migrate from databaseUsername to databaseAccount and fully use MariaD…

…BAccount

This will move neutron to fully use MariaDBAccount based on the dev work
being done for mariadb-operator:

openstack-k8s-operators/mariadb-operator#184

Depends-On: openstack-k8s-operators/openstack-operator#656

api/bases/neutron.openstack.org_neutronapis.yaml

@@ -59,17 +59,16 @@ spec:
                   added to to /etc/<service>/<service>.conf.d directory as custom.conf
                   file.
                 type: string
+              databaseAccount:
+                default: neutron
+                description: DatabaseAccount - optional username used for neutron
+                  DB, defaults to neutron
+                type: string
               databaseInstance:
                 description: MariaDB instance name Right now required by the maridb-operator
                   to get the credentials from the instance to create the DB Might
                   not be required in future
                 type: string
-              databaseUser:
-                default: neutron
-                description: 'DatabaseUser - optional username used for neutron DB,
-                  defaults to neutron TODO: -> implement needs work in mariadb-operator,
-                  right now only neutron'
-                type: string
               defaultConfigOverwrite:
                 additionalProperties:
                   type: string
@@ -2129,17 +2128,10 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: NeutronDatabasePassword
                   service: NeutronPassword
-                description: PasswordSelectors - Selectors to identify the DB and
-                  ServiceUser password from the Secret
+                description: PasswordSelectors - Selectors to identify the ServiceUser
+                  password from the Secret
                 properties:
-                  database:
-                    default: NeutronDatabasePassword
-                    description: 'Database - Selector to get the neutron database
-                      user password from the Secret TODO: not used, need change in
-                      mariadb-operator'
-                    type: string
                   service:
                     default: NeutronPassword
                     description: Database - Selector to get the neutron service password
@@ -2214,7 +2206,7 @@ spec:
                 type: object
               secret:
                 description: Secret containing OpenStack password information for
-                  NeutronDatabasePassword, NeutronPassword
+                  NeutronPassword
                 type: string
               serviceUser:
                 default: neutron

api/go.mod

@@ -36,6 +36,8 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/onsi/ginkgo/v2 v2.15.0 // indirect
+	github.com/onsi/gomega v1.31.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.18.0 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect

api/go.sum

@@ -62,8 +62,10 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY=
-github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
+github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY=
+github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
+github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
+github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
 github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240216173409-86913e6d5885 h1:o7KZaxKt8Dr97ZJIBPW0P482gLyFEURKF89fizcJCBQ=
 github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240216173409-86913e6d5885/go.mod h1:bQwzyQtWCR9F0+IvWZ30J9d1lB6tcX3CNJ0Ten1smDw=
 github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240216173409-86913e6d5885 h1:sMO+IYsZ91Nho0FV6y03J0NTGd8+ZWB4KmKJJU94gTU=

api/v1beta1/neutronapi_types.go

@@ -55,9 +55,8 @@ type NeutronAPISpec struct {
 
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:default=neutron
-	// DatabaseUser - optional username used for neutron DB, defaults to neutron
-	// TODO: -> implement needs work in mariadb-operator, right now only neutron
-	DatabaseUser string `json:"databaseUser"`
+	// DatabaseAccount - optional username used for neutron DB, defaults to neutron
+	DatabaseAccount string `json:"databaseAccount"`
 
 	// +kubebuilder:validation:Required
 	// +kubebuilder:default=rabbitmq
@@ -82,12 +81,12 @@ type NeutronAPISpec struct {
 	Replicas *int32 `json:"replicas"`
 
 	// +kubebuilder:validation:Required
-	// Secret containing OpenStack password information for NeutronDatabasePassword, NeutronPassword
+	// Secret containing OpenStack password information for NeutronPassword
 	Secret string `json:"secret"`
 
 	// +kubebuilder:validation:Optional
-	// +kubebuilder:default={database: NeutronDatabasePassword, service: NeutronPassword}
-	// PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret
+	// +kubebuilder:default={service: NeutronPassword}
+	// PasswordSelectors - Selectors to identify the ServiceUser password from the Secret
 	PasswordSelectors PasswordSelector `json:"passwordSelectors"`
 
