From 8653811a3aac266494135cdb39fca5885734c2ba Mon Sep 17 00:00:00 2001 From: Katharina Przybill <30441792+kathap@users.noreply.github.com> Date: Wed, 25 Mar 2026 08:52:43 +0100 Subject: [PATCH 1/3] Enhance storage-cli webdav config --- .../templates/storage_cli_config_buildpacks.json.erb | 8 +++++--- .../templates/storage_cli_config_droplets.json.erb | 8 +++++--- .../templates/storage_cli_config_packages.json.erb | 8 +++++--- .../storage_cli_config_resource_pool.json.erb | 8 +++++--- .../templates/storage_cli_config_buildpacks.json.erb | 10 ++++++---- .../templates/storage_cli_config_droplets.json.erb | 8 +++++--- .../templates/storage_cli_config_packages.json.erb | 8 +++++--- .../storage_cli_config_resource_pool.json.erb | 8 +++++--- .../templates/storage_cli_config_buildpacks.json.erb | 8 +++++--- .../templates/storage_cli_config_droplets.json.erb | 8 +++++--- .../templates/storage_cli_config_packages.json.erb | 8 +++++--- .../storage_cli_config_resource_pool.json.erb | 8 +++++--- .../templates/storage_cli_config_buildpacks.json.erb | 8 +++++--- .../templates/storage_cli_config_droplets.json.erb | 5 +++-- .../templates/storage_cli_config_packages.json.erb | 10 ++++++---- .../storage_cli_config_resource_pool.json.erb | 8 +++++--- .../templates/storage_cli_config_buildpacks.json.erb | 8 +++++--- .../templates/storage_cli_config_droplets.json.erb | 8 +++++--- .../templates/storage_cli_config_packages.json.erb | 8 +++++--- .../storage_cli_config_resource_pool.json.erb | 10 ++++++---- 20 files changed, 101 insertions(+), 62 deletions(-) diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb index 2e6886adf7..96b8ec91d3 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb index c72cf61b76..7588e0ccc5 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb index 62b6703cfa..7c1aaaa44b 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb index 575efadebb..8714007959 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb index f5454cf125..950872dcf3 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb @@ -90,20 +90,22 @@ if provider == "aliyun" || provider == "alioss" options["endpoint"] = l.p("#{scope}.aliyun_oss_endpoint") options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end - -# WebDAV/dav support intentionally excluded (not fully implemented) + +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb index 050c260f39..cd665f1467 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb index 62b6703cfa..7c1aaaa44b 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb index cc3f84adb0..b1d4a43626 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb @@ -91,19 +91,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = l.p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.public_endpoint") + options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", l.p("#{scope}.secret", nil)) + add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=l.p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb index 3df22410bd..7996bf9b77 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb index 4616d8afe9..5b481e5386 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb index 9b35f91c78..fa146c43b1 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb index 024e57456e..26e468f4ca 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb index 3df22410bd..7996bf9b77 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb index 45024f6ccd..fd6bff01c4 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb @@ -94,14 +94,15 @@ if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb index d345fe3d88..fa146c43b1 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb @@ -88,20 +88,22 @@ if provider == "aliyun" || provider == "alioss" options["endpoint"] = p("#{scope}.aliyun_oss_endpoint") options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end - -# WebDAV/dav support intentionally excluded (not fully implemented) + +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb index 024e57456e..26e468f4ca 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb index 3df22410bd..7996bf9b77 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb index 4616d8afe9..5b481e5386 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb index d345fe3d88..edcec945c3 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb @@ -89,19 +89,21 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb index 024e57456e..0770196b51 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb @@ -88,20 +88,22 @@ if provider == "aliyun" || provider == "alioss" options["endpoint"] = p("#{scope}.aliyun_oss_endpoint") options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end - -# WebDAV/dav support intentionally excluded (not fully implemented) + +# Support both native storage-cli types (dav) AND legacy fog names (webdav) +# Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" options["provider"] = provider options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.public_endpoint") + options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" add_optional(options, "secret", p("#{scope}.secret", nil)) + add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) # TLS nested object with a Cert inside ca_cert=p("#{scope}.ca_cert",nil) unless ca_cert.empty? - options["tls"]={"cert"=>ca_cert} + options["tls"]={"cert"=>{"ca"=>ca_cert}} end end From 423731bc4ae299592f891255c68091a1e7a196c7 Mon Sep 17 00:00:00 2001 From: Katharina Przybill <30441792+kathap@users.noreply.github.com> Date: Wed, 25 Mar 2026 09:36:12 +0100 Subject: [PATCH 2/3] adapt tests --- .../storage_cli_config_jsons_spec.rb | 14 ++++++++------ .../storage_cli_config_jsons_spec.rb | 14 ++++++++------ .../storage_cli_config_jsons_spec.rb | 14 ++++++++------ .../storage_cli_config_jsons_spec.rb | 14 ++++++++------ 4 files changed, 32 insertions(+), 24 deletions(-) diff --git a/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb b/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb index 24bec8ab58..94268e4d0c 100644 --- a/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb +++ b/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb @@ -329,7 +329,7 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -337,8 +337,8 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' } + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -347,9 +347,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert', 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -357,9 +358,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' }, + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' ) end diff --git a/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb index ff1fbc52a1..ca7d5006ff 100644 --- a/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb @@ -282,7 +282,7 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -290,8 +290,8 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' } + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -300,9 +300,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert', 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -310,9 +311,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' }, + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' ) end diff --git a/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb index a44653048c..1519ab9610 100644 --- a/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb @@ -283,7 +283,7 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -291,8 +291,8 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' } + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -301,9 +301,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert', 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -311,9 +312,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' }, + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' ) end diff --git a/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb index 8d08c5f950..40cd3a463d 100644 --- a/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb @@ -282,7 +282,7 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -290,8 +290,8 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' } + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -300,9 +300,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'username' => 'user', 'password' => 'secret', - 'public_endpoint' => 'webdav.com', + 'private_endpoint' => 'https://webdav.com', 'ca_cert' => 'some_cert', 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' }) json = YAML.safe_load(template.render(props, consumes: links)) @@ -310,9 +311,10 @@ def props_for_provider(provider) 'provider' => 'webdav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'webdav.com', - 'tls' => { 'cert' => 'some_cert' }, + 'endpoint' => 'https://webdav.com/admin/', + 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', + 'signing_method' => 'md5', 'retry_attempts' => '4' ) end From 6ae8c0223194107807b6ebe192adcf26ed04d1c9 Mon Sep 17 00:00:00 2001 From: Katharina Przybill <30441792+kathap@users.noreply.github.com> Date: Thu, 26 Mar 2026 16:51:20 +0100 Subject: [PATCH 3/3] Include directory keys in WebDAV blobstore endpoint configuration Configure storage-cli WebDAV endpoints to include resource-specific directory keys (cc-droplets, cc-packages, cc-buildpacks, cc-resources) for backward compatibility with fog/webdav client. When using basic auth, endpoints are: /admin/{directory_key} When using signed URLs, endpoints are: /{directory_key} This ensures both storage-cli and fog/webdav store blobs at identical physical paths, enabling zero-downtime rollback between the two clients. Updated all job templates and RSpec tests to expect directory keys in endpoint paths. --- .../storage_cli_config_buildpacks.json.erb | 22 ++++++++++++--- .../storage_cli_config_droplets.json.erb | 22 ++++++++++++--- .../storage_cli_config_packages.json.erb | 22 ++++++++++++--- .../storage_cli_config_resource_pool.json.erb | 22 ++++++++++++--- .../storage_cli_config_buildpacks.json.erb | 22 ++++++++++++--- .../storage_cli_config_droplets.json.erb | 22 ++++++++++++--- .../storage_cli_config_packages.json.erb | 22 ++++++++++++--- .../storage_cli_config_resource_pool.json.erb | 22 ++++++++++++--- .../storage_cli_config_buildpacks.json.erb | 22 ++++++++++++--- .../storage_cli_config_droplets.json.erb | 22 ++++++++++++--- .../storage_cli_config_packages.json.erb | 22 ++++++++++++--- .../storage_cli_config_resource_pool.json.erb | 22 ++++++++++++--- .../storage_cli_config_buildpacks.json.erb | 22 ++++++++++++--- .../storage_cli_config_droplets.json.erb | 28 +++++++++++++++---- .../storage_cli_config_packages.json.erb | 22 ++++++++++++--- .../storage_cli_config_resource_pool.json.erb | 22 ++++++++++++--- .../storage_cli_config_buildpacks.json.erb | 22 ++++++++++++--- .../storage_cli_config_droplets.json.erb | 22 ++++++++++++--- .../storage_cli_config_packages.json.erb | 22 ++++++++++++--- .../storage_cli_config_resource_pool.json.erb | 22 ++++++++++++--- .../storage_cli_config_jsons_spec.rb | 23 +++++++++++---- .../storage_cli_config_jsons_spec.rb | 23 +++++++++++---- .../storage_cli_config_jsons_spec.rb | 19 ++++++++++--- .../storage_cli_config_jsons_spec.rb | 23 +++++++++++---- 24 files changed, 431 insertions(+), 103 deletions(-) diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb index 96b8ec91d3..cc4e5bfb53 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb index 7588e0ccc5..6479375c34 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.droplets.droplet_directory_key", "cc-droplets") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb index 7c1aaaa44b..0f0d596b36 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.packages.app_package_directory_key", "cc-packages") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb b/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb index 8714007959..e94a4a0922 100644 --- a/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.resource_pool.resource_directory_key", "cc-resources") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb index 950872dcf3..f481343d96 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb index cd665f1467..b1669d5f29 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.droplets.droplet_directory_key", "cc-droplets") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb index 7c1aaaa44b..0f0d596b36 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.packages.app_package_directory_key", "cc-packages") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb b/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb index b1d4a43626..c77101ac6d 100644 --- a/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb @@ -94,11 +94,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = l.p("#{scope}.username") options["password"] = l.p("#{scope}.password") - options["endpoint"] = l.p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", l.p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = l.p("cc.resource_pool.resource_directory_key", "cc-resources") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = l.p("#{scope}.secret", nil) + base_endpoint = l.p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", l.p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", l.p("#{scope}.retry_attempts", nil)) @@ -110,4 +124,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb index 7996bf9b77..9e8b4422cc 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb index 5b481e5386..e482cf91ef 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.droplets.droplet_directory_key", "cc-droplets") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb index fa146c43b1..a810016898 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_packages.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.packages.app_package_directory_key", "cc-packages") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb index 26e468f4ca..3b11b00cc7 100644 --- a/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_clock/templates/storage_cli_config_resource_pool.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.resource_pool.resource_directory_key", "cc-resources") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb index 7996bf9b77..9e8b4422cc 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_buildpacks.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb index fd6bff01c4..b1e60479e8 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_droplets.json.erb @@ -21,6 +21,11 @@ end scope = "cc.droplets.connection_config" provider = p("cc.droplets.blobstore_provider", nil) + +# Normalize legacy fog provider names to storage-cli names +# Legacy fog name support to be REMOVED May 2026 +provider = "dav" if provider == "webdav" + options = {} # Support both native storage-cli types (azurebs) AND legacy fog names (AzureRM) @@ -89,13 +94,26 @@ if provider == "aliyun" || provider == "alioss" options["bucket_name"] = p("#{scope}.aliyun_oss_bucket") end -# WebDAV/dav support intentionally excluded (not fully implemented) -if provider == "webdav" || provider == "dav" - options["provider"] = provider +if provider == "dav" + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.droplets.droplet_directory_key", "cc-droplets") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb index fa146c43b1..a810016898 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_packages.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.packages.app_package_directory_key", "cc-packages") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb index 26e468f4ca..3b11b00cc7 100644 --- a/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_ng/templates/storage_cli_config_resource_pool.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.resource_pool.resource_directory_key", "cc-resources") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb index 7996bf9b77..9e8b4422cc 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_buildpacks.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.buildpacks.buildpack_directory_key", "cc-buildpacks") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb index 5b481e5386..e482cf91ef 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_droplets.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.droplets.droplet_directory_key", "cc-droplets") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb index edcec945c3..d688769ae1 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_packages.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.packages.app_package_directory_key", "cc-packages") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb b/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb index 0770196b51..3dc3809e89 100644 --- a/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb +++ b/jobs/cloud_controller_worker/templates/storage_cli_config_resource_pool.json.erb @@ -92,11 +92,25 @@ end # Support both native storage-cli types (dav) AND legacy fog names (webdav) # Legacy fog name support to be REMOVED May 2026 if provider == "webdav" || provider == "dav" - options["provider"] = provider + options["provider"] = "dav" options["user"] = p("#{scope}.username") options["password"] = p("#{scope}.password") - options["endpoint"] = p("#{scope}.private_endpoint") + "/admin/" - add_optional(options, "secret", p("#{scope}.secret", nil)) + + # Resource-specific directory for compatibility with fog/webdav + resource_dir = p("cc.resource_pool.resource_directory_key", "cc-resources") + + # When using signed URLs (secret present), endpoint points to resource directory + # When using basic auth only (no secret), endpoint includes /admin/ prefix + secret = p("#{scope}.secret", nil) + base_endpoint = p("#{scope}.private_endpoint") + + if secret.nil? || secret.empty? + options["endpoint"] = "#{base_endpoint}/admin/#{resource_dir}" + else + options["endpoint"] = "#{base_endpoint}/#{resource_dir}" + end + + add_optional(options, "secret", secret) add_optional(options, "signing_method", p("#{scope}.signing_method", nil)) add_optional(options, "retry_attempts", p("#{scope}.retry_attempts", nil)) @@ -108,4 +122,4 @@ if provider == "webdav" || provider == "dav" end -%> -<%= JSON.pretty_generate(options) %> \ No newline at end of file +<%= JSON.pretty_generate(options) %> diff --git a/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb b/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb index 94268e4d0c..61fab22105 100644 --- a/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb +++ b/spec/cc_deployment_updater/storage_cli_config_jsons_spec.rb @@ -320,13 +320,24 @@ def props_for_provider(provider) let(:links) { [cc_link] } let(:props) { {} } + # Helper to determine expected directory key based on template path + def expected_directory_key(template_path) + case template_path + when /droplets/ then 'cc-droplets' + when /packages/ then 'cc-packages' + when /buildpacks/ then 'cc-buildpacks' + when /resource_pool/ then 'cc-resources' + end + end + TEMPLATES.each_value do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } + let(:directory_key) { expected_directory_key(template_path) } it 'maps required properties into the rendered config' do set(link_props, keypath, { - 'provider' => 'webdav', + 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.com', @@ -334,17 +345,17 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/admin/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end it 'includes optional properties when provided' do set(link_props, keypath, { - 'provider' => 'webdav', + 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.com', @@ -355,10 +366,10 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', 'signing_method' => 'md5', diff --git a/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb index ca7d5006ff..7c904a6d8e 100644 --- a/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_clock/storage_cli_config_jsons_spec.rb @@ -273,13 +273,24 @@ def props_for_provider(provider) describe 'when provider is webdav' do let(:props) { props_for_provider('webdav') } + # Helper to determine expected directory key based on template path + def expected_directory_key(template_path) + case template_path + when /droplets/ then 'cc-droplets' + when /packages/ then 'cc-packages' + when /buildpacks/ then 'cc-buildpacks' + when /resource_pool/ then 'cc-resources' + end + end + TEMPLATES.each_value do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } + let(:directory_key) { expected_directory_key(template_path) } it 'maps required properties into the rendered config' do set(props, keypath, { - 'provider' => 'webdav', + 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.com', @@ -287,17 +298,17 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/admin/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end it 'includes optional properties when provided' do set(props, keypath, { - 'provider' => 'webdav', + 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.com', @@ -308,10 +319,10 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', 'signing_method' => 'md5', diff --git a/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb index 1519ab9610..b0f95fbf5b 100644 --- a/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_ng/storage_cli_config_jsons_spec.rb @@ -274,9 +274,20 @@ def props_for_provider(provider) describe 'when provider is webdav' do let(:props) { props_for_provider('webdav') } + # Helper to determine expected directory key based on template path + def expected_directory_key(template_path) + case template_path + when /droplets/ then 'cc-droplets' + when /packages/ then 'cc-packages' + when /buildpacks/ then 'cc-buildpacks' + when /resource_pool/ then 'cc-resources' + end + end + TEMPLATES.each_value do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } + let(:directory_key) { expected_directory_key(template_path) } it 'maps required properties into the rendered config' do set(props, keypath, { @@ -288,10 +299,10 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/admin/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end @@ -309,10 +320,10 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', 'signing_method' => 'md5', diff --git a/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb b/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb index 40cd3a463d..97c20c6152 100644 --- a/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb +++ b/spec/cloud_controller_worker/storage_cli_config_jsons_spec.rb @@ -273,13 +273,24 @@ def props_for_provider(provider) describe 'when provider is webdav' do let(:props) { props_for_provider('webdav') } + # Helper to determine expected directory key based on template path + def expected_directory_key(template_path) + case template_path + when /droplets/ then 'cc-droplets' + when /packages/ then 'cc-packages' + when /buildpacks/ then 'cc-buildpacks' + when /resource_pool/ then 'cc-resources' + end + end + TEMPLATES.each_value do |(template_path, keypath)| describe template_path do let(:template) { job.template(template_path) } + let(:directory_key) { expected_directory_key(template_path) } it 'maps required properties into the rendered config' do set(props, keypath, { - 'provider' => 'webdav', + 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.com', @@ -287,17 +298,17 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/admin/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } } ) end it 'includes optional properties when provided' do set(props, keypath, { - 'provider' => 'webdav', + 'provider' => 'dav', 'username' => 'user', 'password' => 'secret', 'private_endpoint' => 'https://webdav.com', @@ -308,10 +319,10 @@ def props_for_provider(provider) }) json = YAML.safe_load(template.render(props, consumes: links)) expect(json).to include( - 'provider' => 'webdav', + 'provider' => 'dav', 'user' => 'user', 'password' => 'secret', - 'endpoint' => 'https://webdav.com/admin/', + 'endpoint' => "https://webdav.com/#{directory_key}", 'tls' => { 'cert' => { 'ca' => 'some_cert' } }, 'secret' => 'secret', 'signing_method' => 'md5',