Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: support to update and delete system accounts #8756

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

chore: support to update and delete system accounts #8756

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
b931be3
init
leon-inf Jan 3, 2025
8b88452
Merge branch 'main' into support/system-account
leon-inf Jan 7, 2025
791e7a4
update
leon-inf Jan 7, 2025
f1d2494
cannot disable init system accounts
leon-inf Jan 7, 2025
c28695c
update init account's password
leon-inf Jan 7, 2025
675f06f
test cases
leon-inf Jan 8, 2025
4dec082
Merge branch 'main' into support/system-account
leon-inf Jan 8, 2025
62fd592
add update statement
leon-inf Jan 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 23 additions & 7 deletions apis/apps/v1/componentdefinition_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1212,26 +1212,42 @@ type SystemAccount struct {
// +optional
InitAccount bool `json:"initAccount,omitempty"`

// Defines the statement used to create the account with the necessary privileges.
// Defines the statements used to create, delete, and update the account.
//
// This field is immutable once set.
//
// +optional
Statement string `json:"statement,omitempty"`
Statement *SystemAccountStatement `json:"statement,omitempty"`

// Specifies the policy for generating the account's password.
//
// This field is immutable once set.
//
// +optional
PasswordGenerationPolicy PasswordConfig `json:"passwordGenerationPolicy"`
}

type SystemAccountStatement struct {
// The statement to create a new account with the necessary privileges.
//
// This field is immutable once set.
//
// +optional
Create string `json:"create,omitempty"`

// The statement to delete a account.
//
// This field is immutable once set.
//
// +optional
Delete string `json:"delete,omitempty"`

// Refers to the secret from which data will be copied to create the new account.
// The statement to update an existing account.
//
// This field is immutable once set.
//
// +optional
SecretRef *ProvisionSecretRef `json:"secretRef,omitempty"`
Update string `json:"update,omitempty"`
}

type TLS struct {
Expand Down Expand Up @@ -1735,9 +1751,9 @@ type ComponentLifecycleActions struct {
//
// The container executing this action has access to following variables:
//
// - KB_ACCOUNT_NAME: The name of the system account to be created.
// - KB_ACCOUNT_PASSWORD: The password for the system account. // TODO: how to pass the password securely?
// - KB_ACCOUNT_STATEMENT: The statement used to create the system account.
// - KB_ACCOUNT_NAME: The name of the system account to be manipulated.
// - KB_ACCOUNT_PASSWORD: The password for the system account.
// - KB_ACCOUNT_STATEMENT: The statement used to manipulate the system account.
//
// Note: This field is immutable once it has been set.
//
Expand Down
12 changes: 12 additions & 0 deletions apis/apps/v1/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,6 +347,12 @@ type ComponentSystemAccount struct {
// +kubebuilder:validation:Required
Name string `json:"name"`

// Specifies whether the system account is disabled.
//
// +kubebuilder:default=false
// +optional
Disabled *bool `json:"disabled,omitempty"`

// Specifies the policy for generating the account's password.
//
// This field is immutable once set.
Expand Down Expand Up @@ -429,6 +435,12 @@ type ProvisionSecretRef struct {
//
// +kubebuilder:validation:Required
Namespace string `json:"namespace"`

// The key in the secret data that contains the password.
//
// +kubebuilder:default="password"
// +optional
Password string `json:"password,omitempty"`
}

// ClusterComponentConfig represents a config with its source bound.
Expand Down
28 changes: 24 additions & 4 deletions apis/apps/v1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 19 additions & 0 deletions config/crd/bases/apps.kubeblocks.io_clusters.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5311,6 +5311,10 @@ spec:
ComponentDefinition.
items:
properties:
disabled:
default: false
description: Specifies whether the system account is disabled.
type: boolean
name:
description: The name of the system account.
type: string
Expand Down Expand Up @@ -5369,6 +5373,11 @@ spec:
namespace:
description: The namespace where the secret is located.
type: string
password:
default: password
description: The key in the secret data that contains
the password.
type: string
required:
- name
- namespace
Expand Down Expand Up @@ -14047,6 +14056,11 @@ spec:
ComponentDefinition.
items:
properties:
disabled:
default: false
description: Specifies whether the system account
is disabled.
type: boolean
name:
description: The name of the system account.
type: string
Expand Down Expand Up @@ -14106,6 +14120,11 @@ spec:
description: The namespace where the secret is
located.
type: string
password:
default: password
description: The key in the secret data that contains
the password.
type: string
required:
- name
- namespace
Expand Down
41 changes: 23 additions & 18 deletions config/crd/bases/apps.kubeblocks.io_componentdefinitions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4501,9 +4501,9 @@ spec:
The container executing this action has access to following variables:


- KB_ACCOUNT_NAME: The name of the system account to be created.
- KB_ACCOUNT_PASSWORD: The password for the system account. // TODO: how to pass the password securely?
- KB_ACCOUNT_STATEMENT: The statement used to create the system account.
- KB_ACCOUNT_NAME: The name of the system account to be manipulated.
- KB_ACCOUNT_PASSWORD: The password for the system account.
- KB_ACCOUNT_STATEMENT: The statement used to manipulate the system account.


Note: This field is immutable once it has been set.
Expand Down Expand Up @@ -16727,30 +16727,35 @@ spec:
Cannot be updated.
type: string
type: object
secretRef:
statement:
description: |-
Refers to the secret from which data will be copied to create the new account.
Defines the statements used to create, delete, and update the account.


This field is immutable once set.
properties:
name:
description: The unique identifier of the secret.
create:
description: |-
The statement to create a new account with the necessary privileges.


This field is immutable once set.
type: string
namespace:
description: The namespace where the secret is located.
delete:
description: |-
The statement to delete a account.


This field is immutable once set.
type: string
required:
- name
- namespace
type: object
statement:
description: |-
Defines the statement used to create the account with the necessary privileges.
update:
description: |-
The statement to update an existing account.


This field is immutable once set.
type: string
This field is immutable once set.
type: string
type: object
required:
- name
type: object
Expand Down
9 changes: 9 additions & 0 deletions config/crd/bases/apps.kubeblocks.io_components.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5505,6 +5505,10 @@ spec:
description: Overrides system accounts defined in referenced ComponentDefinition.
items:
properties:
disabled:
default: false
description: Specifies whether the system account is disabled.
type: boolean
name:
description: The name of the system account.
type: string
Expand Down Expand Up @@ -5563,6 +5567,11 @@ spec:
namespace:
description: The namespace where the secret is located.
type: string
password:
default: password
description: The key in the secret data that contains the
password.
type: string
required:
- name
- namespace
Expand Down
Loading
Loading