From 71d772e03a8d5000da9e094c90a4499150b5defe Mon Sep 17 00:00:00 2001 From: Martin Schuppert Date: Tue, 6 Feb 2024 09:13:38 +0100 Subject: [PATCH] [tls] Reflect tls enabled and add func to create my.cnf client cfg Moves function to get the my.cnf client config from lib-common to this operator and returns the client config for both tls and non tls use case depending if the Galera cluster is configured to support TLS. Jira: OSPRH-4547 --- Makefile | 22 +++- ...ariadb.openstack.org_mariadbdatabases.yaml | 3 + api/go.mod | 22 ++-- api/go.sum | 41 ++++--- api/v1beta1/mariadbdatabase_funcs.go | 47 +++++++- api/v1beta1/mariadbdatabase_funcs_test.go | 103 ++++++++++++++++++ api/v1beta1/mariadbdatabase_types.go | 4 + ...ariadb.openstack.org_mariadbdatabases.yaml | 3 + controllers/mariadbdatabase_controller.go | 3 + go.mod | 2 +- 10 files changed, 210 insertions(+), 40 deletions(-) create mode 100644 api/v1beta1/mariadbdatabase_funcs_test.go diff --git a/Makefile b/Makefile index 2e2f80b4..76bd985b 100644 --- a/Makefile +++ b/Makefile @@ -114,12 +114,22 @@ tidy: ## Run go mod tidy on every mod file in the repo .PHONY: golangci-lint golangci-lint: - test -s $(LOCALBIN)/golangci-lint || curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.51.2 - $(LOCALBIN)/golangci-lint run --fix + test -s $(LOCALBIN)/golangci-lint || curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.51.2 + $(LOCALBIN)/golangci-lint run --fix + +PROCS?=$(shell expr $(shell nproc --ignore 2) / 2) +PROC_CMD = --procs ${PROCS} .PHONY: test test: manifests generate fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out + for mod in $(shell find . -name go.mod -exec dirname {} \;); do \ + pushd ./$$mod ; \ + if [ -f test/functional/suite_test.go ]; then \ + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) -v debug --bin-dir $(LOCALBIN) use $(ENVTEST_K8S_VERSION) -p path)" $(GINKGO) --trace --cover --coverprofile cover.out --covermode=atomic --coverpkg=../../pkg/mariadb,../../controllers,../../api/v1beta1 ${PROC_CMD} $(GINKGO_ARGS) ./test/... || exit 1; \ + fi; \ + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test -v ./... --cover --coverprofile cover.out --covermode=atomic || exit 1; \ + popd ; \ + done ##@ Build @@ -195,6 +205,7 @@ $(LOCALBIN): KUSTOMIZE ?= $(LOCALBIN)/kustomize CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen ENVTEST ?= $(LOCALBIN)/setup-envtest +GINKGO ?= $(LOCALBIN)/ginkgo ## Tool Versions KUSTOMIZE_VERSION ?= v3.8.7 @@ -221,6 +232,11 @@ envtest: $(ENVTEST) ## Download envtest-setup locally if necessary. $(ENVTEST): $(LOCALBIN) test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest +.PHONY: ginkgo +ginkgo: $(GINKGO) ## Download ginkgo locally if necessary. +$(GINKGO): $(LOCALBIN) + test -s $(LOCALBIN)/ginkgo || GOBIN=$(LOCALBIN) go install github.com/onsi/ginkgo/v2/ginkgo + .PHONY: operator-sdk OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk operator-sdk: ## Download operator-sdk locally if necessary. diff --git a/api/bases/mariadb.openstack.org_mariadbdatabases.yaml b/api/bases/mariadb.openstack.org_mariadbdatabases.yaml index 927dcc38..e783f89c 100644 --- a/api/bases/mariadb.openstack.org_mariadbdatabases.yaml +++ b/api/bases/mariadb.openstack.org_mariadbdatabases.yaml @@ -103,6 +103,9 @@ spec: type: string description: Map of hashes to track e.g. job status type: object + tlsSupport: + description: Whether TLS is supported by the DB instance + type: boolean type: object type: object served: true diff --git a/api/go.mod b/api/go.mod index acfa21a4..0e62056e 100644 --- a/api/go.mod +++ b/api/go.mod @@ -4,12 +4,13 @@ go 1.19 require ( github.com/go-logr/logr v1.4.1 - github.com/onsi/ginkgo/v2 v2.13.2 + github.com/onsi/ginkgo/v2 v2.14.0 github.com/onsi/gomega v1.30.0 github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240110111528-21db14521cda - k8s.io/api v0.26.12 - k8s.io/apimachinery v0.26.12 - k8s.io/client-go v0.26.12 + k8s.io/api v0.26.13 + k8s.io/apimachinery v0.26.13 + k8s.io/client-go v0.26.13 + k8s.io/utils v0.0.0-20240102154912-e7106e64919e sigs.k8s.io/controller-runtime v0.14.7 ) @@ -51,24 +52,23 @@ require ( github.com/spf13/pflag v1.0.5 // indirect go.uber.org/multierr v1.10.