[CSPL-1283] Fix AWS & minio S3 client code to support App framework on GCS #498

jryb · 2021-09-02T22:12:27Z

Problem

When attempting to access a bucket on GCS (which is S3 compatable) the aws and minio clients both fail. The aws client fails due to a missing region in the endpoint formatting. The minio client init container fails to download anything and the app-listing configmap is malformed:

[splunk@splunk-gcp-test-standalone-0 splunk]$ cat /mnt/app-listing/app-list-local.yaml 
splunk:
  app_paths_install:
    default:
      - "/init-apps/appframework1/application5.tgz"
      - "/init-apps/appframework1/application5.tgz"
      - "/init-apps/appframework1/application5.tgz"
      - "/init-apps/appframework1/application5.tgz"
      - "/init-apps/appframework1/application5.tgz"
      - "/init-apps/appframework1/application5.tgz"

Solution

Fix the init container command so that there are no "//" in the path.
Fix the List API so that it doesn't use object pointers and get stuck on the last app returned from minio list API.

Test

Create a bucket on GCS with a secret/access key. Create a GCS secret object and standalone referring to that remote store with minio as the provider:

apiVersion: v1
kind: Secret
metadata:
  name: af-gcp-secret
type: Opaque
data:
  s3_access_key: ==SHHHHHHHHHH==
  s3_secret_key: ==SHHHHHHHHHH==
------------
apiVersion: enterprise.splunk.com/v2
kind: Standalone
metadata:
  name: gcp-test
  finalizers:
  - enterprise.splunk.com/delete-pvc
spec:
  replicas: 1
  appRepo:
    appSources:
    - location: apps
      name: appframework1
      scope: local
      volumeName: volname
    appsRepoPollIntervalSeconds: 60
    volumes:
    - endpoint: https://storage.googleapis.com
      name: volname
      path: test-bkt
      provider: minio
      secretRef: af-gcp-secret
      storageType: s3

Make sure apps get downloaded and installed onto the standalone:

[splunk@splunk-gcp-test-standalone-0 splunk]$ ls -Rl /init-apps/
/init-apps/:
total 0
drwxr-sr-x 2 splunk splunk 126 Sep  2 19:25 appframework1

/init-apps/appframework1:
total 20
-rw-r--r-- 1 splunk splunk 1155 Sep  2 18:17 application1.tgz
-rw-r--r-- 1 splunk splunk 1148 Sep  2 18:17 application2.tgz
-rw-r--r-- 1 splunk splunk 1167 Sep  2 18:17 application3.tgz
-rw-r--r-- 1 splunk splunk 1154 Sep  2 18:17 application4.tgz
-rw-r--r-- 1 splunk splunk 1154 Sep  2 18:17 application5.tgz
[splunk@splunk-gcp-test-standalone-0 splunk]$ ls /mnt/app-listing/
app-list-local.yaml
[splunk@splunk-gcp-test-standalone-0 splunk]$ cat /mnt/app-listing/app-list-local.yaml 
splunk:
  app_paths_install:
    default:
      - "/init-apps/appframework1/application1.tgz"
      - "/init-apps/appframework1/application2.tgz"
      - "/init-apps/appframework1/application3.tgz"
      - "/init-apps/appframework1/application4.tgz"
      - "/init-apps/appframework1/application5.tgz"[splunk@splunk-gcp-test-standalone-0 splunk]$ '//.,mklhjbkghjkb^C////
[splunk@splunk-gcp-test-standalone-0 splunk]$ ls etc/apps/
SplunkForwarder       application5		     sample_app			  splunk_instrumentation
SplunkLightForwarder  appsbrowser		     search			  splunk_internal_metrics
alert_logevent	      introspection_generator_addon  splunk-dashboard-studio	  splunk_metrics_workspace
alert_webhook	      journald_input		     splunk_archiver		  splunk_monitoring_console
application1	      launcher			     splunk_enterprise_on_docker  splunk_rapid_diag
application2	      learned			     splunk_essentials_8_2	  splunk_secure_gateway
application3	      legacy			     splunk_gdi			  user-prefs
application4	      python_upgrade_readiness_app   splunk_httpinput
[splunk@splunk-gcp-test-standalone-0 splunk]$ export SPLUNK_ADMIN_PW=$(cat /mnt/splunk-secrets/password); bin/splunk display app -auth admin:$SPLUNK_ADMIN_PW
alert_logevent                 CONFIGURED          ENABLED             INVISIBLE           
alert_webhook                  CONFIGURED          ENABLED             INVISIBLE           
application1                   UNCONFIGURED        ENABLED             VISIBLE             
application2                   UNCONFIGURED        ENABLED             VISIBLE             
application3                   UNCONFIGURED        ENABLED             VISIBLE             
application4                   UNCONFIGURED        ENABLED             VISIBLE             
application5                   UNCONFIGURED        ENABLED             VISIBLE             
appsbrowser                    CONFIGURED          ENABLED             INVISIBLE           
introspection_generator_addon  CONFIGURED          ENABLED             INVISIBLE           
journald_input                 UNCONFIGURED        ENABLED             INVISIBLE           
launcher                       CONFIGURED          ENABLED             VISIBLE             
learned                        UNCONFIGURED        ENABLED             INVISIBLE           
legacy                         UNCONFIGURED        DISABLED            INVISIBLE           
python_upgrade_readiness_app   UNCONFIGURED        ENABLED             VISIBLE             
sample_app                     UNCONFIGURED        DISABLED            INVISIBLE           
search                         CONFIGURED          ENABLED             VISIBLE             
splunk-dashboard-studio        CONFIGURED          ENABLED             VISIBLE             
splunk_archiver                CONFIGURED          ENABLED             INVISIBLE           
splunk_enterprise_on_docker    CONFIGURED          ENABLED             INVISIBLE           
splunk_essentials_8_2          CONFIGURED          ENABLED             VISIBLE             
splunk_gdi                     UNCONFIGURED        ENABLED             INVISIBLE           
splunk_httpinput               UNCONFIGURED        ENABLED             INVISIBLE           
splunk_instrumentation         UNCONFIGURED        ENABLED             VISIBLE             
splunk_internal_metrics        UNCONFIGURED        ENABLED             INVISIBLE           
splunk_metrics_workspace       UNCONFIGURED        ENABLED             VISIBLE             
splunk_monitoring_console      UNCONFIGURED        ENABLED             VISIBLE             
splunk_rapid_diag              UNCONFIGURED        ENABLED             VISIBLE             
splunk_secure_gateway          UNCONFIGURED        ENABLED             VISIBLE             
SplunkForwarder                UNCONFIGURED        DISABLED            INVISIBLE           
SplunkLightForwarder           UNCONFIGURED        DISABLED            INVISIBLE

Every 2.0s: kubectl get pods                                jryb-MBP: Thu Sep  2 15:11:29 2021

NAME                                  READY   STATUS    RESTARTS   AGE
splunk-default-monitoring-console-0   0/1     Running   2          16m
splunk-gcp-test-standalone-0          1/1     Running   0          17m
splunk-operator-65c846679d-v4kjx      1/1     Running   0          21m

Add changes to minio client code to handle generic S3 compatable remote stores, namely GCS.

