Working annotation db implementation (#394)

* Working annotation db implementation * Fixed up for review
RedHatInsights · Jul 15, 2021 · b9778df · b9778df
1 parent 353cf66
commit b9778df
Show file tree

Hide file tree

Showing 5 changed files with 75 additions and 13 deletions.
diff --git a/bundle/tests/scorecard/kuttl/test-multi-app-interface-db/01-pods.yaml b/bundle/tests/scorecard/kuttl/test-multi-app-interface-db/01-pods.yaml
@@ -88,3 +88,32 @@ data:
   db.port: NTQzMg==  # 5432
   db.user: dXNlcmJhZAo=  # userbad
   db.password:  cGFzc3dvcmQxMjM=  # password123
+---
+apiVersion: cloud.redhat.com/v1alpha1
+kind: ClowdApp
+metadata:
+  name: app-d
+  namespace: test-multi-app-interface-db
+spec:
+  envName: test-multi-app-interface-db
+  pods:
+  - name: processor
+    image: quay.io/psav/clowder-hello
+  database:
+    name: app-d
+    version: 10
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: app-c-readonly-db
+  namespace: test-multi-app-interface-db
+  annotations:
+    clowder/database: app-d
+type: Opaque
+data:
+  db.host: dW51c3VhbC5kYi5uYW1lLmV4YW1wbGUuY29t  # app-b-stage.rds.example.com
+  db.name: ZGJuYW1l  # dbname
+  db.port: NTQzMg==  # 5432
+  db.user: dXNlcmJhZAo=  # userbad
+  db.password:  cGFzc3dvcmQxMjM=  # password123
diff --git a/bundle/tests/scorecard/kuttl/test-multi-app-interface-db/02-json-asserts.yaml b/bundle/tests/scorecard/kuttl/test-multi-app-interface-db/02-json-asserts.yaml
@@ -17,3 +17,8 @@ commands:
 - script: jq -r '.database.hostname == "app-b-stage.rds.example.com"' -e < /tmp/test-multi-app-interface-db-json-b
 - script: jq -r '.database.sslMode == "verify-full"' -e < /tmp/test-multi-app-interface-db-json-b
 - script: jq -r '.database.username == "user"' -e < /tmp/test-multi-app-interface-db-json-b
+
+- script: kubectl get secret --namespace=test-multi-app-interface-db app-d -o json > /tmp/test-multi-app-interface-db-d
+- script: jq -r '.data["cdappconfig.json"]' < /tmp/test-multi-app-interface-db-d | base64 -d > /tmp/test-multi-app-interface-db-json-d
+
+- script: jq -r '.database.hostname == "unusual.db.name.example.com"' -e < /tmp/test-multi-app-interface-db-json-d
diff --git a/controllers/cloud.redhat.com/clowder_config/config.go b/controllers/cloud.redhat.com/clowder_config/config.go
@@ -27,6 +27,7 @@ type ClowderConfig struct {
 		DisableWebhooks             bool `json:"disableWebhooks"`
 		WatchStrimziResources       bool `json:"watchStrimziResources"`
 		UseComplexStrimziTopicNames bool `json:"useComplexStrimziTopicNames"`
+		EnableAuthSidecarHook       bool `json:"enableAuthSidecarHook"`
 	} `json:"features"`
 }
 

diff --git a/controllers/cloud.redhat.com/providers/database/appinterface.go b/controllers/cloud.redhat.com/providers/database/appinterface.go
@@ -112,20 +112,33 @@ func (a *appInterface) Provide(app *crd.ClowdApp, c *config.AppConfig) error {
 		return secrets.Items[i].Name < secrets.Items[j].Name
 	})
 
-	dbConfigs, err := genDbConfigs(secrets.Items)
+	var matched config.DatabaseConfig
+
+	matches, err := searchAnnotationSecret(app.Name, secrets.Items)
 
 	if err != nil {
-		return err
+		return errors.Wrap("failed to extract annotated secret", err)
 	}
 
-	matched := resolveDb(dbSpec, dbConfigs)
+	if len(matches) == 0 {
+
+		dbConfigs, err := genDbConfigs(secrets.Items)
 
-	if matched == (config.DatabaseConfig{}) {
-		return &errors.MissingDependencies{
-			MissingDeps: map[string][]string{
-				"database": {app.Name},
-			},
+		if err != nil {
+			return err
 		}
+
+		matched = resolveDb(dbSpec, dbConfigs)
+
+		if matched == (config.DatabaseConfig{}) {
+			return &errors.MissingDependencies{
+				MissingDeps: map[string][]string{
+					"database": {app.Name},
+				},
+			}
+		}
+	} else {
+		matched = matches[0]
 	}
 
 	// The creds given by app-interface have elevated privileges
@@ -195,3 +208,14 @@ func genDbConfigs(secrets []core.Secret) ([]config.DatabaseConfig, error) {
 
 	return configs, nil
 }
+
+func searchAnnotationSecret(appName string, secrets []core.Secret) ([]config.DatabaseConfig, error) {
+	for _, secret := range secrets {
+		anno := secret.GetAnnotations()
+		if v, ok := anno["clowder/database"]; ok && v == appName {
+			configs, err := genDbConfigs([]core.Secret{secret})
+			return configs, err
+		}
+	}
+	return []config.DatabaseConfig{}, nil
+}
diff --git a/docs/antora/modules/providers/pages/database.adoc b/docs/antora/modules/providers/pages/database.adoc
@@ -44,11 +44,14 @@ ClowdEnv Config options available:
 ==== app-interface
 
 In app-interface mode, the Clowder operator does not create any resources and
-simply passes through configuration from a secret to the client config. The
-provider will search all secrets in the same namespace looking for a hostname
-which is of the form `+<name>-<env>.*********+` where `+name+` is the name
-defined in the `+ClowdApp+` `+database+` stanza, and `+env+` is usually one of
-either `+stage+` or `+prod+`.
+simply passes through configuration from a secret to the client config. First
+the provider will search for any secrets that have the annotation of
+``clowder/database: <app-name>`` where the app-name matches the ClowdApp name.
+If this cannot be found then the provider will search all secrets in the same
+namespace looking for a hostname which is of the form
+`+<name>-<env>.*********+` where `+name+` is the name defined in the
+`+ClowdApp+` `+database+` stanza, and `+env+` is usually one of either
+`+stage+` or `+prod+`.
 
 == Generated App Configuration