Add options for ZK ACLs in SolrCloud CRD. (#144)

Signed-off-by: Houston Putman <[email protected]>
apache · Sep 30, 2020 · 8d08fad · 8d08fad
1 parent 641e713
commit 8d08fad
Show file tree

Hide file tree

Showing 11 changed files with 417 additions and 78 deletions.
diff --git a/api/v1beta1/solrcloud_types.go b/api/v1beta1/solrcloud_types.go
@@ -389,6 +389,11 @@ type ZookeeperRef struct {
 	// Note: This option will not allow the SolrCloud to run across kube-clusters.
 	// +optional
 	ProvidedZookeeper *ProvidedZookeeper `json:"provided,omitempty"`
+
+	// ZooKeeper ACLs for Solr to use when connecting with ZK.
+	// This ACL should allow ADMIN action in the given chRoot.
+	// +optional
+	ACL *ZookeeperACL `json:"acl,omitempty"`
 }
 
 func (ref *ZookeeperRef) withDefaults() (changed bool) {
@@ -670,6 +675,19 @@ func (s *ZetcdSpec) withDefaults() (changed bool) {
 	return changed
 }
 
+// ZookeeperSpec defines the internal zookeeper ensemble to run for solr
+type ZookeeperACL struct {
+	// The name of the Kubernetes Secret that stores the username and password for the ACL.
+	// This secret must be in the same namespace as the solrCloud is running in .
+	SecretRef string `json:"secret"`
+
+	// The name of the key in the given secret that contains the ACL username
+	UsernameKey string `json:"usernameKey"`
+
+	// The name of the key in the given secret that contains the ACL password
+	PasswordKey string `json:"passwordKey"`
+}
+
 // SolrCloudStatus defines the observed state of SolrCloud
 type SolrCloudStatus struct {
 	// SolrNodes contain the statuses of each solr node running in this solr cloud.

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/solr.bloomberg.com_solrclouds.yaml b/config/crd/bases/solr.bloomberg.com_solrclouds.yaml
@@ -4853,6 +4853,28 @@ spec:
                 connect to Can be a zookeeper that is running, or one that is created
                 by the solr operator
               properties:
+                acl:
+                  description: ZooKeeper ACLs for Solr to use when connecting with
+                    ZK. This ACL should allow ADMIN action in the given chRoot.
+                  properties:
+                    passwordKey:
+                      description: The name of the key in the given secret that contains
+                        the ACL password
+                      type: string
+                    secret:
+                      description: The name of the Kubernetes Secret that stores the
+                        username and password for the ACL. This secret must be in
+                        the same namespace as the solrCloud is running in .
+                      type: string
+                    usernameKey:
+                      description: The name of the key in the given secret that contains
+                        the ACL username
+                      type: string
+                  required:
+                  - passwordKey
+                  - secret
+                  - usernameKey
+                  type: object
                 connectionInfo:
                   description: A zookeeper ensemble that is run independently of the
                     solr operator If an externalConnectionString is provided, but

diff --git a/controllers/controller_utils_test.go b/controllers/controller_utils_test.go
@@ -186,6 +186,7 @@ func testPodEnvVariables(t *testing.T, expectedEnvVars map[string]string, foundE
 		}
 	}
 	assert.Equal(t, len(expectedEnvVars), matchCount, "Not all expected env variables found in podSpec")
+	assert.Equal(t, "SOLR_OPTS", foundEnvVars[len(foundEnvVars)-1].Name, "SOLR_OPTS must be the last envVar set, as it uses other envVars.")
 }
 
 func testPodTolerations(t *testing.T, expectedTolerations []corev1.Toleration, foundTolerations []corev1.Toleration) {

diff --git a/controllers/solrcloud_controller_externaldns_test.go b/controllers/solrcloud_controller_externaldns_test.go
@@ -108,13 +108,14 @@ func TestEDSCloudReconcile(t *testing.T) {
 
