Merge pull request noobaa#1858 from aayushchouhan09/rev-gcp

liranmauda · web-flow · commit 4c1a9e5915c2 · 2026-03-24T17:46:02.000+02:00
Revert PR noobaa#1835: Restore GCP cloud credentials and backing store
diff --git a/pkg/system/phase2_creating.go b/pkg/system/phase2_creating.go
@@ -892,10 +892,9 @@ func (r *Reconciler) ReconcileBackingStoreCredentials() error {
 	if util.IsAzurePlatformNonGovernment() {
 		return r.ReconcileAzureCredentials()
 	}
-	// TODO: once we have STS handle it
-	// if util.IsGCPPlatform() {
-	// 	return r.ReconcileGCPCredentials()
-	// }
+	if util.IsGCPPlatform() {
+		return r.ReconcileGCPCredentials()
+	}
 	if util.IsIBMPlatform() {
 		return r.ReconcileIBMCredentials()
 	}
@@ -1120,27 +1119,26 @@ func (r *Reconciler) ReconcileAzureCredentials() error {
 	return err
 }
 
-// TODO: once we have STS handle it
 // ReconcileGCPCredentials creates a CredentialsRequest resource if cloud credentials operator is available
-// func (r *Reconciler) ReconcileGCPCredentials() error {
-// 	r.Logger.Info("Running on GCP. will create a CredentialsRequest resource")
-// 	err := r.Client.Get(r.Ctx, util.ObjectKey(r.GCPCloudCreds), r.GCPCloudCreds)
-// 	if err == nil || meta.IsNoMatchError(err) || runtime.IsNotRegisteredError(err) {
-// 		return nil
-// 	}
-// 	if errors.IsNotFound(err) {
-// 		// credential request does not exist. create one
-// 		r.Logger.Info("Creating CredentialsRequest resource")
-// 		r.Own(r.GCPCloudCreds)
-// 		err = r.Client.Create(r.Ctx, r.GCPCloudCreds)
-// 		if err != nil {
-// 			r.Logger.Errorf("got error when trying to create credentials request for GCP. %v", err)
-// 			return err
-// 		}
-// 		return nil
-// 	}
-// 	return err
-// }
+func (r *Reconciler) ReconcileGCPCredentials() error {
+	r.Logger.Info("Running on GCP. will create a CredentialsRequest resource")
+	err := r.Client.Get(r.Ctx, util.ObjectKey(r.GCPCloudCreds), r.GCPCloudCreds)
+	if err == nil || meta.IsNoMatchError(err) || runtime.IsNotRegisteredError(err) {
+		return nil
+	}
+	if errors.IsNotFound(err) {
+		// credential request does not exist. create one
+		r.Logger.Info("Creating CredentialsRequest resource")
+		r.Own(r.GCPCloudCreds)
+		err = r.Client.Create(r.Ctx, r.GCPCloudCreds)
+		if err != nil {
+			r.Logger.Errorf("got error when trying to create credentials request for GCP. %v", err)
+			return err
+		}
+		return nil
+	}
+	return err
+}
 
 // ReconcileIBMCredentials sets IsIBMCloud to indicate operator is running in IBM Cloud
 func (r *Reconciler) ReconcileIBMCredentials() error {
diff --git a/pkg/system/phase4_configuring.go b/pkg/system/phase4_configuring.go
@@ -1,6 +1,7 @@
 package system
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"net"
@@ -11,11 +12,9 @@ import (
 	"strings"
 	"time"
 
-	// TODO: once we have STS handle it
-	// "context"
-	// "encoding/json"
-	_ "cloud.google.com/go/storage"
+	"encoding/json"
 
+	"cloud.google.com/go/storage"
 	"github.com/marstr/randname"
 	nbv1 "github.com/noobaa/noobaa-operator/v5/pkg/apis/noobaa/v1alpha1"
 	"github.com/noobaa/noobaa-operator/v5/pkg/bundle"
@@ -25,10 +24,7 @@ import (
 	secv1 "github.com/openshift/api/security/v1"
 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
 	"github.com/sirupsen/logrus"
-
-	// TODO: once we have STS handle it
-	_ "google.golang.org/api/option"
-
+	"google.golang.org/api/option"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -54,10 +50,9 @@ const (
 	serviceMonitorCAFile              = "/etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt"
 )
 
-// TODO: once we have STS handle it
-// type gcpAuthJSON struct {
-// 	ProjectID string `json:"project_id"`
-// }
+type gcpAuthJSON struct {
+	ProjectID string `json:"project_id"`
+}
 
 // ReconcilePhaseConfiguring runs the reconcile phase
 func (r *Reconciler) ReconcilePhaseConfiguring() error {
@@ -983,12 +978,11 @@ func (r *Reconciler) ReconcileDefaultBackingStore() error {
 		if err := r.prepareAzureBackingStore(); err != nil {
 			return err
 		}
-		// TODO: once we have STS handle it
-		// } else if r.GCPCloudCreds.UID != "" {
-		// 	log.Infof("CredentialsRequest %q created.  creating default backing store on GCP objectstore", r.GCPCloudCreds.Name)
-		// 	if err := r.prepareGCPBackingStore(); err != nil {
-		// 		return err
-		// 	}
+	} else if r.GCPCloudCreds.UID != "" {
+		log.Infof("CredentialsRequest %q created.  creating default backing store on GCP objectstore", r.GCPCloudCreds.Name)
+		if err := r.prepareGCPBackingStore(); err != nil {
+			return err
+		}
 	} else if r.IBMCosBucketCreds.UID != "" {
 		log.Infof("IBM objectstore credentials %q created. Creating default backing store on IBM objectstore", r.IBMCosBucketCreds.Name)
 		if err := r.prepareIBMBackingStore(); err != nil {
@@ -1256,78 +1250,77 @@ func (r *Reconciler) prepareAzureBackingStore() error {
 	return nil
 }
 
-// TODO: once we have STS handle it
-// func (r *Reconciler) prepareGCPBackingStore() error {
-// 	secretName := r.GCPCloudCreds.Spec.SecretRef.Name
-// 	cloudCredsSecret := &corev1.Secret{
-// 		ObjectMeta: metav1.ObjectMeta{
-// 			Name:      secretName,
-// 			Namespace: r.GCPCloudCreds.Spec.SecretRef.Namespace,
-// 		},
-// 	}
-
-// 	util.KubeCheck(cloudCredsSecret)
-// 	if cloudCredsSecret.UID == "" {
-// 		// TODO: we need to figure out why secret is not created, and react accordingly
-// 		// e.g. maybe we are running on AWS but our CredentialsRequest is for GCP
-// 		r.Logger.Infof("Secret %q was not created yet by cloud-credentials operator. retry on next reconcile..", secretName)
-
-// 		// in case we have a cred request but we do not get a secret
-// 		if r.defaultBSCreationTimedout(r.GCPCloudCreds.CreationTimestamp.Time) {
-// 			return r.fallbackToPVPoolWithEvent(nbv1.StoreTypeGoogleCloudStorage, secretName)
-
-// 		}
-// 		return fmt.Errorf("cloud credentials secret %q is not ready yet", secretName)
-// 	}
-// 	r.Logger.Infof("Secret %s was created successfully by cloud-credentials operator", secretName)
-
-// 	util.KubeCheck(r.GCPBucketCreds)
-// 	if r.GCPBucketCreds.UID == "" {
-// 		r.GCPBucketCreds.StringData = cloudCredsSecret.StringData
-// 		r.Own(r.GCPBucketCreds)
-// 		if err := r.Client.Create(r.Ctx, r.GCPBucketCreds); err != nil {
-// 			return fmt.Errorf("got error on GCPBucketCreds creation. error: %v", err)
-// 		}
-// 	}
-// 	authJSON := &gcpAuthJSON{}
-// 	err := json.Unmarshal([]byte(cloudCredsSecret.StringData["service_account.json"]), authJSON)
-// 	if err != nil {
-// 		fmt.Println("Failed to parse secret", err)
-// 		return err
-// 	}
-// 	projectID := authJSON.ProjectID
-// 	if r.GCPBucketCreds.StringData == nil {
-// 		r.Logger.Infof("Secret %q does not contain a map of StringData yet. retry on next reconcile...", secretName)
-// 		return fmt.Errorf("cloud credentials secret %q is not ready yet (does not contain a map of StringData yet)", secretName)
-// 	}
-// 	r.GCPBucketCreds.StringData["GoogleServiceAccountPrivateKeyJson"] = cloudCredsSecret.StringData["service_account.json"]
-// 	ctx := context.Background()
-// 	gcpclient, err := storage.NewClient(ctx, option.WithCredentialsJSON([]byte(cloudCredsSecret.StringData["service_account.json"])))
-// 	if err != nil {
-// 		r.Logger.Info(err)
-// 		return err
-// 	}
-
-// 	var bucketName = strings.ToLower(randname.GenerateWithPrefix("noobaabucket", 5))
-// 	if err := r.createGCPBucketForBackingStore(gcpclient, projectID, bucketName); err != nil {
-// 		r.Logger.Info(err)
-// 		return err
-// 	}
-
-// 	if errUpdate := r.Client.Update(r.Ctx, r.GCPBucketCreds); errUpdate != nil {
-// 		return fmt.Errorf("got error on GCPBucketCreds update. error: %v", errUpdate)
-// 	}
-// 	// create backing store
-// 	r.DefaultBackingStore.Spec.Type = nbv1.StoreTypeGoogleCloudStorage
-// 	r.DefaultBackingStore.Spec.GoogleCloudStorage = &nbv1.GoogleCloudStorageSpec{
-// 		TargetBucket: bucketName,
-// 		Secret: corev1.SecretReference{
-// 			Name:      r.GCPBucketCreds.Name,
-// 			Namespace: r.GCPBucketCreds.Namespace,
-// 		},
-// 	}
-// 	return nil
-// }
+func (r *Reconciler) prepareGCPBackingStore() error {
+	secretName := r.GCPCloudCreds.Spec.SecretRef.Name
+	cloudCredsSecret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      secretName,
+			Namespace: r.GCPCloudCreds.Spec.SecretRef.Namespace,
+		},
+	}
+
+	util.KubeCheck(cloudCredsSecret)
+	if cloudCredsSecret.UID == "" {
+		// TODO: we need to figure out why secret is not created, and react accordingly
+		// e.g. maybe we are running on AWS but our CredentialsRequest is for GCP
+		r.Logger.Infof("Secret %q was not created yet by cloud-credentials operator. retry on next reconcile..", secretName)
+
+		// in case we have a cred request but we do not get a secret
+		if r.defaultBSCreationTimedout(r.GCPCloudCreds.CreationTimestamp.Time) {
+			return r.fallbackToPVPoolWithEvent(nbv1.StoreTypeGoogleCloudStorage, secretName)
+
+		}
+		return fmt.Errorf("cloud credentials secret %q is not ready yet", secretName)
+	}
+	r.Logger.Infof("Secret %s was created successfully by cloud-credentials operator", secretName)
+
+	util.KubeCheck(r.GCPBucketCreds)
+	if r.GCPBucketCreds.UID == "" {
+		r.GCPBucketCreds.StringData = cloudCredsSecret.StringData
+		r.Own(r.GCPBucketCreds)
+		if err := r.Client.Create(r.Ctx, r.GCPBucketCreds); err != nil {
+			return fmt.Errorf("got error on GCPBucketCreds creation. error: %v", err)
+		}
+	}
+	authJSON := &gcpAuthJSON{}
+	err := json.Unmarshal([]byte(cloudCredsSecret.StringData["service_account.json"]), authJSON)
+	if err != nil {
+		fmt.Println("Failed to parse secret", err)
+		return err
+	}
+	projectID := authJSON.ProjectID
+	if r.GCPBucketCreds.StringData == nil {
+		r.Logger.Infof("Secret %q does not contain a map of StringData yet. retry on next reconcile...", secretName)
+		return fmt.Errorf("cloud credentials secret %q is not ready yet (does not contain a map of StringData yet)", secretName)
+	}
+	r.GCPBucketCreds.StringData["GoogleServiceAccountPrivateKeyJson"] = cloudCredsSecret.StringData["service_account.json"]
+	ctx := context.Background()
+	gcpclient, err := storage.NewClient(ctx, option.WithCredentialsJSON([]byte(cloudCredsSecret.StringData["service_account.json"])))
+	if err != nil {
+		r.Logger.Info(err)
+		return err
+	}
+
+	var bucketName = strings.ToLower(randname.GenerateWithPrefix("noobaabucket", 5))
+	if err := r.createGCPBucketForBackingStore(gcpclient, projectID, bucketName); err != nil {
+		r.Logger.Info(err)
+		return err
+	}
+
+	if errUpdate := r.Client.Update(r.Ctx, r.GCPBucketCreds); errUpdate != nil {
+		return fmt.Errorf("got error on GCPBucketCreds update. error: %v", errUpdate)
+	}
+	// create backing store
+	r.DefaultBackingStore.Spec.Type = nbv1.StoreTypeGoogleCloudStorage
+	r.DefaultBackingStore.Spec.GoogleCloudStorage = &nbv1.GoogleCloudStorageSpec{
+		TargetBucket: bucketName,
+		Secret: corev1.SecretReference{
+			Name:      r.GCPBucketCreds.Name,
+			Namespace: r.GCPBucketCreds.Namespace,
+		},
+	}
+	return nil
+}
 
 func (r *Reconciler) prepareIBMBackingStore() error {
 	r.Logger.Info("Preparing backing store in IBM Cloud")
@@ -1430,19 +1423,18 @@ func (r *Reconciler) prepareIBMBackingStore() error {
 	return nil
 }
 
-// TODO: once we have STS handle it
-// func (r *Reconciler) createGCPBucketForBackingStore(client *storage.Client, projectID, bucketName string) error {
-// 	// [START create_bucket]
-// 	ctx := context.Background()
-//
-// 	ctx, cancel := context.WithTimeout(ctx, time.Second*30)
-// 	defer cancel()
-// 	if err := client.Bucket(bucketName).Create(ctx, projectID, nil); err != nil {
-// 		return err
-// 	}
-// 	// [END create_bucket]
-// 	return nil
-// }
+func (r *Reconciler) createGCPBucketForBackingStore(client *storage.Client, projectID, bucketName string) error {
+	// [START create_bucket]
+	ctx := context.Background()
+
+	ctx, cancel := context.WithTimeout(ctx, time.Second*30)
+	defer cancel()
+	if err := client.Bucket(bucketName).Create(ctx, projectID, nil); err != nil {
+		return err
+	}
+	// [END create_bucket]
+	return nil
+}
 
 func (r *Reconciler) prepareCephBackingStore() error {
 	objectStoreUserName := r.CephObjectStoreUser.Name
