migrate from databaseUsername to databaseAccount

api/bases/placement.openstack.org_placementapis.yaml

@@ -59,17 +59,16 @@ spec:
                   added to to /etc/<service>/<service>.conf.d directory as custom.conf
                   file.
                 type: string
+              databaseAccount:
+                default: placement
+                description: DatabaseAccount - name of MariaDBAccount which will be
+                  used to connect.
+                type: string
               databaseInstance:
                 description: MariaDB instance name Right now required by the maridb-operator
                   to get the credentials from the instance to create the DB Might
                   not be required in future
                 type: string
-              databaseUser:
-                default: placement
-                description: 'DatabaseUser - optional username used for placement
-                  DB, defaults to placement TODO: -> implement needs work in mariadb-operator,
-                  right now only placement'
-                type: string
               defaultConfigOverwrite:
                 additionalProperties:
                   type: string
@@ -264,16 +263,10 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: PlacementDatabasePassword
                   service: PlacementPassword
                 description: PasswordSelectors - Selectors to identify the DB and
                   ServiceUser password from the Secret
                 properties:
-                  database:
-                    default: PlacementDatabasePassword
-                    description: 'Database - Selector to get the Database user password
-                      from the Secret TODO: not used, need change in mariadb-operator'
-                    type: string
                   service:
                     default: PlacementPassword
                     description: Service - Selector to get the service user password
@@ -343,7 +336,7 @@ spec:
                 type: object
               secret:
                 description: Secret containing OpenStack password information for
-                  placement PlacementDatabasePassword, PlacementPassword
+                  placement PlacementPassword
                 type: string
               serviceUser:
                 default: placement

api/v1beta1/placementapi_types.go

@@ -54,9 +54,8 @@ type PlacementAPISpec struct {
 
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:default=placement
-	// DatabaseUser - optional username used for placement DB, defaults to placement
-	// TODO: -> implement needs work in mariadb-operator, right now only placement
-	DatabaseUser string `json:"databaseUser"`
+	// DatabaseAccount - name of MariaDBAccount which will be used to connect.
+	DatabaseAccount string `json:"databaseAccount"`
 
 	// +kubebuilder:validation:Required
 	// PlacementAPI Container Image URL (will be set to environmental default if empty)
@@ -70,11 +69,11 @@ type PlacementAPISpec struct {
 	Replicas *int32 `json:"replicas"`
 
 	// +kubebuilder:validation:Required
-	// Secret containing OpenStack password information for placement PlacementDatabasePassword, PlacementPassword
+	// Secret containing OpenStack password information for placement PlacementPassword
 	Secret string `json:"secret"`
 
 	// +kubebuilder:validation:Optional
-	// +kubebuilder:default={database: PlacementDatabasePassword, service: PlacementPassword}
+	// +kubebuilder:default={service: PlacementPassword}
 	// PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret
 	PasswordSelectors PasswordSelector `json:"passwordSelectors"`
 
@@ -125,11 +124,6 @@ type APIOverrideSpec struct {
 
 // PasswordSelector to identify the DB and AdminUser password from the Secret
 type PasswordSelector struct {
-	// +kubebuilder:validation:Optional
-	// +kubebuilder:default="PlacementDatabasePassword"
-	// Database - Selector to get the Database user password from the Secret
-	// TODO: not used, need change in mariadb-operator
-	Database string `json:"database"`
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:default="PlacementPassword"
 	// Service - Selector to get the service user password from the Secret

config/crd/bases/placement.openstack.org_placementapis.yaml

@@ -59,17 +59,16 @@ spec:
                   added to to /etc/<service>/<service>.conf.d directory as custom.conf
                   file.
                 type: string
+              databaseAccount:
+                default: placement
+                description: DatabaseAccount - name of MariaDBAccount which will be
+                  used to connect.
+                type: string
               databaseInstance:
                 description: MariaDB instance name Right now required by the maridb-operator
                   to get the credentials from the instance to create the DB Might
                   not be required in future
                 type: string
-              databaseUser:
-                default: placement
-                description: 'DatabaseUser - optional username used for placement
-                  DB, defaults to placement TODO: -> implement needs work in mariadb-operator,
-                  right now only placement'
-                type: string
               defaultConfigOverwrite:
                 additionalProperties:
                   type: string
@@ -264,16 +263,10 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: PlacementDatabasePassword
                   service: PlacementPassword
                 description: PasswordSelectors - Selectors to identify the DB and
                   ServiceUser password from the Secret
                 properties:
-                  database:
-                    default: PlacementDatabasePassword
-                    description: 'Database - Selector to get the Database user password
-                      from the Secret TODO: not used, need change in mariadb-operator'
-                    type: string
                   service:
                     default: PlacementPassword
                     description: Service - Selector to get the service user password
@@ -343,7 +336,7 @@ spec:
                 type: object
               secret:
                 description: Secret containing OpenStack password information for
-                  placement PlacementDatabasePassword, PlacementPassword
+                  placement PlacementPassword
                 type: string
               serviceUser:
                 default: placement

