fix(status): controller should set approriate status in CR (#825)

Signed-off-by: Thuan Vo <[email protected]>

api/v1beta1/cryostat_types.go

@@ -141,8 +141,6 @@ type CryostatStatus struct {
 	// +optional
 	// +operator-sdk:csv:customresourcedefinitions:type=status,order=2,xDescriptors={"urn:alm:descriptor:io.kubernetes:Secret"}
 	GrafanaSecret string `json:"grafanaSecret,omitempty"`
-	// Name of the Secret containing the cryostat storage connection key
-	StorageSecret string `json:"storageSecret,omitempty"`
 	// Address of the deployed Cryostat web application.
 	// +operator-sdk:csv:customresourcedefinitions:type=status,order=1,xDescriptors={"urn:alm:descriptor:org.w3:link"}
 	ApplicationURL string `json:"applicationUrl"`
@@ -315,12 +313,12 @@ type ServiceConfigList struct {
 	// Specification for the service responsible for the Cryostat Grafana dashboard.
 	// +optional
 	GrafanaConfig *GrafanaServiceConfig `json:"grafanaConfig,omitempty"`
-	// Specification for the service responsible for the cryostat-reports sidecars.
+	// Specification for the service responsible for the Cryostat reports sidecars.
 	// +optional
 	ReportsConfig *ReportsServiceConfig `json:"reportsConfig,omitempty"`
-	// Specification for the service responsible for the cryostat storage container.
+	// Specification for the service responsible for the Cryostat storage container.
 	// +optional
-	StorageConfig *StorageServiceConfig `json:"storageConfig,omitEmpty"`
+	StorageConfig *StorageServiceConfig `json:"storageConfig,omitempty"`
 }
 
 // NetworkConfiguration provides customization for how to expose a Cryostat

api/v1beta2/cryostat_types.go

@@ -159,6 +159,14 @@ type CryostatStatus struct {
 	// Address of the deployed Cryostat web application.
 	// +operator-sdk:csv:customresourcedefinitions:type=status,order=1,xDescriptors={"urn:alm:descriptor:org.w3:link"}
 	ApplicationURL string `json:"applicationUrl"`
+	// Name of the Secret containing the Cryostat storage connection key.
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=status,order=2,xDescriptors={"urn:alm:descriptor:io.kubernetes:Secret"}
+	StorageSecret string `json:"storageSecret,omitempty"`
+	// Name of the Secret containing the Cryostat database connection and encryption keys.
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=status,order=2,xDescriptors={"urn:alm:descriptor:io.kubernetes:Secret"}
+	DatabaseSecret string `json:"databaseSecret,omitempty"`
 }
 
 // CryostatConditionType refers to a Condition type that may be used in status.conditions
@@ -414,6 +422,9 @@ type TargetConnectionCacheOptions struct {
 // to deploy the Cryostat application.
 // +operator-sdk:csv:customresourcedefinitions:resources={{Deployment,v1},{Ingress,v1},{PersistentVolumeClaim,v1},{Secret,v1},{Service,v1},{Route,v1},{ConsoleLink,v1}}
 // +kubebuilder:printcolumn:name="Application URL",type=string,JSONPath=`.status.applicationUrl`
+// +kubebuilder:printcolumn:name="Target Namespaces",type=string,JSONPath=`.status.targetNamespaces`
+// +kubebuilder:printcolumn:name="Storage Secret",type=string,JSONPath=`.status.storageSecret`
+// +kubebuilder:printcolumn:name="Database Secret",type=string,JSONPath=`.status.databaseSecret`
 type Cryostat struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

bundle/manifests/cryostat-operator.clusterserviceversion.yaml

@@ -53,7 +53,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: Monitoring, Developer Tools
     containerImage: quay.io/cryostat/cryostat-operator:3.0.0-dev
-    createdAt: "2024-05-11T06:47:54Z"
+    createdAt: "2024-05-20T05:12:58Z"
     description: JVM monitoring and profiling tool
     operatorframework.io/initialization-resource: |-
       {
@@ -889,6 +889,18 @@ spec:
         path: applicationUrl
         x-descriptors:
         - urn:alm:descriptor:org.w3:link
+      - description: Name of the Secret containing the Cryostat database connection
+          and encryption keys.
+        displayName: Database Secret
+        path: databaseSecret
+        x-descriptors:
+        - urn:alm:descriptor:io.kubernetes:Secret
+      - description: Name of the Secret containing the Cryostat storage connection
+          key.
+        displayName: Storage Secret
+        path: storageSecret
+        x-descriptors:
+        - urn:alm:descriptor:io.kubernetes:Secret
       - description: List of namespaces that Cryostat has been configured and authorized
           to access and profile.
         displayName: Target Namespaces

