chore: remove the conn-credential (#7765)

apis/apps/v1alpha1/clusterdefinition_types.go

@@ -43,32 +43,6 @@ type ClusterDefinitionSpec struct {
 	// +optional
 	ComponentDefs []ClusterComponentDefinition `json:"componentDefs" patchStrategy:"merge,retainKeys" patchMergeKey:"name"`
 
-	// Connection credential template used for creating a connection credential secret for cluster objects.
-	//
-	// Built-in objects are:
-	//
-	// - `$(RANDOM_PASSWD)` random 8 characters.
-	// - `$(STRONG_RANDOM_PASSWD)` random 16 characters, with mixed cases, digits and symbols.
-	// - `$(UUID)` generate a random UUID v4 string.
-	// - `$(UUID_B64)` generate a random UUID v4 BASE64 encoded string.
-	// - `$(UUID_STR_B64)` generate a random UUID v4 string then BASE64 encoded.
-	// - `$(UUID_HEX)` generate a random UUID v4 HEX representation.
-	// - `$(HEADLESS_SVC_FQDN)` headless service FQDN placeholder, value pattern is `$(CLUSTER_NAME)-$(1ST_COMP_NAME)-headless.$(NAMESPACE).svc`,
-	//    where 1ST_COMP_NAME is the 1st component that provide `ClusterDefinition.spec.componentDefs[].service` attribute;
-	// - `$(SVC_FQDN)` service FQDN placeholder, value pattern is `$(CLUSTER_NAME)-$(1ST_COMP_NAME).$(NAMESPACE).svc`,
-	//    where 1ST_COMP_NAME is the 1st component that provide `ClusterDefinition.spec.componentDefs[].service` attribute;
-	// - `$(SVC_PORT_{PORT-NAME})` is ServicePort's port value with specified port name, i.e, a servicePort JSON struct:
-	//    `{"name": "mysql", "targetPort": "mysqlContainerPort", "port": 3306}`, and `$(SVC_PORT_mysql)` in the
-	//    connection credential value is 3306.
-	//
-	// Deprecated since v0.9.
-	// This field is maintained for backward compatibility and its use is discouraged.
-	// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases.
-	//
-	// +kubebuilder:deprecatedversion:warning="This field has been deprecated since 0.9.0"
-	// +optional
-	ConnectionCredential map[string]string `json:"connectionCredential,omitempty"`
-
 	// Topologies defines all possible topologies within the cluster.
 	//
 	// +kubebuilder:validation:MinItems=1

config/crd/bases/apps.kubeblocks.io_clusterdefinitions.yaml

@@ -8502,35 +8502,6 @@ spec:
                 x-kubernetes-list-map-keys:
                 - name
                 x-kubernetes-list-type: map
-              connectionCredential:
-                additionalProperties:
-                  type: string
-                description: |-
-                  Connection credential template used for creating a connection credential secret for cluster objects.
-
-
-                  Built-in objects are:
-
-
-                  - `$(RANDOM_PASSWD)` random 8 characters.
-                  - `$(STRONG_RANDOM_PASSWD)` random 16 characters, with mixed cases, digits and symbols.
-                  - `$(UUID)` generate a random UUID v4 string.
-                  - `$(UUID_B64)` generate a random UUID v4 BASE64 encoded string.
-                  - `$(UUID_STR_B64)` generate a random UUID v4 string then BASE64 encoded.
-                  - `$(UUID_HEX)` generate a random UUID v4 HEX representation.
-                  - `$(HEADLESS_SVC_FQDN)` headless service FQDN placeholder, value pattern is `$(CLUSTER_NAME)-$(1ST_COMP_NAME)-headless.$(NAMESPACE).svc`,
-                     where 1ST_COMP_NAME is the 1st component that provide `ClusterDefinition.spec.componentDefs[].service` attribute;
-                  - `$(SVC_FQDN)` service FQDN placeholder, value pattern is `$(CLUSTER_NAME)-$(1ST_COMP_NAME).$(NAMESPACE).svc`,
-                     where 1ST_COMP_NAME is the 1st component that provide `ClusterDefinition.spec.componentDefs[].service` attribute;
-                  - `$(SVC_PORT_{PORT-NAME})` is ServicePort's port value with specified port name, i.e, a servicePort JSON struct:
-                     `{"name": "mysql", "targetPort": "mysqlContainerPort", "port": 3306}`, and `$(SVC_PORT_mysql)` in the
-                     connection credential value is 3306.
-
-
-                  Deprecated since v0.9.
-                  This field is maintained for backward compatibility and its use is discouraged.
-                  Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases.
-                type: object
               topologies:
                 description: Topologies defines all possible topologies within the
                   cluster.

