airship/porthole
Code Issues Proposed changes

Add capability to customize test database name

Browse Source 
This patchset gives the deployer the capability to define their own
test database name for testing postgresql/mariadb user backup/restore.
It also gives them the capability to not create the user by leaving the
user name blank/null in the values.yaml.

Change-Id: I8d824bd4d3ad5d402a8a21baa7c42befcf66898d
This commit is contained in:
Parsons, Cliff (cp769u) 2020-10-26 19:12:25 +00:00
parent 18516ee2be
commit c88f450a3d
8 changed files with 167 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
charts/mysqlclient-utility/templates/bin/utility/_create_test_database.sh.tpl
View File

@ -9,7 +9,6 @@ IFS=', ' read -re -a BACKUP_RESTORE_NAMESPACE_ARRAY <<< "$BACKUP_RESTORE_NAMESPA
ADMIN_USER_CNF=$(mktemp -p /tmp)
CERT_DIR=$(mktemp -d)
TLS_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.tls_secret }}
TEST_DB_USER="${TEST_DB_NAME}_user"
function cleanup {
rm -f "${ADMIN_USER_CNF}"
@ -78,21 +77,24 @@ do
echo "Test database created in namespace $NAMESPACE."
fi
# Verify if test user exists already
DB_ARGS="SELECT user FROM mysql.user WHERE user='${TEST_DB_USER}';"
if ${MYSQL} --execute="${DB_ARGS}" 2>/dev/null | grep ${TEST_DB_USER}; then
echo "Test user already exists in namespace ${NAMESPACE}."
if [[ -n ${TEST_DB_USER} ]]; then
# Verify if test user exists already
DB_ARGS="SELECT user FROM mysql.user WHERE user='${TEST_DB_USER}';"
if ${MYSQL} --execute="${DB_ARGS}" 2>/dev/null | grep ${TEST_DB_USER}; then
echo "Test user already exists in namespace ${NAMESPACE}."
else
# Add a test user that has access only to this database
${MYSQL} --execute="CREATE USER '${TEST_DB_USER}'@'%' IDENTIFIED BY '${TEST_DB_USER}';"
echo "Test user created in namespace ${NAMESPACE}."
fi
# Grant privileges for the test database to the test user.
# Note: this will not fail if the grants already exist.
DB_ARGS="GRANT ALL PRIVILEGES ON ${TEST_DB_NAME}.* TO '${TEST_DB_USER}'@'%' \
;FLUSH PRIVILEGES;"
${MYSQL} --execute="${DB_ARGS}"
echo "Test user is granted access to the test database in namespace ${NAMESPACE}."
else
# Add a test user that has access only to this database
${MYSQL} --execute="CREATE USER '${TEST_DB_USER}'@'%' IDENTIFIED BY '${TEST_DB_USER}';"
echo "Test user created in namespace ${NAMESPACE}."
echo "No test user configured to access test database in namespace ${NAMESPACE}"
fi
# Grant privileges for the test database to the test user.
# Note: this will not fail if the grants already exist.
DB_ARGS="GRANT ALL PRIVILEGES ON ${TEST_DB_NAME}.* TO '${TEST_DB_USER}'@'%' \
;FLUSH PRIVILEGES;"
${MYSQL} --execute="${DB_ARGS}"
echo "Test user is granted access to the test database in namespace ${NAMESPACE}."
done

124
charts/mysqlclient-utility/templates/bin/utility/_mysqlutils.sh.tpl
View File

@ -1,7 +1,5 @@
#!/bin/bash
TEST_DB_USER="${TEST_DB_NAME}_user"
function database_cmd() {
echo "mysql --defaults-file=/etc/mysql/admin_user.cnf --connect-timeout 10"
}
@ -110,17 +108,21 @@ function create_user_grants() {
CREATE_GRANTS_ARGS=("$@")
MYSQL_CMD=$(database_cmd)
DB_CMD="SELECT user FROM mysql.user WHERE user='${TEST_DB_USER}';"
USERS=$(kubectl exec -it -n "${CREATE_GRANTS_ARGS[1]}" "${CREATE_GRANTS_ARGS[2]}" -- ${MYSQL_CMD} --execute="${DB_CMD}" 2>/dev/null | grep ${TEST_DB_USER} | wc -l)
if [[ ${USERS} -eq 1 ]]; then
DB_CMD="GRANT ALL PRIVILEGES ON ${TEST_DB_NAME}.* TO '${TEST_DB_USER}'@'%'; \
FLUSH PRIVILEGES;"
if [[ -n ${TEST_DB_USER} ]]; then
MYSQL_CMD=$(database_cmd)
DB_CMD="SELECT user FROM mysql.user WHERE user='${TEST_DB_USER}';"
USERS=$(kubectl exec -it -n "${CREATE_GRANTS_ARGS[1]}" "${CREATE_GRANTS_ARGS[2]}" -- ${MYSQL_CMD} --execute="${DB_CMD}" 2>/dev/null | grep ${TEST_DB_USER} | wc -l)
if [[ ${USERS} -eq 1 ]]; then
DB_CMD="GRANT ALL PRIVILEGES ON ${TEST_DB_NAME}.* TO '${TEST_DB_USER}'@'%'; \
FLUSH PRIVILEGES;"
# Execute the command in the on-demand pod
kubectl exec -it -n "${CREATE_GRANTS_ARGS[1]}" "${CREATE_GRANTS_ARGS[2]}" -- ${MYSQL_CMD} --execute="${DB_CMD}"
# Execute the command in the on-demand pod
kubectl exec -it -n "${CREATE_GRANTS_ARGS[1]}" "${CREATE_GRANTS_ARGS[2]}" -- ${MYSQL_CMD} --execute="${DB_CMD}"
else
echo "Test user does not exist in namespace ${NAMESPACE}."
fi
else
echo "Test user does not exist in namespace ${NAMESPACE}."
echo "Test user was not deployed in namespace ${NAMESPACE}"
fi
}
@ -134,46 +136,50 @@ function query_user() {
QUERY_ARGS=("$@")
MYSQL_CMD=$(database_cmd)
if [[ -n ${TEST_DB_USER} ]]; then
MYSQL_CMD=$(database_cmd)
# Retrieve the test user
DB_CMD="SELECT user FROM mysql.user WHERE user='${TEST_DB_USER}';"
# Retrieve the test user
DB_CMD="SELECT user FROM mysql.user WHERE user='${TEST_DB_USER}';"
# Execute the command in the on-demand pod
# Result should look like this: (assuming TEST_DB_NAME = test)
# +----------------+
# | user |
# +----------------+
# | test_user |
# +----------------+
# 1 row in set (0.00 sec)
USERS=$(kubectl exec -it -n "${QUERY_ARGS[1]}" "${QUERY_ARGS[2]}" -- ${MYSQL_CMD} --execute="${DB_CMD}" | grep ${TEST_DB_USER} | wc -l)
if [[ ${USERS} -ne 1 ]]; then
# There should only be one user
echo "${TEST_DB_USER} does not exist"
return
# Execute the command in the on-demand pod
# Result should look like this: (assuming TEST_DB_NAME = test)
# +----------------+
# | user |
# +----------------+
# | test_user |
# +----------------+
# 1 row in set (0.00 sec)
USERS=$(kubectl exec -it -n "${QUERY_ARGS[1]}" "${QUERY_ARGS[2]}" -- ${MYSQL_CMD} --execute="${DB_CMD}" | grep ${TEST_DB_USER} | wc -l)
if [[ ${USERS} -ne 1 ]]; then
# There should only be one user
echo "${TEST_DB_USER} does not exist"
return
fi
# Retrieve the grants for this test user in the test database
DB_CMD="SHOW GRANTS FOR '${TEST_DB_USER}'@'%';"
# Execute the command in the on-demand pod
# Result should look like this: (assuming TEST_DB_NAME = test)
# +---------------------------------------------------------------------------------------------------------------+
# | Grants for test_user@% |
# +---------------------------------------------------------------------------------------------------------------+
# | GRANT USAGE ON *.* TO 'test_user'@'%' IDENTIFIED BY PASSWORD '<redacted>'; |
# | GRANT ALL PRIVILEGES ON `test`.* TO 'test_user'@'%' |
# +---------------------------------------------------------------------------------------------------------------+
# 2 rows in set (0.00 sec)
GRANTS=$(kubectl exec -it -n "${QUERY_ARGS[1]}" "${QUERY_ARGS[2]}" -- ${MYSQL_CMD} --execute="${DB_CMD}" | grep "GRANT.*${TEST_DB_USER}" | wc -l)
if [[ ${GRANTS} -ne 2 ]]; then
# There should only be 2 GRANT statements for this user
echo "${TEST_DB_USER} does not have the correct grants"
return
fi
echo "${TEST_DB_USER} exists and has the correct grants."
else
echo "Test user was not deployed in namespace ${NAMESPACE}"
fi
# Retrieve the grants for this test user in the test database
DB_CMD="SHOW GRANTS FOR '${TEST_DB_USER}'@'%';"
# Execute the command in the on-demand pod
# Result should look like this: (assuming TEST_DB_NAME = test)
# +---------------------------------------------------------------------------------------------------------------+
# | Grants for test_user@% |
# +---------------------------------------------------------------------------------------------------------------+
# | GRANT USAGE ON *.* TO 'test_user'@'%' IDENTIFIED BY PASSWORD '<redacted>'; |
# | GRANT ALL PRIVILEGES ON `test`.* TO 'test_user'@'%' |
# +---------------------------------------------------------------------------------------------------------------+
# 2 rows in set (0.00 sec)
GRANTS=$(kubectl exec -it -n "${QUERY_ARGS[1]}" "${QUERY_ARGS[2]}" -- ${MYSQL_CMD} --execute="${DB_CMD}" | grep "GRANT.*${TEST_DB_USER}" | wc -l)
if [[ ${GRANTS} -ne 2 ]]; then
# There should only be 2 GRANT statements for this user
echo "${TEST_DB_USER} does not have the correct grants"
return
fi
echo "${TEST_DB_USER} exists and has the correct grants."
}
# Params: <namespace> <pod_name>
@ -185,17 +191,21 @@ function delete_user_grants() {
DELETE_GRANTS_ARGS=("$@")
MYSQL_CMD=$(database_cmd)
DB_CMD="SELECT user FROM mysql.user WHERE user='${TEST_DB_USER}';"
USERS=$(kubectl exec -it -n "${DELETE_GRANTS_ARGS[1]}" "${DELETE_GRANTS_ARGS[2]}" -- ${MYSQL_CMD} --execute="${DB_CMD}" 2>/dev/null | grep ${TEST_DB_USER} | wc -l)
if [[ ${USERS} -eq 1 ]]; then
DB_CMD="REVOKE ALL PRIVILEGES ON ${TEST_DB_NAME}.* FROM '${TEST_DB_USER}'@'%'; \
FLUSH PRIVILEGES;"
if [[ -n ${TEST_DB_USER} ]]; then
MYSQL_CMD=$(database_cmd)
DB_CMD="SELECT user FROM mysql.user WHERE user='${TEST_DB_USER}';"
USERS=$(kubectl exec -it -n "${DELETE_GRANTS_ARGS[1]}" "${DELETE_GRANTS_ARGS[2]}" -- ${MYSQL_CMD} --execute="${DB_CMD}" 2>/dev/null | grep ${TEST_DB_USER} | wc -l)
if [[ ${USERS} -eq 1 ]]; then
DB_CMD="REVOKE ALL PRIVILEGES ON ${TEST_DB_NAME}.* FROM '${TEST_DB_USER}'@'%'; \
FLUSH PRIVILEGES;"
# Execute the command in the on-demand pod
kubectl exec -it -n "${DELETE_GRANTS_ARGS[1]}" "${DELETE_GRANTS_ARGS[2]}" -- ${MYSQL_CMD} --execute="${DB_CMD}"
# Execute the command in the on-demand pod
kubectl exec -it -n "${DELETE_GRANTS_ARGS[1]}" "${DELETE_GRANTS_ARGS[2]}" -- ${MYSQL_CMD} --execute="${DB_CMD}"
else
echo "Test user does not exist in namespace ${NAMESPACE}."
fi
else
echo "Test user does not exist in namespace ${NAMESPACE}."
echo "Test user was not deployed in namespace ${NAMESPACE}"
fi
}