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/net v0.19.0 // indirect + golang.org/x/net v0.20.0 // indirect golang.org/x/oauth2 v0.7.0 // indirect - golang.org/x/sys v0.15.0 // indirect - golang.org/x/term v0.15.0 // indirect + golang.org/x/sys v0.16.0 // indirect + golang.org/x/term v0.16.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.16.0 // indirect + golang.org/x/tools v0.17.0 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.26.12 // indirect - k8s.io/component-base v0.26.12 // indirect + k8s.io/apiextensions-apiserver v0.26.13 // indirect + k8s.io/component-base v0.26.13 // indirect k8s.io/klog/v2 v2.100.1 // indirect k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a // indirect - k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect diff --git a/api/go.sum b/api/go.sum index 176815b7..c90f9e15 100644 --- a/api/go.sum +++ b/api/go.sum @@ -226,8 +226,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/onsi/ginkgo/v2 v2.13.2 h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs= -github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= +github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= +github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/openshift/api v3.9.0+incompatible h1:fJ/KsefYuZAjmrr3+5U9yZIZbTOpVkDDLDLFresAeYs= @@ -348,7 +348,6 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -383,8 +382,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= -golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -446,12 +445,12 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -510,8 +509,8 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM= -golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= +golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= +golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -633,16 +632,16 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.12 h1:jJm3s5ot05SUN3tPGg3b+XWuBE7rO/X0+dnVMhxyd5o= -k8s.io/api v0.26.12/go.mod h1:N+HUXukmtXNOKDngxXrEPbZWggWx01tH/N0nG4nV0oo= -k8s.io/apiextensions-apiserver v0.26.12 h1:WHfFheB9AM0eHZsz6wu2h/KVmZ8PM7ZAmNDr3smkUzA= -k8s.io/apiextensions-apiserver v0.26.12/go.mod h1:bvr3OVCML7icxP4rq/fJaNBPPiZ9KIi79n/icBbg5Rc= -k8s.io/apimachinery v0.26.12 h1:y+OgufxqLIZtyXIydRhjLBGzrYLF+qwiDdCFXYOjeN4= -k8s.io/apimachinery v0.26.12/go.mod h1:2/HZp0l6coXtS26du1Bk36fCuAEr/lVs9Q9NbpBtd1Y= -k8s.io/client-go v0.26.12 h1:kPpTpIeFNqwo4UyvoqzNp3DNK2mbGcdGv23eS1U8VMo= -k8s.io/client-go v0.26.12/go.mod h1:V7thEnIFroyNZOU30dKLiiVeqQmJz45shJG1mu7nONQ= -k8s.io/component-base v0.26.12 h1:OyYjCtruv4/Yau5Z1v6e59N+JRDTj8JnW95W9w9AMpg= -k8s.io/component-base v0.26.12/go.mod h1:X98Et5BxJ8i4TcDusUcKS8EYxCujBU1lCL3pc/CUtHQ= +k8s.io/api v0.26.13 h1:65j5feDeimcvWLjxYyiSmCpQrV4cArU3DJQjAtPOmos= +k8s.io/api v0.26.13/go.mod h1:VXIh4xfQZf+gHowQ43lFgohkElTBwZ8hQjikp1Bkm2c= +k8s.io/apiextensions-apiserver v0.26.13 h1:eb4fGFYWU5IX+BdajL8lPrxk+TutekKPuHkHYpM1waE= +k8s.io/apiextensions-apiserver v0.26.13/go.mod h1:Ux/bcBgpMd0po5Mo2Z3Mez6gMvjzKMWQi/zHUnLn5uw= +k8s.io/apimachinery v0.26.13 h1:gTwNkZp+qrfZuhQFMD594ggzvcr06mbgAtLBTbdc4Mg= +k8s.io/apimachinery v0.26.13/go.mod h1:2/HZp0l6coXtS26du1Bk36fCuAEr/lVs9Q9NbpBtd1Y= +k8s.io/client-go v0.26.13 h1:KBIXrz1Rbkuq586BOWoGuNi79pGJM4uAbYg8F83u0Vk= +k8s.io/client-go v0.26.13/go.mod h1:Cc2v7fVnJ1a9wj11fv12fhoFIjqbZT/Ksono6bK0iw8= +k8s.io/component-base v0.26.13 h1:NiygriNjTaEhbv0P6h49GXnKG0cELGcQywFs8ITUSK4= +k8s.io/component-base v0.26.13/go.mod h1:ptCvZ+D/a0ojYB5QV+dn4qGM8oBoRaCV/iDBIY+p3ao= k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a