renamed controller, moved validated structs into controller/mod.rs, added validated cluster usage in place of raw cluster in some places

Author: adwk67

rust/operator-binary/src/controller/build.rs

@@ -1,6 +1,6 @@
 //! Builders that assemble Kubernetes resources from a [`ValidatedCluster`].
 //!
-//! [`ValidatedCluster`]: crate::controller::validate::ValidatedCluster
+//! [`ValidatedCluster`]: crate::controller::ValidatedCluster
 
 pub mod config_map;
 pub mod git_sync;

rust/operator-binary/src/controller/build/config_map.rs

@@ -13,6 +13,7 @@ use stackable_operator::{
 
 use crate::{
     controller::{
+        ValidatedCluster,
         build::{
             git_sync,
             properties::{
@@ -21,7 +22,6 @@ use crate::{
             },
             proxy_hosts,
         },
-        validate::ValidatedCluster,
     },
     crd::{NifiRole, v1alpha1},
 };
@@ -80,7 +80,7 @@ type Result<T, E = Error> = std::result::Result<T, E>;
 pub fn build_rolegroup_config_map(
     cluster: &ValidatedCluster,
     rolegroup: &RoleGroupRef<v1alpha1::NifiCluster>,
-    recommended_labels: &ObjectLabels<'_, v1alpha1::NifiCluster>,
+    recommended_labels: &ObjectLabels<'_, ValidatedCluster>,
     cluster_info: &KubernetesClusterInfo,
 ) -> Result<ConfigMap> {
     tracing::debug!("building rolegroup ConfigMap");

rust/operator-binary/src/controller/build/git_sync.rs

@@ -4,11 +4,9 @@ use snafu::{ResultExt, Snafu};
 use stackable_operator::{crd::git_sync, k8s_openapi::api::core::v1::EnvVar};
 
 use crate::{
-    controller::{
-        LOG_VOLUME_NAME,
-        validate::{NifiRoleGroupConfig, ValidatedCluster},
-    },
+    controller::{ValidatedCluster, validate::NifiRoleGroupConfig},
     crd::Container,
+    nifi_controller::LOG_VOLUME_NAME,
 };
 
 #[derive(Snafu, Debug)]

rust/operator-binary/src/controller/build/properties.rs

@@ -69,7 +69,7 @@ pub(crate) mod test_support {
     };
 
     use crate::{
-        controller::validate::{NifiRoleGroupConfig, ValidatedCluster, ValidatedClusterConfig},
+        controller::{ValidatedCluster, ValidatedClusterConfig, validate::NifiRoleGroupConfig},
         crd::{NifiConfig, NifiRole, v1alpha1},
         framework::role_utils::with_validated_config,
         security::{

rust/operator-binary/src/controller/build/properties/authorizers.rs

@@ -1,6 +1,6 @@
 //! Builder for `authorizers.xml`.
 
-use crate::controller::validate::ValidatedCluster;
+use crate::controller::ValidatedCluster;
 
 pub fn build(cluster: &ValidatedCluster) -> String {
     cluster

rust/operator-binary/src/controller/build/properties/login_identity_providers.rs

@@ -1,6 +1,6 @@
 //! Builder for `login-identity-providers.xml`.
 
-use crate::controller::validate::ValidatedCluster;
+use crate::controller::ValidatedCluster;
 
 pub fn build(cluster: &ValidatedCluster) -> Result<String, crate::security::authentication::Error> {
     cluster

rust/operator-binary/src/controller/build/properties/nifi_properties.rs

@@ -10,7 +10,7 @@ use crate::{
         CalculateStorageQuotaSnafu, Error, GenerateOidcConfigSnafu, NIFI_PYTHON_WORKING_DIRECTORY,
         Nifi1RequiresZookeeperSnafu, NifiRepository, format_properties,
     },
-    controller::validate::{NifiRoleGroupConfig, ValidatedCluster},
+    controller::{ValidatedCluster, validate::NifiRoleGroupConfig},
     crd::{HTTPS_PORT, v1alpha1},
     security::{
         authentication::{

rust/operator-binary/src/controller/build/proxy_hosts.rs

@@ -4,7 +4,7 @@ use std::collections::HashSet;
 
 use stackable_operator::utils::cluster_info::KubernetesClusterInfo;
 
