migrate from databaseUsername to databaseAccount and fully use MariaDBAccount #681
Conversation
|
Skipping CI for Draft Pull Request. |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/5f254123d77e48df99bfe3842ed6a787 ❌ nova-operator-content-provider FAILURE in 6m 34s |
zzzeek
force-pushed
the
integrate_oo_accounts
branch
from
9a39fa2 to
5bd427a
Compare
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
zzzeek
force-pushed
the
integrate_oo_accounts
branch
from
5bd427a to
5823996
Compare
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
zzzeek
force-pushed
the
integrate_oo_accounts
branch
from
5823996 to
fb5c036
Compare
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
zzzeek
force-pushed
the
integrate_oo_accounts
branch
from
fb5c036 to
c4cf25a
Compare
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
zzzeek
force-pushed
the
integrate_oo_accounts
branch
from
c4cf25a to
8534cd9
Compare
|
/retest |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/eed32e0dba6141ce8579094f069bd555 ❌ nova-operator-content-provider FAILURE in 10m 26s |
zzzeek
force-pushed
the
integrate_oo_accounts
branch
from
8534cd9 to
9f602d6
Compare
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
|
/retest |
zzzeek
force-pushed
the
integrate_oo_accounts
branch
2 times, most recently
from
38cfe99 to
ca814eb
Compare
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/8f35d1ed9f4d445cbecc717f3653409d ✔️ nova-operator-content-provider SUCCESS in 2h 13m 13s |
|
recheck |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/f126069545674ca080e7faa6ffd1fbe1 ✔️ nova-operator-content-provider SUCCESS in 2h 15m 47s |
zzzeek
force-pushed
the
integrate_oo_accounts
branch
from
ca814eb to
0a263f2
Compare
zzzeek
force-pushed
the
integrate_oo_accounts
branch
from
9637d30 to
cc65abf
Compare
zzzeek
changed the title
zzzeek
force-pushed
the
integrate_oo_accounts
branch
4 times, most recently
from
a3bfc8c to
83a3645
Compare
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/2ed79e0ce148433fae3b0ac7d647ccb0 ✔️ nova-operator-content-provider SUCCESS in 2h 06m 28s |
zzzeek
force-pushed
the
integrate_oo_accounts
branch
7 times, most recently
from
6b00758 to
b4c144a
Compare
zzzeek
force-pushed
the
integrate_oo_accounts
branch
from
b4c144a to
245bd98
Compare
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/ed6da443e61c4743b83a31492629a7d6 ✔️ nova-operator-content-provider SUCCESS in 2h 09m 05s |
zzzeek
force-pushed
the
integrate_oo_accounts
branch
from
245bd98 to
8c8b041
Compare
| // cell.Spec.APIDatabaseHostname is empty for cells without APIDB access | ||
| "api_db_address": apiDBHostname, | ||
| "api_db_port": 3306, | ||
| "cell_db_name": getCellDatabaseName(cell.Spec.CellName), | ||
| "cell_db_user": cell.Spec.CellDatabaseUser, | ||
| "cell_db_password": string(ospSecret.Data[cellTemplate.PasswordSelectors.Database]), |
There was a problem hiding this comment.
now cellTemplate become unused so can be removed from the function params. Can be fixed n a followup
| apiDatabaseAccount, apiDbSecret, err := mariadbv1.GetAccountAndSecret(ctx, h, instance.Spec.APIDatabaseAccount, instance.Namespace) | ||
| if err != nil { | ||
| return nil, "", "", err | ||
| } | ||
|
|
||
| cellDatabaseAccount, cellDbSecret, err := mariadbv1.GetAccountAndSecret(ctx, h, cell.Spec.CellDatabaseAccount, instance.Namespace) | ||
| if err != nil { | ||
| return nil, "", "", err | ||
| } | ||
|
|
There was a problem hiding this comment.
we have the cellDB *mariadbv1.Database passed in and the caller could pass the apiDB similarly. So I think these queries are unnecessary, we could just access the accounts and secrets from the facades. Can be fixed in a followup
There was a problem hiding this comment.
yes these should be calling from db.GetAccount() / db.GetSecret()
| // yet associated with any MariaDBDatabase. | ||
| _, _, err := mariadbv1.EnsureMariaDBAccount( | ||
| ctx, h, cellTemplate.CellDatabaseAccount, | ||
| instance.Namespace, false, "nova_"+cellName, |
There was a problem hiding this comment.
we have a helper for that getCellDatabaseName
|
|
||
| cellDB := mariadbv1.NewDatabaseForAccount( | ||
| cellTemplate.CellDatabaseInstance, // mariadb/galera service to target | ||
| "nova_"+cellName, // name used in CREATE DATABASE in mariadb |
There was a problem hiding this comment.
we have a helper for that getCellDatabaseName.
| cellSpec.APIDatabaseHostname = apiDB.GetDatabaseHostname() | ||
| cellSpec.APIDatabaseUser = instance.Spec.APIDatabaseUser | ||
| cellSpec.APIDatabaseAccount = instance.Spec.APIDatabaseAccount |
There was a problem hiding this comment.
OK we still use the hostname to signal if the api DB is accessible to the cell or not. Not super nice that we default the account in both case but that is not new, we did that with the APIDatabaseUser too. So I think it is good as is.
| }, | ||
| } | ||
|
|
||
| mariadbCellSuite.RunBasicSuite() |
There was a problem hiding this comment.
nice. Thanks for the generalized test cases
| BeforeEach(func() { | ||
| apiMariaDBAccount, apiMariaDBSecret := mariadb.CreateMariaDBAccountAndSecret( | ||
| novaNames.APIMariaDBDatabaseAccount, mariadbv1.MariaDBAccountSpec{}) | ||
| DeferCleanup(k8sClient.Delete, ctx, apiMariaDBAccount) | ||
| DeferCleanup(k8sClient.Delete, ctx, apiMariaDBSecret) | ||
|
|
||
| cell0Account, cell0Secret := mariadb.CreateMariaDBAccountAndSecret( | ||
| cell0.MariaDBAccountName, mariadbv1.MariaDBAccountSpec{}) | ||
| DeferCleanup(k8sClient.Delete, ctx, cell0Account) | ||
| DeferCleanup(k8sClient.Delete, ctx, cell0Secret) | ||
|
|
||
| cell1Account, cell1Secret := mariadb.CreateMariaDBAccountAndSecret( | ||
| cell1.MariaDBAccountName, mariadbv1.MariaDBAccountSpec{}) | ||
| DeferCleanup(k8sClient.Delete, ctx, cell1Account) | ||
| DeferCleanup(k8sClient.Delete, ctx, cell1Secret) | ||
|
|
||
| cell2Account, cell2Secret := mariadb.CreateMariaDBAccountAndSecret( | ||
| cell2.MariaDBAccountName, mariadbv1.MariaDBAccountSpec{}) | ||
| DeferCleanup(k8sClient.Delete, ctx, cell2Account) | ||
| DeferCleanup(k8sClient.Delete, ctx, cell2Secret) | ||
|
|
||
| }) |
There was a problem hiding this comment.
Is it intentional that we pre-create the accounts in these tests? As we create Nova CR and not some subCR in this tests we could let the nova controller's ensure call do the creation. Of course it is valid to pre-create them to simulate that it is done by the openstack-operator or the user.
If this is intentional then please leave a comment in the code nothing it as this is now different from the nova_controller_test.go and that might confuse the future reader
There was a problem hiding this comment.
if we move to openstack-operator being responsible for mariadbaccount creation then we'd be glad to have these here. I have a feeling that EnsureMariaDBAccount is going to be generating username/passwords for a long time though because it's very convenient that it takes care of itself.
given the discussion at openstack-k8s-operators/mariadb-operator#205 (review) I think I want to add Eventually() to the RunURLAssertSuites here before we merge and I can try removing some of these extraneous account creates. Between the many test suites here as well as all the changes made by @stuggi there are likely more mariadbaccoutn creates than needed.
There was a problem hiding this comment.
update: I am not using any RunURLAssertSuites. so we can merge this as is and address things in followup, given how much effort it is for me to keep rebasing this each time someone changes something.
| @@ -50,22 +51,42 @@ func CreateNovaWith3CellsAndEnsureReady(novaNames NovaNames) { | |||
| DeferCleanup(mariadb.DeleteDBService, mariadb.CreateDBService(cell1.MariaDBDatabaseName.Namespace, cell1.MariaDBDatabaseName.Name, serviceSpec)) | |||
| DeferCleanup(mariadb.DeleteDBService, mariadb.CreateDBService(cell2.MariaDBDatabaseName.Namespace, cell2.MariaDBDatabaseName.Name, serviceSpec)) | |||
|
|
|||
| apiMariaDBAccount, apiMariaDBSecret := mariadb.CreateMariaDBAccountAndSecret( | |||
There was a problem hiding this comment.
ditto, we could let the nova controller create these. If this is intentional then please leave a comment
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: gibizer, zzzeek The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-merge-bot
bot
merged commit 90a97e1
into
openstack-k8s-operators:main
This moves nova to fully use MariaDBAccount based on the dev work being done for mariadb-operator:
https://github.com/openstack-k8s-operators/mariadb-operator/pull/184/files
Lead Jira: OSPRH-4095
kuttl/*.yamlkuttl/*.yaml