_rolegroup_config_map( nifi, - &resolved_product_image, - &authentication_config, - &authorization_config, + &validated, + rg, + resolved_product_image, role, &rolegroup, rolegroup_config, &merged_config, - &proxy_hosts, &git_sync_resources, ) .await?; @@ -536,14 +540,14 @@ pub async fn reconcile_nifi( let rg_statefulset = build_node_rolegroup_statefulset( nifi, - &resolved_product_image, + resolved_product_image, &client.kubernetes_cluster_info, &rolegroup, role, rolegroup_config, &merged_config, - &authentication_config, - &authorization_config, + authentication_config, + authorization_config, rolling_upgrade_supported, replicas, &rbac_sa.name_any(), @@ -634,9 +638,9 @@ pub async fn reconcile_nifi( if nifi.spec.cluster_config.create_reporting_task_job.enabled { if let Some((reporting_task_job, reporting_task_service)) = build_maybe_reporting_task( nifi, - &resolved_product_image, + resolved_product_image, &client.kubernetes_cluster_info, - &authentication_config, + authentication_config, &rbac_sa.name_any(), ) .context(ReportingTaskSnafu)? @@ -672,7 +676,7 @@ pub async fn reconcile_nifi( // we are still in the process of updating let status = if cluster_version_update_state != ClusterVersionUpdateState::UpdateRequested { NifiStatus { - deployed_version: Some(resolved_product_image.product_version), + deployed_version: Some(resolved_product_image.product_version.clone()), conditions, } } else { @@ -697,34 +701,17 @@ pub async fn reconcile_nifi( #[allow(clippy::too_many_arguments)] async fn build_node_rolegroup_config_map( nifi: &v1alpha1::NifiCluster, + cluster: &ValidatedCluster, + rg: &NifiRoleGroupConfig, resolved_product_image: &ResolvedProductImage, - authentication_config: &NifiAuthenticationConfig, - authorization_config: &ResolvedNifiAuthorizationConfig, role: &NifiRoleType, rolegroup: &RoleGroupRef, - rolegroup_config: &HashMap>, - merged_config: &NifiConfig, - proxy_hosts: &str, + _rolegroup_config: &HashMap>, + _merged_config: &NifiConfig, git_sync_resources: &git_sync::v1alpha2::GitSyncResources, ) -> Result { tracing::debug!("building rolegroup configmaps"); - let login_identity_provider_xml = authentication_config - .get_authentication_config() - .context(InvalidNifiAuthenticationConfigSnafu)?; - - let authorizers_xml = authorization_config.get_authorizers_config(nifi); - - let jvm_sec_props: BTreeMap> = rolegroup_config - .get(&PropertyNameKind::File( - JVM_SECURITY_PROPERTIES_FILE.to_string(), - )) - .cloned() - .unwrap_or_default() - .into_iter() - .map(|(k, v)| (k, Some(v))) - .collect(); - let mut cm_builder = ConfigMapBuilder::new(); cm_builder @@ -744,60 +731,44 @@ async fn build_node_rolegroup_config_map( .build(), ) .add_data( - NIFI_BOOTSTRAP_CONF, - build_bootstrap_conf( - merged_config, - rolegroup_config - .get(&PropertyNameKind::File(NIFI_BOOTSTRAP_CONF.to_string())) - .with_context(|| ProductConfigKindNotSpecifiedSnafu { - kind: NIFI_BOOTSTRAP_CONF.to_string(), - })? - .clone(), + ConfigFileName::BootstrapConf.to_string(), + bootstrap_conf::build( + rg, role, &rolegroup.role_group, - Some(authorization_config), + Some(&cluster.cluster_config.authorization), ) .context(BootstrapConfigSnafu)?, ) .add_data( - NIFI_PROPERTIES, - build_nifi_properties( - &nifi.spec, - &merged_config.resources, - proxy_hosts, - authentication_config, - rolegroup_config - .get(&PropertyNameKind::File(NIFI_PROPERTIES.to_string())) - .with_context(|| ProductConfigKindNotSpecifiedSnafu { - kind: NIFI_PROPERTIES.to_string(), - })? - .clone(), - resolved_product_image.product_version.as_ref(), - git_sync_resources, - ) - .with_context(|_| BuildProductConfigSnafu { - rolegroup: rolegroup.clone(), + ConfigFileName::NifiProperties.to_string(), + nifi_properties::build(cluster, rg, git_sync_resources).with_context(|_| { + BuildProductConfigSnafu { + rolegroup: rolegroup.clone(), + } })?, ) .add_data( - NIFI_STATE_MANAGEMENT_XML, - build_state_management_xml(&nifi.spec.cluster_config.clustering_backend), + ConfigFileName::StateManagementXml.to_string(), + state_management_xml::build(&cluster.cluster_config.clustering_backend), ) .add_data( - LOGIN_IDENTITY_PROVIDERS_XML_FILE_NAME, - login_identity_provider_xml, + ConfigFileName::LoginIdentityProviders.to_string(), + login_identity_providers::build(cluster) + .context(InvalidNifiAuthenticationConfigSnafu)?, ) - .add_data(AUTHORIZERS_XML_FILE_NAME, authorizers_xml) .add_data( - JVM_SECURITY_PROPERTIES_FILE, - to_java_properties_string(jvm_sec_props.iter()).with_context(|_| { - JvmSecurityPropertiesSnafu { - rolegroup: rolegroup.role_group.clone(), - } + ConfigFileName::Authorizers.to_string(), + authorizers::build(cluster, nifi), + ) + .add_data( + ConfigFileName::SecurityProperties.to_string(), + security_properties::build(rg).with_context(|_| JvmSecurityPropertiesSnafu { + rolegroup: rolegroup.role_group.clone(), })?, ); - extend_role_group_config_map(rolegroup, &merged_config.logging, &mut cm_builder).context( + extend_role_group_config_map(rolegroup, &rg.config.logging, &mut cm_builder).context( InvalidLoggingConfigSnafu { cm_name: rolegroup.object_name(), }, diff --git a/rust/operator-binary/src/controller/build/properties.rs b/rust/operator-binary/src/controller/build/properties.rs index 3f33a1bf..cf384e95 100644 --- a/rust/operator-binary/src/controller/build/properties.rs +++ b/rust/operator-binary/src/controller/build/properties.rs @@ -6,12 +6,19 @@ use std::collections::BTreeMap; -use stackable_operator::config_overrides::KeyValueConfigOverrides; +use stackable_operator::config_overrides::KeyValueOverridesProvider; +use crate::controller::validate::NifiRoleGroupConfig; + +pub mod authorizers; +pub mod bootstrap_conf; +pub mod login_identity_providers; +pub mod nifi_properties; +pub mod security_properties; +pub mod state_management_xml; pub mod writer; /// The names of the files assembled into the NiFi rolegroup ConfigMap. -#[allow(dead_code)] // used once the per-file builders land in Task 4 #[derive(Clone, Copy, Debug, strum::Display)] pub enum ConfigFileName { #[strum(serialize = "bootstrap.conf")] @@ -29,7 +36,6 @@ pub enum ConfigFileName { } /// Keep only the set (`Some`) entries of a `key -> optional value` map, as `(key, value)` pairs. -#[allow(dead_code)] // used once the per-file builders land in Task 4 fn defined_entries( entries: BTreeMap>, ) -> impl Iterator { @@ -38,10 +44,13 @@ fn defined_entries( .filter_map(|(key, value)| value.map(|value| (key, value))) } -/// Resolve user-provided [`KeyValueConfigOverrides`] into key/value pairs. -#[allow(dead_code)] // used once the per-file builders land in Task 4 -fn resolved_overrides( - overrides: KeyValueConfigOverrides, +/// Resolve the user overrides for `file` from a rolegroup's config overrides, dropping unset values. +pub(crate) fn resolved_overrides_for( + rg: &NifiRoleGroupConfig, + file: ConfigFileName, ) -> impl Iterator { - overrides.overrides.into_iter() + defined_entries( + rg.config_overrides + .get_key_value_overrides(&file.to_string()), + ) } diff --git a/rust/operator-binary/src/controller/build/properties/authorizers.rs b/rust/operator-binary/src/controller/build/properties/authorizers.rs new file mode 100644 index 00000000..aae33f4d --- /dev/null +++ b/rust/operator-binary/src/controller/build/properties/authorizers.rs @@ -0,0 +1,11 @@ +//! Builder for `authorizers.xml`. + +use crate::{controller::validate::ValidatedCluster, crd::v1alpha1}; + +pub fn build(cluster: &ValidatedCluster, nifi: &v1alpha1::NifiCluster) -> String { + // TODO(follow-up PR): narrow get_authorizers_config to resolved fields on ValidatedCluster instead of taking the full NifiCluster. + cluster + .cluster_config + .authorization + .get_authorizers_config(nifi) +} diff --git a/rust/operator-binary/src/controller/build/properties/bootstrap_conf.rs b/rust/operator-binary/src/controller/build/properties/bootstrap_conf.rs new file mode 100644 index 00000000..c91490dd --- /dev/null +++ b/rust/operator-binary/src/controller/build/properties/bootstrap_conf.rs @@ -0,0 +1,199 @@ +//! Builder for `bootstrap.conf`. + +use std::collections::BTreeMap; + +use snafu::ResultExt; + +use super::ConfigFileName; +use crate::{ + config::{Error, InvalidJVMConfigSnafu, jvm::build_merged_jvm_config}, + controller::validate::NifiRoleGroupConfig, + crd::NifiRoleType, + operations::graceful_shutdown::graceful_shutdown_config_properties, + security::authorization::ResolvedNifiAuthorizationConfig, +}; + +pub fn build( + rg: &NifiRoleGroupConfig, + role: &NifiRoleType, + role_group: &str, + authorization_config: Option<&ResolvedNifiAuthorizationConfig>, +) -> Result { + let mut bootstrap = BTreeMap::new(); + // Java command to use when running NiFi + bootstrap.insert("java".to_string(), "java".to_string()); + // Username to use when running NiFi. This value will be ignored on Windows. + bootstrap.insert("run.as".to_string(), "".to_string()); + // Preserve shell environment while running as "run.as" user + bootstrap.insert("preserve.environment".to_string(), "false".to_string()); + // Configure where NiFi's lib and conf directories live + bootstrap.insert("lib.dir".to_string(), "./lib".to_string()); + bootstrap.insert("conf.dir".to_string(), "./conf".to_string()); + bootstrap.extend(graceful_shutdown_config_properties(&rg.config)); + + let merged_jvm_config = + build_merged_jvm_config(&rg.config, role, role_group, authorization_config) + .context(InvalidJVMConfigSnafu)?; + + for (index, argument) in merged_jvm_config + .effective_jvm_config_after_merging() + .iter() + .enumerate() + { + bootstrap.insert(format!("java.arg.{}", index + 1), argument.clone()); + } + + // configOverrides come last + for (k, v) in super::resolved_overrides_for(rg, ConfigFileName::BootstrapConf) { + bootstrap.insert(k, v); + } + + Ok(crate::config::format_properties(bootstrap)) +} + +#[cfg(test)] +mod tests { + use indoc::indoc; + + use stackable_operator::kube::ResourceExt as _; + + use super::*; + use crate::{ + crd::{NifiConfig, NifiRole, v1alpha1}, + framework::role_utils::with_validated_config, + }; + + fn construct_bootstrap_conf(nifi_cluster: &str) -> String { + let nifi: v1alpha1::NifiCluster = + serde_yaml::from_str(nifi_cluster).expect("illegal test input"); + + let nifi_role = NifiRole::Node; + let role = nifi.spec.nodes.as_ref().unwrap(); + let default_config = NifiConfig::default_config(&nifi.name_any(), &nifi_role); + let rg = with_validated_config::( + role.role_groups.get("default").unwrap(), + role, + &default_config, + ) + .expect("failed to build role group config"); + + build(&rg, role, "default", None).unwrap() + } + + #[test] + fn test_build_bootstrap_conf_defaults() { + let input = r#" + apiVersion: nifi.stackable.tech/v1alpha1 + kind: NifiCluster + metadata: + name: simple-nifi + spec: + image: + productVersion: 2.9.0 + clusterConfig: + authentication: + - authenticationClass: nifi-admin-credentials-simple + sensitiveProperties: + keySecret: simple-nifi-sensitive-property-key + autoGenerate: true + nodes: + roleGroups: + default: + replicas: 1 + "#; + let bootstrap_conf = construct_bootstrap_conf(input); + + assert_eq!( + bootstrap_conf, + indoc! {" + conf.dir=./conf + graceful.shutdown.seconds=300 + java=java + java.arg.1=-Xmx3276m + java.arg.10=-Djavax.security.auth.useSubjectCredsOnly=true + java.arg.11=-Dzookeeper.admin.enableServer=false + java.arg.12=-Djava.security.properties=/stackable/nifi/conf/security.properties + java.arg.2=-Xms3276m + java.arg.3=-XX:+UseG1GC + java.arg.4=-Djava.awt.headless=true + java.arg.5=-Dorg.apache.jasper.compiler.disablejsr199=true + java.arg.6=-Djava.net.preferIPv4Stack=true + java.arg.7=-Dsun.net.http.allowRestrictedHeaders=true + java.arg.8=-Djava.protocol.handler.pkgs=sun.net.www.protocol + java.arg.9=-Djava.security.egd=file:/dev/urandom + lib.dir=./lib + preserve.environment=false + run.as= + "} + ); + } + + #[test] + fn test_build_bootstrap_conf_jvm_argument_overrides() { + let input = r#" + apiVersion: nifi.stackable.tech/v1alpha1 + kind: NifiCluster + metadata: + name: simple-nifi + spec: + image: + productVersion: 2.9.0 + clusterConfig: + authentication: + - authenticationClass: nifi-admin-credentials-simple + sensitiveProperties: + keySecret: simple-nifi-sensitive-property-key + autoGenerate: true + nodes: + config: + resources: + memory: + limit: 42Gi + jvmArgumentOverrides: + remove: + - -XX:+UseG1GC + add: + - -Dhttps.proxyHost=proxy.my.corp + - -Dhttps.proxyPort=8080 + - -Djava.net.preferIPv4Stack=true + roleGroups: + default: + replicas: 1 + jvmArgumentOverrides: + # We need more memory! + removeRegex: + - -Xmx.* + - -Dhttps.proxyPort=.* + add: + - -Xmx40000m + - -Dhttps.proxyPort=1234 + "#; + let bootstrap_conf = construct_bootstrap_conf(input); + + assert_eq!( + bootstrap_conf, + indoc! {" + conf.dir=./conf + graceful.shutdown.seconds=300 + java=java + java.arg.1=-Xms34406m + java.arg.10=-Djava.security.properties=/stackable/nifi/conf/security.properties + java.arg.11=-Dhttps.proxyHost=proxy.my.corp + java.arg.12=-Djava.net.preferIPv4Stack=true + java.arg.13=-Xmx40000m + java.arg.14=-Dhttps.proxyPort=1234 + java.arg.2=-Djava.awt.headless=true + java.arg.3=-Dorg.apache.jasper.compiler.disablejsr199=true + java.arg.4=-Djava.net.preferIPv4Stack=true + java.arg.5=-Dsun.net.http.allowRestrictedHeaders=true + java.arg.6=-Djava.protocol.handler.pkgs=sun.net.www.protocol + java.arg.7=-Djava.security.egd=file:/dev/urandom + java.arg.8=-Djavax.security.auth.useSubjectCredsOnly=true + java.arg.9=-Dzookeeper.admin.enableServer=false + lib.dir=./lib + preserve.environment=false + run.as= + "} + ); + } +} diff --git a/rust/operator-binary/src/controller/build/properties/login_identity_providers.rs b/rust/operator-binary/src/controller/build/properties/login_identity_providers.rs new file mode 100644 index 00000000..02e6a12b --- /dev/null +++ b/rust/operator-binary/src/controller/build/properties/login_identity_providers.rs @@ -0,0 +1,10 @@ +//! Builder for `login-identity-providers.xml`. + +use crate::controller::validate::ValidatedCluster; + +pub fn build(cluster: &ValidatedCluster) -> Result { + cluster + .cluster_config + .authentication + .get_authentication_config() +} diff --git a/rust/operator-binary/src/controller/build/properties/nifi_properties.rs b/rust/operator-binary/src/controller/build/properties/nifi_properties.rs new file mode 100644 index 00000000..7e1afbf5 --- /dev/null +++ b/rust/operator-binary/src/controller/build/properties/nifi_properties.rs @@ -0,0 +1,586 @@ +//! Builder for `nifi.properties`. + +use std::collections::BTreeMap; + +use snafu::{ResultExt, ensure}; +use stackable_operator::{crd::git_sync, memory::MemoryQuantity}; + +use super::ConfigFileName; +use crate::{ + config::{ + CalculateStorageQuotaSnafu, Error, GenerateOidcConfigSnafu, NIFI_PYTHON_WORKING_DIRECTORY, + Nifi1RequiresZookeeperSnafu, NifiRepository, format_properties, + }, + controller::validate::{NifiRoleGroupConfig, ValidatedCluster}, + crd::{HTTPS_PORT, v1alpha1}, + security::{ + authentication::{ + NifiAuthenticationConfig, STACKABLE_SERVER_TLS_DIR, STACKABLE_TLS_STORE_PASSWORD, + }, + oidc::add_oidc_config_to_properties, + }, +}; + +const STORAGE_PROVENANCE_UTILIZATION_FACTOR: f32 = 0.9; +const STORAGE_FLOW_ARCHIVE_UTILIZATION_FACTOR: f32 = 0.9; +const STORAGE_CONTENT_ARCHIVE_UTILIZATION_FACTOR: f32 = 0.5; + +pub fn build( + cluster: &ValidatedCluster, + rg: &NifiRoleGroupConfig, + git_sync_resources: &git_sync::v1alpha2::GitSyncResources, +) -> Result { + let product_version = &cluster.image.product_version; + let proxy_hosts = &cluster.cluster_config.proxy_hosts; + let auth_config = &cluster.cluster_config.authentication; + let resource_config = &rg.config.resources; + + // TODO: Remove once we dropped support for all NiFi 1.x versions + let is_nifi_1 = product_version.starts_with("1."); + + let mut properties = BTreeMap::new(); + // Core Properties + // According to https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance#MigrationGuidance-Migratingto2.0.0-M1 + // The nifi.flow.configuration.file property in nifi.properties must be changed to reference + // "flow.json.gz" instead of "flow.xml.gz" + // TODO: Remove once we dropped support for all 1.x.x versions + // TODO(malte): In order to use CLI tools like: ./bin/nifi.sh set-sensitive-properties-algorithm NIFI_PBKDF2_AES_GCM_256 + // we have to set both "nifi.flow.configuration.file" and "nifi.flow.configuration.json.file" in NiFi 1.x.x. + if is_nifi_1 { + properties.insert( + "nifi.flow.configuration.file".to_string(), + NifiRepository::Database.mount_path() + "/flow.xml.gz", + ); + properties.insert( + "nifi.flow.configuration.json.file".to_string(), + NifiRepository::Database.mount_path() + "/flow.json.gz", + ); + } else { + properties.insert( + "nifi.flow.configuration.file".to_string(), + NifiRepository::Database.mount_path() + "/flow.json.gz", + ); + } + + properties.insert( + "nifi.flow.configuration.archive.enabled".to_string(), + "true".to_string(), + ); + properties.insert( + "nifi.flow.configuration.archive.dir".to_string(), + "/stackable/nifi/conf/archive/".to_string(), + ); + properties.insert( + "nifi.flow.configuration.archive.max.time".to_string(), + "".to_string(), + ); + if let Some(capacity) = resource_config.storage.flowfile_repo.capacity.as_ref() { + properties.insert( + "nifi.flow.configuration.archive.max.storage".to_string(), + storage_quantity_to_nifi( + MemoryQuantity::try_from(capacity).context(CalculateStorageQuotaSnafu { + repo: NifiRepository::Flowfile, + })? * STORAGE_FLOW_ARCHIVE_UTILIZATION_FACTOR, + ), + ); + } + properties.insert( + "nifi.flow.configuration.archive.max.count".to_string(), + "".to_string(), + ); + properties.insert( + "nifi.flowcontroller.autoResumeState".to_string(), + "true".to_string(), + ); + properties.insert( + "nifi.flowcontroller.graceful.shutdown.period".to_string(), + "10 sec".to_string(), + ); + properties.insert( + "nifi.flowservice.writedelay.interval".to_string(), + "500 ms".to_string(), + ); + properties.insert( + "nifi.administrative.yield.duration".to_string(), + "30 sec".to_string(), + ); + + properties.insert( + "nifi.authorizer.configuration.file".to_string(), + "/stackable/nifi/conf/authorizers.xml".to_string(), + ); + properties.insert( + "nifi.login.identity.provider.configuration.file".to_string(), + "/stackable/nifi/conf/login-identity-providers.xml".to_string(), + ); + properties.insert( + "nifi.templates.directory".to_string(), + "./conf/templates".to_string(), + ); + properties.insert("nifi.ui.banner.text".to_string(), "".to_string()); + properties.insert( + "nifi.ui.autorefresh.interval".to_string(), + "30 sec".to_string(), + ); + properties.insert( + "nifi.nar.library.directory".to_string(), + "./lib".to_string(), + ); + properties.insert( + "nifi.nar.library.autoload.directory".to_string(), + "./extensions".to_string(), + ); + properties.insert( + "nifi.nar.working.directory".to_string(), + "./work/nar/".to_string(), + ); + properties.insert( + "nifi.documentation.working.directory".to_string(), + "./work/docs/components".to_string(), + ); + + //################### + // State Management # + //################### + properties.insert( + "nifi.state.management.configuration.file".to_string(), + "./conf/state-management.xml".to_string(), + ); + // The ID of the local state provider + properties.insert( + "nifi.state.management.provider.local".to_string(), + "local-provider".to_string(), + ); + // The ID of the cluster-wide state provider. This will be ignored if NiFi is not clustered but must be populated if running in a cluster. + properties.insert( + "nifi.state.management.provider.cluster".to_string(), + match cluster.cluster_config.clustering_backend { + v1alpha1::NifiClusteringBackend::ZooKeeper { .. } => "zk-provider".to_string(), + v1alpha1::NifiClusteringBackend::Kubernetes { .. } => "kubernetes-provider".to_string(), + }, + ); + // Specifies whether or not this instance of NiFi should run an embedded ZooKeeper server + properties.insert( + "nifi.state.management.embedded.zookeeper.start".to_string(), + "false".to_string(), + ); + + // H2 Settings + properties.insert( + "nifi.database.directory".to_string(), + NifiRepository::Database.mount_path(), + ); + properties.insert( + "nifi.h2.url.append".to_string(), + ";LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE".to_string(), + ); + + // FlowFile Repository + properties.insert( + "nifi.flowfile.repository.implementation".to_string(), + "org.apache.nifi.controller.repository.WriteAheadFlowFileRepository".to_string(), + ); + properties.insert( + "nifi.flowfile.repository.wal.implementation".to_string(), + "org.apache.nifi.wali.SequentialAccessWriteAheadLog".to_string(), + ); + properties.insert( + "nifi.flowfile.repository.directory".to_string(), + NifiRepository::Flowfile.mount_path(), + ); + properties.insert( + "nifi.flowfile.repository.checkpoint.interval".to_string(), + "20 secs".to_string(), + ); + properties.insert( + "nifi.flowfile.repository.always.sync".to_string(), + "false".to_string(), + ); + properties.insert( + "nifi.flowfile.repository.retain.orphaned.flowfiles".to_string(), + "true".to_string(), + ); + + properties.insert( + "nifi.swap.manager.implementation".to_string(), + "org.apache.nifi.controller.FileSystemSwapManager".to_string(), + ); + properties.insert("nifi.queue.swap.threshold".to_string(), "20000".to_string()); + + // Content Repository + properties.insert( + "nifi.content.repository.implementation".to_string(), + "org.apache.nifi.controller.repository.FileSystemRepository".to_string(), + ); + properties.insert( + "nifi.content.claim.max.appendable.size".to_string(), + "1 MB".to_string(), + ); + properties.insert( + "nifi.content.repository.directory.default".to_string(), + NifiRepository::Content.mount_path(), + ); + // Cap archived content age so the archive directory stays bounded in + // file count. NiFi treats empty as Long.MAX_VALUE, leaving size-based + // purge as the only trigger; that lets the archive grow to whatever + // half the PVC holds, and the startup directory scan in + // FileSystemRepository.initializeRepository scales with file count. + // 3 days covers a Friday-incident-investigated-Monday window for + // content replay; users with longer requirements can extend via + // configOverrides. The percentage-based threshold below acts as a + // safety net if write rate outpaces time-based purge. + // Also see https://github.com/stackabletech/nifi-operator/issues/354 + properties.insert( + "nifi.content.repository.archive.max.retention.period".to_string(), + "3 days".to_string(), + ); + properties.insert( + "nifi.content.repository.archive.max.usage.percentage".to_string(), + format!