Iter

Author: ajanikow

pkg/deployment/reconcile/action_license_generate.go

@@ -22,6 +22,7 @@ package reconcile
 
 import (
 	"context"
+	"encoding/base64"
 	"fmt"
 	"math"
 	"time"
@@ -32,6 +33,7 @@ import (
 
 	api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
 	"github.com/arangodb/kube-arangodb/pkg/deployment/client"
+	"github.com/arangodb/kube-arangodb/pkg/deployment/patch"
 	"github.com/arangodb/kube-arangodb/pkg/deployment/pod"
 	lmanager "github.com/arangodb/kube-arangodb/pkg/license_manager"
 	"github.com/arangodb/kube-arangodb/pkg/platform/inventory"
@@ -216,6 +218,25 @@ func (a *actionLicenseGenerate) Start(ctx context.Context) (bool, error) {
 		}
 	}
 
+	if spec.Sync.IsEnabled() {
+		if !spec.License.HasSecretName() {
+			a.log.Debug("License Secret Gone")
+			return true, nil
+		}
+		s, ok := cache.Secret().V1().GetSimple(spec.License.GetSecretName())
+		if !ok {
+			a.log.Debug("License Secret Gone")
+			return true, nil
+		}
+
+		if _, _, err := patcher.Patcher[*core.Secret](ctx, cache.Client().Kubernetes().CoreV1().Secrets(a.actionCtx.GetNamespace()), s, meta.PatchOptions{}, func(in *core.Secret) []patch.Item {
+			return []patch.Item{patch.ItemReplace(patch.NewPath("data", utilConstants.SecretKeyToken), base64.StdEncoding.EncodeToString([]byte(generatedLicense.License)))}
+		}); err != nil {
+			a.log.Err(err).Debug("Failed to patch License Secret")
+			return true, nil
+		}
+	}
+
 	if err := a.actionCtx.WithStatusUpdate(ctx, func(s *api.DeploymentStatus) bool {
 		s.License = &api.DeploymentStatusLicense{
 			ID:         generatedLicense.ID,

pkg/deployment/reconcile/plan_builder_license.go

@@ -107,14 +107,14 @@ func (r *Reconciler) updateClusterLicenseDiscover(spec api.DeploymentSpec, conte
 		return "", err
 	}
 
-	if l.V2.IsV2Set() {
-		return api.LicenseModeKey, nil
-	}
-
 	if l.API != nil {
 		return api.LicenseModeAPI, nil
 	}
 
+	if l.V2.IsV2Set() {
+		return api.LicenseModeKey, nil
+	}
+
 	return "", errors.Errorf("Unable to discover License mode")
 }
 
@@ -256,5 +256,12 @@ func (r *Reconciler) updateClusterLicenseAPI(ctx context.Context, spec api.Deplo
 		return api.Plan{actions.NewClusterAction(api.ActionTypeLicenseClean, "Removing license reference - Registry Change Required")}
 	}
 
+	if spec.Sync.IsEnabled() {
+		// Feedback of the token is required
+		if l.V2.V2Hash() != status.License.Hash {
+			return api.Plan{actions.NewClusterAction(api.ActionTypeLicenseClean, "Removing license reference - Sync Token Required")}
+		}
+	}
+
 	return nil
 }

