link MariaDBAccount to the Database api

This replaces the MariaDBDatabase.secret attribute with the use of MariaDBAccount instead. also applies an interim fix to allow the encoding/collation to be present in the Database API, otherwise the database pod would fail. Amends MariaDBAccount to return from delete if the owning Galera resource is already deleted.
openstack-k8s-operators · Jan 15, 2024 · d5c1598 · d5c1598
1 parent 282488b
commit d5c1598
Show file tree

Hide file tree

Showing 12 changed files with 127 additions and 62 deletions.
diff --git a/api/bases/mariadb.openstack.org_mariadbdatabases.yaml b/api/bases/mariadb.openstack.org_mariadbdatabases.yaml
@@ -46,12 +46,6 @@ spec:
               name:
                 description: Name of the database in MariaDB
                 type: string
-              secret:
-                description: Name of secret which contains DatabasePassword
-                type: string
-            required:
-            - defaultCharacterSet
-            - defaultCollation
             type: object
           status:
             description: MariaDBDatabaseStatus defines the observed state of MariaDBDatabase

diff --git a/api/v1beta1/mariadbdatabase_funcs.go b/api/v1beta1/mariadbdatabase_funcs.go
@@ -121,6 +121,11 @@ func (d *Database) GetDatabase() *MariaDBDatabase {
 	return d.database
 }
 
+// GetAccount - returns the account
+func (d *Database) GetAccount() *MariaDBAccount {
+	return d.account
+}
+
 // CreateOrPatchDB - create or patch the service DB instance
 // Deprecated. Use CreateOrPatchDBByName instead. If you want to use the
 // default the DB service instance of the deployment then pass "openstack" as
@@ -162,6 +167,22 @@ func (d *Database) CreateOrPatchDBByName(
 		}
 	}
 
+	account := d.account
+	if account == nil {
+		account = &MariaDBAccount{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      d.databaseUser,
+				Namespace: d.namespace,
+				Labels: map[string]string{
+					"mariaDBDatabaseName": d.name,
+				},
+			},
+			Spec: MariaDBAccountSpec{
+				UserName: d.databaseUser,
+				Secret:   d.secret,
+			},
+		}
+	}
 	// set the database hostname on the db instance
 	err := d.setDatabaseHostname(ctx, h, name)
 	if err != nil {
@@ -174,8 +195,6 @@ func (d *Database) CreateOrPatchDBByName(
 			d.labels,
 		)
 
-		db.Spec.Secret = d.secret
-
 		err := controllerutil.SetControllerReference(h.GetBeforeObject(), db, h.GetScheme())
 		if err != nil {
 			return err
@@ -200,6 +219,36 @@ func (d *Database) CreateOrPatchDBByName(
 		return ctrl.Result{RequeueAfter: time.Second * 5}, nil
 	}
 
+	op_acc, err_acc := controllerutil.CreateOrPatch(ctx, h.GetClient(), account, func() error {
+		account.Labels = util.MergeStringMaps(
+			account.GetLabels(),
+			d.labels,
+		)
+
+		err := controllerutil.SetControllerReference(h.GetBeforeObject(), account, h.GetScheme())
+		if err != nil {
+			return err
+		}
+
+		// If the service object doesn't have our finalizer, add it.
+		controllerutil.AddFinalizer(account, h.GetFinalizer())
+
+		return nil
+	})
+
+	if err_acc != nil && !k8s_errors.IsNotFound(err_acc) {
+		return ctrl.Result{}, util.WrapErrorForObject(
+			fmt.Sprintf("Error create or update account object %s", account.Name),
+			account,
+			err_acc,
+		)
+	}
+
+	if op_acc != controllerutil.OperationResultNone {
+		util.LogForObject(h, fmt.Sprintf("Account object %s created or patched", account.Name), account)
+		return ctrl.Result{RequeueAfter: time.Second * 5}, nil
+	}
+
 	err = d.getDBWithName(
 		ctx,
 		h,
@@ -211,7 +260,9 @@ func (d *Database) CreateOrPatchDBByName(
 	return ctrl.Result{}, nil
 }
 
-// WaitForDBCreatedWithTimeout - wait until the MariaDBDatabase is initialized and reports Status.Completed == true
+// WaitForDBCreatedWithTimeout - wait until the MariaDBDatabase and MariaDBAccounts are
+// initialized and reports Status.Conditions.IsTrue(MariaDBDatabaseReadyCondition)
+// and Status.Conditions.IsTrue(MariaDBAccountReadyCondition)
 func (d *Database) WaitForDBCreatedWithTimeout(
 	ctx context.Context,
 	h *helper.Helper,
@@ -226,7 +277,7 @@ func (d *Database) WaitForDBCreatedWithTimeout(
 		return ctrl.Result{}, err
 	}
 
-	if !d.database.Status.Completed || k8s_errors.IsNotFound(err) {
+	if !d.database.Status.Conditions.IsTrue(MariaDBDatabaseReadyCondition) {
 		util.LogForObject(
 			h,
 			fmt.Sprintf("Waiting for service DB %s to be created", d.database.Name),
@@ -236,6 +287,26 @@ func (d *Database) WaitForDBCreatedWithTimeout(
 		return ctrl.Result{RequeueAfter: requeueAfter}, nil
 	}
 
+	if !d.account.Status.Conditions.IsTrue(MariaDBAccountReadyCondition) {
+		util.LogForObject(
+			h,
+			fmt.Sprintf("Waiting for service account %s to be created", d.account.Name),
+			d.account,
+		)
+
+		return ctrl.Result{RequeueAfter: requeueAfter}, nil
+	}
+
+	if k8s_errors.IsNotFound(err) {
+		util.LogForObject(
+			h,
+			fmt.Sprintf("DB or account objects not yet found %s", d.database.Name),
+			d.database,
+		)
+
+		return ctrl.Result{RequeueAfter: requeueAfter}, nil
+	}
+
 	return ctrl.Result{}, nil
 }
 
@@ -262,13 +333,15 @@ func (d *Database) getDBWithName(
 	if namespace == "" {
 		namespace = h.GetBeforeObject().GetNamespace()
 	}
+
 	err := h.GetClient().Get(
 		ctx,
 		types.NamespacedName{
 			Name:      name,
 			Namespace: namespace,
 		},
 		db)
+
 	if err != nil {
 		if k8s_errors.IsNotFound(err) {
 			return util.WrapErrorForObject(
@@ -287,6 +360,35 @@ func (d *Database) getDBWithName(
 
 	d.database = db
 
+	account := &MariaDBAccount{}
+	username := d.databaseUser
+
+	err = h.GetClient().Get(
+		ctx,
+		types.NamespacedName{
+			Name:      username,
+			Namespace: namespace,
+		},
+		account)
+
+	if err != nil {
+		if k8s_errors.IsNotFound(err) {
+			return util.WrapErrorForObject(
+				fmt.Sprintf("Failed to get %s account %s ", username, namespace),
+				h.GetBeforeObject(),
+				err,
+			)
+		}
+
+		return util.WrapErrorForObject(
+			fmt.Sprintf("account error %s %s ", username, namespace),
+			h.GetBeforeObject(),
+			err,
+		)
+	}
+
+	d.account = account
+
 	return nil
 }
 

diff --git a/api/v1beta1/mariadbdatabase_types.go b/api/v1beta1/mariadbdatabase_types.go
@@ -31,16 +31,14 @@ const (
 
 // MariaDBDatabaseSpec defines the desired state of MariaDBDatabase
 type MariaDBDatabaseSpec struct {
-	// Name of secret which contains DatabasePassword
-	Secret string `json:"secret,omitempty"`
 	// Name of the database in MariaDB
 	Name string `json:"name,omitempty"`
 	// +kubebuilder:default=utf8
 	// Default character set for this database
-	DefaultCharacterSet string `json:"defaultCharacterSet"`
+	DefaultCharacterSet string `json:"defaultCharacterSet,omitempty"`
 	// +kubebuilder:default=utf8_general_ci
 	// Default collation for this database
-	DefaultCollation string `json:"defaultCollation"`
+	DefaultCollation string `json:"defaultCollation,omitempty"`
 }
 
 // MariaDBDatabaseStatus defines the observed state of MariaDBDatabase
@@ -88,6 +86,7 @@ const (
 // Database -
 type Database struct {
 	database         *MariaDBDatabase
+	account          *MariaDBAccount
 	databaseHostname string
 	databaseName     string
 	databaseUser     string

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/mariadb.openstack.org_mariadbdatabases.yaml b/config/crd/bases/mariadb.openstack.org_mariadbdatabases.yaml
@@ -46,12 +46,6 @@ spec:
               name:
                 description: Name of the database in MariaDB
                 type: string
-              secret:
-                description: Name of secret which contains DatabasePassword
-                type: string
-            required:
-            - defaultCharacterSet
-            - defaultCollation
             type: object
           status:
             description: MariaDBDatabaseStatus defines the observed state of MariaDBDatabase

diff --git a/controllers/mariadbaccount_controller.go b/controllers/mariadbaccount_controller.go
@@ -429,16 +429,19 @@ func (r *MariaDBAccountReconciler) reconcileDelete(
 
 			// remove local finalizer
 			controllerutil.RemoveFinalizer(instance, helper.GetFinalizer())
-		}
 
-		instance.Status.Conditions.Set(condition.FalseCondition(
-			databasev1beta1.MariaDBServerReadyCondition,
-			condition.ErrorReason,
-			condition.SeverityError,
-			"Error retrieving MariaDB/Galera instance %s",
-			err))
+			// galera DB does not exist, so return
+			return ctrl.Result{}, nil
+		} else {
+			instance.Status.Conditions.Set(condition.FalseCondition(
+				databasev1beta1.MariaDBServerReadyCondition,
+				condition.ErrorReason,
+				condition.SeverityError,
+				"Error retrieving MariaDB/Galera instance %s",
+				err))
 
-		return ctrl.Result{}, err
+			return ctrl.Result{}, err
+		}
 	}
 
 	var dbInstance, dbAdminSecret, dbContainerImage, serviceAccountName string

diff --git a/pkg/mariadb/database.go b/pkg/mariadb/database.go
@@ -66,17 +66,6 @@ func DbDatabaseJob(database *databasev1beta1.MariaDBDatabase, databaseHostName s
 										},
 									},
 								},
-								{
-									Name: "DatabasePassword",
-									ValueFrom: &corev1.EnvVarSource{
-										SecretKeyRef: &corev1.SecretKeySelector{
-											LocalObjectReference: corev1.LocalObjectReference{
-												Name: database.Spec.Secret,
-											},
-											Key: "DatabasePassword",
-										},
-									},
-								},
 							},
 						},
 					},

diff --git a/templates/database.sh b/templates/database.sh
@@ -1,4 +1,3 @@
 #!/bin/bash
-export DatabasePassword=${DatabasePassword:?"Please specify a DatabasePassword variable."}
 
-mysql -h {{.DatabaseHostname}} -u {{.DatabaseAdminUsername}} -P 3306 -e "CREATE DATABASE IF NOT EXISTS {{.DatabaseName}}; ALTER DATABASE {{.DatabaseName}} CHARACTER SET '{{.DefaultCharacterSet}}' COLLATE '{{.DefaultCollation}}'; GRANT ALL PRIVILEGES ON {{.DatabaseName}}.* TO '{{.DatabaseName}}'@'localhost' IDENTIFIED BY '$DatabasePassword';GRANT ALL PRIVILEGES ON {{.DatabaseName}}.* TO '{{.DatabaseName}}'@'%' IDENTIFIED BY '$DatabasePassword';"
+mysql -h {{.DatabaseHostname}} -u {{.DatabaseAdminUsername}} -P 3306 -e "CREATE DATABASE IF NOT EXISTS {{.DatabaseName}}; ALTER DATABASE {{.DatabaseName}} CHARACTER SET '{{.DefaultCharacterSet}}' COLLATE '{{.DefaultCollation}}';"
diff --git a/templates/delete_database.sh b/templates/delete_database.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 
-mysql -h {{.DatabaseHostname}} -u {{.DatabaseAdminUsername}} -P 3306 -e "DROP DATABASE IF EXISTS {{.DatabaseName}}; DROP USER IF EXISTS '{{.DatabaseName}}'@'localhost'; DROP USER IF EXISTS '{{.DatabaseName}}'@'%';"
+mysql -h {{.DatabaseHostname}} -u {{.DatabaseAdminUsername}} -P 3306 -e "DROP DATABASE IF EXISTS {{.DatabaseName}};"
diff --git a/tests/kuttl/tests/account_create/02-create-database.yaml b/tests/kuttl/tests/account_create/02-create-database.yaml
@@ -5,5 +5,4 @@ metadata:
   labels:
     dbName: openstack
 spec:
-  secret: osp-secret
   name: kuttldb_accounttest
diff --git a/tests/kuttl/tests/database_create/02-assert.yaml b/tests/kuttl/tests/database_create/02-assert.yaml
@@ -1,26 +1,10 @@
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: kuttldb-utf8-db-create
-status:
-  succeeded: 1
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: kuttldb-latin1-db-create
-status:
-  succeeded: 1
----
 apiVersion: mariadb.openstack.org/v1beta1
 kind: MariaDBDatabase
 metadata:
   name: kuttldb-utf8
   labels:
     dbName: openstack
 spec:
-  secret: osp-secret
   name: kuttldb_utf8
 status:
   conditions:
@@ -45,7 +29,6 @@ metadata:
   labels:
     dbName: openstack
 spec:
-  secret: osp-secret
   name: kuttldb_latin1
 status:
   conditions:

diff --git a/tests/kuttl/tests/database_create/02-create-database.yaml b/tests/kuttl/tests/database_create/02-create-database.yaml
@@ -5,7 +5,6 @@ metadata:
   labels:
     dbName: openstack
 spec:
-  secret: osp-secret
   name: kuttldb_utf8
 ---
 apiVersion: mariadb.openstack.org/v1beta1
@@ -15,7 +14,6 @@ metadata:
   labels:
     dbName: openstack
 spec:
-  secret: osp-secret
   name: kuttldb_latin1
   defaultCharacterSet: latin1
   defaultCollation: latin1_general_ci