 	// Env Variable Tests
 	expectedEnvVars := map[string]string{
-		"ZK_HOST":   "host:7271/",
-		"SOLR_HOST": "$(POD_HOSTNAME)." + instance.Namespace + "." + testDomain,
-		"SOLR_PORT": "3000",
+		"ZK_HOST":        "host:7271/",
+		"SOLR_HOST":      "$(POD_HOSTNAME)." + instance.Namespace + "." + testDomain,
+		"SOLR_PORT":      "3000",
+		"SOLR_NODE_PORT": "3000",
+		"SOLR_OPTS":      "-DhostPort=$(SOLR_NODE_PORT)",
 	}
 	testPodEnvVariables(t, expectedEnvVars, statefulSet.Spec.Template.Spec.Containers[0].Env)
-	assert.ElementsMatch(t, []string{"-DhostPort=3000"}, statefulSet.Spec.Template.Spec.Containers[0].Args, "Wrong Solr container arguments")
-	assert.ElementsMatch(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
+	assert.Equal(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
 
 	// Check the client Service
 	service := expectService(t, g, requests, expectedCloudRequest, cloudCsKey, statefulSet.Spec.Template.Labels)
@@ -220,13 +221,14 @@ func TestEDSNoNodesCloudReconcile(t *testing.T) {
 
 	// Env Variable Tests
 	expectedEnvVars := map[string]string{
-		"ZK_HOST":   "host:7271/",
-		"SOLR_HOST": "$(POD_HOSTNAME)." + cloudHsKey.Name + "." + instance.Namespace,
-		"SOLR_PORT": "2000",
+		"ZK_HOST":        "host:7271/",
+		"SOLR_HOST":      "$(POD_HOSTNAME)." + cloudHsKey.Name + "." + instance.Namespace,
+		"SOLR_PORT":      "2000",
+		"SOLR_NODE_PORT": "2000",
+		"SOLR_OPTS":      "-DhostPort=$(SOLR_NODE_PORT)",
 	}
 	testPodEnvVariables(t, expectedEnvVars, statefulSet.Spec.Template.Spec.Containers[0].Env)
-	assert.ElementsMatch(t, []string{"-DhostPort=2000"}, statefulSet.Spec.Template.Spec.Containers[0].Args, "Wrong Solr container arguments")
-	assert.ElementsMatch(t, []string{"solr", "stop", "-p", "2000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
+	assert.Equal(t, []string{"solr", "stop", "-p", "2000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
 
 	// Check the client Service
 	service := expectService(t, g, requests, expectedCloudRequest, cloudCsKey, statefulSet.Spec.Template.Labels)
@@ -329,13 +331,14 @@ func TestEDSNoCommonCloudReconcile(t *testing.T) {
 
 	// Env Variable Tests
 	expectedEnvVars := map[string]string{
-		"ZK_HOST":   "host:7271/",
-		"SOLR_HOST": "$(POD_HOSTNAME)." + instance.Namespace + "." + testDomain,
-		"SOLR_PORT": "3000",
+		"ZK_HOST":        "host:7271/",
+		"SOLR_HOST":      "$(POD_HOSTNAME)." + instance.Namespace + "." + testDomain,
+		"SOLR_PORT":      "3000",
+		"SOLR_NODE_PORT": "3000",
+		"SOLR_OPTS":      "-DhostPort=$(SOLR_NODE_PORT)",
 	}
 	testPodEnvVariables(t, expectedEnvVars, statefulSet.Spec.Template.Spec.Containers[0].Env)
-	assert.ElementsMatch(t, []string{"-DhostPort=3000"}, statefulSet.Spec.Template.Spec.Containers[0].Args, "Wrong Solr container arguments")
-	assert.ElementsMatch(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
+	assert.Equal(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
 
 	// Check the client Service
 	service := expectService(t, g, requests, expectedCloudRequest, cloudCsKey, statefulSet.Spec.Template.Labels)
@@ -438,13 +441,14 @@ func TestEDSUseInternalAddressCloudReconcile(t *testing.T) {
 
 	// Env Variable Tests
 	expectedEnvVars := map[string]string{
-		"ZK_HOST":   "host:7271/",
-		"SOLR_HOST": "$(POD_HOSTNAME)." + cloudHsKey.Name + "." + instance.Namespace,
-		"SOLR_PORT": "3000",
+		"ZK_HOST":        "host:7271/",
+		"SOLR_HOST":      "$(POD_HOSTNAME)." + cloudHsKey.Name + "." + instance.Namespace,
+		"SOLR_PORT":      "3000",
+		"SOLR_NODE_PORT": "3000",
+		"SOLR_OPTS":      "-DhostPort=$(SOLR_NODE_PORT)",
 	}
 	testPodEnvVariables(t, expectedEnvVars, statefulSet.Spec.Template.Spec.Containers[0].Env)
-	assert.ElementsMatch(t, []string{"-DhostPort=3000"}, statefulSet.Spec.Template.Spec.Containers[0].Args, "Wrong Solr container arguments")
-	assert.ElementsMatch(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
+	assert.Equal(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
 
 	// Check the client Service
 	service := expectService(t, g, requests, expectedCloudRequest, cloudCsKey, statefulSet.Spec.Template.Labels)
@@ -550,13 +554,14 @@ func TestEDSExtraDomainsCloudReconcile(t *testing.T) {
 
 	// Env Variable Tests
 	expectedEnvVars := map[string]string{
-		"ZK_HOST":   "host:7271/",
-		"SOLR_HOST": "$(POD_HOSTNAME)." + instance.Namespace + "." + testDomain,
-		"SOLR_PORT": "3000",
+		"ZK_HOST":        "host:7271/",
+		"SOLR_HOST":      "$(POD_HOSTNAME)." + instance.Namespace + "." + testDomain,
+		"SOLR_PORT":      "3000",
+		"SOLR_NODE_PORT": "3000",
+		"SOLR_OPTS":      "-DhostPort=$(SOLR_NODE_PORT)",
 	}
 	testPodEnvVariables(t, expectedEnvVars, statefulSet.Spec.Template.Spec.Containers[0].Env)
-	assert.ElementsMatch(t, []string{"-DhostPort=3000"}, statefulSet.Spec.Template.Spec.Containers[0].Args, "Wrong Solr container arguments")
-	assert.ElementsMatch(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
+	assert.Equal(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
 
 	hostnameAnnotation := instance.Namespace + "." + testDomain
 	for _, domain := range testAdditionalDomains {
@@ -668,13 +673,14 @@ func TestEDSKubeDomainCloudReconcile(t *testing.T) {
 
 	// Env Variable Tests
 	expectedEnvVars := map[string]string{
-		"ZK_HOST":   "host:7271/",
-		"SOLR_HOST": "$(POD_HOSTNAME)." + cloudHsKey.Name + "." + instance.Namespace + ".svc." + testKubeDomain,
-		"SOLR_PORT": "2000",
+		"ZK_HOST":        "host:7271/",
+		"SOLR_HOST":      "$(POD_HOSTNAME)." + cloudHsKey.Name + "." + instance.Namespace + ".svc." + testKubeDomain,
+		"SOLR_PORT":      "2000",
+		"SOLR_NODE_PORT": "2000",
+		"SOLR_OPTS":      "-DhostPort=$(SOLR_NODE_PORT)",
 	}
 	testPodEnvVariables(t, expectedEnvVars, statefulSet.Spec.Template.Spec.Containers[0].Env)
-	assert.ElementsMatch(t, []string{"-DhostPort=2000"}, statefulSet.Spec.Template.Spec.Containers[0].Args, "Wrong Solr container arguments")
-	assert.ElementsMatch(t, []string{"solr", "stop", "-p", "2000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
+	assert.Equal(t, []string{"solr", "stop", "-p", "2000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
 
 	// Check the client Service
 	service := expectService(t, g, requests, expectedCloudRequest, cloudCsKey, statefulSet.Spec.Template.Labels)

diff --git a/controllers/solrcloud_controller_ingress_test.go b/controllers/solrcloud_controller_ingress_test.go
@@ -124,13 +124,14 @@ func TestIngressCloudReconcile(t *testing.T) {
 
 	// Env Variable Tests
 	expectedEnvVars := map[string]string{
-		"ZK_HOST":   "host:7271/",
-		"SOLR_HOST": instance.Namespace + "-$(POD_HOSTNAME)." + testDomain,
-		"SOLR_PORT": "3000",
+		"ZK_HOST":        "host:7271/",
+		"SOLR_HOST":      instance.Namespace + "-$(POD_HOSTNAME)." + testDomain,
+		"SOLR_PORT":      "3000",
+		"SOLR_NODE_PORT": "100",
+		"SOLR_OPTS":      "-DhostPort=$(SOLR_NODE_PORT)",
 	}
 	testPodEnvVariables(t, expectedEnvVars, statefulSet.Spec.Template.Spec.Containers[0].Env)
-	assert.ElementsMatch(t, []string{"-DhostPort=100"}, statefulSet.Spec.Template.Spec.Containers[0].Args, "Wrong Solr container arguments (Solr advertising port)")
-	assert.ElementsMatch(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
+	assert.Equal(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
 
 	// Check the client Service
 	service := expectService(t, g, requests, expectedCloudRequest, cloudCsKey, statefulSet.Spec.Template.Labels)
@@ -247,13 +248,14 @@ func TestIngressNoNodesCloudReconcile(t *testing.T) {
 
 	// Env Variable Tests
 	expectedEnvVars := map[string]string{
-		"ZK_HOST":   "host:7271/",
-		"SOLR_HOST": "$(POD_HOSTNAME)." + cloudHsKey.Name + "." + cloudHsKey.Namespace,
-		"SOLR_PORT": "3000",
+		"ZK_HOST":        "host:7271/",
+		"SOLR_HOST":      "$(POD_HOSTNAME)." + cloudHsKey.Name + "." + cloudHsKey.Namespace,
+		"SOLR_PORT":      "3000",
+		"SOLR_NODE_PORT": "3000",
+		"SOLR_OPTS":      "-DhostPort=$(SOLR_NODE_PORT)",
 	}
 	testPodEnvVariables(t, expectedEnvVars, statefulSet.Spec.Template.Spec.Containers[0].Env)
-	assert.ElementsMatch(t, []string{"-DhostPort=3000"}, statefulSet.Spec.Template.Spec.Containers[0].Args, "Wrong Solr container arguments (Solr advertising port)")
-	assert.ElementsMatch(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
+	assert.Equal(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
 
 	// Check the client Service
 	service := expectService(t, g, requests, expectedCloudRequest, cloudCsKey, statefulSet.Spec.Template.Labels)
@@ -371,13 +373,14 @@ func TestIngressNoCommonCloudReconcile(t *testing.T) {
 
 	// Env Variable Tests
 	expectedEnvVars := map[string]string{
-		"ZK_HOST":   "host:7271/",
-		"SOLR_HOST": instance.Namespace + "-$(POD_HOSTNAME)." + testDomain,
-		"SOLR_PORT": "3000",
+		"ZK_HOST":        "host:7271/",
+		"SOLR_HOST":      instance.Namespace + "-$(POD_HOSTNAME)." + testDomain,
+		"SOLR_PORT":      "3000",
+		"SOLR_NODE_PORT": "100",
+		"SOLR_OPTS":      "-DhostPort=$(SOLR_NODE_PORT)",
 	}
 	testPodEnvVariables(t, expectedEnvVars, statefulSet.Spec.Template.Spec.Containers[0].Env)
-	assert.ElementsMatch(t, []string{"-DhostPort=100"}, statefulSet.Spec.Template.Spec.Containers[0].Args, "Wrong Solr container arguments (Solr advertising port)")
-	assert.ElementsMatch(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
+	assert.Equal(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
 
 	// Check the client Service
 	service := expectService(t, g, requests, expectedCloudRequest, cloudCsKey, statefulSet.Spec.Template.Labels)
@@ -493,13 +496,14 @@ func TestIngressUseInternalAddressCloudReconcile(t *testing.T) {
 
 	// Env Variable Tests
 	expectedEnvVars := map[string]string{
-		"ZK_HOST":   "host:7271/",
-		"SOLR_HOST": "$(POD_HOSTNAME)." + expectedCloudRequest.Namespace,
-		"SOLR_PORT": "3000",
+		"ZK_HOST":        "host:7271/",
+		"SOLR_HOST":      "$(POD_HOSTNAME)." + expectedCloudRequest.Namespace,
+		"SOLR_PORT":      "3000",
+		"SOLR_NODE_PORT": "100",
+		"SOLR_OPTS":      "-DhostPort=$(SOLR_NODE_PORT)",
 	}
 	testPodEnvVariables(t, expectedEnvVars, statefulSet.Spec.Template.Spec.Containers[0].Env)
-	assert.ElementsMatch(t, []string{"-DhostPort=100"}, statefulSet.Spec.Template.Spec.Containers[0].Args, "Wrong Solr container arguments (Solr advertising port)")
-	assert.ElementsMatch(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
+	assert.Equal(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
 
 	// Check the client Service
 	service := expectService(t, g, requests, expectedCloudRequest, cloudCsKey, statefulSet.Spec.Template.Labels)
@@ -619,13 +623,14 @@ func TestIngressExtraDomainsCloudReconcile(t *testing.T) {
 
 	// Env Variable Tests
 	expectedEnvVars := map[string]string{
-		"ZK_HOST":   "host:7271/",
-		"SOLR_HOST": instance.Namespace + "-$(POD_HOSTNAME)." + testDomain,
-		"SOLR_PORT": "3000",
+		"ZK_HOST":        "host:7271/",
+		"SOLR_HOST":      instance.Namespace + "-$(POD_HOSTNAME)." + testDomain,
+		"SOLR_PORT":      "3000",
+		"SOLR_NODE_PORT": "100",
+		"SOLR_OPTS":      "-DhostPort=$(SOLR_NODE_PORT)",
 	}
 	testPodEnvVariables(t, expectedEnvVars, statefulSet.Spec.Template.Spec.Containers[0].Env)
-	assert.ElementsMatch(t, []string{"-DhostPort=100"}, statefulSet.Spec.Template.Spec.Containers[0].Args, "Wrong Solr container arguments (Solr advertising port)")
-	assert.ElementsMatch(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
+	assert.Equal(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
 
 	// Check the client Service
 	service := expectService(t, g, requests, expectedCloudRequest, cloudCsKey, statefulSet.Spec.Template.Labels)
@@ -742,13 +747,14 @@ func TestIngressKubeDomainCloudReconcile(t *testing.T) {
 
 	// Env Variable Tests
 	expectedEnvVars := map[string]string{
-		"ZK_HOST":   "host:7271/",
-		"SOLR_HOST": "$(POD_HOSTNAME)." + expectedCloudRequest.Namespace + ".svc." + testKubeDomain,
-		"SOLR_PORT": "3000",
+		"ZK_HOST":        "host:7271/",
+		"SOLR_HOST":      "$(POD_HOSTNAME)." + expectedCloudRequest.Namespace + ".svc." + testKubeDomain,
+		"SOLR_PORT":      "3000",
+		"SOLR_NODE_PORT": "100",
+		"SOLR_OPTS":      "-DhostPort=$(SOLR_NODE_PORT)",
 	}
 	testPodEnvVariables(t, expectedEnvVars, statefulSet.Spec.Template.Spec.Containers[0].Env)
-	assert.ElementsMatch(t, []string{"-DhostPort=100"}, statefulSet.Spec.Template.Spec.Containers[0].Args, "Wrong Solr container arguments (Solr advertising port)")
-	assert.ElementsMatch(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
+	assert.Equal(t, []string{"solr", "stop", "-p", "3000"}, statefulSet.Spec.Template.Spec.Containers[0].Lifecycle.PreStop.Exec.Command, "Incorrect pre-stop command")
 
 	// Check the client Service
 	service := expectService(t, g, requests, expectedCloudRequest, cloudCsKey, statefulSet.Spec.Template.Labels)
-Original file line number
+Diff line change
@@ Expand Up @@
     		}
     	}
     	assert.Equal(t, len(expectedEnvVars), matchCount, "Not all expected env variables found in podSpec")
+    	assert.Equal(t, "SOLR_OPTS", foundEnvVars[len(foundEnvVars)-1].Name, "SOLR_OPTS must be the last envVar set, as it uses other envVars.")
     }
     func testPodTolerations(t *testing.T, expectedTolerations []corev1.Toleration, foundTolerations []corev1.Toleration) {
@@ Expand Down @@