openstack-k8s-operators · openshift-merge-bot · Mar 9, 2024 · Mar 7, 2024
diff --git a/Makefile b/Makefile
@@ -148,6 +148,7 @@ $(GINKGO): $(LOCALBIN)
 test: manifests generate fmt vet envtest ginkgo ## Run tests.
 	go test -v ./pkg/.. ./controllers/.. ./api/.. -coverprofile cover.out
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" \
+	OPERATOR_TEMPLATES="$(shell pwd)/templates" \
 	$(GINKGO) --trace --cover --coverprofile cover.out --covermode=atomic --randomize-all ${PROC_CMD} $(GINKGO_ARGS) ./test/functional/...
 .PHONY: gowork
 gowork: export GOWORK=

diff --git a/api/bases/manila.openstack.org_manilaapis.yaml b/api/bases/manila.openstack.org_manilaapis.yaml
@@ -49,11 +49,11 @@ spec:
                 items:
                   type: string
                 type: array
-              databaseHostname:
-                type: string
-              databaseUser:
+              databaseAccount:
                 default: manila
                 type: string
+              databaseHostname:
+                type: string
               extraMounts:
                 items:
                   properties:
@@ -871,12 +871,8 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: ManilaDatabasePassword
                   service: ManilaPassword
                 properties:
-                  database:
-                    default: ManilaDatabasePassword
-                    type: string
                   service:
                     default: ManilaPassword
                     type: string

diff --git a/api/bases/manila.openstack.org_manilas.yaml b/api/bases/manila.openstack.org_manilas.yaml
@@ -39,11 +39,11 @@ spec:
               customServiceConfig:
                 default: '# add your customization here'
                 type: string
-              databaseInstance:
-                type: string
-              databaseUser:
+              databaseAccount:
                 default: manila
                 type: string
+              databaseInstance:
+                type: string
               dbPurge:
                 properties:
                   age:
@@ -1072,12 +1072,8 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: ManilaDatabasePassword
                   service: ManilaPassword
                 properties:
-                  database:
-                    default: ManilaDatabasePassword
-                    type: string
                   service:
                     default: ManilaPassword
                     type: string

diff --git a/api/bases/manila.openstack.org_manilaschedulers.yaml b/api/bases/manila.openstack.org_manilaschedulers.yaml
@@ -49,11 +49,11 @@ spec:
                 items:
                   type: string
                 type: array
-              databaseHostname:
-                type: string
-              databaseUser:
+              databaseAccount:
                 default: manila
                 type: string
+              databaseHostname:
+                type: string
               extraMounts:
                 items:
                   properties:
@@ -820,12 +820,8 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: ManilaDatabasePassword
                   service: ManilaPassword
                 properties:
-                  database:
-                    default: ManilaDatabasePassword
-                    type: string
                   service:
                     default: ManilaPassword
                     type: string

diff --git a/api/bases/manila.openstack.org_manilashares.yaml b/api/bases/manila.openstack.org_manilashares.yaml
@@ -49,11 +49,11 @@ spec:
                 items:
                   type: string
                 type: array
-              databaseHostname:
-                type: string
-              databaseUser:
+              databaseAccount:
                 default: manila
                 type: string
+              databaseHostname:
+                type: string
               extraMounts:
                 items:
                   properties:
@@ -820,12 +820,8 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: ManilaDatabasePassword
                   service: ManilaPassword
                 properties:
-                  database:
-                    default: ManilaDatabasePassword
-                    type: string
                   service:
                     default: ManilaPassword
                     type: string

diff --git a/api/v1beta1/common_types.go b/api/v1beta1/common_types.go
@@ -45,17 +45,16 @@ type ManilaTemplate struct {
 
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:default=manila
-	// DatabaseUser - optional username used for manila DB, defaults to manila
-	// TODO: -> implement needs work in mariadb-operator, right now only manila
-	DatabaseUser string `json:"databaseUser,omitempty"`
+	// DatabaseAccount - optional MariaDBAccount CR name used for manila DB, defaults to manila
+	DatabaseAccount string `json:"databaseAccount"`
 
 	// +kubebuilder:validation:Optional
-	// Secret containing OpenStack password information for ManilaDatabasePassword, AdminPassword
+	// Secret containing OpenStack password information for AdminPassword
 	Secret string `json:"secret,omitempty"`
 
 	// +kubebuilder:validation:Optional
-	// +kubebuilder:default={database: ManilaDatabasePassword, service: ManilaPassword}
-	// PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret
+	// +kubebuilder:default={service: ManilaPassword}
+	// PasswordSelectors - Selectors to identify the ServiceUser password from the Secret
 	PasswordSelectors PasswordSelector `json:"passwordSelectors,omitempty"`
 }
 
@@ -92,11 +91,6 @@ type ManilaServiceTemplate struct {
 
 // PasswordSelector to identify the DB and AdminUser password from the Secret
 type PasswordSelector struct {
-	// +kubebuilder:validation:Optional
-	// +kubebuilder:default="ManilaDatabasePassword"
-	// Database - Selector to get the manila database user password from the Secret
-	// TODO: not used, need change in mariadb-operator
-	Database string `json:"database,omitempty"`
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:default="ManilaPassword"
 	// Service - Selector to get the manila service password from the Secret

diff --git a/config/crd/bases/manila.openstack.org_manilaapis.yaml b/config/crd/bases/manila.openstack.org_manilaapis.yaml
@@ -49,11 +49,11 @@ spec:
                 items:
                   type: string
                 type: array
-              databaseHostname:
-                type: string
-              databaseUser:
+              databaseAccount:
                 default: manila
                 type: string
+              databaseHostname:
+                type: string
               extraMounts:
                 items:
                   properties:
@@ -871,12 +871,8 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: ManilaDatabasePassword
                   service: ManilaPassword
                 properties:
-                  database:
-                    default: ManilaDatabasePassword
-                    type: string
                   service:
                     default: ManilaPassword
                     type: string

diff --git a/config/crd/bases/manila.openstack.org_manilas.yaml b/config/crd/bases/manila.openstack.org_manilas.yaml
@@ -39,11 +39,11 @@ spec:
               customServiceConfig:
                 default: '# add your customization here'
                 type: string
-              databaseInstance:
-                type: string
-              databaseUser:
+              databaseAccount:
                 default: manila
                 type: string
+              databaseInstance:
+                type: string
               dbPurge:
                 properties:
                   age:
@@ -1072,12 +1072,8 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: ManilaDatabasePassword
                   service: ManilaPassword
                 properties:
-                  database:
-                    default: ManilaDatabasePassword
-                    type: string
                   service:
                     default: ManilaPassword
                     type: string

diff --git a/config/crd/bases/manila.openstack.org_manilaschedulers.yaml b/config/crd/bases/manila.openstack.org_manilaschedulers.yaml
@@ -49,11 +49,11 @@ spec:
                 items:
                   type: string
                 type: array
-              databaseHostname:
-                type: string
-              databaseUser:
+              databaseAccount:
                 default: manila
                 type: string
+              databaseHostname:
+                type: string
               extraMounts:
                 items:
                   properties:
@@ -820,12 +820,8 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: ManilaDatabasePassword
                   service: ManilaPassword
                 properties:
-                  database:
-                    default: ManilaDatabasePassword
-                    type: string
                   service:
                     default: ManilaPassword
                     type: string

diff --git a/config/crd/bases/manila.openstack.org_manilashares.yaml b/config/crd/bases/manila.openstack.org_manilashares.yaml
@@ -49,11 +49,11 @@ spec:
                 items:
                   type: string
                 type: array
-              databaseHostname:
-                type: string
-              databaseUser:
+              databaseAccount:
                 default: manila
                 type: string
+              databaseHostname:
+                type: string
               extraMounts:
                 items:
                   properties:
@@ -820,12 +820,8 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: ManilaDatabasePassword
                   service: ManilaPassword
                 properties:
-                  database:
-                    default: ManilaDatabasePassword
-                    type: string
                   service:
                     default: ManilaPassword
                     type: string

diff --git a/config/samples/manila_v1beta1_manila.yaml b/config/samples/manila_v1beta1_manila.yaml
@@ -10,7 +10,7 @@ spec:
     debug = true
   databaseInstance: openstack
   secret: osp-secret
-  databaseUser: manila
+  databaseAccount: manila
   rabbitMqClusterName: rabbitmq
   manilaAPI: {}
   manilaScheduler: {}

diff --git a/config/samples/manila_v1beta1_manila_tls.yaml b/config/samples/manila_v1beta1_manila_tls.yaml
@@ -10,7 +10,7 @@ spec:
     debug = true
   databaseInstance: openstack
   secret: osp-secret
-  databaseUser: manila
+  databaseAccount: manila
   rabbitMqClusterName: rabbitmq
   manilaAPI:
     tls:

diff --git a/controllers/manila_controller.go b/controllers/manila_controller.go
@@ -336,7 +336,7 @@ func (r *ManilaReconciler) reconcileDelete(ctx context.Context, instance *manila
 	r.Log.Info(fmt.Sprintf("Reconciling Service '%s' delete", instance.Name))
 
 	// remove db finalizer first
-	db, err := mariadbv1.GetDatabaseByName(ctx, helper, manila.DatabaseName)
+	db, err := mariadbv1.GetDatabaseByNameAndAccount(ctx, helper, manila.DatabaseCRName, instance.Spec.DatabaseAccount, instance.Namespace)
 	if err != nil && !k8s_errors.IsNotFound(err) {
 		return ctrl.Result{}, err
 	}
@@ -664,6 +664,14 @@ func (r *ManilaReconciler) reconcileNormal(ctx context.Context, instance *manila
 		r.Log.Info(fmt.Sprintf("Deployment %s successfully reconciled - operation: %s", instance.Name, string(op)))
 	}
 