bundle/manifests/operator.cryostat.io_cryostats.yaml

@@ -4646,7 +4646,7 @@ spec:
                     type: object
                   reportsConfig:
                     description: Specification for the service responsible for the
-                      cryostat-reports sidecars.
+                      Cryostat reports sidecars.
                     properties:
                       annotations:
                         additionalProperties:
@@ -4672,7 +4672,7 @@ spec:
                     type: object
                   storageConfig:
                     description: Specification for the service responsible for the
-                      cryostat storage container.
+                      Cryostat storage container.
                     properties:
                       annotations:
                         additionalProperties:
@@ -5085,10 +5085,6 @@ spec:
               grafanaSecret:
                 description: Name of the Secret containing the generated Grafana credentials.
                 type: string
-              storageSecret:
-                description: Name of the Secret containing the cryostat storage connection
-                  key
-                type: string
             required:
             - applicationUrl
             type: object
@@ -5101,6 +5097,15 @@ spec:
     - jsonPath: .status.applicationUrl
       name: Application URL
       type: string
+    - jsonPath: .status.targetNamespaces
+      name: Target Namespaces
+      type: string
+    - jsonPath: .status.storageSecret
+      name: Storage Secret
+      type: string
+    - jsonPath: .status.databaseSecret
+      name: Database Secret
+      type: string
     name: v1beta2
     schema:
       openAPIV3Schema:
@@ -9832,6 +9837,14 @@ spec:
                   - type
                   type: object
                 type: array
+              databaseSecret:
+                description: Name of the Secret containing the Cryostat database connection
+                  and encryption keys.
+                type: string
+              storageSecret:
+                description: Name of the Secret containing the Cryostat storage connection
+                  key.
+                type: string
               targetNamespaces:
                 description: List of namespaces that Cryostat has been configured
                   and authorized to access and profile.

config/crd/bases/operator.cryostat.io_cryostats.yaml

@@ -4636,7 +4636,7 @@ spec:
                     type: object
                   reportsConfig:
                     description: Specification for the service responsible for the
-                      cryostat-reports sidecars.
+                      Cryostat reports sidecars.
                     properties:
                       annotations:
                         additionalProperties:
@@ -4662,7 +4662,7 @@ spec:
                     type: object
                   storageConfig:
                     description: Specification for the service responsible for the
-                      cryostat storage container.
+                      Cryostat storage container.
                     properties:
                       annotations:
                         additionalProperties:
@@ -5075,10 +5075,6 @@ spec:
               grafanaSecret:
                 description: Name of the Secret containing the generated Grafana credentials.
                 type: string
-              storageSecret:
-                description: Name of the Secret containing the cryostat storage connection
-                  key
-                type: string
             required:
             - applicationUrl
             type: object
@@ -5091,6 +5087,15 @@ spec:
     - jsonPath: .status.applicationUrl
       name: Application URL
       type: string
+    - jsonPath: .status.targetNamespaces
+      name: Target Namespaces
+      type: string
+    - jsonPath: .status.storageSecret
+      name: Storage Secret
+      type: string
+    - jsonPath: .status.databaseSecret
+      name: Database Secret
+      type: string
     name: v1beta2
     schema:
       openAPIV3Schema:
@@ -9822,6 +9827,14 @@ spec:
                   - type
                   type: object
                 type: array
+              databaseSecret:
+                description: Name of the Secret containing the Cryostat database connection
+                  and encryption keys.
+                type: string
+              storageSecret:
+                description: Name of the Secret containing the Cryostat storage connection
+                  key.
+                type: string
               targetNamespaces:
                 description: List of namespaces that Cryostat has been configured
                   and authorized to access and profile.

config/manifests/bases/cryostat-operator.clusterserviceversion.yaml

@@ -428,6 +428,18 @@ spec:
         path: applicationUrl
         x-descriptors:
         - urn:alm:descriptor:org.w3:link
+      - description: Name of the Secret containing the Cryostat database connection
+          and encryption keys.
+        displayName: Database Secret
+        path: databaseSecret
+        x-descriptors:
+        - urn:alm:descriptor:io.kubernetes:Secret
+      - description: Name of the Secret containing the Cryostat storage connection
+          key.
+        displayName: Storage Secret
+        path: storageSecret
+        x-descriptors:
+        - urn:alm:descriptor:io.kubernetes:Secret
       - description: List of namespaces that Cryostat has been configured and authorized
           to access and profile.
         displayName: Target Namespaces

