chore: Bump stackable_operator to 0.93.1

NickLarsenNZ · NickLarsenNZ · commit 7cf47722c2df · 2025-05-22T14:57:14.000+02:00
Part of stackabletech/issues#642. Bump stackable-operator to 0.93.1 which versions common CRD structs.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.nix b/Cargo.nix
diff --git a/Cargo.toml b/Cargo.toml
@@ -11,10 +11,10 @@ repository = "https://github.com/stackabletech/kafka-operator"
 
 [workspace.dependencies]
 product-config = { git = "https://github.com/stackabletech/product-config.git", tag = "0.7.0" }
-stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", features = ["telemetry", "versioned"], tag = "stackable-operator-0.92.0" }
+stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", features = ["telemetry", "versioned"], tag = "stackable-operator-0.93.1" }
 
 anyhow = "1.0"
-built = { version = "0.7", features = ["chrono", "git2"] }
+built = { version = "0.8", features = ["chrono", "git2"] }
 clap = "4.5"
 const_format = "0.2"
 futures = "0.3"
diff --git a/crate-hashes.json b/crate-hashes.json
diff --git a/rust/operator-binary/src/crd/authentication.rs b/rust/operator-binary/src/crd/authentication.rs
@@ -2,7 +2,7 @@ use serde::{Deserialize, Serialize};
 use snafu::{ResultExt, Snafu};
 use stackable_operator::{
     client::Client,
-    commons::authentication::{AuthenticationClass, AuthenticationClassProvider},
+    crd::authentication::core,
     schemars::{self, JsonSchema},
 };
 
@@ -15,7 +15,7 @@ pub enum Error {
     #[snafu(display("failed to retrieve AuthenticationClass [{}]", authentication_class))]
     AuthenticationClassRetrieval {
         source: stackable_operator::client::Error,
-        authentication_class: ObjectRef<AuthenticationClass>,
+        authentication_class: ObjectRef<core::v1alpha1::AuthenticationClass>,
     },
 
     #[snafu(display(
@@ -27,7 +27,7 @@ pub enum Error {
         "failed to use authentication provider [{provider}] for authentication class [{authentication_class}] - supported providers: {SUPPORTED_AUTHENTICATION_CLASS_PROVIDERS:?}",
     ))]
     AuthenticationProviderNotSupported {
-        authentication_class: ObjectRef<AuthenticationClass>,
+        authentication_class: ObjectRef<core::v1alpha1::AuthenticationClass>,
         provider: String,
     },
 }
@@ -56,11 +56,11 @@ pub struct KafkaAuthentication {
 #[derive(Clone, Debug)]
 /// Helper struct that contains resolved AuthenticationClasses to reduce network API calls.
 pub struct ResolvedAuthenticationClasses {
-    resolved_authentication_classes: Vec<AuthenticationClass>,
+    resolved_authentication_classes: Vec<core::v1alpha1::AuthenticationClass>,
 }
 
 impl ResolvedAuthenticationClasses {
-    pub fn new(resolved_authentication_classes: Vec<AuthenticationClass>) -> Self {
+    pub fn new(resolved_authentication_classes: Vec<core::v1alpha1::AuthenticationClass>) -> Self {
         Self {
             resolved_authentication_classes,
         }
@@ -74,35 +74,46 @@ impl ResolvedAuthenticationClasses {
         client: &Client,
         auth_classes: &Vec<KafkaAuthentication>,
     ) -> Result<ResolvedAuthenticationClasses, Error> {
-        let mut resolved_authentication_classes: Vec<AuthenticationClass> = vec![];
+        let mut resolved_authentication_classes: Vec<core::v1alpha1::AuthenticationClass> = vec![];
 
         for auth_class in auth_classes {
             resolved_authentication_classes.push(
-                AuthenticationClass::resolve(client, &auth_class.authentication_class)
-                    .await
-                    .context(AuthenticationClassRetrievalSnafu {
-                        authentication_class: ObjectRef::<AuthenticationClass>::new(
-                            &auth_class.authentication_class,
-                        ),
-                    })?,
+                core::v1alpha1::AuthenticationClass::resolve(
+                    client,
+                    &auth_class.authentication_class,
+                )
+                .await
+                .context(AuthenticationClassRetrievalSnafu {
+                    authentication_class: ObjectRef::<core::v1alpha1::AuthenticationClass>::new(
+                        &auth_class.authentication_class,
+                    ),
+                })?,
             );
         }
 
         ResolvedAuthenticationClasses::new(resolved_authentication_classes).validate()
     }
 