pkg/platform/pack/cache.go

@@ -0,0 +1,221 @@
+//
+// DISCLAIMER
+//
+// Copyright 2025 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package pack
+
+import (
+	"crypto/sha256"
+	"fmt"
+	"hash"
+	"io"
+	"os"
+	"path"
+	"sync"
+
+	"github.com/pkg/errors"
+)
+
+func NewCache(path string) Cache {
+	return &cache{
+		lock:    sync.Mutex{},
+		path:    path,
+		files:   map[string]string{},
+		writers: map[string]*cacheWriter{},
+	}
+}
+
+type Cache interface {
+	CacheObject(checksum string, path string, args ...any) (io.WriteCloser, error)
+
+	Get(checksum string, path string, args ...any) (io.ReadCloser, error)
+
+	Saved() int
+}
+
+type cache struct {
+	lock sync.Mutex
+
+	path string
+
+	saved int
+
+	files map[string]string
+
+	writers map[string]*cacheWriter
+}
+
+func (c *cache) Saved() int {
+	return c.saved
+}
+
+func (c *cache) Get(checksum string, p string, args ...any) (io.ReadCloser, error) {
+	c.lock.Lock()
+	defer c.lock.Unlock()
+
+	z := fmt.Sprintf(p, args...)
+
+	if v, ok := c.files[z]; !ok || v != checksum {
+		return nil, os.ErrNotExist
+	}
+
+	return os.Open(path.Join(c.path, z))
+}
+
+func (c *cache) CacheObject(checksum string, p string, args ...any) (io.WriteCloser, error) {
+	c.lock.Lock()
+	defer c.lock.Unlock()
+
+	z := fmt.Sprintf(p, args...)
+
+	if v, ok := c.files[z]; ok {
+		if v == checksum {
+			return nil, os.ErrExist
+		} else {
+			return nil, errors.Errorf("cache object %s already exists with checksum %s, expected %s", z, v, checksum)
+		}
+	}
+
+	if _, ok := c.writers[z]; ok {
+		return nil, nil
+	}
+
+	if current, err := c.readChecksum(p, args...); err != nil {
+		if !os.IsNotExist(err) {
+			return nil, err
+		}
+	} else if current == checksum {
+		c.files[z] = checksum
+		return nil, os.ErrExist
+	}
+
+	fd, err := os.CreateTemp("", "tmp-")
+	if err != nil {
+		return nil, err
+	}
+
+	q := &cacheWriter{
+		cache:       c,
+		remote:      fd,
+		dest:        z,
+		hash:        checksum,
+		currentHash: sha256.New(),
+	}
+
+	c.writers[z] = q
+
+	return q, nil
+}
+
+func (c *cache) readChecksum(p string, args ...any) (string, error) {
+	f, err := os.Open(path.Join(c.path, fmt.Sprintf(p, args...)))
+	if err != nil {
+		return "", err
+	}
+
+	defer f.Close()
+
+	h := sha256.New()
+	if _, err := io.Copy(h, f); err != nil {
+		return "", err
+	}
+
+	return fmt.Sprintf("%x", h.Sum(nil)), nil
+}
+
+func (c *cache) complete(z *cacheWriter) error {
+	if err := os.MkdirAll(path.Dir(path.Join(c.path, z.dest)), 0755); err != nil {
+		if !os.IsExist(err) {
+			return err
+		}
+	}
+
+	if _, err := z.remote.Seek(0, 0); err != nil {
+		return err
+	}
+
+	hash := fmt.Sprintf("%x", z.currentHash.Sum(nil))
+
+	if hash != z.hash {
+		return errors.Errorf("checksum mismatch for %s != %s", hash, z.hash)
+	}
+
+	out, err := os.OpenFile(path.Join(c.path, z.dest), os.O_CREATE|os.O_RDWR, 0644)
+	if err != nil {
+		return err
+	}
+
+	defer out.Close()
+
+	if _, err := io.Copy(out, z.remote); err != nil {
+		return err
+	}
+
+	if err := z.remote.Close(); err != nil {
+		return err
+	}
+
+	if err := os.Remove(z.remote.Name()); err != nil {
+		return err
+	}
+
+	c.lock.Lock()
+	defer c.lock.Unlock()
+
+	c.saved += 1
+
+	c.files[z.dest] = hash
+
+	delete(c.writers, z.dest)
+
+	return nil
+}
+
+type cacheWriter struct {
+	lock sync.Mutex
+
+	cache *cache
+
+	remote      *os.File
+	currentHash hash.Hash
+
+	dest string
+	hash string
+}
+
+func (c *cacheWriter) Write(p []byte) (n int, err error) {
+	c.lock.Lock()
+	defer c.lock.Unlock()
+
+	n, err = c.remote.Write(p)
+	if err != nil {
+		return n, err
+	}
+
+	c.currentHash.Write(p[:n])
+
+	return n, nil
+}
+
+func (c *cacheWriter) Close() error {
+	c.lock.Lock()
+	defer c.lock.Unlock()
+
+	return c.cache.complete(c)
+}

pkg/platform/pack/cache_test.go

@@ -0,0 +1,84 @@
+//
+// DISCLAIMER
+//
+// Copyright 2025 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package pack
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/arangodb/kube-arangodb/pkg/util"
+)
+
+func TestCache(t *testing.T) {
+	c := NewCache(t.TempDir())
+
+	var d = make([]byte, 1024)
+
+	checksum := util.SHA256(d)
+
+	_, err := c.Get(checksum, "some/file")
+	require.ErrorAs(t, err, &os.ErrNotExist)
+
+	t.Run("Invalid Sha", func(t *testing.T) {
+		out, err := c.CacheObject("ABCD", "some/file")
+		require.NoError(t, err)
+
+		z, err := out.Write(d)
+		require.NoError(t, err)
+		require.Len(t, d, z)
+
+		require.Error(t, out.Close())
+
+		require.EqualValues(t, 0, c.Saved())
+	})
+
+	t.Run("Valid Sha", func(t *testing.T) {
+		out, err := c.CacheObject(util.SHA256(d), "some/file")
+		require.NoError(t, err)
+
+		z, err := out.Write(d)
+		require.NoError(t, err)
+		require.Len(t, d, z)
+
+		require.NoError(t, out.Close())
+
+		require.EqualValues(t, 1, c.Saved())
+	})
+
+	t.Run("Multi Upload Sha", func(t *testing.T) {
+		out, err := c.CacheObject(util.SHA256(d), "some/file2")
+		require.NoError(t, err)
+
+		nout, err := c.CacheObject(util.SHA256(d), "some/file2")
+		require.NoError(t, err)
+		require.Nil(t, nout)
+
+		z, err := out.Write(d)
+		require.NoError(t, err)
+		require.Len(t, d, z)
+
+		require.NoError(t, out.Close())
+
+		require.EqualValues(t, 1, c.Saved())
+	})
+}