-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove port from endpoint (if added) #154
Conversation
* Set sql_log_bin = 0 before execs in user reconciler Signed-off-by: Alejandro Recalde <[email protected]> * Set sql_log_bin = 0 before execs in user reconciler Signed-off-by: Alejandro Recalde <[email protected]> * Set sql_log_bin = 0 before execs in grant reconciler Signed-off-by: Alejandro Recalde <[email protected]> * Refactor error handling in create, update and delete grant reconciliation methods Signed-off-by: Alejandro Recalde <[email protected]> * Fix const `errSetSqlLogBin` should be `errSetSQLLogBin` (golint) Signed-off-by: Alejandro Recalde <[email protected]> * Update grant tests Signed-off-by: Alejandro Recalde <[email protected]> * Update user controller tests and reduce cyclotomic complexity Signed-off-by: Alejandro Recalde <[email protected]> * Update user controller update test Signed-off-by: Alejandro Recalde <[email protected]> * Add BinLog field to Database, Grant and User specs Signed-off-by: Alejandro Recalde <[email protected]> * Only set sql_log_bin to 0 if binlog spec field is false Signed-off-by: Alejandro Recalde <[email protected]> * Fix BinLog spec field comment Signed-off-by: Alejandro Recalde <[email protected]> * Update mysql Database resource sample to include forProvider field Signed-off-by: Alejandro Recalde <[email protected]> * Rename replicate crd field to binlog (Database, Grant and User specs) Signed-off-by: Alejandro Recalde <[email protected]> * Remove AuthPlugin and UsePassword fields from user type Signed-off-by: Alejandro Recalde <[email protected]> * Create an xsql.DB.Exec() wrapper in pkg/clients/mysql that allows disabling binlogs before the query and flushing privileges after the query Signed-off-by: Alejandro Recalde <[email protected]> --------- Signed-off-by: Alejandro Recalde <[email protected]> Signed-off-by: Timotej Avsec <[email protected]>
) * postgres: Expand grant privileges where required Inside postgresql, some privileges are altered[0] when issuing a `GRANT` - for example `ALL` is expanded to `CREATE, TEMPORARY, CONNECT`. When we observe the grant, we query privileges on the database to see if the ones in the grant exist. Given that they are expanded, we can't simply query for what the user gave us. Expand the privileges which need expanding before we make the query. Closes: crossplane-contrib#92 [0]: https://www.postgresql.org/docs/15/ddl-priv.html Signed-off-by: Iain Lane <[email protected]> * Sort the grants privileges before comparing them When we use them in the observation the order doesn't matter, but in the test we are generating a diff where it does, so compare them in the test. Signed-off-by: Iain Lane <[email protected]> --------- Signed-off-by: Iain Lane <[email protected]> Signed-off-by: Iain Lane <[email protected]> Signed-off-by: Timotej Avsec <[email protected]>
… (crossplane-contrib#148) * Support mysql grant option by updating grantRegex and parseGrants function Signed-off-by: Alejandro Recalde <[email protected]> Signed-off-by: Duologic <[email protected]> * When GRANT OPTION is present append WITH GRANT OPTION to query Signed-off-by: Alejandro Recalde <[email protected]> Signed-off-by: Duologic <[email protected]> * fix: tests Signed-off-by: Duologic <[email protected]> --------- Signed-off-by: Alejandro Recalde <[email protected]> Signed-off-by: Duologic <[email protected]> Co-authored-by: Alejandro Recalde <[email protected]> Co-authored-by: Duologic <[email protected]> Signed-off-by: Timotej Avsec <[email protected]>
Signed-off-by: Timotej Avsec <[email protected]>
* fix: correctly set GRANT OPTION privilege Signed-off-by: Duologic <[email protected]> * chore: introduce createRevokeQuery function Signed-off-by: Javier Palomo <[email protected]> * fix: use createRevokeQuery in Delete Signed-off-by: Javier Palomo <[email protected]> * fix: dont split user and host Signed-off-by: Javier Palomo <[email protected]> * fix: unnecessary type conversion in getPrivilegesString Signed-off-by: Javier Palomo <[email protected]> * fix(createRevokeQuery): use right MySQL syntax Signed-off-by: Javier Palomo <[email protected]> --------- Signed-off-by: Duologic <[email protected]> Signed-off-by: Javier Palomo <[email protected]> Co-authored-by: Duologic <[email protected]> Signed-off-by: Timotej Avsec <[email protected]>