("{}%", STORAGE_CONTENT_ARCHIVE_UTILIZATION_FACTOR * 100.0), + ); + properties.insert( + "nifi.content.repository.archive.enabled".to_string(), + "true".to_string(), + ); + properties.insert( + "nifi.content.repository.always.sync".to_string(), + "false".to_string(), + ); + properties.insert( + "nifi.content.viewer.url".to_string(), + "../nifi-content-viewer/".to_string(), + ); + + // Provenance Repository Properties + properties.insert( + "nifi.provenance.repository.implementation".to_string(), + "org.apache.nifi.provenance.WriteAheadProvenanceRepository".to_string(), + ); + + // Persistent Provenance Repository Properties + properties.insert( + "nifi.provenance.repository.directory.default".to_string(), + NifiRepository::Provenance.mount_path(), + ); + properties.insert( + "nifi.provenance.repository.max.storage.time".to_string(), + "".to_string(), + ); + if let Some(capacity) = resource_config.storage.provenance_repo.capacity.as_ref() { + properties.insert( + "nifi.provenance.repository.max.storage.size".to_string(), + storage_quantity_to_nifi( + MemoryQuantity::try_from(capacity).context(CalculateStorageQuotaSnafu { + repo: NifiRepository::Provenance, + })? * STORAGE_PROVENANCE_UTILIZATION_FACTOR, + ), + ); + } + properties.insert( + "nifi.provenance.repository.rollover.time".to_string(), + "10 mins".to_string(), + ); + properties.insert( + "nifi.provenance.repository.rollover.size".to_string(), + "100 MB".to_string(), + ); + properties.insert( + "nifi.provenance.repository.query.threads".to_string(), + "2".to_string(), + ); + properties.insert( + "nifi.provenance.repository.index.threads".to_string(), + "2".to_string(), + ); + properties.insert( + "nifi.provenance.repository.compress.on.rollover".to_string(), + "true".to_string(), + ); + properties.insert( + "nifi.provenance.repository.always.sync".to_string(), + "false".to_string(), + ); + // Comma-separated list of fields. Fields that are not indexed will not be searchable. Valid fields are: + // EventType, FlowFileUUID, Filename, TransitURI, ProcessorID, AlternateIdentifierURI, Relationship, Details + properties.insert( + "nifi.provenance.repository.indexed.fields".to_string(), + "EventType, FlowFileUUID, Filename, ProcessorID, Relationship".to_string(), + ); + // FlowFile Attributes that should be indexed and made searchable. Some examples to consider are filename, uuid, mime.type + properties.insert( + "nifi.provenance.repository.indexed.attributes".to_string(), + "".to_string(), + ); + // Large values for the shard size will result in more Java heap usage when searching the Provenance Repository + // but should provide better performance + properties.insert( + "nifi.provenance.repository.index.shard.size".to_string(), + "500 MB".to_string(), + ); + // Indicates the maximum length that a FlowFile attribute can be when retrieving a Provenance Event from + // the repository. If the length of any attribute exceeds this value, it will be truncated when the event is retrieved. + properties.insert( + "nifi.provenance.repository.max.attribute.length".to_string(), + "65536".to_string(), + ); + properties.insert( + "nifi.provenance.repository.concurrent.merge.threads".to_string(), + "2".to_string(), + ); + + // Volatile Provenance Repository Properties + properties.insert( + "nifi.provenance.repository.buffer.size".to_string(), + "100000".to_string(), + ); + + // Component Status Repository + properties.insert( + "nifi.components.status.repository.implementation".to_string(), + "org.apache.nifi.controller.status.history.VolatileComponentStatusRepository".to_string(), + ); + properties.insert( + "nifi.components.status.repository.buffer.size".to_string(), + "1440".to_string(), + ); + properties.insert( + "nifi.components.status.snapshot.frequency".to_string(), + "1 min".to_string(), + ); + + // QuestDB Status History Repository Properties + properties.insert( + "nifi.status.repository.questdb.persist.node.days".to_string(), + "14".to_string(), + ); + properties.insert( + "nifi.status.repository.questdb.persist.component.days".to_string(), + "3".to_string(), + ); + properties.insert( + "nifi.status.repository.questdb.persist.location".to_string(), + "./status_repository".to_string(), + ); + + //############################################# + properties.insert( + "nifi.web.https.host".to_string(), + "${env:NODE_ADDRESS}".to_string(), + ); + properties.insert("nifi.web.https.port".to_string(), HTTPS_PORT.to_string()); + properties.insert( + "nifi.web.https.network.interface.default".to_string(), + "".to_string(), + ); + // Specifically listen on eth0 and lo interfaces. + // Listening on lo allows k8s port-forward to work. + // Once we listen on lo, we need to explicitly listen on eth0 so the server can be exposed (including health probes). + // NOTE: We assume "eth0" is always the external interface in containers launched in Kubernetes. + // It is possible that some container runtime will name it differently, but we haven't yet observed that. + properties.insert( + "nifi.web.https.network.interface.eth0".to_string(), + "eth0".to_string(), + ); + properties.insert( + "nifi.web.https.network.interface.lo".to_string(), + "lo".to_string(), + ); + //############################################# + properties.insert( + "nifi.web.jetty.working.directory".to_string(), + "./work/jetty".to_string(), + ); + properties.insert("nifi.web.jetty.threads".to_string(), "200".to_string()); + properties.insert("nifi.web.max.header.size".to_string(), "16 KB".to_string()); + properties.insert("nifi.web.proxy.context.path".to_string(), "".to_string()); + properties.insert("nifi.web.proxy.host".to_string(), proxy_hosts.to_string()); + + properties.insert( + "nifi.sensitive.props.key".to_string(), + "${file:UTF-8:/stackable/sensitiveproperty/nifiSensitivePropsKey}".to_string(), + ); + properties.insert( + "nifi.sensitive.props.key.protected".to_string(), + "".to_string(), + ); + + // The algorithm has already been validated in the validate step (check_for_nifi_version). + properties.insert( + "nifi.sensitive.props.algorithm".to_string(), + cluster + .cluster_config + .sensitive_properties_algorithm + .to_string(), + ); + + // key and trust store + // these properties are ok to hard code here, because the cannot be configured and are + // generated with fixed values in the init container + properties.insert( + "nifi.security.keystore".to_string(), + format!( + "{keystore_path}/keystore.p12", + keystore_path = STACKABLE_SERVER_TLS_DIR + ), + ); + properties.insert( + "nifi.security.keystoreType".to_string(), + "PKCS12".to_string(), + ); + properties.insert( + "nifi.security.keystorePasswd".to_string(), + STACKABLE_TLS_STORE_PASSWORD.to_string(), + ); + properties.insert( + "nifi.security.truststore".to_string(), + format!( + "{keystore_path}/truststore.p12", + keystore_path = STACKABLE_SERVER_TLS_DIR + ), + ); + properties.insert( + "nifi.security.truststoreType".to_string(), + "PKCS12".to_string(), + ); + properties.insert( + "nifi.security.truststorePasswd".to_string(), + STACKABLE_TLS_STORE_PASSWORD.to_string(), + ); + properties.insert( + "nifi.security.user.login.identity.provider".to_string(), + "login-identity-provider".to_string(), + ); + properties.insert( + "nifi.security.user.authorizer".to_string(), + "authorizer".to_string(), + ); + properties.insert( + "nifi.security.allow.anonymous.authentication".to_string(), + "false".to_string(), + ); + properties.insert( + "nifi.cluster.protocol.is.secure".to_string(), + "true".to_string(), + ); + + if let NifiAuthenticationConfig::Oidc { provider, oidc, .. } = auth_config { + add_oidc_config_to_properties(provider, oidc, &mut properties) + .context(GenerateOidcConfigSnafu)?; + }; + + // cluster node properties (only configure for cluster nodes) + properties.insert("nifi.cluster.is.node".to_string(), "true".to_string()); + properties.insert( + "nifi.cluster.node.address".to_string(), + "${env:NODE_ADDRESS}".to_string(), + ); + properties.insert( + "nifi.cluster.node.protocol.port".to_string(), + crate::crd::PROTOCOL_PORT.to_string(), + ); + properties.insert( + "nifi.cluster.flow.election.max.candidates".to_string(), + "".to_string(), + ); + + match cluster.cluster_config.clustering_backend { + v1alpha1::NifiClusteringBackend::ZooKeeper { .. } => { + properties.insert( + "nifi.cluster.leader.election.implementation".to_string(), + "CuratorLeaderElectionManager".to_string(), + ); + + // this will be replaced via a container command script + properties.insert( + "nifi.zookeeper.connect.string".to_string(), + "${env:ZOOKEEPER_HOSTS}".to_string(), + ); + + // this will be replaced via a container command script + properties.insert( + "nifi.zookeeper.root.node".to_string(), + "${env:ZOOKEEPER_CHROOT}".to_string(), + ); + } + + v1alpha1::NifiClusteringBackend::Kubernetes {} => { + ensure!(!is_nifi_1, Nifi1RequiresZookeeperSnafu); + + properties.insert( + "nifi.cluster.leader.election.implementation".to_string(), + "KubernetesLeaderElectionManager".to_string(), + ); + + // this will be replaced via a container command script + properties.insert( + "nifi.cluster.leader.election.kubernetes.lease.prefix".to_string(), + "${env:STACKLET_NAME}".to_string(), + ); + } + } + + //#################### + // Custom components # + //#################### + // NiFi 1.x does not support Python components and the Python configuration below is just + // ignored. + + // The command used to launch Python. + // This property must be set to enable Python-based processors. + properties.insert("nifi.python.command".to_string(), "python3".to_string()); + + // The directory that contains the Python framework for communicating between the Python and + // Java processes. + properties.insert( + "nifi.python.framework.source.directory".to_string(), + "/stackable/nifi/python/framework/".to_string(), + ); + + // The working directory where NiFi should store artifacts; + // This property defaults to ./work/python but if you want to mount an emptyDir for the working + // directory then another directory has to be set to avoid ownership conflicts with ./work/nar. + properties.insert( + "nifi.python.working.directory".to_string(), + NIFI_PYTHON_WORKING_DIRECTORY.to_string(), + ); + + // The default directory that NiFi should look in to find custom Python-based components. + // This directory is mentioned in the documentation + // (docs/modules/nifi/pages/usage_guide/custom-components.adoc), so do not change it! + properties.insert( + "nifi.python.extensions.source.directory.default".to_string(), + "/stackable/nifi/python/extensions/".to_string(), + ); + + for (i, git_folder) in git_sync_resources + .git_content_folders_as_string() + .into_iter() + .enumerate() + { + // The directory that NiFi should look in to find custom Python-based components. + properties.insert( + format!("nifi.python.extensions.source.directory.{i}"), + git_folder.clone(), + ); + + // The directory that NiFi should look in to find custom Java-based components. + properties.insert(format!("nifi.nar.library.directory.{i}"), git_folder); + } + //########################## + + // override with config overrides + for (k, v) in super::resolved_overrides_for(rg, ConfigFileName::NifiProperties) { + properties.insert(k, v); + } + + Ok(format_properties(properties)) +} + +fn storage_quantity_to_nifi(quantity: MemoryQuantity) -> String { + format!( + "{}MB", + quantity + .scale_to(stackable_operator::memory::BinaryMultiple::Mebi) + .value + ) +} diff --git a/rust/operator-binary/src/controller/build/properties/security_properties.rs b/rust/operator-binary/src/controller/build/properties/security_properties.rs new file mode 100644 index 00000000..6643eb6c --- /dev/null +++ b/rust/operator-binary/src/controller/build/properties/security_properties.rs @@ -0,0 +1,70 @@ +//! Builder for `security.properties`. + +use std::collections::BTreeMap; + +use super::{ConfigFileName, writer}; +use crate::controller::validate::NifiRoleGroupConfig; + +pub fn build(rg: &NifiRoleGroupConfig) -> Result { + let mut props: BTreeMap> = BTreeMap::new(); + // Defaults previously injected by deploy/config-spec/properties.yaml: + props.insert( + "networkaddress.cache.ttl".to_string(), + Some("30".to_string()), + ); + props.insert( + "networkaddress.cache.negative.ttl".to_string(), + Some("0".to_string()), + ); + for (k, v) in super::resolved_overrides_for(rg, ConfigFileName::SecurityProperties) { + props.insert(k, Some(v)); + } + writer::to_java_properties_string(props.iter()) +} + +#[cfg(test)] +mod tests { + use std::collections::BTreeMap; + + use stackable_operator::config_overrides::KeyValueConfigOverrides; + + use super::*; + use crate::{ + controller::validate::NifiRoleGroupConfig, + crd::{NifiConfig, v1alpha1::NifiConfigOverrides}, + }; + + fn make_rg(overrides: Option>) -> NifiRoleGroupConfig { + use stackable_operator::role_utils::JavaCommonConfig; + NifiRoleGroupConfig { + replicas: 1, + config: NifiConfig::default(), + config_overrides: NifiConfigOverrides { + security_properties: overrides.map(|o| KeyValueConfigOverrides { overrides: o }), + ..Default::default() + }, + env_overrides: BTreeMap::new(), + cli_overrides: BTreeMap::new(), + pod_overrides: Default::default(), + product_specific_common_config: JavaCommonConfig::default(), + } + } + + #[test] + fn test_default_keys_present() { + let rg = make_rg(None); + let result = build(&rg).unwrap(); + assert!(result.contains("networkaddress.cache.ttl=30")); + assert!(result.contains("networkaddress.cache.negative.ttl=0")); + } + + #[test] + fn test_user_override_wins() { + let mut overrides = BTreeMap::new(); + overrides.insert("networkaddress.cache.ttl".to_string(), "60".to_string()); + let rg = make_rg(Some(overrides)); + let result = build(&rg).unwrap(); + assert!(result.contains("networkaddress.cache.ttl=60")); + assert!(!result.contains("networkaddress.cache.ttl=30")); + } +} diff --git a/rust/operator-binary/src/controller/build/properties/state_management_xml.rs b/rust/operator-binary/src/controller/build/properties/state_management_xml.rs new file mode 100644 index 00000000..53747c9d --- /dev/null +++ b/rust/operator-binary/src/controller/build/properties/state_management_xml.rs @@ -0,0 +1,68 @@ +//! Builder for `state-management.xml`. + +use crate::{config::NifiRepository, crd::v1alpha1::NifiClusteringBackend}; + +pub fn build(clustering_backend: &NifiClusteringBackend) -> String { + // Inert providers are ignored by NiFi itself, but templating still fails if they refer to invalid environment variables, + // so only include the actually used provider. + let cluster_provider = match clustering_backend { + NifiClusteringBackend::ZooKeeper { .. } => { + r#" + zk-provider + org.apache.nifi.controller.state.providers.zookeeper.ZooKeeperStateProvider + ${env:ZOOKEEPER_HOSTS} + ${env:ZOOKEEPER_CHROOT} + 10 seconds + Open + "# + } + NifiClusteringBackend::Kubernetes {} => { + r#" + kubernetes-provider + org.apache.nifi.kubernetes.state.provider.KubernetesConfigMapStateProvider + ${env:STACKLET_NAME} + "# + } + }; + format!( + r#" + + + local-provider + org.apache.nifi.controller.state.providers.local.WriteAheadLocalStateProvider + {local_state_path} + false + 16 + 2 mins + + {cluster_provider} + "#, + local_state_path = NifiRepository::State.mount_path(), + ) +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_build_state_management_xml_kubernetes() { + let xml = build(&NifiClusteringBackend::Kubernetes {}); + assert!(xml.contains("kubernetes-provider")); + assert!(xml.contains("KubernetesConfigMapStateProvider")); + assert!(xml.contains("${env:STACKLET_NAME}")); + assert!(!xml.contains("zk-provider")); + } + + #[test] + fn test_build_state_management_xml_zookeeper() { + let xml = build(&NifiClusteringBackend::ZooKeeper { + zookeeper_config_map_name: "my-zk".to_string(), + }); + assert!(xml.contains("zk-provider")); + assert!(xml.contains("ZooKeeperStateProvider")); + assert!(xml.contains("${env:ZOOKEEPER_HOSTS}")); + assert!(xml.contains("${env:ZOOKEEPER_CHROOT}")); + assert!(!xml.contains("kubernetes-provider")); + } +} diff --git a/rust/operator-binary/src/controller/validate.rs b/rust/operator-binary/src/controller/validate.rs index f90542c8..47a424f0 100644 --- a/rust/operator-binary/src/controller/validate.rs +++ b/rust/operator-binary/src/controller/validate.rs @@ -20,7 +20,10 @@ use strum::{EnumDiscriminants, IntoStaticStr}; use crate::{ config::{self, validated_product_config}, controller::dereference::DereferencedObjects, - crd::{HTTPS_PORT, NifiConfig, NifiRole, v1alpha1}, + crd::{ + HTTPS_PORT, NifiConfig, NifiRole, sensitive_properties, + sensitive_properties::NifiSensitiveKeyAlgorithm, v1alpha1, + }, framework::role_utils::with_validated_config, reporting_task, security::{ @@ -59,6 +62,9 @@ pub enum Error { InvalidConfigFragment { source: stackable_operator::config::fragment::ValidationError, }, + + #[snafu(display("invalid sensitive properties algorithm"))] + InvalidSensitivePropertiesAlgorithm { source: sensitive_properties::Error }, } pub type NifiRoleGroupConfig = crate::framework::role_utils::RoleGroupConfig< @@ -89,6 +95,10 @@ pub struct ValidatedClusterConfig { pub authorization: ResolvedNifiAuthorizationConfig, /// Comma-separated NiFi proxy hosts, or `"*"` if `hostHeaderCheck.allowAll` is set. pub proxy_hosts: String, + /// The clustering backend (ZooKeeper or Kubernetes), copied from the spec. + pub clustering_backend: v1alpha1::NifiClusteringBackend, + /// The validated sensitive properties algorithm. + pub sensitive_properties_algorithm: NifiSensitiveKeyAlgorithm, } /// Validates the cluster spec and the dereferenced inputs. @@ -128,6 +138,17 @@ pub fn validate( let proxy_hosts = compute_proxy_hosts(nifi, cluster_info)?; + let sensitive_properties_algorithm = nifi + .spec + .cluster_config + .sensitive_properties + .algorithm + .clone() + .unwrap_or_default(); + sensitive_properties_algorithm + .check_for_nifi_version(&image.product_version) + .context(InvalidSensitivePropertiesAlgorithmSnafu)?; + Ok(ValidatedCluster { name: nifi.name_any(), image, @@ -136,6 +157,8 @@ pub fn validate( authentication: authentication_config, authorization: authorization_config, proxy_hosts, + clustering_backend: nifi.spec.cluster_config.clustering_backend.clone(), + sensitive_properties_algorithm, }, validated_role_config, }) diff --git a/rust/operator-binary/src/security/authentication.rs b/rust/operator-binary/src/security/authentication.rs index 44cd8ac5..11d6b6fc 100644 --- a/rust/operator-binary/src/security/authentication.rs +++ b/rust/operator-binary/src/security/authentication.rs @@ -17,9 +17,6 @@ pub const STACKABLE_ADMIN_USERNAME: &str = "admin"; const STACKABLE_USER_VOLUME_MOUNT_PATH: &str = "/stackable/users"; -pub const LOGIN_IDENTITY_PROVIDERS_XML_FILE_NAME: &str = "login-identity-providers.xml"; -pub const AUTHORIZERS_XML_FILE_NAME: &str = "authorizers.xml"; - pub const STACKABLE_SERVER_TLS_DIR: &str = "/stackable/server_tls"; pub const STACKABLE_TLS_STORE_PASSWORD: &str = "secret"; From 5d1b146c140a17a9e25e01056a7ec11bf535713b Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 3 Jun 2026 21:52:28 +0200 Subject: [PATCH 06/16] refactor: move configmap build into controller/build/config_map.rs Co-Authored-By: Claude Opus 4.8 (1M context) --- rust/operator-binary/src/controller.rs | 150 ++--------------- rust/operator-binary/src/controller/build.rs | 1 + .../src/controller/build/config_map.rs | 156 ++++++++++++++++++ 3 files changed, 168 insertions(+), 139 deletions(-) create mode 100644 rust/operator-binary/src/controller/build/config_map.rs diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 099a4197..dc1bc55a 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -6,7 +6,6 @@ use std::{ sync::Arc, }; -use crate::controller::build::properties::writer::PropertiesWriterError; use const_format::concatcp; use indoc::formatdoc; use product_config::{ProductConfigManager, types::PropertyNameKind}; @@ -14,7 +13,6 @@ use snafu::{OptionExt, ResultExt, Snafu}; use stackable_operator::{ builder::{ self, - configmap::ConfigMapBuilder, meta::ObjectMetaBuilder, pod::{ PodBuilder, container::ContainerBuilder, resources::ResourceRequirementsBuilder, @@ -32,8 +30,8 @@ use stackable_operator::{ api::{ apps::v1::{StatefulSet, StatefulSetSpec, StatefulSetUpdateStrategy}, core::v1::{ - ConfigMap, ConfigMapKeySelector, ConfigMapVolumeSource, EmptyDirVolumeSource, - EnvVar, EnvVarSource, ObjectFieldSelector, PersistentVolumeClaim, Probe, + ConfigMapKeySelector, ConfigMapVolumeSource, EmptyDirVolumeSource, EnvVar, + EnvVarSource, ObjectFieldSelector, PersistentVolumeClaim, Probe, SecretVolumeSource, TCPSocketAction, Volume, }, }, @@ -75,14 +73,7 @@ mod validate; use crate::{ OPERATOR_NAME, - config::{ - self, JVM_SECURITY_PROPERTIES_FILE, NIFI_CONFIG_DIRECTORY, NIFI_PYTHON_WORKING_DIRECTORY, - NifiRepository, - }, - controller::build::properties::{ - ConfigFileName, authorizers, bootstrap_conf, login_identity_providers, nifi_properties, - security_properties, state_management_xml, - }, + config::{NIFI_CONFIG_DIRECTORY, NIFI_PYTHON_WORKING_DIRECTORY, NifiRepository}, crd::{ APP_NAME, BALANCE_PORT, BALANCE_PORT_NAME, Container, HTTPS_PORT, HTTPS_PORT_NAME, METRICS_PORT, METRICS_PORT_NAME, NifiConfig, NifiNodeRoleConfig, NifiRole, NifiRoleType, @@ -98,7 +89,6 @@ use crate::{ pdb::add_pdbs, upgrade::{self, ClusterVersionUpdateState}, }, - product_logging::extend_role_group_config_map, reporting_task::{build_maybe_reporting_task, build_reporting_task_service_name}, security::{ authentication::{ @@ -110,7 +100,6 @@ use crate::{ }, service::{build_rolegroup_headless_service, build_rolegroup_metrics_service}, }; -use validate::{NifiRoleGroupConfig, ValidatedCluster}; pub const NIFI_CONTROLLER_NAME: &str = "nificluster"; pub const NIFI_FULL_CONTROLLER_NAME: &str = concatcp!(NIFI_CONTROLLER_NAME, '.', OPERATOR_NAME); @@ -169,9 +158,9 @@ pub enum Error { rolegroup: RoleGroupRef, }, - #[snafu(display("failed to build ConfigMap for {}", rolegroup))] - BuildRoleGroupConfig { - source: stackable_operator::builder::configmap::Error, + #[snafu(display("failed to build rolegroup ConfigMap for {}", rolegroup))] + BuildRoleGroupConfigMap { + source: build::config_map::Error, rolegroup: RoleGroupRef, }, @@ -208,19 +197,6 @@ pub enum Error { #[snafu(display("Failed to find information about file [{}] in product config", kind))] ProductConfigKindNotSpecified { kind: String }, - #[snafu(display("Bootstrap configuration error"))] - BootstrapConfig { - #[snafu(source(from(config::Error, Box::new)))] - source: Box, - }, - - #[snafu(display("failed to prepare NiFi configuration for rolegroup {rolegroup}"))] - BuildProductConfig { - #[snafu(source(from(config::Error, Box::new)))] - source: Box, - rolegroup: RoleGroupRef, - }, - #[snafu(display("illegal container name: [{container_name}]"))] IllegalContainerName { source: stackable_operator::builder::pod::container::Error, @@ -236,12 +212,6 @@ pub enum Error { #[snafu(display("vector agent is enabled but vector aggregator ConfigMap is missing"))] VectorAggregatorConfigMapMissing, - #[snafu(display("failed to add the logging configuration to the ConfigMap [{cm_name}]"))] - InvalidLoggingConfig { - source: crate::product_logging::Error, - cm_name: String, - }, - #[snafu(display("failed to patch service account"))] ApplyServiceAccount { source: stackable_operator::cluster_resources::Error, @@ -257,20 +227,6 @@ pub enum Error { source: stackable_operator::commons::rbac::Error, }, - #[snafu(display( - "failed to serialize [{JVM_SECURITY_PROPERTIES_FILE}] for {}", - rolegroup - ))] - JvmSecurityProperties { - source: PropertiesWriterError, - rolegroup: String, - }, - - #[snafu(display("Invalid NiFi Authentication Configuration"))] - InvalidNifiAuthenticationConfig { - source: crate::security::authentication::Error, - }, - #[snafu(display("Invalid NiFi Authorization Configuration"))] InvalidNifiAuthorizationConfig { source: crate::security::authorization::Error, @@ -517,18 +473,18 @@ pub async fn reconcile_nifi( // The proxy hosts allow-list lets external users access NiFi via addresses we cannot // predict, so all of them are added to the setting. // For more information see - let rg_configmap = build_node_rolegroup_config_map( + let rg_configmap = build::config_map::build_rolegroup_config_map( nifi, &validated, rg, - resolved_product_image, role, &rolegroup, - rolegroup_config, - &merged_config, &git_sync_resources, + &role_group_service_recommended_labels, ) - .await?; + .context(BuildRoleGroupConfigMapSnafu { + rolegroup: rolegroup.clone(), + })?; let role_group = role.role_groups.get(&rolegroup.role_group); let replicas = @@ -697,90 +653,6 @@ pub async fn reconcile_nifi( Ok(Action::await_change()) } -/// The rolegroup [`ConfigMap`] configures the rolegroup based on the configuration given by the administrator -#[allow(clippy::too_many_arguments)] -async fn build_node_rolegroup_config_map( - nifi: &v1alpha1::NifiCluster, - cluster: &ValidatedCluster, - rg: &NifiRoleGroupConfig, - resolved_product_image: &ResolvedProductImage, - role: &NifiRoleType, - rolegroup: &RoleGroupRef, - _rolegroup_config: &HashMap>, - _merged_config: &NifiConfig, - git_sync_resources: &git_sync::v1alpha2::GitSyncResources, -) -> Result { - tracing::debug!("building rolegroup configmaps"); - - let mut cm_builder = ConfigMapBuilder::new(); - - cm_builder - .metadata( - ObjectMetaBuilder::new() - .name_and_namespace(nifi) - .name(rolegroup.object_name()) - .ownerreference_from_resource(nifi, None, Some(true)) - .context(ObjectMissingMetadataForOwnerRefSnafu)? - .with_recommended_labels(&build_recommended_labels( - nifi, - &resolved_product_image.app_version_label_value, - &rolegroup.role, - &rolegroup.role_group, - )) - .context(MetadataBuildSnafu)? - .build(), - ) - .add_data( - ConfigFileName::BootstrapConf.to_string(), - bootstrap_conf::build( - rg, - role, - &rolegroup.role_group, - Some(&cluster.cluster_config.authorization), - ) - .context(BootstrapConfigSnafu)?, - ) - .add_data( - ConfigFileName::NifiProperties.to_string(), - nifi_properties::build(cluster, rg, git_sync_resources).with_context(|_| { - BuildProductConfigSnafu { - rolegroup: rolegroup.clone(), - } - })?, - ) - .add_data( - ConfigFileName::StateManagementXml.to_string(), - state_management_xml::build(&cluster.cluster_config.clustering_backend), - ) - .add_data( - ConfigFileName::LoginIdentityProviders.to_string(), - login_identity_providers::build(cluster) - .context(InvalidNifiAuthenticationConfigSnafu)?, - ) - .add_data( - ConfigFileName::Authorizers.to_string(), - authorizers::build(cluster, nifi), - ) - .add_data( - ConfigFileName::SecurityProperties.to_string(), - security_properties::build(rg).with_context(|_| JvmSecurityPropertiesSnafu { - rolegroup: rolegroup.role_group.clone(), - })?, - ); - - extend_role_group_config_map(rolegroup, &rg.config.logging, &mut cm_builder).context( - InvalidLoggingConfigSnafu { - cm_name: rolegroup.object_name(), - }, - )?; - - cm_builder - .build() - .with_context(|_| BuildRoleGroupConfigSnafu { - rolegroup: rolegroup.clone(), - }) -} - const USERDATA_MOUNTPOINT: &str = "/stackable/userdata"; /// The rolegroup [`StatefulSet`] runs the rolegroup, as configured by the administrator. diff --git a/rust/operator-binary/src/controller/build.rs b/rust/operator-binary/src/controller/build.rs index bb77c4fc..ad7b4079 100644 --- a/rust/operator-binary/src/controller/build.rs +++ b/rust/operator-binary/src/controller/build.rs @@ -2,4 +2,5 @@ //! //! [`ValidatedCluster`]: crate::controller::validate::ValidatedCluster +pub mod config_map; pub mod properties; diff --git a/rust/operator-binary/src/controller/build/config_map.rs b/rust/operator-binary/src/controller/build/config_map.rs new file mode 100644 index 00000000..1964c5fe --- /dev/null +++ b/rust/operator-binary/src/controller/build/config_map.rs @@ -0,0 +1,156 @@ +//! Build per-rolegroup `ConfigMap` for the NiFi cluster. + +use snafu::{ResultExt, Snafu}; +use stackable_operator::{ + builder::{configmap::ConfigMapBuilder, meta::ObjectMetaBuilder}, + crd::git_sync, + k8s_openapi::api::core::v1::ConfigMap, + kvp::ObjectLabels, + role_utils::RoleGroupRef, +}; + +use crate::{ + controller::{ + build::properties::{ + ConfigFileName, authorizers, bootstrap_conf, login_identity_providers, nifi_properties, + security_properties, state_management_xml, + }, + validate::{NifiRoleGroupConfig, ValidatedCluster}, + }, + crd::{NifiRoleType, v1alpha1}, + product_logging::extend_role_group_config_map, +}; + +#[derive(Debug, Snafu)] +pub enum Error { + #[snafu(display("object is missing metadata to build owner reference"))] + ObjectMissingMetadataForOwnerRef { + source: stackable_operator::builder::meta::Error, + }, + + #[snafu(display("failed to build metadata"))] + MetadataBuild { + source: stackable_operator::builder::meta::Error, + }, + + #[snafu(display("failed to build bootstrap.conf"))] + BootstrapConfig { + #[snafu(source(from(crate::config::Error, Box::new)))] + source: Box, + }, + + #[snafu(display("failed to prepare NiFi configuration for rolegroup {rolegroup}"))] + BuildProductConfig { + #[snafu(source(from(crate::config::Error, Box::new)))] + source: Box, + rolegroup: RoleGroupRef, + }, + + #[snafu(display("failed to add the logging configuration to the ConfigMap [{cm_name}]"))] + InvalidLoggingConfig { + source: crate::product_logging::Error, + cm_name: String, + }, + + #[snafu(display("failed to build ConfigMap for {rolegroup}"))] + BuildRoleGroupConfig { + source: stackable_operator::builder::configmap::Error, + rolegroup: RoleGroupRef, + }, + + #[snafu(display("failed to serialize JVM security properties for {}", rolegroup))] + JvmSecurityProperties { + source: crate::controller::build::properties::writer::PropertiesWriterError, + rolegroup: String, + }, + + #[snafu(display("failed to build login-identity-providers configuration"))] + InvalidNifiAuthenticationConfig { + source: crate::security::authentication::Error, + }, +} + +type Result = std::result::Result; + +/// Build the rolegroup [`ConfigMap`] configuring the rolegroup based on the +/// resolved cluster configuration. +/// +/// The only use of `owner` is for the OwnerReference and `name_and_namespace`. +/// All other NiFi configuration is sourced from `cluster` or `rg`. +/// `recommended_labels` must be built by the caller (typically via `build_recommended_labels`). +pub fn build_rolegroup_config_map( + owner: &v1alpha1::NifiCluster, + cluster: &ValidatedCluster, + rg: &NifiRoleGroupConfig, + role: &NifiRoleType, + rolegroup: &RoleGroupRef, + git_sync_resources: &git_sync::v1alpha2::GitSyncResources, + recommended_labels: &ObjectLabels<'_, v1alpha1::NifiCluster>, +) -> Result { + tracing::debug!