Merge pull request #32 from dmendiza/main

Updates to Barbican API
openstack-k8s-operators · Sep 6, 2023 · f2d76cc · f2d76cc
2 parents a76cbfc + 50d6ac6
commit f2d76cc
Show file tree

Hide file tree

Showing 16 changed files with 512 additions and 12 deletions.
diff --git a/api/v1beta1/barbican_types.go b/api/v1beta1/barbican_types.go
@@ -74,6 +74,9 @@ type BarbicanStatus struct {
 	// Map of hashes to track e.g. job status
 	Hash map[string]string `json:"hash,omitempty"`
 
+	// ServiceID
+	ServiceID string `json:"serviceID,omitempty"`
+
 	// Conditions
 	Conditions condition.Conditions `json:"conditions,omitempty" optional:"true"`
 

diff --git a/api/v1beta1/barbicanapi_types.go b/api/v1beta1/barbicanapi_types.go
@@ -37,6 +37,10 @@ type BarbicanAPISpec struct {
 
 	BarbicanAPITemplate `json:",inline"`
 
+	// +kubebuilder:validation:Required
+	// DatabaseHostname - Barbican Database Hostname
+	DatabaseHostname string `json:"databaseHostname"`
+
 	// TransportURLSecret - Secret containing RabbitMQ transportURL
 	TransportURLSecret string `json:"transportURLSecret,omitempty"`
 }

diff --git a/config/crd/bases/barbican.openstack.org_barbicanapis.yaml b/config/crd/bases/barbican.openstack.org_barbicanapis.yaml
@@ -54,6 +54,9 @@ spec:
                 items:
                   type: string
                 type: array
+              databaseHostname:
+                description: DatabaseHostname - Barbican Database Hostname
+                type: string
               databaseInstance:
                 description: 'MariaDB instance name TODO(dmendiza): Is this comment
                   right? Right now required by the maridb-operator to get the credentials
@@ -251,6 +254,7 @@ spec:
                 type: string
             required:
             - containerImage
+            - databaseHostname
             - databaseInstance
             - rabbitMqClusterName
             - serviceAccount

diff --git a/config/crd/bases/barbican.openstack.org_barbicans.yaml b/config/crd/bases/barbican.openstack.org_barbicans.yaml
@@ -461,6 +461,9 @@ spec:
                   type: string
                 description: Map of hashes to track e.g. job status
                 type: object
+              serviceID:
+                description: ServiceID
+                type: string
               transportURLSecret:
                 description: TransportURLSecret - Secret containing RabbitMQ transportURL
                 type: string

diff --git a/config/samples/barbican_v1beta1_barbican.yaml b/config/samples/barbican_v1beta1_barbican.yaml
@@ -22,8 +22,8 @@ spec:
   debug:
     dbInitContainer: false
     dbSync: false
-    initContainer: true
-    service: true
+    initContainer: false
+    service: false
   preserveJobs: true
   nodeSelector:
     node: controller

diff --git a/controllers/barbican_controller.go b/controllers/barbican_controller.go
@@ -22,6 +22,7 @@ import (
 	"time"
 
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/kubernetes"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -43,7 +44,11 @@ import (
 	nad "github.com/openstack-k8s-operators/lib-common/modules/common/networkattachment"
 	common_rbac "github.com/openstack-k8s-operators/lib-common/modules/common/rbac"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
+	oko_secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret"
+	"github.com/openstack-k8s-operators/lib-common/modules/common/util"
 	"github.com/openstack-k8s-operators/lib-common/modules/database"
+	mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
+	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	k8s_errors "k8s.io/apimachinery/pkg/api/errors"
@@ -294,7 +299,7 @@ func (r *BarbicanReconciler) reconcileNormal(ctx context.Context, instance *barb
 	// TODO(dmendiza): Handle service upgrade
 
 	// create or update Barbican API deployment
-	_, op, err = r.apiDeploymentCreateOrUpdate(ctx, instance)
+	_, op, err = r.apiDeploymentCreateOrUpdate(ctx, instance, helper)
 	if err != nil {
 		instance.Status.Conditions.Set(condition.FalseCondition(
 			barbicanv1beta1.BarbicanAPIReadyCondition,
@@ -330,6 +335,39 @@ func (r *BarbicanReconciler) reconcileDelete(ctx context.Context, instance *barb
 		}
 	}
 