 	// +kubebuilder:validation:Optional
@@ -143,11 +142,6 @@ type APIOverrideSpec struct {
 
 // PasswordSelector to identify the DB and AdminUser password from the Secret
 type PasswordSelector struct {
-	// +kubebuilder:validation:Optional
-	// +kubebuilder:default="NeutronDatabasePassword"
-	// Database - Selector to get the neutron database user password from the Secret
-	// TODO: not used, need change in mariadb-operator
-	Database string `json:"database"`
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:default="NeutronPassword"
 	// Database - Selector to get the neutron service password from the Secret

config/crd/bases/neutron.openstack.org_neutronapis.yaml

@@ -59,17 +59,16 @@ spec:
                   added to to /etc/<service>/<service>.conf.d directory as custom.conf
                   file.
                 type: string
+              databaseAccount:
+                default: neutron
+                description: DatabaseAccount - optional username used for neutron
+                  DB, defaults to neutron
+                type: string
               databaseInstance:
                 description: MariaDB instance name Right now required by the maridb-operator
                   to get the credentials from the instance to create the DB Might
                   not be required in future
                 type: string
-              databaseUser:
-                default: neutron
-                description: 'DatabaseUser - optional username used for neutron DB,
-                  defaults to neutron TODO: -> implement needs work in mariadb-operator,
-                  right now only neutron'
-                type: string
               defaultConfigOverwrite:
                 additionalProperties:
                   type: string
@@ -2129,17 +2128,10 @@ spec:
                 type: object
               passwordSelectors:
                 default:
-                  database: NeutronDatabasePassword
                   service: NeutronPassword
-                description: PasswordSelectors - Selectors to identify the DB and
-                  ServiceUser password from the Secret
+                description: PasswordSelectors - Selectors to identify the ServiceUser
+                  password from the Secret
                 properties:
-                  database:
-                    default: NeutronDatabasePassword
-                    description: 'Database - Selector to get the neutron database
-                      user password from the Secret TODO: not used, need change in
-                      mariadb-operator'
-                    type: string
                   service:
                     default: NeutronPassword
                     description: Database - Selector to get the neutron service password
@@ -2214,7 +2206,7 @@ spec:
                 type: object
               secret:
                 description: Secret containing OpenStack password information for
-                  NeutronDatabasePassword, NeutronPassword
+                  NeutronPassword
                 type: string
               serviceUser:
                 default: neutron

config/manager/kustomization.yaml

@@ -12,5 +12,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: quay.io/openstack-k8s-operators/neutron-operator
-  newTag: latest
+  newName: quay.io/rhn_engineering_mbayer/neutron-operator
+  newTag: 0.0.1

config/manifests/bases/neutron-operator.clusterserviceversion.yaml

@@ -18,6 +18,10 @@ spec:
       displayName: Neutron API
       kind: NeutronAPI
       name: neutronapis.neutron.openstack.org
+      specDescriptors:
+      - description: TLS - Parameters related to the TLS
+        displayName: TLS
+        path: tls
       version: v1beta1
   description: Neutron Operator
   displayName: Neutron Operator

config/samples/neutron_v1beta1_neutronapi.yaml

@@ -9,7 +9,7 @@ spec:
     [DEFAULT]
     debug = true
   databaseInstance: openstack
-  databaseUser: neutron
+  databaseAccount: neutron
   rabbitMqClusterName: rabbitmq
   memcachedInstance: memcached
   preserveJobs: false

config/samples/neutron_v1beta1_neutronapi_tls.yaml

@@ -9,7 +9,7 @@ spec:
     [DEFAULT]
     debug = true
   databaseInstance: openstack
-  databaseUser: neutron
+  databaseAccount: neutron
   rabbitMqClusterName: rabbitmq
   memcachedInstance: memcached
   preserveJobs: false

controllers/neutronapi_controller.go

@@ -334,7 +334,7 @@ func (r *NeutronAPIReconciler) reconcileDelete(ctx context.Context, instance *ne
 	Log.Info("Reconciling Service delete")
 
 	// remove db finalizer first
-	db, err := mariadbv1.GetDatabaseByName(ctx, helper, instance.Name)
+	db, err := mariadbv1.GetDatabaseByNameAndAccount(ctx, helper, neutronapi.Database, instance.Spec.DatabaseAccount, instance.Namespace)
 	if err != nil && !k8s_errors.IsNotFound(err) {
 		return ctrl.Result{}, err
 	}
@@ -399,22 +399,17 @@ func (r *NeutronAPIReconciler) reconcileInit(
 
 	// create neutron DB instance
 	//
-	db := mariadbv1.NewDatabaseWithNamespace(
-		neutronapi.Database,
-		instance.Spec.DatabaseUser,
-		instance.Spec.Secret,
-		map[string]string{
-			"dbName": instance.Spec.DatabaseInstance,
-		},
-		neutronapi.Database,
-		instance.Namespace,
+	db := mariadbv1.NewDatabaseForAccount(
+		instance.Spec.DatabaseInstance, // mariadb/galera service to target
+		neutronapi.Database,            // name used in CREATE DATABASE in mariadb
+		neutronapi.Database,            // CR name for MariaDBDatabase
+		instance.Spec.DatabaseAccount,  // CR name for MariaDBAccount
+		instance.Namespace,             // namespace
 	)
+
 	// create or patch the DB
-	ctrlResult, err := db.CreateOrPatchDBByName(
-		ctx,
-		helper,
-		instance.Spec.DatabaseInstance,
-	)
+	ctrlResult, err := db.CreateOrPatchAll(ctx, helper)
+
 	if err != nil {
 		instance.Status.Conditions.Set(condition.FalseCondition(
 			condition.DBReadyCondition,
@@ -913,6 +908,28 @@ func (r *NeutronAPIReconciler) reconcileNormal(ctx context.Context, instance *ne
 	instance.Status.Conditions.MarkTrue(condition.MemcachedReadyCondition, condition.MemcachedReadyMessage)
 	// run check memcached - end
 
+	// ensure MariaDBAccount exists.  This account record may be created by
+	// openstack-operator or the cloud operator up front without a specific
+	// MariaDBDatabase configured yet.   Otherwise, a MariaDBAccount CR is
+	// created here with a generated username as well as a secret with
+	// generated password.   The MariaDBAccount is created without being
+	// yet associated with any MariaDBDatabase.
+	_, _, err = mariadbv1.EnsureMariaDBAccount(
+		ctx, helper, instance.Spec.DatabaseAccount,
+		instance.Namespace, false,
+	)
+
+	if err != nil {
+		instance.Status.Conditions.Set(condition.FalseCondition(
+			mariadbv1.MariaDBAccountReadyCondition,
+			condition.ErrorReason,
+			condition.SeverityWarning,
+			mariadbv1.MariaDBAccountNotReadyMessage,
+			err.Error()))
+
+		return ctrl.Result{}, err
+	}
+
 	err = r.reconcileExternalSecrets(ctx, helper, instance, &secretVars)
 	if err != nil {
 		Log.Error(err, "Failed to reconcile external Secrets")
@@ -996,6 +1013,7 @@ func (r *NeutronAPIReconciler) reconcileNormal(ctx context.Context, instance *ne
 			err.Error()))
 		return ctrlResult, err
 	}
+
 	depl := deployment.NewDeployment(
 		deplDef,
 		time.Duration(5)*time.Second,
@@ -1047,6 +1065,16 @@ func (r *NeutronAPIReconciler) reconcileNormal(ctx context.Context, instance *ne
 	}
 	// create Deployment - end
 
+	if instance.Status.ReadyCount > 0 {
+		// remove finalizers from unused MariaDBAccount records
+		err = mariadbv1.DeleteUnusedMariaDBAccountFinalizers(
+			ctx, helper, neutronapi.Database,
+			instance.Spec.DatabaseAccount, instance.Namespace)
+		if err != nil {
+			return ctrl.Result{}, err
+		}
+	}
+
 	Log.Info("Reconciled Service successfully")
 	return ctrl.Result{}, nil
 }
@@ -1469,13 +1497,17 @@ func (r *NeutronAPIReconciler) generateServiceSecrets(
 
 	// Other OpenStack services
 	servicePassword := string(ospSecret.Data[instance.Spec.PasswordSelectors.Service])
-	databasePassword := string(ospSecret.Data[instance.Spec.PasswordSelectors.Database])
 	templateParameters["ServicePassword"] = servicePassword
 
 	// Database
+	databaseAccount, dbSecret, err := mariadbv1.GetAccountAndSecret(ctx, h, instance.Spec.DatabaseAccount, instance.Namespace)
+	if err != nil {
+		return err
+	}
+
 	templateParameters["DbHost"] = instance.Status.DatabaseHostname
-	templateParameters["DbUser"] = instance.Spec.DatabaseUser
-	templateParameters["DbPassword"] = databasePassword
+	templateParameters["DbUser"] = databaseAccount.Spec.UserName
+	templateParameters["DbPassword"] = string(dbSecret.Data[mariadbv1.DatabasePasswordSelector])
 	templateParameters["Db"] = neutronapi.Database
 
 	// OVN

go.mod

@@ -6,8 +6,8 @@ require (
 	github.com/go-logr/logr v1.4.1
 	github.com/google/uuid v1.6.0
 	github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0
-	github.com/onsi/ginkgo/v2 v2.14.0
-	github.com/onsi/gomega v1.30.0
+	github.com/onsi/ginkgo/v2 v2.15.0
+	github.com/onsi/gomega v1.31.1
 	github.com/openstack-k8s-operators/infra-operator/apis v0.3.1-0.20240218132212-ad757a2f5bab
 	github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240216173228-eec429bcc776
 	github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240216173409-86913e6d5885
@@ -90,4 +90,4 @@ replace github.com/openstack-k8s-operators/neutron-operator/api => ./api
 // must consistent within modules and service operators
 replace github.com/openshift/api => github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7 //allow-merging
 
-replace github.com/openstack-k8s-operators/mariadb-operator/api => github.com/zzzeek/mariadb-operator/api v0.3.1-0.20240215161542-20fe01710039 //allow-merging
+replace github.com/openstack-k8s-operators/mariadb-operator/api => github.com/zzzeek/mariadb-operator/api v0.3.1-0.20240222195117-de879c4be63a //allow-merging

go.sum

@@ -72,10 +72,10 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY=
-github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw=
-github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
-github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
+github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY=
+github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
+github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
+github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
 github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7 h1:rncLxJBpFGqBztyxCMwNRnMjhhIDOWHJowi6q8G6koI=
 github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4=
 github.com/openstack-k8s-operators/infra-operator/apis v0.3.1-0.20240218132212-ad757a2f5bab h1:zdI202C0TtXz5UPB+uTdxZtIaFseEDV0HtQ/MmX6hQU=
@@ -114,8 +114,8 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/zzzeek/mariadb-operator/api v0.3.1-0.20240215161542-20fe01710039 h1:RLkDT9hqh32CYLjKyuYVhVU7zcaan6q7bX8FdIiEWYc=
-github.com/zzzeek/mariadb-operator/api v0.3.1-0.20240215161542-20fe01710039/go.mod h1:52Ja/B4RrrytMmKh+Kf+/BPe7Fq40Pi77vcFH4yJeoU=
+github.com/zzzeek/mariadb-operator/api v0.3.1-0.20240222195117-de879c4be63a h1:eVtZZAIwgoyOGv1BdNsjy1WRsosdvK13NeYhyXikOIo=
+github.com/zzzeek/mariadb-operator/api v0.3.1-0.20240222195117-de879c4be63a/go.mod h1:f9IIyWeoskWoeWaDFF3qmAJ2Kqyovfi0Ar/QUfk3qag=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=