("building rolegroup ConfigMap"); + + let mut cm_builder = ConfigMapBuilder::new(); + + cm_builder + .metadata( + ObjectMetaBuilder::new() + .name_and_namespace(owner) + .name(rolegroup.object_name()) + .ownerreference_from_resource(owner, None, Some(true)) + .context(ObjectMissingMetadataForOwnerRefSnafu)? + .with_recommended_labels(recommended_labels) + .context(MetadataBuildSnafu)? + .build(), + ) + .add_data( + ConfigFileName::BootstrapConf.to_string(), + bootstrap_conf::build( + rg, + role, + &rolegroup.role_group, + Some(&cluster.cluster_config.authorization), + ) + .context(BootstrapConfigSnafu)?, + ) + .add_data( + ConfigFileName::NifiProperties.to_string(), + nifi_properties::build(cluster, rg, git_sync_resources).with_context(|_| { + BuildProductConfigSnafu { + rolegroup: rolegroup.clone(), + } + })?, + ) + .add_data( + ConfigFileName::StateManagementXml.to_string(), + state_management_xml::build(&cluster.cluster_config.clustering_backend), + ) + .add_data( + ConfigFileName::LoginIdentityProviders.to_string(), + login_identity_providers::build(cluster) + .context(InvalidNifiAuthenticationConfigSnafu)?, + ) + .add_data( + ConfigFileName::Authorizers.to_string(), + // TODO: authorizers::build currently takes a raw &NifiCluster; once migrated + // to ValidatedCluster this `owner` arg can be removed. + authorizers::build(cluster, owner), + ) + .add_data( + ConfigFileName::SecurityProperties.to_string(), + security_properties::build(rg).with_context(|_| JvmSecurityPropertiesSnafu { + rolegroup: rolegroup.role_group.clone(), + })?, + ); + + extend_role_group_config_map(rolegroup, &rg.config.logging, &mut cm_builder).context( + InvalidLoggingConfigSnafu { + cm_name: rolegroup.object_name(), + }, + )?; + + cm_builder + .build() + .with_context(|_| BuildRoleGroupConfigSnafu { + rolegroup: rolegroup.clone(), + }) +} From baaba90a7829277f83a1dd210202bca6dcb455f3 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 3 Jun 2026 22:09:45 +0200 Subject: [PATCH 07/16] refactor: source statefulset and git-sync env vars from ValidatedCluster Replace the product-config validated_role_config map as the env-var source for the rolegroup loop, git-sync, and statefulset builder with the typed NifiRoleGroupConfig.env_overrides from ValidatedCluster.role_group_configs. - Loop now iterates node_role_group_configs (typed BTreeMap) directly - git-sync gets env vars via env_vars_from_overrides(&rg.env_overrides) - build_node_rolegroup_statefulset takes &NifiRoleGroupConfig instead of &HashMap> - validated_role_config field is now populated but unread; annotated with #[allow(dead_code)] pending removal in Task 7 - Removes: nifi_node_config derivation, MissingRoleGroupConfig error, ProductConfigKindNotSpecified error, env_vars_from_rolegroup_config import, PropertyNameKind and HashMap imports from controller.rs Co-Authored-By: Claude Opus 4.8 (1M context) --- rust/operator-binary/src/controller.rs | 67 +++++++------------ .../src/controller/validate.rs | 5 +- 2 files changed, 26 insertions(+), 46 deletions(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index dc1bc55a..2fead5af 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -1,14 +1,10 @@ //! Ensures that `Pod`s are configured and running for each [`v1alpha1::NifiCluster`]. -use std::{ - borrow::Cow, - collections::{BTreeMap, HashMap}, - sync::Arc, -}; +use std::{collections::BTreeMap, sync::Arc}; use const_format::concatcp; use indoc::formatdoc; -use product_config::{ProductConfigManager, types::PropertyNameKind}; +use product_config::ProductConfigManager; use snafu::{OptionExt, ResultExt, Snafu}; use stackable_operator::{ builder::{ @@ -45,7 +41,6 @@ use stackable_operator::{ kvp::{Labels, ObjectLabels}, logging::controller::ReconcilerError, memory::{BinaryMultiple, MemoryQuantity}, - product_config_utils::env_vars_from_rolegroup_config, product_logging::{ self, framework::{ @@ -100,6 +95,7 @@ use crate::{ }, service::{build_rolegroup_headless_service, build_rolegroup_metrics_service}, }; +use validate::NifiRoleGroupConfig; pub const NIFI_CONTROLLER_NAME: &str = "nificluster"; pub const NIFI_FULL_CONTROLLER_NAME: &str = concatcp!(NIFI_CONTROLLER_NAME, '.', OPERATOR_NAME); @@ -194,9 +190,6 @@ pub enum Error { source: stackable_operator::builder::meta::Error, }, - #[snafu(display("Failed to find information about file [{}] in product config", kind))] - ProductConfigKindNotSpecified { kind: String }, - #[snafu(display("illegal container name: [{container_name}]"))] IllegalContainerName { source: stackable_operator::builder::pod::container::Error, @@ -298,9 +291,6 @@ pub enum Error { #[snafu(display("failed to build authorization configuration"))] AuthorizationConfiguration { source: authorization::Error }, - - #[snafu(display("missing role group config for rolegroup {rolegroup_name}"))] - MissingRoleGroupConfig { rolegroup_name: String }, } type Result = std::result::Result; @@ -342,7 +332,6 @@ pub async fn reconcile_nifi( let resolved_product_image = &validated.image; let authentication_config = &validated.cluster_config.authentication; let authorization_config = &validated.cluster_config.authorization; - let validated_config = &validated.validated_role_config; tracing::info!("Checking for sensitive key configuration"); check_or_generate_sensitive_key(client, nifi) @@ -387,11 +376,6 @@ pub async fn reconcile_nifi( ) .context(CreateClusterResourcesSnafu)?; - let nifi_node_config = validated_config - .get(&NifiRole::Node.to_string()) - .map(Cow::Borrowed) - .unwrap_or_default(); - if let NifiAuthenticationConfig::Oidc { .. } = authentication_config { check_or_generate_oidc_admin_password(client, nifi) .await @@ -420,7 +404,11 @@ pub async fn reconcile_nifi( let mut ss_cond_builder = StatefulSetConditionBuilder::default(); let nifi_role = NifiRole::Node; - for (rolegroup_name, rolegroup_config) in nifi_node_config.iter() { + let node_role_group_configs = validated + .role_group_configs + .get(&NifiRole::Node) + .context(NoNodesDefinedSnafu)?; + for (rolegroup_name, rg) in node_role_group_configs.iter() { let rg_span = tracing::info_span!("rolegroup_span", rolegroup = rolegroup_name.as_str()); async { let rolegroup = nifi.node_rolegroup_ref(rolegroup_name); @@ -431,18 +419,10 @@ pub async fn reconcile_nifi( .merged_config(&NifiRole::Node, rolegroup_name) .context(FailedToResolveConfigSnafu)?; - let rg = validated - .role_group_configs - .get(&NifiRole::Node) - .and_then(|g| g.get(rolegroup_name)) - .context(MissingRoleGroupConfigSnafu { - rolegroup_name: rolegroup_name.clone(), - })?; - let git_sync_resources = git_sync::v1alpha2::GitSyncResources::new( &nifi.spec.cluster_config.custom_components_git_sync, resolved_product_image, - &env_vars_from_rolegroup_config(rolegroup_config), + &env_vars_from_overrides(&rg.env_overrides), &[], LOG_VOLUME_NAME, &merged_config.logging.for_container(&Container::GitSync), @@ -500,7 +480,7 @@ pub async fn reconcile_nifi( &client.kubernetes_cluster_info, &rolegroup, role, - rolegroup_config, + rg, &merged_config, authentication_config, authorization_config, @@ -655,6 +635,18 @@ pub async fn reconcile_nifi( const USERDATA_MOUNTPOINT: &str = "/stackable/userdata"; +/// Build a `Vec` from a plain `BTreeMap` of env overrides. +fn env_vars_from_overrides(env_overrides: &BTreeMap) -> Vec { + env_overrides + .iter() + .map(|(name, value)| EnvVar { + name: name.clone(), + value: Some(value.clone()), + ..EnvVar::default() + }) + .collect() +} + /// The rolegroup [`StatefulSet`] runs the rolegroup, as configured by the administrator. /// /// The [`Pod`](`stackable_operator::k8s_openapi::api::core::v1::Pod`)s are accessible through the @@ -666,7 +658,7 @@ async fn build_node_rolegroup_statefulset( cluster_info: &KubernetesClusterInfo, rolegroup_ref: &RoleGroupRef, role: &NifiRoleType, - rolegroup_config: &HashMap>, + rg: &NifiRoleGroupConfig, merged_config: &NifiConfig, authentication_config: &NifiAuthenticationConfig, authorization_config: &ResolvedNifiAuthorizationConfig, @@ -679,18 +671,7 @@ async fn build_node_rolegroup_statefulset( let role_group = role.role_groups.get(&rolegroup_ref.role_group); // get env vars and env overrides - let mut env_vars: Vec = rolegroup_config - .get(&PropertyNameKind::Env) - .with_context(|| ProductConfigKindNotSpecifiedSnafu { - kind: "ENV".to_string(), - })? - .iter() - .map(|(k, v)| EnvVar { - name: k.clone(), - value: Some(v.clone()), - ..EnvVar::default() - }) - .collect(); + let mut env_vars: Vec = env_vars_from_overrides(&rg.env_overrides); // we need the POD_NAME env var to overwrite `nifi.cluster.node.address` later env_vars.push(EnvVar { diff --git a/rust/operator-binary/src/controller/validate.rs b/rust/operator-binary/src/controller/validate.rs index 47a424f0..c1533e46 100644 --- a/rust/operator-binary/src/controller/validate.rs +++ b/rust/operator-binary/src/controller/validate.rs @@ -82,11 +82,10 @@ pub struct ValidatedCluster { #[allow(dead_code)] pub name: String, pub image: ResolvedProductImage, - // Not yet consumed — Tasks 4-6 will use this to replace the product-config pipeline. - #[allow(dead_code)] pub role_group_configs: BTreeMap>, pub cluster_config: ValidatedClusterConfig, - // Temporary: retained until a later task migrates the configmap builder off product-config. + // Populated but no longer read — removed in Task 7 along with the product-config dependency. + #[allow(dead_code)] // removed in Task 7 along with the product-config dependency pub validated_role_config: ValidatedRoleConfigByPropertyKind, } From f4fb9eb5923a8f9bf33fcb7bfef6d6de76c75bd7 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 3 Jun 2026 22:31:04 +0200 Subject: [PATCH 08/16] chore: remove product-config dependency Drop the `product-config` crate from workspace and operator-binary Cargo.toml, delete the now-unused `validated_role_config` field and `validated_product_config()` pipeline, remove ProductConfigManager from Ctx and main.rs, empty both properties.yaml files to their stub form, and apply two small nits (use `nifi_role` binding consistently, drop stale env-var comment). Co-Authored-By: Claude Opus 4.8 (1M context) --- Cargo.lock | 1 - Cargo.toml | 1 - deploy/config-spec/properties.yaml | 41 +---------- .../nifi-operator/configs/properties.yaml | 41 +---------- rust/operator-binary/Cargo.toml | 1 - rust/operator-binary/src/config/mod.rs | 71 ++----------------- rust/operator-binary/src/controller.rs | 8 +-- .../src/controller/validate.rs | 22 ------ rust/operator-binary/src/crd/mod.rs | 30 -------- rust/operator-binary/src/main.rs | 8 +-- 10 files changed, 11 insertions(+), 213 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7d7f04c7..123bd3ef 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3017,7 +3017,6 @@ dependencies = [ "indoc", "java-properties", "pin-project", - "product-config", "rand 0.10.1", "rstest", "semver", diff --git a/Cargo.toml b/Cargo.toml index f14b7085..ab7f24b3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,6 @@ edition = "2021" repository = "https://github.com/stackabletech/nifi-operator" [workspace.dependencies] -product-config = { git = "https://github.com/stackabletech/product-config.git", tag = "0.8.0" } stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.111.0", features = ["webhook"] } anyhow = "1.0" diff --git a/deploy/config-spec/properties.yaml b/deploy/config-spec/properties.yaml index 1fcb04f3..9bd8c3b2 100644 --- a/deploy/config-spec/properties.yaml +++ b/deploy/config-spec/properties.yaml @@ -1,42 +1,5 @@ +--- version: 0.1.0 spec: units: [] - -properties: - - property: - propertyNames: - - name: "networkaddress.cache.ttl" - kind: - type: "file" - file: "security.properties" - datatype: - type: "integer" - min: "0" - recommendedValues: - - fromVersion: "0.0.0" - value: "30" - roles: - - name: "node" - required: true - asOfVersion: "0.0.0" - comment: "TTL for successfully resolved domain names." - description: "TTL for successfully resolved domain names." - - - property: - propertyNames: - - name: "networkaddress.cache.negative.ttl" - kind: - type: "file" - file: "security.properties" - datatype: - type: "integer" - min: "0" - recommendedValues: - - fromVersion: "0.0.0" - value: "0" - roles: - - name: "node" - required: true - asOfVersion: "0.0.0" - comment: "TTL for host names that cannot be resolved." - description: "TTL for host names that cannot be resolved." +properties: [] diff --git a/deploy/helm/nifi-operator/configs/properties.yaml b/deploy/helm/nifi-operator/configs/properties.yaml index 1fcb04f3..9bd8c3b2 100644 --- a/deploy/helm/nifi-operator/configs/properties.yaml +++ b/deploy/helm/nifi-operator/configs/properties.yaml @@ -1,42 +1,5 @@ +--- version: 0.1.0 spec: units: [] - -properties: - - property: - propertyNames: - - name: "networkaddress.cache.ttl" - kind: - type: "file" - file: "security.properties" - datatype: - type: "integer" - min: "0" - recommendedValues: - - fromVersion: "0.0.0" - value: "30" - roles: - - name: "node" - required: true - asOfVersion: "0.0.0" - comment: "TTL for successfully resolved domain names." - description: "TTL for successfully resolved domain names." - - - property: - propertyNames: - - name: "networkaddress.cache.negative.ttl" - kind: - type: "file" - file: "security.properties" - datatype: - type: "integer" - min: "0" - recommendedValues: - - fromVersion: "0.0.0" - value: "0" - roles: - - name: "node" - required: true - asOfVersion: "0.0.0" - comment: "TTL for host names that cannot be resolved." - description: "TTL for host names that cannot be resolved." +properties: [] diff --git a/rust/operator-binary/Cargo.toml b/rust/operator-binary/Cargo.toml index cd7fc147..2539a0d4 100644 --- a/rust/operator-binary/Cargo.toml +++ b/rust/operator-binary/Cargo.toml @@ -9,7 +9,6 @@ repository.workspace = true publish = false [dependencies] -product-config.workspace = true stackable-operator.workspace = true anyhow.workspace = true diff --git a/rust/operator-binary/src/config/mod.rs b/rust/operator-binary/src/config/mod.rs index cff95f96..78e6c47f 100644 --- a/rust/operator-binary/src/config/mod.rs +++ b/rust/operator-binary/src/config/mod.rs @@ -1,20 +1,9 @@ -use std::{ - collections::{BTreeMap, HashMap}, - fmt::Write, -}; - -use product_config::{ProductConfigManager, types::PropertyNameKind}; -use snafu::{ResultExt, Snafu}; -use stackable_operator::product_config_utils::{ - ValidatedRoleConfigByPropertyKind, transform_all_roles_to_config, - validate_all_roles_and_groups_config, -}; +use std::{collections::BTreeMap, fmt::Write}; + +use snafu::Snafu; use strum::{Display, EnumIter}; -use crate::{ - crd::{NifiRole, NifiRoleType, v1alpha1}, - security::oidc, -}; +use crate::security::oidc; pub mod jvm; @@ -24,7 +13,6 @@ pub const NIFI_PVC_STORAGE_DIRECTORY: &str = "/stackable/data"; pub const NIFI_BOOTSTRAP_CONF: &str = "bootstrap.conf"; pub const NIFI_PROPERTIES: &str = "nifi.properties"; -pub const NIFI_STATE_MANAGEMENT_XML: &str = "state-management.xml"; pub const JVM_SECURITY_PROPERTIES_FILE: &str = "security.properties"; #[derive(Debug, Display, EnumIter)] @@ -56,22 +44,12 @@ impl NifiRepository { #[derive(Snafu, Debug)] #[snafu(visibility(pub(crate)))] pub enum Error { - #[snafu(display("invalid product config"))] - InvalidProductConfig { - source: stackable_operator::product_config_utils::Error, - }, - #[snafu(display("invalid memory resource configuration - missing default or value in crd?"))] MissingMemoryResourceConfig, #[snafu(display("invalid JVM config"))] InvalidJVMConfig { source: jvm::Error }, - #[snafu(display("failed to transform product configs"))] - ProductConfigTransform { - source: stackable_operator::product_config_utils::Error, - }, - #[snafu(display("failed to calculate storage quota for {repo} repository"))] CalculateStorageQuota { source: stackable_operator::memory::Error, @@ -87,47 +65,6 @@ pub enum Error { Nifi1RequiresZookeeper, } -/// Defines all required roles and their required configuration. In this case we need three files: -/// `bootstrap.conf`, `nifi.properties` and `state-management.xml`. -/// -/// We do not require any env variables yet. We will however utilize them to change the -/// configuration directory - check for more detail. -/// -/// The roles and their configs are then validated and complemented by the product config. -/// -/// # Arguments -/// * `resource` - The NifiCluster containing the role definitions. -/// * `version` - The NifiCluster version. -/// * `product_config` - The product config to validate and complement the user config. -/// -pub fn validated_product_config( - resource: &v1alpha1::NifiCluster, - version: &str, - role: &NifiRoleType, - product_config: &ProductConfigManager, -) -> Result { - let mut roles = HashMap::new(); - roles.insert( - NifiRole::Node.to_string(), - ( - vec![ - PropertyNameKind::File(NIFI_BOOTSTRAP_CONF.to_string()), - PropertyNameKind::File(NIFI_PROPERTIES.to_string()), - PropertyNameKind::File(NIFI_STATE_MANAGEMENT_XML.to_string()), - PropertyNameKind::File(JVM_SECURITY_PROPERTIES_FILE.to_string()), - PropertyNameKind::Env, - ], - role.clone(), - ), - ); - - let role_config = - transform_all_roles_to_config(resource, &roles).context(ProductConfigTransformSnafu)?; - - validate_all_roles_and_groups_config(version, &role_config, product_config, false, false) - .context(InvalidProductConfigSnafu) -} - // TODO: Use crate like https://crates.io/crates/java-properties (currently does not work for Nifi // because of escapes), to have save handling of escapes etc. pub(crate) fn format_properties(properties: BTreeMap) -> String { diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 2fead5af..8c96eeac 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -4,7 +4,6 @@ use std::{collections::BTreeMap, sync::Arc}; use const_format::concatcp; use indoc::formatdoc; -use product_config::ProductConfigManager; use snafu::{OptionExt, ResultExt, Snafu}; use stackable_operator::{ builder::{ @@ -105,7 +104,6 @@ const LOG_VOLUME_NAME: &str = "log"; pub struct Ctx { pub client: Client, - pub product_config: ProductConfigManager, pub operator_environment: OperatorEnvironmentOptions, } @@ -324,7 +322,6 @@ pub async fn reconcile_nifi( nifi, &dereferenced_objects, &ctx.operator_environment, - &ctx.product_config, &client.kubernetes_cluster_info, ) .context(ValidateClusterSnafu)?; @@ -406,7 +403,7 @@ pub async fn reconcile_nifi( let nifi_role = NifiRole::Node; let node_role_group_configs = validated .role_group_configs - .get(&NifiRole::Node) + .get(&nifi_role) .context(NoNodesDefinedSnafu)?; for (rolegroup_name, rg) in node_role_group_configs.iter() { let rg_span = tracing::info_span!("rolegroup_span", rolegroup = rolegroup_name.as_str()); @@ -416,7 +413,7 @@ pub async fn reconcile_nifi( tracing::debug!("Processing rolegroup {}", rolegroup); let merged_config = nifi - .merged_config(&NifiRole::Node, rolegroup_name) + .merged_config(&nifi_role, rolegroup_name) .context(FailedToResolveConfigSnafu)?; let git_sync_resources = git_sync::v1alpha2::GitSyncResources::new( @@ -670,7 +667,6 @@ async fn build_node_rolegroup_statefulset( tracing::debug!("Building statefulset"); let role_group = role.role_groups.get(&rolegroup_ref.role_group); - // get env vars and env overrides let mut env_vars: Vec = env_vars_from_overrides(&rg.env_overrides); // we need the POD_NAME env var to overwrite `nifi.cluster.node.address` later diff --git a/rust/operator-binary/src/controller/validate.rs b/rust/operator-binary/src/controller/validate.rs index c1533e46..4c592f8f 100644 --- a/rust/operator-binary/src/controller/validate.rs +++ b/rust/operator-binary/src/controller/validate.rs @@ -5,20 +5,17 @@ use std::collections::{BTreeMap, HashSet}; -use product_config::ProductConfigManager; use snafu::{OptionExt, ResultExt, Snafu}; use stackable_operator::{ cli::OperatorEnvironmentOptions, commons::product_image_selection::{self, ResolvedProductImage}, kube::ResourceExt as _, - product_config_utils::ValidatedRoleConfigByPropertyKind, role_utils::JavaCommonConfig, utils::cluster_info::KubernetesClusterInfo, }; use strum::{EnumDiscriminants, IntoStaticStr}; use crate::{ - config::{self, validated_product_config}, controller::dereference::DereferencedObjects, crd::{ HTTPS_PORT, NifiConfig, NifiRole, sensitive_properties, @@ -47,12 +44,6 @@ pub enum Error { #[snafu(display("invalid NiFi authentication configuration"))] InvalidAuthenticationConfig { source: authentication::Error }, - #[snafu(display("failed to load product config"))] - ProductConfigLoadFailed { - #[snafu(source(from(config::Error, Box::new)))] - source: Box, - }, - #[snafu(display("failed to build reporting task service name"))] ReportingTask { source: crate::reporting_task::Error, @@ -84,9 +75,6 @@ pub struct ValidatedCluster { pub image: ResolvedProductImage, pub role_group_configs: BTreeMap>, pub cluster_config: ValidatedClusterConfig, - // Populated but no longer read — removed in Task 7 along with the product-config dependency. - #[allow(dead_code)] // removed in Task 7 along with the product-config dependency - pub validated_role_config: ValidatedRoleConfigByPropertyKind, } pub struct ValidatedClusterConfig { @@ -105,7 +93,6 @@ pub fn validate( nifi: &v1alpha1::NifiCluster, dereferenced_objects: &DereferencedObjects, operator_environment: &OperatorEnvironmentOptions, - product_config: &ProductConfigManager, cluster_info: &KubernetesClusterInfo, ) -> Result { let image = nifi @@ -127,14 +114,6 @@ pub fn validate( &dereferenced_objects.authorization, ); - let validated_role_config = validated_product_config( - nifi, - &image.product_version, - nifi.spec.nodes.as_ref().context(NoNodesDefinedSnafu)?, - product_config, - ) - .context(ProductConfigLoadFailedSnafu)?; - let proxy_hosts = compute_proxy_hosts(nifi, cluster_info)?; let sensitive_properties_algorithm = nifi @@ -159,7 +138,6 @@ pub fn validate( clustering_backend: nifi.spec.cluster_config.clustering_backend.clone(), sensitive_properties_algorithm, }, - validated_role_config, }) } diff --git a/rust/operator-binary/src/crd/mod.rs b/rust/operator-binary/src/crd/mod.rs index d2209b0f..1539d9be 100644 --- a/rust/operator-binary/src/crd/mod.rs +++ b/rust/operator-binary/src/crd/mod.rs @@ -33,7 +33,6 @@ use stackable_operator::{ }, kube::{CustomResource, ResourceExt, runtime::reflector::ObjectRef}, memory::MemoryQuantity, - product_config_utils::{self, Configuration}, product_logging::{self, spec::Logging}, role_utils::{GenericRoleConfig, JavaCommonConfig, Role, RoleGroupRef}, schemars::{self, JsonSchema}, @@ -507,35 +506,6 @@ impl NifiConfig { } } -impl Configuration for NifiConfigFragment { - type Configurable = v1alpha1::NifiCluster; - - fn compute_env( - &self, - _resource: &Self::Configurable, - _role_name: &str, - ) -> Result>, product_config_utils::Error> { - Ok(BTreeMap::new()) - } - - fn compute_cli( - &self, - _resource: &Self::Configurable, - _role_name: &str, - ) -> Result>, product_config_utils::Error> { - Ok(BTreeMap::new()) - } - - fn compute_files( - &self, - _resource: &Self::Configurable, - _role_name: &str, - _file: &str, - ) -> Result>, product_config_utils::Error> { - Ok(BTreeMap::new()) - } -} - #[derive(Clone, Debug, Default, JsonSchema, PartialEq, Fragment)] #[fragment_attrs( derive( diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs index 94d50ca9..c1eee997 100644 --- a/rust/operator-binary/src/main.rs +++ b/rust/operator-binary/src/main.rs @@ -73,7 +73,7 @@ async fn main() -> anyhow::Result<()> { Command::Run(RunArguments { operator_environment, watch_namespace, - product_config, + product_config: _, maintenance, common, }) => { @@ -120,11 +120,6 @@ async fn main() -> anyhow::Result<()> { .run(sigterm_watcher.handle()) .map_err(|err| anyhow!(err).context("failed to run webhook server")); - let product_config = product_config.load(&[ - "deploy/config-spec/properties.yaml", - "/etc/stackable/nifi-operator/config-spec/properties.yaml", - ])?; - let event_recorder = Arc::new(Recorder::new( client.as_kube_client(), Reporter { @@ -183,7 +178,6 @@ async fn main() -> anyhow::Result<()> { Arc::new(controller::Ctx { client: client.clone(), operator_environment, - product_config, }), ) // We can let the reporting happen in the background From b188b0677f059f929e53cadb87d6381aace1aaf7 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 3 Jun 2026 22:45:18 +0200 Subject: [PATCH 09/16] test: add unit tests for build modules and validate Add a test_support helper in controller/build/properties.rs for constructing a minimal ValidatedCluster without Kubernetes API access (direct construction chosen over validate::validate() because the latter requires DereferencedAuthenticationClasses fetched from the API). Tests added: - nifi_properties: test_stable_keys_present (HTTPS port, cluster node, Kubernetes election impl, sensitive-props algorithm, proxy host wildcard) - nifi_properties: test_config_override_wins (configOverrides flow-through) - login_identity_providers: test_build_returns_ok_with_expected_structure - authorizers: test_build_returns_non_empty_xml_with_authorizers_root Drive-by rename: BuildProductConfig -> BuildNifiProperties (and its Snafu selector) in config_map.rs to remove the stale product-config name. Co-Authored-By: Claude Opus 4.8 (1M context) --- .../src/controller/build/config_map.rs | 4 +- .../src/controller/build/properties.rs | 138 ++++++++++++++++++ .../build/properties/authorizers.rs | 32 ++++ .../properties/login_identity_providers.rs | 25 ++++ .../build/properties/nifi_properties.rs | 114 +++++++++++++++ 5 files changed, 311 insertions(+), 2 deletions(-) diff --git a/rust/operator-binary/src/controller/build/config_map.rs b/rust/operator-binary/src/controller/build/config_map.rs index 1964c5fe..9fe7c757 100644 --- a/rust/operator-binary/src/controller/build/config_map.rs +++ b/rust/operator-binary/src/controller/build/config_map.rs @@ -40,7 +40,7 @@ pub enum Error { }, #[snafu(display("failed to prepare NiFi configuration for rolegroup {rolegroup}"))] - BuildProductConfig { + BuildNifiProperties { #[snafu(source(from(crate::config::Error, Box::new)))] source: Box, rolegroup: RoleGroupRef, @@ -115,7 +115,7 @@ pub fn build_rolegroup_config_map( .add_data( ConfigFileName::NifiProperties.to_string(), nifi_properties::build(cluster, rg, git_sync_resources).with_context(|_| { - BuildProductConfigSnafu { + BuildNifiPropertiesSnafu { rolegroup: rolegroup.clone(), } })?, diff --git a/rust/operator-binary/src/controller/build/properties.rs b/rust/operator-binary/src/controller/build/properties.rs index cf384e95..96d781f8 100644 --- a/rust/operator-binary/src/controller/build/properties.rs +++ b/rust/operator-binary/src/controller/build/properties.rs @@ -54,3 +54,141 @@ pub(crate) fn resolved_overrides_for( .get_key_value_overrides(&file.to_string()), ) } + +/// Test helpers for constructing a minimal [`ValidatedCluster`] and related types without +/// requiring Kubernetes API access. +/// +/// # Design choice — direct construction vs. `validate::validate()` +/// +/// NiFi's `validate::validate()` calls `NifiAuthenticationConfig::validate()`, which requires a +/// `DereferencedAuthenticationClasses` value populated with real `AuthenticationClass` objects +/// fetched from the Kubernetes API. Fabricating those objects in unit tests would require +/// pulling in serialized CRD YAML for operator-rs types that are not part of the nifi-operator +/// crate and would be fragile to upstream changes. +/// +/// Instead, we construct [`ValidatedCluster`] directly from its public fields. The +/// `NifiAuthenticationConfig::SingleUser` variant contains only an +/// `r#static::v1alpha1::AuthenticationProvider` (a small struct with a single `Secret` name), +/// which we can build without any Kubernetes interaction. For +/// `ResolvedNifiAuthorizationConfig` and `proxy_hosts` we pick the simplest variants. +/// +/// Role-group configs are built via `with_validated_config` on a parsed `NifiCluster`, +/// exactly as the existing `bootstrap_conf` tests do — the YAML fixture is minimal and +/// self-contained. +#[cfg(test)] +pub(crate) mod test_support { + use std::collections::BTreeMap; + + use stackable_operator::{ + commons::product_image_selection::ResolvedProductImage, + crd::authentication::r#static::v1alpha1::{ + AuthenticationProvider as StaticAuthProvider, UserCredentialsSecretRef, + }, + kube::ResourceExt as _, + kvp::LabelValue, + }; + + use crate::{ + controller::validate::{NifiRoleGroupConfig, ValidatedCluster, ValidatedClusterConfig}, + crd::{NifiConfig, NifiRole, v1alpha1}, + framework::role_utils::with_validated_config, + security::{ + authentication::NifiAuthenticationConfig, + authorization::ResolvedNifiAuthorizationConfig, + }, + }; + + /// A minimal NiFi cluster YAML. Mirrors the fixture used by bootstrap_conf tests, + /// stripped down to the mandatory fields only (NiFi 2.x, Kubernetes clustering backend, + /// SingleUser auth). + pub const MINIMAL_NIFI_YAML: &str = r#" + apiVersion: nifi.stackable.tech/v1alpha1 + kind: NifiCluster + metadata: + name: simple-nifi + namespace: default + spec: + image: + productVersion: 2.9.0 + clusterConfig: + authentication: + - authenticationClass: nifi-admin-credentials-simple + sensitiveProperties: + keySecret: simple-nifi-sensitive-property-key + autoGenerate: true + nodes: + roleGroups: + default: + replicas: 1 + "#; + + /// Build a minimal [`ValidatedCluster`] directly (without Kubernetes API access). + /// + /// The cluster uses: + /// - NiFi 2.9.0 (product version) + /// - `SingleUser` authentication + /// - `SingleUser` authorization (no OPA, no file-based) + /// - `allow_all = true` proxy hosts (i.e. `"*"`) + /// - Kubernetes clustering backend + /// - Default `NifiArgon2AesGcm256` sensitive-properties algorithm + pub fn minimal_validated_cluster() -> ValidatedCluster { + let nifi: v1alpha1::NifiCluster = + serde_yaml::from_str(MINIMAL_NIFI_YAML).expect("invalid test YAML"); + + let nifi_role = NifiRole::Node; + let role = nifi.spec.nodes.as_ref().unwrap(); + let default_config = NifiConfig::default_config(&nifi.name_any(), &nifi_role); + + let mut role_groups: BTreeMap = BTreeMap::new(); + for (rg_name, rg) in &role.role_groups { + let validated_rg = + with_validated_config::(rg, role, &default_config) + .expect("with_validated_config should succeed for minimal fixture"); + role_groups.insert(rg_name.clone(), validated_rg); + } + let mut role_group_configs = BTreeMap::new(); + role_group_configs.insert(NifiRole::Node, role_groups); + + let image = ResolvedProductImage { + product_version: "2.9.0".to_string(), + app_version_label_value: "2.9.0".parse::().unwrap(), + image: "oci.stackable.tech/sdp/nifi:2.9.0-stackable0.0.0-dev".to_string(), + image_pull_policy: "IfNotPresent".to_string(), + pull_secrets: None, + }; + + ValidatedCluster { + name: "simple-nifi".to_string(), + image, + role_group_configs, + cluster_config: ValidatedClusterConfig { + authentication: NifiAuthenticationConfig::SingleUser { + provider: StaticAuthProvider { + user_credentials_secret: UserCredentialsSecretRef { + name: "nifi-admin-credentials-simple".to_string(), + }, + }, + }, + authorization: ResolvedNifiAuthorizationConfig::SingleUser, + proxy_hosts: "*".to_string(), + clustering_backend: v1alpha1::NifiClusteringBackend::Kubernetes {}, + sensitive_properties_algorithm: Default::default(), // NifiArgon2AesGcm256 + }, + } + } + + /// Return the "default" role-group config from a [`ValidatedCluster`]. + pub fn default_rg(cluster: &ValidatedCluster) -> &NifiRoleGroupConfig { + cluster + .role_group_configs + .get(&NifiRole::Node) + .and_then(|rgs| rgs.get("default")) + .expect("minimal_validated_cluster must contain a 'default' role group") + } + + /// Build an empty [`GitSyncResources`] (no git-sync configured). + pub fn empty_git_sync_resources() + -> stackable_operator::crd::git_sync::v1alpha2::GitSyncResources { + stackable_operator::crd::git_sync::v1alpha2::GitSyncResources::default() + } +} diff --git a/rust/operator-binary/src/controller/build/properties/authorizers.rs b/rust/operator-binary/src/controller/build/properties/authorizers.rs index aae33f4d..48e8b563 100644 --- a/rust/operator-binary/src/controller/build/properties/authorizers.rs +++ b/rust/operator-binary/src/controller/build/properties/authorizers.rs @@ -9,3 +9,35 @@ pub fn build(cluster: &ValidatedCluster, nifi: &v1alpha1::NifiCluster) -> String .authorization .get_authorizers_config(nifi) } + +#[cfg(test)] +mod tests { + use super::*; + use crate::controller::build::properties::test_support::{ + MINIMAL_NIFI_YAML, minimal_validated_cluster, + }; + + #[test] + fn test_build_returns_non_empty_xml_with_authorizers_root() { + let cluster = minimal_validated_cluster(); + let nifi: v1alpha1::NifiCluster = + serde_yaml::from_str(MINIMAL_NIFI_YAML).expect("invalid test YAML"); + + let xml = build(&cluster, &nifi); + + assert!(!xml.is_empty(), "authorizers.xml should not be empty"); + assert!( + xml.contains(""), + "output must contain root element" + ); + assert!( + xml.contains(""), + "output must contain closing tag" + ); + // For SingleUser authorization we expect the SingleUserAuthorizer class + assert!( + xml.contains("SingleUserAuthorizer"), + "expected SingleUserAuthorizer for SingleUser authorization" + ); + } +} diff --git a/rust/operator-binary/src/controller/build/properties/login_identity_providers.rs b/rust/operator-binary/src/controller/build/properties/login_identity_providers.rs index 02e6a12b..3993a67a 100644 --- a/rust/operator-binary/src/controller/build/properties/login_identity_providers.rs +++ b/rust/operator-binary/src/controller/build/properties/login_identity_providers.rs @@ -8,3 +8,28 @@ pub fn build(cluster: &ValidatedCluster) -> Result"), + "output must contain root element" + ); + assert!( + xml.contains("SingleUserLoginIdentityProvider"), + "expected SingleUserLoginIdentityProvider class for SingleUser auth" + ); + assert!( + xml.contains(""), + "output must contain closing tag" + ); + } +} diff --git a/rust/operator-binary/src/controller/build/properties/nifi_properties.rs b/rust/operator-binary/src/controller/build/properties/nifi_properties.rs index 7e1afbf5..a8b66f19 100644 --- a/rust/operator-binary/src/controller/build/properties/nifi_properties.rs +++ b/rust/operator-binary/src/controller/build/properties/nifi_properties.rs @@ -584,3 +584,117 @@ fn storage_quantity_to_nifi(quantity: MemoryQuantity) -> String { .value ) } + +#[cfg(test)] +mod tests { + use super::*; + use crate::{ + controller::build::properties::test_support::{ + default_rg, empty_git_sync_resources, minimal_validated_cluster, + }, + crd::HTTPS_PORT, + }; + + /// Verify that core stable keys are present in the rendered nifi.properties with their + /// expected values. Assertions are on substrings — they do NOT assert the full file. + #[test] + fn test_stable_keys_present() { + let cluster = minimal_validated_cluster(); + let rg = default_rg(&cluster); + let git_sync = empty_git_sync_resources(); + + let props = build(&cluster, rg, &git_sync).expect("build should succeed"); + + // HTTPS port + assert!( + props.contains(&format!("nifi.web.https.port={HTTPS_PORT}")), + "expected nifi.web.https.port={HTTPS_PORT} in output, got:\n{props}" + ); + + // Clustering enabled + assert!( + props.contains("nifi.cluster.is.node=true"), + "expected nifi.cluster.is.node=true in output" + ); + + // Kubernetes clustering backend sets the Kubernetes election implementation + assert!( + props.contains( + "nifi.cluster.leader.election.implementation=KubernetesLeaderElectionManager" + ), + "expected KubernetesLeaderElectionManager in output" + ); + + // Sensitive-properties algorithm default (NifiArgon2AesGcm256) + assert!( + props.contains("nifi.sensitive.props.algorithm=NIFI_ARGON2_AES_GCM_256"), + "expected default algorithm NIFI_ARGON2_AES_GCM_256 in output" + ); + + // Proxy hosts wildcard from allow_all + assert!( + props.contains("nifi.web.proxy.host=*"), + "expected nifi.web.proxy.host=* in output" + ); + } + + /// Verify that a user configOverride for `nifi.properties` flows through to the output. + #[test] + fn test_config_override_wins() { + use stackable_operator::kube::ResourceExt as _; + + use crate::crd::{NifiConfig, NifiRole, v1alpha1}; + use crate::framework::role_utils::with_validated_config; + + let yaml = r#" + apiVersion: nifi.stackable.tech/v1alpha1 + kind: NifiCluster + metadata: + name: simple-nifi + namespace: default + spec: + image: + productVersion: 2.9.0 + clusterConfig: + authentication: + - authenticationClass: nifi-admin-credentials-simple + sensitiveProperties: + keySecret: simple-nifi-sensitive-property-key + autoGenerate: true + nodes: + roleGroups: + default: + replicas: 1 + configOverrides: + nifi.properties: + some.custom.key: some-custom-value + "#; + let nifi: v1alpha1::NifiCluster = serde_yaml::from_str(yaml).expect("invalid test YAML"); + let role = nifi.spec.nodes.as_ref().unwrap(); + let default_config = NifiConfig::default_config(&nifi.name_any(), &NifiRole::Node); + let rg = with_validated_config::( + role.role_groups.get("default").unwrap(), + role, + &default_config, + ) + .expect("with_validated_config should succeed"); + + // Build a cluster with this rg substituted in + let mut cluster = minimal_validated_cluster(); + cluster + .role_group_configs + .get_mut(&NifiRole::Node) + .unwrap() + .insert("default".to_string(), rg.clone()); + + let git_sync = empty_git_sync_resources(); + let props = build(&cluster, &rg, &git_sync).expect("build with override should succeed"); + + assert!( + props.contains("some.custom.key=some-custom-value"), + "expected user override some.custom.key=some-custom-value to appear in output" + ); + // The HTTPS port should still be present + assert!(props.contains(&format!("nifi.web.https.port={HTTPS_PORT}"))); + } +} From c91ba38b71e52c74b01094d3d0d035db0ecf9ffd Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 3 Jun 2026 22:57:45 +0200 Subject: [PATCH 10/16] docs: fix vendored role_utils doc (BTreeMap, nifi) Co-Authored-By: Claude Opus 4.8 (1M context) --- rust/operator-binary/src/framework/role_utils.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/operator-binary/src/framework/role_utils.rs b/rust/operator-binary/src/framework/role_utils.rs index d426b7a2..ed5a04b8 100644 --- a/rust/operator-binary/src/framework/role_utils.rs +++ b/rust/operator-binary/src/framework/role_utils.rs @@ -2,7 +2,7 @@ //! `smooth-operator` branch, with simplifications appropriate for nifi-operator. //! //! Differences from upstream: -//! - `env_overrides` is `HashMap` instead of `EnvVarSet`. +//! - `env_overrides` is `BTreeMap` instead of `EnvVarSet`. //! - No `cli_overrides_to_vec` helper, `ResourceNames`, or service-account helpers. //! - The `CommonConfig` (a.k.a. `product_specific_common_config`) does NOT need to //! implement `Merge`. Upstream Trino uses `JavaCommonConfig`, which intentionally @@ -28,7 +28,7 @@ use stackable_operator::{ schemars::JsonSchema, }; -/// Trino-friendly view of a validated, merged `RoleGroup`. +/// NiFi-friendly view of a validated, merged `RoleGroup`. /// /// Mirrors `stackable_operator::v2::role_utils::RoleGroupConfig` on the /// `smooth-operator` branch, with `env_overrides: BTreeMap` From b3722937254b58c3933924773c9289623072d6f3 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 4 Jun 2026 15:30:41 +0200 Subject: [PATCH 11/16] docs: remove product-config from cli and env --- .../reference/commandline-parameters.adoc | 13 ---------- .../reference/environment-variables.adoc | 26 ------------------- 2 files changed, 39 deletions(-) diff --git a/docs/modules/nifi/pages/reference/commandline-parameters.adoc b/docs/modules/nifi/pages/reference/commandline-parameters.adoc index a2dae146..65812f3b 100644 --- a/docs/modules/nifi/pages/reference/commandline-parameters.adoc +++ b/docs/modules/nifi/pages/reference/commandline-parameters.adoc @@ -2,19 +2,6 @@ This operator accepts the following command line parameters: -== product-config - -*Default value*: `/etc/stackable/nifi-operator/config-spec/properties.yaml` - -*Required*: false - -*Multiple values:* false - -[source] ----- -stackable-nifi-operator run --product-config /foo/bar/properties.yaml ----- - == watch-namespace *Default value*: All namespaces diff --git a/docs/modules/nifi/pages/reference/environment-variables.adoc b/docs/modules/nifi/pages/reference/environment-variables.adoc index 2bfaf328..181ec54e 100644 --- a/docs/modules/nifi/pages/reference/environment-variables.adoc +++ b/docs/modules/nifi/pages/reference/environment-variables.adoc @@ -33,32 +33,6 @@ docker run \ oci.stackable.tech/sdp/nifi-operator:0.0.0-dev ---- -== PRODUCT_CONFIG - -*Default value*: `/etc/stackable/nifi-operator/config-spec/properties.yaml` - -*Required*: false - -*Multiple values*: false - -[source] ----- -export PRODUCT_CONFIG=/foo/bar/properties.yaml -stackable-nifi-operator run ----- - -or via Docker: - ----- -docker run \ - --name nifi-operator \ - --network host \ - --env KUBECONFIG=/home/stackable/.kube/config \ - --env PRODUCT_CONFIG=/my/product/config.yaml \ - --mount type=bind,source="$HOME/.kube/config",target="/home/stackable/.kube/config" \ - oci.stackable.tech/sdp/nifi-operator:0.0.0-dev ----- - == WATCH_NAMESPACE *Default value*: All namespaces From 4c30f1b80e7adc16e23a62cee10efe465c6ba7f3 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 4 Jun 2026 16:02:06 +0200 Subject: [PATCH 12/16] refactor: fix parameters in build configmap --- rust/operator-binary/src/controller.rs | 41 +++++++--------- .../src/controller/build/config_map.rs | 47 ++++++++++++++----- .../src/controller/build/properties.rs | 1 + .../src/controller/validate.rs | 46 ++++++++++++++++-- 4 files changed, 98 insertions(+), 37 deletions(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 8c96eeac..cfb9869b 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -65,6 +65,8 @@ mod build; mod dereference; mod validate; +use validate::NifiRoleGroupConfig; + use crate::{ OPERATOR_NAME, config::{NIFI_CONFIG_DIRECTORY, NIFI_PYTHON_WORKING_DIRECTORY, NifiRepository}, @@ -94,7 +96,6 @@ use crate::{ }, service::{build_rolegroup_headless_service, build_rolegroup_metrics_service}, }; -use validate::NifiRoleGroupConfig; pub const NIFI_CONTROLLER_NAME: &str = "nificluster"; pub const NIFI_FULL_CONTROLLER_NAME: &str = concatcp!(NIFI_CONTROLLER_NAME, '.', OPERATOR_NAME); @@ -197,8 +198,8 @@ pub enum Error { #[snafu(display("failed to resolve and merge config for role and role group"))] FailedToResolveConfig { source: crate::crd::Error }, - #[snafu(display("invalid git-sync specification"))] - InvalidGitSyncSpec { source: git_sync::v1alpha2::Error }, + #[snafu(display("missing git-sync resources for rolegroup [{rolegroup}]"))] + MissingGitSyncResources { rolegroup: String }, #[snafu(display("vector agent is enabled but vector aggregator ConfigMap is missing"))] VectorAggregatorConfigMapMissing, @@ -318,7 +319,7 @@ pub async fn reconcile_nifi( .context(DereferenceSnafu)?; // validate (no Kubernetes API calls required) - let validated = validate::validate( + let validated_cluster = validate::validate( nifi, &dereferenced_objects, &ctx.operator_environment, @@ -326,9 +327,9 @@ pub async fn reconcile_nifi( ) .context(ValidateClusterSnafu)?; - let resolved_product_image = &validated.image; - let authentication_config = &validated.cluster_config.authentication; - let authorization_config = &validated.cluster_config.authorization; + let resolved_product_image = &validated_cluster.image; + let authentication_config = &validated_cluster.cluster_config.authentication; + let authorization_config = &validated_cluster.cluster_config.authorization; tracing::info!("Checking for sensitive key configuration"); check_or_generate_sensitive_key(client, nifi) @@ -401,7 +402,7 @@ pub async fn reconcile_nifi( let mut ss_cond_builder = StatefulSetConditionBuilder::default(); let nifi_role = NifiRole::Node; - let node_role_group_configs = validated + let node_role_group_configs = validated_cluster .role_group_configs .get(&nifi_role) .context(NoNodesDefinedSnafu)?; @@ -416,15 +417,12 @@ pub async fn reconcile_nifi( .merged_config(&nifi_role, rolegroup_name) .context(FailedToResolveConfigSnafu)?; - let git_sync_resources = git_sync::v1alpha2::GitSyncResources::new( - &nifi.spec.cluster_config.custom_components_git_sync, - resolved_product_image, - &env_vars_from_overrides(&rg.env_overrides), - &[], - LOG_VOLUME_NAME, - &merged_config.logging.for_container(&Container::GitSync), - ) - .context(InvalidGitSyncSpecSnafu)?; + let git_sync_resources = validated_cluster + .git_sync_resources + .get(rolegroup_name) + .context(MissingGitSyncResourcesSnafu { + rolegroup: rolegroup_name.clone(), + })?; let role_group_service_recommended_labels = build_recommended_labels( nifi, @@ -451,13 +449,10 @@ pub async fn reconcile_nifi( // predict, so all of them are added to the setting. // For more information see let rg_configmap = build::config_map::build_rolegroup_config_map( - nifi, - &validated, - rg, - role, + &validated_cluster, &rolegroup, - &git_sync_resources, &role_group_service_recommended_labels, + nifi, ) .context(BuildRoleGroupConfigMapSnafu { rolegroup: rolegroup.clone(), @@ -484,7 +479,7 @@ pub async fn reconcile_nifi( rolling_upgrade_supported, replicas, &rbac_sa.name_any(), - &git_sync_resources, + git_sync_resources, ) .await?; diff --git a/rust/operator-binary/src/controller/build/config_map.rs b/rust/operator-binary/src/controller/build/config_map.rs index 9fe7c757..74659f7e 100644 --- a/rust/operator-binary/src/controller/build/config_map.rs +++ b/rust/operator-binary/src/controller/build/config_map.rs @@ -1,9 +1,8 @@ //! Build per-rolegroup `ConfigMap` for the NiFi cluster. -use snafu::{ResultExt, Snafu}; +use snafu::{OptionExt, ResultExt, Snafu}; use stackable_operator::{ builder::{configmap::ConfigMapBuilder, meta::ObjectMetaBuilder}, - crd::git_sync, k8s_openapi::api::core::v1::ConfigMap, kvp::ObjectLabels, role_utils::RoleGroupRef, @@ -15,9 +14,9 @@ use crate::{ ConfigFileName, authorizers, bootstrap_conf, login_identity_providers, nifi_properties, security_properties, state_management_xml, }, - validate::{NifiRoleGroupConfig, ValidatedCluster}, + validate::ValidatedCluster, }, - crd::{NifiRoleType, v1alpha1}, + crd::{NifiRole, v1alpha1}, product_logging::extend_role_group_config_map, }; @@ -68,6 +67,15 @@ pub enum Error { InvalidNifiAuthenticationConfig { source: crate::security::authentication::Error, }, + + #[snafu(display("object has no nodes defined"))] + NoNodesDefined, + + #[snafu(display("the cluster has no rolegroup [{role_group}] in role [{role}]"))] + MissingRoleGroup { role: String, role_group: String }, + + #[snafu(display("missing git-sync resources for rolegroup [{role_group}]"))] + MissingGitSyncResources { role_group: String }, } type Result = std::result::Result; @@ -75,20 +83,37 @@ type Result = std::result::Result; /// Build the rolegroup [`ConfigMap`] configuring the rolegroup based on the /// resolved cluster configuration. /// -/// The only use of `owner` is for the OwnerReference and `name_and_namespace`. -/// All other NiFi configuration is sourced from `cluster` or `rg`. -/// `recommended_labels` must be built by the caller (typically via `build_recommended_labels`). +/// All NiFi configuration is sourced from `cluster`. The only use of `owner` is for +/// the OwnerReference, `name_and_namespace`, and the raw role spec used for JVM +/// argument merging. `recommended_labels` must be built by the caller (typically via +/// `build_recommended_labels`). pub fn build_rolegroup_config_map( - owner: &v1alpha1::NifiCluster, cluster: &ValidatedCluster, - rg: &NifiRoleGroupConfig, - role: &NifiRoleType, rolegroup: &RoleGroupRef, - git_sync_resources: &git_sync::v1alpha2::GitSyncResources, recommended_labels: &ObjectLabels<'_, v1alpha1::NifiCluster>, + owner: &v1alpha1::NifiCluster, ) -> Result { tracing::debug!