internal/controllers/reconciler_test.go

@@ -66,7 +66,7 @@ type cryostatTestInput struct {
 func (c *controllerTest) commonBeforeEach() *cryostatTestInput {
 	t := &cryostatTestInput{
 		TestReconcilerConfig: test.TestReconcilerConfig{
-			GeneratedPasswords: []string{"auth_cookie_secret", "credentials_database", "encryption_key", "object_storage", "jmx", "keystore"},
+			GeneratedPasswords: []string{"auth_cookie_secret", "connection_key", "encryption_key", "object_storage", "jmx", "keystore"},
 		},
 		TestResources: &test.TestResources{
 			Name:        "cryostat",
@@ -145,7 +145,7 @@ func resourceChecks() []resourceCheck {
 		{func(t *cryostatTestInput) {
 			t.expectPVC(t.NewDefaultPVC())
 		}, "persistent volume claim"},
-		{(*cryostatTestInput).expectCredentialsDatabaseSecret, "credentials database secret"},
+		{(*cryostatTestInput).expectDatabaseSecret, "database secret"},
 		{(*cryostatTestInput).expectStorageSecret, "object storage secret"},
 		{(*cryostatTestInput).expectJMXSecret, "JMX secret"},
 		{(*cryostatTestInput).expectCoreService, "core service"},
@@ -164,6 +164,12 @@ func expectSuccessful(t **cryostatTestInput) {
 	It("should set ApplicationURL in CR Status", func() {
 		(*t).expectStatusApplicationURL()
 	})
+	It("should set Database Secret in CR Status", func() {
+		(*t).expectStatusDatabaseSecret()
+	})
+	It("should set Storage Secret in CR Status", func() {
+		(*t).expectStatusStorageSecret()
+	})
 	It("should set TLSSetupComplete condition", func() {
 		(*t).checkConditionPresent(operatorv1beta2.ConditionTypeTLSSetupComplete, metav1.ConditionTrue,
 			"AllCertificatesReady")
@@ -496,7 +502,7 @@ func (c *controllerTest) commonTests() {
 				Expect(secret.StringData["CRYOSTAT_RJMX_PASS"]).To(Equal(oldSecret.StringData["CRYOSTAT_RJMX_PASS"]))
 			})
 		})
-		Context("with an existing Credentials Database Secret", func() {
+		Context("with an existing Database Secret", func() {
 			var cr *model.CryostatInstance
 			var oldSecret *corev1.Secret
 			BeforeEach(func() {
@@ -1592,26 +1598,32 @@ func (c *controllerTest) commonTests() {
 				})
 			})
 		})
-		Context("with secret provided for database password", func() {
+		Context("with secret provided for database", func() {
+			var customSecret *corev1.Secret
 			BeforeEach(func() {
-				t.objs = append(t.objs, t.NewCryostatWithDatabaseSecretProvided().Object)
+				customSecret = t.NewCustomDatabaseSecret()
+				t.objs = append(t.objs, t.NewCryostatWithDatabaseSecretProvided().Object, customSecret)
 			})
 			JustBeforeEach(func() {
 				t.reconcileCryostatFully()
 			})
 			It("should configure deployment appropriately", func() {
 				t.expectMainDeployment()
 			})
+			It("should set Database Secret in CR Status", func() {
+				instance := t.getCryostatInstance()
+				Expect(instance.Status.DatabaseSecret).To(Equal(customSecret.Name))
+			})
 			It("should not generate default secret", func() {
 				secret := &corev1.Secret{}
 				err := t.Client.Get(context.Background(), types.NamespacedName{Name: t.Name + "-db", Namespace: t.Namespace}, secret)
 				Expect(kerrors.IsNotFound(err)).To(BeTrue())
 			})
-			Context("with an existing Credentials Database Secret", func() {
+			Context("with an existing Database Secret", func() {
 				BeforeEach(func() {
 					t.objs = append(t.objs, t.NewDatabaseSecret())
 				})
-				It("should not delete the existing Credentials Database Secret", func() {
+				It("should not delete the existing Database Secret", func() {
 					secret := &corev1.Secret{}
 					err := t.Client.Get(context.Background(), types.NamespacedName{Name: t.Name + "-db", Namespace: t.Namespace}, secret)
 					Expect(err).ToNot(HaveOccurred())
@@ -2356,7 +2368,7 @@ func (t *cryostatTestInput) expectEmptyDir(expectedEmptyDir *corev1.EmptyDirVolu
 	Expect(emptyDir.SizeLimit).To(Equal(expectedEmptyDir.SizeLimit))
 }
 
-func (t *cryostatTestInput) expectCredentialsDatabaseSecret() {
+func (t *cryostatTestInput) expectDatabaseSecret() {
 	secret := &corev1.Secret{}
 	err := t.Client.Get(context.Background(), types.NamespacedName{Name: t.Name + "-db", Namespace: t.Namespace}, secret)
 	Expect(err).ToNot(HaveOccurred())
@@ -2398,6 +2410,16 @@ func (t *cryostatTestInput) expectStatusApplicationURL() {
 	Expect(instance.Status.ApplicationURL).To(Equal(fmt.Sprintf("https://%s.example.com", t.Name)))
 }
 
+func (t *cryostatTestInput) expectStatusDatabaseSecret() {
+	instance := t.getCryostatInstance()
+	Expect(instance.Status.DatabaseSecret).To(Equal(fmt.Sprintf("%s-db", t.Name)))
+}
+
+func (t *cryostatTestInput) expectStatusStorageSecret() {
+	instance := t.getCryostatInstance()
+	Expect(instance.Status.StorageSecret).To(Equal(fmt.Sprintf("%s-storage-secret-key", t.Name)))
+}
+
 func (t *cryostatTestInput) expectDeploymentHasCertSecrets() {
 	deployment := &appsv1.Deployment{}
 	err := t.Client.Get(context.Background(), types.NamespacedName{Name: t.Name, Namespace: t.Namespace}, deployment)