+	// Remove the finalizer from our KeystoneService CR
+	keystoneService, err := keystonev1.GetKeystoneServiceWithName(ctx, helper, barbican.ServiceName, instance.Namespace)
+	if err != nil && !k8s_errors.IsNotFound(err) {
+		return ctrl.Result{}, err
+	}
+
+	if err == nil {
+		if controllerutil.RemoveFinalizer(keystoneService, helper.GetFinalizer()) {
+			err = r.Update(ctx, keystoneService)
+			if err != nil && !k8s_errors.IsNotFound(err) {
+				return ctrl.Result{}, err
+			}
+			util.LogForObject(helper, "Removed finalizer from our KeystoneService", instance)
+		}
+	}
+
+	// Remove finalizers from any existing child GlanceAPIs
+	barbicanAPI := &barbicanv1beta1.BarbicanAPI{}
+	err = r.Get(ctx, types.NamespacedName{Name: fmt.Sprintf("%s-api", instance.Name), Namespace: instance.Namespace}, barbicanAPI)
+	if err != nil && !k8s_errors.IsNotFound(err) {
+		return ctrl.Result{}, err
+	}
+
+	if err == nil {
+		if controllerutil.RemoveFinalizer(barbicanAPI, helper.GetFinalizer()) {
+			err = r.Update(ctx, barbicanAPI)
+			if err != nil && !k8s_errors.IsNotFound(err) {
+				return ctrl.Result{}, err
+			}
+			util.LogForObject(helper, fmt.Sprintf("Removed finalizer from BarbicanAPI %s", barbicanAPI.Name), barbicanAPI)
+		}
+	}
+
 	// Service is deleted so remove the finalizer.
 	controllerutil.RemoveFinalizer(instance, helper.GetFinalizer())
 	r.Log.Info(fmt.Sprintf("Reconciled Service '%s' delete successfully", instance.Name))
@@ -341,6 +379,12 @@ func (r *BarbicanReconciler) reconcileDelete(ctx context.Context, instance *barb
 func (r *BarbicanReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&barbicanv1beta1.Barbican{}).
+		Owns(&barbicanv1beta1.BarbicanAPI{}).
+		Owns(&mariadbv1.MariaDBDatabase{}).
+		Owns(&keystonev1.KeystoneService{}).
+		Owns(&corev1.ServiceAccount{}).
+		Owns(&batchv1.Job{}).
+		Owns(&corev1.Secret{}).
 		Owns(&corev1.ServiceAccount{}).
 		Owns(&rbacv1.Role{}).
 		Owns(&rbacv1.RoleBinding{}).
@@ -396,6 +440,7 @@ func (r *BarbicanReconciler) generateServiceConfig(
 		"ServiceUser":     instance.Spec.ServiceUser,
 		"ServiceURL":      "TODO",
 		"TransportURL":    string(transportURLSecret.Data["transport_url"]),
+		"LogFile":         fmt.Sprintf("%s%s.log", barbican.BarbicanLogPath, instance.Name),
 	}
 
 	return GenerateConfigsGeneric(ctx, h, instance, envVars, templateParameters, customData, labels, false)
@@ -424,12 +469,14 @@ func (r *BarbicanReconciler) transportURLCreateOrUpdate(
 	return transportURL, op, err
 }
 
-func (r *BarbicanReconciler) apiDeploymentCreateOrUpdate(ctx context.Context, instance *barbicanv1beta1.Barbican) (*barbicanv1beta1.BarbicanAPI, controllerutil.OperationResult, error) {
+func (r *BarbicanReconciler) apiDeploymentCreateOrUpdate(ctx context.Context, instance *barbicanv1beta1.Barbican, helper *helper.Helper) (*barbicanv1beta1.BarbicanAPI, controllerutil.OperationResult, error) {
 
 	r.Log.Info(fmt.Sprintf("Creating barbican API spec.  transporturlsecret: '%s'", instance.Status.TransportURLSecret))
+	r.Log.Info(fmt.Sprintf("database hostname: '%s'", instance.Status.DatabaseHostname))
 	apiSpec := barbicanv1beta1.BarbicanAPISpec{
 		BarbicanTemplate:    instance.Spec.BarbicanTemplate,
 		BarbicanAPITemplate: instance.Spec.BarbicanAPI,
+		DatabaseHostname:    instance.Status.DatabaseHostname,
 		TransportURLSecret:  instance.Status.TransportURLSecret,
 	}
 
@@ -449,7 +496,9 @@ func (r *BarbicanReconciler) apiDeploymentCreateOrUpdate(ctx context.Context, in
 			return err
 		}
 
-		// TODO(dmendiza): Do we want a finalizer here?  Glance has one.
+		// Add a finalizer to prevent user from manually removing child BarbicanAPI
+		controllerutil.AddFinalizer(deployment, helper.GetFinalizer())
+
 		return nil
 	})
 
@@ -543,6 +592,50 @@ func (r *BarbicanReconciler) reconcileInit(
 	instance.Status.Conditions.MarkTrue(condition.DBReadyCondition, condition.DBReadyMessage)
 	// create service DB - end
 
+	//
+	// create Keystone service and users
+	//
+	_, _, err = oko_secret.GetSecret(ctx, helper, instance.Spec.Secret, instance.Namespace)
+	if err != nil {
+		if k8s_errors.IsNotFound(err) {
+			return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, fmt.Errorf("OpenStack secret %s not found", instance.Spec.Secret)
+		}
+		return ctrl.Result{}, err
+	}
+
+	ksSvcSpec := keystonev1.KeystoneServiceSpec{
+		ServiceType:        barbican.ServiceType,
+		ServiceName:        barbican.ServiceName,
+		ServiceDescription: "Barbican Service",
+		Enabled:            true,
+		ServiceUser:        instance.Spec.ServiceUser,
+		Secret:             instance.Spec.Secret,
+		PasswordSelector:   instance.Spec.PasswordSelectors.Service,
+	}
+
+	ksSvc := keystonev1.NewKeystoneService(ksSvcSpec, instance.Namespace, serviceLabels, time.Duration(10)*time.Second)
+	ctrlResult, err = ksSvc.CreateOrPatch(ctx, helper)
+	if err != nil {
+		return ctrlResult, err
+	}
+
+	// mirror the Status, Reason, Severity and Message of the latest keystoneservice condition
+	// into a local condition with the type condition.KeystoneServiceReadyCondition
+	c := ksSvc.GetConditions().Mirror(condition.KeystoneServiceReadyCondition)
+	if c != nil {
+		instance.Status.Conditions.Set(c)
+	}
+
+	if (ctrlResult != ctrl.Result{}) {
+		return ctrlResult, nil
+	}
+
+	instance.Status.ServiceID = ksSvc.GetServiceID()
+
+	if instance.Status.Hash == nil {
+		instance.Status.Hash = map[string]string{}
+	}
+
 	//
 	// run Barbican db sync
 	//