Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(discovery): allow configurations for discovery service #474

Merged
merged 21 commits into from
Oct 14, 2022
Merged

feat(discovery): allow configurations for discovery service #474

merged 21 commits into from
Oct 14, 2022

Conversation

tthvo
Copy link
Member

@tthvo tthvo commented Oct 12, 2022
edited

This PR includes configurations to discovery service:

  • The operator now manages a Secret that will provide generated password for CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD variable.
  • Built-in Discovery Service can now be disabled via Cryostat CR spec.
  • Cryostat is deployed with h2:file if PVC is configured/defaulted. Otherwise, h2:mem is used.

I also added missing nil-checks in test resources.

Fixes: #452, #451, #465

@tthvo tthvo added the feat New feature or request label Oct 12, 2022
This was linked to issues Oct 13, 2022
Cryostat should be deployed in h2:file mode #451
Closed
Generate credentials DB password #465
Closed
andrewazores
andrewazores reviewed Oct 13, 2022
View reviewed changes
docs/config.md Outdated Show resolved Hide resolved
ebaron
ebaron reviewed Oct 13, 2022
View reviewed changes
Copy link
Member

@ebaron ebaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @tthvo looks good! Just a few style comments at first glance.

api/v1beta1/cryostat_types.go Outdated Show resolved Hide resolved
api/v1beta1/cryostat_types.go Outdated Show resolved Hide resolved
docs/config.md Outdated Show resolved Hide resolved
internal/controllers/common/resource_definitions/resource_definitions.go Outdated Show resolved Hide resolved
internal/controllers/common/resource_definitions/resource_definitions.go Outdated Show resolved Hide resolved
internal/controllers/secrets.go Outdated Show resolved Hide resolved
internal/controllers/secrets.go Outdated Show resolved Hide resolved
@tthvo
Copy link
Member Author

tthvo commented Oct 13, 2022

With the latest commits, I made the following changes:

  • The credentials database password must be configured via a spec field to point to an existing secret. The secret must have the key CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD with password. This secret (or specifically the password) must not be editted.
  • Operator only accesses the key CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD in the secret instead of reading every keys.
  • For test, I add a test secret for all test cases since it is always required for Cryostat to work.

@tthvo
Copy link
Member Author

tthvo commented Oct 13, 2022
edited

I added new changes from last time:

  • Database Secret Name spec is now optional. However, it must be specified or not at all for the entire lifetime of the Cryostat CR. If persistent volume is re-regained, it must be in cleaned up. Switching is not allowed to avoid failed access due to password mismatch.
  • The Operator still manages the changes due to switching (i.e. delete generated secret if spec is set or generate a new one if not) but failure in Cryostat due to this change is not handled.

@andrewazores andrewazores mentioned this pull request Oct 13, 2022
Merged
andrewazores
andrewazores reviewed Oct 13, 2022
View reviewed changes
docs/config.md Outdated Show resolved Hide resolved
andrewazores
andrewazores reviewed Oct 13, 2022
View reviewed changes
docs/config.md Outdated Show resolved Hide resolved
@andrewazores
Copy link
Member

Other than docs typos above the code changes make sense to me. I'll build and test this out shortly.

andrewazores
andrewazores reviewed Oct 13, 2022
View reviewed changes
Copy link
Member

@andrewazores andrewazores left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, will leave it for ebaron to approve

ebaron
ebaron reviewed Oct 14, 2022
View reviewed changes
Copy link
Member

@ebaron ebaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about this idea to guard against the user breaking their credentials DB by destroying the password?

  1. If the CR doesn't have a defined DatabaseSecretName, create the default secret with a generated password
  2. When creating the deployment, check whether the default secret exists.
    • If it does, then the CR initially had no custom secret and the credentials DB would have been created with the generated password.
    • If it doesn't, then check if DatabaseSecretName has been set (it should), and use that.
    • If for some reason the DatabaseSecretName is not set, then the password has been lost. Likely due to the user deleting the default secret. We could emit an Event here.

@ebaron
Copy link
Member

ebaron commented Oct 14, 2022

How about this idea to guard against the user breaking their credentials DB by destroying the password?

1. If the CR doesn't have a defined `DatabaseSecretName`, create the default secret with a generated password

2. When creating the deployment, check whether the default secret exists.
   
   * If it does, then the CR initially had no custom secret and the credentials DB would have been created with the generated password.
   * If it doesn't, then check if `DatabaseSecretName` has been set (it should), and use that.
   * If for some reason the `DatabaseSecretName` is not set, then the password has been lost. Likely due to the user deleting the default secret. We could emit an Event here.

@tthvo This can be in a follow-up PR I think.

@tthvo
Copy link
Member Author

tthvo commented Oct 14, 2022
edited

How about this idea to guard against the user breaking their credentials DB by destroying the password?

1. If the CR doesn't have a defined `DatabaseSecretName`, create the default secret with a generated password

2. When creating the deployment, check whether the default secret exists.
   
   * If it does, then the CR initially had no custom secret and the credentials DB would have been created with the generated password.
   * If it doesn't, then check if `DatabaseSecretName` has been set (it should), and use that.
   * If for some reason the `DatabaseSecretName` is not set, then the password has been lost. Likely due to the user deleting the default secret. We could emit an Event here.

Right, thats a good idea. This means we don't delete the default secret if switching from default to provided secret option so that we can check when creating the deployment?

@ebaron
Copy link
Member

ebaron commented Oct 14, 2022

Right, it may be a good idea as a temporary measure to just not delete the generated secret. I don't think that will ever result in a working deployment. At least with it still around, users can revert their changes.

@tthvo
Copy link
Member Author

tthvo commented Oct 14, 2022

Just a question: What about the case where the user switch from custom secret to default one? The default secret will take place and still make Cryostat fail right?

@tthvo tthvo mentioned this pull request Oct 14, 2022
Closed
@tthvo
Copy link
Member Author

tthvo commented Oct 14, 2022

I opened the issue for the follow up at #475 :D

@ebaron
Copy link
Member

ebaron commented Oct 14, 2022
edited

Just a question: What about the case where the user switch from custom secret to default one? The default secret will take place and still make Cryostat fail right?

True, that would be harder to detect. How about this idea instead? We add a Status.DatabaseSecret to the CRD. We write to this field once, which will be the canonical database secret for the lifetime of that Cryostat. We could do this by comparing against the existing value of the field and only setting it when nil. Then the secret referenced here would be what the Deployment uses.

@tthvo
Copy link
Member Author

tthvo commented Oct 14, 2022
edited

Right that would be a better safe guarding against it. Would you prefer in a separate PR later or in this PR too?

Also, if Cryostat is re-created and somehow persistent volume is regained (not clean up), then switching could cause failure since the status is now initiated differently.

@ebaron
Copy link
Member

ebaron commented Oct 14, 2022

Right that would be a better safe guarding against it. Would you prefer in a separate PR later or in this PR too?

Separate PR is fine. That would actually be the fix for #475.

@tthvo
Copy link
Member Author

tthvo commented Oct 14, 2022

@ebaron When I run go mod tidy, the module require github.com/google/go-cmp v0.5.6 seems to changed to be a direct required instead of indirect. Is this change desired?

diff --git a/go.mod b/go.mod
index 80dfb7f..1695415 100644
--- a/go.mod
+++ b/go.mod
@@ -15,6 +15,8 @@ require (
        sigs.k8s.io/controller-runtime v0.12.1
 )
        sigs.k8s.io/controller-runtime v0.12.1
 )
 
+require github.com/google/go-cmp v0.5.6
+
 require (
        cloud.google.com/go v0.90.0 // indirect
        github.com/Azure/go-autorest v14.2.0+incompatible // indirect
@@ -41,7 +43,6 @@ require (
        github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
        github.com/golang/protobuf v1.5.2 // indirect
        github.com/google/gnostic v0.5.7-v3refs // indirect
-       github.com/google/go-cmp v0.5.6 // indirect
        github.com/google/gofuzz v1.2.0 // indirect

@ebaron
Copy link
Member

ebaron commented Oct 14, 2022

@ebaron When I run go mod tidy, the module require github.com/google/go-cmp v0.5.6 seems to changed to be a direct required instead of indirect. Is this change desired?

diff --git a/go.mod b/go.mod
index 80dfb7f..1695415 100644
--- a/go.mod
+++ b/go.mod
@@ -15,6 +15,8 @@ require (
        sigs.k8s.io/controller-runtime v0.12.1
 )
        sigs.k8s.io/controller-runtime v0.12.1
 )
 
+require github.com/google/go-cmp v0.5.6
+
 require (
        cloud.google.com/go v0.90.0 // indirect
        github.com/Azure/go-autorest v14.2.0+incompatible // indirect
@@ -41,7 +43,6 @@ require (
        github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
        github.com/golang/protobuf v1.5.2 // indirect
        github.com/google/gnostic v0.5.7-v3refs // indirect
-       github.com/google/go-cmp v0.5.6 // indirect
        github.com/google/gofuzz v1.2.0 // indirect

Oh, that must have been caused by #433 where I used cmp to compare selectors. This change is wanted, but I would add it into the existing require ( ... ) block.

ebaron
ebaron approved these changes Oct 14, 2022
View reviewed changes
Copy link
Member

@ebaron ebaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everything seems to work as expected. Nice work @tthvo!

@ebaron ebaron merged commit 57457ba into cryostatio:main Oct 14, 2022
@tthvo tthvo deleted the discovery-config branch October 14, 2022 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewazores andrewazores andrewazores left review comments

@ebaron ebaron ebaron approved these changes

Assignees
No one assigned
Labels
feat New feature or request
Projects
No open projects
2.2.0 Release
Status: Done
Milestone
No milestone
3 participants
@tthvo @andrewazores @ebaron