migrate from databaseUsername to databaseAccount and fully use MariaD…

…BAccount

This will move neutron to fully use MariaDBAccount based on the dev work
being done for mariadb-operator:

openstack-k8s-operators/mariadb-operator#184

Depends-On: openstack-k8s-operators/openstack-operator#656

api/bases/neutron.openstack.org_neutronapis.yaml

@@ -59,17 +59,16 @@ spec:
                   added to to /etc/<service>/<service>.conf.d directory as custom.conf
                   file.
                 type: string
+              databaseAccount:
+                default: neutron
+                description: DatabaseAccount - optional username used for neutron
+                  DB, defaults to neutron
+                type: string
               databaseInstance:
                 description: MariaDB instance name Right now required by the maridb-operator
                   to get the credentials from the instance to create the DB Might
                   not be required in future
                 type: string
-              databaseUser:
-                default: neutron
-                description: 'DatabaseUser - optional username used for neutron DB,
-                  defaults to neutron TODO: -> implement needs work in mariadb-operator,
-                  right now only neutron'
-                type: string
               defaultConfigOverwrite:
                 additionalProperties:
                   type: string
@@ -2129,17 +2128,10 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: NeutronDatabasePassword
                   service: NeutronPassword
-                description: PasswordSelectors - Selectors to identify the DB and
-                  ServiceUser password from the Secret
+                description: PasswordSelectors - Selectors to identify the ServiceUser
+                  password from the Secret
                 properties:
-                  database:
-                    default: NeutronDatabasePassword
-                    description: 'Database - Selector to get the neutron database
-                      user password from the Secret TODO: not used, need change in
-                      mariadb-operator'
-                    type: string
                   service:
                     default: NeutronPassword
                     description: Database - Selector to get the neutron service password
@@ -2214,7 +2206,7 @@ spec:
                 type: object
               secret:
                 description: Secret containing OpenStack password information for
-                  NeutronDatabasePassword, NeutronPassword
+                  NeutronPassword
                 type: string
               serviceUser:
                 default: neutron

api/v1beta1/neutronapi_types.go

@@ -55,9 +55,8 @@ type NeutronAPISpec struct {
 
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:default=neutron
-	// DatabaseUser - optional username used for neutron DB, defaults to neutron
-	// TODO: -> implement needs work in mariadb-operator, right now only neutron
-	DatabaseUser string `json:"databaseUser"`
+	// DatabaseAccount - optional username used for neutron DB, defaults to neutron
+	DatabaseAccount string `json:"databaseAccount"`
 
 	// +kubebuilder:validation:Required
 	// +kubebuilder:default=rabbitmq
@@ -82,12 +81,12 @@ type NeutronAPISpec struct {
 	Replicas *int32 `json:"replicas"`
 
 	// +kubebuilder:validation:Required
-	// Secret containing OpenStack password information for NeutronDatabasePassword, NeutronPassword
+	// Secret containing OpenStack password information for NeutronPassword
 	Secret string `json:"secret"`
 
 	// +kubebuilder:validation:Optional
-	// +kubebuilder:default={database: NeutronDatabasePassword, service: NeutronPassword}
-	// PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret
+	// +kubebuilder:default={service: NeutronPassword}
+	// PasswordSelectors - Selectors to identify the ServiceUser password from the Secret
 	PasswordSelectors PasswordSelector `json:"passwordSelectors"`
 
 	// +kubebuilder:validation:Optional
@@ -143,11 +142,6 @@ type APIOverrideSpec struct {
 
 // PasswordSelector to identify the DB and AdminUser password from the Secret
 type PasswordSelector struct {
-	// +kubebuilder:validation:Optional
-	// +kubebuilder:default="NeutronDatabasePassword"
-	// Database - Selector to get the neutron database user password from the Secret
-	// TODO: not used, need change in mariadb-operator
-	Database string `json:"database"`
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:default="NeutronPassword"
 	// Database - Selector to get the neutron service password from the Secret

config/crd/bases/neutron.openstack.org_neutronapis.yaml

@@ -59,17 +59,16 @@ spec:
                   added to to /etc/<service>/<service>.conf.d directory as custom.conf
                   file.
                 type: string
+              databaseAccount:
+                default: neutron
+                description: DatabaseAccount - optional username used for neutron
+                  DB, defaults to neutron
+                type: string
               databaseInstance:
                 description: MariaDB instance name Right now required by the maridb-operator
                   to get the credentials from the instance to create the DB Might
                   not be required in future
                 type: string
-              databaseUser:
-                default: neutron
-                description: 'DatabaseUser - optional username used for neutron DB,
-                  defaults to neutron TODO: -> implement needs work in mariadb-operator,
-                  right now only neutron'
-                type: string
               defaultConfigOverwrite:
                 additionalProperties:
                   type: string
@@ -2129,17 +2128,10 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: NeutronDatabasePassword
                   service: NeutronPassword
-                description: PasswordSelectors - Selectors to identify the DB and
-                  ServiceUser password from the Secret
+                description: PasswordSelectors - Selectors to identify the ServiceUser
+                  password from the Secret
                 properties:
-                  database:
-                    default: NeutronDatabasePassword
-                    description: 'Database - Selector to get the neutron database
-                      user password from the Secret TODO: not used, need change in
-                      mariadb-operator'
-                    type: string
                   service:
                     default: NeutronPassword
                     description: Database - Selector to get the neutron service password
@@ -2214,7 +2206,7 @@ spec:
                 type: object
               secret:
                 description: Secret containing OpenStack password information for
-                  NeutronDatabasePassword, NeutronPassword
+                  NeutronPassword
                 type: string
               serviceUser:
                 default: neutron

config/manager/kustomization.yaml

@@ -12,5 +12,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: quay.io/openstack-k8s-operators/neutron-operator
-  newTag: latest
+  newName: quay.io/rhn_engineering_mbayer/neutron-operator
+  newTag: 0.0.1

config/manifests/bases/neutron-operator.clusterserviceversion.yaml

@@ -18,6 +18,10 @@ spec:
       displayName: Neutron API
       kind: NeutronAPI
       name: neutronapis.neutron.openstack.org
+      specDescriptors:
+      - description: TLS - Parameters related to the TLS
+        displayName: TLS
+        path: tls
       version: v1beta1
   description: Neutron Operator
   displayName: Neutron Operator

config/samples/neutron_v1beta1_neutronapi.yaml

@@ -4,12 +4,13 @@ metadata:
   name: neutron
   namespace: openstack
 spec:
+  containerImage: quay.io/podified-antelope-centos9/openstack-neutron-server:current-podified
   serviceUser: neutron
   customServiceConfig: |
     [DEFAULT]
     debug = true
   databaseInstance: openstack
-  databaseUser: neutron
+  databaseAccount: neutron
   rabbitMqClusterName: rabbitmq
   memcachedInstance: memcached
   preserveJobs: false

config/samples/neutron_v1beta1_neutronapi_tls.yaml

@@ -4,12 +4,13 @@ metadata:
   name: neutron
   namespace: openstack
 spec:
+  containerImage: quay.io/podified-antelope-centos9/openstack-neutron-server:current-podified
   serviceUser: neutron
   customServiceConfig: |
     [DEFAULT]
     debug = true
   databaseInstance: openstack
-  databaseUser: neutron
+  databaseAccount: neutron
   rabbitMqClusterName: rabbitmq
   memcachedInstance: memcached
   preserveJobs: false

controllers/neutronapi_controller.go

@@ -399,16 +399,14 @@ func (r *NeutronAPIReconciler) reconcileInit(
 
 	// create neutron DB instance
 	//
-	db := mariadbv1.NewDatabaseWithNamespace(
-		neutronapi.Database,
-		instance.Spec.DatabaseUser,
-		instance.Spec.Secret,
-		map[string]string{
-			"dbName": instance.Spec.DatabaseInstance,
-		},
-		neutronapi.Database,
-		instance.Namespace,
+	db := mariadbv1.NewDatabaseForAccount(
+		instance.Spec.DatabaseInstance, // mariadb/galera service to target
+		neutronapi.Database,            // name used in CREATE DATABASE in mariadb
+		neutronapi.Database,            // CR name for MariaDBDatabase
+		instance.Spec.DatabaseAccount,  // CR name for MariaDBAccount
+		instance.Namespace,             // namespace
 	)
+
 	// create or patch the DB
 	ctrlResult, err := db.CreateOrPatchDBByName(
 		ctx,
@@ -913,6 +911,28 @@ func (r *NeutronAPIReconciler) reconcileNormal(ctx context.Context, instance *ne
 	instance.Status.Conditions.MarkTrue(condition.MemcachedReadyCondition, condition.MemcachedReadyMessage)
 	// run check memcached - end
 
+	// ensure MariaDBAccount exists.  This account record may be created by
+	// openstack-operator or the cloud operator up front without a specific
+	// MariaDBDatabase configured yet.   Otherwise, a MariaDBAccount CR is
+	// created here with a generated username as well as a secret with
+	// generated password.   The MariaDBAccount is created without being
+	// yet associated with any MariaDBDatabase.
+	_, _, err = mariadbv1.EnsureMariaDBAccount(
+		ctx, helper, instance.Spec.DatabaseAccount,
+		instance.Namespace, false,
+	)
+
+	if err != nil {
+		instance.Status.Conditions.Set(condition.FalseCondition(
+			mariadbv1.MariaDBAccountReadyCondition,
+			condition.ErrorReason,
+			condition.SeverityWarning,
+			mariadbv1.MariaDBAccountNotReadyMessage,
+			err.Error()))
+
+		return ctrl.Result{}, err
+	}
+
 	err = r.reconcileExternalSecrets(ctx, helper, instance, &secretVars)
 	if err != nil {
 		Log.Error(err, "Failed to reconcile external Secrets")
@@ -996,6 +1016,7 @@ func (r *NeutronAPIReconciler) reconcileNormal(ctx context.Context, instance *ne
 			err.Error()))
 		return ctrlResult, err
 	}
+
 	depl := deployment.NewDeployment(
 		deplDef,
 		time.Duration(5)*time.Second,
@@ -1047,6 +1068,16 @@ func (r *NeutronAPIReconciler) reconcileNormal(ctx context.Context, instance *ne
 	}
 	// create Deployment - end
 
+	if instance.Status.ReadyCount > 0 {
+		// remove finalizers from unused MariaDBAccount records
+		err = mariadbv1.DeleteUnusedMariaDBAccountFinalizers(
+			ctx, helper, neutronapi.Database,
+			instance.Spec.DatabaseAccount, instance.Namespace)
+		if err != nil {
+			return ctrl.Result{}, err
+		}
+	}
+
 	Log.Info("Reconciled Service successfully")
 	return ctrl.Result{}, nil
 }
@@ -1469,13 +1500,17 @@ func (r *NeutronAPIReconciler) generateServiceSecrets(
 
 	// Other OpenStack services
 	servicePassword := string(ospSecret.Data[instance.Spec.PasswordSelectors.Service])
-	databasePassword := string(ospSecret.Data[instance.Spec.PasswordSelectors.Database])
 	templateParameters["ServicePassword"] = servicePassword
 
 	// Database
+	databaseAccount, dbSecret, err := mariadbv1.GetAccountAndSecret(ctx, h, instance.Spec.DatabaseAccount, instance.Namespace)
+	if err != nil {
+		return err
+	}
+
 	templateParameters["DbHost"] = instance.Status.DatabaseHostname
-	templateParameters["DbUser"] = instance.Spec.DatabaseUser
-	templateParameters["DbPassword"] = databasePassword
+	templateParameters["DbUser"] = databaseAccount.Spec.UserName
+	templateParameters["DbPassword"] = string(dbSecret.Data[mariadbv1.DatabasePasswordSelector])
 	templateParameters["Db"] = neutronapi.Database
 
 	// OVN

go.mod

@@ -90,4 +90,4 @@ replace github.com/openstack-k8s-operators/neutron-operator/api => ./api
 // must consistent within modules and service operators
 replace github.com/openshift/api => github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7 //allow-merging
 
-replace github.com/openstack-k8s-operators/mariadb-operator/api => github.com/zzzeek/mariadb-operator/api v0.3.1-0.20240215161542-20fe01710039 //allow-merging
+replace github.com/openstack-k8s-operators/mariadb-operator/api => github.com/zzzeek/mariadb-operator/api v0.3.1-0.20240219194300-cc53ce6bfb27 //allow-merging

go.sum

@@ -114,8 +114,8 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/zzzeek/mariadb-operator/api v0.3.1-0.20240215161542-20fe01710039 h1:RLkDT9hqh32CYLjKyuYVhVU7zcaan6q7bX8FdIiEWYc=
-github.com/zzzeek/mariadb-operator/api v0.3.1-0.20240215161542-20fe01710039/go.mod h1:52Ja/B4RrrytMmKh+Kf+/BPe7Fq40Pi77vcFH4yJeoU=
+github.com/zzzeek/mariadb-operator/api v0.3.1-0.20240219194300-cc53ce6bfb27 h1:VRqE9hlRwVbKTisiE81BBEZmlN5AKWiUevUlyZuoRY0=
+github.com/zzzeek/mariadb-operator/api v0.3.1-0.20240219194300-cc53ce6bfb27/go.mod h1:52Ja/B4RrrytMmKh+Kf+/BPe7Fq40Pi77vcFH4yJeoU=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=