From 114edc239892716a5465f6d02c440adf7c1e53ea Mon Sep 17 00:00:00 2001
From: Sergiusz Bazanski <q3k@hackerspace.pl>
Date: Tue, 18 Feb 2020 22:54:18 +0100
Subject: [PATCH] kube/mirko: add kube.CephObjectStoreUser

Change-Id: I2a67076eeaf41ada41f5ae3ee588025e4c16b9e1
---
 cluster/kube/cluster.jsonnet        | 13 +------------
 cluster/kube/lib/registry.libsonnet |  2 +-
 kube/kube.libsonnet                 | 12 ++++++++++++
 3 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/cluster/kube/cluster.jsonnet b/cluster/kube/cluster.jsonnet
index c07e5b9c..3952f66f 100644
--- a/cluster/kube/cluster.jsonnet
+++ b/cluster/kube/cluster.jsonnet
@@ -475,18 +475,7 @@ local Cluster(short, realm) = {
         },
 
         # Used for owncloud.hackerspace.pl, which for now lices on boston-packets.hackerspace.pl.
-        nextcloudWaw2: kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", "nextcloud") {
-            metadata+: {
-                namespace: "ceph-waw2",
-            },
-            spec: {
-                store: "waw-hdd-redundant-2-object",
-                displayName: "nextcloud",
-            },
-        },
-
-        # Used for owncloud.hackerspace.pl, which for now lices on boston-packets.hackerspace.pl.
-        nextcloudWaw3: kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", "nextcloud") {
+        nextcloudWaw3: kube.CephObjectStoreUser("nextcloud") {
             metadata+: {
                 namespace: "ceph-waw3",
             },
diff --git a/cluster/kube/lib/registry.libsonnet b/cluster/kube/lib/registry.libsonnet
index d457830c..e65f569a 100644
--- a/cluster/kube/lib/registry.libsonnet
+++ b/cluster/kube/lib/registry.libsonnet
@@ -312,7 +312,7 @@ local kube = import "../../../kube/kube.libsonnet";
             },
         },
 
-        registryStorageUser: kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", "registry") {
+        registryStorageUser: kue.CephObjectStoreUser("registry") {
             metadata+: {
                 namespace: "ceph-waw2",
             },
diff --git a/kube/kube.libsonnet b/kube/kube.libsonnet
index c12e3db7..202b41bf 100644
--- a/kube/kube.libsonnet
+++ b/kube/kube.libsonnet
@@ -12,4 +12,16 @@ kube {
     Certificate(name): kube._Object("certmanager.k8s.io/v1alpha1", "Certificate", name) {
         spec: error "spec must be defined",
     },
+
+    CephObjectStoreUser(name): kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", name) {
+        local user = self,
+        spec: error "spec must be defined",
+
+        // Name of the secret that contains the login data for this user.
+        // This secret is created in the same namespace as the ceph cluster, so
+        // unfortunately you can't really refer to it directly.
+        // We should write some automation to copy these secrets over in a
+        // secure way.
+        secret_name:: "rook-ceph-object-user-%s-%s" % [user.spec.store, user.spec.displayName],
+    },
 }