-use crate::{controller::validate::ValidatedCluster, crd::HTTPS_PORT, reporting_task};
+use crate::{controller::ValidatedCluster, crd::HTTPS_PORT, reporting_task};
 
 /// Computes the comma-separated NiFi proxy hosts, or `"*"` if `hostHeaderCheck.allowAll` is set.
 ///

rust/operator-binary/src/controller/mod.rs

@@ -0,0 +1,147 @@
+//! Controller-level vocabulary: the [`ValidatedCluster`] type produced by the
+//! [`validate`] step and consumed by the [`build`] steps, plus the
+//! `dereference` / `validate` / `build` sub-modules.
+
+use std::collections::BTreeMap;
+
+use stackable_operator::{
+    commons::product_image_selection::ResolvedProductImage,
+    crd::git_sync,
+    k8s_openapi::apimachinery::pkg::apis::meta::v1::ObjectMeta,
+    kube::Resource,
+    v2::{
+        HasName, HasUid,
+        types::{
+            kubernetes::{NamespaceName, Uid},
+            operator::ClusterName,
+        },
+    },
+};
+
+use crate::{
+    crd::{
+        HostHeaderCheckConfig, NifiRole, NifiRoleType,
+        sensitive_properties::NifiSensitiveKeyAlgorithm, v1alpha1,
+    },
+    security::{
+        authentication::NifiAuthenticationConfig, authorization::ResolvedNifiAuthorizationConfig,
+    },
+};
+
+pub(crate) mod build;
+pub(crate) mod dereference;
+pub(crate) mod validate;
+
+use validate::NifiRoleGroupConfig;
+
+/// The validated NifiCluster: everything `reconcile_nifi` needs after dereferencing,
+/// in fail-safe / resolved form. This is the single resolved representation of the cluster;
+/// downstream builders should source everything from here and never touch the raw `NifiCluster`.
+pub struct ValidatedCluster {
+    /// Synthetic metadata (name, namespace, uid) so `ValidatedCluster` can implement
+    /// [`Resource`] and be used to build OwnerReferences without the raw `NifiCluster`.
+    metadata: ObjectMeta,
+    /// The name of the NifiCluster.
+    pub name: ClusterName,
+    /// The namespace of the NifiCluster, parsed once in the dereference step and reused everywhere.
+    pub namespace: NamespaceName,
+    /// The UID of the NifiCluster, used to build OwnerReferences downstream.
+    pub uid: Uid,
+    /// The product image.
+    pub image: ResolvedProductImage,
+    /// Cluster wide settings.
+    pub cluster_config: ValidatedClusterConfig,
+    /// The raw Node role spec (`spec.nodes`), needed for JVM argument merging in `bootstrap.conf`.
+    pub nodes: NifiRoleType,
+    /// Collected configuration per rolegroup.
+    pub role_group_configs: BTreeMap<NifiRole, BTreeMap<String, NifiRoleGroupConfig>>,
+}
+
+/// The resolved `spec.clusterConfig`.
+pub struct ValidatedClusterConfig {
+    /// The cluster authentication settings.
+    pub authentication: NifiAuthenticationConfig,
+    /// The cluster authorization settings.
+    pub authorization: ResolvedNifiAuthorizationConfig,
+    /// The git-sync specs, resolved into git-sync resources at build time.
+    pub custom_components_git_sync: Vec<git_sync::v1alpha2::GitSync>,
+    /// The clustering backend (ZooKeeper or Kubernetes), copied from the spec.
+    pub clustering_backend: v1alpha1::NifiClusteringBackend,
+    /// The host-header-check config, resolved into the proxy hosts allow-list at build time.
+    pub host_header_check: HostHeaderCheckConfig,
+    /// The validated sensitive properties algorithm.
+    pub sensitive_properties_algorithm: NifiSensitiveKeyAlgorithm,
+}
+
+impl ValidatedCluster {
+    /// Builds a [`ValidatedCluster`], deriving the synthetic [`ObjectMeta`] from name, namespace
+    /// and uid so the struct can implement [`Resource`].
+    pub fn new(
+        name: ClusterName,
+        namespace: NamespaceName,
+        uid: Uid,
+        image: ResolvedProductImage,
+        nodes: NifiRoleType,
+        role_group_configs: BTreeMap<NifiRole, BTreeMap<String, NifiRoleGroupConfig>>,
+        cluster_config: ValidatedClusterConfig,
+    ) -> Self {
+        let metadata = ObjectMeta {
+            name: Some(name.to_string()),
+            namespace: Some(namespace.to_string()),
+            uid: Some(uid.to_string()),
+            ..ObjectMeta::default()
+        };
+
+        Self {
+            metadata,
+            name,
+            namespace,
+            uid,
+            image,
+            nodes,
+            role_group_configs,
+            cluster_config,
+        }
+    }
+}
+
+impl HasName for ValidatedCluster {
+    fn to_name(&self) -> String {
+        self.name.to_string()
+    }
+}
+
+impl HasUid for ValidatedCluster {
+    fn to_uid(&self) -> Uid {
+        self.uid.clone()
+    }
+}
+
+impl Resource for ValidatedCluster {
+    type DynamicType = <v1alpha1::NifiCluster as Resource>::DynamicType;
+    type Scope = <v1alpha1::NifiCluster as Resource>::Scope;
+
+    fn kind(dt: &Self::DynamicType) -> std::borrow::Cow<'_, str> {
+        v1alpha1::NifiCluster::kind(dt)
+    }
+
+    fn group(dt: &Self::DynamicType) -> std::borrow::Cow<'_, str> {
+        v1alpha1::NifiCluster::group(dt)
+    }
+
+    fn version(dt: &Self::DynamicType) -> std::borrow::Cow<'_, str> {
+        v1alpha1::NifiCluster::version(dt)
+    }
+
+    fn plural(dt: &Self::DynamicType) -> std::borrow::Cow<'_, str> {
+        v1alpha1::NifiCluster::plural(dt)
+    }
+
+    fn meta(&self) -> &ObjectMeta {
+        &self.metadata
+    }
+
+    fn meta_mut(&mut self) -> &mut ObjectMeta {
+        &mut self.metadata
+    }
+}

rust/operator-binary/src/controller/validate.rs

@@ -8,28 +8,17 @@ use std::collections::BTreeMap;
 use snafu::{OptionExt, ResultExt, Snafu};
 use stackable_operator::{
     cli::OperatorEnvironmentOptions,
-    commons::product_image_selection::{self, ResolvedProductImage},
-    crd::git_sync,
-    k8s_openapi::apimachinery::pkg::apis::meta::v1::ObjectMeta,
-    kube::{Resource, ResourceExt as _},
+    commons::product_image_selection,
+    kube::ResourceExt as _,
     role_utils::JavaCommonConfig,
-    v2::{
-        HasName, HasUid,
-        controller_utils::{self, get_cluster_name, get_uid},
-        types::{
-            kubernetes::{NamespaceName, Uid},
-            operator::ClusterName,
-        },
-    },
+    v2::controller_utils::{self, get_cluster_name, get_uid},
 };
 use strum::{EnumDiscriminants, IntoStaticStr};
 
+use super::{ValidatedCluster, ValidatedClusterConfig};
 use crate::{
     controller::dereference::DereferencedObjects,
-    crd::{
-        HostHeaderCheckConfig, NifiConfig, NifiRole, NifiRoleType, sensitive_properties,
-        sensitive_properties::NifiSensitiveKeyAlgorithm, v1alpha1,
-    },
+    crd::{NifiConfig, NifiRole, sensitive_properties, v1alpha1},
     framework::role_utils::with_validated_config,
     security::{
         authentication::{self, NifiAuthenticationConfig},
@@ -75,118 +64,6 @@ pub type NifiRoleGroupConfig = crate::framework::role_utils::RoleGroupConfig<
 
 type Result<T, E = Error> = std::result::Result<T, E>;
 