controllers/apps/cluster_controller.go

@@ -149,8 +149,6 @@ func (r *ClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 			&clusterComponentTransformer{},
 			// update cluster components' status
 			&clusterComponentStatusTransformer{},
-			// create default cluster connection credential secret object
-			&clusterConnCredentialTransformer{},
 			// build backuppolicy and backupschedule from backupPolicyTemplate
 			&clusterBackupPolicyTransformer{},
 			// add our finalizer to all objects

controllers/apps/operations/datascript.go

@@ -245,12 +245,9 @@ func buildDataScriptJobs(reqCtx intctrlutil.RequestCtx, cli client.Client, clust
 		// parse username and password
 		secretFrom := ops.Spec.ScriptSpec.Secret
 		if secretFrom == nil {
-			secretFrom = &appsv1alpha1.ScriptSecret{
-				Name:        constant.GenerateDefaultConnCredential(cluster.Name),
-				PasswordKey: "password",
-				UsernameKey: "username",
-			}
+			return nil, intctrlutil.NewFatalError("missing secret for user & password")
 		}
+
 		// verify secrets exist
 		if err := cli.Get(reqCtx.Ctx, types.NamespacedName{Namespace: reqCtx.Req.Namespace, Name: secretFrom.Name}, &corev1.Secret{}); err != nil {
 			return nil, intctrlutil.NewFatalError(err.Error())

controllers/apps/operations/datascript_test.go

@@ -252,7 +252,7 @@ var _ = Describe("DataScriptOps", func() {
 			By("mock a job one more time, fail with missing secret")
 			_, err = buildDataScriptJobs(reqCtx, k8sClient, clusterObj, comp, ops, "mysql")
 			Expect(err).Should(HaveOccurred())
-			Expect(err.Error()).Should(ContainSubstring("conn-credential"))
+			Expect(err.Error()).Should(ContainSubstring("missing secret"))
 
 			By("patch a secret name to ops, fail with missing secret")
 			secretName := fmt.Sprintf("%s-%s", clusterObj.Name, comp.Name)

controllers/apps/operations/switchover_util.go

@@ -360,8 +360,6 @@ func buildSwitchoverEnvs(ctx context.Context,
 		return nil, errors.New("switchover spec withCandidate and withoutCandidate can't be nil at the same time")
 	}
 
-	// replace secret env and merge envs defined in SwitchoverSpec
-	replaceSwitchoverConnCredentialEnv(synthesizeComp.LifecycleActions.Switchover, cluster.Name, synthesizeComp.Name)
 	var switchoverEnvs []corev1.EnvVar
 	switch switchover.InstanceName {
 	case KBSwitchoverCandidateInstanceForAnyPod:
@@ -387,21 +385,6 @@ func buildSwitchoverEnvs(ctx context.Context,
 	return switchoverEnvs, nil
 }
 
-// replaceSwitchoverConnCredentialEnv replaces the connection credential environment variables for the switchover job.
-func replaceSwitchoverConnCredentialEnv(switchoverSpec *appsv1alpha1.ComponentSwitchover, clusterName, componentName string) {
-	if switchoverSpec == nil {
-		return
-	}
-	connCredentialMap := component.GetEnvReplacementMapForConnCredential(clusterName)
-	replaceEnvVars := func(action *appsv1alpha1.Action) {
-		if action != nil {
-			action.Exec.Env = component.ReplaceSecretEnvVars(connCredentialMap, action.Exec.Env)
-		}
-	}
-	replaceEnvVars(switchoverSpec.WithCandidate)
-	replaceEnvVars(switchoverSpec.WithoutCandidate)
-}
-
 // buildSwitchoverWorkloadEnvs builds the replication or consensus workload environment variables for the switchover job.
 func buildSwitchoverWorkloadEnvs(ctx context.Context,
 	cli client.Client,

