feat: make apikey auth optional (#12)

demeter-run · Jan 8, 2024 · d95e42e · d95e42e
1 parent 60df10a
commit d95e42e
Show file tree

Hide file tree

Showing 6 changed files with 254 additions and 162 deletions.
diff --git a/bootstrap/crds/main.tf b/bootstrap/crds/main.tf
@@ -8,6 +8,7 @@ resource "kubernetes_manifest" "customresourcedefinition_kupoports_demeter_run"
     "spec" = {
       "group" = "demeter.run"
       "names" = {
+        "categories" = []
         "kind" = "KupoPort"
         "plural" = "kupoports"
         "shortNames" = [
@@ -39,6 +40,11 @@ resource "kubernetes_manifest" "customresourcedefinition_kupoports_demeter_run"
               "name" = "Endpoint URL"
               "type" = "string"
             },
+            {
+              "jsonPath" = ".spec.authentication"
+              "name" = "Authentication"
+              "type" = "string"
+            },
             {
               "jsonPath" = ".status.authToken"
               "name" = "Auth Token"
@@ -52,6 +58,13 @@ resource "kubernetes_manifest" "customresourcedefinition_kupoports_demeter_run"
               "properties" = {
                 "spec" = {
                   "properties" = {
+                    "authentication" = {
+                      "enum" = [
+                        "none",
+                        "apiKey",
+                      ]
+                      "type" = "string"
+                    }
                     "network" = {
                       "enum" = [
                         "mainnet",
@@ -72,6 +85,7 @@ resource "kubernetes_manifest" "customresourcedefinition_kupoports_demeter_run"
                     }
                   }
                   "required" = [
+                    "authentication",
                     "network",
                     "operatorVersion",
                     "pruneUtxo",

diff --git a/operator/src/controller.rs b/operator/src/controller.rs
@@ -1,19 +1,20 @@
-use crate::{
-    auth::handle_auth,
-    gateway::{handle_http_route, handle_reference_grant},
-    Error, Metrics, Network, Result, State,
-};
 use futures::StreamExt;
 use kube::{
     api::ListParams,
     runtime::{controller::Action, watcher::Config as WatcherConfig, Controller},
-    Api, Client, CustomResource, ResourceExt,
+    Api, Client, CustomResource,
 };
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use std::{sync::Arc, time::Duration};
 use tracing::{error, info, instrument};
 
+use crate::{
+    auth::handle_auth,
+    gateway::{handle_http_route, handle_reference_grant},
+    Error, Metrics, Network, Result, State,
+};
+
 pub static KUPO_PORT_FINALIZER: &str = "kupoports.demeter.run";
 
 struct Context {
@@ -26,6 +27,13 @@ impl Context {
     }
 }
 
+#[derive(Debug, Clone, Deserialize, Serialize, JsonSchema)]
+#[serde(rename_all = "camelCase")]
+pub enum Authentication {
+    None,
+    ApiKey,
+}
+
 #[derive(CustomResource, Deserialize, Serialize, Clone, Debug, JsonSchema)]
 #[kube(
     kind = "KupoPort",
@@ -35,49 +43,36 @@ impl Context {
     namespaced
 )]
 #[kube(status = "KupoPortStatus")]
-#[kube(
-    printcolumn = r#"
+#[kube(printcolumn = r#"
         {"name": "Network", "jsonPath": ".spec.network", "type": "string"},
         {"name": "Pruned", "jsonPath": ".spec.pruneUtxo", "type": "boolean"},
         {"name": "Throughput Tier", "jsonPath":".spec.throughputTier", "type": "string"}, 
         {"name": "Endpoint URL", "jsonPath": ".status.endpointUrl", "type": "string"},
+        {"name": "Authentication", "jsonPath": ".spec.authentication", "type": "string"},
         {"name": "Auth Token", "jsonPath": ".status.authToken", "type": "string"}
-    "#
-)]
+    "#)]
 #[serde(rename_all = "camelCase")]
 pub struct KupoPortSpec {
     pub operator_version: String,
     pub network: Network,
     pub prune_utxo: bool,
     // throughput should be 0, 1, 2
     pub throughput_tier: String,
+    pub authentication: Authentication,
 }
 
 #[derive(Deserialize, Serialize, Clone, Default, Debug, JsonSchema)]
 #[serde(rename_all = "camelCase")]
 pub struct KupoPortStatus {
-    #[serde(skip_serializing_if = "Option::is_none")]
     pub endpoint_url: Option<String>,
     #[serde(skip_serializing_if = "Option::is_none")]
     pub auth_token: Option<String>,
 }
 
-fn build_private_dns_service_name(network: &Network, prune_utxo: bool) -> String {
-    if prune_utxo {
-        return format!("kupo-{}-pruned", network);
-    }
-    format!("kupo-{}", network)
-}
-
 async fn reconcile(crd: Arc<KupoPort>, ctx: Arc<Context>) -> Result<Action> {
-    let client = ctx.client.clone();
-    let namespace = crd.namespace().unwrap();
-
-    let private_dns_service_name =
-        build_private_dns_service_name(&crd.spec.network, crd.spec.prune_utxo);
-    handle_reference_grant(client.clone(), &namespace, &crd, &private_dns_service_name).await?;
-    handle_http_route(client.clone(), &namespace, &crd, &private_dns_service_name).await?;
-    handle_auth(client.clone(), &namespace, &crd).await?;
+    handle_reference_grant(ctx.client.clone(), &crd).await?;
+    handle_http_route(ctx.client.clone(), &crd).await?;
+    handle_auth(ctx.client.clone(), &crd).await?;
 
     Ok(Action::await_change())
 }