     /// Return the (first) TLS `AuthenticationClass` if available
-    pub fn get_tls_authentication_class(&self) -> Option<&AuthenticationClass> {
-        self.resolved_authentication_classes
-            .iter()
-            .find(|auth| matches!(auth.spec.provider, AuthenticationClassProvider::Tls(_)))
+    pub fn get_tls_authentication_class(&self) -> Option<&core::v1alpha1::AuthenticationClass> {
+        self.resolved_authentication_classes.iter().find(|auth| {
+            matches!(
+                auth.spec.provider,
+                core::v1alpha1::AuthenticationClassProvider::Tls(_)
+            )
+        })
     }
 
     /// Return the (first) Kerberos `AuthenticationClass` if available
-    pub fn get_kerberos_authentication_class(&self) -> Option<&AuthenticationClass> {
-        self.resolved_authentication_classes
-            .iter()
-            .find(|auth| matches!(auth.spec.provider, AuthenticationClassProvider::Kerberos(_)))
+    pub fn get_kerberos_authentication_class(
+        &self,
+    ) -> Option<&core::v1alpha1::AuthenticationClass> {
+        self.resolved_authentication_classes.iter().find(|auth| {
+            matches!(
+                auth.spec.provider,
+                core::v1alpha1::AuthenticationClassProvider::Kerberos(_)
+            )
+        })
     }
 
     /// Validates the resolved AuthenticationClasses.
@@ -117,10 +128,11 @@ impl ResolvedAuthenticationClasses {
         for auth_class in &self.resolved_authentication_classes {
             match &auth_class.spec.provider {
                 // explicitly list each branch so new elements do not get overlooked
-                AuthenticationClassProvider::Tls(_) | AuthenticationClassProvider::Kerberos(_) => {}
-                AuthenticationClassProvider::Static(_)
-                | AuthenticationClassProvider::Ldap(_)
-                | AuthenticationClassProvider::Oidc(_) => {
+                core::v1alpha1::AuthenticationClassProvider::Tls(_)
+                | core::v1alpha1::AuthenticationClassProvider::Kerberos(_) => {}
+                core::v1alpha1::AuthenticationClassProvider::Static(_)
+                | core::v1alpha1::AuthenticationClassProvider::Ldap(_)
+                | core::v1alpha1::AuthenticationClassProvider::Oidc(_) => {
                     return Err(Error::AuthenticationProviderNotSupported {
                         authentication_class: ObjectRef::from_obj(auth_class),
                         provider: auth_class.spec.provider.to_string(),
diff --git a/rust/operator-binary/src/crd/listener.rs b/rust/operator-binary/src/crd/listener.rs
@@ -262,14 +262,8 @@ pub fn pod_fqdn(
 mod tests {
     use stackable_operator::{
         builder::meta::ObjectMetaBuilder,
-        commons::{
-            authentication::{
-                AuthenticationClass, AuthenticationClassProvider, AuthenticationClassSpec,
-                kerberos,
-                tls::{self},
-            },
-            networking::DomainName,
-        },
+        commons::networking::DomainName,
+        crd::authentication::{core, kerberos, tls},
     };
 
     use super::*;
@@ -306,12 +300,14 @@ mod tests {
         let kafka: v1alpha1::KafkaCluster =
             serde_yaml::from_str(kafka_cluster).expect("illegal test input");
         let kafka_security = KafkaTlsSecurity::new(
-            ResolvedAuthenticationClasses::new(vec![AuthenticationClass {
+            ResolvedAuthenticationClasses::new(vec![core::v1alpha1::AuthenticationClass {
                 metadata: ObjectMetaBuilder::new().name("auth-class").build(),
-                spec: AuthenticationClassSpec {
-                    provider: AuthenticationClassProvider::Tls(tls::AuthenticationProvider {
-                        client_cert_secret_class: Some("client-auth-secret-class".to_string()),
-                    }),
+                spec: core::v1alpha1::AuthenticationClassSpec {
+                    provider: core::v1alpha1::AuthenticationClassProvider::Tls(
+                        tls::v1alpha1::AuthenticationProvider {
+                            client_cert_secret_class: Some("client-auth-secret-class".to_string()),
+                        },
+                    ),
                 },
             }]),
             "internalTls".to_string(),
@@ -483,11 +479,11 @@ mod tests {
         let kafka: v1alpha1::KafkaCluster =
             serde_yaml::from_str(kafka_cluster).expect("illegal test input");
         let kafka_security = KafkaTlsSecurity::new(
-            ResolvedAuthenticationClasses::new(vec![AuthenticationClass {
+            ResolvedAuthenticationClasses::new(vec![core::v1alpha1::AuthenticationClass {
                 metadata: ObjectMetaBuilder::new().name("auth-class").build(),
-                spec: AuthenticationClassSpec {
-                    provider: AuthenticationClassProvider::Kerberos(
-                        kerberos::AuthenticationProvider {
+                spec: core::v1alpha1::AuthenticationClassSpec {
+                    provider: core::v1alpha1::AuthenticationClassProvider::Kerberos(
+                        kerberos::v1alpha1::AuthenticationProvider {
                             kerberos_secret_class: "kerberos-secret-class".to_string(),
                         },
                     ),
diff --git a/rust/operator-binary/src/crd/security.rs b/rust/operator-binary/src/crd/security.rs
@@ -18,7 +18,7 @@ use stackable_operator::{
         },
     },
     client::Client,
-    commons::authentication::{AuthenticationClass, AuthenticationClassProvider},
+    crd::authentication::core,
     k8s_openapi::api::core::v1::Volume,
     product_logging::framework::{
         create_vector_shutdown_file_command, remove_vector_shutdown_file_command,
@@ -199,7 +199,7 @@ impl KafkaTlsSecurity {
     }
 