+	// remove finalizers from unused MariaDBAccount records
+	err = mariadbv1.DeleteUnusedMariaDBAccountFinalizers(
+		ctx, helper, manila.DatabaseCRName,
+		instance.Spec.DatabaseAccount, instance.Namespace)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
 	// Mirror ManilaAPI status' ReadyCount to this parent CR
 	instance.Status.ManilaAPIReadyCount = manilaAPI.Status.ReadyCount
 
@@ -843,6 +851,9 @@ func (r *ManilaReconciler) generateServiceConfig(
 		return err
 	}
 
+	databaseAccount := db.GetAccount()
+	databaseSecret := db.GetSecret()
+
 	// templateParameters := make(map[string]interface{})
 	templateParameters := map[string]interface{}{
 		"ServiceUser":         instance.Spec.ServiceUser,
@@ -851,10 +862,10 @@ func (r *ManilaReconciler) generateServiceConfig(
 		"KeystoneInternalURL": keystoneInternalURL,
 		"TransportURL":        string(transportURLSecret.Data["transport_url"]),
 		"DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s?read_default_file=/etc/my.cnf",
-			instance.Spec.DatabaseUser,
-			string(ospSecret.Data[instance.Spec.PasswordSelectors.Database]),
+			databaseAccount.Spec.UserName,
+			string(databaseSecret.Data[mariadbv1.DatabasePasswordSelector]),
 			instance.Status.DatabaseHostname,
-			manila.DatabaseName),
+			manila.DatabaseCRName),
 		"MemcachedServersWithInet": strings.Join(memcached.Status.ServerListWithInet, ","),
 	}
 
@@ -1073,24 +1084,45 @@ func (r *ManilaReconciler) ensureDB(
 	h *helper.Helper,
 	instance *manilav1beta1.Manila,
 ) (*mariadbv1.Database, ctrl.Result, error) {
+	// ensure MariaDBAccount exists.  This account record may be created by
+	// openstack-operator or the cloud operator up front without a specific
+	// MariaDBDatabase configured yet.   Otherwise, a MariaDBAccount CR is
+	// created here with a generated username as well as a secret with
+	// generated password.   The MariaDBAccount is created without being
+	// yet associated with any MariaDBDatabase.
+	_, _, err := mariadbv1.EnsureMariaDBAccount(
+		ctx, h, instance.Spec.DatabaseAccount,
+		instance.Namespace, false, manila.DatabaseUsernamePrefix,
+	)
+
+	if err != nil {
+		instance.Status.Conditions.Set(condition.FalseCondition(
+			mariadbv1.MariaDBAccountReadyCondition,
+			condition.ErrorReason,
+			condition.SeverityWarning,
+			mariadbv1.MariaDBAccountNotReadyMessage,
+			err.Error()))
+
+		return nil, ctrl.Result{}, err
+	}
+	instance.Status.Conditions.MarkTrue(
+		mariadbv1.MariaDBAccountReadyCondition,
+		mariadbv1.MariaDBAccountReadyMessage)
+
 	//
 	// create service DB instance
 	//
-	db := mariadbv1.NewDatabase(
-		manila.DatabaseName,
-		instance.Spec.DatabaseUser,
-		instance.Spec.Secret,
-		map[string]string{
-			"dbName": instance.Spec.DatabaseInstance,
-		},
+	db := mariadbv1.NewDatabaseForAccount(
+		instance.Spec.DatabaseInstance, // mariadb/galera service to target
+		manila.DatabaseName,            // name used in CREATE DATABASE in mariadb
+		manila.DatabaseCRName,          // CR name for MariaDBDatabase
+		instance.Spec.DatabaseAccount,  // CR name for MariaDBAccount
+		instance.Namespace,             // namespace
 	)
 
 	// create or patch the DB
-	ctrlResult, err := db.CreateOrPatchDBByName(
-		ctx,
-		h,
-		instance.Spec.DatabaseInstance,
-	)
+	ctrlResult, err := db.CreateOrPatchAll(ctx, h)
+
 	if err != nil {
 		instance.Status.Conditions.Set(condition.FalseCondition(
 			condition.DBReadyCondition,

diff --git a/controllers/manilaapi_controller.go b/controllers/manilaapi_controller.go
@@ -941,7 +941,7 @@ func (r *ManilaAPIReconciler) generateServiceConfig(
 
 	labels := labels.GetLabels(instance, labels.GetGroupLabel(manila.ServiceName), serviceLabels)
 
-	db, err := mariadbv1.GetDatabaseByName(ctx, h, manila.DatabaseName)
+	db, err := mariadbv1.GetDatabaseByNameAndAccount(ctx, h, manila.DatabaseCRName, instance.Spec.DatabaseAccount, instance.Namespace)
 	if err != nil {
 		return err
 	}