Persist mssql config secret, validate user envs (#1322)

Signed-off-by: Neaj Morshad <neaj@appscode.com>
kubedb · Oct 17, 2024 · 5eb3c72 · 5eb3c72
1 parent f9f5d3f
commit 5eb3c72
Show file tree

Hide file tree

Showing 29 changed files with 67 additions and 2 deletions.
diff --git a/...catalog/v1alpha1/mssql_version_helpers.go → ...g/v1alpha1/mssqlserver_version_helpers.go b/...catalog/v1alpha1/mssql_version_helpers.go → ...g/v1alpha1/mssqlserver_version_helpers.go
diff --git a/apis/catalog/v1alpha1/mssql_version_types.go → ...log/v1alpha1/mssqlserver_version_types.go b/apis/catalog/v1alpha1/mssql_version_types.go → ...log/v1alpha1/mssqlserver_version_types.go
diff --git a/apis/kubedb/constants.go b/apis/kubedb/constants.go
@@ -407,6 +407,7 @@ const (
 	EnvMSSQLAgentEnabled = "MSSQL_AGENT_ENABLED"
 	EnvMSSQLSAUsername   = "MSSQL_SA_USERNAME"
 	EnvMSSQLSAPassword   = "MSSQL_SA_PASSWORD"
+	EnvMSSQLVersion      = "VERSION"
 
 	// container related
 	MSSQLContainerName            = "mssql"

diff --git a/apis/kubedb/v1alpha2/mssqlserver_helpers.go b/apis/kubedb/v1alpha2/mssqlserver_helpers.go
@@ -88,7 +88,7 @@ func (m *MSSQLServer) ServiceName() string {
 }
 
 func (m *MSSQLServer) SecondaryServiceName() string {
-	return metautil.NameWithPrefix(m.ServiceName(), "secondary")
+	return metautil.NameWithPrefix(m.ServiceName(), string(SecondaryServiceAlias))
 }
 
 func (m *MSSQLServer) GoverningServiceName() string {
@@ -245,6 +245,7 @@ func (m *MSSQLServer) GetPersistentSecrets() []string {
 	secrets = append(secrets, m.EndpointCertSecretName())
 	secrets = append(secrets, m.DbmLoginSecretName())
 	secrets = append(secrets, m.MasterKeySecretName())
+	secrets = append(secrets, m.ConfigSecretName())
 
 	return secrets
 }

diff --git a/apis/kubedb/v1alpha2/mssqlserver_webhook.go b/apis/kubedb/v1alpha2/mssqlserver_webhook.go
@@ -19,10 +19,13 @@ package v1alpha2
 import (
 	"context"
 	"errors"
+	"fmt"
 
 	catalog "kubedb.dev/apimachinery/apis/catalog/v1alpha1"
 	"kubedb.dev/apimachinery/apis/kubedb"
 
+	"gomodules.xyz/x/arrays"
+	core "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -156,6 +159,14 @@ func (m *MSSQLServer) ValidateCreateOrUpdate() field.ErrorList {
 			m.Name, "spec.tls.issuerRef' is missing"))
 	}
 
+	if m.Spec.PodTemplate != nil {
+		if err = ValidateMSSQLServerEnvVar(getMSSQLServerContainerEnvs(m), forbiddenMSSQLServerEnvVars, m.ResourceKind()); err != nil {
+			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("podTemplate"),
+				m.Name,
+				err.Error()))
+		}
+	}
+
 	err = mssqlValidateVolumes(m.Spec.PodTemplate)
 	if err != nil {
 		allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("podTemplate").Child("spec").Child("volumes"),
@@ -276,3 +287,31 @@ func mssqlValidateVolumesMountPaths(podTemplate *ofst.PodTemplateSpec) error {
 
