diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e5b3f2c..702da329 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ ### Added +- Support for passing CAs to GitSync ([#750]). - Add support for airflow 3.1.6 ([#742]). - Add operator versioning ([#725]). - GitSync considered for v1alpha1 and v1alpha2 @@ -29,6 +30,7 @@ [#734]: https://github.com/stackabletech/airflow-operator/pull/734 [#741]: https://github.com/stackabletech/airflow-operator/pull/741 [#742]: https://github.com/stackabletech/airflow-operator/pull/742 +[#750]: https://github.com/stackabletech/airflow-operator/pull/750 [#752]: https://github.com/stackabletech/airflow-operator/pull/752 ## [25.11.0] - 2025-11-07 diff --git a/Cargo.lock b/Cargo.lock index fb0571e7..e30e8e7a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -97,9 +97,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.101" +version = "1.0.102" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f0e0fee31ef5ed1ba1316088939cea399010ed7731dba877ed44aeb407a75ea" +checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" [[package]] name = "arc-swap" @@ -141,7 +141,7 @@ checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -152,7 +152,7 @@ checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -290,9 +290,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.20.1" +version = "3.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c6f81257d10a0f602a294ae4182251151ff97dbb504ef9afcdda4a64b24d9b4" +checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb" [[package]] name = "bytes" @@ -342,9 +342,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.59" +version = "4.5.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5caf74d17c3aec5495110c34cc3f78644bfa89af6c8993ed4de2790e49b6499" +checksum = "2797f34da339ce31042b27d23607e051786132987f595b02ba4f6a6dffb7030a" dependencies = [ "clap_builder", "clap_derive", @@ -352,9 +352,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.59" +version = "4.5.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "370daa45065b80218950227371916a1633217ae42b2715b2287b606dcd618e24" +checksum = "24a241312cea5059b13574bb9b3861cabf758b879c15190b37b6d6fd63ab6876" dependencies = [ "anstream", "anstyle", @@ -371,7 +371,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -539,7 +539,7 @@ dependencies = [ "proc-macro2", "quote", "strsim", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -550,7 +550,7 @@ checksum = "ac3984ec7bd6cfa798e62b4a642426a5be0e68f9401cfc2a01e3fa9ea2fcdb8d" dependencies = [ "darling_core", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -561,7 +561,7 @@ checksum = "780eb241654bf097afb00fc5f054a09b687dad862e485fdcf8399bb056565370" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -585,7 +585,7 @@ checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -615,7 +615,7 @@ dependencies = [ "proc-macro2", "quote", "rustc_version", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -638,7 +638,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -690,7 +690,7 @@ dependencies = [ "enum-ordinalize", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -754,7 +754,7 @@ checksum = "8ca9601fb2d62598ee17836250842873a413586e5d7ed88b356e38ddbb0ec631" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -932,7 +932,7 @@ checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -1479,7 +1479,7 @@ checksum = "f7946b4325269738f270bb55b3c19ab5c5040525f83fd625259422a9d25d9be5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -1568,7 +1568,7 @@ dependencies = [ [[package]] name = "k8s-version" version = "0.1.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#f9b117c8c08557e9774f33145bb009fb74cb2437" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#b390044d178f2d774c173cc5509b55111608e9c5" dependencies = [ "darling", "regex", @@ -1649,7 +1649,7 @@ dependencies = [ "quote", "serde", "serde_json", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2076,7 +2076,7 @@ dependencies = [ "pest_meta", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2106,7 +2106,7 @@ checksum = "6e918e4ff8c4549eb882f14b3a4bc8c8bc93de829416eacf579f1207a8fbf861" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2194,7 +2194,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" dependencies = [ "proc-macro2", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2260,7 +2260,7 @@ dependencies = [ "itertools", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2379,7 +2379,7 @@ checksum = "b7186006dcb21920990093f30e3dea63b7d6e977bf1256be20c3563a5db070da" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2521,7 +2521,7 @@ dependencies = [ "regex", "relative-path", "rustc_version", - "syn 2.0.116", + "syn 2.0.117", "unicode-ident", ] @@ -2625,7 +2625,7 @@ dependencies = [ "proc-macro2", "quote", "serde_derive_internals", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2659,9 +2659,9 @@ dependencies = [ [[package]] name = "security-framework" -version = "3.6.0" +version = "3.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d17b898a6d6948c3a8ee4372c17cb384f90d2e6e912ef00895b14fd7ab54ec38" +checksum = "b7f4bc775c73d9a02cde8bf7b2ec4c9d12743edf609006c7facc23998404cd1d" dependencies = [ "bitflags", "core-foundation", @@ -2672,9 +2672,9 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.16.0" +version = "2.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "321c8673b092a9a42605034a9879d73cb79101ed5fd117bc9a597b89b4e9e61a" +checksum = "6ce2691df843ecc5d231c0b14ece2acc3efb62c0a398c7e1d875f3983ce020e3" dependencies = [ "core-foundation-sys", "libc", @@ -2723,7 +2723,7 @@ checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2734,7 +2734,7 @@ checksum = "18d26a20a969b9e3fdf2fc2d9f21eda6c40e2de84c9408bb5d3b05d499aae711" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2900,7 +2900,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -2963,7 +2963,7 @@ dependencies = [ [[package]] name = "stackable-certs" version = "0.4.