In our composition for RDS we have this:
The address key was added in crossplane-contrib/provider-upjet-aws#530 |
Hey @Duologic , I'm not entirely sure if I am doing something wrong, but I don't think this is working as it should. This is my RDS manifest: apiVersion: rds.aws.upbound.io/v1beta1
kind: Instance
metadata:
annotations:
name: my-database
spec:
forProvider:
allocatedStorage: 20
autoMinorVersionUpgrade: true
engine: mysql
engineVersion: "8.0"
instanceClass: db.t3.micro
name: my-database
publiclyAccessible: true
region: eu-central-1
skipFinalSnapshot: true
storageEncrypted: false
storageType: gp2
username: admin
passwordSecretRef:
key: password
name: rds-initial-password
namespace: default
providerConfigRef:
name: default
writeConnectionSecretToRef:
name: very-secure-credentials-for-rds
namespace: default The secret But when I create ---
apiVersion: mysql.sql.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
name: sql-config
spec:
credentials:
source: MySQLConnectionSecret
connectionSecretRef:
namespace: default
name: very-secure-credentials-for-rds and create DB resource apiVersion: mysql.sql.crossplane.io/v1alpha1
kind: Database
metadata:
labels:
type: database
name: my-table
spec:
deletionPolicy: Orphan
providerConfigRef:
name: sql-config
forProvider: {} I get the following error when describing the database resource: Maybe, in this case, this should be moved to issues? |
We make use of compositions rather then directly dealing with managed resources, for example they can create/convert secrets to another format. |
I have an issue regarding the fact that the status:
atProvider: {}
conditions:
- lastTransitionTime: "2023-11-28T08:29:14Z"
message: 'observe failed: cannot select role: dial tcp: lookup xplane-harbor-5jxnh-9rb9t.cymnaynfchjt.eu-west-3.rds.amazonaws.com:5432:5432:
... I tried to define them here as you mentioned @Duologic . However these changes are applied to the secret being generated by the composition: kubectl get secrets -n crossplane-system 23172561-479b-4a39-a0f0-609562b8f2e3 -o yaml
apiVersion: v1
data:
endpoint: xxx
password: xx
username: xx
... In my case I want to have a predictable secret name in order to use it with this provider. kubectl get secrets -n harbor xplane-harbor-rds -o yaml
apiVersion: v1
data:
address: xxx
attribute.password: UmRzI2F6ZXJ0eTQy
endpoint: xx (contains host:5432)
host: xx
password: xxx
port: xx
username: xx Could you please give me a hand? should I open an issue? Why is the |
What is blocking fixing this? I am currently evaluating crossplane for an organisation, and ran into this issue when following tutorials from @vfarcic using AWS RDS: status:
conditions:
- lastTransitionTime: "2024-11-08T14:17:03Z"
message: 'observe failed: cannot select database: dial tcp: lookup <snip>.eu-north-1.rds.amazonaws.com:5432:5432:
no such host'
reason: ReconcileError
status: "False"
type: Synced As described above, I guess this looks up the address: <snip>.eu-north-1.rds.amazonaws.com
attribute.password: postgres
endpoint: <snip>.eu-north-1.rds.amazonaws.com:5432
host: <snip>.eu-north-1.rds.amazonaws.com
password: postgres
port: "5432"
username: masteruser |
IMO I think this should be fixed in the AWS provider: crossplane-contrib/provider-upjet-aws#778 |
@Duologic UpBound provider maintainers disagree: crossplane-contrib/provider-upjet-aws#798 (comment) |
FYI #203 |
Closing this until agreement on #203 is found. |
Description of your changes
Today I tried using
provider-sql
with AWS RDS provider, but RDS provider outputs the endpoint secret with port included (localhost:3306
for example, instead of justlocalhost
, as provider-sql expects). Therefore, crossplane can't access the database, as the formatted DSN, in this case, would belocalhost:3306:3306
.This PR will remove the port from the endpoint string, if it exists.
I have:
make reviewable
to ensure this PR is ready for review.How has this code been tested
I ran the tests, and tried creating new Database on the RDS instance (with MySQL engine).