controllers/apps/transformer_cluster_backup_policy.go

@@ -510,31 +510,12 @@ func (r *clusterBackupPolicyTransformer) buildBackupTarget(
 		target.Name = comp.fullComponentName
 	}
 	// build the target connection credential
-	cc := dpv1alpha1.ConnectionCredential{}
-	switch {
-	case len(comp.compSpec.ComponentDef) > 0 && len(targetTpl.Account) > 0:
-		cc.SecretName = constant.GenerateAccountSecretName(clusterName, comp.fullComponentName, targetTpl.Account)
-		cc.PasswordKey = constant.AccountPasswdForSecret
-		cc.UsernameKey = constant.AccountNameForSecret
-	case len(comp.compSpec.ComponentDef) == 0 && len(comp.compSpec.ComponentDefRef) > 0:
-		// TODO: remove HACK code in version 0.9, only no componentDef can using connect credential
-		cc.SecretName = constant.GenerateDefaultConnCredential(clusterName)
-		ccKey := targetTpl.ConnectionCredentialKey
-		if ccKey.PasswordKey != nil {
-			cc.PasswordKey = *ccKey.PasswordKey
-		}
-		if ccKey.UsernameKey != nil {
-			cc.UsernameKey = *ccKey.UsernameKey
-		}
-		if ccKey.PortKey != nil {
-			cc.PortKey = *ccKey.PortKey
+	if targetTpl.Account != "" {
+		target.ConnectionCredential = &dpv1alpha1.ConnectionCredential{
+			SecretName:  constant.GenerateAccountSecretName(clusterName, comp.fullComponentName, targetTpl.Account),
+			PasswordKey: constant.AccountPasswdForSecret,
+			UsernameKey: constant.AccountNameForSecret,
 		}
-		if ccKey.HostKey != nil {
-			cc.HostKey = *ccKey.HostKey
-		}
-	}
-	if cc.SecretName != "" {
-		target.ConnectionCredential = &cc
 	}
 	return target
 }

deploy/helm/crds/apps.kubeblocks.io_clusterdefinitions.yaml

@@ -8502,35 +8502,6 @@ spec:
                 x-kubernetes-list-map-keys:
                 - name
                 x-kubernetes-list-type: map
-              connectionCredential:
-                additionalProperties:
-                  type: string
-                description: |-
-                  Connection credential template used for creating a connection credential secret for cluster objects.
-
-
-                  Built-in objects are:
-
-
-                  - `$(RANDOM_PASSWD)` random 8 characters.
-                  - `$(STRONG_RANDOM_PASSWD)` random 16 characters, with mixed cases, digits and symbols.
-                  - `$(UUID)` generate a random UUID v4 string.
-                  - `$(UUID_B64)` generate a random UUID v4 BASE64 encoded string.
-                  - `$(UUID_STR_B64)` generate a random UUID v4 string then BASE64 encoded.
-                  - `$(UUID_HEX)` generate a random UUID v4 HEX representation.
-                  - `$(HEADLESS_SVC_FQDN)` headless service FQDN placeholder, value pattern is `$(CLUSTER_NAME)-$(1ST_COMP_NAME)-headless.$(NAMESPACE).svc`,
-                     where 1ST_COMP_NAME is the 1st component that provide `ClusterDefinition.spec.componentDefs[].service` attribute;
-                  - `$(SVC_FQDN)` service FQDN placeholder, value pattern is `$(CLUSTER_NAME)-$(1ST_COMP_NAME).$(NAMESPACE).svc`,
-                     where 1ST_COMP_NAME is the 1st component that provide `ClusterDefinition.spec.componentDefs[].service` attribute;
-                  - `$(SVC_PORT_{PORT-NAME})` is ServicePort's port value with specified port name, i.e, a servicePort JSON struct:
-                     `{"name": "mysql", "targetPort": "mysqlContainerPort", "port": 3306}`, and `$(SVC_PORT_mysql)` in the
-                     connection credential value is 3306.
-
-
-                  Deprecated since v0.9.
-                  This field is maintained for backward compatibility and its use is discouraged.
-                  Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases.
-                type: object
               topologies:
                 description: Topologies defines all possible topologies within the
                   cluster.