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#f9b117c8c08557e9774f33145bb009fb74cb2437" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#b390044d178f2d774c173cc5509b55111608e9c5" dependencies = [ "const-oid", "ecdsa", @@ -2987,7 +2987,7 @@ dependencies = [ [[package]] name = "stackable-operator" version = "0.106.2" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#f9b117c8c08557e9774f33145bb009fb74cb2437" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#b390044d178f2d774c173cc5509b55111608e9c5" dependencies = [ "clap", "const_format", @@ -3026,18 +3026,18 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#f9b117c8c08557e9774f33145bb009fb74cb2437" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#b390044d178f2d774c173cc5509b55111608e9c5" dependencies = [ "darling", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] name = "stackable-shared" version = "0.1.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#f9b117c8c08557e9774f33145bb009fb74cb2437" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#b390044d178f2d774c173cc5509b55111608e9c5" dependencies = [ "jiff", "k8s-openapi", @@ -3054,7 +3054,7 @@ dependencies = [ [[package]] name = "stackable-telemetry" version = "0.6.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#f9b117c8c08557e9774f33145bb009fb74cb2437" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#b390044d178f2d774c173cc5509b55111608e9c5" dependencies = [ "axum", "clap", @@ -3078,7 +3078,7 @@ dependencies = [ [[package]] name = "stackable-versioned" version = "0.8.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#f9b117c8c08557e9774f33145bb009fb74cb2437" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#b390044d178f2d774c173cc5509b55111608e9c5" dependencies = [ "schemars", "serde", @@ -3091,7 +3091,7 @@ dependencies = [ [[package]] name = "stackable-versioned-macros" version = "0.8.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#f9b117c8c08557e9774f33145bb009fb74cb2437" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#b390044d178f2d774c173cc5509b55111608e9c5" dependencies = [ "convert_case", "convert_case_extras", @@ -3103,13 +3103,13 @@ dependencies = [ "kube", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] name = "stackable-webhook" version = "0.9.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#f9b117c8c08557e9774f33145bb009fb74cb2437" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#b390044d178f2d774c173cc5509b55111608e9c5" dependencies = [ "arc-swap", "async-trait", @@ -3161,7 +3161,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3183,9 +3183,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.116" +version = "2.0.117" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3df424c70518695237746f84cede799c9c58fcb37450d7b23716568cc8bc69cb" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" dependencies = [ "proc-macro2", "quote", @@ -3209,7 +3209,7 @@ checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3238,7 +3238,7 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3249,7 +3249,7 @@ checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3320,7 +3320,7 @@ checksum = "2d2e76690929402faae40aebdda620a2c0e25dd6d3b9afe48867dfd95991f4bd" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3348,7 +3348,7 @@ checksum = "af407857209536a95c8e56f8231ef2c2e2aff839b22e07a1ffcbc617e9db9fa5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3418,9 +3418,9 @@ dependencies = [ [[package]] name = "tonic" -version = "0.14.4" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f32a6f80051a4111560201420c7885d0082ba9efe2ab61875c587bb6b18b9a0" +checksum = "fec7c61a0695dc1887c1b53952990f3ad2e3a31453e1f49f10e75424943a93ec" dependencies = [ "async-trait", "base64", @@ -3445,9 +3445,9 @@ dependencies = [ [[package]] name = "tonic-prost" -version = "0.14.4" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f86539c0089bfd09b1f8c0ab0239d80392af74c21bc9e0f15e1b4aca4c1647f" +checksum = "a55376a0bbaa4975a3f10d009ad763d8f4108f067c7c2e74f3001fb49778d309" dependencies = [ "bytes", "prost", @@ -3538,7 +3538,7 @@ checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3779,7 +3779,7 @@ dependencies = [ "bumpalo", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", "wasm-bindgen-shared", ] @@ -3867,7 +3867,7 @@ checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -3878,7 +3878,7 @@ checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -4100,7 +4100,7 @@ dependencies = [ "heck", "indexmap", "prettyplease", - "syn 2.0.116", + "syn 2.0.117", "wasm-metadata", "wit-bindgen-core", "wit-component", @@ -4116,7 +4116,7 @@ dependencies = [ "prettyplease", "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", "wit-bindgen-core", "wit-bindgen-rust", ] @@ -4203,7 +4203,7 @@ checksum = "b659052874eb698efe5b9e8cf382204678a0086ebf46982b79d6ca3182927e5d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", "synstructure", ] @@ -4224,7 +4224,7 @@ checksum = "4122cd3169e94605190e77839c9a40d40ed048d305bfdc146e7df40ab0f3e517" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -4244,7 +4244,7 @@ checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", "synstructure", ] @@ -4265,7 +4265,7 @@ checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] @@ -4298,7 +4298,7 @@ checksum = "eadce39539ca5cb3985590102671f2567e659fca9666581ad3411d59207951f3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.116", + "syn 2.0.117", ] [[package]] diff --git a/Cargo.nix b/Cargo.nix index 58729c37..35b4a862 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -332,14 +332,13 @@ rec { }; "anyhow" = rec { crateName = "anyhow"; - version = "1.0.101"; + version = "1.0.102"; edition = "2021"; - sha256 = "1skmg90fnjnlgs3vl7bksw7036d3rqwqj20n2fxd2ppg67p0y3jz"; + sha256 = "0b447dra1v12z474c6z4jmicdmc5yxz5bakympdnij44ckw2s83z"; authors = [ "David Tolnay " ]; features = { - "backtrace" = [ "dep:backtrace" ]; "default" = [ "std" ]; }; resolvedDefaultFeatures = [ "default" "std" ]; @@ -440,7 +439,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" "visit-mut" ]; } ]; @@ -467,7 +466,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "clone-impls" "full" "parsing" "printing" "proc-macro" "visit-mut" ]; } @@ -931,9 +930,9 @@ rec { }; "bumpalo" = rec { crateName = "bumpalo"; - version = "3.20.1"; + version = "3.20.2"; edition = "2021"; - sha256 = "1d6r4i5sd96xzjdfy15mvfbzyl8i4n143blll81gd80hgljq2vsw"; + sha256 = "1jrgxlff76k9glam0akhwpil2fr1w32gbjdf5hpipc7ld2c7h82x"; authors = [ "Nick Fitzgerald " ]; @@ -1096,10 +1095,10 @@ rec { }; "clap" = rec { crateName = "clap"; - version = "4.5.59"; + version = "4.5.60"; edition = "2021"; crateBin = []; - sha256 = "16b4kgj909yyshz9kj7nkalbyi46yz1lrhqha54wbbn32x6zgjn5"; + sha256 = "02h3nzznssjgp815nnbzk0r62y2iw03kdli75c233kirld6z75r7"; dependencies = [ { name = "clap_builder"; @@ -1138,9 +1137,9 @@ rec { }; "clap_builder" = rec { crateName = "clap_builder"; - version = "4.5.59"; + version = "4.5.60"; edition = "2021"; - sha256 = "094fc76nsq3v52r1a9rbwix22cqnda8p2wr2a24j302v0r2sl39p"; + sha256 = "0xk8mdizvmmn6w5ij5cwhy5pbgyac4w9pfvl6nqmjl7a5hql38i4"; dependencies = [ { name = "anstream"; @@ -1196,7 +1195,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" ]; } ]; @@ -1658,7 +1657,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" "extra-traits" ]; } ]; @@ -1689,7 +1688,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; @@ -1715,7 +1714,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" "visit-mut" ]; } ]; @@ -1792,7 +1791,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "extra-traits" ]; } ]; @@ -1894,7 +1893,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; buildDependencies = [ @@ -1991,7 +1990,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; features = { @@ -2157,13 +2156,13 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; devDependencies = [ { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" ]; } ]; @@ -2364,7 +2363,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; features = { @@ -2877,7 +2876,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" ]; } ]; @@ -4798,7 +4797,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; features = { @@ -5052,9 +5051,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "f9b117c8c08557e9774f33145bb009fb74cb2437"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "b390044d178f2d774c173cc5509b55111608e9c5"; + sha256 = "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm"; }; libName = "k8s_version"; authors = [ @@ -5520,7 +5519,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "extra-traits" ]; } ]; @@ -7026,7 +7025,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; features = { @@ -7095,7 +7094,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "parsing" "printing" "clone-impls" "proc-macro" "full" "visit-mut" ]; } @@ -7310,7 +7309,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "full" ]; } @@ -7323,7 +7322,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "clone-impls" "extra-traits" "parsing" "printing" "visit-mut" ]; } @@ -7511,7 +7510,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "extra-traits" ]; } ]; @@ -7843,7 +7842,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; @@ -8501,7 +8500,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" "parsing" "extra-traits" "visit" "visit-mut" ]; } { @@ -8843,13 +8842,13 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; devDependencies = [ { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "extra-traits" ]; } ]; @@ -8949,9 +8948,9 @@ rec { }; "security-framework" = rec { crateName = "security-framework"; - version = "3.6.0"; - edition = "2021"; - sha256 = "0f7cajmxfkxijl4g0blidqp0vyc4ndyc2wj3xslc6j39dn58jyyi"; + version = "3.7.0"; + edition = "2024"; + sha256 = "07fd0j29j8yczb3hd430vwz784lx9knb5xwbvqna1nbkbivvrx5p"; libName = "security_framework"; authors = [ "Steven Fackler " @@ -8981,21 +8980,19 @@ rec { } ]; features = { - "OSX_10_12" = [ "security-framework-sys/OSX_10_12" ]; - "OSX_10_13" = [ "OSX_10_12" "security-framework-sys/OSX_10_13" "alpn" "session-tickets" ]; - "OSX_10_14" = [ "OSX_10_13" "security-framework-sys/OSX_10_14" ]; - "OSX_10_15" = [ "OSX_10_14" "security-framework-sys/OSX_10_15" ]; - "default" = [ "OSX_10_12" ]; + "OSX_10_15" = [ "security-framework-sys/OSX_10_15" ]; + "default" = [ "OSX_10_14" "alpn" "session-tickets" ]; "log" = [ "dep:log" ]; + "macos-12" = [ "security-framework-sys/macos-12" ]; "sync-keychain" = [ "OSX_10_13" ]; }; - resolvedDefaultFeatures = [ "OSX_10_12" "default" ]; + resolvedDefaultFeatures = [ "OSX_10_14" "alpn" "default" "session-tickets" ]; }; "security-framework-sys" = rec { crateName = "security-framework-sys"; - version = "2.16.0"; + version = "2.17.0"; edition = "2021"; - sha256 = "06p6x6s8jysrkay1glazxl0r3drwsxwrhjh30lka9acjn1rqc71j"; + sha256 = "1qr0w0y9iwvmv3hwg653q1igngnc5b74xcf0679cbv23z0fnkqkc"; libName = "security_framework_sys"; authors = [ "Steven Fackler " @@ -9012,15 +9009,8 @@ rec { } ]; features = { - "OSX_10_10" = [ "OSX_10_9" ]; - "OSX_10_11" = [ "OSX_10_10" ]; - "OSX_10_12" = [ "OSX_10_11" ]; - "OSX_10_13" = [ "OSX_10_12" ]; - "OSX_10_14" = [ "OSX_10_13" ]; - "OSX_10_15" = [ "OSX_10_14" ]; - "default" = [ "OSX_10_12" ]; + "default" = [ "OSX_10_13" ]; }; - resolvedDefaultFeatures = [ "OSX_10_10" "OSX_10_11" "OSX_10_12" "OSX_10_9" ]; }; "semver" = rec { crateName = "semver"; @@ -9142,7 +9132,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "clone-impls" "derive" "parsing" "printing" "proc-macro" ]; } @@ -9174,7 +9164,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "clone-impls" "derive" "parsing" "printing" ]; } @@ -9661,7 +9651,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" ]; } ]; @@ -9880,9 +9870,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "f9b117c8c08557e9774f33145bb009fb74cb2437"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "b390044d178f2d774c173cc5509b55111608e9c5"; + sha256 = "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm"; }; libName = "stackable_certs"; authors = [ @@ -9983,9 +9973,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "f9b117c8c08557e9774f33145bb009fb74cb2437"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "b390044d178f2d774c173cc5509b55111608e9c5"; + sha256 = "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm"; }; libName = "stackable_operator"; authors = [ @@ -10156,9 +10146,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "f9b117c8c08557e9774f33145bb009fb74cb2437"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "b390044d178f2d774c173cc5509b55111608e9c5"; + sha256 = "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -10180,7 +10170,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; @@ -10191,9 +10181,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "f9b117c8c08557e9774f33145bb009fb74cb2437"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "b390044d178f2d774c173cc5509b55111608e9c5"; + sha256 = "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm"; }; libName = "stackable_shared"; authors = [ @@ -10272,9 +10262,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "f9b117c8c08557e9774f33145bb009fb74cb2437"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "b390044d178f2d774c173cc5509b55111608e9c5"; + sha256 = "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm"; }; libName = "stackable_telemetry"; authors = [ @@ -10382,9 +10372,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "f9b117c8c08557e9774f33145bb009fb74cb2437"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "b390044d178f2d774c173cc5509b55111608e9c5"; + sha256 = "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm"; }; libName = "stackable_versioned"; authors = [ @@ -10426,9 +10416,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "f9b117c8c08557e9774f33145bb009fb74cb2437"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "b390044d178f2d774c173cc5509b55111608e9c5"; + sha256 = "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm"; }; procMacro = true; libName = "stackable_versioned_macros"; @@ -10483,7 +10473,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; @@ -10494,9 +10484,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "f9b117c8c08557e9774f33145bb009fb74cb2437"; - sha256 = "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "b390044d178f2d774c173cc5509b55111608e9c5"; + sha256 = "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm"; }; libName = "stackable_webhook"; authors = [ @@ -10674,7 +10664,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "parsing" ]; } ]; @@ -10728,11 +10718,11 @@ rec { }; resolvedDefaultFeatures = [ "clone-impls" "default" "derive" "full" "parsing" "printing" "proc-macro" "quote" ]; }; - "syn 2.0.116" = rec { + "syn 2.0.117" = rec { crateName = "syn"; - version = "2.0.116"; + version = "2.0.117"; edition = "2021"; - sha256 = "1jv9pk48qmhn6yrdfl3lngy5i74wg7gcx13gfhvm4s8q0p3j9x1x"; + sha256 = "16cv7c0wbn8amxc54n4w15kxlx5ypdmla8s0gxr2l7bv7s0bhrg6"; authors = [ "David Tolnay " ]; @@ -10804,7 +10794,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "derive" "parsing" "printing" "clone-impls" "visit" "extra-traits" ]; } @@ -10871,7 +10861,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; @@ -10897,7 +10887,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; } ]; @@ -11114,7 +11104,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "parsing" ]; } ]; @@ -11260,7 +11250,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" ]; } ]; @@ -11487,9 +11477,9 @@ rec { }; "tonic" = rec { crateName = "tonic"; - version = "0.14.4"; + version = "0.14.5"; edition = "2021"; - sha256 = "185r31mvp1y5flcbcapyksx8402xi33j0510c0ai392i03wacckz"; + sha256 = "1v4k7aa28m7722gz9qak2jiy7lis1ycm4fdmq63iip4m0qdcdizy"; authors = [ "Lucio Franco " ]; @@ -11587,7 +11577,7 @@ rec { { name = "tokio"; packageId = "tokio"; - features = [ "rt-multi-thread" "macros" ]; + features = [ "rt-multi-thread" "macros" "test-util" ]; } { name = "tower"; @@ -11616,9 +11606,9 @@ rec { }; "tonic-prost" = rec { crateName = "tonic-prost"; - version = "0.14.4"; + version = "0.14.5"; edition = "2021"; - sha256 = "0zv4q6jard712l7rxg119kvjlfc0kliv02lc3ydx1gw902f571lz"; + sha256 = "02fkg2bv87q0yds2wz3w0s7i1x6qcgbrl00dy6ipajdapfh7clx5"; libName = "tonic_prost"; authors = [ "Lucio Franco " @@ -12018,7 +12008,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "full" "parsing" "printing" "visit-mut" "clone-impls" "extra-traits" "proc-macro" ]; } @@ -12757,7 +12747,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "visit" "visit-mut" "full" ]; } { @@ -13469,7 +13459,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "parsing" "proc-macro" "printing" "full" "clone-impls" ]; } @@ -13496,7 +13486,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; usesDefaultFeatures = false; features = [ "parsing" "proc-macro" "printing" "full" "clone-impls" ]; } @@ -14672,7 +14662,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "printing" ]; } { @@ -14723,7 +14713,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "printing" ]; } { @@ -15036,7 +15026,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "fold" ]; } { @@ -15104,14 +15094,14 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" ]; } ]; devDependencies = [ { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "visit" ]; } ]; @@ -15160,7 +15150,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "fold" ]; } { @@ -15214,7 +15204,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "full" "extra-traits" "visit" ]; } ]; @@ -15316,7 +15306,7 @@ rec { } { name = "syn"; - packageId = "syn 2.0.116"; + packageId = "syn 2.0.117"; features = [ "extra-traits" ]; } ]; diff --git a/Cargo.toml b/Cargo.toml index ef37b3ec..3e43a177 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -33,5 +33,6 @@ tokio = { version = "1.40", features = ["full"] } tracing = "0.1" [patch."https://github.com/stackabletech/operator-rs.git"] -# stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" } +# TODO revert this before merging! +stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "feat/gitsync-ca-support" } # stackable-operator = { path = "../operator-rs/crates/stackable-operator" } diff --git a/crate-hashes.json b/crate-hashes.json index b41e87f3..8f9e88d3 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -4,14 +4,14 @@ "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube-derive@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube-runtime@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", "git+https://github.com/kube-rs/kube-rs?rev=fe69cc486ff8e62a7da61d64ec3ebbd9e64c43b5#kube@3.0.1": "1irm4g79crlxjm3iqrgvx0f6wxdcj394ky84q89pk9i36y2mlw3n", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#k8s-version@0.1.3": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#stackable-certs@0.4.0": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#stackable-operator-derive@0.3.1": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#stackable-operator@0.106.2": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#stackable-shared@0.1.0": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#stackable-telemetry@0.6.1": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#stackable-versioned-macros@0.8.3": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#stackable-versioned@0.8.3": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.106.2#stackable-webhook@0.9.0": "1yg7hbpgclp1zvfnhi4qkrwbgsa19v86plh77vqvwxzdxxxvxr4c", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#k8s-version@0.1.3": "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-certs@0.4.0": "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-operator-derive@0.3.1": "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-operator@0.106.2": "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-shared@0.1.0": "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-telemetry@0.6.1": "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-versioned-macros@0.8.3": "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-versioned@0.8.3": "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fgitsync-ca-support#stackable-webhook@0.9.0": "1k1y9w6bgz94vnj9rfrn1l2x6zvls7anrriy57cyh89a31m688cm", "git+https://github.com/stackabletech/product-config.git?tag=0.8.0#product-config@0.8.0": "1dz70kapm2wdqcr7ndyjji0lhsl98bsq95gnb2lw487wf6yr7987" } \ No newline at end of file diff --git a/docs/modules/airflow/examples/example-airflow-gitsync-https.yaml b/docs/modules/airflow/examples/example-airflow-gitsync-https.yaml index 7589c9eb..f35432e7 100644 --- a/docs/modules/airflow/examples/example-airflow-gitsync-https.yaml +++ b/docs/modules/airflow/examples/example-airflow-gitsync-https.yaml @@ -22,7 +22,12 @@ spec: --rev: HEAD # <10> # --rev: git-sync-tag # N.B. tag must be covered by "depth" (the number of commits to clone) # --rev: 39ee3598bd9946a1d958a448c9f7d3774d7a8043 # N.B. commit must be covered by "depth" - --git-config: http.sslCAInfo:/tmp/ca-cert/ca.crt # <11> + # --git-config: http.sslCAInfo:/tmp/ca-cert/ca.crt # N.B. this will trigger a warning if caCertSecretName is also supplied + tls: + verification: + server: + caCert: + secretClass: git-ca-cert # <11> webservers: ... --- diff --git a/docs/modules/airflow/pages/usage-guide/mounting-dags.adoc b/docs/modules/airflow/pages/usage-guide/mounting-dags.adoc index cd03fc3b..e987f5e4 100644 --- a/docs/modules/airflow/pages/usage-guide/mounting-dags.adoc +++ b/docs/modules/airflow/pages/usage-guide/mounting-dags.adoc @@ -65,10 +65,15 @@ include::example$example-airflow-gitsync-https.yaml[] This should include two fields: `user` and `password` (which can be either a password -- which is not recommended -- or a GitHub token, as described https://github.com/kubernetes/git-sync/tree/v3.6.4#flags-which-configure-authentication[here]) <9> A map of optional configuration settings that are listed in https://github.com/kubernetes/git-sync/tree/v4.2.1?tab=readme-ov-file#manual[this] configuration section (and the ones that follow on that link) <10> An example showing how to specify a target revision (the default is HEAD). - The revision can also be a tag or a commit, though this assumes that the target hash is contained within the number of commits specified by `depth`. - If a tag or commit hash is specified, then git-sync recognizes this and does not perform further cloning. -<11> Git-sync settings can be provided inline, although some of these (`--dest`, `--root`) are specified internally in the operator and are ignored if provided by the user. - Git-config settings can also be specified, although a warning is logged if `safe.directory` is specified as this is defined internally, and should not be defined by the user. + The revision can also be a tag or a commit, though this assumes that the target hash is contained within the number of commits specified by `depth`. + If a tag or commit hash is specified, then git-sync recognizes this and does not perform further cloning. + Git-sync settings can be provided inline, although some of these (`--dest`, `--root`) are specified internally in the operator and are ignored if provided by the user. + Git-config settings can also be specified, although a warning is logged if `safe.directory` is specified as this is defined internally, and should not be defined by the user. +<11> An optional reference to the SecretClass used for holding CA certificates that will be used to verify the git server's TLS certificate by passing it to the git config option `http.sslCAInfo` passed with the gitsync command. + The associated secret must have a key named `ca.crt` whose value is the PEM-encoded certificate bundle. + If this field is set to `webPki: {}` or is omitted altogether, then no changes will be made to the gitsync command and it will default to presenting no certificate to the backend. + Omitting this field is non-breaking behaviour and as such it does *not* set `http.sslverify` to `false` as disabling security checks should be a last resort and not something activated by default. + This can still be achieved by passing `--git-config: http.sslverify=false` explicitly. .git-sync usage example: ssh [source,yaml] diff --git a/extra/crds.yaml b/extra/crds.yaml index 288919db..62253144 100644 --- a/extra/crds.yaml +++ b/extra/crds.yaml @@ -1213,6 +1213,51 @@ spec: description: 'The git repository URL that will be cloned, for example: `https://github.com/stackabletech/airflow-operator` or `ssh://git@github.com:stackable-airflow/dags.git`.' format: uri type: string + tls: + description: Use a TLS connection. If not specified no TLS will be used. + nullable: true + properties: + verification: + description: The verification method used to verify the certificates of the server and/or the client. + oneOf: + - required: + - none + - required: + - server + properties: + none: + description: Use TLS but don't verify certificates. + type: object + server: + description: Use TLS and a CA certificate to verify the server. + properties: + caCert: + description: CA cert to verify the server. + oneOf: + - required: + - webPki + - required: + - secretClass + properties: + secretClass: + description: |- + Name of the [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) which will provide the CA certificate. + Note that a SecretClass does not need to have a key but can also work with just a CA certificate, + so if you got provided with a CA cert but don't have access to the key you can still use this method. + type: string + webPki: + description: |- + Use TLS and the CA certificates trusted by the common web browsers to verify the server. + This can be useful when you e.g. use public AWS S3 or other public available services. + type: object + type: object + required: + - caCert + type: object + type: object + required: + - verification + type: object wait: default: 20s description: |- @@ -7068,6 +7113,51 @@ spec: description: 'The git repository URL that will be cloned, for example: `https://github.com/stackabletech/airflow-operator` or `ssh://git@github.com:stackable-airflow/dags.git`.' format: uri type: string + tls: + description: Use a TLS connection. If not specified no TLS will be used. + nullable: true + properties: + verification: + description: The verification method used to verify the certificates of the server and/or the client. + oneOf: + - required: + - none + - required: + - server + properties: + none: + description: Use TLS but don't verify certificates. + type: object + server: + description: Use TLS and a CA certificate to verify the server. + properties: + caCert: + description: CA cert to verify the server. + oneOf: + - required: + - webPki + - required: + - secretClass + properties: + secretClass: + description: |- + Name of the [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) which will provide the CA certificate. + Note that a SecretClass does not need to have a key but can also work with just a CA certificate, + so if you got provided with a CA cert but don't have access to the key you can still use this method. + type: string + webPki: + description: |- + Use TLS and the CA certificates trusted by the common web browsers to verify the server. + This can be useful when you e.g. use public AWS S3 or other public available services. + type: object + type: object + required: + - caCert + type: object + type: object + required: + - verification + type: object wait: default: 20s description: |- diff --git a/rust/operator-binary/src/airflow_controller.rs b/rust/operator-binary/src/airflow_controller.rs index 4930c575..d2f065c6 100644 --- a/rust/operator-binary/src/airflow_controller.rs +++ b/rust/operator-binary/src/airflow_controller.rs @@ -1457,6 +1457,8 @@ fn add_git_sync_resources( .context(AddVolumeSnafu)?; pb.add_volumes(git_sync_resources.git_ssh_volumes.to_owned()) .context(AddVolumeSnafu)?; + pb.add_volumes(git_sync_resources.git_ca_cert_volumes.to_owned()) + .context(AddVolumeSnafu)?; cb.add_volume_mounts(git_sync_resources.git_content_volume_mounts.to_owned()) .context(AddVolumeMountSnafu)?; diff --git a/tests/templates/kuttl/ca-cert/00-patch-ns.yaml.j2 b/tests/templates/kuttl/ca-cert/00-patch-ns.yaml.j2 new file mode 100644 index 00000000..67185acf --- /dev/null +++ b/tests/templates/kuttl/ca-cert/00-patch-ns.yaml.j2 @@ -0,0 +1,9 @@ +{% if test_scenario['values']['openshift'] == 'true' %} +# see https://github.com/stackabletech/issues/issues/566 +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: kubectl patch namespace $NAMESPACE -p '{"metadata":{"labels":{"pod-security.kubernetes.io/enforce":"privileged"}}}' + timeout: 120 +{% endif %} diff --git a/tests/templates/kuttl/ca-cert/00-rbac.yaml.j2 b/tests/templates/kuttl/ca-cert/00-rbac.yaml.j2 new file mode 100644 index 00000000..0b9df7d2 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/00-rbac.yaml.j2 @@ -0,0 +1,38 @@ +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +rules: + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - get + - patch +{% if test_scenario['values']['openshift'] == "true" %} + - apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +{% endif %} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: integration-tests-sa +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +subjects: + - kind: ServiceAccount + name: integration-tests-sa +roleRef: + kind: Role + name: use-integration-tests-scc + apiGroup: rbac.authorization.k8s.io diff --git a/tests/templates/kuttl/ca-cert/03-assert.yaml b/tests/templates/kuttl/ca-cert/03-assert.yaml new file mode 100644 index 00000000..319e927a --- /dev/null +++ b/tests/templates/kuttl/ca-cert/03-assert.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: test-airflow-postgresql +timeout: 480 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: airflow-postgresql +status: + readyReplicas: 1 + replicas: 1 diff --git a/tests/templates/kuttl/ca-cert/03-install-postgresql.yaml b/tests/templates/kuttl/ca-cert/03-install-postgresql.yaml new file mode 100644 index 00000000..dc25ba20 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/03-install-postgresql.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: >- + helm install airflow-postgresql + --namespace $NAMESPACE + --version 16.4.2 + -f helm-bitnami-postgresql-values.yaml + oci://registry-1.docker.io/bitnamicharts/postgresql + timeout: 600 diff --git a/tests/templates/kuttl/ca-cert/05-assert.yaml.j2 b/tests/templates/kuttl/ca-cert/05-assert.yaml.j2 new file mode 100644 index 00000000..50b1d4c3 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/05-assert.yaml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +{% if lookup('env', 'VECTOR_AGGREGATOR') %} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: vector-aggregator-discovery +{% endif %} diff --git a/tests/templates/kuttl/ca-cert/05-install-vector-aggregator-discovery-configmap.yaml.j2 b/tests/templates/kuttl/ca-cert/05-install-vector-aggregator-discovery-configmap.yaml.j2 new file mode 100644 index 00000000..2d6a0df5 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/05-install-vector-aggregator-discovery-configmap.yaml.j2 @@ -0,0 +1,9 @@ +{% if lookup('env', 'VECTOR_AGGREGATOR') %} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: vector-aggregator-discovery +data: + ADDRESS: {{ lookup('env', 'VECTOR_AGGREGATOR') }} +{% endif %} diff --git a/tests/templates/kuttl/ca-cert/15-assert.yaml b/tests/templates/kuttl/ca-cert/15-assert.yaml new file mode 100644 index 00000000..3c2158b4 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/15-assert.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: create-ca-cert +status: + succeeded: 1 diff --git a/tests/templates/kuttl/ca-cert/15-create-ca-cert.yaml b/tests/templates/kuttl/ca-cert/15-create-ca-cert.yaml new file mode 100644 index 00000000..82ddc82c --- /dev/null +++ b/tests/templates/kuttl/ca-cert/15-create-ca-cert.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: | + kubectl apply -n "$NAMESPACE" -f - </dev/null \ + | grep -q "SSL certificate problem: unable to get local issuer certificate" && exit 0 + + exit 1 diff --git a/tests/templates/kuttl/ca-cert/25-install-airflow-wrong-cert.yaml b/tests/templates/kuttl/ca-cert/25-install-airflow-wrong-cert.yaml new file mode 100644 index 00000000..189523aa --- /dev/null +++ b/tests/templates/kuttl/ca-cert/25-install-airflow-wrong-cert.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +timeout: 120 +commands: + - script: | + envsubst < 25_airflow-wrong-cert.yaml | kubectl apply -n $NAMESPACE -f - diff --git a/tests/templates/kuttl/ca-cert/25_airflow-wrong-cert.yaml.j2 b/tests/templates/kuttl/ca-cert/25_airflow-wrong-cert.yaml.j2 new file mode 100644 index 00000000..6e7244ec --- /dev/null +++ b/tests/templates/kuttl/ca-cert/25_airflow-wrong-cert.yaml.j2 @@ -0,0 +1,67 @@ +--- +apiVersion: secrets.stackable.tech/v1alpha1 +kind: SecretClass +metadata: + name: git-wrong-ca-cert +spec: + backend: + k8sSearch: + searchNamespace: + pod: {} +--- +apiVersion: airflow.stackable.tech/v1alpha2 +kind: AirflowCluster +metadata: + name: airflow-wrong-cert +spec: + image: +{% if test_scenario['values']['airflow-latest'].find(",") > 0 %} + custom: "{{ test_scenario['values']['airflow-latest'].split(',')[1] }}" + productVersion: "{{ test_scenario['values']['airflow-latest'].split(',')[0] }}" +{% else %} + productVersion: "{{ test_scenario['values']['airflow-latest'] }}" +{% endif %} + pullPolicy: IfNotPresent + clusterConfig: +{% if lookup('env', 'VECTOR_AGGREGATOR') %} + vectorAggregatorConfigMapName: vector-aggregator-discovery +{% endif %} + credentialsSecret: test-airflow-credentials + dagsGitSync: + - repo: https://git-proxy.$NAMESPACE.svc.cluster.local/stackable-airflow/dags + credentials: + basicAuthSecretName: git-credentials + gitFolder: "mount-dags-gitsync/dags_airflow3" + wait: 5s + tls: + verification: + server: + caCert: + secretClass: git-wrong-ca-cert + webservers: + roleConfig: + listenerClass: external-unstable + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + roleGroups: + default: + replicas: 1 + kubernetesExecutors: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + schedulers: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + roleGroups: + default: + replicas: 1 + dagProcessors: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + roleGroups: + default: + replicas: 1 diff --git a/tests/templates/kuttl/ca-cert/30-assert.yaml.j2 b/tests/templates/kuttl/ca-cert/30-assert.yaml.j2 new file mode 100644 index 00000000..37f7c5b8 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/30-assert.yaml.j2 @@ -0,0 +1,30 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: test-airflow-cluster +timeout: 1200 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: airflow-webserver-default +status: + readyReplicas: 1 + replicas: 1 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: airflow-scheduler-default +status: + readyReplicas: 1 + replicas: 1 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: airflow-dagprocessor-default +status: + readyReplicas: 1 + replicas: 1 diff --git a/tests/templates/kuttl/ca-cert/30-install-airflow-cluster.yaml b/tests/templates/kuttl/ca-cert/30-install-airflow-cluster.yaml new file mode 100644 index 00000000..a14a37fd --- /dev/null +++ b/tests/templates/kuttl/ca-cert/30-install-airflow-cluster.