config/manifests/bases/placement-operator.clusterserviceversion.yaml

@@ -18,6 +18,10 @@ spec:
       displayName: Placement API
       kind: PlacementAPI
       name: placementapis.placement.openstack.org
+      specDescriptors:
+      - description: TLS - Parameters related to the TLS
+        displayName: TLS
+        path: tls
       version: v1beta1
   description: Placement Operator
   displayName: Placement Operator

config/samples/placement_v1beta1_placementapi.yaml

@@ -8,7 +8,7 @@ spec:
     [DEFAULT]
     debug = true
   databaseInstance: openstack
-  databaseUser: placement
+  databaseAccount: placement
   preserveJobs: false
   replicas: 1
   secret: placement-secret

config/samples/placement_v1beta1_placementtls.yaml

@@ -8,7 +8,7 @@ spec:
     [DEFAULT]
     debug = true
   databaseInstance: openstack
-  databaseUser: placement
+  databaseAccount: placement
   preserveJobs: false
   replicas: 1
   secret: placement-secret

controllers/placementapi_controller.go

@@ -323,7 +323,6 @@ func (r *PlacementAPIReconciler) Reconcile(ctx context.Context, req ctrl.Request
 		types.NamespacedName{Namespace: instance.Namespace, Name: instance.Spec.Secret},
 		[]string{
 			instance.Spec.PasswordSelectors.Service,
-			instance.Spec.PasswordSelectors.Database,
 		},
 		h.GetClient(),
 		&instance.Status.Conditions)
@@ -349,6 +348,32 @@ func (r *PlacementAPIReconciler) Reconcile(ctx context.Context, req ctrl.Request
 	// all our input checks out so report InputReady
 	instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)
 
+	// ensure MariaDBAccount exists.  This account record may be created by
+	// openstack-operator or the cloud operator up front without a specific
+	// MariaDBDatabase configured yet.   Otherwise, a MariaDBAccount CR is
+	// created here with a generated username as well as a secret with
+	// generated password.   The MariaDBAccount is created without being
+	// yet associated with any MariaDBDatabase.
+	_, _, err = mariadbv1.EnsureMariaDBAccount(
+		ctx, h, instance.Spec.DatabaseAccount,
+		instance.Namespace, false, placement.DatabaseName,
+	)
+
+	if err != nil {
+		instance.Status.Conditions.Set(condition.FalseCondition(
+			mariadbv1.MariaDBAccountReadyCondition,
+			condition.ErrorReason,
+			condition.SeverityWarning,
+			mariadbv1.MariaDBAccountNotReadyMessage,
+			err.Error()))
+
+		return ctrl.Result{}, err
+	}
+	instance.Status.Conditions.MarkTrue(
+		mariadbv1.MariaDBAccountReadyCondition,
+		mariadbv1.MariaDBAccountReadyMessage,
+	)
+
 	db, result, err := r.ensureDB(ctx, h, instance)
 	if err != nil {
 		return ctrl.Result{}, err
@@ -450,6 +475,7 @@ func (r *PlacementAPIReconciler) Reconcile(ctx context.Context, req ctrl.Request
 		// We can ignore RequeueAfter as we are watching the KeystoneEndpoint resource
 		return ctrl.Result{}, err
 	}
+
 	result, err = r.ensureDbSync(ctx, instance, h, serviceAnnotations)
 	if (err != nil || result != ctrl.Result{}) {
 		return result, err
@@ -466,6 +492,12 @@ func (r *PlacementAPIReconciler) Reconcile(ctx context.Context, req ctrl.Request
 		return ctrl.Result{}, nil
 	}
 
+	// remove finalizers from unused MariaDBAccount records
+	err = mariadbv1.DeleteUnusedMariaDBAccountFinalizers(ctx, h, placement.DatabaseName, instance.Spec.DatabaseAccount, instance.Namespace)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
 	return ctrl.Result{}, nil
 }
 
@@ -919,7 +951,7 @@ func (r *PlacementAPIReconciler) reconcileDelete(ctx context.Context, instance *
 	Log.Info("Reconciling Service delete")
 
