From b2ebb6ed8fd03ba788a6ae5b92513ff7216a04fe Mon Sep 17 00:00:00 2001 From: xeniape Date: Tue, 26 Aug 2025 16:18:04 +0200 Subject: [PATCH 1/5] fix: propagate auth volumeMounts to nifi container --- rust/operator-binary/src/controller.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index c3aab1eb..7e19a949 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -1220,6 +1220,13 @@ async fn build_node_rolegroup_statefulset( .add_volume_mount(&volume_name, NIFI_PYTHON_WORKING_DIRECTORY) .context(AddVolumeMountSnafu)?; + authentication_config + .add_volumes_and_mounts( + &mut pod_builder, + vec![&mut container_prepare, container_nifi], + ) + .context(AddAuthVolumesSnafu)?; + container_nifi .add_volume_mounts(git_sync_resources.git_content_volume_mounts.to_owned()) .context(AddVolumeMountSnafu)?; @@ -1293,13 +1300,6 @@ async fn build_node_rolegroup_statefulset( } } - authentication_config - .add_volumes_and_mounts( - &mut pod_builder, - vec![&mut container_prepare, container_nifi], - ) - .context(AddAuthVolumesSnafu)?; - let metadata = ObjectMetaBuilder::new() .with_recommended_labels(build_recommended_labels( nifi, From 1e64189bac0ca80e87f829b95e296e6c47299913 Mon Sep 17 00:00:00 2001 From: xeniape Date: Wed, 27 Aug 2025 16:24:08 +0200 Subject: [PATCH 2/5] remove nifi container from auth config mount --- rust/operator-binary/src/controller.rs | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 7e19a949..b457f8b6 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -1064,11 +1064,12 @@ async fn build_node_rolegroup_statefulset( ); let nifi_container_name = Container::Nifi.to_string(); - let mut container_builder = ContainerBuilder::new(&nifi_container_name).with_context(|_| { - IllegalContainerNameSnafu { - container_name: nifi_container_name, - } - })?; + let mut container_nifi_builder = + ContainerBuilder::new(&nifi_container_name).with_context(|_| { + IllegalContainerNameSnafu { + container_name: nifi_container_name, + } + })?; let nifi_args = vec![formatdoc! {" {COMMON_BASH_TRAP_FUNCTIONS} @@ -1084,7 +1085,7 @@ async fn build_node_rolegroup_statefulset( create_vector_shutdown_file_command = create_vector_shutdown_file_command(STACKABLE_LOG_DIR), }]; - let container_nifi = container_builder + let container_nifi = container_nifi_builder .image_from_product_image(resolved_product_image) .command(vec![ "/bin/bash".to_string(), @@ -1220,19 +1221,14 @@ async fn build_node_rolegroup_statefulset( .add_volume_mount(&volume_name, NIFI_PYTHON_WORKING_DIRECTORY) .context(AddVolumeMountSnafu)?; - authentication_config - .add_volumes_and_mounts( - &mut pod_builder, - vec![&mut container_prepare, container_nifi], - ) - .context(AddAuthVolumesSnafu)?; - container_nifi .add_volume_mounts(git_sync_resources.git_content_volume_mounts.to_owned()) .context(AddVolumeMountSnafu)?; // We want to add nifi container first for easier defaulting into this container + // After calling `build()` the ContainerBuilder shouldn't be used anymore, so we drop it pod_builder.add_container(container_nifi.build()); + drop(container_nifi_builder); for container in git_sync_resources.git_sync_containers.iter().cloned() { pod_builder.add_container(container); @@ -1244,6 +1240,10 @@ async fn build_node_rolegroup_statefulset( .add_volumes(git_sync_resources.git_content_volumes.to_owned()) .context(AddVolumeSnafu)?; + authentication_config + .add_volumes_and_mounts(&mut pod_builder, vec![&mut container_prepare]) + .context(AddAuthVolumesSnafu)?; + if let Some(ContainerLogConfig { choice: Some(ContainerLogConfigChoice::Custom(CustomContainerLogConfig { From 8e5030646dc53466d5325258b3cbad1275dcb11c Mon Sep 17 00:00:00 2001 From: xeniape Date: Wed, 27 Aug 2025 16:26:01 +0200 Subject: [PATCH 3/5] move code to previous place --- rust/operator-binary/src/controller.