pkg/splunk/client/minioclient.go

* move m4 test to integration to clear smoke run (#487) * Feature circleci migration (#490) * Migration of Unit Test and Smoke Test pipelines from CircleCi to Github Actions (#441) * Update cron schedule * Fix a bug where standalone with replicas>1 won't come up (#489) * Added int test workflow and nightly workflows. (#493) * Modify monitoring console selection name to avoid eks cluster creation failure (#494) * Update the name of int test step (#496) * CSPL-1219 (#470) * [CSPL-1283] Fix AWS & minio S3 client code to support App framework on GCS (#498) * Fix minio S3 client code & incorrect minio initContainer ut Add changes to minio client code to handle generic S3 compatable remote stores, namely GCS. * CSPL-1301: Trigger app install for modified app pkgs (#503) * Trigger app install for modified app pkgs While an app package modification does trigger rewritteing the configmap. There are cases where this rewrite will result in the same data section as the previous version of the configmap (for example, when a single app is installed initially then modified.) When this is applied no change is detected and the Pod does not reset or install the new app. By adding a label to the configmap metadata, when an app package change is detected, we can increment this label. This will not affect the data in the configmap since the label is in the metadata section, however the label change will force a new ResourceVersion of the configmap and restart the pod, triggering the modified app install. [UPDATE] Instead of using a label in the ConfigMap metadata, reset the data in the app listing ConfigMap to nothing prior to setting it, forcing a new resourceVerison. * CSPL-1302: Bias-language removal Phase 1 [Comments & Docs] (#497) * Bias-language removal Phase 1 * CSPL-1316 : Avoid app framework flow from re-entrancy (#506) * Automated pre release workflow (#508) * CSPL-1230 Remove need for Secret keys in IAM env (#505) * CSPL-1230 Remove need for Secret keys in IAM env The operator code can be changed to allow no secretRef to be a valid volume config. If no secretRef is configured for a SmartStore or AppFramework volume, then assume the credentials are available on the env itself, possibly through a tool such as kube2iam. * Moved action file to right location (#510) * Update the URL on relese RULE (#512) * CSPL-1339: Fix make_bundle.sh to check for version change (#517) * Splunk Operator 1.0.3 release (#511) * Cspl 1335 official release workflow (#523) * Automated Release Workflow * Added automated workflow to merge develop to master * Fix typo in kubectl create secret command (#524) * Update README.md (#526) * Fix image push jobs from master branch (#530) * Fixing merge issues * CSPL-1298 (#521) * CSPL-1307: Bias-language removal Phase 1 (#504) Implement Github Actions workflow for Bias Language * Update spunk-operator image tag in release directory (#535) * CSPL-1327 App framework: App installation isn't triggered if 1 appsource is empty. (#519) * CSPL-1327 App install isn't triggered if 1 appsource is empty An empty `appSource` is not necessarily an error. Treat it as a no-op and throw a log message. * Adding fix for CSPL-1316 for MC * Update test case to accomodate Standalone Updating Phase * Merge issues * Fix Automation test case * Fix automation test * CSPL-1305 - Remove bias language from Paths & URLs (#509) * Bias-Lang Removal P1 - Handling Exceptions Consolidate Paths & URLs from external sources Include exceptions to GithubActions workflow * Fix URLs

* Merge master1.0.1 (#370) 1.0.1 Release * release/1.0.2 (#473) * release/1.0.2 - Addressing doc references to release 1.0.2 * - doc change * - Fixing the olm-catalog CRDs for the versions 1.0.0-RC, 1.0.0, and 1.0.1 (#475) * Fix role yaml * CSPL:1217 Added new cases for app version downgrade (#452) Co-authored-by: Sirish Mohan <68884189+smohan-splunk@users.noreply.github.com> * move m4 test to integration to clear smoke run (#487) * Feature circleci migration (#490) * Migration of Unit Test and Smoke Test pipelines from CircleCi to Github Actions (#441) * Update cron schedule * Fix a bug where standalone with replicas>1 won't come up (#489) * Added int test workflow and nightly workflows. (#493) * Modify monitoring console selection name to avoid eks cluster creation failure (#494) * Update the name of int test step (#496) * CSPL-1219 (#470) * [CSPL-1283] Fix AWS & minio S3 client code to support App framework on GCS (#498) * Fix minio S3 client code & incorrect minio initContainer ut Add changes to minio client code to handle generic S3 compatable remote stores, namely GCS. * CSPL-1301: Trigger app install for modified app pkgs (#503) * Trigger app install for modified app pkgs While an app package modification does trigger rewritteing the configmap. There are cases where this rewrite will result in the same data section as the previous version of the configmap (for example, when a single app is installed initially then modified.) When this is applied no change is detected and the Pod does not reset or install the new app. By adding a label to the configmap metadata, when an app package change is detected, we can increment this label. This will not affect the data in the configmap since the label is in the metadata section, however the label change will force a new ResourceVersion of the configmap and restart the pod, triggering the modified app install. [UPDATE] Instead of using a label in the ConfigMap metadata, reset the data in the app listing ConfigMap to nothing prior to setting it, forcing a new resourceVerison. * CSPL-1302: Bias-language removal Phase 1 [Comments & Docs] (#497) * Bias-language removal Phase 1 * CSPL-1316 : Avoid app framework flow from re-entrancy (#506) * Automated pre release workflow (#508) * CSPL-1230 Remove need for Secret keys in IAM env (#505) * CSPL-1230 Remove need for Secret keys in IAM env The operator code can be changed to allow no secretRef to be a valid volume config. If no secretRef is configured for a SmartStore or AppFramework volume, then assume the credentials are available on the env itself, possibly through a tool such as kube2iam. * Moved action file to right location (#510) * Update the URL on relese RULE (#512) * CSPL-1339: Fix make_bundle.sh to check for version change (#517) * Splunk Operator 1.0.3 release (#511) * Cspl 1335 official release workflow (#523) * Automated Release Workflow * Added automated workflow to merge develop to master * Fix typo in kubectl create secret command (#524) * Update README.md (#526) * Fix image push jobs from master branch (#530) * CSPL-1298 (#521) * CSPL-1307: Bias-language removal Phase 1 (#504) Implement Github Actions workflow for Bias Language * Update spunk-operator image tag in release directory (#535) * CSPL-1327 App framework: App installation isn't triggered if 1 appsource is empty. (#519) * CSPL-1327 App install isn't triggered if 1 appsource is empty An empty `appSource` is not necessarily an error. Treat it as a no-op and throw a log message. * CSPL-1305 - Remove bias language from Paths & URLs (#509) * Bias-Lang Removal P1 - Handling Exceptions Consolidate Paths & URLs from external sources Include exceptions to GithubActions workflow * CSPL-1305 - Resolved Nightly builds regression (#547) Fixing Bias Language URLs to use correct tokens * CSPL-1277: Check for status of bundle push on CM (#536) * CSPL-1310 Merge MC feature branch to develop (#548) * CSPL-1306 - Remove bias language from Functions & Local variables (#543) * Bias-Lang P1 - Removal from Functions & Vars Renamed Functions and variables Renamed non-CRD files Added local script for bias language * Generating CRDs after changes * Removing CRD changes for olm legacy versions * Added new image push to int test (#566) * CSPL:1387 Modify app upload logic to selectively upload apps within test case (#557) Co-authored-by: Sirish Mohan <68884189+smohan-splunk@users.noreply.github.com> * CSPL-1379 IDXC fails to scale up when MC CR is deployed with pre-existing IDXC (#562) * IDXC fails to scale up when MC CR is deployed in the namespace with pre existing IDXC * Review comments * CSPL-1438: Add missing mc test develop (#565) * Add Missing MC test in custom resource test * Add missing MC Test in License Manger * Add missing MC test in secret test cases * Cleanup for MC Missing test * CSPL-1412/CSPL-1413 Break down app framework tests (#567) * CSPL-1412 * Update appframework_test.go * CSPL-1447-updated-version-for-find-replace-action (#576) * Updated go version to 1.17.3 (#581) * Cspl 1456 fix nightly test failures by changing testenv length and cleanup env (#579) * CSPL-1443 increase length of random string in appframework test to avoid reuse of same namespace * CSPL-1443 change cleanup logic to delete env every time unless DEBUG is set to true * disabling failing smoke tests in S1 and C3

jryb added 2 commits September 2, 2021 14:56

Fix minio S3 client code

ac09999

Add changes to minio client code to handle generic S3 compatable remote stores, namely GCS.

Fix incorrect minio initContainer ut

4fc7fdb

jryb marked this pull request as ready for review September 3, 2021 18:54

jryb requested review from gaurav-splunk, sgontla and smohan-splunk September 3, 2021 18:54

sgontla reviewed Sep 3, 2021

View reviewed changes

pkg/splunk/client/minioclient.go Show resolved Hide resolved

sgontla approved these changes Sep 3, 2021

View reviewed changes

gaurav-splunk approved these changes Sep 3, 2021

View reviewed changes

smohan-splunk approved these changes Sep 7, 2021

View reviewed changes

smohan-splunk changed the title ~~Fix minio S3 client code~~ [CSPL-1283] Fix AWS & minio S3 client code to support GCS Sep 7, 2021

smohan-splunk changed the title ~~[CSPL-1283] Fix AWS & minio S3 client code to support GCS~~ [CSPL-1283] Fix AWS & minio S3 client code to support App framework on GCS Sep 7, 2021

smohan-splunk merged commit 9ecacba into develop Sep 7, 2021

jryb mentioned this pull request Aug 9, 2022

How to implement the App Framework in GCP? #861

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[CSPL-1283] Fix AWS & minio S3 client code to support App framework on GCS #498

[CSPL-1283] Fix AWS & minio S3 client code to support App framework on GCS #498

Uh oh!

jryb commented Sep 2, 2021

Uh oh!

Uh oh!

Uh oh!

[CSPL-1283] Fix AWS & minio S3 client code to support App framework on GCS #498

[CSPL-1283] Fix AWS & minio S3 client code to support App framework on GCS #498

Uh oh!

Conversation

jryb commented Sep 2, 2021

Problem

Solution

Test

Uh oh!

Uh oh!

Uh oh!