docs/developer_docs/api-reference/cluster.md

@@ -531,37 +531,6 @@ Existing usage should be updated to the current preferred approach to avoid comp
 </tr>
 <tr>
 <td>
-<code>connectionCredential</code><br/>
-<em>
-map[string]string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Connection credential template used for creating a connection credential secret for cluster objects.</p>
-<p>Built-in objects are:</p>
-<ul>
-<li><code>$(RANDOM_PASSWD)</code> random 8 characters.</li>
-<li><code>$(STRONG_RANDOM_PASSWD)</code> random 16 characters, with mixed cases, digits and symbols.</li>
-<li><code>$(UUID)</code> generate a random UUID v4 string.</li>
-<li><code>$(UUID_B64)</code> generate a random UUID v4 BASE64 encoded string.</li>
-<li><code>$(UUID_STR_B64)</code> generate a random UUID v4 string then BASE64 encoded.</li>
-<li><code>$(UUID_HEX)</code> generate a random UUID v4 HEX representation.</li>
-<li><code>$(HEADLESS_SVC_FQDN)</code> headless service FQDN placeholder, value pattern is <code>$(CLUSTER_NAME)-$(1ST_COMP_NAME)-headless.$(NAMESPACE).svc</code>,
-where 1ST_COMP_NAME is the 1st component that provide <code>ClusterDefinition.spec.componentDefs[].service</code> attribute;</li>
-<li><code>$(SVC_FQDN)</code> service FQDN placeholder, value pattern is <code>$(CLUSTER_NAME)-$(1ST_COMP_NAME).$(NAMESPACE).svc</code>,
-where 1ST_COMP_NAME is the 1st component that provide <code>ClusterDefinition.spec.componentDefs[].service</code> attribute;</li>
-<li><code>$(SVC_PORT_&#123;PORT-NAME&#125;)</code> is ServicePort&rsquo;s port value with specified port name, i.e, a servicePort JSON struct:
-<code>&#123;&quot;name&quot;: &quot;mysql&quot;, &quot;targetPort&quot;: &quot;mysqlContainerPort&quot;, &quot;port&quot;: 3306&#125;</code>, and <code>$(SVC_PORT_mysql)</code> in the
-connection credential value is 3306.</li>
-</ul>
-<p>Deprecated since v0.9.
-This field is maintained for backward compatibility and its use is discouraged.
-Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases.</p>
-</td>
-</tr>
-<tr>
-<td>
 <code>topologies</code><br/>
 <em>
 <a href="#apps.kubeblocks.io/v1alpha1.ClusterTopology">
@@ -5292,37 +5261,6 @@ Existing usage should be updated to the current preferred approach to avoid comp
 </tr>
 <tr>
 <td>
-<code>connectionCredential</code><br/>
-<em>
-map[string]string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Connection credential template used for creating a connection credential secret for cluster objects.</p>
-<p>Built-in objects are:</p>
-<ul>
-<li><code>$(RANDOM_PASSWD)</code> random 8 characters.</li>
-<li><code>$(STRONG_RANDOM_PASSWD)</code> random 16 characters, with mixed cases, digits and symbols.</li>
-<li><code>$(UUID)</code> generate a random UUID v4 string.</li>
-<li><code>$(UUID_B64)</code> generate a random UUID v4 BASE64 encoded string.</li>
-<li><code>$(UUID_STR_B64)</code> generate a random UUID v4 string then BASE64 encoded.</li>
-<li><code>$(UUID_HEX)</code> generate a random UUID v4 HEX representation.</li>
-<li><code>$(HEADLESS_SVC_FQDN)</code> headless service FQDN placeholder, value pattern is <code>$(CLUSTER_NAME)-$(1ST_COMP_NAME)-headless.$(NAMESPACE).svc</code>,
-where 1ST_COMP_NAME is the 1st component that provide <code>ClusterDefinition.spec.componentDefs[].service</code> attribute;</li>
-<li><code>$(SVC_FQDN)</code> service FQDN placeholder, value pattern is <code>$(CLUSTER_NAME)-$(1ST_COMP_NAME).$(NAMESPACE).svc</code>,
-where 1ST_COMP_NAME is the 1st component that provide <code>ClusterDefinition.spec.componentDefs[].service</code> attribute;</li>
-<li><code>$(SVC_PORT_&#123;PORT-NAME&#125;)</code> is ServicePort&rsquo;s port value with specified port name, i.e, a servicePort JSON struct:
-<code>&#123;&quot;name&quot;: &quot;mysql&quot;, &quot;targetPort&quot;: &quot;mysqlContainerPort&quot;, &quot;port&quot;: 3306&#125;</code>, and <code>$(SVC_PORT_mysql)</code> in the
-connection credential value is 3306.</li>
-</ul>
-<p>Deprecated since v0.9.
-This field is maintained for backward compatibility and its use is discouraged.
-Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases.</p>
-</td>
-</tr>
-<tr>
-<td>
 <code>topologies</code><br/>
 <em>
 <a href="#apps.kubeblocks.io/v1alpha1.ClusterTopology">

go.mod

@@ -24,7 +24,6 @@ require (
 	github.com/go-sql-driver/mysql v1.7.1
 	github.com/golang/mock v1.6.0
 	github.com/google/go-cmp v0.6.0
-	github.com/google/uuid v1.6.0
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/hashicorp/vault/sdk v0.9.2
 	github.com/imdario/mergo v0.3.14
@@ -163,6 +162,7 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect