From 0aadf0b5098faca1d8c893db71062c883554f976 Mon Sep 17 00:00:00 2001 From: Mike Bayer Date: Fri, 8 Mar 2024 09:56:51 -0500 Subject: [PATCH] migrate from databaseUsername to databaseAccount and fully use MariaDBAccount --- Makefile | 4 +- .../barbican.openstack.org_barbicanapis.yaml | 20 ++-- ...enstack.org_barbicankeystonelisteners.yaml | 20 ++-- .../barbican.openstack.org_barbicans.yaml | 20 ++-- ...arbican.openstack.org_barbicanworkers.yaml | 20 ++-- api/go.mod | 4 +- api/go.sum | 8 +- api/v1beta1/common_types.go | 12 +- .../barbican.openstack.org_barbicanapis.yaml | 20 ++-- ...enstack.org_barbicankeystonelisteners.yaml | 20 ++-- .../barbican.openstack.org_barbicans.yaml | 20 ++-- ...arbican.openstack.org_barbicanworkers.yaml | 20 ++-- config/samples/barbican_v1beta1_barbican.yaml | 2 +- controllers/barbican_controller.go | 66 ++++++++--- controllers/barbicanapi_controller.go | 9 +- .../barbicankeystonelistener_controller.go | 14 +-- controllers/barbicanworker_controller.go | 14 +-- go.mod | 6 +- go.sum | 12 +- pkg/barbican/const.go | 11 +- tests/functional/barbican_controller_test.go | 107 ++++++++++++++++-- tests/functional/barbican_test_data.go | 22 +++- .../common/assert_sample_deployment.yaml | 2 +- tests/kuttl/tests/barbican_tls/01-assert.yaml | 2 +- 24 files changed, 272 insertions(+), 183 deletions(-) diff --git a/Makefile b/Makefile index 2921a33..1dbe4b4 100644 --- a/Makefile +++ b/Makefile @@ -121,7 +121,9 @@ PROC_CMD = --procs ${PROCS} .PHONY: test test: manifests generate fmt vet envtest ginkgo ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" $(GINKGO) --trace --cover --coverpkg=../../pkg/barbican,../../controllers,../../api/v1beta1 --coverprofile cover.out --covermode=atomic ${PROC_CMD} $(GINKGO_ARGS) ./tests/... + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" \ + OPERATOR_TEMPLATES="$(shell pwd)/templates" \ + $(GINKGO) --trace --cover --coverpkg=../../pkg/barbican,../../controllers,../../api/v1beta1 --coverprofile cover.out --covermode=atomic ${PROC_CMD} $(GINKGO_ARGS) ./tests/... ##@ Build diff --git a/api/bases/barbican.openstack.org_barbicanapis.yaml b/api/bases/barbican.openstack.org_barbicanapis.yaml index 8135f19..ea86d1a 100644 --- a/api/bases/barbican.openstack.org_barbicanapis.yaml +++ b/api/bases/barbican.openstack.org_barbicanapis.yaml @@ -54,6 +54,11 @@ spec: items: type: string type: array + databaseAccount: + default: barbican + description: DatabaseAccount - optional MariaDBAccount CR name used + for barbican DB, defaults to barbican + type: string databaseHostname: description: DatabaseHostname - Barbican Database Hostname type: string @@ -62,11 +67,6 @@ spec: right? Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future' type: string - databaseUser: - default: barbican - description: DatabaseUser - optional username used for barbican DB, - defaults to barbican - type: string defaultConfigOverwrite: additionalProperties: type: string @@ -269,17 +269,11 @@ spec: type: object passwordSelectors: default: - database: BarbicanDatabasePassword service: BarbicanPassword simplecryptokek: BarbicanSimpleCryptoKEK - description: PasswordSelectors - Selectors to identify the DB and - ServiceUser password from the Secret + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret properties: - database: - default: BarbicanDatabasePassword - description: Database - Selector to get the barbican database - user password from the Secret - type: string service: default: BarbicanPassword description: Service - Selector to get the barbican service user diff --git a/api/bases/barbican.openstack.org_barbicankeystonelisteners.yaml b/api/bases/barbican.openstack.org_barbicankeystonelisteners.yaml index 3dd591d..8f7e487 100644 --- a/api/bases/barbican.openstack.org_barbicankeystonelisteners.yaml +++ b/api/bases/barbican.openstack.org_barbicankeystonelisteners.yaml @@ -56,6 +56,11 @@ spec: items: type: string type: array + databaseAccount: + default: barbican + description: DatabaseAccount - optional MariaDBAccount CR name used + for barbican DB, defaults to barbican + type: string databaseHostname: type: string databaseInstance: @@ -63,11 +68,6 @@ spec: right? Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future' type: string - databaseUser: - default: barbican - description: DatabaseUser - optional username used for barbican DB, - defaults to barbican - type: string defaultConfigOverwrite: additionalProperties: type: string @@ -91,17 +91,11 @@ spec: type: object passwordSelectors: default: - database: BarbicanDatabasePassword service: BarbicanPassword simplecryptokek: BarbicanSimpleCryptoKEK - description: PasswordSelectors - Selectors to identify the DB and - ServiceUser password from the Secret + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret properties: - database: - default: BarbicanDatabasePassword - description: Database - Selector to get the barbican database - user password from the Secret - type: string service: default: BarbicanPassword description: Service - Selector to get the barbican service user diff --git a/api/bases/barbican.openstack.org_barbicans.yaml b/api/bases/barbican.openstack.org_barbicans.yaml index bc9a351..229e2d0 100644 --- a/api/bases/barbican.openstack.org_barbicans.yaml +++ b/api/bases/barbican.openstack.org_barbicans.yaml @@ -574,16 +574,16 @@ spec: added to to /etc//.conf.d directory as custom.conf file. type: string + databaseAccount: + default: barbican + description: DatabaseAccount - optional MariaDBAccount CR name used + for barbican DB, defaults to barbican + type: string databaseInstance: description: 'MariaDB instance name TODO(dmendiza): Is this comment right? Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future' type: string - databaseUser: - default: barbican - description: DatabaseUser - optional username used for barbican DB, - defaults to barbican - type: string defaultConfigOverwrite: additionalProperties: type: string @@ -601,17 +601,11 @@ spec: type: object passwordSelectors: default: - database: BarbicanDatabasePassword service: BarbicanPassword simplecryptokek: BarbicanSimpleCryptoKEK - description: PasswordSelectors - Selectors to identify the DB and - ServiceUser password from the Secret + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret properties: - database: - default: BarbicanDatabasePassword - description: Database - Selector to get the barbican database - user password from the Secret - type: string service: default: BarbicanPassword description: Service - Selector to get the barbican service user diff --git a/api/bases/barbican.openstack.org_barbicanworkers.yaml b/api/bases/barbican.openstack.org_barbicanworkers.yaml index 62ff0d4..db894a7 100644 --- a/api/bases/barbican.openstack.org_barbicanworkers.yaml +++ b/api/bases/barbican.openstack.org_barbicanworkers.yaml @@ -54,6 +54,11 @@ spec: items: type: string type: array + databaseAccount: + default: barbican + description: DatabaseAccount - optional MariaDBAccount CR name used + for barbican DB, defaults to barbican + type: string databaseHostname: type: string databaseInstance: @@ -61,11 +66,6 @@ spec: right? Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future' type: string - databaseUser: - default: barbican - description: DatabaseUser - optional username used for barbican DB, - defaults to barbican - type: string defaultConfigOverwrite: additionalProperties: type: string @@ -89,17 +89,11 @@ spec: type: object passwordSelectors: default: - database: BarbicanDatabasePassword service: BarbicanPassword simplecryptokek: BarbicanSimpleCryptoKEK - description: PasswordSelectors - Selectors to identify the DB and - ServiceUser password from the Secret + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret properties: - database: - default: BarbicanDatabasePassword - description: Database - Selector to get the barbican database - user password from the Secret - type: string service: default: BarbicanPassword description: Service - Selector to get the barbican service user diff --git a/api/go.mod b/api/go.mod index 3bc1bf8..a39f828 100644 --- a/api/go.mod +++ b/api/go.mod @@ -3,8 +3,8 @@ module github.com/openstack-k8s-operators/barbican-operator/api go 1.20 require ( - github.com/onsi/ginkgo/v2 v2.14.0 - github.com/onsi/gomega v1.30.0 + github.com/onsi/ginkgo/v2 v2.15.0 + github.com/onsi/gomega v1.31.1 github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240216173409-86913e6d5885 k8s.io/api v0.28.3 k8s.io/apimachinery v0.28.3 diff --git a/api/go.sum b/api/go.sum index 6897d20..a26da23 100644 --- a/api/go.sum +++ b/api/go.sum @@ -81,10 +81,10 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= -github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= +github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= +github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= +github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240216173409-86913e6d5885 h1:o7KZaxKt8Dr97ZJIBPW0P482gLyFEURKF89fizcJCBQ= github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240216173409-86913e6d5885/go.mod h1:bQwzyQtWCR9F0+IvWZ30J9d1lB6tcX3CNJ0Ten1smDw= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= diff --git a/api/v1beta1/common_types.go b/api/v1beta1/common_types.go index 2666686..b23275c 100644 --- a/api/v1beta1/common_types.go +++ b/api/v1beta1/common_types.go @@ -22,8 +22,8 @@ type BarbicanTemplate struct { // +kubebuilder:validation:Optional // +kubebuilder:default=barbican - // DatabaseUser - optional username used for barbican DB, defaults to barbican - DatabaseUser string `json:"databaseUser"` + // DatabaseAccount - optional MariaDBAccount CR name used for barbican DB, defaults to barbican + DatabaseAccount string `json:"databaseAccount"` // +kubebuilder:validation:Required // +kubebuilder:default=rabbitmq @@ -42,8 +42,8 @@ type BarbicanTemplate struct { Secret string `json:"secret"` // +kubebuilder:validation:Optional - // +kubebuilder:default={database: BarbicanDatabasePassword, service: BarbicanPassword, simplecryptokek: BarbicanSimpleCryptoKEK} - // PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret + // +kubebuilder:default={service: BarbicanPassword, simplecryptokek: BarbicanSimpleCryptoKEK} + // PasswordSelectors - Selectors to identify the ServiceUser password from the Secret PasswordSelectors PasswordSelector `json:"passwordSelectors"` // +kubebuilder:validation:Optional @@ -103,10 +103,6 @@ type BarbicanComponentTemplate struct { // PasswordSelector to identify the DB and AdminUser password from the Secret type PasswordSelector struct { - // +kubebuilder:validation:Optional - // +kubebuilder:default="BarbicanDatabasePassword" - // Database - Selector to get the barbican database user password from the Secret - Database string `json:"database"` // +kubebuilder:validation:Optional // +kubebuilder:default="BarbicanPassword" // Service - Selector to get the barbican service user password from the Secret diff --git a/config/crd/bases/barbican.openstack.org_barbicanapis.yaml b/config/crd/bases/barbican.openstack.org_barbicanapis.yaml index 8135f19..ea86d1a 100644 --- a/config/crd/bases/barbican.openstack.org_barbicanapis.yaml +++ b/config/crd/bases/barbican.openstack.org_barbicanapis.yaml @@ -54,6 +54,11 @@ spec: items: type: string type: array + databaseAccount: + default: barbican + description: DatabaseAccount - optional MariaDBAccount CR name used + for barbican DB, defaults to barbican + type: string databaseHostname: description: DatabaseHostname - Barbican Database Hostname type: string @@ -62,11 +67,6 @@ spec: right? Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future' type: string - databaseUser: - default: barbican - description: DatabaseUser - optional username used for barbican DB, - defaults to barbican - type: string defaultConfigOverwrite: additionalProperties: type: string @@ -269,17 +269,11 @@ spec: type: object passwordSelectors: default: - database: BarbicanDatabasePassword service: BarbicanPassword simplecryptokek: BarbicanSimpleCryptoKEK - description: PasswordSelectors - Selectors to identify the DB and - ServiceUser password from the Secret + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret properties: - database: - default: BarbicanDatabasePassword - description: Database - Selector to get the barbican database - user password from the Secret - type: string service: default: BarbicanPassword description: Service - Selector to get the barbican service user diff --git a/config/crd/bases/barbican.openstack.org_barbicankeystonelisteners.yaml b/config/crd/bases/barbican.openstack.org_barbicankeystonelisteners.yaml index 3dd591d..8f7e487 100644 --- a/config/crd/bases/barbican.openstack.org_barbicankeystonelisteners.yaml +++ b/config/crd/bases/barbican.openstack.org_barbicankeystonelisteners.yaml @@ -56,6 +56,11 @@ spec: items: type: string type: array + databaseAccount: + default: barbican + description: DatabaseAccount - optional MariaDBAccount CR name used + for barbican DB, defaults to barbican + type: string databaseHostname: type: string databaseInstance: @@ -63,11 +68,6 @@ spec: right? Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future' type: string - databaseUser: - default: barbican - description: DatabaseUser - optional username used for barbican DB, - defaults to barbican - type: string defaultConfigOverwrite: additionalProperties: type: string @@ -91,17 +91,11 @@ spec: type: object passwordSelectors: default: - database: BarbicanDatabasePassword service: BarbicanPassword simplecryptokek: BarbicanSimpleCryptoKEK - description: PasswordSelectors - Selectors to identify the DB and - ServiceUser password from the Secret + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret properties: - database: - default: BarbicanDatabasePassword - description: Database - Selector to get the barbican database - user password from the Secret - type: string service: default: BarbicanPassword description: Service - Selector to get the barbican service user diff --git a/config/crd/bases/barbican.openstack.org_barbicans.yaml b/config/crd/bases/barbican.openstack.org_barbicans.yaml index bc9a351..229e2d0 100644 --- a/config/crd/bases/barbican.openstack.org_barbicans.yaml +++ b/config/crd/bases/barbican.openstack.org_barbicans.yaml @@ -574,16 +574,16 @@ spec: added to to /etc//.conf.d directory as custom.conf file. type: string + databaseAccount: + default: barbican + description: DatabaseAccount - optional MariaDBAccount CR name used + for barbican DB, defaults to barbican + type: string databaseInstance: description: 'MariaDB instance name TODO(dmendiza): Is this comment right? Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future' type: string - databaseUser: - default: barbican - description: DatabaseUser - optional username used for barbican DB, - defaults to barbican - type: string defaultConfigOverwrite: additionalProperties: type: string @@ -601,17 +601,11 @@ spec: type: object passwordSelectors: default: - database: BarbicanDatabasePassword service: BarbicanPassword simplecryptokek: BarbicanSimpleCryptoKEK - description: PasswordSelectors - Selectors to identify the DB and - ServiceUser password from the Secret + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret properties: - database: - default: BarbicanDatabasePassword - description: Database - Selector to get the barbican database - user password from the Secret - type: string service: default: BarbicanPassword description: Service - Selector to get the barbican service user diff --git a/config/crd/bases/barbican.openstack.org_barbicanworkers.yaml b/config/crd/bases/barbican.openstack.org_barbicanworkers.yaml index 62ff0d4..db894a7 100644 --- a/config/crd/bases/barbican.openstack.org_barbicanworkers.yaml +++ b/config/crd/bases/barbican.openstack.org_barbicanworkers.yaml @@ -54,6 +54,11 @@ spec: items: type: string type: array + databaseAccount: + default: barbican + description: DatabaseAccount - optional MariaDBAccount CR name used + for barbican DB, defaults to barbican + type: string databaseHostname: type: string databaseInstance: @@ -61,11 +66,6 @@ spec: right? Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future' type: string - databaseUser: - default: barbican - description: DatabaseUser - optional username used for barbican DB, - defaults to barbican - type: string defaultConfigOverwrite: additionalProperties: type: string @@ -89,17 +89,11 @@ spec: type: object passwordSelectors: default: - database: BarbicanDatabasePassword service: BarbicanPassword simplecryptokek: BarbicanSimpleCryptoKEK - description: PasswordSelectors - Selectors to identify the DB and - ServiceUser password from the Secret + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret properties: - database: - default: BarbicanDatabasePassword - description: Database - Selector to get the barbican database - user password from the Secret - type: string service: default: BarbicanPassword description: Service - Selector to get the barbican service user diff --git a/config/samples/barbican_v1beta1_barbican.yaml b/config/samples/barbican_v1beta1_barbican.yaml index e173131..09c8f31 100644 --- a/config/samples/barbican_v1beta1_barbican.yaml +++ b/config/samples/barbican_v1beta1_barbican.yaml @@ -12,7 +12,7 @@ spec: serviceAccount: barbican serviceUser: barbican databaseInstance: openstack - databaseUser: barbican + databaseAccount: barbican rabbitMqCusterName: barbican_rabbit secret: osp-secret passwordSelectors: diff --git a/controllers/barbican_controller.go b/controllers/barbican_controller.go index f7e5d5a..4257376 100644 --- a/controllers/barbican_controller.go +++ b/controllers/barbican_controller.go @@ -395,6 +395,16 @@ func (r *BarbicanReconciler) reconcileNormal(ctx context.Context, instance *barb instance.Status.Conditions.Set(c) } + // remove finalizers from unused MariaDBAccount records + // this assumes all database-depedendent deployments are up and + // running with current database account info + err = mariadbv1.DeleteUnusedMariaDBAccountFinalizers( + ctx, helper, barbican.DatabaseCRName, + instance.Spec.DatabaseAccount, instance.Namespace) + if err != nil { + return ctrl.Result{}, err + } + // create or update Barbican KeystoneListener deployment barbicanKeystoneListener, op, err := r.keystoneListenerDeploymentCreateOrUpdate(ctx, instance, helper) if err != nil { @@ -428,7 +438,7 @@ func (r *BarbicanReconciler) reconcileDelete(ctx context.Context, instance *barb Log.Info(fmt.Sprintf("Reconciling Service '%s' delete", instance.Name)) // remove db finalizer first - db, err := mariadbv1.GetDatabaseByName(ctx, helper, instance.Name) + db, err := mariadbv1.GetDatabaseByNameAndAccount(ctx, helper, barbican.DatabaseCRName, instance.Spec.DatabaseAccount, instance.Namespace) if err != nil && !k8s_errors.IsNotFound(err) { return ctrl.Result{}, err } @@ -600,10 +610,13 @@ func (r *BarbicanReconciler) generateServiceConfig( return err } + databaseAccount := db.GetAccount() + databaseSecret := db.GetSecret() + templateParameters := map[string]interface{}{ "DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s?read_default_file=/etc/my.cnf", - instance.Spec.DatabaseUser, - string(ospSecret.Data[instance.Spec.PasswordSelectors.Database]), + databaseAccount.Spec.UserName, + string(databaseSecret.Data[mariadbv1.DatabasePasswordSelector]), instance.Status.DatabaseHostname, barbican.DatabaseName, ), @@ -883,22 +896,45 @@ func (r *BarbicanReconciler) ensureDB( h *helper.Helper, instance *barbicanv1beta1.Barbican, ) (*mariadbv1.Database, ctrl.Result, error) { + // ensure MariaDBAccount exists. This account record may be created by + // openstack-operator or the cloud operator up front without a specific + // MariaDBDatabase configured yet. Otherwise, a MariaDBAccount CR is + // created here with a generated username as well as a secret with + // generated password. The MariaDBAccount is created without being + // yet associated with any MariaDBDatabase. + _, _, err := mariadbv1.EnsureMariaDBAccount( + ctx, h, instance.Spec.DatabaseAccount, + instance.Namespace, false, barbican.DatabaseUsernamePrefix, + ) + + if err != nil { + instance.Status.Conditions.Set(condition.FalseCondition( + mariadbv1.MariaDBAccountReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + mariadbv1.MariaDBAccountNotReadyMessage, + err.Error())) + + return nil, ctrl.Result{}, err + } + instance.Status.Conditions.MarkTrue( + mariadbv1.MariaDBAccountReadyCondition, + mariadbv1.MariaDBAccountReadyMessage) + // - // create service DB instance + // create barbican DB instance // - db := mariadbv1.NewDatabase( - barbican.DatabaseName, - instance.Spec.DatabaseUser, - instance.Spec.Secret, - map[string]string{ - "dbName": instance.Spec.DatabaseInstance, - }, + db := mariadbv1.NewDatabaseForAccount( + instance.Spec.DatabaseInstance, // mariadb/galera service to target + barbican.DatabaseName, // name used in CREATE DATABASE in mariadb + barbican.DatabaseCRName, // CR name for MariaDBDatabase + instance.Spec.DatabaseAccount, // CR name for MariaDBAccount + instance.Namespace, // namespace ) + // create or patch the DB - ctrlResult, err := db.CreateOrPatchDB( - ctx, - h, - ) + ctrlResult, err := db.CreateOrPatchAll(ctx, h) + if err != nil { instance.Status.Conditions.Set(condition.FalseCondition( condition.DBReadyCondition, diff --git a/controllers/barbicanapi_controller.go b/controllers/barbicanapi_controller.go index b7df87b..eec625d 100644 --- a/controllers/barbicanapi_controller.go +++ b/controllers/barbicanapi_controller.go @@ -253,7 +253,7 @@ func (r *BarbicanAPIReconciler) generateServiceConfigs( Log.Info("generateServiceConfigs - reconciling") labels := labels.GetLabels(instance, labels.GetGroupLabel(barbican.ServiceName), map[string]string{}) - db, err := mariadbv1.GetDatabaseByName(ctx, h, barbican.DatabaseName) + db, err := mariadbv1.GetDatabaseByNameAndAccount(ctx, h, barbican.DatabaseCRName, instance.Spec.DatabaseAccount, instance.Namespace) if err != nil { return err } @@ -298,10 +298,13 @@ func (r *BarbicanAPIReconciler) generateServiceConfigs( instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage) + databaseAccount := db.GetAccount() + databaseSecret := db.GetSecret() + templateParameters := map[string]interface{}{ "DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s?read_default_file=/etc/my.cnf", - instance.Spec.DatabaseUser, - string(ospSecret.Data[instance.Spec.PasswordSelectors.Database]), + databaseAccount.Spec.UserName, + string(databaseSecret.Data[mariadbv1.DatabasePasswordSelector]), instance.Spec.DatabaseHostname, barbican.DatabaseName, ), diff --git a/controllers/barbicankeystonelistener_controller.go b/controllers/barbicankeystonelistener_controller.go index 5162f53..cba7b12 100644 --- a/controllers/barbicankeystonelistener_controller.go +++ b/controllers/barbicankeystonelistener_controller.go @@ -234,7 +234,7 @@ func (r *BarbicanKeystoneListenerReconciler) generateServiceConfigs( Log.Info("[KeystoneListener] generateServiceConfigs - reconciling") labels := labels.GetLabels(instance, labels.GetGroupLabel(barbican.ServiceName), map[string]string{}) - db, err := mariadbv1.GetDatabaseByName(ctx, h, barbican.DatabaseName) + db, err := mariadbv1.GetDatabaseByNameAndAccount(ctx, h, barbican.DatabaseCRName, instance.Spec.DatabaseAccount, instance.Namespace) if err != nil { return err } @@ -263,11 +263,6 @@ func (r *BarbicanKeystoneListenerReconciler) generateServiceConfigs( // return err //} - ospSecret, _, err := secret.GetSecret(ctx, h, instance.Spec.Secret, instance.Namespace) - if err != nil { - return err - } - transportURLSecret, _, err := secret.GetSecret(ctx, h, instance.Spec.TransportURLSecret, instance.Namespace) if err != nil { return err @@ -275,10 +270,13 @@ func (r *BarbicanKeystoneListenerReconciler) generateServiceConfigs( instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage) + databaseAccount := db.GetAccount() + databaseSecret := db.GetSecret() + templateParameters := map[string]interface{}{ "DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s?read_default_file=/etc/my.cnf", - instance.Spec.DatabaseUser, - string(ospSecret.Data[instance.Spec.PasswordSelectors.Database]), + databaseAccount.Spec.UserName, + string(databaseSecret.Data[mariadbv1.DatabasePasswordSelector]), instance.Spec.DatabaseHostname, barbican.DatabaseName, ), diff --git a/controllers/barbicanworker_controller.go b/controllers/barbicanworker_controller.go index 150541b..873c1d0 100644 --- a/controllers/barbicanworker_controller.go +++ b/controllers/barbicanworker_controller.go @@ -229,7 +229,7 @@ func (r *BarbicanWorkerReconciler) generateServiceConfigs( Log.Info("[Worker] generateServiceConfigs - reconciling") labels := labels.GetLabels(instance, labels.GetGroupLabel(barbican.ServiceName), map[string]string{}) - db, err := mariadbv1.GetDatabaseByName(ctx, h, barbican.DatabaseName) + db, err := mariadbv1.GetDatabaseByNameAndAccount(ctx, h, barbican.DatabaseCRName, instance.Spec.DatabaseAccount, instance.Namespace) if err != nil { return err } @@ -249,11 +249,6 @@ func (r *BarbicanWorkerReconciler) generateServiceConfigs( customData[key] = data } - ospSecret, _, err := secret.GetSecret(ctx, h, instance.Spec.Secret, instance.Namespace) - if err != nil { - return err - } - simpleCryptoSecret, _, err := secret.GetSecret(ctx, h, instance.Spec.SimpleCryptoBackendSecret, instance.Namespace) if err != nil { return err @@ -266,10 +261,13 @@ func (r *BarbicanWorkerReconciler) generateServiceConfigs( instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage) + databaseAccount := db.GetAccount() + databaseSecret := db.GetSecret() + templateParameters := map[string]interface{}{ "DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s?read_default_file=/etc/my.cnf", - instance.Spec.DatabaseUser, - string(ospSecret.Data[instance.Spec.PasswordSelectors.Database]), + databaseAccount.Spec.UserName, + string(databaseSecret.Data[mariadbv1.DatabasePasswordSelector]), instance.Spec.DatabaseHostname, barbican.DatabaseName, ), diff --git a/go.mod b/go.mod index d27bacc..ce7a8ba 100644 --- a/go.mod +++ b/go.mod @@ -6,15 +6,15 @@ require ( github.com/go-logr/logr v1.4.1 github.com/google/uuid v1.6.0 github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0 - github.com/onsi/ginkgo/v2 v2.14.0 - github.com/onsi/gomega v1.30.0 + github.com/onsi/ginkgo/v2 v2.15.0 + github.com/onsi/gomega v1.31.1 github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-00010101000000-000000000000 github.com/openstack-k8s-operators/infra-operator/apis v0.3.1-0.20240219072823-a587b364203f github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240219094943-9bbb46c9afba github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240216173409-86913e6d5885 github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240216173409-86913e6d5885 github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240216173409-86913e6d5885 - github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240219072536-62f6b4dc7798 + github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240303091826-438dde8600d3 go.uber.org/zap v1.26.0 golang.org/x/exp v0.0.0-20240213143201-ec583247a57a k8s.io/api v0.28.3 diff --git a/go.sum b/go.sum index abdb6c3..7a046d3 100644 --- a/go.sum +++ b/go.sum @@ -85,10 +85,10 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= -github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= +github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= +github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= +github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7 h1:rncLxJBpFGqBztyxCMwNRnMjhhIDOWHJowi6q8G6koI= github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= github.com/openstack-k8s-operators/infra-operator/apis v0.3.1-0.20240219072823-a587b364203f h1:suf/08227pC+qQRbsUPLMOSw3mJ82b0o9Hs7MO/g9BY= @@ -103,8 +103,8 @@ github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.202402161 github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240216173409-86913e6d5885/go.mod h1:sK82mkh2UzITsbNa/y6AKTZftHQnsYigqRx+rFbfZM4= github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240216173409-86913e6d5885 h1:ioJ2MO3vAcBkLM+0UBu5IuKW/DPXcyiNSOLq0Xvn+Nw= github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240216173409-86913e6d5885/go.mod h1:82nzS+DbBe1tzaMvNHH8FctmZzQ14ZAJysFGsMJiivo= -github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240219072536-62f6b4dc7798 h1:zL4DdQ5HPXCLHeRMAWC2zI7ypbkZVYg3UkyEFSnzeow= -github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240219072536-62f6b4dc7798/go.mod h1:PDqfLbP4ZWqQHAu1OtbjfpOGQUKSzLqRJChvE/9pcyQ= +github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240303091826-438dde8600d3 h1:fwb+GvvnN9Mhkgg5pBksZ8W5+hLCcNOorHsUTQYA1Lg= +github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240303091826-438dde8600d3/go.mod h1:f9IIyWeoskWoeWaDFF3qmAJ2Kqyovfi0Ar/QUfk3qag= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= diff --git a/pkg/barbican/const.go b/pkg/barbican/const.go index 5b2941e..e2fca52 100644 --- a/pkg/barbican/const.go +++ b/pkg/barbican/const.go @@ -13,8 +13,17 @@ const ( ComponentWorker = "barbican-worker" // ServiceType - ServiceType = "key-manager" - // DatabaseName - + + // DatabaseName - Name of the database used in CREATE DATABASE statement DatabaseName = "barbican" + + // DatabaseCRName - Name of the MariaDBDatabase CR + DatabaseCRName = "barbican" + + // DatabaseUsernamePrefix - used by EnsureMariaDBAccount when a new username + // is to be generated, e.g. "barbican_e5a4", "barbican_78bc", etc + DatabaseUsernamePrefix = "barbican" + // BarbicanPublicPort - BarbicanPublicPort int32 = 9311 // BarbicanInternalPort - diff --git a/tests/functional/barbican_controller_test.go b/tests/functional/barbican_controller_test.go index e76e6a3..f31a416 100644 --- a/tests/functional/barbican_controller_test.go +++ b/tests/functional/barbican_controller_test.go @@ -6,10 +6,13 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" . "github.com/openstack-k8s-operators/lib-common/modules/common/test/helpers" + mariadb_test "github.com/openstack-k8s-operators/mariadb-operator/api/test/helpers" barbicanv1beta1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1" + "github.com/openstack-k8s-operators/barbican-operator/pkg/barbican" condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" ) var _ = Describe("Barbican controller", func() { @@ -22,7 +25,7 @@ var _ = Describe("Barbican controller", func() { Barbican := GetBarbican(barbicanTest.Instance) Expect(Barbican.Spec.ServiceUser).Should(Equal("barbican")) Expect(Barbican.Spec.DatabaseInstance).Should(Equal("openstack")) - Expect(Barbican.Spec.DatabaseUser).Should(Equal("barbican")) + Expect(Barbican.Spec.DatabaseAccount).Should(Equal("barbican")) }) It("should have the Status fields initialized", func() { @@ -97,8 +100,8 @@ var _ = Describe("Barbican controller", func() { DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(barbicanTest.Instance.Namespace)) }) It("Should set DBReady Condition and set DatabaseHostname Status when DB is Created", func() { - mariadb.SimulateMariaDBAccountCompleted(barbicanTest.Instance) - mariadb.SimulateMariaDBDatabaseCompleted(barbicanTest.Instance) + mariadb.SimulateMariaDBAccountCompleted(barbicanTest.BarbicanDatabaseAccount) + mariadb.SimulateMariaDBDatabaseCompleted(barbicanTest.BarbicanDatabaseName) th.SimulateJobSuccess(barbicanTest.BarbicanDBSync) Barbican := GetBarbican(barbicanTest.Instance) Expect(Barbican.Status.DatabaseHostname).To(Equal(fmt.Sprintf("hostname-for-openstack.%s.svc", namespace))) @@ -116,8 +119,8 @@ var _ = Describe("Barbican controller", func() { ) }) It("should create config-data and scripts ConfigMaps", func() { - mariadb.SimulateMariaDBAccountCompleted(barbicanTest.Instance) - mariadb.SimulateMariaDBDatabaseCompleted(barbicanTest.Instance) + mariadb.SimulateMariaDBAccountCompleted(barbicanTest.BarbicanDatabaseAccount) + mariadb.SimulateMariaDBDatabaseCompleted(barbicanTest.BarbicanDatabaseName) cf := th.GetSecret(barbicanTest.BarbicanConfigSecret) Expect(cf).ShouldNot(BeNil()) conf := cf.Data["my.cnf"] @@ -125,8 +128,8 @@ var _ = Describe("Barbican controller", func() { ContainSubstring("[client]\nssl=0")) }) It("Should fail if db-sync job fails when DB is Created", func() { - mariadb.SimulateMariaDBAccountCompleted(barbicanTest.Instance) - mariadb.SimulateMariaDBDatabaseCompleted(barbicanTest.Instance) + mariadb.SimulateMariaDBAccountCompleted(barbicanTest.BarbicanDatabaseAccount) + mariadb.SimulateMariaDBDatabaseCompleted(barbicanTest.BarbicanDatabaseName) th.SimulateJobFailure(barbicanTest.BarbicanDBSync) th.ExpectCondition( barbicanTest.Instance, @@ -173,8 +176,8 @@ var _ = Describe("Barbican controller", func() { ) infra.SimulateTransportURLReady(barbicanTest.BarbicanTransportURL) DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(barbicanTest.Instance.Namespace)) - mariadb.SimulateMariaDBAccountCompleted(barbicanTest.Instance) - mariadb.SimulateMariaDBDatabaseCompleted(barbicanTest.Instance) + mariadb.SimulateMariaDBAccountCompleted(barbicanTest.BarbicanDatabaseAccount) + mariadb.SimulateMariaDBDatabaseCompleted(barbicanTest.BarbicanDatabaseName) th.SimulateJobSuccess(barbicanTest.BarbicanDBSync) }) @@ -219,8 +222,8 @@ var _ = Describe("Barbican controller", func() { ) infra.SimulateTransportURLReady(barbicanTest.BarbicanTransportURL) DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(barbicanTest.Instance.Namespace)) - mariadb.SimulateMariaDBAccountCompleted(barbicanTest.Instance) - mariadb.SimulateMariaDBTLSDatabaseCompleted(barbicanTest.Instance) + mariadb.SimulateMariaDBAccountCompleted(barbicanTest.BarbicanDatabaseAccount) + mariadb.SimulateMariaDBTLSDatabaseCompleted(barbicanTest.BarbicanDatabaseName) th.SimulateJobSuccess(barbicanTest.BarbicanDBSync) }) @@ -264,4 +267,86 @@ var _ = Describe("Barbican controller", func() { ContainSubstring("[client]\nssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\nssl=1")) }) }) + + // Run MariaDBAccount suite tests. these are pre-packaged ginkgo tests + // that exercise standard account create / update patterns that should be + // common to all controllers that ensure MariaDBAccount CRs. + mariadbSuite := &mariadb_test.MariaDBTestHarness{ + PopulateHarness: func(harness *mariadb_test.MariaDBTestHarness) { + harness.Setup( + "Barbican", + barbicanTest.Instance.Namespace, + barbicanTest.Instance.Name, + "Barbican", + mariadb, timeout, interval, + ) + }, + + // Generate a fully running service given an accountName + // needs to make it all the way to the end where the mariadb finalizers + // are removed from unused accounts since that's part of what we are testing + SetupCR: func(accountName types.NamespacedName) { + + spec := GetDefaultBarbicanSpec() + spec["databaseAccount"] = accountName.Name + + DeferCleanup(th.DeleteInstance, CreateBarbican(barbicanTest.Instance, spec)) + + DeferCleanup(k8sClient.Delete, ctx, CreateBarbicanMessageBusSecret(barbicanTest.Instance.Namespace, barbicanTest.RabbitmqSecretName)) + DeferCleanup(th.DeleteInstance, CreateBarbicanAPI(barbicanTest.Instance, GetTLSBarbicanAPISpec())) + DeferCleanup(k8sClient.Delete, ctx, CreateKeystoneAPISecret(barbicanTest.Instance.Namespace, SecretName)) + DeferCleanup( + mariadb.DeleteDBService, + mariadb.CreateDBService( + barbicanTest.Instance.Namespace, + GetBarbican(barbicanTest.Instance).Spec.DatabaseInstance, + corev1.ServiceSpec{ + Ports: []corev1.ServicePort{{Port: 3306}}, + }, + ), + ) + infra.SimulateTransportURLReady(barbicanTest.BarbicanTransportURL) + DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(barbicanTest.Instance.Namespace)) + mariadb.SimulateMariaDBAccountCompleted(accountName) + mariadb.SimulateMariaDBTLSDatabaseCompleted(barbicanTest.BarbicanDatabaseName) + th.SimulateJobSuccess(barbicanTest.BarbicanDBSync) + + DeferCleanup(k8sClient.Delete, ctx, th.CreateCABundleSecret(barbicanTest.CABundleSecret)) + DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(barbicanTest.InternalCertSecret)) + DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(barbicanTest.PublicCertSecret)) + keystone.SimulateKeystoneEndpointReady(barbicanTest.BarbicanKeystoneEndpoint) + + }, + // Change the account name in the service to a new name + UpdateAccount: func(newAccountName types.NamespacedName) { + + Eventually(func(g Gomega) { + barbican := GetBarbican(barbicanName) + barbican.Spec.DatabaseAccount = newAccountName.Name + g.Expect(th.K8sClient.Update(ctx, barbican)).Should(Succeed()) + }, timeout, interval).Should(Succeed()) + + }, + // delete the CR instance to exercise finalizer removal + DeleteCR: func() { + th.DeleteInstance(GetBarbican(barbicanName)) + }, + } + + mariadbSuite.RunBasicSuite() + + mariadbSuite.RunURLAssertSuite(func(accountName types.NamespacedName, username string, password string) { + Eventually(func(g Gomega) { + secretDataMap := th.GetSecret(barbicanTest.BarbicanConfigSecret) + + conf := secretDataMap.Data["00-default.conf"] + + g.Expect(string(conf)).Should( + ContainSubstring(fmt.Sprintf("sql_connection = mysql+pymysql://%s:%s@hostname-for-openstack.%s.svc/%s?read_default_file=/etc/my.cnf", + username, password, namespace, barbican.DatabaseName))) + + }).Should(Succeed()) + + }) + }) diff --git a/tests/functional/barbican_test_data.go b/tests/functional/barbican_test_data.go index 6ec70b4..c8dfea8 100644 --- a/tests/functional/barbican_test_data.go +++ b/tests/functional/barbican_test_data.go @@ -20,6 +20,8 @@ package functional import ( "fmt" + "github.com/openstack-k8s-operators/barbican-operator/pkg/barbican" + "k8s.io/apimachinery/pkg/types" ) @@ -40,7 +42,6 @@ const ( // BarbicanTestData is the data structure used to provide input data to envTest type BarbicanTestData struct { - BarbicanDatabaseUser string BarbicanPassword string BarbicanServiceUser string ContainerImage string @@ -50,6 +51,8 @@ type BarbicanTestData struct { RabbitmqSecretName string Instance types.NamespacedName Barbican types.NamespacedName + BarbicanDatabaseName types.NamespacedName + BarbicanDatabaseAccount types.NamespacedName BarbicanDBSync types.NamespacedName BarbicanAPI types.NamespacedName BarbicanRole types.NamespacedName @@ -81,6 +84,14 @@ func GetBarbicanTestData(barbicanName types.NamespacedName) BarbicanTestData { Namespace: barbicanName.Namespace, Name: barbicanName.Name, }, + BarbicanDatabaseName: types.NamespacedName{ + Namespace: barbicanName.Namespace, + Name: barbican.DatabaseCRName, + }, + BarbicanDatabaseAccount: types.NamespacedName{ + Namespace: barbicanName.Namespace, + Name: "barbican", + }, BarbicanDBSync: types.NamespacedName{ Namespace: barbicanName.Namespace, Name: fmt.Sprintf("%s-db-sync", barbicanName.Name), @@ -154,11 +165,10 @@ func GetBarbicanTestData(barbicanName types.NamespacedName) BarbicanTestData { Namespace: barbicanName.Namespace, Name: PublicCertSecretName, }, - RabbitmqClusterName: "rabbitmq", - RabbitmqSecretName: "rabbitmq-secret", - BarbicanDatabaseUser: "barbican", - DatabaseInstance: "openstack", - // Password used for both db and service + RabbitmqClusterName: "rabbitmq", + RabbitmqSecretName: "rabbitmq-secret", + DatabaseInstance: "openstack", + // Password used for service BarbicanPassword: "12345678", BarbicanServiceUser: "barbican", ContainerImage: "test://barbican", diff --git a/tests/kuttl/common/assert_sample_deployment.yaml b/tests/kuttl/common/assert_sample_deployment.yaml index ad44acb..f4afdac 100644 --- a/tests/kuttl/common/assert_sample_deployment.yaml +++ b/tests/kuttl/common/assert_sample_deployment.yaml @@ -8,7 +8,7 @@ spec: [DEFAULT] debug = True databaseInstance: openstack - databaseUser: barbican + databaseAccount: barbican rabbitMqClusterName: rabbitmq barbicanAPI: replicas: 1 diff --git a/tests/kuttl/tests/barbican_tls/01-assert.yaml b/tests/kuttl/tests/barbican_tls/01-assert.yaml index 0103422..1fbd9be 100644 --- a/tests/kuttl/tests/barbican_tls/01-assert.yaml +++ b/tests/kuttl/tests/barbican_tls/01-assert.yaml @@ -13,7 +13,7 @@ spec: [DEFAULT] debug = True databaseInstance: openstack - databaseUser: barbican + databaseAccount: barbican rabbitMqClusterName: rabbitmq barbicanWorker: replicas: 1