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +metadata: + name: install-airflow +timeout: 480 +commands: + - script: | + kubectl delete airflowcluster airflow-wrong-cert -n $NAMESPACE --wait=false + envsubst < 30_airflow-cluster.yaml | kubectl apply -n $NAMESPACE -f - diff --git a/tests/templates/kuttl/ca-cert/30_airflow-cluster.yaml.j2 b/tests/templates/kuttl/ca-cert/30_airflow-cluster.yaml.j2 new file mode 100644 index 00000000..2e16038b --- /dev/null +++ b/tests/templates/kuttl/ca-cert/30_airflow-cluster.yaml.j2 @@ -0,0 +1,67 @@ +--- +apiVersion: secrets.stackable.tech/v1alpha1 +kind: SecretClass +metadata: + name: git-ca-cert +spec: + backend: + k8sSearch: + searchNamespace: + pod: {} +--- +apiVersion: airflow.stackable.tech/v1alpha2 +kind: AirflowCluster +metadata: + name: airflow +spec: + image: +{% if test_scenario['values']['airflow-latest'].find(",") > 0 %} + custom: "{{ test_scenario['values']['airflow-latest'].split(',')[1] }}" + productVersion: "{{ test_scenario['values']['airflow-latest'].split(',')[0] }}" +{% else %} + productVersion: "{{ test_scenario['values']['airflow-latest'] }}" +{% endif %} + pullPolicy: IfNotPresent + clusterConfig: +{% if lookup('env', 'VECTOR_AGGREGATOR') %} + vectorAggregatorConfigMapName: vector-aggregator-discovery +{% endif %} + credentialsSecret: test-airflow-credentials + dagsGitSync: + - repo: https://git-proxy.$NAMESPACE.svc.cluster.local/stackable-airflow/dags + credentials: + basicAuthSecretName: git-credentials + gitFolder: "mount-dags-gitsync/dags_airflow3" + wait: 5s + tls: + verification: + server: + caCert: + secretClass: git-ca-cert + webservers: + roleConfig: + listenerClass: external-unstable + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + roleGroups: + default: + replicas: 1 + kubernetesExecutors: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + schedulers: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + roleGroups: + default: + replicas: 1 + dagProcessors: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + roleGroups: + default: + replicas: 1 diff --git a/tests/templates/kuttl/ca-cert/31-assert.yaml b/tests/templates/kuttl/ca-cert/31-assert.yaml new file mode 100644 index 00000000..0a11bc12 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/31-assert.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 120 +commands: + - script: | + kubectl logs -n "$NAMESPACE" airflow-dagprocessor-default-0 -c git-sync-0 2>/dev/null \ + | grep -q "updated successfully" && echo "git-sync: repo updated successfully via CA-cert-authenticated proxy" diff --git a/tests/templates/kuttl/ca-cert/40-assert.yaml b/tests/templates/kuttl/ca-cert/40-assert.yaml new file mode 100644 index 00000000..6edaa3c3 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/40-assert.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: test-airflow-python +timeout: 240 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-airflow-python +status: + readyReplicas: 1 + replicas: 1 diff --git a/tests/templates/kuttl/ca-cert/40-install-airflow-python.yaml b/tests/templates/kuttl/ca-cert/40-install-airflow-python.yaml new file mode 100644 index 00000000..c3f865a0 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/40-install-airflow-python.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-airflow-python + labels: + app: test-airflow-python +spec: + replicas: 1 + selector: + matchLabels: + app: test-airflow-python + template: + metadata: + labels: + app: test-airflow-python + spec: + containers: + - name: test-airflow-python + image: oci.stackable.tech/sdp/testing-tools:0.2.0-stackable0.0.0-dev + imagePullPolicy: IfNotPresent + stdin: true + tty: true diff --git a/tests/templates/kuttl/ca-cert/50-assert.yaml.j2 b/tests/templates/kuttl/ca-cert/50-assert.yaml.j2 new file mode 100644 index 00000000..b85052aa --- /dev/null +++ b/tests/templates/kuttl/ca-cert/50-assert.yaml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +metadata: + name: test-airflow-webserver-health-check +timeout: 480 +commands: +{% if test_scenario['values']['airflow-latest'].find(",") > 0 %} + - script: kubectl exec -n $NAMESPACE test-airflow-python-0 -- python /tmp/health.py --airflow-version "{{ test_scenario['values']['airflow-latest'].split(',')[0] }}" +{% else %} + - script: kubectl exec -n $NAMESPACE test-airflow-python-0 -- python /tmp/health.py --airflow-version "{{ test_scenario['values']['airflow-latest'] }}" +{% endif %} diff --git a/tests/templates/kuttl/ca-cert/50-health-check.yaml b/tests/templates/kuttl/ca-cert/50-health-check.yaml new file mode 100644 index 00000000..5d3b329f --- /dev/null +++ b/tests/templates/kuttl/ca-cert/50-health-check.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +timeout: 480 +commands: + - script: kubectl cp -n $NAMESPACE ../../../../templates/kuttl/commons/health.py test-airflow-python-0:/tmp + timeout: 240 diff --git a/tests/templates/kuttl/ca-cert/helm-bitnami-postgresql-values.yaml.j2 b/tests/templates/kuttl/ca-cert/helm-bitnami-postgresql-values.yaml.j2 new file mode 100644 index 00000000..80c50924 --- /dev/null +++ b/tests/templates/kuttl/ca-cert/helm-bitnami-postgresql-values.yaml.j2 @@ -0,0 +1,37 @@ +--- +global: + security: + allowInsecureImages: true + +image: + repository: bitnamilegacy/postgresql + +volumePermissions: + enabled: false + image: + repository: bitnamilegacy/os-shell + securityContext: + runAsUser: auto + +metrics: + image: + repository: bitnamilegacy/postgres-exporter + +primary: + podSecurityContext: +{% if test_scenario['values']['openshift'] == 'true' %} + enabled: false +{% else %} + enabled: true +{% endif %} + containerSecurityContext: + enabled: false + +shmVolume: + chmod: + enabled: false + +auth: + username: airflow + password: airflow + database: airflow diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index 512e237a..6c7b486c 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -108,6 +108,10 @@ tests: dimensions: - airflow-latest - openshift + - name: ca-cert + dimensions: + - airflow-latest + - openshift suites: - name: nightly # Run nightly with the latest airflow