From 89f36bb66800e1e9569159679352c7e969f328cd Mon Sep 17 00:00:00 2001 From: "polina.shtanko" Date: Wed, 11 Jun 2025 07:08:16 -0700 Subject: [PATCH 1/2] Store password in secret --- apis/mariadb/v1/mariadbprovider_types.go | 24 ++- apis/mariadb/v1/zz_generated.deepcopy.go | 22 ++- apis/mongodb/v1/mongodbprovider_types.go | 20 +- apis/mongodb/v1/zz_generated.deepcopy.go | 24 ++- apis/postgres/v1/postgresqlprovider_types.go | 23 ++- apis/postgres/v1/zz_generated.deepcopy.go | 24 ++- .../dbaas-operator/templates/clusterrole.yaml | 8 + charts/dbaas-operator/templates/role.yaml | 8 + .../templates/mariadbprovider.yaml | 5 + .../templates/mongodbprovider.yaml | 5 + .../templates/postgresqlprovider.yaml | 5 + .../mariadb.amazee.io_mariadbconsumers.yaml | 154 +++++++-------- .../mariadb.amazee.io_mariadbproviders.yaml | 118 +++++------ .../mongodb.amazee.io_mongodbconsumers.yaml | 186 +++++++++--------- .../mongodb.amazee.io_mongodbproviders.yaml | 128 ++++++------ ...ostgres.amazee.io_postgresqlconsumers.yaml | 139 +++++++------ ...ostgres.amazee.io_postgresqlproviders.yaml | 113 ++++++----- config/rbac/role.yaml | 62 +----- .../mariadb/mariadbprovider_controller.go | 31 +++ .../mongodb/mongodbprovider_controller.go | 31 ++- .../postgres/postgresqlprovider_controller.go | 20 +- .../provider-azure-password-secret.yaml | 42 ++++ .../provider-multi-password-secret.yaml | 41 ++++ test-resources/mariadb/provider-multi.yaml | 3 + .../mariadb/provider-password-secret.yaml | 24 +++ test-resources/mariadb/provider.yaml | 2 +- .../mongodb/provider-password-secret.yaml | 25 +++ .../mongodb/provider-tls-password-secret.yaml | 25 +++ test-resources/operator.yaml | 12 +- .../postgres/provider-password-secret.yaml | 22 +++ 30 files changed, 832 insertions(+), 514 deletions(-) create mode 100644 test-resources/mariadb/provider-azure-password-secret.yaml create mode 100644 test-resources/mariadb/provider-multi-password-secret.yaml create mode 100644 test-resources/mariadb/provider-password-secret.yaml create mode 100644 test-resources/mongodb/provider-password-secret.yaml create mode 100644 test-resources/mongodb/provider-tls-password-secret.yaml create mode 100644 test-resources/postgres/provider-password-secret.yaml diff --git a/apis/mariadb/v1/mariadbprovider_types.go b/apis/mariadb/v1/mariadbprovider_types.go index 52f8965..beba45e 100644 --- a/apis/mariadb/v1/mariadbprovider_types.go +++ b/apis/mariadb/v1/mariadbprovider_types.go @@ -22,21 +22,27 @@ import ( // EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! // NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. +type SecretKeyRef struct { + Name string `json:"name"` + Key string `json:"key"` +} + // MariaDBProviderSpec defines the desired state of MariaDBProvider type MariaDBProviderSpec struct { // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster // Important: Run "make" to regenerate code after modifying this file // These are the spec options for providers - Environment string `json:"environment,omitempty"` - Hostname string `json:"hostname,omitempty"` - ReadReplicaHostnames []string `json:"readReplicaHostnames,omitempty"` - Password string `json:"password,omitempty"` - Port string `json:"port,omitempty"` - Username string `json:"user,omitempty"` - Type string `json:"type,omitempty"` - Name string `json:"name,omitempty"` - Namespace string `json:"namespace,omitempty"` + Environment string `json:"environment,omitempty"` + Hostname string `json:"hostname,omitempty"` + ReadReplicaHostnames []string `json:"readReplicaHostnames,omitempty"` + Password string `json:"password,omitempty"` + PasswordSecretRef *SecretKeyRef `json:"passwordSecretRef,omitempty"` + Port string `json:"port,omitempty"` + Username string `json:"user,omitempty"` + Type string `json:"type,omitempty"` + Name string `json:"name,omitempty"` + Namespace string `json:"namespace,omitempty"` } // MariaDBProviderStatus defines the observed state of MariaDBProvider diff --git a/apis/mariadb/v1/zz_generated.deepcopy.go b/apis/mariadb/v1/zz_generated.deepcopy.go index cccdb19..603ce3d 100644 --- a/apis/mariadb/v1/zz_generated.deepcopy.go +++ b/apis/mariadb/v1/zz_generated.deepcopy.go @@ -1,4 +1,4 @@ -// +build !ignore_autogenerated +//go:build !ignore_autogenerated /* @@ -237,6 +237,11 @@ func (in *MariaDBProviderSpec) DeepCopyInto(out *MariaDBProviderSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.PasswordSecretRef != nil { + in, out := &in.PasswordSecretRef, &out.PasswordSecretRef + *out = new(SecretKeyRef) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MariaDBProviderSpec. @@ -263,3 +268,18 @@ func (in *MariaDBProviderStatus) DeepCopy() *MariaDBProviderStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretKeyRef) DeepCopyInto(out *SecretKeyRef) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeyRef. +func (in *SecretKeyRef) DeepCopy() *SecretKeyRef { + if in == nil { + return nil + } + out := new(SecretKeyRef) + in.DeepCopyInto(out) + return out +} diff --git a/apis/mongodb/v1/mongodbprovider_types.go b/apis/mongodb/v1/mongodbprovider_types.go index c736f03..e989399 100644 --- a/apis/mongodb/v1/mongodbprovider_types.go +++ b/apis/mongodb/v1/mongodbprovider_types.go @@ -22,19 +22,25 @@ import ( // EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! // NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. +type SecretKeyRef struct { + Name string `json:"name"` + Key string `json:"key"` +} + // MongoDBProviderSpec defines the desired state of MongoDBProvider type MongoDBProviderSpec struct { // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster // Important: Run "make" to regenerate code after modifying this file // These are the spec options for providers - Environment string `json:"environment,omitempty"` - Hostname string `json:"hostname,omitempty"` - Password string `json:"password,omitempty"` - Port string `json:"port,omitempty"` - Username string `json:"user,omitempty"` - Auth MongoDBAuth `json:"auth,omitempty"` - Type string `json:"type,omitempty"` + Environment string `json:"environment,omitempty"` + Hostname string `json:"hostname,omitempty"` + Password string `json:"password,omitempty"` + PasswordSecretRef *SecretKeyRef `json:"passwordSecretRef,omitempty"` + Port string `json:"port,omitempty"` + Username string `json:"user,omitempty"` + Auth MongoDBAuth `json:"auth,omitempty"` + Type string `json:"type,omitempty"` } // MongoDBAuth defines the authorisation mechanisms that mongo can use diff --git a/apis/mongodb/v1/zz_generated.deepcopy.go b/apis/mongodb/v1/zz_generated.deepcopy.go index 593d991..74ddca3 100644 --- a/apis/mongodb/v1/zz_generated.deepcopy.go +++ b/apis/mongodb/v1/zz_generated.deepcopy.go @@ -1,4 +1,4 @@ -// +build !ignore_autogenerated +//go:build !ignore_autogenerated /* @@ -182,7 +182,7 @@ func (in *MongoDBProvider) DeepCopyInto(out *MongoDBProvider) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) out.Status = in.Status } @@ -239,6 +239,11 @@ func (in *MongoDBProviderList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MongoDBProviderSpec) DeepCopyInto(out *MongoDBProviderSpec) { *out = *in + if in.PasswordSecretRef != nil { + in, out := &in.PasswordSecretRef, &out.PasswordSecretRef + *out = new(SecretKeyRef) + **out = **in + } out.Auth = in.Auth } @@ -266,3 +271,18 @@ func (in *MongoDBProviderStatus) DeepCopy() *MongoDBProviderStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretKeyRef) DeepCopyInto(out *SecretKeyRef) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeyRef. +func (in *SecretKeyRef) DeepCopy() *SecretKeyRef { + if in == nil { + return nil + } + out := new(SecretKeyRef) + in.DeepCopyInto(out) + return out +} diff --git a/apis/postgres/v1/postgresqlprovider_types.go b/apis/postgres/v1/postgresqlprovider_types.go index 31d2960..a97e0e8 100644 --- a/apis/postgres/v1/postgresqlprovider_types.go +++ b/apis/postgres/v1/postgresqlprovider_types.go @@ -22,20 +22,27 @@ import ( // EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! // NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. +// SecretKeyRef references a specific key inside a Kubernetes Secret +type SecretKeyRef struct { + Name string `json:"name"` + Key string `json:"key"` +} + // PostgreSQLProviderSpec defines the desired state of PostgreSQLProvider type PostgreSQLProviderSpec struct { // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster // Important: Run "make" to regenerate code after modifying this file // These are the spec options for providers - Environment string `json:"environment,omitempty"` - Hostname string `json:"hostname,omitempty"` - Password string `json:"password,omitempty"` - Port string `json:"port,omitempty"` - Username string `json:"user,omitempty"` - Name string `json:"name,omitempty"` - Namespace string `json:"namespace,omitempty"` - Type string `json:"type,omitempty"` + Environment string `json:"environment,omitempty"` + Hostname string `json:"hostname,omitempty"` + Password string `json:"password,omitempty"` + PasswordSecretRef *SecretKeyRef `json:"passwordSecretRef,omitempty"` + Port string `json:"port,omitempty"` + Username string `json:"user,omitempty"` + Name string `json:"name,omitempty"` + Namespace string `json:"namespace,omitempty"` + Type string `json:"type,omitempty"` } // PostgreSQLProviderStatus defines the observed state of PostgreSQLProvider diff --git a/apis/postgres/v1/zz_generated.deepcopy.go b/apis/postgres/v1/zz_generated.deepcopy.go index dddf5d8..e64faed 100644 --- a/apis/postgres/v1/zz_generated.deepcopy.go +++ b/apis/postgres/v1/zz_generated.deepcopy.go @@ -1,4 +1,4 @@ -// +build !ignore_autogenerated +//go:build !ignore_autogenerated /* @@ -165,7 +165,7 @@ func (in *PostgreSQLProvider) DeepCopyInto(out *PostgreSQLProvider) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) out.Status = in.Status } @@ -222,6 +222,11 @@ func (in *PostgreSQLProviderList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PostgreSQLProviderSpec) DeepCopyInto(out *PostgreSQLProviderSpec) { *out = *in + if in.PasswordSecretRef != nil { + in, out := &in.PasswordSecretRef, &out.PasswordSecretRef + *out = new(SecretKeyRef) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PostgreSQLProviderSpec. @@ -248,3 +253,18 @@ func (in *PostgreSQLProviderStatus) DeepCopy() *PostgreSQLProviderStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretKeyRef) DeepCopyInto(out *SecretKeyRef) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeyRef. +func (in *SecretKeyRef) DeepCopy() *SecretKeyRef { + if in == nil { + return nil + } + out := new(SecretKeyRef) + in.DeepCopyInto(out) + return out +} diff --git a/charts/dbaas-operator/templates/clusterrole.yaml b/charts/dbaas-operator/templates/clusterrole.yaml index 46c25d9..7cbf849 100644 --- a/charts/dbaas-operator/templates/clusterrole.yaml +++ b/charts/dbaas-operator/templates/clusterrole.yaml @@ -15,6 +15,14 @@ rules: - patch - update - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch - apiGroups: - mariadb.amazee.io resources: diff --git a/charts/dbaas-operator/templates/role.yaml b/charts/dbaas-operator/templates/role.yaml index 578079a..fc0def2 100644 --- a/charts/dbaas-operator/templates/role.yaml +++ b/charts/dbaas-operator/templates/role.yaml @@ -30,3 +30,11 @@ rules: - events verbs: - create +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/charts/mariadbprovider/templates/mariadbprovider.yaml b/charts/mariadbprovider/templates/mariadbprovider.yaml index 5d018ee..10b0d6d 100644 --- a/charts/mariadbprovider/templates/mariadbprovider.yaml +++ b/charts/mariadbprovider/templates/mariadbprovider.yaml @@ -9,7 +9,12 @@ spec: hostname: {{ $providerConfig.hostname | quote }} readReplicaHostnames: {{- toYaml $providerConfig.readReplicaHostnames | nindent 4 }} + passwordSecretRef: + name: {{ $providerConfig.passwordSecretRef.name | quote }} + key: {{ $providerConfig.passwordSecretRef.key | quote }} + {{- else if $providerConfig.password }} password: {{ $providerConfig.password | quote }} + {{- end }} port: {{ $providerConfig.port | quote }} user: {{ $providerConfig.user | quote }} type: {{ $providerConfig.type | quote | default "generic" }} diff --git a/charts/mongodbprovider/templates/mongodbprovider.yaml b/charts/mongodbprovider/templates/mongodbprovider.yaml index db58a73..bc244b5 100644 --- a/charts/mongodbprovider/templates/mongodbprovider.yaml +++ b/charts/mongodbprovider/templates/mongodbprovider.yaml @@ -7,7 +7,12 @@ metadata: spec: environment: {{ $providerConfig.environment | quote }} hostname: {{ $providerConfig.hostname | quote }} + passwordSecretRef: + name: {{ $providerConfig.passwordSecretRef.name | quote }} + key: {{ $providerConfig.passwordSecretRef.key | quote }} + {{- else if $providerConfig.password }} password: {{ $providerConfig.password | quote }} + {{- end }} port: {{ $providerConfig.port | quote }} user: {{ $providerConfig.user | quote }} type: {{ $providerConfig.type | quote | default "generic" }} diff --git a/charts/postgresqlprovider/templates/postgresqlprovider.yaml b/charts/postgresqlprovider/templates/postgresqlprovider.yaml index aa24d43..f5e9f8a 100644 --- a/charts/postgresqlprovider/templates/postgresqlprovider.yaml +++ b/charts/postgresqlprovider/templates/postgresqlprovider.yaml @@ -7,7 +7,12 @@ metadata: spec: environment: {{ $providerConfig.environment | quote }} hostname: {{ $providerConfig.hostname | quote }} + passwordSecretRef: + name: {{ $providerConfig.passwordSecretRef.name | quote }} + key: {{ $providerConfig.passwordSecretRef.key | quote }} + {{- else if $providerConfig.password }} password: {{ $providerConfig.password | quote }} + {{- end }} port: {{ $providerConfig.port | quote }} user: {{ $providerConfig.user | quote }} type: {{ $providerConfig.type | quote | default "generic" }} diff --git a/config/crd/bases/mariadb.amazee.io_mariadbconsumers.yaml b/config/crd/bases/mariadb.amazee.io_mariadbconsumers.yaml index 27e24f5..634aa02 100644 --- a/config/crd/bases/mariadb.amazee.io_mariadbconsumers.yaml +++ b/config/crd/bases/mariadb.amazee.io_mariadbconsumers.yaml @@ -1,11 +1,9 @@ - --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.18.0 name: mariadbconsumers.mariadb.amazee.io spec: group: mariadb.amazee.io @@ -15,82 +13,80 @@ spec: plural: mariadbconsumers singular: mariadbconsumer scope: Namespaced - validation: - openAPIV3Schema: - description: MariaDBConsumer is the Schema for the mariadbconsumers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MariaDBConsumerSpec defines the desired state of MariaDBConsumer - properties: - consumer: - description: MariaDBConsumerData defines the provider link for this - consumer - properties: - database: - type: string - password: - type: string - services: - description: MariaDBConsumerServices defines the provider link for - this consumer - properties: - primary: - type: string - replicas: - items: - type: string - type: array - type: object - username: - type: string - type: object - environment: - description: These are the spec options for consumers - type: string - provider: - description: MariaDBConsumerProvider defines the provider link for this - consumer - properties: - hostname: - type: string - name: - type: string - namespace: - type: string - port: - type: string - readReplicas: - items: - type: string - type: array - type: - type: string - type: object - type: object - status: - description: MariaDBConsumerStatus defines the observed state of MariaDBConsumer - type: object - type: object - version: v1 versions: - name: v1 + schema: + openAPIV3Schema: + description: MariaDBConsumer is the Schema for the mariadbconsumers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MariaDBConsumerSpec defines the desired state of MariaDBConsumer + properties: + consumer: + description: MariaDBConsumerData defines the provider link for this + consumer + properties: + database: + type: string + password: + type: string + services: + description: MariaDBConsumerServices defines the provider link + for this consumer + properties: + primary: + type: string + replicas: + items: + type: string + type: array + type: object + username: + type: string + type: object + environment: + description: These are the spec options for consumers + type: string + provider: + description: MariaDBConsumerProvider defines the provider link for + this consumer + properties: + hostname: + type: string + name: + type: string + namespace: + type: string + port: + type: string + readReplicas: + items: + type: string + type: array + type: + type: string + type: object + type: object + status: + description: MariaDBConsumerStatus defines the observed state of MariaDBConsumer + type: object + type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/crd/bases/mariadb.amazee.io_mariadbproviders.yaml b/config/crd/bases/mariadb.amazee.io_mariadbproviders.yaml index 5ba99d0..dc61659 100644 --- a/config/crd/bases/mariadb.amazee.io_mariadbproviders.yaml +++ b/config/crd/bases/mariadb.amazee.io_mariadbproviders.yaml @@ -1,11 +1,9 @@ - --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.18.0 name: mariadbproviders.mariadb.amazee.io spec: group: mariadb.amazee.io @@ -15,59 +13,67 @@ spec: plural: mariadbproviders singular: mariadbprovider scope: Namespaced - validation: - openAPIV3Schema: - description: MariaDBProvider is the Schema for the mariadbproviders API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MariaDBProviderSpec defines the desired state of MariaDBProvider - properties: - environment: - description: These are the spec options for providers - type: string - hostname: - type: string - name: - type: string - namespace: - type: string - password: - type: string - port: - type: string - readReplicaHostnames: - items: - type: string - type: array - type: - type: string - user: - type: string - type: object - status: - description: MariaDBProviderStatus defines the observed state of MariaDBProvider - type: object - type: object - version: v1 versions: - name: v1 + schema: + openAPIV3Schema: + description: MariaDBProvider is the Schema for the mariadbproviders API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MariaDBProviderSpec defines the desired state of MariaDBProvider + properties: + environment: + description: These are the spec options for providers + type: string + hostname: + type: string + name: + type: string + namespace: + type: string + password: + type: string + passwordSecretRef: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + port: + type: string + readReplicaHostnames: + items: + type: string + type: array + type: + type: string + user: + type: string + type: object + status: + description: MariaDBProviderStatus defines the observed state of MariaDBProvider + type: object + type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/crd/bases/mongodb.amazee.io_mongodbconsumers.yaml b/config/crd/bases/mongodb.amazee.io_mongodbconsumers.yaml index 51fe8ae..707c276 100644 --- a/config/crd/bases/mongodb.amazee.io_mongodbconsumers.yaml +++ b/config/crd/bases/mongodb.amazee.io_mongodbconsumers.yaml @@ -1,11 +1,9 @@ - --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.18.0 name: mongodbconsumers.mongodb.amazee.io spec: group: mongodb.amazee.io @@ -15,98 +13,96 @@ spec: plural: mongodbconsumers singular: mongodbconsumer scope: Namespaced - validation: - openAPIV3Schema: - description: MongoDBConsumer is the Schema for the mongodbconsumers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MongoDBConsumerSpec defines the desired state of MongoDBConsumer - properties: - consumer: - description: MongoDBConsumerData defines the provider link for this - consumer - properties: - auth: - description: MongoDBAuth defines the authorisation mechanisms that - mongo can use - properties: - mechanism: - type: string - source: - type: string - tls: - type: boolean - required: - - tls - type: object - database: - type: string - password: - type: string - services: - description: MongoDBConsumerServices defines the provider link for - this consumer - properties: - primary: - type: string - type: object - username: - type: string - type: object - environment: - description: These are the spec options for consumers - type: string - provider: - description: MongoDBConsumerProvider defines the provider link for this - consumer - properties: - auth: - description: MongoDBAuth defines the authorisation mechanisms that - mongo can use - properties: - mechanism: - type: string - source: - type: string - tls: - type: boolean - required: - - tls - type: object - hostname: - type: string - name: - type: string - namespace: - type: string - port: - type: string - type: object - type: object - status: - description: MongoDBConsumerStatus defines the observed state of MongoDBConsumer - type: object - type: object - version: v1 versions: - name: v1 + schema: + openAPIV3Schema: + description: MongoDBConsumer is the Schema for the mongodbconsumers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MongoDBConsumerSpec defines the desired state of MongoDBConsumer + properties: + consumer: + description: MongoDBConsumerData defines the provider link for this + consumer + properties: + auth: + description: MongoDBAuth defines the authorisation mechanisms + that mongo can use + properties: + mechanism: + type: string + source: + type: string + tls: + type: boolean + required: + - tls + type: object + database: + type: string + password: + type: string + services: + description: MongoDBConsumerServices defines the provider link + for this consumer + properties: + primary: + type: string + type: object + username: + type: string + type: object + environment: + description: These are the spec options for consumers + type: string + provider: + description: MongoDBConsumerProvider defines the provider link for + this consumer + properties: + auth: + description: MongoDBAuth defines the authorisation mechanisms + that mongo can use + properties: + mechanism: + type: string + source: + type: string + tls: + type: boolean + required: + - tls + type: object + hostname: + type: string + name: + type: string + namespace: + type: string + port: + type: string + type: object + type: object + status: + description: MongoDBConsumerStatus defines the observed state of MongoDBConsumer + type: object + type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/crd/bases/mongodb.amazee.io_mongodbproviders.yaml b/config/crd/bases/mongodb.amazee.io_mongodbproviders.yaml index 7b1ee50..ceed847 100644 --- a/config/crd/bases/mongodb.amazee.io_mongodbproviders.yaml +++ b/config/crd/bases/mongodb.amazee.io_mongodbproviders.yaml @@ -1,11 +1,9 @@ - --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.18.0 name: mongodbproviders.mongodb.amazee.io spec: group: mongodb.amazee.io @@ -15,64 +13,72 @@ spec: plural: mongodbproviders singular: mongodbprovider scope: Namespaced - validation: - openAPIV3Schema: - description: MongoDBProvider is the Schema for the mongodbproviders API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MongoDBProviderSpec defines the desired state of MongoDBProvider - properties: - auth: - description: MongoDBAuth defines the authorisation mechanisms that mongo - can use - properties: - mechanism: - type: string - source: - type: string - tls: - type: boolean - required: - - tls - type: object - environment: - description: These are the spec options for providers - type: string - hostname: - type: string - password: - type: string - port: - type: string - type: - type: string - user: - type: string - type: object - status: - description: MongoDBProviderStatus defines the observed state of MongoDBProvider - type: object - type: object - version: v1 versions: - name: v1 + schema: + openAPIV3Schema: + description: MongoDBProvider is the Schema for the mongodbproviders API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MongoDBProviderSpec defines the desired state of MongoDBProvider + properties: + auth: + description: MongoDBAuth defines the authorisation mechanisms that + mongo can use + properties: + mechanism: + type: string + source: + type: string + tls: + type: boolean + required: + - tls + type: object + environment: + description: These are the spec options for providers + type: string + hostname: + type: string + password: + type: string + passwordSecretRef: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + port: + type: string + type: + type: string + user: + type: string + type: object + status: + description: MongoDBProviderStatus defines the observed state of MongoDBProvider + type: object + type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/crd/bases/postgres.amazee.io_postgresqlconsumers.yaml b/config/crd/bases/postgres.amazee.io_postgresqlconsumers.yaml index e7db9d4..d52f4b3 100644 --- a/config/crd/bases/postgres.amazee.io_postgresqlconsumers.yaml +++ b/config/crd/bases/postgres.amazee.io_postgresqlconsumers.yaml @@ -1,11 +1,9 @@ - --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.18.0 name: postgresqlconsumers.postgres.amazee.io spec: group: postgres.amazee.io @@ -15,74 +13,73 @@ spec: plural: postgresqlconsumers singular: postgresqlconsumer scope: Namespaced - validation: - openAPIV3Schema: - description: PostgreSQLConsumer is the Schema for the postgresqlconsumers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PostgreSQLConsumerSpec defines the desired state of PostgreSQLConsumer - properties: - consumer: - description: PostgreSQLConsumerData defines the provider link for this - consumer - properties: - database: - type: string - password: - type: string - services: - description: PostgreSQLConsumerServices defines the provider link - for this consumer - properties: - primary: - type: string - type: object - username: - type: string - type: object - environment: - description: These are the spec options for consumers - type: string - provider: - description: PostgreSQLConsumerProvider defines the provider link for - this consumer - properties: - hostname: - type: string - name: - type: string - namespace: - type: string - port: - type: string - type: - type: string - type: object - type: object - status: - description: PostgreSQLConsumerStatus defines the observed state of PostgreSQLConsumer - type: object - type: object - version: v1 versions: - name: v1 + schema: + openAPIV3Schema: + description: PostgreSQLConsumer is the Schema for the postgresqlconsumers + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PostgreSQLConsumerSpec defines the desired state of PostgreSQLConsumer + properties: + consumer: + description: PostgreSQLConsumerData defines the provider link for + this consumer + properties: + database: + type: string + password: + type: string + services: + description: PostgreSQLConsumerServices defines the provider link + for this consumer + properties: + primary: + type: string + type: object + username: + type: string + type: object + environment: + description: These are the spec options for consumers + type: string + provider: + description: PostgreSQLConsumerProvider defines the provider link + for this consumer + properties: + hostname: + type: string + name: + type: string + namespace: + type: string + port: + type: string + type: + type: string + type: object + type: object + status: + description: PostgreSQLConsumerStatus defines the observed state of PostgreSQLConsumer + type: object + type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/crd/bases/postgres.amazee.io_postgresqlproviders.yaml b/config/crd/bases/postgres.amazee.io_postgresqlproviders.yaml index 3428ad6..9816327 100644 --- a/config/crd/bases/postgres.amazee.io_postgresqlproviders.yaml +++ b/config/crd/bases/postgres.amazee.io_postgresqlproviders.yaml @@ -1,11 +1,9 @@ - --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.18.0 name: postgresqlproviders.postgres.amazee.io spec: group: postgres.amazee.io @@ -15,55 +13,66 @@ spec: plural: postgresqlproviders singular: postgresqlprovider scope: Namespaced - validation: - openAPIV3Schema: - description: PostgreSQLProvider is the Schema for the postgresqlproviders API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PostgreSQLProviderSpec defines the desired state of PostgreSQLProvider - properties: - environment: - description: These are the spec options for providers - type: string - hostname: - type: string - name: - type: string - namespace: - type: string - password: - type: string - port: - type: string - type: - type: string - user: - type: string - type: object - status: - description: PostgreSQLProviderStatus defines the observed state of PostgreSQLProvider - type: object - type: object - version: v1 versions: - name: v1 + schema: + openAPIV3Schema: + description: PostgreSQLProvider is the Schema for the postgresqlproviders + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PostgreSQLProviderSpec defines the desired state of PostgreSQLProvider + properties: + environment: + description: These are the spec options for providers + type: string + hostname: + type: string + name: + type: string + namespace: + type: string + password: + type: string + passwordSecretRef: + description: SecretKeyRef references a specific key inside a Kubernetes + Secret + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + port: + type: string + type: + type: string + user: + type: string + type: object + status: + description: PostgreSQLProviderStatus defines the observed state of PostgreSQLProvider + type: object + type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 7185da4..2c123ff 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -1,9 +1,7 @@ - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: manager-role rules: - apiGroups: @@ -22,25 +20,6 @@ rules: - mariadb.amazee.io resources: - mariadbconsumers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mariadb.amazee.io - resources: - - mariadbconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - mariadb.amazee.io - resources: - mariadbproviders verbs: - create @@ -53,6 +32,7 @@ rules: - apiGroups: - mariadb.amazee.io resources: + - mariadbconsumers/status - mariadbproviders/status verbs: - get @@ -62,25 +42,6 @@ rules: - mongodb.amazee.io resources: - mongodbconsumers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mongodb.amazee.io - resources: - - mongodbconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - mongodb.amazee.io - resources: - mongodbproviders verbs: - create @@ -93,6 +54,7 @@ rules: - apiGroups: - mongodb.amazee.io resources: + - mongodbconsumers/status - mongodbproviders/status verbs: - get @@ -102,25 +64,6 @@ rules: - postgres.amazee.io resources: - postgresqlconsumers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - postgres.amazee.io - resources: - - postgresqlconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - postgres.amazee.io - resources: - postgresqlproviders verbs: - create @@ -133,6 +76,7 @@ rules: - apiGroups: - postgres.amazee.io resources: + - postgresqlconsumers/status - postgresqlproviders/status verbs: - get diff --git a/controllers/mariadb/mariadbprovider_controller.go b/controllers/mariadb/mariadbprovider_controller.go index 17cc050..70e4a89 100644 --- a/controllers/mariadb/mariadbprovider_controller.go +++ b/controllers/mariadb/mariadbprovider_controller.go @@ -17,16 +17,24 @@ package controllers import ( "context" + "fmt" "github.com/go-logr/logr" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" mariadbv1 "github.com/amazeeio/dbaas-operator/apis/mariadb/v1" + corev1 "k8s.io/api/core/v1" ) +type PasswordSecretRef struct { + Name string + Key string +} + // MariaDBProviderReconciler reconciles a MariaDBProvider object type MariaDBProviderReconciler struct { client.Client @@ -36,6 +44,7 @@ type MariaDBProviderReconciler struct { Hostname string ReadReplicaHostnames []string Password string + PasswordSecretRef *PasswordSecretRef Port string Username string Type string @@ -61,6 +70,28 @@ func (r *MariaDBProviderReconciler) Reconcile(req ctrl.Request) (ctrl.Result, er // LabelAppType: "database-provider", // } + var password string + if mariaDBProvider.Spec.PasswordSecretRef != nil { + var secret corev1.Secret + secretName := types.NamespacedName{ + Name: mariaDBProvider.Spec.PasswordSecretRef.Name, + Namespace: req.Namespace, + } + err := r.Get(ctx, secretName, &secret) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to get Secret %s: %w", secretName.Name, err) + } + + val, ok := secret.Data[mariaDBProvider.Spec.PasswordSecretRef.Key] + if !ok { + return ctrl.Result{}, fmt.Errorf("key %s not found in Secret %s", mariaDBProvider.Spec.PasswordSecretRef.Key, secret.Name) + } + password = string(val) + } else { + password = mariaDBProvider.Spec.Password + } + r.Password = password // Optional: make it available on the reconciler + // examine DeletionTimestamp to determine if object is under deletion if mariaDBProvider.ObjectMeta.DeletionTimestamp.IsZero() { // The object is not being deleted, so if it does not have our finalizer, diff --git a/controllers/mongodb/mongodbprovider_controller.go b/controllers/mongodb/mongodbprovider_controller.go index 0e3d877..2f7d474 100644 --- a/controllers/mongodb/mongodbprovider_controller.go +++ b/controllers/mongodb/mongodbprovider_controller.go @@ -17,13 +17,14 @@ package controllers import ( "context" + "fmt" + mongodbv1 "github.com/amazeeio/dbaas-operator/apis/mongodb/v1" "github.com/go-logr/logr" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - - mongodbv1 "github.com/amazeeio/dbaas-operator/apis/mongodb/v1" ) // MongoDBProviderReconciler reconciles a MongoDBProvider object @@ -39,12 +40,36 @@ type MongoDBProviderReconciler struct { // Reconcile . func (r *MongoDBProviderReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { ctx := context.Background() - _ = r.Log.WithValues("mongodbprovider", req.NamespacedName) var mongodbProvider mongodbv1.MongoDBProvider if err := r.Get(ctx, req.NamespacedName, &mongodbProvider); err != nil { return ctrl.Result{}, ignoreNotFound(err) } + + var password string + if mongodbProvider.Spec.PasswordSecretRef != nil { + var secret corev1.Secret + secretName := mongodbProvider.Spec.PasswordSecretRef.Name + secretKey := mongodbProvider.Spec.PasswordSecretRef.Key + + if err := r.Get(ctx, client.ObjectKey{Namespace: req.Namespace, Name: secretName}, &secret); err != nil { + fmt.Printf("failed to get password secret %q: %v\n", secretName, err) + return ctrl.Result{}, err + } + + pwBytes, found := secret.Data[secretKey] + if !found { + err := fmt.Errorf("password key %q not found in secret %q", secretKey, secretName) + fmt.Printf("error reading secret key: secretName=%q, secretKey=%q, error=%v\n", secretName, secretKey, err) + return ctrl.Result{}, err + } + + password = string(pwBytes) + } else { + password = mongodbProvider.Spec.Password + } + // if there is no password in secret, use password as string + _ = password // your logic here finalizerName := "finalizer.provider.mongodb.amazee.io/v1" diff --git a/controllers/postgres/postgresqlprovider_controller.go b/controllers/postgres/postgresqlprovider_controller.go index e7fb0e3..b168806 100644 --- a/controllers/postgres/postgresqlprovider_controller.go +++ b/controllers/postgres/postgresqlprovider_controller.go @@ -17,13 +17,14 @@ package controllers import ( "context" + "fmt" + postgresv1 "github.com/amazeeio/dbaas-operator/apis/postgres/v1" "github.com/go-logr/logr" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - - postgresv1 "github.com/amazeeio/dbaas-operator/apis/postgres/v1" ) // PostgreSQLProviderReconciler reconciles a PostgreSQLProvider object @@ -46,7 +47,20 @@ func (r *PostgreSQLProviderReconciler) Reconcile(req ctrl.Request) (ctrl.Result, } // your logic here finalizerName := "finalizer.provider.postgres.amazee.io/v1" - + // Resolve password from secret if specified + if postgresqlProvider.Spec.PasswordSecretRef != nil { + secretRef := postgresqlProvider.Spec.PasswordSecretRef + var secret corev1.Secret + secretKey := client.ObjectKey{Name: secretRef.Name, Namespace: req.Namespace} + if err := r.Get(ctx, secretKey, &secret); err != nil { + return ctrl.Result{}, fmt.Errorf("failed to get secret %s: %w", secretRef.Name, err) + } + password, ok := secret.Data[secretRef.Key] + if !ok { + return ctrl.Result{}, fmt.Errorf("key %s not found in secret %s", secretRef.Key, secretRef.Name) + } + postgresqlProvider.Spec.Password = string(password) + } // examine DeletionTimestamp to determine if object is under deletion if postgresqlProvider.ObjectMeta.DeletionTimestamp.IsZero() { // The object is not being deleted, so if it does not have our finalizer, diff --git a/test-resources/mariadb/provider-azure-password-secret.yaml b/test-resources/mariadb/provider-azure-password-secret.yaml new file mode 100644 index 0000000..bb8f146 --- /dev/null +++ b/test-resources/mariadb/provider-azure-password-secret.yaml @@ -0,0 +1,42 @@ +apiVersion: mariadb.amazee.io/v1 +kind: MariaDBProvider +metadata: + name: mariadbprovider-testing-azure +spec: + environment: azure + type: azure + hostname: azure.mariadb.172.17.0.1.nip.io + readReplicaHostnames: + - azure.mariadb.172.17.0.1.nip.io + passwordSecretRef: + name: mariadb-secret + key: password + port: '33066' + user: root + +--- +apiVersion: mariadb.amazee.io/v1 +kind: MariaDBProvider +metadata: + name: mariadbprovider-testing-azure-longhost +spec: + environment: azure-long + type: azure + hostname: a.very.very.long.hostname.for.azure.mariadb.172.17.0.1.nip.io + readReplicaHostnames: + - a.very.very.long.hostname.for.azure.mariadb.172.17.0.1.nip.io + passwordSecretRef: + name: mariadb-secret + key: password + port: '33066' + user: root + +--- +apiVersion: v1 +kind: Secret +metadata: + name: my-db-secret + namespace: default +type: Opaque +data: + password: cGFzc3dvcmQ= # base64-encoded value of "password" \ No newline at end of file diff --git a/test-resources/mariadb/provider-multi-password-secret.yaml b/test-resources/mariadb/provider-multi-password-secret.yaml new file mode 100644 index 0000000..d96f711 --- /dev/null +++ b/test-resources/mariadb/provider-multi-password-secret.yaml @@ -0,0 +1,41 @@ +# Test: This resource intentionally uses the `password` field directly +# and does NOT provide `passwordSecretRef`, to ensure the controller +# correctly uses the plain string password when a secret is not configured. +apiVersion: mariadb.amazee.io/v1 +kind: MariaDBProvider +metadata: + name: mariadbprovider-testing-multi1 +spec: + environment: multi + hostname: multi1.mariadb.172.17.0.1.nip.io + readReplicaHostnames: + - multi1.mariadb.172.17.0.1.nip.io + passwordSecretRef: + name: mariadb-secret + key: password + port: '33066' + user: root +--- +apiVersion: mariadb.amazee.io/v1 +kind: MariaDBProvider +metadata: + name: mariadbprovider-testing-multi2 +spec: + environment: multi + hostname: multi2.mariadb.172.17.0.1.nip.io + readReplicaHostnames: + - multi2.mariadb.172.17.0.1.nip.io + passwordSecretRef: + name: mariadb-secret + key: password + port: '33067' + user: root + +--- +apiVersion: v1 +kind: Secret +metadata: + name: mariadb-secret +type: Opaque +data: + password: cGFzc3dvcmQ= # base64 encoded string of "password" diff --git a/test-resources/mariadb/provider-multi.yaml b/test-resources/mariadb/provider-multi.yaml index 14058d2..2bc72f3 100644 --- a/test-resources/mariadb/provider-multi.yaml +++ b/test-resources/mariadb/provider-multi.yaml @@ -1,3 +1,6 @@ +# Test: This resource intentionally uses the `password` field