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index b457f8b6..e72e4a2c 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -1240,10 +1240,6 @@ async fn build_node_rolegroup_statefulset( .add_volumes(git_sync_resources.git_content_volumes.to_owned()) .context(AddVolumeSnafu)?; - authentication_config - .add_volumes_and_mounts(&mut pod_builder, vec![&mut container_prepare]) - .context(AddAuthVolumesSnafu)?; - if let Some(ContainerLogConfig { choice: Some(ContainerLogConfigChoice::Custom(CustomContainerLogConfig { @@ -1300,6 +1296,10 @@ async fn build_node_rolegroup_statefulset( } } + authentication_config + .add_volumes_and_mounts(&mut pod_builder, vec![&mut container_prepare]) + .context(AddAuthVolumesSnafu)?; + let metadata = ObjectMetaBuilder::new() .with_recommended_labels(build_recommended_labels( nifi, From 6edbf7f8b3335dd7326cf2b77579725cf8bab13c Mon Sep 17 00:00:00 2001 From: xeniape Date: Thu, 28 Aug 2025 09:22:19 +0200 Subject: [PATCH 4/5] bump url crate version --- Cargo.lock | 4 ++-- Cargo.nix | 6 +++--- Cargo.toml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index dd8647df..4546980b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3251,9 +3251,9 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "url" -version = "2.5.5" +version = "2.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec961601b32b6f5d14ae8dabd35ff2ff2e2c6cb4c0e6641845ff105abe96d958" +checksum = "08bc136a29a3d1758e07a9cca267be308aeebf5cfd5a10f3f67ab2097683ef5b" dependencies = [ "form_urlencoded", "idna", diff --git a/Cargo.nix b/Cargo.nix index d36e8bbf..1f793d22 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -10809,9 +10809,9 @@ rec { }; "url" = rec { crateName = "url"; - version = "2.5.5"; + version = "2.5.7"; edition = "2018"; - sha256 = "0n6rjsz5l47z8lc69rn0nin2qbpzy9gx7awdmqa5svrbnc0id5pc"; + sha256 = "0nzghdv0kcksyvri0npxbjzyx2ihprks5k590y77bld355m17g08"; authors = [ "The rust-url developers" ]; @@ -10852,7 +10852,7 @@ rec { features = { "default" = [ "std" ]; "serde" = [ "dep:serde" ]; - "std" = [ "idna/std" "percent-encoding/std" "form_urlencoded/std" ]; + "std" = [ "idna/std" "percent-encoding/std" "form_urlencoded/std" "serde/std" ]; }; resolvedDefaultFeatures = [ "default" "serde" "std" ]; }; diff --git a/Cargo.toml b/Cargo.toml index c4c62df9..037ed93b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -31,7 +31,7 @@ snafu = "0.8" strum = { version = "0.27", features = ["derive"] } tokio = { version = "1.40", features = ["full"] } tracing = "0.1" -url = { version = "2.5.2" } +url = { version = "2.5.7" } xml-rs = "0.8" # [patch."https://github.com/stackabletech/operator-rs.git"] From 09121e56581e56f27b1fa61cbd6c7f7e831fadab Mon Sep 17 00:00:00 2001 From: Xenia Date: Thu, 28 Aug 2025 09:23:48 +0200 Subject: [PATCH 5/5] Update rust/operator-binary/src/controller.rs Co-authored-by: Sebastian Bernauer --- rust/operator-binary/src/controller.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index e72e4a2c..9440566a 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -1226,8 +1226,8 @@ async fn build_node_rolegroup_statefulset( .context(AddVolumeMountSnafu)?; // We want to add nifi container first for easier defaulting into this container - // After calling `build()` the ContainerBuilder shouldn't be used anymore, so we drop it pod_builder.add_container(container_nifi.build()); + // After calling `build()` the ContainerBuilder shouldn't be used anymore, so we drop it drop(container_nifi_builder); for container in git_sync_resources.git_sync_containers.iter().cloned() {