-/// The validated NifiCluster: everything `reconcile_nifi` needs after dereferencing,
-/// in fail-safe / resolved form. This is the single resolved representation of the cluster;
-/// downstream builders should source everything from here and never touch the raw `NifiCluster`.
-pub struct ValidatedCluster {
-    /// Synthetic metadata (name, namespace, uid) so `ValidatedCluster` can implement
-    /// [`Resource`] and be used to build OwnerReferences without the raw `NifiCluster`.
-    metadata: ObjectMeta,
-    /// The name of the NifiCluster.
-    pub name: ClusterName,
-    /// The namespace of the NifiCluster, parsed once in the dereference step and reused everywhere.
-    pub namespace: NamespaceName,
-    /// The UID of the NifiCluster, used to build OwnerReferences downstream.
-    pub uid: Uid,
-    /// The product image.
-    pub image: ResolvedProductImage,
-    /// Cluster wide settings.
-    pub cluster_config: ValidatedClusterConfig,
-    /// The raw Node role spec (`spec.nodes`), needed for JVM argument merging in `bootstrap.conf`.
-    pub nodes: NifiRoleType,
-    /// Collected configuration per rolegroup.
-    pub role_group_configs: BTreeMap<NifiRole, BTreeMap<String, NifiRoleGroupConfig>>,
-}
-
-/// The resolved `spec.clusterConfig`.
-pub struct ValidatedClusterConfig {
-    /// The cluster authentication settings.
-    pub authentication: NifiAuthenticationConfig,
-    /// The cluster authorization settings.
-    pub authorization: ResolvedNifiAuthorizationConfig,
-    /// The git-sync specs, resolved into git-sync resources at build time.
-    pub custom_components_git_sync: Vec<git_sync::v1alpha2::GitSync>,
-    /// The clustering backend (ZooKeeper or Kubernetes), copied from the spec.
-    pub clustering_backend: v1alpha1::NifiClusteringBackend,
-    /// The host-header-check config, resolved into the proxy hosts allow-list at build time.
-    pub host_header_check: HostHeaderCheckConfig,
-    /// The validated sensitive properties algorithm.
-    pub sensitive_properties_algorithm: NifiSensitiveKeyAlgorithm,
-}
-
-impl ValidatedCluster {
-    /// Builds a [`ValidatedCluster`], deriving the synthetic [`ObjectMeta`] from name, namespace
-    /// and uid so the struct can implement [`Resource`].
-    pub fn new(
-        name: ClusterName,
-        namespace: NamespaceName,
-        uid: Uid,
-        image: ResolvedProductImage,
-        nodes: NifiRoleType,
-        role_group_configs: BTreeMap<NifiRole, BTreeMap<String, NifiRoleGroupConfig>>,
-        cluster_config: ValidatedClusterConfig,
-    ) -> Self {
-        let metadata = ObjectMeta {
-            name: Some(name.to_string()),
-            namespace: Some(namespace.to_string()),
-            uid: Some(uid.to_string()),
-            ..ObjectMeta::default()
-        };
-
-        Self {
-            metadata,
-            name,
-            namespace,
-            uid,
-            image,
-            nodes,
-            role_group_configs,
-            cluster_config,
-        }
-    }
-}
-
-impl HasName for ValidatedCluster {
-    fn to_name(&self) -> String {
-        self.name.to_string()
-    }
-}
-
-impl HasUid for ValidatedCluster {
-    fn to_uid(&self) -> Uid {
-        self.uid.clone()
-    }
-}
-
-impl Resource for ValidatedCluster {
-    type DynamicType = <v1alpha1::NifiCluster as Resource>::DynamicType;
-    type Scope = <v1alpha1::NifiCluster as Resource>::Scope;
-
-    fn kind(dt: &Self::DynamicType) -> std::borrow::Cow<'_, str> {
-        v1alpha1::NifiCluster::kind(dt)
-    }
-
-    fn group(dt: &Self::DynamicType) -> std::borrow::Cow<'_, str> {
-        v1alpha1::NifiCluster::group(dt)
-    }
-
-    fn version(dt: &Self::DynamicType) -> std::borrow::Cow<'_, str> {
-        v1alpha1::NifiCluster::version(dt)
-    }
-
-    fn plural(dt: &Self::DynamicType) -> std::borrow::Cow<'_, str> {
-        v1alpha1::NifiCluster::plural(dt)
-    }
-
-    fn meta(&self) -> &ObjectMeta {
-        &self.metadata
-    }
-
-    fn meta_mut(&mut self) -> &mut ObjectMeta {
-        &mut self.metadata
-    }
-}
-
 /// Validates the cluster spec and the dereferenced inputs.
 pub fn validate(
     nifi: &v1alpha1::NifiCluster,
@@ -197,7 +74,7 @@ pub fn validate(
         .spec
         .image
         .resolve(
-            super::CONTAINER_IMAGE_BASE_NAME,
+            crate::nifi_controller::CONTAINER_IMAGE_BASE_NAME,
             &operator_environment.image_repository,
             crate::built_info::PKG_VERSION,
         )