h1:gmovKNur38vgoWfGtP5QOGNOA7ki4n6qNYoFAgMlNvg= diff --git a/api/v1beta1/mariadbdatabase_funcs.go b/api/v1beta1/mariadbdatabase_funcs.go index e8252405..d8f71dc6 100644 --- a/api/v1beta1/mariadbdatabase_funcs.go +++ b/api/v1beta1/mariadbdatabase_funcs.go @@ -24,6 +24,7 @@ import ( "github.com/openstack-k8s-operators/lib-common/modules/common/helper" "github.com/openstack-k8s-operators/lib-common/modules/common/service" + "github.com/openstack-k8s-operators/lib-common/modules/common/tls" "github.com/openstack-k8s-operators/lib-common/modules/common/util" k8s_errors "k8s.io/apimachinery/pkg/api/errors" @@ -113,6 +114,11 @@ func (d *Database) setDatabaseHostname( return nil } +// GetTLSSupport - returns the secret name holding the database connection and client config +func (d *Database) GetTLSSupport() bool { + return d.tlsSupport +} + // GetDatabaseHostname - returns the DB hostname which host the DB func (d *Database) GetDatabaseHostname() string { return d.databaseHostname @@ -224,7 +230,7 @@ func (d *Database) CreateOrPatchDBByName( return ctrl.Result{RequeueAfter: time.Second * 5}, nil } - op_acc, err_acc := controllerutil.CreateOrPatch(ctx, h.GetClient(), account, func() error { + opAcc, errAacc := controllerutil.CreateOrPatch(ctx, h.GetClient(), account, func() error { account.Labels = util.MergeStringMaps( account.GetLabels(), d.labels, @@ -241,15 +247,15 @@ func (d *Database) CreateOrPatchDBByName( return nil }) - if err_acc != nil && !k8s_errors.IsNotFound(err_acc) { + if errAacc != nil && !k8s_errors.IsNotFound(errAacc) { return ctrl.Result{}, util.WrapErrorForObject( fmt.Sprintf("Error create or update account object %s", account.Name), account, - err_acc, + errAacc, ) } - if op_acc != controllerutil.OperationResultNone { + if opAcc != controllerutil.OperationResultNone { util.LogForObject(h, fmt.Sprintf("Account object %s created or patched", account.Name), account) return ctrl.Result{RequeueAfter: time.Second * 5}, nil } @@ -262,6 +268,8 @@ func (d *Database) CreateOrPatchDBByName( return ctrl.Result{}, err } + d.tlsSupport = db.Status.TLSSupport + return ctrl.Result{}, nil } @@ -367,6 +375,7 @@ func (d *Database) getDBWithName( } d.database = db + d.tlsSupport = db.Status.TLSSupport account := &MariaDBAccount{} username := d.databaseUser @@ -457,3 +466,33 @@ func (d *Database) DeleteFinalizer( } return nil } + +// GetDatabaseClientConfig returns my.cnf client config +func (d *Database) GetDatabaseClientConfig(s *tls.Service) string { + conn := []string{} + conn = append(conn, "[client]") + + if s != nil && d.GetTLSSupport() { + if s.CertMount != nil && s.KeyMount != nil { + conn = append(conn, + fmt.Sprintf("ssl-cert=%s", *s.CertMount), + fmt.Sprintf("ssl-key=%s", *s.KeyMount), + ) + } + + // Default to the env global bundle if not specified via CaMount + caPath := tls.DownstreamTLSCABundlePath + if s.CaMount != nil { + caPath = *s.CaMount + } + conn = append(conn, fmt.Sprintf("ssl-ca=%s", caPath)) + + if len(conn) > 0 { + conn = append(conn, "ssl=1") + } + } else { + conn = append(conn, "ssl=0") + } + + return strings.Join(conn, "\n") +} diff --git a/api/v1beta1/mariadbdatabase_funcs_test.go b/api/v1beta1/mariadbdatabase_funcs_test.go new file mode 100644 index 00000000..c9f98ca5 --- /dev/null +++ b/api/v1beta1/mariadbdatabase_funcs_test.go @@ -0,0 +1,103 @@ +/* +Copyright 2024 Red Hat + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + "testing" + + . "github.com/onsi/gomega" + "github.com/openstack-k8s-operators/lib-common/modules/common/tls" + "k8s.io/utils/ptr" +) + +func TestCreateDatabaseClientConfig(t *testing.T) { + tests := []struct { + name string + db *Database + service *tls.Service + wantStmts []string + excludeStmts []string + }{ + { + name: "DB no TLS", + db: &Database{tlsSupport: false}, + service: &tls.Service{}, + wantStmts: []string{"ssl=0"}, + excludeStmts: []string{"ssl-cert=", "ssl-key="}, + }, + { + name: "DB TLS - only default CA Secret", + db: &Database{tlsSupport: true}, + service: &tls.Service{}, + wantStmts: []string{ + "ssl=1", + "ssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"}, + excludeStmts: []string{"ssl-cert=", "ssl-key="}, + }, + { + name: "DB TLS - custom CA", + db: &Database{tlsSupport: true}, + service: &tls.Service{CaMount: ptr.To("/some/path/ca.crt")}, + wantStmts: []string{ + "ssl=1", + "ssl-ca=/some/path/ca.crt"}, + excludeStmts: []string{"ssl-cert=", "ssl-key="}, + }, + { + name: "DB TLS - cert and key path provided", + db: &Database{tlsSupport: true}, + service: &tls.Service{ + CertMount: ptr.To("/some/path/tls.crt"), + KeyMount: ptr.To("/some/path/tls.key")}, + wantStmts: []string{ + "ssl=1", + "ssl-cert=/some/path/tls.crt", + "ssl-key=/some/path/tls.key", + "ssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"}, + excludeStmts: []string{}, + }, + { + name: "DB TLS - cert, key and custom CA provided", + db: &Database{tlsSupport: true}, + service: &tls.Service{ + CertMount: ptr.To("/some/path/tls.crt"), + KeyMount: ptr.To("/some/path/tls.key"), + CaMount: ptr.To("/some/path/ca.crt")}, + wantStmts: []string{ + "ssl=1", + "ssl-cert=/some/path/tls.crt", + "ssl-key=/some/path/tls.key", + "ssl-ca=/some/path/ca.crt"}, + excludeStmts: []string{}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + configStr := tt.db.GetDatabaseClientConfig(tt.service) + + for _, stmt := range tt.wantStmts { + g.Expect(configStr).To(ContainSubstring(stmt)) + } + for _, stmt := range tt.excludeStmts { + g.Expect(configStr).ToNot(ContainSubstring(stmt)) + } + }) + } +} diff --git a/api/v1beta1/mariadbdatabase_types.go b/api/v1beta1/mariadbdatabase_types.go index 6afcdf3f..9789213e 100644 --- a/api/v1beta1/mariadbdatabase_types.go +++ b/api/v1beta1/mariadbdatabase_types.go @@ -51,6 +51,9 @@ type MariaDBDatabaseStatus struct { Completed bool `json:"completed,omitempty"` // Map of hashes to track e.g. job status Hash map[string]string `json:"hash,omitempty"` + + // Whether TLS is supported by the DB instance + TLSSupport bool `json:"tlsSupport,omitempty"` } //+kubebuilder:object:root=true @@ -96,4 +99,5 @@ type Database struct { labels map[string]string name string namespace string + tlsSupport bool } diff --git a/config/crd/bases/mariadb.openstack.org_mariadbdatabases.yaml b/config/crd/bases/mariadb.openstack.org_mariadbdatabases.yaml index 927dcc38..e783f89c 100644 --- a/config/crd/bases/mariadb.openstack.org_mariadbdatabases.yaml +++ b/config/crd/bases/mariadb.openstack.org_mariadbdatabases.yaml @@ -103,6 +103,9 @@ spec: type: string description: Map of hashes to track e.g. job status type: object + tlsSupport: + description: Whether TLS is supported by the DB instance + type: boolean type: object type: object served: true diff --git a/controllers/mariadbdatabase_controller.go b/controllers/mariadbdatabase_controller.go index 1576947f..b939bcc4 100644 --- a/controllers/mariadbdatabase_controller.go +++ b/controllers/mariadbdatabase_controller.go @@ -231,6 +231,9 @@ func (r *MariaDBDatabaseReconciler) Reconcile(ctx context.Context, req ctrl.Requ databasev1beta1.MariaDBDatabaseReadyMessage, ) + // DB instances supports TLS + instance.Status.TLSSupport = dbGalera.Spec.TLS.Enabled() + return ctrl.Result{}, nil } diff --git a/go.mod b/go.mod index 6a069463..d4a72f94 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/onsi/ginkgo/v2 v2.14.0 github.com/onsi/gomega v1.30.0 github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240124141114-55d029e4658b - github.com/openstack-k8s-operators/mariadb-operator/api v0.1.1-0.20230823144333-b9363c5be8d2 + github.com/openstack-k8s-operators/mariadb-operator/api v0.1.1-0.20230913081601-9e4fc8aadad5 golang.org/x/exp v0.0.0-20240119083558-1b970713d09a k8s.io/api v0.26.13 k8s.io/apimachinery v0.26.13