Merge pull request #151 from cockroachdb/upgrade-code

Add update code

BUILD.bazel

@@ -23,7 +23,7 @@ container_push(
     image = "//cmd/cockroach-operator:operator_image",
     registry = "{STABLE_DOCKER_REGISTRY}",
     repository = "{STABLE_IMAGE_REPOSITORY}",
-    tag = "{STABLE_DOCKER_TAG}"
+    tag = "{STABLE_DOCKER_TAG}",
 )
 
 filegroup(
@@ -65,6 +65,7 @@ filegroup(
         "//pkg/resource:all-srcs",
         "//pkg/testutil:all-srcs",
         "//pkg/tls:all-srcs",
+        "//pkg/update:all-srcs",
     ],
     tags = ["automanaged"],
     visibility = ["//visibility:public"],

cmd/cockroach-operator/BUILD.bazel

@@ -27,32 +27,32 @@ go_binary(
 
 pkg_tar(
     name = "licenses",
-    package_dir = "/licenses",
     srcs = ["//:license"],
     mode = "0755",
+    package_dir = "/licenses",
 )
 
 container_image(
     name = "ubi_base_image",
+    # References container_pull from WORKSPACE
+    base = "@redhat_ubi_minimal//image",
     labels = {
-        "name":"CockroachDB Operator",
-        "vendor":"Cockroach Labs",
-	# FIXME - labels do not support a stamped variable such as {STABLE_DOCKER_TAG}
-        "version":"v1.0.0-rc.0",
-        "release":"0",
-        "summary":"CockroachDB is a Distributed SQL database",
-        "description":"CockroachDB is a PostgreSQL wire-compatible DistributedSQL database",
+        "name": "CockroachDB Operator",
+        "vendor": "Cockroach Labs",
+        # FIXME - labels do not support a stamped variable such as {STABLE_DOCKER_TAG}
+        "version": "v1.0.0-rc.0",
+        "release": "0",
+        "summary": "CockroachDB is a Distributed SQL database",
+        "description": "CockroachDB is a PostgreSQL wire-compatible DistributedSQL database",
     },
     tars = [":licenses"],
-    # References container_pull from WORKSPACE
-    base = "@redhat_ubi_minimal//image",
 )
 
 go_image(
     name = "operator_image",
-    binary = ":cockroach-operator",
     # using the ubi image instead of the go base image
     base = ":ubi_base_image",
+    binary = ":cockroach-operator",
     visibility = ["//visibility:public"],
 )
 

go.mod

@@ -5,10 +5,12 @@ go 1.14
 require (
 	github.com/Masterminds/semver/v3 v3.1.0
 	github.com/banzaicloud/k8s-objectmatcher v1.3.2
+	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/go-logr/logr v0.1.0
 	github.com/go-logr/zapr v0.1.1
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/google/go-cmp v0.4.0
+	github.com/lib/pq v1.1.1
 	github.com/onsi/ginkgo v1.12.0
 	github.com/onsi/gomega v1.9.0
 	github.com/pkg/errors v0.9.1

go.sum

@@ -144,6 +144,8 @@ github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0Bsq
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
 github.com/bugsnag/panicwrap v1.2.0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
 github.com/bwmarrin/snowflake v0.0.0/go.mod h1:NdZxfVWX+oR6y2K0o6qAYv6gIOP9rjG0/E9WsDpxqwE=
+github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
+github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/certifi/gocertifi v0.0.0-20190105021004-abcd57078448/go.mod h1:GJKEexRPVJrBSOjoqN5VNOIKJ5Q3RViH6eu3puDRwx4=
@@ -507,6 +509,7 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/lib/pq v1.1.1 h1:sJZmqHoEaY7f+NPP8pgLB/WxulyR3fewgCM2qaSlBb4=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
 github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
@@ -1165,6 +1168,7 @@ k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C
 k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 h1:Oh3Mzx5pJ+yIumsAD0MOECPVeXsVot0UkiaCGVyfGQY=
 k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
 k8s.io/kubectl v0.17.2/go.mod h1:y4rfLV0n6aPmvbRCqZQjvOp3ezxsFgpqL+zF5jH/lxk=
+k8s.io/kubernetes v1.13.0 h1:qTfB+u5M92k2fCCCVP2iuhgwwSOv1EkAkvQY1tQODD8=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 k8s.io/legacy-cloud-providers v0.17.0/go.mod h1:DdzaepJ3RtRy+e5YhNtrCYwlgyK87j/5+Yfp0L9Syp8=
 k8s.io/metrics v0.17.2/go.mod h1:3TkNHET4ROd+NfzNxkjoVfQ0Ob4iZnaHmSEA4vYpwLw=

hack/BUILD.bazel

@@ -1,3 +1,5 @@
+# gazelle:exclude verify_boilerplate_test.go
+
 load("@io_bazel_rules_go//go:def.bzl", "go_test")
 
 package(default_visibility = ["//visibility:public"])

hack/build/repos.bzl

@@ -4185,3 +4185,11 @@ def go_repositories():
         sum = "h1:aykwPMVyQyncZ8iLNVMXgJ1l3c6W0+LSOPmqp8JdCjs=",
         version = "v3.1.1",
     )
+    go_repository(
+        name = "com_github_cenkalti_backoff",
+        build_file_generation = "on",
+        build_file_proto_mode = "disable",
+        importpath = "github.com/cenkalti/backoff",
+        sum = "h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=",
+        version = "v2.2.1+incompatible",
+    )

hack/update-deps.sh

@@ -47,13 +47,13 @@ update_bazel=(
   "$gazelle"
   "$kazel"
 )
-update_deps_licenses=(
-  $(realpath "$6")
-  "$go"
-  "$jq"
-)
+#update_deps_licenses=(
+#  $(realpath "$6")
+#  "$go"
+#  "$jq"
+#)
 
-shift 6
+shift 5
 
 cd "$BUILD_WORKSPACE_DIRECTORY"
 trap 'echo "FAILED" >&2' ERR

pkg/update/BUILD.bazel

@@ -0,0 +1,38 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "internal.go",
+        "update.go",
+        "update_cockroach_version.go",
+        "update_cockroach_version_common.go",
+    ],
+    importpath = "github.com/cockroachdb/cockroach-operator/pkg/update",
+    visibility = ["//visibility:public"],
+    deps = [
+        "@com_github_cenkalti_backoff//:go_default_library",
+        "@com_github_lib_pq//:go_default_library",
+        "@com_github_masterminds_semver_v3//:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+        "@io_k8s_api//apps/v1:go_default_library",
+        "@io_k8s_api//core/v1:go_default_library",
+        "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
+        "@io_k8s_client_go//kubernetes:go_default_library",
+        "@org_uber_go_zap//:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)

pkg/update/internal.go

@@ -0,0 +1,49 @@
+/*
+Copyright 2020 The Cockroach Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package update
+
+// Cockroach roles that we can grant/revoke for users.
+const (
+	// Fixed fields in the client certificate. Any other values will be rejected by Vault.
+	// Remember to update <repo root>/conf/policies/intrusion.hcl when updating this list of users.
+	RootSQLUser = "root"
+	NodeUser    = "node"
+	AdminRole   = "admin"
+)
+
+// internalUsers is a set of SQL users created as part of the managed service, not to be used
+// by customers. This struct is used to hide specific users in the console.
+var internalUsers = map[string]struct{}{
+	RootSQLUser: {},
+	NodeUser:    {},
+}
+
+// internalDBs is a set of SQL databases created as part of CRDB, not to be used by customers.
+var internalDBs = map[string]struct{}{
+	"system":   {},
+	"postgres": {},
+}
+
+func IsInternalUser(user string) bool {
+	_, ok := internalUsers[user]
+	return ok
+}
+
+func IsInternalDB(db string) bool {
+	_, ok := internalDBs[db]
+	return ok
+}