 	// remove db finalizer before the placement one
-	db, err := mariadbv1.GetDatabaseByName(ctx, helper, placement.DatabaseName)
+	db, err := mariadbv1.GetDatabaseByNameAndAccount(ctx, helper, placement.DatabaseName, instance.Spec.DatabaseAccount, instance.Namespace)
 	if err != nil && !k8s_errors.IsNotFound(err) {
 		return ctrl.Result{}, err
 	}
@@ -974,23 +1006,16 @@ func (r *PlacementAPIReconciler) ensureDB(
 	h *helper.Helper,
 	instance *placementv1.PlacementAPI,
 ) (*mariadbv1.Database, ctrl.Result, error) {
-	// (ksambor) should we use  NewDatabaseWithNamespace instead?
-	db := mariadbv1.NewDatabaseWithNamespace(
-		placement.DatabaseName,
-		instance.Spec.DatabaseUser,
-		instance.Spec.Secret,
-		map[string]string{
-			"dbName": instance.Spec.DatabaseInstance,
-		},
-		placement.DatabaseName,
-		instance.Namespace,
+	db := mariadbv1.NewDatabaseForAccount(
+		instance.Spec.DatabaseInstance, // mariadb/galera service to target
+		placement.DatabaseName,         // name used in CREATE DATABASE in mariadb
+		placement.DatabaseName,         // CR name for MariaDBDatabase
+		instance.Spec.DatabaseAccount,  // CR name for MariaDBAccount
+		instance.Namespace,             // namespace
 	)
+
 	// create or patch the DB
-	ctrlResult, err := db.CreateOrPatchDBByName(
-		ctx,
-		h,
-		instance.Spec.DatabaseInstance,
-	)
+	ctrlResult, err := db.CreateOrPatchAll(ctx, h)
 	if err != nil {
 		instance.Status.Conditions.Set(condition.FalseCondition(
 			condition.DBReadyCondition,
@@ -1216,15 +1241,19 @@ func (r *PlacementAPIReconciler) generateServiceConfigMaps(
 	if err != nil {
 		return err
 	}
+
+	databaseAccount := db.GetAccount()
+	dbSecret := db.GetSecret()
+
 	templateParameters := map[string]interface{}{
 		"ServiceUser":         instance.Spec.ServiceUser,
 		"KeystoneInternalURL": keystoneInternalURL,
 		"KeystonePublicURL":   keystonePublicURL,
 		"PlacementPassword":   string(ospSecret.Data[instance.Spec.PasswordSelectors.Service]),
 		"log_file":            "/var/log/placement/placement-api.log",
 		"DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s?read_default_file=/etc/my.cnf",
-			instance.Spec.DatabaseUser,
-			string(ospSecret.Data[instance.Spec.PasswordSelectors.Database]),
+			databaseAccount.Spec.UserName,
+			string(dbSecret.Data[mariadbv1.DatabasePasswordSelector]),
 			instance.Status.DatabaseHostname,
 			placement.DatabaseName,
 		),

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240226160457-b1b853eb4600
 	github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240229121803-169ced56d56e
 	github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240229121803-169ced56d56e
-	github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240222094307-76fef735f093
+	github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240303091826-438dde8600d3
 	github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.20240216174613-3d349f26e681
 	go.uber.org/zap v1.27.0
 	k8s.io/api v0.28.7

go.sum

@@ -99,8 +99,8 @@ github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.2024022
 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.20240229121803-169ced56d56e/go.mod h1:fvCDr4wd7Oy2rIunTzpGoMKWXHk2pQYaF3tJBFLELpM=
 github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240229121803-169ced56d56e h1:rbVGqqtxuJy/RvSVERJG6ZLahbJguOZzPRUpGNT1k38=
 github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240229121803-169ced56d56e/go.mod h1:/ZkLOznBDxjChwIFFK3xg3EZ13WmZPP4ehu5wWy1T8E=
-github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240222094307-76fef735f093 h1:gmm2o5bVYIeuAVHp7WsDIpQc8vh+/9tUUYY4Wfyus/o=
-github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240222094307-76fef735f093/go.mod h1:f9IIyWeoskWoeWaDFF3qmAJ2Kqyovfi0Ar/QUfk3qag=
+github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240303091826-438dde8600d3 h1:fwb+GvvnN9Mhkgg5pBksZ8W5+hLCcNOorHsUTQYA1Lg=
+github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240303091826-438dde8600d3/go.mod h1:f9IIyWeoskWoeWaDFF3qmAJ2Kqyovfi0Ar/QUfk3qag=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

tests/functional/base_test.go

@@ -34,6 +34,7 @@ type Names struct {
 	ConfigMapName          types.NamespacedName
 	DBSyncJobName          types.NamespacedName
 	MariaDBDatabaseName    types.NamespacedName
+	MariaDBAccount         types.NamespacedName
 	DeploymentName         types.NamespacedName
 	PublicServiceName      types.NamespacedName
 	InternalServiceName    types.NamespacedName
@@ -60,6 +61,9 @@ func CreateNames(placementAPIName types.NamespacedName) Names {
 		MariaDBDatabaseName: types.NamespacedName{
 			Namespace: placementAPIName.Namespace,
 			Name:      placement.DatabaseName},
+		MariaDBAccount: types.NamespacedName{
+			Namespace: placementAPIName.Namespace,
+			Name:      AccountName},
 		DeploymentName: types.NamespacedName{
 			Namespace: placementAPIName.Namespace,
 			Name:      placementAPIName.Name},
@@ -100,6 +104,7 @@ func GetDefaultPlacementAPISpec() map[string]interface{} {
 	return map[string]interface{}{
 		"databaseInstance": "openstack",
 		"secret":           SecretName,
+		"databaseAccount":  AccountName,
 	}
 }
 
@@ -108,6 +113,7 @@ func GetTLSPlacementAPISpec(names Names) map[string]interface{} {
 		"databaseInstance": "openstack",
 		"replicas":         1,
 		"secret":           SecretName,
+		"databaseAccount":  AccountName,
 		"tls": map[string]interface{}{
 			"api": map[string]interface{}{
 				"internal": map[string]interface{}{