("building rolegroup ConfigMap"); + let rg = cluster + .role_group_configs + .get(&NifiRole::Node) + .and_then(|groups| groups.get(&rolegroup.role_group)) + .with_context(|| MissingRoleGroupSnafu { + role: NifiRole::Node.to_string(), + role_group: rolegroup.role_group.clone(), + })?; + + // The raw role spec is only needed for JVM argument merging in `bootstrap_conf`. + let role = owner.spec.nodes.as_ref().context(NoNodesDefinedSnafu)?; + + let git_sync_resources = cluster + .git_sync_resources + .get(&rolegroup.role_group) + .with_context(|| MissingGitSyncResourcesSnafu { + role_group: rolegroup.role_group.clone(), + })?; + let mut cm_builder = ConfigMapBuilder::new(); cm_builder diff --git a/rust/operator-binary/src/controller/build/properties.rs b/rust/operator-binary/src/controller/build/properties.rs index 96d781f8..6e8ecb1f 100644 --- a/rust/operator-binary/src/controller/build/properties.rs +++ b/rust/operator-binary/src/controller/build/properties.rs @@ -161,6 +161,7 @@ pub(crate) mod test_support { name: "simple-nifi".to_string(), image, role_group_configs, + git_sync_resources: Default::default(), cluster_config: ValidatedClusterConfig { authentication: NifiAuthenticationConfig::SingleUser { provider: StaticAuthProvider { diff --git a/rust/operator-binary/src/controller/validate.rs b/rust/operator-binary/src/controller/validate.rs index 4c592f8f..7b0270d1 100644 --- a/rust/operator-binary/src/controller/validate.rs +++ b/rust/operator-binary/src/controller/validate.rs @@ -9,6 +9,7 @@ use snafu::{OptionExt, ResultExt, Snafu}; use stackable_operator::{ cli::OperatorEnvironmentOptions, commons::product_image_selection::{self, ResolvedProductImage}, + crd::git_sync, kube::ResourceExt as _, role_utils::JavaCommonConfig, utils::cluster_info::KubernetesClusterInfo, @@ -16,9 +17,9 @@ use stackable_operator::{ use strum::{EnumDiscriminants, IntoStaticStr}; use crate::{ - controller::dereference::DereferencedObjects, + controller::{LOG_VOLUME_NAME, dereference::DereferencedObjects, env_vars_from_overrides}, crd::{ - HTTPS_PORT, NifiConfig, NifiRole, sensitive_properties, + Container, HTTPS_PORT, NifiConfig, NifiRole, sensitive_properties, sensitive_properties::NifiSensitiveKeyAlgorithm, v1alpha1, }, framework::role_utils::with_validated_config, @@ -56,6 +57,9 @@ pub enum Error { #[snafu(display("invalid sensitive properties algorithm"))] InvalidSensitivePropertiesAlgorithm { source: sensitive_properties::Error }, + + #[snafu(display("invalid git-sync specification"))] + InvalidGitSyncSpec { source: git_sync::v1alpha2::Error }, } pub type NifiRoleGroupConfig = crate::framework::role_utils::RoleGroupConfig< @@ -74,6 +78,10 @@ pub struct ValidatedCluster { pub name: String, pub image: ResolvedProductImage, pub role_group_configs: BTreeMap>, + /// The git-sync resources (volumes, mounts, containers) for each Node rolegroup, + /// keyed by rolegroup name. Precomputed here so both the ConfigMap and StatefulSet + /// builders can source them from `ValidatedCluster`. + pub git_sync_resources: BTreeMap, pub cluster_config: ValidatedClusterConfig, } @@ -127,10 +135,14 @@ pub fn validate( .check_for_nifi_version(&image.product_version) .context(InvalidSensitivePropertiesAlgorithmSnafu)?; + let role_group_configs = build_role_group_configs(nifi)?; + let git_sync_resources = build_git_sync_resources(nifi, &image, &role_group_configs)?; + Ok(ValidatedCluster { name: nifi.name_any(), image, - role_group_configs: build_role_group_configs(nifi)?, + role_group_configs, + git_sync_resources, cluster_config: ValidatedClusterConfig { authentication: authentication_config, authorization: authorization_config, @@ -160,6 +172,34 @@ fn build_role_group_configs( Ok(role_group_configs) } +/// Builds the [`git_sync::v1alpha2::GitSyncResources`] for every Node rolegroup, keyed by +/// rolegroup name. The env vars and logging configuration differ per rolegroup, so the +/// resources are computed per rolegroup rather than once for the whole cluster. +fn build_git_sync_resources( + nifi: &v1alpha1::NifiCluster, + image: &ResolvedProductImage, + role_group_configs: &BTreeMap>, +) -> Result> { + let mut resources = BTreeMap::new(); + + if let Some(groups) = role_group_configs.get(&NifiRole::Node) { + for (rg_name, rg) in groups { + let git_sync_resources = git_sync::v1alpha2::GitSyncResources::new( + &nifi.spec.cluster_config.custom_components_git_sync, + image, + &env_vars_from_overrides(&rg.env_overrides), + &[], + LOG_VOLUME_NAME, + &rg.config.logging.for_container(&Container::GitSync), + ) + .context(InvalidGitSyncSpecSnafu)?; + resources.insert(rg_name.clone(), git_sync_resources); + } + } + + Ok(resources) +} + fn compute_proxy_hosts( nifi: &v1alpha1::NifiCluster, cluster_info: &KubernetesClusterInfo, From 4adfbcad1b40674fdc7ab81012e8388e58268489 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 4 Jun 2026 16:29:57 +0200 Subject: [PATCH 13/16] refactor: move product logging & lint --- .../usage_guide/exposing-processors/http.adoc | 2 +- .../src/controller/build/config_map.rs | 26 ++--- .../src/controller/build/properties.rs | 8 +- .../build/properties/bootstrap_conf.rs | 1 - .../controller/build/properties/logging.rs | 86 +++++++++++++++ .../build/properties/nifi_properties.rs | 6 +- .../build/properties/security_properties.rs | 4 +- rust/operator-binary/src/crd/mod.rs | 5 +- rust/operator-binary/src/framework.rs | 1 + .../build/properties => framework}/writer.rs | 0 rust/operator-binary/src/main.rs | 1 - rust/operator-binary/src/product_logging.rs | 103 ------------------ 12 files changed, 113 insertions(+), 130 deletions(-) create mode 100644 rust/operator-binary/src/controller/build/properties/logging.rs rename rust/operator-binary/src/{controller/build/properties => framework}/writer.rs (100%) delete mode 100644 rust/operator-binary/src/product_logging.rs diff --git a/docs/modules/nifi/pages/usage_guide/exposing-processors/http.adoc b/docs/modules/nifi/pages/usage_guide/exposing-processors/http.adoc index 0222b163..c17fe88f 100644 --- a/docs/modules/nifi/pages/usage_guide/exposing-processors/http.adoc +++ b/docs/modules/nifi/pages/usage_guide/exposing-processors/http.adoc @@ -68,7 +68,7 @@ spec: number: 8042 ---- -=== 3. Route +=== 3. Route The next step is to handle different kind of messages coming in, based on the HTTP path. diff --git a/rust/operator-binary/src/controller/build/config_map.rs b/rust/operator-binary/src/controller/build/config_map.rs index 74659f7e..c5d4d926 100644 --- a/rust/operator-binary/src/controller/build/config_map.rs +++ b/rust/operator-binary/src/controller/build/config_map.rs @@ -5,19 +5,19 @@ use stackable_operator::{ builder::{configmap::ConfigMapBuilder, meta::ObjectMetaBuilder}, k8s_openapi::api::core::v1::ConfigMap, kvp::ObjectLabels, + product_logging::framework::VECTOR_CONFIG_FILE, role_utils::RoleGroupRef, }; use crate::{ controller::{ build::properties::{ - ConfigFileName, authorizers, bootstrap_conf, login_identity_providers, nifi_properties, - security_properties, state_management_xml, + ConfigFileName, authorizers, bootstrap_conf, logging, login_identity_providers, + nifi_properties, security_properties, state_management_xml, }, validate::ValidatedCluster, }, crd::{NifiRole, v1alpha1}, - product_logging::extend_role_group_config_map, }; #[derive(Debug, Snafu)] @@ -45,12 +45,6 @@ pub enum Error { rolegroup: RoleGroupRef, }, - #[snafu(display("failed to add the logging configuration to the ConfigMap [{cm_name}]"))] - InvalidLoggingConfig { - source: crate::product_logging::Error, - cm_name: String, - }, - #[snafu(display("failed to build ConfigMap for {rolegroup}"))] BuildRoleGroupConfig { source: stackable_operator::builder::configmap::Error, @@ -59,7 +53,7 @@ pub enum Error { #[snafu(display("failed to serialize JVM security properties for {}", rolegroup))] JvmSecurityProperties { - source: crate::controller::build::properties::writer::PropertiesWriterError, + source: crate::framework::writer::PropertiesWriterError, rolegroup: String, }, @@ -167,11 +161,13 @@ pub fn build_rolegroup_config_map( })?, ); - extend_role_group_config_map(rolegroup, &rg.config.logging, &mut cm_builder).context( - InvalidLoggingConfigSnafu { - cm_name: rolegroup.object_name(), - }, - )?; + if let Some(logback_config) = logging::build_logback_config(&rg.config.logging) { + cm_builder.add_data(ConfigFileName::Logback.to_string(), logback_config); + } + + if let Some(vector_config) = logging::build_vector_config(rolegroup, &rg.config.logging) { + cm_builder.add_data(VECTOR_CONFIG_FILE, vector_config); + } cm_builder .build() diff --git a/rust/operator-binary/src/controller/build/properties.rs b/rust/operator-binary/src/controller/build/properties.rs index 6e8ecb1f..81d8969b 100644 --- a/rust/operator-binary/src/controller/build/properties.rs +++ b/rust/operator-binary/src/controller/build/properties.rs @@ -1,8 +1,8 @@ //! Per-file builders for the NiFi rolegroup ConfigMap. //! //! Each `` module produces the rendered content for one NiFi config file. -//! The shared [`writer`] module serializes `.properties`/`.conf` key/value maps to -//! the Java-properties on-wire format. +//! The shared [`crate::framework::writer`] module serializes `.properties`/`.conf` +//! key/value maps to the Java-properties on-wire format. use std::collections::BTreeMap; @@ -12,11 +12,11 @@ use crate::controller::validate::NifiRoleGroupConfig; pub mod authorizers; pub mod bootstrap_conf; +pub mod logging; pub mod login_identity_providers; pub mod nifi_properties; pub mod security_properties; pub mod state_management_xml; -pub mod writer; /// The names of the files assembled into the NiFi rolegroup ConfigMap. #[derive(Clone, Copy, Debug, strum::Display)] @@ -33,6 +33,8 @@ pub enum ConfigFileName { LoginIdentityProviders, #[strum(serialize = "authorizers.xml")] Authorizers, + #[strum(serialize = "logback.xml")] + Logback, } /// Keep only the set (`Some`) entries of a `key -> optional value` map, as `(key, value)` pairs. diff --git a/rust/operator-binary/src/controller/build/properties/bootstrap_conf.rs b/rust/operator-binary/src/controller/build/properties/bootstrap_conf.rs index c91490dd..f274db81 100644 --- a/rust/operator-binary/src/controller/build/properties/bootstrap_conf.rs +++ b/rust/operator-binary/src/controller/build/properties/bootstrap_conf.rs @@ -54,7 +54,6 @@ pub fn build( #[cfg(test)] mod tests { use indoc::indoc; - use stackable_operator::kube::ResourceExt as _; use super::*; diff --git a/rust/operator-binary/src/controller/build/properties/logging.rs b/rust/operator-binary/src/controller/build/properties/logging.rs new file mode 100644 index 00000000..32d8086c --- /dev/null +++ b/rust/operator-binary/src/controller/build/properties/logging.rs @@ -0,0 +1,86 @@ +//! Builds the logback and Vector logging configuration for the rolegroup `ConfigMap`. + +use stackable_operator::{ + memory::BinaryMultiple, + product_logging::{ + self, + spec::{ContainerLogConfig, ContainerLogConfigChoice, Logging}, + }, + role_utils::RoleGroupRef, +}; + +use crate::crd::{Container, MAX_NIFI_LOG_FILES_SIZE, STACKABLE_LOG_DIR, v1alpha1}; + +pub const NIFI_LOG_FILE: &str = "nifi.log4j.xml"; + +const CONSOLE_CONVERSION_PATTERN: &str = "%date %level [%thread] %logger{40} %msg%n"; +// This is required to remove double entries in the nifi.log4j.xml as well as nested +// console output like: " ... ... +const ADDITIONAL_LOGBACK_CONFIG: &str = r#" + + %msg%n + + + + + + + + + + +"#; + +/// Renders the `logback.xml` for the NiFi container. +/// +/// Returns `None` when the container uses a custom log ConfigMap instead of the operator's +/// automatic logging configuration. +pub fn build_logback_config(logging: &Logging) -> Option { + let ContainerLogConfig { + choice: Some(ContainerLogConfigChoice::Automatic(log_config)), + } = logging.containers.get(&Container::Nifi)? + else { + return None; + }; + + Some(product_logging::framework::create_logback_config( + &format!( + "{STACKABLE_LOG_DIR}/{container}", + container = Container::Nifi + ), + NIFI_LOG_FILE, + MAX_NIFI_LOG_FILES_SIZE + .scale_to(BinaryMultiple::Mebi) + .floor() + .value as u32, + CONSOLE_CONVERSION_PATTERN, + log_config, + Some(ADDITIONAL_LOGBACK_CONFIG), + )) +} + +/// Renders the Vector agent config (`vector.yaml`). +/// +/// Returns `None` when the Vector agent is disabled for this role group. +pub fn build_vector_config( + rolegroup: &RoleGroupRef, + logging: &Logging, +) -> Option { + if !logging.enable_vector_agent { + return None; + } + + let vector_log_config = if let Some(ContainerLogConfig { + choice: Some(ContainerLogConfigChoice::Automatic(log_config)), + }) = logging.containers.get(&Container::Vector) + { + Some(log_config) + } else { + None + }; + + Some(product_logging::framework::create_vector_config( + rolegroup, + vector_log_config, + )) +} diff --git a/rust/operator-binary/src/controller/build/properties/nifi_properties.rs b/rust/operator-binary/src/controller/build/properties/nifi_properties.rs index a8b66f19..04c0ee64 100644 --- a/rust/operator-binary/src/controller/build/properties/nifi_properties.rs +++ b/rust/operator-binary/src/controller/build/properties/nifi_properties.rs @@ -643,8 +643,10 @@ mod tests { fn test_config_override_wins() { use stackable_operator::kube::ResourceExt as _; - use crate::crd::{NifiConfig, NifiRole, v1alpha1}; - use crate::framework::role_utils::with_validated_config; + use crate::{ + crd::{NifiConfig, NifiRole, v1alpha1}, + framework::role_utils::with_validated_config, + }; let yaml = r#" apiVersion: nifi.stackable.tech/v1alpha1 diff --git a/rust/operator-binary/src/controller/build/properties/security_properties.rs b/rust/operator-binary/src/controller/build/properties/security_properties.rs index 6643eb6c..97c9304c 100644 --- a/rust/operator-binary/src/controller/build/properties/security_properties.rs +++ b/rust/operator-binary/src/controller/build/properties/security_properties.rs @@ -2,8 +2,8 @@ use std::collections::BTreeMap; -use super::{ConfigFileName, writer}; -use crate::controller::validate::NifiRoleGroupConfig; +use super::ConfigFileName; +use crate::{controller::validate::NifiRoleGroupConfig, framework::writer}; pub fn build(rg: &NifiRoleGroupConfig) -> Result { let mut props: BTreeMap> = BTreeMap::new(); diff --git a/rust/operator-binary/src/crd/mod.rs b/rust/operator-binary/src/crd/mod.rs index 1539d9be..18c2af8b 100644 --- a/rust/operator-binary/src/crd/mod.rs +++ b/rust/operator-binary/src/crd/mod.rs @@ -585,8 +585,9 @@ fn node_default_listener_class() -> String { mod merge_tests { use std::collections::BTreeMap; - use stackable_operator::config::merge::Merge as _; - use stackable_operator::config_overrides::KeyValueConfigOverrides; + use stackable_operator::{ + config::merge::Merge as _, config_overrides::KeyValueConfigOverrides, + }; use super::v1alpha1::NifiConfigOverrides; diff --git a/rust/operator-binary/src/framework.rs b/rust/operator-binary/src/framework.rs index 0f5717f4..2c9e9ea6 100644 --- a/rust/operator-binary/src/framework.rs +++ b/rust/operator-binary/src/framework.rs @@ -6,3 +6,4 @@ //! the upstream `RoleGroupConfig` uses `EnvVarSet` rather than a plain map). pub mod role_utils; +pub mod writer; diff --git a/rust/operator-binary/src/controller/build/properties/writer.rs b/rust/operator-binary/src/framework/writer.rs similarity index 100% rename from rust/operator-binary/src/controller/build/properties/writer.rs rename to rust/operator-binary/src/framework/writer.rs diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs index c1eee997..77622403 100644 --- a/rust/operator-binary/src/main.rs +++ b/rust/operator-binary/src/main.rs @@ -44,7 +44,6 @@ mod crd; mod framework; mod listener; mod operations; -mod product_logging; mod reporting_task; mod security; mod service; diff --git a/rust/operator-binary/src/product_logging.rs b/rust/operator-binary/src/product_logging.rs deleted file mode 100644 index b9fb012a..00000000 --- a/rust/operator-binary/src/product_logging.rs +++ /dev/null @@ -1,103 +0,0 @@ -use snafu::Snafu; -use stackable_operator::{ - builder::configmap::ConfigMapBuilder, - memory::BinaryMultiple, - product_logging::{ - self, - spec::{ContainerLogConfig, ContainerLogConfigChoice, Logging}, - }, - role_utils::RoleGroupRef, -}; - -use crate::crd::{Container, MAX_NIFI_LOG_FILES_SIZE, STACKABLE_LOG_DIR, v1alpha1}; - -#[derive(Snafu, Debug)] -pub enum Error { - #[snafu(display("object has no namespace"))] - ObjectHasNoNamespace, - #[snafu(display("failed to retrieve the ConfigMap {cm_name}"))] - ConfigMapNotFound { - source: stackable_operator::client::Error, - cm_name: String, - }, - #[snafu(display("failed to retrieve the entry {entry} for ConfigMap {cm_name}"))] - MissingConfigMapEntry { - entry: &'static str, - cm_name: String, - }, - #[snafu(display("crd validation failure"))] - CrdValidationFailure { source: crate::crd::Error }, - #[snafu(display("vectorAggregatorConfigMapName must be set"))] - MissingVectorAggregatorAddress, -} - -type Result = std::result::Result; - -pub const LOGBACK_CONFIG_FILE: &str = "logback.xml"; -pub const NIFI_LOG_FILE: &str = "nifi.log4j.xml"; - -const CONSOLE_CONVERSION_PATTERN: &str = "%date %level [%thread] %logger{40} %msg%n"; -// This is required to remove double entries in the nifi.log4j.xml as well as nested -// console output like: " ... ... -const ADDITIONAL_LOGBACK_CONFIG: &str = r#" - - %msg%n - - - - - - - - - - -"#; - -/// Extend the role group ConfigMap with logging and Vector configurations -pub fn extend_role_group_config_map( - rolegroup: &RoleGroupRef, - logging: &Logging, - cm_builder: &mut ConfigMapBuilder, -) -> Result<()> { - if let Some(ContainerLogConfig { - choice: Some(ContainerLogConfigChoice::Automatic(log_config)), - }) = logging.containers.get(&Container::Nifi) - { - cm_builder.add_data( - LOGBACK_CONFIG_FILE, - product_logging::framework::create_logback_config( - &format!( - "{STACKABLE_LOG_DIR}/{container}", - container = Container::Nifi - ), - NIFI_LOG_FILE, - MAX_NIFI_LOG_FILES_SIZE - .scale_to(BinaryMultiple::Mebi) - .floor() - .value as u32, - CONSOLE_CONVERSION_PATTERN, - log_config, - Some(ADDITIONAL_LOGBACK_CONFIG), - ), - ); - } - - let vector_log_config = if let Some(ContainerLogConfig { - choice: Some(ContainerLogConfigChoice::Automatic(log_config)), - }) = logging.containers.get(&Container::Vector) - { - Some(log_config) - } else { - None - }; - - if logging.enable_vector_agent { - cm_builder.add_data( - product_logging::framework::VECTOR_CONFIG_FILE, - product_logging::framework::create_vector_config(rolegroup, vector_log_config), - ); - } - - Ok(()) -} From 377ca973f611e35ee06eef22593eeb14762b4ba2 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 4 Jun 2026 16:30:09 +0200 Subject: [PATCH 14/16] chore: regenerate hashes --- Cargo.nix | 577 +++++++++++++++++++++++++--------------------- crate-hashes.json | 18 +- 2 files changed, 324 insertions(+), 271 deletions(-) diff --git a/Cargo.nix b/Cargo.nix index cf857536..45b7b36e 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -489,9 +489,9 @@ rec { }; "autocfg" = rec { crateName = "autocfg"; - version = "1.5.0"; + version = "1.5.1"; edition = "2015"; - sha256 = "1s77f98id9l4af4alklmzq46f21c980v13z2r1pcxx6bqgw0d1n0"; + sha256 = "0lqasy5i30flcgih1b50kvsk6z32g09r1q4ql7q81pj6228jy0zj"; authors = [ "Josh Stone " ]; @@ -866,9 +866,9 @@ rec { }; "bitflags" = rec { crateName = "bitflags"; - version = "2.11.1"; + version = "2.12.1"; edition = "2021"; - sha256 = "1cvqijg3rvwgis20a66vfdxannjsxfy5fgjqkaq3l13gyfcj4lf4"; + sha256 = "02phhjm7w380zdh8928zf13cfi1bw2qz2ay36ml2jmwmmv8cxmw4"; authors = [ "The Rust Project Developers" ]; @@ -898,9 +898,9 @@ rec { }; "built" = rec { crateName = "built"; - version = "0.8.0"; - edition = "2021"; - sha256 = "0r5f08lpjsr6j5ajkbmd0ymfmajpq8ddbfvi8ji8rx48y88qzbgl"; + version = "0.8.1"; + edition = "2024"; + sha256 = "1saq332pd6g3svvc9ah8myjpfvgqlzl2ksb1ypp3976kjcfm63jw"; authors = [ "Lukas Lueg " ]; @@ -924,15 +924,16 @@ rec { "chrono" = [ "dep:chrono" ]; "dependency-tree" = [ "cargo-lock/dependency-tree" ]; "git2" = [ "dep:git2" ]; + "gix" = [ "dep:gix" ]; "semver" = [ "dep:semver" ]; }; resolvedDefaultFeatures = [ "chrono" "git2" ]; }; "bumpalo" = rec { crateName = "bumpalo"; - version = "3.20.2"; + version = "3.20.3"; edition = "2021"; - sha256 = "1jrgxlff76k9glam0akhwpil2fr1w32gbjdf5hpipc7ld2c7h82x"; + sha256 = "0jc6va3nwcqikm7chnpdv1s87my3gs2j7g1sc7g3k91brg3arxbj"; authors = [ "Nick Fitzgerald " ]; @@ -961,9 +962,9 @@ rec { }; "cc" = rec { crateName = "cc"; - version = "1.2.60"; + version = "1.2.63"; edition = "2018"; - sha256 = "084a8ziprdlyrj865f3303qr0b7aaggilkl18slncss6m4yp1ia3"; + sha256 = "0zy2bqc4nvj6bv2cipx4h4bn65wf1zqf1fw1hsh64mmvg1hh2vjm"; authors = [ "Alex Crichton " ]; @@ -1977,9 +1978,9 @@ rec { }; "displaydoc" = rec { crateName = "displaydoc"; - version = "0.2.5"; + version = "0.2.6"; edition = "2021"; - sha256 = "1q0alair462j21iiqwrr21iabkfnb13d6x5w95lkdg21q2xrqdlp"; + sha256 = "0kyxwfbdmagd8afzb2pzja7wj8dhah7smxdsgw00iq8pa2jhmiqs"; procMacro = true; authors = [ "Jane Lusby " @@ -2179,12 +2180,9 @@ rec { }; "either" = rec { crateName = "either"; - version = "1.15.0"; + version = "1.16.0"; edition = "2021"; - sha256 = "069p1fknsmzn9llaizh77kip0pqmcwpdsykv2x30xpjyija5gis8"; - authors = [ - "bluss" - ]; + sha256 = "17k7jfbdz7k440h6lws9baz8p9zlxgb41sig3w81h80nwzsjyqli"; features = { "default" = [ "std" ]; "serde" = [ "dep:serde" ]; @@ -2411,7 +2409,7 @@ rec { } { name = "windows-sys"; - packageId = "windows-sys 0.61.2"; + packageId = "windows-sys 0.52.0"; target = { target, features }: (target."windows" or false); features = [ "Win32_Foundation" "Win32_System_Diagnostics_Debug" ]; } @@ -2913,9 +2911,9 @@ rec { }; "futures-timer" = rec { crateName = "futures-timer"; - version = "3.0.3"; + version = "3.0.4"; edition = "2018"; - sha256 = "094vw8k37djpbwv74bwf2qb7n6v6ghif4myss6smd6hgyajb127j"; + sha256 = "0s39in8ivw7g4d37pf31q02y44zd1hpfkd1pgra2slcqibdzlhxg"; libName = "futures_timer"; authors = [ "Alex Crichton " @@ -3263,9 +3261,9 @@ rec { }; "git2" = rec { crateName = "git2"; - version = "0.20.4"; - edition = "2018"; - sha256 = "0azykjpk3j6s354z23jkyq3r3pbmlw9ha1zsxkw5cnnpi1h2b23v"; + version = "0.21.0"; + edition = "2021"; + sha256 = "0bmqga9vlyx5sdlr0i28z0362s89xv9i4qcv20vvx9j54y9vzpfx"; authors = [ "Josh Triplett " "Alex Crichton " @@ -3287,17 +3285,14 @@ rec { name = "log"; packageId = "log"; } - { - name = "url"; - packageId = "url"; - } ]; features = { - "default" = [ "ssh" "https" ]; - "https" = [ "libgit2-sys/https" "openssl-sys" "openssl-probe" ]; + "cred" = [ "dep:url" ]; + "https" = [ "libgit2-sys/https" "openssl-sys" "openssl-probe" "cred" ]; "openssl-probe" = [ "dep:openssl-probe" ]; "openssl-sys" = [ "dep:openssl-sys" ]; - "ssh" = [ "libgit2-sys/ssh" ]; + "ssh" = [ "libgit2-sys/ssh" "cred" ]; + "unstable-sha256" = [ "libgit2-sys/unstable-sha256" ]; "vendored-libgit2" = [ "libgit2-sys/vendored" ]; "vendored-openssl" = [ "openssl-sys/vendored" "libgit2-sys/vendored-openssl" ]; "zlib-ng-compat" = [ "libgit2-sys/zlib-ng-compat" ]; @@ -3387,9 +3382,9 @@ rec { }; "h2" = rec { crateName = "h2"; - version = "0.4.13"; + version = "0.4.14"; edition = "2021"; - sha256 = "0m6w5gg0n0m1m5915bxrv8n4rlazhx5icknkslz719jhh4xdli1g"; + sha256 = "0cw7jk7kn2vn6f8w8ssh6gis1mljnfjxd606gvi4sjpyjayfy7qp"; authors = [ "Carl Lerche " "Sean McArthur " @@ -3530,14 +3525,11 @@ rec { }; resolvedDefaultFeatures = [ "allocator-api2" "default" "default-hasher" "equivalent" "inline-more" "raw-entry" ]; }; - "hashbrown 0.17.0" = rec { + "hashbrown 0.17.1" = rec { crateName = "hashbrown"; - version = "0.17.0"; + version = "0.17.1"; edition = "2024"; - sha256 = "0l8gvcz80lvinb7x22h53cqbi2y1fm603y2jhhh9qwygvkb7sijg"; - authors = [ - "Amanieu d'Antras " - ]; + sha256 = "0jmqz7i4yl6cm7rbn0i2ffkfrmwi6xkmzkaldr2v8bcsx2v0jngd"; features = { "alloc" = [ "dep:alloc" ]; "allocator-api2" = [ "dep:allocator-api2" ]; @@ -3612,9 +3604,9 @@ rec { }; "http" = rec { crateName = "http"; - version = "1.4.0"; + version = "1.4.1"; edition = "2021"; - sha256 = "06iind4cwsj1d6q8c2xgq8i2wka4ps74kmws24gsi1bzdlw2mfp3"; + sha256 = "1l7k2ia57z3q7q3ka497krzps795kd3fymm2k12lr623y4nldrwb"; authors = [ "Alex Crichton " "Carl Lerche " @@ -3731,9 +3723,9 @@ rec { }; "hyper" = rec { crateName = "hyper"; - version = "1.9.0"; + version = "1.10.1"; edition = "2021"; - sha256 = "1jmwbwqcaficskg76kq402gbymbnh2z4v99xwq3l5aa6n8bg16b2"; + sha256 = "1624nwrh1ci34psqcl3q8q266kha8kd6fmqjj14qck49l59iqa2m"; authors = [ "Sean McArthur " ]; @@ -4520,9 +4512,9 @@ rec { }; "idna_adapter" = rec { crateName = "idna_adapter"; - version = "1.2.1"; - edition = "2021"; - sha256 = "0i0339pxig6mv786nkqcxnwqa87v4m94b2653f6k3aj0jmhfkjis"; + version = "1.2.2"; + edition = "2024"; + sha256 = "0557p76l8hj35r9zn1yv7c6x1c0qbrsffmg80n0yy8361ly3fs6b"; authors = [ "The rust-url developers" ]; @@ -4556,7 +4548,7 @@ rec { } { name = "hashbrown"; - packageId = "hashbrown 0.17.0"; + packageId = "hashbrown 0.17.1"; usesDefaultFeatures = false; } { @@ -4635,39 +4627,6 @@ rec { }; resolvedDefaultFeatures = [ "default" "std" ]; }; - "iri-string" = rec { - crateName = "iri-string"; - version = "0.7.12"; - edition = "2021"; - sha256 = "082fpx6c5ghvmqpwxaf2b268m47z2ic3prajqbmi1s1qpfj5kri5"; - libName = "iri_string"; - authors = [ - "YOSHIOKA Takuma " - ]; - dependencies = [ - { - name = "memchr"; - packageId = "memchr"; - optional = true; - usesDefaultFeatures = false; - } - { - name = "serde"; - packageId = "serde"; - optional = true; - usesDefaultFeatures = false; - features = [ "derive" ]; - } - ]; - features = { - "alloc" = [ "serde?/alloc" ]; - "default" = [ "std" ]; - "memchr" = [ "dep:memchr" ]; - "serde" = [ "dep:serde" ]; - "std" = [ "alloc" "memchr?/std" "serde?/std" ]; - }; - resolvedDefaultFeatures = [ "alloc" "default" "std" ]; - }; "is_terminal_polyfill" = rec { crateName = "is_terminal_polyfill"; version = "1.70.2"; @@ -4737,9 +4696,9 @@ rec { }; "jiff" = rec { crateName = "jiff"; - version = "0.2.23"; + version = "0.2.28"; edition = "2021"; - sha256 = "0nc37n7jvgrzxdkcgc2hsfdf70lfagigjalh4igjrm5njvf4cd8s"; + sha256 = "00lixngcc7amh2fcsxfr0z38j06lllhapz192biv1qj97q1x60s6"; authors = [ "Andrew Gallant " ]; @@ -4785,12 +4744,10 @@ rec { usesDefaultFeatures = false; } { - name = "windows-sys"; - packageId = "windows-sys 0.61.2"; + name = "windows-link"; + packageId = "windows-link"; optional = true; - usesDefaultFeatures = false; target = { target, features }: (target."windows" or false); - features = [ "Win32_Foundation" "Win32_System_Time" ]; } ]; devDependencies = [ @@ -4809,7 +4766,7 @@ rec { "static-tz" = [ "dep:jiff-static" ]; "std" = [ "alloc" "log?/std" "serde_core?/std" ]; "tz-fat" = [ "jiff-static?/tz-fat" ]; - "tz-system" = [ "std" "dep:windows-sys" ]; + "tz-system" = [ "std" "dep:windows-link" ]; "tzdb-bundle-always" = [ "dep:jiff-tzdb" "alloc" ]; "tzdb-bundle-platform" = [ "dep:jiff-tzdb-platform" "alloc" ]; "tzdb-concatenated" = [ "std" ]; @@ -4819,9 +4776,9 @@ rec { }; "jiff-static" = rec { crateName = "jiff-static"; - version = "0.2.23"; + version = "0.2.28"; edition = "2021"; - sha256 = "192ss3cnixvg79cpa76clwkhn4mmz10vnwsbf7yjw8i484s8p31a"; + sha256 = "0irbhfh2f4i9w5l53jcmh6ssnhdd92wfy76978chgwnxilvk4bbq"; procMacro = true; libName = "jiff_static"; authors = [ @@ -4901,9 +4858,9 @@ rec { }; "js-sys" = rec { crateName = "js-sys"; - version = "0.3.95"; + version = "0.3.99"; edition = "2021"; - sha256 = "1jhj3kgxxgwm0cpdjiz7i2qapqr7ya9qswadmr63dhwx3lnyjr19"; + sha256 = "04azrzsz91gr5s3z0ij36lz0kj9ry4lw3jz0mmbiwb251rsc8aql"; libName = "js_sys"; authors = [ "The wasm-bindgen Developers" @@ -4912,7 +4869,6 @@ rec { { name = "cfg-if"; packageId = "cfg-if"; - optional = true; } { name = "futures-util"; @@ -4934,17 +4890,16 @@ rec { ]; features = { "default" = [ "std" "unsafe-eval" ]; - "futures" = [ "dep:cfg-if" "dep:futures-util" ]; - "futures-core-03-stream" = [ "futures" "dep:futures-core" ]; - "std" = [ "wasm-bindgen/std" ]; + "futures-core-03-stream" = [ "dep:futures-util" "dep:futures-core" ]; + "std" = [ "wasm-bindgen/std" "dep:futures-util" ]; }; - resolvedDefaultFeatures = [ "default" "futures" "std" "unsafe-eval" ]; + resolvedDefaultFeatures = [ "default" "std" "unsafe-eval" ]; }; "json-patch" = rec { crateName = "json-patch"; - version = "4.1.0"; + version = "4.2.0"; edition = "2021"; - sha256 = "147yaxmv3i4s0bdna86rgwpmqh2507fn4ighfpplaiqkw8ay807k"; + sha256 = "0wkv896d0pzq56i2kkl0giqpv117fwvhbpgs8iz85805w66l68bl"; libName = "json_patch"; authors = [ "Ivan Dubrov " @@ -4954,6 +4909,11 @@ rec { name = "jsonptr"; packageId = "jsonptr"; } + { + name = "schemars"; + packageId = "schemars"; + optional = true; + } { name = "serde"; packageId = "serde"; @@ -4965,10 +4925,14 @@ rec { } { name = "thiserror"; - packageId = "thiserror 1.0.69"; + packageId = "thiserror 2.0.18"; } ]; devDependencies = [ + { + name = "schemars"; + packageId = "schemars"; + } { name = "serde_json"; packageId = "serde_json"; @@ -4980,7 +4944,7 @@ rec { "schemars" = [ "dep:schemars" ]; "utoipa" = [ "dep:utoipa" ]; }; - resolvedDefaultFeatures = [ "default" "diff" ]; + resolvedDefaultFeatures = [ "default" "diff" "schemars" ]; }; "jsonpath-rust" = rec { crateName = "jsonpath-rust"; @@ -5106,9 +5070,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "k8s_version"; authors = [ @@ -5126,7 +5090,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.9.0"; + packageId = "snafu 0.9.1"; } ]; features = { @@ -5770,9 +5734,9 @@ rec { }; "libc" = rec { crateName = "libc"; - version = "0.2.185"; + version = "0.2.186"; edition = "2021"; - sha256 = "13rbdaa59l3w92q7kfcxx8zbikm99zzw54h59aqvcv5wx47jrzsj"; + sha256 = "0rnyhzjyqq9x56skkllbjzzzwym3r61lq3l4hqj64v71gw0r3av8"; authors = [ "The Rust Project Developers" ]; @@ -5786,10 +5750,10 @@ rec { }; "libgit2-sys" = rec { crateName = "libgit2-sys"; - version = "0.18.3+1.9.2"; + version = "0.18.5+1.9.4"; edition = "2021"; links = "git2"; - sha256 = "11rlbyihj3k35mnkxxz4yvsnlx33a4r9srl66c5vp08pp72arcy9"; + sha256 = "18lwqnhy7qxg4iw24s1a0n7aj7qbnryry1iy0w32k4f1xbk6lp80"; libName = "libgit2_sys"; libPath = "lib.rs"; authors = [ @@ -5847,10 +5811,10 @@ rec { }; "libz-sys" = rec { crateName = "libz-sys"; - version = "1.1.28"; + version = "1.1.29"; edition = "2018"; links = "z"; - sha256 = "08hyf9v85zifl3353xc7i5wr53v9b3scri856cmphl3gaxp24fpw"; + sha256 = "1n98kqya7a7a0cxf5n5z3g13rj7a1vqxynk2xc7bja1qfxbrdg45"; libName = "libz_sys"; authors = [ "Alex Crichton " @@ -5927,9 +5891,9 @@ rec { }; "log" = rec { crateName = "log"; - version = "0.4.29"; + version = "0.4.31"; edition = "2021"; - sha256 = "15q8j9c8g5zpkcw0hnd6cf2z7fxqnvsjh3rw5mv5q10r83i34l2y"; + sha256 = "0kq2fh6q2bjkrm8m6hj8kb7gxfd7cr7qbcpxd1lc1xq5rns30fqi"; authors = [ "The Rust Project Developers" ]; @@ -5983,9 +5947,9 @@ rec { }; "memchr" = rec { crateName = "memchr"; - version = "2.8.0"; + version = "2.8.1"; edition = "2021"; - sha256 = "0y9zzxcqxvdqg6wyag7vc3h0blhdn7hkq164bxyx2vph8zs5ijpq"; + sha256 = "1n448jx01h5z2xknj6x2dhxgr8s8fb717cf6vfqj5lmhkpj7m53b"; authors = [ "Andrew Gallant " "bluss" @@ -6046,9 +6010,9 @@ rec { }; "mio" = rec { crateName = "mio"; - version = "1.2.0"; + version = "1.2.1"; edition = "2021"; - sha256 = "1hanrh4fwsfkdqdaqfidz48zz1wdix23zwn3r2x78am0garfbdsh"; + sha256 = "1nkggmrlnjs93w8rja4lvjj4aml1xqahgimv1h0p7d373kvhmg82"; authors = [ "Carl Lerche " "Thomas de Zeeuw " @@ -6184,9 +6148,9 @@ rec { }; "num-conv" = rec { crateName = "num-conv"; - version = "0.2.1"; + version = "0.2.2"; edition = "2021"; - sha256 = "0rqrr29brafaa2za352pbmhkk556n7f8z9rrkgmjp1idvdl3fry6"; + sha256 = "0hg4f9bwmy7cwpxdkm165dmkfc8jhkkayci234jsmi5ssb33j5sj"; libName = "num_conv"; authors = [ "Jacob Pratt " @@ -7134,9 +7098,9 @@ rec { }; "pin-project" = rec { crateName = "pin-project"; - version = "1.1.11"; + version = "1.1.13"; edition = "2021"; - sha256 = "05zm3y3bl83ypsr6favxvny2kys4i19jiz1y18ylrbxwsiz9qx7i"; + sha256 = "09091qp946lpmjz4yp0xil1r5v4hgc91fi19dg5csayhdqrv4ri4"; libName = "pin_project"; dependencies = [ { @@ -7148,9 +7112,9 @@ rec { }; "pin-project-internal" = rec { crateName = "pin-project-internal"; - version = "1.1.11"; + version = "1.1.13"; edition = "2021"; - sha256 = "1ik4mpb92da75inmjvxf2qm61vrnwml3x24wddvrjlqh1z9hxcnr"; + sha256 = "12rzlh07i1sdgrvzj6wgkka5bjqyvbfsl8knq6qi7g16m7q9aqy9"; procMacro = true; libName = "pin_project_internal"; dependencies = [ @@ -8601,9 +8565,9 @@ rec { }; "rustls" = rec { crateName = "rustls"; - version = "0.23.38"; + version = "0.23.40"; edition = "2021"; - sha256 = "089ssmhd79f0kd22brh6lkaadql2p3pi6579ax1s0kn1n9pldyb9"; + sha256 = "12qnv3ag4wrw7aj8jng74kgrilpjm2b1rfcjaac8h691frccv1pg"; dependencies = [ { name = "log"; @@ -8670,9 +8634,9 @@ rec { }; "rustls-native-certs" = rec { crateName = "rustls-native-certs"; - version = "0.8.3"; + version = "0.8.4"; edition = "2021"; - sha256 = "0qrajg2n90bcr3bcq6j95gjm7a9lirfkkdmjj32419dyyzan0931"; + sha256 = "0kgazl8zc1sv63qg179bz96ilzh56lzfa5k92ji7d265f4kibdfs"; libName = "rustls_native_certs"; dependencies = [ { @@ -8701,9 +8665,9 @@ rec { }; "rustls-pki-types" = rec { crateName = "rustls-pki-types"; - version = "1.14.0"; + version = "1.14.1"; edition = "2021"; - sha256 = "1p9zsgslvwzzkzhm6bqicffqndr4jpx67992b0vl0pi21a5hy15y"; + sha256 = "1a9pr54y0f3qr97bxpd3ahjldq0gqdld0h799xbnwdzbwxx1k9rh"; libName = "rustls_pki_types"; dependencies = [ { @@ -9239,9 +9203,9 @@ rec { }; "serde_json" = rec { crateName = "serde_json"; - version = "1.0.149"; + version = "1.0.150"; edition = "2021"; - sha256 = "11jdx4vilzrjjd1dpgy67x5lgzr0laplz30dhv75lnf5ffa07z43"; + sha256 = "1ffgfhy9kndjnrz8lmy95pr758p2zk8dxv6yi99x0vkkni24w0g8"; authors = [ "Erick Tryzelaar " "David Tolnay " @@ -9482,9 +9446,9 @@ rec { }; "shlex" = rec { crateName = "shlex"; - version = "1.3.0"; - edition = "2015"; - sha256 = "0r1y6bv26c1scpxvhg2cabimrmwgbp4p3wy6syj9n0c4s3q2znhg"; + version = "2.0.1"; + edition = "2018"; + sha256 = "1fjsll1cd7d2bcpdij9kd6w62rpbc7qqzvydvs021vsmr1cxvypq"; authors = [ "comex " "Fenhl " @@ -9663,29 +9627,25 @@ rec { }; resolvedDefaultFeatures = [ "alloc" "default" "rust_1_61" "rust_1_65" "std" ]; }; - "snafu 0.9.0" = rec { + "snafu 0.9.1" = rec { crateName = "snafu"; - version = "0.9.0"; + version = "0.9.1"; edition = "2018"; - sha256 = "1ii9r99x5qcn754m624yzgb9hzvkqkrcygf0aqh0pyb9dbnvrm6i"; + sha256 = "08k5yfydxdlshivfhrdq9km8qn02r93q28gkyvazbqz2icr1586i"; authors = [ "Jake Goulding " ]; dependencies = [ { name = "snafu-derive"; - packageId = "snafu-derive 0.9.0"; + packageId = "snafu-derive 0.9.1"; } ]; features = { - "backtrace" = [ "dep:backtrace" ]; - "backtraces-impl-backtrace-crate" = [ "backtrace" ]; + "backtraces-impl-backtrace-crate" = [ "dep:backtrace" ]; "default" = [ "std" "rust_1_81" ]; - "futures" = [ "futures-core-crate" "pin-project" ]; - "futures-core-crate" = [ "dep:futures-core-crate" ]; - "futures-crate" = [ "dep:futures-crate" ]; - "internal-dev-dependencies" = [ "futures-crate" ]; - "pin-project" = [ "dep:pin-project" ]; + "futures" = [ "dep:futures-core" "dep:pin-project" ]; + "internal-dev-dependencies" = [ "dep:futures" ]; "std" = [ "alloc" ]; "unstable-provider-api" = [ "snafu-derive/unstable-provider-api" ]; }; @@ -9753,11 +9713,11 @@ rec { }; resolvedDefaultFeatures = [ "rust_1_61" ]; }; - "snafu-derive 0.9.0" = rec { + "snafu-derive 0.9.1" = rec { crateName = "snafu-derive"; - version = "0.9.0"; + version = "0.9.1"; edition = "2018"; - sha256 = "0h0x61kyj4fvilcr2nj02l85shw1ika64vq9brf2gyna662ln9al"; + sha256 = "1nkfi7bis72pz3w7vb64m79w49qsv20sbf19jkd471vbhr83q42z"; procMacro = true; libName = "snafu_derive"; authors = [ @@ -9783,7 +9743,7 @@ rec { name = "syn"; packageId = "syn 2.0.117"; usesDefaultFeatures = false; - features = [ "clone-impls" "derive" "full" "parsing" "printing" "proc-macro" ]; + features = [ "clone-impls" "derive" "full" "parsing" "printing" "proc-macro" "visit-mut" ]; } ]; features = { @@ -9791,9 +9751,9 @@ rec { }; "socket2" = rec { crateName = "socket2"; - version = "0.6.3"; + version = "0.6.4"; edition = "2021"; - sha256 = "0gkjjcyn69hqhhlh5kl8byk5m0d7hyrp2aqwzbs3d33q208nwxis"; + sha256 = "0ldyp5rhba15spwxj1n94xh7sjks1398c3vwpwkxkd1087nwzlaj"; authors = [ "Alex Crichton " "Thomas de Zeeuw " @@ -9891,9 +9851,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "stackable_certs"; authors = [ @@ -9951,7 +9911,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.9.0"; + packageId = "snafu 0.9.1"; } { name = "stackable-shared"; @@ -10030,12 +9990,12 @@ rec { packageId = "indoc"; } { - name = "pin-project"; - packageId = "pin-project"; + name = "java-properties"; + packageId = "java-properties"; } { - name = "product-config"; - packageId = "product-config"; + name = "pin-project"; + packageId = "pin-project"; } { name = "rand"; @@ -10056,7 +10016,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.9.0"; + packageId = "snafu 0.9.1"; } { name = "stackable-operator"; @@ -10103,13 +10063,13 @@ rec { }; "stackable-operator" = rec { crateName = "stackable-operator"; - version = "0.111.0"; + version = "0.111.1"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "stackable_operator"; authors = [ @@ -10166,6 +10126,7 @@ rec { { name = "json-patch"; packageId = "json-patch"; + features = [ "schemars" ]; } { name = "k8s-openapi"; @@ -10215,7 +10176,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.9.0"; + packageId = "snafu 0.9.1"; } { name = "stackable-operator-derive"; @@ -10269,6 +10230,10 @@ rec { packageId = "url"; features = [ "serde" ]; } + { + name = "uuid"; + packageId = "uuid"; + } ]; features = { "certs" = [ "dep:stackable-certs" ]; @@ -10287,9 +10252,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -10322,9 +10287,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "stackable_shared"; authors = [ @@ -10368,7 +10333,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.9.0"; + packageId = "snafu 0.9.1"; } { name = "strum"; @@ -10403,9 +10368,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "stackable_telemetry"; authors = [ @@ -10456,7 +10421,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.9.0"; + packageId = "snafu 0.9.1"; } { name = "strum"; @@ -10513,9 +10478,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "stackable_versioned"; authors = [ @@ -10548,7 +10513,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.9.0"; + packageId = "snafu 0.9.1"; } { name = "stackable-versioned-macros"; @@ -10563,9 +10528,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; procMacro = true; libName = "stackable_versioned_macros"; @@ -10631,9 +10596,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "stackable_webhook"; authors = [ @@ -10705,7 +10670,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.9.0"; + packageId = "snafu 0.9.1"; } { name = "stackable-certs"; @@ -10835,6 +10800,16 @@ rec { }; resolvedDefaultFeatures = [ "i128" ]; }; + "symlink" = rec { + crateName = "symlink"; + version = "0.1.0"; + edition = "2015"; + sha256 = "02h1i0b81mxb4vns4xrvrfibpcvs7jqqav8p3yilwik8cv73r5x7"; + authors = [ + "Chris Morgan " + ]; + + }; "syn 1.0.109" = rec { crateName = "syn"; version = "1.0.109"; @@ -11267,9 +11242,9 @@ rec { }; "tokio" = rec { crateName = "tokio"; - version = "1.52.0"; + version = "1.52.3"; edition = "2021"; - sha256 = "0xnpygq9578c8rqjgkj5bj8pgfx9zj337kvk3v4kigqwkgska4d9"; + sha256 = "1zpzazypkg61sw91na1m85x5s4rsjym335fwwhwm1hcs70dz1iwg"; authors = [ "Tokio Contributors " ]; @@ -11579,9 +11554,9 @@ rec { }; "toml_edit" = rec { crateName = "toml_edit"; - version = "0.25.11+spec-1.1.0"; + version = "0.25.12+spec-1.1.0"; edition = "2024"; - sha256 = "0awzffbkx33v9x4h19b5mfrwp3sn4ifr16y58sbk6j6l5v9c8n8b"; + sha256 = "1mx5paq837rjw7w51zprrjynk1vaig9yzxfqz9ac79jmd7f3w5fj"; dependencies = [ { name = "indexmap"; @@ -11634,9 +11609,9 @@ rec { }; "tonic" = rec { crateName = "tonic"; - version = "0.14.5"; - edition = "2021"; - sha256 = "1v4k7aa28m7722gz9qak2jiy7lis1ycm4fdmq63iip4m0qdcdizy"; + version = "0.14.6"; + edition = "2024"; + sha256 = "1vs5ci6z6b9xhfsnx4s8qx6bqi1zzcrxncjp71147a0gqwc5aamc"; authors = [ "Lucio Franco " ]; @@ -11763,9 +11738,9 @@ rec { }; "tonic-prost" = rec { crateName = "tonic-prost"; - version = "0.14.5"; - edition = "2021"; - sha256 = "02fkg2bv87q0yds2wz3w0s7i1x6qcgbrl00dy6ipajdapfh7clx5"; + version = "0.14.6"; + edition = "2024"; + sha256 = "184y40nf0iyzc5rg32ivgd88snv68sqy1kchynn55r1vhml9z12h"; libName = "tonic_prost"; authors = [ "Lucio Franco " @@ -11907,9 +11882,9 @@ rec { }; "tower-http" = rec { crateName = "tower-http"; - version = "0.6.8"; + version = "0.6.11"; edition = "2018"; - sha256 = "1y514jwzbyrmrkbaajpwmss4rg0mak82k16d6588w9ncaffmbrnl"; + sha256 = "0h08wjgs3hwnq11iwwzlmnabn1h4cl0fzd48svaccvqffkiggz2c"; libName = "tower_http"; authors = [ "Tower Maintainers " @@ -11943,11 +11918,6 @@ rec { packageId = "http-body"; optional = true; } - { - name = "iri-string"; - packageId = "iri-string"; - optional = true; - } { name = "mime"; packageId = "mime"; @@ -11977,6 +11947,11 @@ rec { optional = true; usesDefaultFeatures = false; } + { + name = "url"; + packageId = "url"; + optional = true; + } ]; devDependencies = [ { @@ -11998,35 +11973,33 @@ rec { } ]; features = { - "async-compression" = [ "dep:async-compression" ]; "auth" = [ "base64" "validate-request" ]; "base64" = [ "dep:base64" ]; "catch-panic" = [ "tracing" "futures-util/std" "dep:http-body" "dep:http-body-util" ]; - "compression-br" = [ "async-compression/brotli" "futures-core" "dep:http-body" "tokio-util" "tokio" ]; - "compression-deflate" = [ "async-compression/zlib" "futures-core" "dep:http-body" "tokio-util" "tokio" ]; + "compression-br" = [ "dep:async-compression" "async-compression?/brotli" "futures-core" "dep:http-body" "tokio-util" "dep:tokio" ]; + "compression-deflate" = [ "dep:async-compression" "async-compression?/zlib" "futures-core" "dep:http-body" "tokio-util" "dep:tokio" ]; "compression-full" = [ "compression-br" "compression-deflate" "compression-gzip" "compression-zstd" ]; - "compression-gzip" = [ "async-compression/gzip" "futures-core" "dep:http-body" "tokio-util" "tokio" ]; - "compression-zstd" = [ "async-compression/zstd" "futures-core" "dep:http-body" "tokio-util" "tokio" ]; - "decompression-br" = [ "async-compression/brotli" "futures-core" "dep:http-body" "dep:http-body-util" "tokio-util" "tokio" ]; - "decompression-deflate" = [ "async-compression/zlib" "futures-core" "dep:http-body" "dep:http-body-util" "tokio-util" "tokio" ]; + "compression-gzip" = [ "dep:async-compression" "async-compression?/gzip" "futures-core" "dep:http-body" "tokio-util" "dep:tokio" ]; + "compression-zstd" = [ "dep:async-compression" "async-compression?/zstd" "futures-core" "dep:http-body" "tokio-util" "dep:tokio" ]; + "decompression-br" = [ "dep:async-compression" "async-compression?/brotli" "futures-core" "dep:http-body" "dep:http-body-util" "tokio-util" "dep:tokio" ]; + "decompression-deflate" = [ "dep:async-compression" "async-compression?/zlib" "futures-core" "dep:http-body" "dep:http-body-util" "tokio-util" "dep:tokio" ]; "decompression-full" = [ "decompression-br" "decompression-deflate" "decompression-gzip" "decompression-zstd" ]; - "decompression-gzip" = [ "async-compression/gzip" "futures-core" "dep:http-body" "dep:http-body-util" "tokio-util" "tokio" ]; - "decompression-zstd" = [ "async-compression/zstd" "futures-core" "dep:http-body" "dep:http-body-util" "tokio-util" "tokio" ]; - "follow-redirect" = [ "futures-util" "dep:http-body" "iri-string" "tower/util" ]; - "fs" = [ "futures-core" "futures-util" "dep:http-body" "dep:http-body-util" "tokio/fs" "tokio-util/io" "tokio/io-util" "dep:http-range-header" "mime_guess" "mime" "percent-encoding" "httpdate" "set-status" "futures-util/alloc" "tracing" ]; - "full" = [ "add-extension" "auth" "catch-panic" "compression-full" "cors" "decompression-full" "follow-redirect" "fs" "limit" "map-request-body" "map-response-body" "metrics" "normalize-path" "propagate-header" "redirect" "request-id" "sensitive-headers" "set-header" "set-status" "timeout" "trace" "util" "validate-request" ]; + "decompression-gzip" = [ "dep:async-compression" "async-compression?/gzip" "futures-core" "dep:http-body" "dep:http-body-util" "tokio-util" "dep:tokio" ]; + "decompression-zstd" = [ "dep:async-compression" "async-compression?/zstd" "futures-core" "dep:http-body" "dep:http-body-util" "tokio-util" "dep:tokio" ]; + "follow-redirect" = [ "futures-util" "dep:http-body" "dep:url" "tower/util" ]; + "fs" = [ "dep:tokio" "tokio?/fs" "tokio?/io-util" "futures-core" "futures-util" "dep:http-body" "dep:http-body-util" "tokio-util/io" "dep:http-range-header" "mime_guess" "mime" "percent-encoding" "httpdate" "set-status" "futures-util/alloc" ]; + "full" = [ "add-extension" "auth" "catch-panic" "compression-full" "cors" "decompression-full" "follow-redirect" "fs" "limit" "map-request-body" "map-response-body" "metrics" "normalize-path" "on-early-drop" "propagate-header" "redirect" "request-id" "sensitive-headers" "set-header" "set-status" "timeout" "trace" "util" "validate-request" ]; "futures-core" = [ "dep:futures-core" ]; "futures-util" = [ "dep:futures-util" ]; "httpdate" = [ "dep:httpdate" ]; - "iri-string" = [ "dep:iri-string" ]; "limit" = [ "dep:http-body" "dep:http-body-util" ]; - "metrics" = [ "dep:http-body" "tokio/time" ]; + "metrics" = [ "dep:http-body" "dep:tokio" "tokio?/time" ]; "mime" = [ "dep:mime" ]; "mime_guess" = [ "dep:mime_guess" ]; + "on-early-drop" = [ "dep:http-body" ]; "percent-encoding" = [ "dep:percent-encoding" ]; "request-id" = [ "uuid" ]; - "timeout" = [ "dep:http-body" "tokio/time" ]; - "tokio" = [ "dep:tokio" ]; + "timeout" = [ "dep:http-body" "dep:tokio" "tokio?/time" ]; "tokio-util" = [ "dep:tokio-util" ]; "tower" = [ "dep:tower" ]; "trace" = [ "dep:http-body" "tracing" ]; @@ -12035,7 +12008,7 @@ rec { "uuid" = [ "dep:uuid" ]; "validate-request" = [ "mime" ]; }; - resolvedDefaultFeatures = [ "auth" "base64" "default" "follow-redirect" "futures-util" "iri-string" "map-response-body" "mime" "tower" "trace" "tracing" "util" "validate-request" ]; + resolvedDefaultFeatures = [ "auth" "base64" "default" "follow-redirect" "futures-util" "map-response-body" "mime" "tower" "trace" "tracing" "util" "validate-request" ]; }; "tower-layer" = rec { crateName = "tower-layer"; @@ -12108,9 +12081,9 @@ rec { }; "tracing-appender" = rec { crateName = "tracing-appender"; - version = "0.2.4"; + version = "0.2.5"; edition = "2018"; - sha256 = "1bxf7xvsr89glbq174cx0b9pinaacbhlmc85y1ssniv2rq5lhvbq"; + sha256 = "0g4a6q5s3wafid5lqw1ljzvh1nhk3a4zmb627fxv96dr7qcqc1h5"; libName = "tracing_appender"; authors = [ "Zeki Sherif " @@ -12121,6 +12094,10 @@ rec { name = "crossbeam-channel"; packageId = "crossbeam-channel"; } + { + name = "symlink"; + packageId = "symlink"; + } { name = "thiserror"; packageId = "thiserror 2.0.18"; @@ -12475,13 +12452,9 @@ rec { }; "typenum" = rec { crateName = "typenum"; - version = "1.19.0"; + version = "1.20.1"; edition = "2018"; - sha256 = "1fw2mpbn2vmqan56j1b3fbpcdg80mz26fm53fs16bq5xcq84hban"; - authors = [ - "Paho Lurie-Gregg " - "Andre Bogus " - ]; + sha256 = "086s9ly0906kw5yw41249fba97w5zfxf03pyfwdkffvcprqfixdn"; features = { "scale-info" = [ "dep:scale-info" ]; "scale_info" = [ "scale-info/derive" ]; @@ -12514,9 +12487,9 @@ rec { }; "unicode-segmentation" = rec { crateName = "unicode-segmentation"; - version = "1.13.2"; + version = "1.13.3"; edition = "2018"; - sha256 = "135a26m4a0wj319gcw28j6a5aqvz00jmgwgmcs6szgxjf942facn"; + sha256 = "1a47zaq83p386r3baq4m018xd5q4q0grdg56i1x042dzn71x7xf6"; libName = "unicode_segmentation"; authors = [ "kwantam " @@ -12642,6 +12615,66 @@ rec { }; resolvedDefaultFeatures = [ "default" ]; }; + "uuid" = rec { + crateName = "uuid"; + version = "1.23.2"; + edition = "2021"; + sha256 = "1xy942s4z0bi8p3441wvd4ry3hx6ry1c7s6fgrr38462xqybhn6j"; + authors = [ + "Ashley Mannix" + "Dylan DPC" + "Hunar Roop Kahlon" + ]; + dependencies = [ + { + name = "js-sys"; + packageId = "js-sys"; + optional = true; + usesDefaultFeatures = false; + target = { target, features }: (("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)) && (builtins.elem "atomics" targetFeatures)); + } + { + name = "wasm-bindgen"; + packageId = "wasm-bindgen"; + optional = true; + usesDefaultFeatures = false; + target = { target, features }: (("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null))); + } + ]; + devDependencies = [ + { + name = "wasm-bindgen"; + packageId = "wasm-bindgen"; + target = { target, features }: (("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null))); + } + ]; + features = { + "arbitrary" = [ "dep:arbitrary" ]; + "atomic" = [ "dep:atomic" ]; + "borsh" = [ "dep:borsh" "dep:borsh-derive" ]; + "bytemuck" = [ "dep:bytemuck" ]; + "default" = [ "std" ]; + "fast-rng" = [ "rng" "dep:rand" ]; + "js" = [ "dep:wasm-bindgen" "dep:js-sys" ]; + "md5" = [ "dep:md-5" ]; + "rng" = [ "dep:getrandom" ]; + "rng-getrandom" = [ "rng" "dep:getrandom" "uuid-rng-internal-lib" "uuid-rng-internal-lib/getrandom" ]; + "rng-rand" = [ "rng" "dep:rand" "uuid-rng-internal-lib" "uuid-rng-internal-lib/rand" ]; + "serde" = [ "dep:serde_core" ]; + "sha1" = [ "dep:sha1_smol" ]; + "slog" = [ "dep:slog" ]; + "std" = [ "wasm-bindgen?/std" "js-sys?/std" ]; + "uuid-rng-internal-lib" = [ "dep:uuid-rng-internal-lib" ]; + "v1" = [ "atomic" ]; + "v3" = [ "md5" ]; + "v4" = [ "rng" ]; + "v5" = [ "sha1" ]; + "v6" = [ "atomic" ]; + "v7" = [ "rng" ]; + "zerocopy" = [ "dep:zerocopy" ]; + }; + resolvedDefaultFeatures = [ "default" "std" ]; + }; "valuable" = rec { crateName = "valuable"; version = "0.1.1"; @@ -12709,13 +12742,13 @@ rec { }; "wasip2" = rec { crateName = "wasip2"; - version = "1.0.2+wasi-0.2.9"; + version = "1.0.3+wasi-0.2.9"; edition = "2021"; - sha256 = "1xdw7v08jpfjdg94sp4lbdgzwa587m5ifpz6fpdnkh02kwizj5wm"; + sha256 = "1mi3w855dz99xzjqc4aa8c9q5b6z1y5c963pkk4cvmr6vdr4c1i0"; dependencies = [ { name = "wit-bindgen"; - packageId = "wit-bindgen"; + packageId = "wit-bindgen 0.57.1"; usesDefaultFeatures = false; } ]; @@ -12735,7 +12768,7 @@ rec { dependencies = [ { name = "wit-bindgen"; - packageId = "wit-bindgen"; + packageId = "wit-bindgen 0.51.0"; usesDefaultFeatures = false; features = [ "async" ]; } @@ -12743,7 +12776,7 @@ rec { devDependencies = [ { name = "wit-bindgen"; - packageId = "wit-bindgen"; + packageId = "wit-bindgen 0.51.0"; usesDefaultFeatures = false; features = [ "async-spawn" ]; } @@ -12754,9 +12787,9 @@ rec { }; "wasm-bindgen" = rec { crateName = "wasm-bindgen"; - version = "0.2.118"; + version = "0.2.122"; edition = "2021"; - sha256 = "129s5r14fx4v4xrzpx2c6l860nkxpl48j50y7kl6j16bpah3iy8b"; + sha256 = "02flix96brsb2r1i3grnikii302iqpdm337kl3xv5lklz5v4bl1y"; libName = "wasm_bindgen"; authors = [ "The wasm-bindgen Developers" @@ -12805,9 +12838,9 @@ rec { }; "wasm-bindgen-futures" = rec { crateName = "wasm-bindgen-futures"; - version = "0.4.68"; + version = "0.4.72"; edition = "2021"; - sha256 = "1y7bq5d9fk7s9xaayx38bgs9ns35na0kpb5zw19944zvya1x6wgk"; + sha256 = "03qb24gfr072rk8hb69glfdc8yhqqqq2rhy3j5i0ps8sk79dnwwl"; libName = "wasm_bindgen_futures"; authors = [ "The wasm-bindgen Developers" @@ -12817,7 +12850,6 @@ rec { name = "js-sys"; packageId = "js-sys"; usesDefaultFeatures = false; - features = [ "futures" ]; } { name = "wasm-bindgen"; @@ -12834,9 +12866,9 @@ rec { }; "wasm-bindgen-macro" = rec { crateName = "wasm-bindgen-macro"; - version = "0.2.118"; + version = "0.2.122"; edition = "2021"; - sha256 = "1v98r8vs17cj8918qsg0xx4nlg4nxk1g0jd4nwnyrh1687w29zzf"; + sha256 = "1inyl55bvdifx7l60q9wl0ivmw7236jg7jqmcqpxhsx3knq52qci"; procMacro = true; libName = "wasm_bindgen_macro"; authors = [ @@ -12858,9 +12890,9 @@ rec { }; "wasm-bindgen-macro-support" = rec { crateName = "wasm-bindgen-macro-support"; - version = "0.2.118"; + version = "0.2.122"; edition = "2021"; - sha256 = "0169jr0q469hfx5zqxfyywf2h2f4aj17vn4zly02nfwqmxghc24x"; + sha256 = "0pjw5kc2mbfz59agk5l21kh4hxzp94rygdvsnr4f3z6b5hv4g419"; libName = "wasm_bindgen_macro_support"; authors = [ "The wasm-bindgen Developers" @@ -12894,10 +12926,10 @@ rec { }; "wasm-bindgen-shared" = rec { crateName = "wasm-bindgen-shared"; - version = "0.2.118"; + version = "0.2.122"; edition = "2021"; links = "wasm_bindgen"; - sha256 = "0ag1vvdzi4334jlzilsy14y3nyzwddf1ndn62fyhf6bg62g4vl2z"; + sha256 = "0ds4mmfqvxwc5fp33hn0jblf0f6b4lghrd9mpkls66zic4n9p4ls"; libName = "wasm_bindgen_shared"; authors = [ "The wasm-bindgen Developers" @@ -13022,9 +13054,9 @@ rec { }; "web-sys" = rec { crateName = "web-sys"; - version = "0.3.95"; + version = "0.3.99"; edition = "2021"; - sha256 = "0zfr2jy5bpkkggl88i43yy37p538hg20i56kwn421yj9g6qznbag"; + sha256 = "0dilfvl9jnyhi4skl6cry9wc300r693j0w82jjbq8yy3rx0i8qkd"; libName = "web_sys"; authors = [ "The wasm-bindgen Developers" @@ -13108,6 +13140,7 @@ rec { "CssStyleSheet" = [ "StyleSheet" ]; "CssSupportsRule" = [ "CssConditionRule" "CssGroupingRule" "CssRule" ]; "CssTransition" = [ "Animation" "EventTarget" ]; + "CssViewTransitionRule" = [ "CssRule" ]; "CustomEvent" = [ "Event" ]; "DedicatedWorkerGlobalScope" = [ "EventTarget" "WorkerGlobalScope" ]; "DelayNode" = [ "AudioNode" "EventTarget" ]; @@ -13922,7 +13955,7 @@ rec { "Win32_Web" = [ "Win32" ]; "Win32_Web_InternetExplorer" = [ "Win32_Web" ]; }; - resolvedDefaultFeatures = [ "Win32" "Win32_Foundation" "Win32_System" "Win32_System_Threading" "default" ]; + resolvedDefaultFeatures = [ "Win32" "Win32_Foundation" "Win32_System" "Win32_System_Diagnostics" "Win32_System_Diagnostics_Debug" "Win32_System_Threading" "default" ]; }; "windows-sys 0.61.2" = rec { crateName = "windows-sys"; @@ -14184,7 +14217,7 @@ rec { "Win32_Web" = [ "Win32" ]; "Win32_Web_InternetExplorer" = [ "Win32_Web" ]; }; - resolvedDefaultFeatures = [ "Wdk" "Wdk_Foundation" "Wdk_Storage" "Wdk_Storage_FileSystem" "Wdk_System" "Wdk_System_IO" "Win32" "Win32_Foundation" "Win32_Networking" "Win32_Networking_WinSock" "Win32_Security" "Win32_Security_Authentication" "Win32_Security_Authentication_Identity" "Win32_Security_Credentials" "Win32_Security_Cryptography" "Win32_Storage" "Win32_Storage_FileSystem" "Win32_System" "Win32_System_Console" "Win32_System_Diagnostics" "Win32_System_Diagnostics_Debug" "Win32_System_IO" "Win32_System_LibraryLoader" "Win32_System_Memory" "Win32_System_Pipes" "Win32_System_SystemInformation" "Win32_System_SystemServices" "Win32_System_Threading" "Win32_System_Time" "Win32_System_WindowsProgramming" "default" ]; + resolvedDefaultFeatures = [ "Wdk" "Wdk_Foundation" "Wdk_Storage" "Wdk_Storage_FileSystem" "Wdk_System" "Wdk_System_IO" "Win32" "Win32_Foundation" "Win32_Networking" "Win32_Networking_WinSock" "Win32_Security" "Win32_Security_Authentication" "Win32_Security_Authentication_Identity" "Win32_Security_Credentials" "Win32_Security_Cryptography" "Win32_Storage" "Win32_Storage_FileSystem" "Win32_System" "Win32_System_Console" "Win32_System_IO" "Win32_System_LibraryLoader" "Win32_System_Memory" "Win32_System_Pipes" "Win32_System_SystemInformation" "Win32_System_SystemServices" "Win32_System_Threading" "Win32_System_WindowsProgramming" "default" ]; }; "windows-targets" = rec { crateName = "windows-targets"; @@ -14321,9 +14354,9 @@ rec { }; "winnow" = rec { crateName = "winnow"; - version = "1.0.1"; + version = "1.0.3"; edition = "2021"; - sha256 = "1dbji1bwviy08pl74f2qw2m4w9hc4p3vyl3lfj05jdydy59w1nh9"; + sha256 = "1wajycd3krn6h699vydjv7hm0ll5l31p899qzpk59y2is74y34h5"; dependencies = [ { name = "memchr"; @@ -14344,7 +14377,7 @@ rec { }; resolvedDefaultFeatures = [ "alloc" "ascii" "binary" "default" "parser" "std" ]; }; - "wit-bindgen" = rec { + "wit-bindgen 0.51.0" = rec { crateName = "wit-bindgen"; version = "0.51.0"; edition = "2024"; @@ -14371,6 +14404,26 @@ rec { }; resolvedDefaultFeatures = [ "async" "std" ]; }; + "wit-bindgen 0.57.1" = rec { + crateName = "wit-bindgen"; + version = "0.57.1"; + edition = "2024"; + sha256 = "0vjk2jb593ri9k1aq4iqs2si9mrw5q46wxnn78im7hm7hx799gqy"; + libName = "wit_bindgen"; + authors = [ + "Alex Crichton " + ]; + features = { + "async-spawn" = [ "async" "dep:futures" "std" ]; + "bitflags" = [ "dep:bitflags" ]; + "default" = [ "macros" "realloc" "async" "std" "bitflags" "macro-string" ]; + "futures-stream" = [ "async" "dep:futures" ]; + "inter-task-wakeup" = [ "async" ]; + "macro-string" = [ "wit-bindgen-rust-macro?/macro-string" ]; + "macros" = [ "dep:wit-bindgen-rust-macro" ]; + "rustc-dep-of-std" = [ "dep:core" "dep:alloc" ]; + }; + }; "wit-bindgen-core" = rec { crateName = "wit-bindgen-core"; version = "0.51.0"; @@ -14726,9 +14779,9 @@ rec { }; "xml" = rec { crateName = "xml"; - version = "1.2.1"; + version = "1.3.0"; edition = "2021"; - sha256 = "0ak4k990faralbli5a0rb8kvwihccb2rp0r94d4azfy94a6lkamq"; + sha256 = "128s58qhq8whrx90zbw8r5algr7lakgbf7mn05jfk234rbjqavv3"; authors = [ "Vladimir Matveev " "Kornel (https://github.com/kornelski)" @@ -14803,9 +14856,9 @@ rec { }; "zerocopy" = rec { crateName = "zerocopy"; - version = "0.8.48"; + version = "0.8.50"; edition = "2021"; - sha256 = "1sb8plax8jbrsng1jdval7bdhk7hhrx40dz3hwh074k6knzkgm7f"; + sha256 = "1laahnfxs4qyfb1fdf5nbb2qfshi72b1hbi0ffp2zy2m1r7ms1iv"; authors = [ "Joshua Liebow-Feeser " "Jack Wrenn " @@ -14839,9 +14892,9 @@ rec { }; "zerocopy-derive" = rec { crateName = "zerocopy-derive"; - version = "0.8.48"; + version = "0.8.50"; edition = "2021"; - sha256 = "1m5s0g92cxggqc74j83k1priz24k3z93sj5gadppd20p9c4cvqvh"; + sha256 = "0fdnr9qslx1hbn2i9rsvy9s95mychfy2vj90ajsjm2basccinqqb"; procMacro = true; libName = "zerocopy_derive"; authors = [ @@ -14874,11 +14927,11 @@ rec { }; "zerofrom" = rec { crateName = "zerofrom"; - version = "0.1.7"; + version = "0.1.8"; edition = "2021"; - sha256 = "1py40in4rirc9q8w36q67pld0zk8ssg024xhh0cncxgal7ra3yk9"; + sha256 = "0wjjdj7gdmd0iq91gzkxl7dlv0nhkk80l4bmdpzh3a1yh48mmh0f"; authors = [ - "Manish Goregaokar " + "The ICU4X Project Developers" ]; dependencies = [ { diff --git a/crate-hashes.json b/crate-hashes.json index 71fbc1c3..c76bf06c 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -1,12 +1,12 @@ { - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#k8s-version@0.1.3": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-certs@0.4.0": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-operator-derive@0.3.1": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-operator@0.111.0": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-shared@0.1.0": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-telemetry@0.6.3": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-versioned-macros@0.10.0": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-versioned@0.10.0": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-webhook@0.9.1": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", + "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#k8s-version@0.1.3": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", + "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-certs@0.4.0": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", + "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-operator-derive@0.3.1": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", + "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-operator@0.111.1": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", + "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-shared@0.1.0": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", + "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-telemetry@0.6.3": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", + "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-versioned-macros@0.10.0": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", + "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-versioned@0.10.0": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", + "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-webhook@0.9.1": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", "git+https://github.com/stackabletech/product-config.git?tag=0.8.0#product-config@0.8.0": "1dz70kapm2wdqcr7ndyjji0lhsl98bsq95gnb2lw487wf6yr7987" } \ No newline at end of file From 17eaf7b712bd7d983a18f932c9f8fb79409b432a Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 4 Jun 2026 16:45:56 +0200 Subject: [PATCH 15/16] chore: adapt changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 595701b9..238d3a45 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,8 @@ All notable changes to this project will be documented in this file. - Default `nifi.cluster.flow.election.max.wait.time` to NiFi's upstream value (`5 mins`) instead of the operator's previous `1 mins`. The operator no longer sets this property explicitly; the previous shorter value was left over from a TODO marked as "for testing" and may have caused flow election to settle on incomplete vote sets in cold-start scenarios ([#936]). - Set `nifi.content.repository.archive.max.retention.period` to `3 days` (previously empty, which NiFi interprets as `Long.MAX_VALUE` and effectively disables time-based archive purge). Without a time-based ceiling, the content archive can grow to half the content PVC and accumulate millions of files, which makes the synchronous startup directory scan in `FileSystemRepository.initializeRepository` very slow. Users requiring a longer content-replay window can extend via `configOverrides`. The provenance audit trail is independent of this setting and unaffected ([#936]). - test: Bump vector-aggregator to 0.55.0, replace /graphql call with gRPC call ([#940]). +- BREAKING: Removed product-config machinery. This is a breaking change in terms of configuration. + Users relying on the product-config `properties.yaml` file have to set these properties via the CRD ([#945]). ### Fixed @@ -34,6 +36,7 @@ All notable changes to this project will be documented in this file. [#935]: https://github.com/stackabletech/nifi-operator/pull/935 [#936]: https://github.com/stackabletech/nifi-operator/pull/936 [#940]: https://github.com/stackabletech/nifi-operator/pull/940 +[#945]: https://github.com/stackabletech/nifi-operator/pull/945 ## [26.3.0] - 2026-03-16 From d1472861dfd439cf4fe08ab7a521fc3f50c49b25 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 5 Jun 2026 17:13:16 +0200 Subject: [PATCH 16/16] refactor: consume the config-file writer from stackable-operator Replace the vendored Java-properties writer (rust/operator-binary/src/framework/writer.rs) with stackable_operator::v2::config_file_writer (moved there via operator-rs #1217 on the smooth-operator branch). NiFi's copy was a java-only subset of the canonical hdfs writer; the upstream module's additional to_hadoop_xml simply goes unimported. Drop the now-unused java-properties dependency. The framework module now only contains role_utils. The base dependency tag moves from stackable-operator-0.111.0 to 0.111.1, matching the other operators; cargo only substitutes a [patch] whose package version matches, and the smooth-operator branch carries 0.111.1. No behaviour change; rendered .properties output is byte-identical by construction (same code, new home). Co-Authored-By: Claude Opus 4.8 --- Cargo.lock | 89 ++++-- Cargo.nix | 301 ++++++++++-------- Cargo.toml | 3 +- crate-hashes.json | 4 +- rust/operator-binary/Cargo.toml | 1 - .../src/controller/build/config_map.rs | 2 +- .../src/controller/build/properties.rs | 2 +- .../build/properties/security_properties.rs | 10 +- rust/operator-binary/src/framework.rs | 1 - rust/operator-binary/src/framework/writer.rs | 78 ----- 10 files changed, 239 insertions(+), 252 deletions(-) delete mode 100644 rust/operator-binary/src/framework/writer.rs diff --git a/Cargo.lock b/Cargo.lock index 123bd3ef..10189f5f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -771,7 +771,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.52.0", + "windows-sys 0.61.2", ] [[package]] @@ -1572,7 +1572,7 @@ dependencies = [ [[package]] name = "k8s-version" version = "0.1.3" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#46cd3f93a788d44d177a8794fde91fbefa3156d7" dependencies = [ "darling", "regex", @@ -1903,9 +1903,9 @@ checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" [[package]] name = "opentelemetry" -version = "0.31.0" +version = "0.32.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b84bcd6ae87133e903af7ef497404dda70c60d0ea14895fc8a5e6722754fc2a0" +checksum = "b0142c63252a9e054e68a4c61a5778f7b14f576274d593f8ce883d191a099682" dependencies = [ "futures-core", "futures-sink", @@ -1917,9 +1917,9 @@ dependencies = [ [[package]] name = "opentelemetry-appender-tracing" -version = "0.31.1" +version = "0.32.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef6a1ac5ca3accf562b8c306fa8483c85f4390f768185ab775f242f7fe8fdcc2" +checksum = "2c0080f0dc1d7c786f467cd85a4e395fcab11ee852004f39a29a18ab7c25d837" dependencies = [ "opentelemetry", "tracing", @@ -1929,9 +1929,9 @@ dependencies = [ [[package]] name = "opentelemetry-http" -version = "0.31.0" +version = "0.32.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7a6d09a73194e6b66df7c8f1b680f156d916a1a942abf2de06823dd02b7855d" +checksum = "5683015d09e2df236ef005b17f6f196f0d5f6313c4fa43a7b6a53b52776e4331" dependencies = [ "async-trait", "bytes", @@ -1942,9 +1942,9 @@ dependencies = [ [[package]] name = "opentelemetry-otlp" -version = "0.31.1" +version = "0.32.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f69cd6acbb9af919df949cd1ec9e5e7fdc2ef15d234b6b795aaa525cc02f71f" +checksum = "9966929966d17620d7c316c643ba62631826e10021409357772d5eea84f62c35" dependencies = [ "http", "opentelemetry", @@ -1956,14 +1956,14 @@ dependencies = [ "thiserror 2.0.18", "tokio", "tonic", - "tracing", + "tonic-types", ] [[package]] name = "opentelemetry-proto" -version = "0.31.0" +version = "0.32.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7175df06de5eaee9909d4805a3d07e28bb752c34cab57fa9cff549da596b30f" +checksum = "56d658ba1faf63f7b9c492cfbe6e0ec365440a16132d3270c1065f7b33f1b638" dependencies = [ "opentelemetry", "opentelemetry_sdk", @@ -1974,21 +1974,22 @@ dependencies = [ [[package]] name = "opentelemetry-semantic-conventions" -version = "0.31.0" +version = "0.32.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e62e29dfe041afb8ed2a6c9737ab57db4907285d999ef8ad3a59092a36bdc846" +checksum = "6ca2f98a0437b427b4b08f19f1caa3c44db885a202bc12cfea13d6c702243d68" [[package]] name = "opentelemetry_sdk" -version = "0.31.0" +version = "0.32.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e14ae4f5991976fd48df6d843de219ca6d31b01daaab2dad5af2badeded372bd" +checksum = "9b59f80e1ac4d5ff7a2db8fb6c80badb7f0f3f858211fba08dd9aaec750894f9" dependencies = [ "futures-channel", "futures-executor", "futures-util", "opentelemetry", "percent-encoding", + "portable-atomic", "rand 0.9.4", "thiserror 2.0.18", "tokio", @@ -2281,6 +2282,15 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "prost-types" +version = "0.14.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8991c4cbdb8bc5b11f0b074ffe286c30e523de90fee5ba8132f1399f23cb3dd7" +dependencies = [ + "prost", +] + [[package]] name = "quote" version = "1.0.45" @@ -2443,9 +2453,9 @@ checksum = "ba39f3699c378cd8970968dcbff9c43159ea4cfbd88d43c00b22f2ef10a435d2" [[package]] name = "reqwest" -version = "0.12.28" +version = "0.13.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147" +checksum = "219c5811de6525e5416c7d5d53bb656d3afdbc6c5af816e0802bcfa42dbdc1c3" dependencies = [ "base64", "bytes", @@ -2461,9 +2471,6 @@ dependencies = [ "log", "percent-encoding", "pin-project-lite", - "serde", - "serde_json", - "serde_urlencoded", "sync_wrapper", "tokio", "tower", @@ -2983,7 +2990,7 @@ checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" [[package]] name = "stackable-certs" version = "0.4.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#46cd3f93a788d44d177a8794fde91fbefa3156d7" dependencies = [ "const-oid", "ecdsa", @@ -3015,7 +3022,6 @@ dependencies = [ "fnv", "futures 0.3.32", "indoc", - "java-properties", "pin-project", "rand 0.10.1", "rstest", @@ -3034,7 +3040,7 @@ dependencies = [ [[package]] name = "stackable-operator" version = "0.111.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#46cd3f93a788d44d177a8794fde91fbefa3156d7" dependencies = [ "base64", "clap", @@ -3046,6 +3052,7 @@ dependencies = [ "futures 0.3.32", "http", "indexmap", + "java-properties", "jiff", "json-patch", "k8s-openapi", @@ -3071,12 +3078,13 @@ dependencies = [ "tracing-subscriber", "url", "uuid", + "xml", ] [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#46cd3f93a788d44d177a8794fde91fbefa3156d7" dependencies = [ "darling", "proc-macro2", @@ -3086,8 +3094,8 @@ dependencies = [ [[package]] name = "stackable-shared" -version = "0.1.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" +version = "0.1.1" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#46cd3f93a788d44d177a8794fde91fbefa3156d7" dependencies = [ "jiff", "k8s-openapi", @@ -3103,8 +3111,8 @@ dependencies = [ [[package]] name = "stackable-telemetry" -version = "0.6.3" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" +version = "0.6.4" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#46cd3f93a788d44d177a8794fde91fbefa3156d7" dependencies = [ "axum", "clap", @@ -3128,7 +3136,7 @@ dependencies = [ [[package]] name = "stackable-versioned" version = "0.10.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#46cd3f93a788d44d177a8794fde91fbefa3156d7" dependencies = [ "kube", "schemars", @@ -3142,7 +3150,7 @@ dependencies = [ [[package]] name = "stackable-versioned-macros" version = "0.10.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#46cd3f93a788d44d177a8794fde91fbefa3156d7" dependencies = [ "convert_case", "convert_case_extras", @@ -3160,7 +3168,7 @@ dependencies = [ [[package]] name = "stackable-webhook" version = "0.9.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#a31cd2514445b251038fc4ea7abc28c57b2a6ad9" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#46cd3f93a788d44d177a8794fde91fbefa3156d7" dependencies = [ "arc-swap", "async-trait", @@ -3512,6 +3520,17 @@ dependencies = [ "tonic", ] +[[package]] +name = "tonic-types" +version = "0.14.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "73ab1b02061f83d519bba3caa167f88f261ef05720ab8ebc954ade70de3348e8" +dependencies = [ + "prost", + "prost-types", + "tonic", +] + [[package]] name = "tower" version = "0.5.3" @@ -3623,9 +3642,9 @@ dependencies = [ [[package]] name = "tracing-opentelemetry" -version = "0.32.1" +version = "0.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ac28f2d093c6c477eaa76b23525478f38de514fa9aeb1285738d4b97a9552fc" +checksum = "adbc64cba7137545b8044cb1fe9814f7aacf3c6b5f9b45be8bb5db538befdb26" dependencies = [ "js-sys", "opentelemetry", diff --git a/Cargo.nix b/Cargo.nix index 45b7b36e..fe395a1c 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -2409,7 +2409,7 @@ rec { } { name = "windows-sys"; - packageId = "windows-sys 0.52.0"; + packageId = "windows-sys 0.61.2"; target = { target, features }: (target."windows" or false); features = [ "Win32_Foundation" "Win32_System_Diagnostics_Debug" ]; } @@ -5071,7 +5071,7 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + rev = "46cd3f93a788d44d177a8794fde91fbefa3156d7"; sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "k8s_version"; @@ -6283,9 +6283,9 @@ rec { }; "opentelemetry" = rec { crateName = "opentelemetry"; - version = "0.31.0"; + version = "0.32.0"; edition = "2021"; - sha256 = "18629xsj4rsyiby9aj511q6wcw6s9m09gx3ymw1yjcvix1mcsjxq"; + sha256 = "10ln14d1jgc8rvw97mblc9blzcgpg1bimim4d170b7ia4mijq55h"; dependencies = [ { name = "futures-core"; @@ -6322,24 +6322,24 @@ rec { ]; features = { "default" = [ "trace" "metrics" "logs" "internal-logs" "futures" ]; + "experimental_metrics_bound_instruments" = [ "metrics" ]; "futures" = [ "futures-core" "futures-sink" "pin-project-lite" ]; "futures-core" = [ "dep:futures-core" ]; "futures-sink" = [ "dep:futures-sink" ]; "internal-logs" = [ "tracing" ]; "pin-project-lite" = [ "dep:pin-project-lite" ]; - "spec_unstable_logs_enabled" = [ "logs" ]; "testing" = [ "trace" ]; "thiserror" = [ "dep:thiserror" ]; "trace" = [ "futures" "thiserror" ]; "tracing" = [ "dep:tracing" ]; }; - resolvedDefaultFeatures = [ "default" "futures" "futures-core" "futures-sink" "internal-logs" "logs" "metrics" "pin-project-lite" "spec_unstable_logs_enabled" "thiserror" "trace" "tracing" ]; + resolvedDefaultFeatures = [ "default" "futures" "futures-core" "futures-sink" "internal-logs" "logs" "metrics" "pin-project-lite" "thiserror" "trace" "tracing" ]; }; "opentelemetry-appender-tracing" = rec { crateName = "opentelemetry-appender-tracing"; - version = "0.31.1"; + version = "0.32.0"; edition = "2021"; - sha256 = "1hnwizzgfhpjfnvml638yy846py8hf2gl1n3p1igbk1srb2ilspg"; + sha256 = "0dyq4myan64sl8wly02jx0gb3jjz7575mn3w8rpphz0xvkq8001c"; libName = "opentelemetry_appender_tracing"; dependencies = [ { @@ -6382,18 +6382,15 @@ rec { ]; features = { "experimental_metadata_attributes" = [ "dep:tracing-log" ]; - "experimental_use_tracing_span_context" = [ "tracing-opentelemetry" ]; "log" = [ "dep:log" ]; - "spec_unstable_logs_enabled" = [ "opentelemetry/spec_unstable_logs_enabled" ]; - "tracing-opentelemetry" = [ "dep:tracing-opentelemetry" ]; }; resolvedDefaultFeatures = [ "default" ]; }; "opentelemetry-http" = rec { crateName = "opentelemetry-http"; - version = "0.31.0"; + version = "0.32.0"; edition = "2021"; - sha256 = "0pc5nw1ds8v8w0nvyall39m92v8m1xl1p3vwvxk6nkhrffdd19np"; + sha256 = "0ca3drvm4fx5nskl7yn42dimy3bg35ppzc85y1p27pz215fh30sn"; libName = "opentelemetry_http"; dependencies = [ { @@ -6429,16 +6426,16 @@ rec { "internal-logs" = [ "opentelemetry/internal-logs" ]; "reqwest" = [ "dep:reqwest" ]; "reqwest-blocking" = [ "dep:reqwest" "reqwest/blocking" ]; - "reqwest-rustls" = [ "dep:reqwest" "reqwest/rustls-tls-native-roots" ]; - "reqwest-rustls-webpki-roots" = [ "dep:reqwest" "reqwest/rustls-tls-webpki-roots" ]; + "reqwest-rustls" = [ "dep:reqwest" "reqwest/default-tls" ]; + "reqwest-rustls-webpki-roots" = [ "dep:reqwest" "reqwest/default-tls" "reqwest/webpki-roots" ]; }; - resolvedDefaultFeatures = [ "internal-logs" "reqwest" "reqwest-blocking" ]; + resolvedDefaultFeatures = [ "reqwest" "reqwest-blocking" ]; }; "opentelemetry-otlp" = rec { crateName = "opentelemetry-otlp"; - version = "0.31.1"; + version = "0.32.0"; edition = "2021"; - sha256 = "07zp0b62b9dajnvvcd6j2ppw5zg7wp4ixka9z6fr3bxrrdmcss8z"; + sha256 = "0d9cys2flpidfxbr6h1103hjc633cax47ihnqgbj0xnicscr4rlr"; libName = "opentelemetry_otlp"; dependencies = [ { @@ -6499,10 +6496,9 @@ rec { usesDefaultFeatures = false; } { - name = "tracing"; - packageId = "tracing"; + name = "tonic-types"; + packageId = "tonic-types"; optional = true; - usesDefaultFeatures = false; } ]; devDependencies = [ @@ -6527,16 +6523,19 @@ rec { ]; features = { "default" = [ "http-proto" "reqwest-blocking-client" "trace" "metrics" "logs" "internal-logs" ]; + "experimental-grpc-retry" = [ "grpc-tonic" "opentelemetry_sdk/experimental_async_runtime" "opentelemetry_sdk/rt-tokio" ]; + "experimental-http-retry" = [ "opentelemetry_sdk/experimental_async_runtime" "opentelemetry_sdk/rt-tokio" "tokio" "httpdate" ]; "flate2" = [ "dep:flate2" ]; - "grpc-tonic" = [ "tonic" "prost" "http" "tokio" "opentelemetry-proto/gen-tonic" ]; + "grpc-tonic" = [ "tonic" "tonic-types" "prost" "http" "tokio" "opentelemetry-proto/gen-tonic" ]; "gzip-http" = [ "flate2" ]; "gzip-tonic" = [ "tonic/gzip" ]; "http" = [ "dep:http" ]; "http-json" = [ "serde_json" "prost" "opentelemetry-http" "opentelemetry-proto/gen-tonic-messages" "opentelemetry-proto/with-serde" "http" "trace" "metrics" ]; "http-proto" = [ "prost" "opentelemetry-http" "opentelemetry-proto/gen-tonic-messages" "http" "trace" "metrics" ]; + "httpdate" = [ "dep:httpdate" ]; "hyper-client" = [ "opentelemetry-http/hyper" ]; "integration-testing" = [ "tonic" "prost" "tokio/full" "trace" "logs" ]; - "internal-logs" = [ "tracing" "opentelemetry_sdk/internal-logs" "opentelemetry-http/internal-logs" ]; + "internal-logs" = [ "opentelemetry_sdk/internal-logs" "opentelemetry/internal-logs" ]; "logs" = [ "opentelemetry/logs" "opentelemetry_sdk/logs" "opentelemetry-proto/logs" ]; "metrics" = [ "opentelemetry/metrics" "opentelemetry_sdk/metrics" "opentelemetry-proto/metrics" ]; "opentelemetry-http" = [ "dep:opentelemetry-http" ]; @@ -6549,27 +6548,27 @@ rec { "serde" = [ "dep:serde" ]; "serde_json" = [ "dep:serde_json" ]; "serialize" = [ "serde" "serde_json" ]; - "tls" = [ "tonic/tls-ring" ]; + "tls" = [ "tls-ring" ]; "tls-aws-lc" = [ "tonic/tls-aws-lc" ]; "tls-provider-agnostic" = [ "tonic/_tls-any" ]; "tls-ring" = [ "tonic/tls-ring" ]; - "tls-roots" = [ "tls" "tonic/tls-native-roots" ]; - "tls-webpki-roots" = [ "tls" "tonic/tls-webpki-roots" ]; + "tls-roots" = [ "tonic/tls-native-roots" ]; + "tls-webpki-roots" = [ "tonic/tls-webpki-roots" ]; "tokio" = [ "dep:tokio" ]; "tonic" = [ "dep:tonic" ]; + "tonic-types" = [ "dep:tonic-types" ]; "trace" = [ "opentelemetry/trace" "opentelemetry_sdk/trace" "opentelemetry-proto/trace" ]; - "tracing" = [ "dep:tracing" ]; "zstd" = [ "dep:zstd" ]; "zstd-http" = [ "zstd" ]; "zstd-tonic" = [ "tonic/zstd" ]; }; - resolvedDefaultFeatures = [ "default" "grpc-tonic" "gzip-tonic" "http" "http-proto" "internal-logs" "logs" "metrics" "opentelemetry-http" "prost" "reqwest" "reqwest-blocking-client" "tokio" "tonic" "trace" "tracing" ]; + resolvedDefaultFeatures = [ "default" "grpc-tonic" "gzip-tonic" "http" "http-proto" "internal-logs" "logs" "metrics" "opentelemetry-http" "prost" "reqwest" "reqwest-blocking-client" "tokio" "tonic" "tonic-types" "trace" ]; }; "opentelemetry-proto" = rec { crateName = "opentelemetry-proto"; - version = "0.31.0"; + version = "0.32.0"; edition = "2021"; - sha256 = "03xkjsjrsm7zkkx5gascqd9bg2z20wymm06l16cyxsp5dpq5s5x7"; + sha256 = "0f5ny4rpnpq6q5q34b8k2q548rf31rpbxkwjqjwzfqxg3yx5imjn"; libName = "opentelemetry_proto"; dependencies = [ { @@ -6613,30 +6612,29 @@ rec { "const-hex" = [ "dep:const-hex" ]; "default" = [ "full" ]; "full" = [ "gen-tonic" "trace" "logs" "metrics" "zpages" "with-serde" "internal-logs" ]; - "gen-tonic" = [ "gen-tonic-messages" "tonic/channel" ]; - "gen-tonic-messages" = [ "tonic" "tonic-prost" "prost" ]; + "gen-tonic" = [ "gen-tonic-messages" "tonic" "tonic-prost" "tonic/channel" ]; + "gen-tonic-messages" = [ "prost" ]; "internal-logs" = [ "opentelemetry/internal-logs" ]; "logs" = [ "opentelemetry/logs" "opentelemetry_sdk/logs" ]; "metrics" = [ "opentelemetry/metrics" "opentelemetry_sdk/metrics" ]; "prost" = [ "dep:prost" ]; "schemars" = [ "dep:schemars" ]; "serde" = [ "dep:serde" ]; - "serde_json" = [ "dep:serde_json" ]; "testing" = [ "opentelemetry/testing" ]; "tonic" = [ "dep:tonic" ]; "tonic-prost" = [ "dep:tonic-prost" ]; "trace" = [ "opentelemetry/trace" "opentelemetry_sdk/trace" ]; "with-schemars" = [ "schemars" ]; - "with-serde" = [ "serde" "const-hex" "base64" "serde_json" ]; + "with-serde" = [ "serde" "const-hex" "base64" ]; "zpages" = [ "trace" ]; }; resolvedDefaultFeatures = [ "gen-tonic" "gen-tonic-messages" "logs" "metrics" "prost" "tonic" "tonic-prost" "trace" ]; }; "opentelemetry-semantic-conventions" = rec { crateName = "opentelemetry-semantic-conventions"; - version = "0.31.0"; + version = "0.32.0"; edition = "2021"; - sha256 = "0in8plv2l2ar7anzi7lrbll0fjfvaymkg5vc5bnvibs1w3gjjbp6"; + sha256 = "0s1x4h1cgmhkxb7i5g02la2vhkf4lg5g26cgn2s2gd1p0j5gk8kc"; libName = "opentelemetry_semantic_conventions"; features = { }; @@ -6644,9 +6642,9 @@ rec { }; "opentelemetry_sdk" = rec { crateName = "opentelemetry_sdk"; - version = "0.31.0"; + version = "0.32.1"; edition = "2021"; - sha256 = "1gbjsggdxfpjbanjvaxa3nq32vfa37i3v13dvx4gsxhrk7sy8jp1"; + sha256 = "1ycl11syranrinhgn4c2hlzhyzyvpa06ryxq5mxgzmf4387ghncv"; dependencies = [ { name = "futures-channel"; @@ -6672,6 +6670,13 @@ rec { packageId = "percent-encoding"; optional = true; } + { + name = "portable-atomic"; + packageId = "portable-atomic"; + usesDefaultFeatures = false; + target = { target, features }: (!