 	return nil
 }
+
+var forbiddenMSSQLServerEnvVars = []string{
+	kubedb.EnvMSSQLSAUsername,
+	kubedb.EnvMSSQLSAPassword,
+	kubedb.EnvAcceptEula,
+	kubedb.EnvMSSQLEnableHADR,
+	kubedb.EnvMSSQLAgentEnabled,
+	kubedb.EnvMSSQLVersion,
+}
+
+func getMSSQLServerContainerEnvs(m *MSSQLServer) []core.EnvVar {
+	for _, container := range m.Spec.PodTemplate.Spec.Containers {
+		if container.Name == kubedb.MSSQLContainerName {
+			return container.Env
+		}
+	}
+	return []core.EnvVar{}
+}
+
+func ValidateMSSQLServerEnvVar(envs []core.EnvVar, forbiddenEnvs []string, resourceType string) error {
+	for _, env := range envs {
+		present, _ := arrays.Contains(forbiddenEnvs, env.Name)
+		if present {
+			return fmt.Errorf("environment variable %s is forbidden to use in %s spec", env.Name, resourceType)
+		}
+	}
+	return nil
+}
diff --git a/apis/kubedb/v1alpha2/types.go b/apis/kubedb/v1alpha2/types.go
@@ -124,14 +124,15 @@ const (
 	TerminationPolicyDoNotTerminate TerminationPolicy = "DoNotTerminate"
 )
 
-// +kubebuilder:validation:Enum=primary;standby;stats;dashboard
+// +kubebuilder:validation:Enum=primary;standby;stats;dashboard;secondary
 type ServiceAlias string
 
 const (
 	PrimaryServiceAlias   ServiceAlias = "primary"
 	StandbyServiceAlias   ServiceAlias = "standby"
 	StatsServiceAlias     ServiceAlias = "stats"
 	DashboardServiceAlias ServiceAlias = "dashboard"
+	SecondaryServiceAlias ServiceAlias = "secondary"
 )
 
 // +kubebuilder:validation:Enum=DNS;IP;IPv4;IPv6

diff --git a/crds/kubedb.com_cassandras.yaml b/crds/kubedb.com_cassandras.yaml
@@ -3168,6 +3168,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_clickhouses.yaml b/crds/kubedb.com_clickhouses.yaml
@@ -9720,6 +9720,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_druids.yaml b/crds/kubedb.com_druids.yaml
@@ -1349,6 +1349,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_elasticsearches.yaml b/crds/kubedb.com_elasticsearches.yaml
@@ -43675,6 +43675,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_etcds.yaml b/crds/kubedb.com_etcds.yaml
@@ -3917,6 +3917,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_ferretdbs.yaml b/crds/kubedb.com_ferretdbs.yaml
@@ -3382,6 +3382,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_kafkas.yaml b/crds/kubedb.com_kafkas.yaml
@@ -19610,6 +19610,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_mariadbs.yaml b/crds/kubedb.com_mariadbs.yaml
@@ -8899,6 +8899,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_memcacheds.yaml b/crds/kubedb.com_memcacheds.yaml
@@ -8037,6 +8037,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_mongodbs.yaml b/crds/kubedb.com_mongodbs.yaml
@@ -30038,6 +30038,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_mssqlservers.yaml b/crds/kubedb.com_mssqlservers.yaml
@@ -4621,6 +4621,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_mysqls.yaml b/crds/kubedb.com_mysqls.yaml
@@ -12182,6 +12182,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_perconaxtradbs.yaml b/crds/kubedb.com_perconaxtradbs.yaml
@@ -8882,6 +8882,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_pgbouncers.yaml b/crds/kubedb.com_pgbouncers.yaml
@@ -6650,6 +6650,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_pgpools.yaml b/crds/kubedb.com_pgpools.yaml
@@ -3389,6 +3389,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_postgreses.yaml b/crds/kubedb.com_postgreses.yaml
@@ -9182,6 +9182,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_proxysqls.yaml b/crds/kubedb.com_proxysqls.yaml
@@ -6620,6 +6620,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_rabbitmqs.yaml b/crds/kubedb.com_rabbitmqs.yaml
@@ -3384,6 +3384,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_redises.yaml b/crds/kubedb.com_redises.yaml
@@ -8905,6 +8905,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_redissentinels.yaml b/crds/kubedb.com_redissentinels.yaml
@@ -6584,6 +6584,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_singlestores.yaml b/crds/kubedb.com_singlestores.yaml
@@ -4381,6 +4381,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_solrs.yaml b/crds/kubedb.com_solrs.yaml
@@ -3385,6 +3385,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties:

diff --git a/crds/kubedb.com_zookeepers.yaml b/crds/kubedb.com_zookeepers.yaml
@@ -3375,6 +3375,7 @@ spec:
                       - standby
                       - stats
                       - dashboard
+                      - secondary
                       type: string
                     metadata:
                       properties: