Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #760 by making administrator_login & administrator_password optional for connection details #761

Merged
merged 5 commits into from
Jun 12, 2024
Merged

Fix #760 by making administrator_login & administrator_password optional for connection details #761

merged 5 commits into from
Jun 12, 2024

Conversation

niiku
Copy link
Contributor

@niiku niiku commented Jun 9, 2024
edited by turkenf
Loading

Description of your changes

As described in #760 disabling password auth (only enabling azure ad) results in a panic as no credential details are available. Within this PR checks are introduced which verify the existence of username/password and only then add it to the credential details.

As general "inspiration" I oriented the change on how it's done for MSSQL: https://github.com/crossplane-contrib/provider-upjet-azure/blob/main/config/sql/config.go#L39

Fixes #760

I have:

  • Read and followed Crossplane's contribution process.
  • [] Run make reviewable to ensure this PR is ready for review. <- I somehow didn't get that command running. But I doubt it's because of my code changes..
  • [] Added backport release-x.y labels to auto-backport this PR if necessary. <- Not too sure. I need input from the maintainers if it makes sense to backport?

How has this code been tested

I run the fixed provider within my cluster with the example MR as described in the bug report. With the applied changes, the panic is not appearing and the .status of the FlexibleServer MR is updated when creating with disabled password auth.

A successful uptest run of the resource: https://github.com/crossplane-contrib/provider-upjet-azure/actions/runs/9483541667

@niiku
Fix crossplane-contrib#760 by making administrator_login & administra…
a7f4141 
…tor_password optional for connection details

Signed-off-by: Nikolas Philips <nikolas.philips@gmail.com>
@jeanduplessis
Copy link
Collaborator

/test-examples="examples/dbforpostgresql/v1beta2/flexibleserver.yaml"

@niiku
Copy link
Contributor Author

niiku commented Jun 11, 2024

@jeanduplessis Thanks a lot for letting the tests run.

I see the e2e tests failed because of:

2024-06-11T00:49:05.3192834Z     logger.go:42: 00:49:05 | case/0-apply | error: timed out waiting for the condition on flexibleservers/example
2024-06-11T00:49:05.3217259Z     logger.go:42: 00:49:05 | case/0-apply | command failure, skipping 5 additional commands
2024-06-11T00:49:06.3221590Z     logger.go:42: 00:49:06 | case/0-apply | running command: [/home/runner/work/provider-upjet-azure/provider-upjet-azure/.cache/tools/linux_x86_64/kubectl-v1.24.3 annotate managed --all upjet.upbound.io/test=true --overwrite]
....
2024-06-11T00:30:57.3562726Z     logger.go:42: 00:30:57 | case/0-apply |       message: 'cannot resolve references: mg.Spec.ForProvider.DelegatedSubnetID:
2024-06-11T00:30:57.3565030Z     logger.go:42: 00:30:57 | case/0-apply |         referenced field was empty (referenced resource may not yet be ready)'

resp.

    logger.go:42: 00:50:38 | case/0-apply |         Virtual Network Link Name: "example"): performing CreateOrUpdate: unexpected status 404 with error: ParentResourceNotFound: Failed to perform 'write' on resource(s) of type 'privateDnsZones/virtualNetworkLinks', because the parent resource '/subscriptions/2895a7df-ae9f-41b8-9e78-3ce4926df838/resourceGroups/example/providers/Microsoft.Network/privateDnsZones/example' could not be found.  []***]

I could be mistaken, but this does not seem to be related to my changes at all.

Is there a case where this e2e test for flexible server v1beta2 has run through? I surely could invest some time to fix the e2e tests - but first wanted to have confirmation from someone else that this is more of a "general e2e test"-issue than related to my code changes.

@turkenf
Copy link
Collaborator

turkenf commented Jun 11, 2024

Hey @niiku, many thanks for your effort and interest here, we appreciate it.

I could be mistaken, but this does not seem to be related to my changes at all.

Yes, this is not related to the change you made, the e2e test of the current version of the resource seems to be unverified. Dependent resources need to be checked and selectors need to be adjusted.

@niiku
Copy link
Contributor Author

niiku commented Jun 11, 2024

@turkenf Thanks a lot for your answer! I could have a look at the e2e tests. As far as I understood the code base, there aren't that many unit tests done for config.go - so I wanted to get some input how to best "bake in" the use case I added in form of tests. Might you guide me if you rather would like to see unit tests (as this might be well testable on this level) and/or have an e2e for this case as well?

@niiku
Copy link
Contributor Author

niiku commented Jun 11, 2024

@jeanduplessis @turkenf I think i might have fixed the e2e as simply the privat dns name wasn't set correctly. Could you let them run again?

@niiku
Fix private dns zone name
38e90ec 
Signed-off-by: Nikolas Philips <nikolas.philips@baloise.com>
@niiku niiku force-pushed the fix/make-credential-details branch from b8e157d to 38e90ec Compare June 11, 2024 20:03
@turkenf
Copy link
Collaborator

turkenf commented Jun 12, 2024

/test-examples="examples/dbforpostgresql/v1beta2/flexibleserver.yaml"

Set autoGeneratePassword: true to fix e2e errors
13e64da 
Signed-off-by: Nikolas Philips <nikolas.philips@baloise.com>
@turkenf
Copy link
Collaborator

turkenf commented Jun 12, 2024

Hey @niiku, I have manually checked the resource's examples/dbforpostgresql/v1beta2/flexibleserver.yaml YAML file except for the changes you have made so far and I think the following changes are considerable:

  • We have an uptest.upbound.io/timeout annotation that we use in e2e tests, we use this annotation when the creation and deletion of the resource takes over 20 minutes. When I look at the Terraform documentation, I think it would be useful to add the annotation uptest.upbound.io/timeout: "3600", this gives us 1 hour for testing.
    As an example:

    provider-upjet-azure/examples/dbforpostgresql/v1beta1/virtualnetworkrule.yaml

    Line 10 in 0a511b8

    uptest.upbound.io/timeout: "3600"

  • It would be logical to remove the spec.forProvider.zone field of the FlexibleServer resource since it is optional, so it will automatically be assigned to the available zone.

Add autoGeneratePassword to provide password secret / Remove zone to …
2d73345 
…allow distribution / increase default postgresql version as 16 is now latest

Signed-off-by: Nikolas Philips <nikolas.philips@baloise.com>
@turkenf
Copy link
Collaborator

turkenf commented Jun 12, 2024

/test-examples="examples/dbforpostgresql/v1beta2/flexibleserver.yaml"

@niiku
Copy link
Contributor Author

niiku commented Jun 12, 2024

I added the following changes:

  • Added autoGeneratePassword because of
2024-06-12T07:56:29.1795017Z     logger.go:42: 07:56:29 | case/0-apply |       message: 'create failed: async create failed: failed to create the resource:
2024-06-12T07:56:29.1796616Z     logger.go:42: 07:56:29 | case/0-apply |         [***0 `administrator_password` is required when `create_mode` is `Default` and
2024-06-12T07:56:29.1798019Z     logger.go:42: 07:56:29 | case/0-apply |         `authentication.password_auth_enabled` is set to `true`  []***]'
  • Removed the zone to allow better distribution
  • Updated PostgreSQL version to 16 as it's latest

I would not recommend to increase the timeout - as this setup should be provisioned in like ~10min - so 30min as timeout is sufficient - if it takes longer it just delays the time until we get feedback from the e2e tests.

Could you run the e2e tests again?

Fix version
0800fce 
Signed-off-by: Nikolas Philips <nikolas.philips@baloise.com>
@turkenf
Copy link
Collaborator

turkenf commented Jun 12, 2024

/test-examples="examples/dbforpostgresql/v1beta2/flexibleserver.yaml"

1 similar comment
@turkenf
Copy link
Collaborator

turkenf commented Jun 12, 2024

/test-examples="examples/dbforpostgresql/v1beta2/flexibleserver.yaml"

turkenf
turkenf approved these changes Jun 12, 2024
View reviewed changes
Copy link
Collaborator

@turkenf turkenf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many thanks for your effort @niiku 🙌

@turkenf turkenf merged commit 89cae5a into crossplane-contrib:main Jun 12, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@turkenf turkenf turkenf approved these changes

@ulucinar ulucinar Awaiting requested review from ulucinar ulucinar is a code owner

@sergenyalcin sergenyalcin Awaiting requested review from sergenyalcin sergenyalcin is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: "Observed a panic" with FlexibleServer set "authentication.passwordAuthEnabled: false."
3 participants
@niiku @jeanduplessis @turkenf