("64" == target."has_atomic" or null)); + features = [ "fallback" ]; + } { name = "rand"; packageId = "rand 0.9.4"; @@ -6696,10 +6701,18 @@ rec { optional = true; } ]; + devDependencies = [ + { + name = "tokio"; + packageId = "tokio"; + usesDefaultFeatures = false; + features = [ "macros" "rt-multi-thread" ]; + } + ]; features = { "default" = [ "trace" "metrics" "logs" "internal-logs" ]; "experimental_logs_batch_log_processor_with_async_runtime" = [ "logs" "experimental_async_runtime" ]; - "experimental_logs_concurrent_log_processor" = [ "logs" ]; + "experimental_metrics_bound_instruments" = [ "metrics" "opentelemetry/experimental_metrics_bound_instruments" ]; "experimental_metrics_custom_reader" = [ "metrics" ]; "experimental_metrics_disable_name_validation" = [ "metrics" ]; "experimental_metrics_periodicreader_with_async_runtime" = [ "metrics" "experimental_async_runtime" ]; @@ -6716,15 +6729,14 @@ rec { "rt-tokio-current-thread" = [ "tokio/rt" "tokio/time" "tokio-stream" "experimental_async_runtime" ]; "serde" = [ "dep:serde" ]; "serde_json" = [ "dep:serde_json" ]; - "spec_unstable_logs_enabled" = [ "logs" "opentelemetry/spec_unstable_logs_enabled" ]; "spec_unstable_metrics_views" = [ "metrics" ]; - "testing" = [ "opentelemetry/testing" "trace" "metrics" "logs" "rt-tokio" "rt-tokio-current-thread" "tokio/macros" "tokio/rt-multi-thread" ]; + "testing" = [ "opentelemetry/testing" "trace" "metrics" "logs" "tokio/sync" ]; "tokio" = [ "dep:tokio" ]; "tokio-stream" = [ "dep:tokio-stream" ]; "trace" = [ "opentelemetry/trace" "rand" "percent-encoding" ]; "url" = [ "dep:url" ]; }; - resolvedDefaultFeatures = [ "default" "experimental_async_runtime" "internal-logs" "logs" "metrics" "percent-encoding" "rand" "rt-tokio" "spec_unstable_logs_enabled" "tokio" "tokio-stream" "trace" ]; + resolvedDefaultFeatures = [ "default" "experimental_async_runtime" "internal-logs" "logs" "metrics" "percent-encoding" "rand" "rt-tokio" "tokio" "tokio-stream" "trace" ]; }; "ordered-float" = rec { crateName = "ordered-float"; @@ -7233,7 +7245,7 @@ rec { "default" = [ "fallback" ]; "serde" = [ "dep:serde" ]; }; - resolvedDefaultFeatures = [ "require-cas" ]; + resolvedDefaultFeatures = [ "fallback" "require-cas" ]; }; "portable-atomic-util" = rec { crateName = "portable-atomic-util"; @@ -7540,6 +7552,34 @@ rec { ]; }; + "prost-types" = rec { + crateName = "prost-types"; + version = "0.14.3"; + edition = "2021"; + sha256 = "1mrxrciryfgi6a0vmrgyj3g27r9hdhlgwkq71cgv3icbvg5w94c9"; + libName = "prost_types"; + authors = [ + "Dan Burkert " + "Lucio Franco " + "Casper Meijn " + "Tokio Contributors " + ]; + dependencies = [ + { + name = "prost"; + packageId = "prost"; + usesDefaultFeatures = false; + features = [ "derive" ]; + } + ]; + features = { + "arbitrary" = [ "dep:arbitrary" ]; + "chrono" = [ "dep:chrono" ]; + "default" = [ "std" ]; + "std" = [ "prost/std" ]; + }; + resolvedDefaultFeatures = [ "default" "std" ]; + }; "quote" = rec { crateName = "quote"; version = "1.0.45"; @@ -8029,9 +8069,9 @@ rec { }; "reqwest" = rec { crateName = "reqwest"; - version = "0.12.28"; + version = "0.13.4"; edition = "2021"; - sha256 = "0iqidijghgqbzl3bjg5hb4zmigwa4r612bgi0yiq0c90b6jkrpgd"; + sha256 = "1hy1plns9krbh3h1dy2sdjygsfkdcnxm6pbxdi0ya9b5vq8mi711"; authors = [ "Sean McArthur " ]; @@ -8048,7 +8088,7 @@ rec { name = "futures-channel"; packageId = "futures-channel"; optional = true; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); } { name = "futures-core"; @@ -8068,62 +8108,44 @@ rec { { name = "http-body"; packageId = "http-body"; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); } { name = "http-body-util"; packageId = "http-body-util"; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); } { name = "hyper"; packageId = "hyper"; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); features = [ "http1" "client" ]; } { name = "hyper-util"; packageId = "hyper-util"; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); features = [ "http1" "client" "client-legacy" "client-proxy" "tokio" ]; } { name = "js-sys"; packageId = "js-sys"; - target = { target, features }: ("wasm32" == target."arch" or null); + target = { target, features }: (("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null))); } { name = "log"; packageId = "log"; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); } { name = "percent-encoding"; packageId = "percent-encoding"; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); } { name = "pin-project-lite"; packageId = "pin-project-lite"; - target = { target, features }: (!("wasm32" == target."arch" or null)); - } - { - name = "serde"; - packageId = "serde"; - } - { - name = "serde_json"; - packageId = "serde_json"; - optional = true; - } - { - name = "serde_json"; - packageId = "serde_json"; - target = { target, features }: ("wasm32" == target."arch" or null); - } - { - name = "serde_urlencoded"; - packageId = "serde_urlencoded"; + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); } { name = "sync_wrapper"; @@ -8134,27 +8156,27 @@ rec { name = "tokio"; packageId = "tokio"; usesDefaultFeatures = false; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); features = [ "net" "time" ]; } { name = "tower"; packageId = "tower"; usesDefaultFeatures = false; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); features = [ "retry" "timeout" "util" ]; } { name = "tower-http"; packageId = "tower-http"; usesDefaultFeatures = false; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); features = [ "follow-redirect" ]; } { name = "tower-service"; packageId = "tower-service"; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); } { name = "url"; @@ -8163,17 +8185,17 @@ rec { { name = "wasm-bindgen"; packageId = "wasm-bindgen"; - target = { target, features }: ("wasm32" == target."arch" or null); + target = { target, features }: (("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null))); } { name = "wasm-bindgen-futures"; packageId = "wasm-bindgen-futures"; - target = { target, features }: ("wasm32" == target."arch" or null); + target = { target, features }: (("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null))); } { name = "web-sys"; packageId = "web-sys"; - target = { target, features }: ("wasm32" == target."arch" or null); + target = { target, features }: (("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null))); features = [ "AbortController" "AbortSignal" "Headers" "Request" "RequestInit" "RequestMode" "Response" "Window" "FormData" "Blob" "BlobPropertyBag" "ServiceWorkerGlobalScope" "RequestCredentials" "File" "ReadableStream" "RequestCache" ]; } ]; @@ -8182,33 +8204,27 @@ rec { name = "futures-util"; packageId = "futures-util"; usesDefaultFeatures = false; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); features = [ "std" "alloc" ]; } { name = "hyper"; packageId = "hyper"; usesDefaultFeatures = false; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); features = [ "http1" "http2" "client" "server" ]; } { name = "hyper-util"; packageId = "hyper-util"; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); features = [ "http1" "http2" "client" "client-legacy" "server-auto" "server-graceful" "tokio" ]; } - { - name = "serde"; - packageId = "serde"; - target = { target, features }: (!("wasm32" == target."arch" or null)); - features = [ "derive" ]; - } { name = "tokio"; packageId = "tokio"; usesDefaultFeatures = false; - target = { target, features }: (!("wasm32" == target."arch" or null)); + target = { target, features }: (!(("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null)))); features = [ "macros" "rt-multi-thread" ]; } { @@ -8220,40 +8236,37 @@ rec { { name = "wasm-bindgen"; packageId = "wasm-bindgen"; - target = { target, features }: ("wasm32" == target."arch" or null); + target = { target, features }: (("wasm32" == target."arch" or null) && (("unknown" == target."os" or null) || ("none" == target."os" or null))); features = [ "serde-serialize" ]; } ]; features = { + "__native-tls" = [ "dep:hyper-tls" "dep:native-tls-crate" "__tls" "dep:tokio-native-tls" ]; + "__native-tls-alpn" = [ "native-tls-crate?/alpn" "hyper-tls?/alpn" ]; "__rustls" = [ "dep:hyper-rustls" "dep:tokio-rustls" "dep:rustls" "__tls" ]; - "__rustls-ring" = [ "hyper-rustls?/ring" "tokio-rustls?/ring" "rustls?/ring" "quinn?/ring" ]; + "__rustls-aws-lc-rs" = [ "hyper-rustls?/aws-lc-rs" "tokio-rustls?/aws-lc-rs" "rustls?/aws-lc-rs" "quinn?/rustls-aws-lc-rs" ]; "__tls" = [ "dep:rustls-pki-types" "tokio/io-util" ]; "blocking" = [ "dep:futures-channel" "futures-channel?/sink" "dep:futures-util" "futures-util?/io" "futures-util?/sink" "tokio/sync" ]; "brotli" = [ "tower-http/decompression-br" ]; "charset" = [ "dep:encoding_rs" "dep:mime" ]; "cookies" = [ "dep:cookie_crate" "dep:cookie_store" ]; "default" = [ "default-tls" "charset" "http2" "system-proxy" ]; - "default-tls" = [ "dep:hyper-tls" "dep:native-tls-crate" "__tls" "dep:tokio-native-tls" ]; + "default-tls" = [ "rustls" ]; "deflate" = [ "tower-http/decompression-deflate" ]; + "form" = [ "dep:serde" "dep:serde_urlencoded" ]; "gzip" = [ "tower-http/decompression-gzip" ]; - "h2" = [ "dep:h2" ]; "hickory-dns" = [ "dep:hickory-resolver" "dep:once_cell" ]; - "http2" = [ "h2" "hyper/http2" "hyper-util/http2" "hyper-rustls?/http2" ]; - "http3" = [ "rustls-tls-manual-roots" "dep:h3" "dep:h3-quinn" "dep:quinn" "tokio/macros" ]; - "json" = [ "dep:serde_json" ]; - "macos-system-configuration" = [ "system-proxy" ]; + "http2" = [ "dep:h2" "hyper/http2" "hyper-util/http2" "hyper-rustls?/http2" ]; + "http3" = [ "rustls" "dep:h3" "dep:h3-quinn" "dep:quinn" "tokio/macros" ]; + "json" = [ "dep:serde" "dep:serde_json" ]; "multipart" = [ "dep:mime_guess" "dep:futures-util" ]; - "native-tls" = [ "default-tls" ]; - "native-tls-alpn" = [ "native-tls" "native-tls-crate?/alpn" "hyper-tls?/alpn" ]; - "native-tls-vendored" = [ "native-tls" "native-tls-crate?/vendored" ]; - "rustls-tls" = [ "rustls-tls-webpki-roots" ]; - "rustls-tls-manual-roots" = [ "rustls-tls-manual-roots-no-provider" "__rustls-ring" ]; - "rustls-tls-manual-roots-no-provider" = [ "__rustls" ]; - "rustls-tls-native-roots" = [ "rustls-tls-native-roots-no-provider" "__rustls-ring" ]; - "rustls-tls-native-roots-no-provider" = [ "dep:rustls-native-certs" "hyper-rustls?/native-tokio" "__rustls" ]; - "rustls-tls-no-provider" = [ "rustls-tls-manual-roots-no-provider" ]; - "rustls-tls-webpki-roots" = [ "rustls-tls-webpki-roots-no-provider" "__rustls-ring" ]; - "rustls-tls-webpki-roots-no-provider" = [ "dep:webpki-roots" "hyper-rustls?/webpki-tokio" "__rustls" ]; + "native-tls" = [ "__native-tls" "__native-tls-alpn" ]; + "native-tls-no-alpn" = [ "__native-tls" ]; + "native-tls-vendored" = [ "__native-tls" "native-tls-crate?/vendored" "__native-tls-alpn" ]; + "native-tls-vendored-no-alpn" = [ "__native-tls" "native-tls-crate?/vendored" ]; + "query" = [ "dep:serde" "dep:serde_urlencoded" ]; + "rustls" = [ "__rustls-aws-lc-rs" "dep:rustls-platform-verifier" "__rustls" ]; + "rustls-no-provider" = [ "dep:rustls-platform-verifier" "__rustls" ]; "stream" = [ "tokio/fs" "dep:futures-util" "dep:tokio-util" "dep:wasm-streams" ]; "system-proxy" = [ "hyper-util/client-proxy-system" ]; "zstd" = [ "tower-http/decompression-zstd" ]; @@ -9852,7 +9865,7 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + rev = "46cd3f93a788d44d177a8794fde91fbefa3156d7"; sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "stackable_certs"; @@ -9989,10 +10002,6 @@ rec { name = "indoc"; packageId = "indoc"; } - { - name = "java-properties"; - packageId = "java-properties"; - } { name = "pin-project"; packageId = "pin-project"; @@ -10068,7 +10077,7 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + rev = "46cd3f93a788d44d177a8794fde91fbefa3156d7"; sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "stackable_operator"; @@ -10119,6 +10128,10 @@ rec { name = "indexmap"; packageId = "indexmap"; } + { + name = "java-properties"; + packageId = "java-properties"; + } { name = "jiff"; packageId = "jiff"; @@ -10234,12 +10247,17 @@ rec { name = "uuid"; packageId = "uuid"; } + { + name = "xml"; + packageId = "xml"; + } ]; features = { "certs" = [ "dep:stackable-certs" ]; + "client-feature-gates" = [ "dep:winnow" ]; "crds" = [ "dep:stackable-versioned" ]; "default" = [ "crds" ]; - "full" = [ "crds" "certs" "time" "webhook" "kube-ws" ]; + "full" = [ "client-feature-gates" "crds" "certs" "time" "webhook" "kube-ws" ]; "kube-ws" = [ "kube/ws" ]; "time" = [ "stackable-shared/time" ]; "webhook" = [ "dep:stackable-webhook" ]; @@ -10253,7 +10271,7 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + rev = "46cd3f93a788d44d177a8794fde91fbefa3156d7"; sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; procMacro = true; @@ -10283,12 +10301,12 @@ rec { }; "stackable-shared" = rec { crateName = "stackable-shared"; - version = "0.1.0"; + version = "0.1.1"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + rev = "46cd3f93a788d44d177a8794fde91fbefa3156d7"; sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "stackable_shared"; @@ -10364,12 +10382,12 @@ rec { }; "stackable-telemetry" = rec { crateName = "stackable-telemetry"; - version = "0.6.3"; + version = "0.6.4"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + rev = "46cd3f93a788d44d177a8794fde91fbefa3156d7"; sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "stackable_telemetry"; @@ -10413,7 +10431,7 @@ rec { { name = "opentelemetry_sdk"; packageId = "opentelemetry_sdk"; - features = [ "rt-tokio" "logs" "rt-tokio" "spec_unstable_logs_enabled" ]; + features = [ "rt-tokio" "logs" "rt-tokio" ]; } { name = "pin-project"; @@ -10479,7 +10497,7 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + rev = "46cd3f93a788d44d177a8794fde91fbefa3156d7"; sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "stackable_versioned"; @@ -10529,7 +10547,7 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + rev = "46cd3f93a788d44d177a8794fde91fbefa3156d7"; sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; procMacro = true; @@ -10597,7 +10615,7 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "a31cd2514445b251038fc4ea7abc28c57b2a6ad9"; + rev = "46cd3f93a788d44d177a8794fde91fbefa3156d7"; sha256 = "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96"; }; libName = "stackable_webhook"; @@ -11761,6 +11779,33 @@ rec { } ]; + }; + "tonic-types" = rec { + crateName = "tonic-types"; + version = "0.14.6"; + edition = "2024"; + sha256 = "1s286gg71pjajny8xar0azq1w9lgz1ks3jm3pccxb0qz0q11pavk"; + libName = "tonic_types"; + authors = [ + "Lucio Franco " + "Rafael Lemos " + ]; + dependencies = [ + { + name = "prost"; + packageId = "prost"; + } + { + name = "prost-types"; + packageId = "prost-types"; + } + { + name = "tonic"; + packageId = "tonic"; + usesDefaultFeatures = false; + } + ]; + }; "tower" = rec { crateName = "tower"; @@ -12215,9 +12260,9 @@ rec { }; "tracing-opentelemetry" = rec { crateName = "tracing-opentelemetry"; - version = "0.32.1"; + version = "0.33.0"; edition = "2021"; - sha256 = "1z2jjmxbkm1qawlb3bm99x8xwf4g8wjkbcknm9z4fv1w14nqzhhs"; + sha256 = "09nvxy5m7nxmifz4b6szdcyczapp2jcgxcac0jw4ax8klz5n9g5d"; libName = "tracing_opentelemetry"; dependencies = [ { @@ -13955,7 +14000,7 @@ rec { "Win32_Web" = [ "Win32" ]; "Win32_Web_InternetExplorer" = [ "Win32_Web" ]; }; - resolvedDefaultFeatures = [ "Win32" "Win32_Foundation" "Win32_System" "Win32_System_Diagnostics" "Win32_System_Diagnostics_Debug" "Win32_System_Threading" "default" ]; + resolvedDefaultFeatures = [ "Win32" "Win32_Foundation" "Win32_System" "Win32_System_Threading" "default" ]; }; "windows-sys 0.61.2" = rec { crateName = "windows-sys"; @@ -14217,7 +14262,7 @@ rec { "Win32_Web" = [ "Win32" ]; "Win32_Web_InternetExplorer" = [ "Win32_Web" ]; }; - resolvedDefaultFeatures = [ "Wdk" "Wdk_Foundation" "Wdk_Storage" "Wdk_Storage_FileSystem" "Wdk_System" "Wdk_System_IO" "Win32" "Win32_Foundation" "Win32_Networking" "Win32_Networking_WinSock" "Win32_Security" "Win32_Security_Authentication" "Win32_Security_Authentication_Identity" "Win32_Security_Credentials" "Win32_Security_Cryptography" "Win32_Storage" "Win32_Storage_FileSystem" "Win32_System" "Win32_System_Console" "Win32_System_IO" "Win32_System_LibraryLoader" "Win32_System_Memory" "Win32_System_Pipes" "Win32_System_SystemInformation" "Win32_System_SystemServices" "Win32_System_Threading" "Win32_System_WindowsProgramming" "default" ]; + resolvedDefaultFeatures = [ "Wdk" "Wdk_Foundation" "Wdk_Storage" "Wdk_Storage_FileSystem" "Wdk_System" "Wdk_System_IO" "Win32" "Win32_Foundation" "Win32_Networking" "Win32_Networking_WinSock" "Win32_Security" "Win32_Security_Authentication" "Win32_Security_Authentication_Identity" "Win32_Security_Credentials" "Win32_Security_Cryptography" "Win32_Storage" "Win32_Storage_FileSystem" "Win32_System" "Win32_System_Console" "Win32_System_Diagnostics" "Win32_System_Diagnostics_Debug" "Win32_System_IO" "Win32_System_LibraryLoader" "Win32_System_Memory" "Win32_System_Pipes" "Win32_System_SystemInformation" "Win32_System_SystemServices" "Win32_System_Threading" "Win32_System_WindowsProgramming" "default" ]; }; "windows-targets" = rec { crateName = "windows-targets"; diff --git a/Cargo.toml b/Cargo.toml index ab7f24b3..63b5274d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ edition = "2021" repository = "https://github.com/stackabletech/nifi-operator" [workspace.dependencies] -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.111.0", features = ["webhook"] } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.111.1", features = ["webhook"] } anyhow = "1.0" built = { version = "0.8", features = ["chrono", "git2"] } @@ -19,7 +19,6 @@ const_format = "0.2" fnv = "1.0" futures = { version = "0.3", features = ["compat"] } indoc = "2.0" -java-properties = "2.0" pin-project = "1.1" rand = "0.10" rstest = "0.26" diff --git a/crate-hashes.json b/crate-hashes.json index c76bf06c..cd03561e 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -3,8 +3,8 @@ "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-certs@0.4.0": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-operator-derive@0.3.1": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-operator@0.111.1": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", - "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-shared@0.1.0": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", - "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-telemetry@0.6.3": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", + "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-shared@0.1.1": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", + "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-telemetry@0.6.4": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-versioned-macros@0.10.0": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-versioned@0.10.0": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", "git+https://github.com/stackabletech//operator-rs.git?branch=smooth-operator#stackable-webhook@0.9.1": "0idpq1xdkr94zrd95xsvrwkj3bvzbii9a7qmw23rn5w4yiwgmj96", diff --git a/rust/operator-binary/Cargo.toml b/rust/operator-binary/Cargo.toml index 2539a0d4..b52ad2a9 100644 --- a/rust/operator-binary/Cargo.toml +++ b/rust/operator-binary/Cargo.toml @@ -17,7 +17,6 @@ const_format.workspace = true fnv.workspace = true futures.workspace = true indoc.workspace = true -java-properties.workspace = true pin-project.workspace = true rand.workspace = true semver.workspace = true diff --git a/rust/operator-binary/src/controller/build/config_map.rs b/rust/operator-binary/src/controller/build/config_map.rs index c5d4d926..9c08099f 100644 --- a/rust/operator-binary/src/controller/build/config_map.rs +++ b/rust/operator-binary/src/controller/build/config_map.rs @@ -53,7 +53,7 @@ pub enum Error { #[snafu(display("failed to serialize JVM security properties for {}", rolegroup))] JvmSecurityProperties { - source: crate::framework::writer::PropertiesWriterError, + source: stackable_operator::v2::config_file_writer::PropertiesWriterError, rolegroup: String, }, diff --git a/rust/operator-binary/src/controller/build/properties.rs b/rust/operator-binary/src/controller/build/properties.rs index 81d8969b..4f9cf3a9 100644 --- a/rust/operator-binary/src/controller/build/properties.rs +++ b/rust/operator-binary/src/controller/build/properties.rs @@ -1,7 +1,7 @@ //! Per-file builders for the NiFi rolegroup ConfigMap. //! //! Each `` module produces the rendered content for one NiFi config file. -//! The shared [`crate::framework::writer`] module serializes `.properties`/`.conf` +//! The shared [`stackable_operator::v2::config_file_writer`] module serializes `.properties`/`.conf` //! key/value maps to the Java-properties on-wire format. use std::collections::BTreeMap; diff --git a/rust/operator-binary/src/controller/build/properties/security_properties.rs b/rust/operator-binary/src/controller/build/properties/security_properties.rs index 97c9304c..8b857eae 100644 --- a/rust/operator-binary/src/controller/build/properties/security_properties.rs +++ b/rust/operator-binary/src/controller/build/properties/security_properties.rs @@ -2,10 +2,14 @@ use std::collections::BTreeMap; +use stackable_operator::v2::config_file_writer::{ + PropertiesWriterError, to_java_properties_string, +}; + use super::ConfigFileName; -use crate::{controller::validate::NifiRoleGroupConfig, framework::writer}; +use crate::controller::validate::NifiRoleGroupConfig; -pub fn build(rg: &NifiRoleGroupConfig) -> Result { +pub fn build(rg: &NifiRoleGroupConfig) -> Result { let mut props: BTreeMap> = BTreeMap::new(); // Defaults previously injected by deploy/config-spec/properties.yaml: props.insert( @@ -19,7 +23,7 @@ pub fn build(rg: &NifiRoleGroupConfig) -> Result(properties: T) -> Result -where - T: Iterator)>, -{ - let mut output = Vec::new(); - write_java_properties(&mut output, properties)?; - String::from_utf8(output).context(FromUtf8Snafu) -} - -/// Writes Java properties to the given writer. A `None` value is written as an -/// empty value (`key=`). -fn write_java_properties<'a, W, T>(writer: W, properties: T) -> Result<(), PropertiesWriterError> -where - W: Write, - T: Iterator)>, -{ - let mut writer = PropertiesWriter::new(writer); - for (k, v) in properties { - let property_value = v.as_deref().unwrap_or_default(); - writer.write(k, property_value).context(PropertiesSnafu)?; - } - writer.flush().context(PropertiesSnafu)?; - Ok(()) -} - -#[cfg(test)] -mod tests { - use std::collections::BTreeMap; - - use super::*; - - fn props(pairs: &[(&str, Option<&str>)]) -> String { - let map: BTreeMap> = pairs - .iter() - .map(|(k, v)| (k.to_string(), v.map(str::to_string))) - .collect(); - to_java_properties_string(map.iter()).unwrap() - } - - #[test] - fn java_properties_renders_key_value() { - assert_eq!(props(&[("a", Some("1")), ("b", Some("2"))]), "a=1\nb=2\n"); - } - - #[test] - fn java_properties_renders_none_as_empty() { - assert_eq!(props(&[("none", None)]), "none=\n"); - } - - #[test] - fn java_properties_escapes_colon_in_value() { - assert_eq!( - props(&[("url", Some("file://this/location/file.abc"))]), - "url=file\\://this/location/file.abc\n" - ); - } -}