directly +# and does NOT provide `passwordSecretRef`, to ensure the controller +# correctly uses the plain string password when a secret is not configured. apiVersion: mariadb.amazee.io/v1 kind: MariaDBProvider metadata: diff --git a/test-resources/mariadb/provider-password-secret.yaml b/test-resources/mariadb/provider-password-secret.yaml new file mode 100644 index 0000000..1b72331 --- /dev/null +++ b/test-resources/mariadb/provider-password-secret.yaml @@ -0,0 +1,24 @@ +apiVersion: mariadb.amazee.io/v1 +kind: MariaDBProvider +metadata: + name: mariadbprovider-testing +spec: + environment: test + hostname: mariadb.172.17.0.1.nip.io + readReplicaHostnames: + - mariadb.172.17.0.1.nip.io + passwordSecretRef: + name: my-db-secret + key: password + port: '33066' + user: root + +--- +apiVersion: v1 +kind: Secret +metadata: + name: my-db-secret + namespace: default +type: Opaque +data: + password: cGFzc3dvcmQ= # base64-encoded value of "password" \ No newline at end of file diff --git a/test-resources/mariadb/provider.yaml b/test-resources/mariadb/provider.yaml index e9351fb..ab96345 100644 --- a/test-resources/mariadb/provider.yaml +++ b/test-resources/mariadb/provider.yaml @@ -9,4 +9,4 @@ spec: - mariadb.172.17.0.1.nip.io password: password port: '33066' - user: root \ No newline at end of file + user: root diff --git a/test-resources/mongodb/provider-password-secret.yaml b/test-resources/mongodb/provider-password-secret.yaml new file mode 100644 index 0000000..e8a3378 --- /dev/null +++ b/test-resources/mongodb/provider-password-secret.yaml @@ -0,0 +1,25 @@ +apiVersion: mongodb.amazee.io/v1 +kind: MongoDBProvider +metadata: + name: mongodbprovider-testing +spec: + environment: test + hostname: mongodb.172.17.0.1.nip.io + passwordSecretRef: + name: mariadb-secret + key: password + port: '27017' + user: root + auth: + mechanism: SCRAM-SHA-1 + source: admin + tls: false + +--- +apiVersion: v1 +kind: Secret +metadata: + name: mariadb-secret +type: Opaque +data: + password: cGFzc3dvcmQ= # base64 encoded string of "password" \ No newline at end of file diff --git a/test-resources/mongodb/provider-tls-password-secret.yaml b/test-resources/mongodb/provider-tls-password-secret.yaml new file mode 100644 index 0000000..9294a96 --- /dev/null +++ b/test-resources/mongodb/provider-tls-password-secret.yaml @@ -0,0 +1,25 @@ +apiVersion: mongodb.amazee.io/v1 +kind: MongoDBProvider +metadata: + name: mongodbprovider-tls-testing +spec: + environment: tls-test + hostname: mongodb.172.17.0.1.nip.io + passwordSecretRef: + name: mariadb-secret + key: password + port: '27018' + user: root + auth: + mechanism: SCRAM-SHA-1 + source: admin + tls: true + +--- +apiVersion: v1 +kind: Secret +metadata: + name: mariadb-secret +type: Opaque +data: + password: cGFzc3dvcmQ= # base64 encoded string of "password" diff --git a/test-resources/operator.yaml b/test-resources/operator.yaml index 510d147..d87069b 100644 --- a/test-resources/operator.yaml +++ b/test-resources/operator.yaml @@ -10,7 +10,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null name: mariadbconsumers.mariadb.amazee.io spec: group: mariadb.amazee.io @@ -80,7 +79,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null name: mariadbproviders.mariadb.amazee.io spec: group: mariadb.amazee.io @@ -114,8 +112,13 @@ spec: type: string mariadb_hostname: type: string - mariadb_password: - type: string + passwordSecretRef: + type: object + properties: + name: + type: string + key: + type: string mariadb_port: type: string mariadb_readreplica_hostname: @@ -175,7 +178,6 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: dbaas-operator-manager-role rules: - apiGroups: diff --git a/test-resources/postgres/provider-password-secret.yaml b/test-resources/postgres/provider-password-secret.yaml new file mode 100644 index 0000000..56c21cf --- /dev/null +++ b/test-resources/postgres/provider-password-secret.yaml @@ -0,0 +1,22 @@ +apiVersion: postgres.amazee.io/v1 +kind: PostgreSQLProvider +metadata: + name: postgreprovider-testing +spec: + environment: test + hostname: postgres.172.17.0.1.nip.io + passwordSecretRef: + name: mariadb-secret + key: password + port: '5432' + user: postgres + + +--- +apiVersion: v1 +kind: Secret +metadata: + name: mariadb-secret +type: Opaque +data: + password: cGFzc3dvcmQ= # base64 encoded string of "password" \ No newline at end of file From 8c27abe98eac4c23d974e9b9e5dc5e5c1d90c7bf Mon Sep 17 00:00:00 2001 From: "polina.shtanko" Date: Wed, 11 Jun 2025 07:41:01 -0700 Subject: [PATCH 2/2] fix --- apis/mariadb/v1/zz_generated.deepcopy.go | 2 +- apis/mongodb/v1/zz_generated.deepcopy.go | 2 +- apis/postgres/v1/zz_generated.deepcopy.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apis/mariadb/v1/zz_generated.deepcopy.go b/apis/mariadb/v1/zz_generated.deepcopy.go index 603ce3d..53d3d4c 100644 --- a/apis/mariadb/v1/zz_generated.deepcopy.go +++ b/apis/mariadb/v1/zz_generated.deepcopy.go @@ -1,4 +1,4 @@ -//go:build !ignore_autogenerated +// +build !ignore_autogenerated /* diff --git a/apis/mongodb/v1/zz_generated.deepcopy.go b/apis/mongodb/v1/zz_generated.deepcopy.go index 74ddca3..15543ab 100644 --- a/apis/mongodb/v1/zz_generated.deepcopy.go +++ b/apis/mongodb/v1/zz_generated.deepcopy.go @@ -1,4 +1,4 @@ -//go:build !ignore_autogenerated +// +build !ignore_autogenerated /* diff --git a/apis/postgres/v1/zz_generated.deepcopy.go b/apis/postgres/v1/zz_generated.deepcopy.go index e64faed..e53eac0 100644 --- a/apis/postgres/v1/zz_generated.deepcopy.go +++ b/apis/postgres/v1/zz_generated.deepcopy.go @@ -1,4 +1,4 @@ -//go:build !ignore_autogenerated +// +build !ignore_autogenerated /*