Handle postgresql host change. Still need a general garbage collection mechanism.

Author: Tyrion85

api/v1beta1/postgresql_types.go

@@ -21,7 +21,11 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-const DEFAULT_POSTGRESQL_ROOT_USER = "postgres"
+// defaults
+const (
+	DEFAULT_POSTGRESQL_ROOT_USER         = "postgres"
+	DEFAULT_ROOT_AUTHENTICATION_DATABASE = "postgres"
+)
 
 type PostgreSQLRootSecretLookup struct {
 	Name      string `json:"name"`
@@ -44,8 +48,10 @@ type PostgreSQLSpec struct {
 	Host string `json:"host"`
 	Port int64  `json:"port"`
 	// +optional
-	RootUsername     string                     `json:"rootUsername"`
-	RootSecretLookup PostgreSQLRootSecretLookup `json:"rootSecretLookup"`
+	RootUsername string `json:"rootUsername"`
+	// +optional
+	RootAuthenticationDatabase string                     `json:"rootAuthDatabase"`
+	RootSecretLookup           PostgreSQLRootSecretLookup `json:"rootSecretLookup"`
 	// Database credentials
 	Credentials PostgreSQLCredentials `json:"credentials"`
 }
@@ -111,6 +117,9 @@ func (this *PostgreSQL) SetDefaults() error {
 	if this.Spec.RootUsername == "" {
 		this.Spec.RootUsername = DEFAULT_POSTGRESQL_ROOT_USER
 	}
+	if this.Spec.RootAuthenticationDatabase == "" {
+		this.Spec.RootAuthenticationDatabase = DEFAULT_ROOT_AUTHENTICATION_DATABASE
+	}
 	if this.Spec.RootSecretLookup.Name == "" {
 		return errors.New("must specify root secret")
 	}

api/v1beta1/status.go

@@ -51,12 +51,16 @@ type DatabaseStatus struct {
 	Status  StatusCode `json:"status"`
 	Message string     `json:"message"`
 	Name    string     `json:"name"`
+	Host    string     `json:"host"`
 }
 
-func (s *DatabaseStatus) SetDatabaseStatus(code StatusCode, message string, name string) {
+func (s *DatabaseStatus) SetDatabaseStatus(code StatusCode, message string, name string, host string) {
 	s.Status = code
 	s.Message = message
 	if name != "" {
 		s.Name = name
 	}
+	if host != "" {
+		s.Host = host
+	}
 }

common/db/mongodb/repository.go

@@ -31,8 +31,9 @@ type UserHolder struct {
 }
 
 type MongoDBServer struct {
-	client *mongo.Client
-	URI    string
+	client                 *mongo.Client
+	uri                    string
+	authenticationDatabase string
 }
 
 func NewMongoDBServer(uri string, rootUser string, rootPassword string, authenticationDatabase string) (*MongoDBServer, error) {
@@ -54,31 +55,53 @@ func NewMongoDBServer(uri string, rootUser string, rootPassword string, authenti
 		return nil, err
 	}
 	return &MongoDBServer{
-		client: client,
-		URI:    uri,
+		client:                 client,
+		uri:                    uri,
+		authenticationDatabase: authenticationDatabase,
 	}, nil
 }
 
-func (m *MongoDBServer) SetupUser() {
-
+func (m *MongoDBServer) SetupUser(database string, username string, password string) (string, error) {
+	doesUserExist, err := m.doesUserExist(database, username)
+	if err != nil {
+		return "", err
+	}
+	if !doesUserExist {
+		return m.createUser(database, username, password)
+	}
+	return "user already exists", nil
 }
 
-func (m *MongoDBServer) DoesUserExist(database string, username string) (*Users, error) {
+func (m *MongoDBServer) doesUserExist(database string, username string) (bool, error) {
 	command := &bson.D{primitive.E{Key: "usersInfo", Value: username}}
 	r := m.runCommand(database, command)
 	if err := r.Err(); err != nil {
-		return nil, err
+		return false, err
 	}
 	var user Users
 	if err := r.Decode(&user); err != nil {
-		return nil, err
+		return false, err
+	}
+	if user.Users == nil || len(user.Users) == 0 {
+		return false, nil
 	}
-	return &user, nil
+	return true, nil
+	//if br, err := r.DecodeBytes(); err != nil {
+	//	return "", err
+	//} else {
+	//	return br.String(), nil
+	//}
+}
+
+func (m *MongoDBServer) createUser(database string, username string, password string) (string, error) {
+	//command := &bson.D{{"createUser", username}, {"pwd", password}, {"roles", []bson.M{{"role": "readWrite", "db": database}}}}
+	//r := m.runCommand(m.authenticationDatabase, command)
 	//if br, err := r.DecodeBytes(); err != nil {
 	//	return "", err
 	//} else {
 	//	return br.String(), nil
 	//}
+	return "", nil
 }
 
 func (m *MongoDBServer) runCommand(database string, command *bson.D) *mongo.SingleResult {

common/db/postgresql/cache.go

@@ -11,9 +11,9 @@ func NewCache() *Cache {
 	}
 }
 
-func (c *Cache) Get(host string, port string, rootUsername string, rootPassword string) (*PostgreSQLServer, error) {
+func (c *Cache) Get(host string, rootUsername string, rootPassword string, rootAuthenticationDatabase string) (*PostgreSQLServer, error) {
 	if _, ok := c.cache[host]; !ok {
-		if server, err := NewPostgreSQLServer(host, port, rootUsername, rootPassword); err != nil {
+		if server, err := NewPostgreSQLServer(host, rootUsername, rootPassword, rootAuthenticationDatabase); err != nil {
 			return nil, err
 		} else {
 			c.cache[host] = server

common/db/postgresql/repository.go

@@ -11,22 +11,27 @@ import (
 type PostgreSQLServer struct {
 	dbpool       *pgxpool.Pool
 	Host         string
-	Port         string
 	RootUser     string
 	RootPassword string
+	RootDatabase string
 }
 
-func NewPostgreSQLServer(host string, port string, rootUser string, rootPassword string) (*PostgreSQLServer, error) {
-	dbpool, err := pgxpool.Connect(context.Background(), fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=postgres", host, port, rootUser, rootPassword))
+func getPostgreSQLConnectionURI(host string, rootUser string, rootPassword string, rootDatabase string) string {
+	// alternative dsn string: "host=%s port=%s user=%s password=%s dbname=%s"
+	return fmt.Sprintf("postgresql://%s:%s@%s/%s", rootUser, rootPassword, host, rootDatabase)
+}
+
+func NewPostgreSQLServer(host string, rootUser string, rootPassword string, rootDatabase string) (*PostgreSQLServer, error) {
+	dbpool, err := pgxpool.Connect(context.Background(), getPostgreSQLConnectionURI(host, rootUser, rootPassword, rootDatabase))
 	if err != nil {
 		return nil, err
 	}
 	return &PostgreSQLServer{
 		dbpool:       dbpool,
 		Host:         host,
-		Port:         port,
 		RootUser:     rootUser,
 		RootPassword: rootPassword,
+		RootDatabase: rootDatabase,
 	}, nil
 }
 
@@ -144,14 +149,6 @@ func (s *PostgreSQLServer) revokeAllPrivileges(user string, database string) err
 	return nil
 }
 
-func (s *PostgreSQLServer) connect() (*pgxpool.Pool, error) {
-	dbpool, err := pgxpool.Connect(context.Background(), fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=postgres", s.Host, s.Port, s.RootUser, s.RootPassword))
-	if err != nil {
-		return nil, err
-	}
-	return dbpool, nil
-}
-
 func (s *PostgreSQLServer) doesDatabaseExist(database string) (bool, error) {
 	var result int64
 	err := s.dbpool.QueryRow(context.Background(), fmt.Sprintf("SELECT 1 FROM pg_database WHERE datname='%s';", database)).Scan(&result)

config/crd/bases/infra.doodle.com_mongodbs.yaml

@@ -103,13 +103,16 @@ spec:
               type: array
             database:
               properties:
+                host:
+                  type: string
                 message:
                   type: string
                 name:
                   type: string
                 status:
                   type: string
               required:
+              - host
               - message
               - name
               - status

config/crd/bases/infra.doodle.com_postgresqls.yaml

@@ -76,6 +76,8 @@ spec:
             port:
               format: int64
               type: integer
+            rootAuthDatabase:
+              type: string
             rootSecretLookup:
               properties:
                 field:
@@ -119,13 +121,16 @@ spec:
               type: array
             database:
               properties:
+                host:
+                  type: string
                 message:
                   type: string
                 name:
                   type: string
                 status:
                   type: string
               required:
+              - host
               - message
               - name
               - status

controllers/mongodb_controller.go

@@ -18,7 +18,6 @@ package controllers
 
 import (
 	"context"
-	"fmt"
 	"github.com/pkg/errors"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -68,18 +67,18 @@ func (r *MongoDBReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 	}
 
 	for _, credential := range mongodb.Spec.Credentials {
-		if u, err := mongodbserver.DoesUserExist(mongodb.Spec.DatabaseName, credential.UserName); err != nil {
+		if u, err := mongodbserver.SetupUser(mongodb.Spec.DatabaseName, credential.UserName, "password"); err != nil {
 			log.Error(err, "Error while getting user", "user", credential.UserName)
 			mongodb.Status.DatabaseStatus.Status = infrav1beta1.Available
 			mongodb.Status.DatabaseStatus.Message = err.Error()
 			return r.updateAndReturn(&ctx, &mongodb, &log)
 		} else {
-			if u == nil {
-				log.Info("user is nil")
-			} else {
-				log.Info("user returned", "whole struct", fmt.Sprintf("%+v", u))
-			}
-			//log.Info("user returned", "user", u)
+			//if u == nil {
+			//	log.Info("user is nil")
+			//} else {
+			//	log.Info("user returned", "whole struct", fmt.Sprintf("%+v", u))
+			//}
+			log.Info("user returned", "user", u)
 			mongodb.Status.DatabaseStatus.Status = infrav1beta1.Available
 			mongodb.Status.DatabaseStatus.Message = "Database up."
 		}

controllers/postgresql_controller.go

@@ -18,7 +18,6 @@ package controllers
 
 import (
 	"context"
-	"fmt"
 	infrav1beta1 "github.com/doodlescheduling/kubedb/api/v1beta1"
 	postgresqlAPI "github.com/doodlescheduling/kubedb/common/db/postgresql"
 	vaultAPI "github.com/doodlescheduling/kubedb/common/vault"
@@ -68,44 +67,64 @@ func (r *PostgreSQLReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error)
 
 	// set spec defaults. Does not mutate the spec, since we are not updating resource
 	if err := postgresql.SetDefaults(); err != nil {
-		postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Unavailable, err.Error(), "")
+		postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Unavailable, err.Error(), "", "")
+		postgresql.Status.CredentialsStatus = make(infrav1beta1.CredentialsStatus, 0)
 		return r.updateAndReturn(&ctx, &postgresql, &log)
 	}
 
 	// get root database password from k8s secret
 	rootPassword, err := r.getRootPassword(&ctx, postgresql.Spec.RootSecretLookup.Name, postgresql.Spec.RootSecretLookup.Namespace, postgresql.Spec.RootSecretLookup.Field)
 	if err != nil {
-		postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Unavailable, err.Error(), "")
+		postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Unavailable, err.Error(), "", "")
+		postgresql.Status.CredentialsStatus = make(infrav1beta1.CredentialsStatus, 0)
 		return r.updateAndReturn(&ctx, &postgresql, &log)
 	}
 
-	// postgresql connection, cached
-	postgreSQLServer, err := r.ServerCache.Get(postgresql.Spec.Host, fmt.Sprintf("%d", postgresql.Spec.Port), postgresql.Spec.RootUsername, rootPassword)
+	// if host is changed, drop credentials for old host. Keep database & data for now, until we figure out what we'll do with it
+	// TODO refactor to have a general garbage collector mechanism, instead of code throughout controller
+	if postgresql.Spec.Host != postgresql.Status.DatabaseStatus.Host {
+		// we might not be able to login with these old credentials anymore
+		postgreSQLServerOld, err := r.ServerCache.Get(postgresql.Status.DatabaseStatus.Host, postgresql.Spec.RootUsername, rootPassword, postgresql.Spec.RootAuthenticationDatabase)
+		if err != nil {
+			// ignore the error for now
+		} else {
+			postgresql.Status.CredentialsStatus.ForEach(func(status *infrav1beta1.CredentialStatus) {
+				_ = postgreSQLServerOld.DropUser(status.Username, postgresql.Status.DatabaseStatus.Name)
+			})
+		}
+	}
+
+	// postgresql connection to spec host, cached
+	postgreSQLServer, err := r.ServerCache.Get(postgresql.Spec.Host, postgresql.Spec.RootUsername, rootPassword, postgresql.Spec.RootAuthenticationDatabase)
 	if err != nil {
-		postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Unavailable, err.Error(), "")
+		postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Unavailable, err.Error(), "", postgresql.Spec.Host)
+		postgresql.Status.CredentialsStatus = make(infrav1beta1.CredentialsStatus, 0)
 		return r.updateAndReturn(&ctx, &postgresql, &log)
 	}
 	// vault connection, cached
 	vault, err := r.VaultCache.Get(postgresql.Spec.RootSecretLookup.Name)
 	if err != nil {
-		postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Unavailable, err.Error(), "")
+		postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Unavailable, err.Error(), "", postgresql.Spec.Host)
+		postgresql.Status.CredentialsStatus = make(infrav1beta1.CredentialsStatus, 0)
 		return r.updateAndReturn(&ctx, &postgresql, &log)
 	}
 
 	// TODO for now, disallow database renaming
 	if postgresql.Spec.DatabaseName != postgresql.Status.DatabaseStatus.Name && postgresql.Status.DatabaseStatus.Name != "" {
-		postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Unavailable, "Cannot change the name of the database.", "")
+		postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Unavailable, "Cannot change the name of the database.", "", postgresql.Spec.Host)
+		postgresql.Status.CredentialsStatus = make(infrav1beta1.CredentialsStatus, 0)
 		r.ServerCache.Remove(postgresql.Spec.Host)
 		return r.updateAndReturn(&ctx, &postgresql, &log)
 	}
 
 	// Setup database
 	if err := postgreSQLServer.CreateDatabaseIfNotExists(postgresql.Spec.DatabaseName); err != nil {
-		postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Unavailable, err.Error(), "")
+		postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Unavailable, err.Error(), "", postgresql.Spec.Host)
+		postgresql.Status.CredentialsStatus = make(infrav1beta1.CredentialsStatus, 0)
 		r.ServerCache.Remove(postgresql.Spec.Host)
 		return r.updateAndReturn(&ctx, &postgresql, &log)
 	}
-	postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Available, "Database up.", postgresql.Spec.DatabaseName)
+	postgresql.Status.DatabaseStatus.SetDatabaseStatus(infrav1beta1.Available, "Database up.", postgresql.Spec.DatabaseName, postgresql.Spec.Host)
 
 	// Delete all credentials if they exist, and are no longer required by spec
 	if postgresql.Spec.Credentials == nil {