     /// Retrieve an optional TLS `AuthenticationClass`.
-    pub fn tls_client_authentication_class(&self) -> Option<&AuthenticationClass> {
+    pub fn tls_client_authentication_class(&self) -> Option<&core::v1alpha1::AuthenticationClass> {
         self.resolved_authentication_classes
             .get_tls_authentication_class()
     }
@@ -223,7 +223,7 @@ impl KafkaTlsSecurity {
             .get_kerberos_authentication_class()
         {
             match &kerberos.spec.provider {
-                AuthenticationClassProvider::Kerberos(kerberos) => {
+                core::v1alpha1::AuthenticationClassProvider::Kerberos(kerberos) => {
                     Some(kerberos.kerberos_secret_class.clone())
                 }
                 _ => None,
@@ -607,7 +607,9 @@ impl KafkaTlsSecurity {
         self.resolved_authentication_classes
             .get_tls_authentication_class()
             .and_then(|auth_class| match &auth_class.spec.provider {
-                AuthenticationClassProvider::Tls(tls) => tls.client_cert_secret_class.as_ref(),
+                core::v1alpha1::AuthenticationClassProvider::Tls(tls) => {
+                    tls.client_cert_secret_class.as_ref()
+                }
                 _ => None,
             })
             .or(self.server_secret_class.as_ref())
diff --git a/rust/operator-binary/src/discovery.rs b/rust/operator-binary/src/discovery.rs
@@ -3,7 +3,8 @@ use std::num::TryFromIntError;
 use snafu::{OptionExt, ResultExt, Snafu};
 use stackable_operator::{
     builder::{configmap::ConfigMapBuilder, meta::ObjectMetaBuilder},
-    commons::{listener::Listener, product_image_selection::ResolvedProductImage},
+    commons::product_image_selection::ResolvedProductImage,
+    crd::listener,
     k8s_openapi::api::core::v1::{ConfigMap, Service},
     kube::{Resource, ResourceExt, runtime::reflector::ObjectRef},
 };
@@ -61,7 +62,7 @@ pub async fn build_discovery_configmaps(
     owner: &impl Resource<DynamicType = ()>,
     resolved_product_image: &ResolvedProductImage,
     kafka_security: &KafkaTlsSecurity,
-    listeners: &[Listener],
+    listeners: &[listener::v1alpha1::Listener],
 ) -> Result<Vec<ConfigMap>, Error> {
     let name = owner.name_unchecked();
     let port_name = if kafka_security.has_kerberos_enabled() {
@@ -145,7 +146,7 @@ fn build_discovery_configmap(
 }
 
 fn listener_hosts(
-    listeners: &[Listener],
+    listeners: &[listener::v1alpha1::Listener],
     port_name: &str,
 ) -> Result<impl IntoIterator<Item = (String, u16)>, Error> {
     listeners
diff --git a/rust/operator-binary/src/kafka_controller.rs b/rust/operator-binary/src/kafka_controller.rs
@@ -28,12 +28,10 @@ use stackable_operator::{
     },
     cluster_resources::{ClusterResourceApplyStrategy, ClusterResources},
     commons::{
-        authentication::AuthenticationClass,
-        listener::{Listener, ListenerPort, ListenerSpec},
-        opa::OpaApiVersion,
-        product_image_selection::ResolvedProductImage,
+        opa::OpaApiVersion, product_image_selection::ResolvedProductImage,
         rbac::build_rbac_resources,
     },
+    crd::{authentication::core, listener},
     k8s_openapi::{
         DeepMerge,
         api::{
@@ -204,7 +202,7 @@ pub enum Error {
     #[snafu(display("failed to retrieve {}", authentication_class))]
     AuthenticationClassRetrieval {
         source: stackable_operator::commons::opa::Error,
-        authentication_class: ObjectRef<AuthenticationClass>,
+        authentication_class: ObjectRef<core::v1alpha1::AuthenticationClass>,
     },
 
     #[snafu(display(
@@ -213,7 +211,7 @@ pub enum Error {
         supported
     ))]
     AuthenticationProviderNotSupported {
-        authentication_class: ObjectRef<AuthenticationClass>,
+        authentication_class: ObjectRef<core::v1alpha1::AuthenticationClass>,
         supported: Vec<String>,
         provider: String,
     },
@@ -523,7 +521,7 @@ pub async fn reconcile_kafka(
         .await
         .context(ApplyRoleBindingSnafu)?;
 
-    let mut bootstrap_listeners = Vec::<Listener>::new();
+    let mut bootstrap_listeners = Vec::<listener::v1alpha1::Listener>::new();
 
     for (rolegroup_name, rolegroup_config) in role_broker_config.iter() {
         let rolegroup_ref = kafka.broker_rolegroup_ref(rolegroup_name);
@@ -639,14 +637,15 @@ pub async fn reconcile_kafka(
 
 /// Kafka clients will use the load-balanced bootstrap listener to get a list of broker addresses and will use those to
 /// transmit data to the correct broker.
+// TODO (@NickLarsenNZ): Move shared functionality to stackable-operator
 pub fn build_broker_rolegroup_bootstrap_listener(
     kafka: &v1alpha1::KafkaCluster,
     resolved_product_image: &ResolvedProductImage,
     kafka_security: &KafkaTlsSecurity,
     rolegroup: &RoleGroupRef<v1alpha1::KafkaCluster>,
     merged_config: &KafkaConfig,
-) -> Result<Listener> {
-    Ok(Listener {
+) -> Result<listener::v1alpha1::Listener> {
+    Ok(listener::v1alpha1::Listener {
         metadata: ObjectMetaBuilder::new()
             .name_and_namespace(kafka)
             .name(kafka.bootstrap_service_name(rolegroup))
@@ -661,10 +660,10 @@ pub fn build_broker_rolegroup_bootstrap_listener(
             ))
             .context(MetadataBuildSnafu)?
             .build(),
-        spec: ListenerSpec {
+        spec: listener::v1alpha1::ListenerSpec {
             class_name: Some(merged_config.bootstrap_listener_class.clone()),
             ports: Some(listener_ports(kafka_security)),
-            ..ListenerSpec::default()
+            ..listener::v1alpha1::ListenerSpec::default()
         },
         status: None,
     })
@@ -1166,7 +1165,7 @@ fn build_broker_rolegroup_statefulset(
                 ),
                 ..LabelSelector::default()
             },
-            service_name: rolegroup_ref.object_name(),
+            service_name: Some(rolegroup_ref.object_name()),
             template: pod_template,
             volume_claim_templates: Some(pvcs),
             ..StatefulSetSpec::default()
@@ -1187,21 +1186,21 @@ pub fn error_policy(
 }
 
 /// We only expose client HTTP / HTTPS and Metrics ports.
-fn listener_ports(kafka_security: &KafkaTlsSecurity) -> Vec<ListenerPort> {
+fn listener_ports(kafka_security: &KafkaTlsSecurity) -> Vec<listener::v1alpha1::ListenerPort> {
     let mut ports = vec![
-        ListenerPort {
+        listener::v1alpha1::ListenerPort {
             name: METRICS_PORT_NAME.to_string(),
             port: METRICS_PORT.into(),
             protocol: Some("TCP".to_string()),
         },
-        ListenerPort {
+        listener::v1alpha1::ListenerPort {
             name: kafka_security.client_port_name().to_string(),
             port: kafka_security.client_port().into(),
             protocol: Some("TCP".to_string()),
         },
     ];
     if kafka_security.has_kerberos_enabled() {
-        ports.push(ListenerPort {
+        ports.push(listener::v1alpha1::ListenerPort {
             name: kafka_security.bootstrap_port_name().to_string(),
             port: kafka_security.bootstrap_port().into(),
             protocol: Some("TCP".to_string()),
diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs
@@ -7,7 +7,7 @@ use stackable_operator::{
     YamlSchema,
     cli::{Command, ProductOperatorRun},
     client::{self, Client},
-    commons::listener::Listener,
+    crd::listener,
     k8s_openapi::api::{
         apps::v1::StatefulSet,
         core::v1::{ConfigMap, Service, ServiceAccount},
@@ -138,7 +138,7 @@ pub async fn create_controller(
             watcher::Config::default(),
         )
         .owns(
-            namespace.get_api::<Listener>(&client),
+            namespace.get_api::<listener::v1alpha1::Listener>(&client),
             watcher::Config::default(),
         )
         .owns(