4
charts/mysqlclient-utility/templates/deployment-utility.yaml
View File

@ -128,6 +128,10 @@ spec:
{{- if .Values.manifests.create_test_database }}
- name: TEST_DB_NAME
value: {{ .Values.conf.mariadb_backup_restore.test_database_name | quote }}
{{- if .Values.conf.mariadb_backup_restore.test_database_user }}
- name: TEST_DB_USER
value: {{ .Values.conf.mariadb_backup_restore.test_database_user | quote }}
{{- end }}
{{- end }}
- name: BACKUP_RESTORE_SCOPE
value: "mariadb"

1
charts/mysqlclient-utility/values.yaml
View File

@ -105,6 +105,7 @@ conf:
mariadb_backup_restore:
enabled_namespaces: ""
test_database_name: "test_database"
test_database_user: "test_database_user"
secrets:
rgw_secret: mariadb-backup-user
conf_secret: mariadb-backup-restore

27
charts/postgresql-utility/templates/bin/utility/_create_test_database.sh.tpl
View File

@ -3,7 +3,6 @@
set -e +x
IFS=', ' read -re -a BACKUP_RESTORE_NAMESPACE_ARRAY <<< "$BACKUP_RESTORE_NAMESPACE_LIST"
TEST_DB_USER="${TEST_DB_NAME}_user"
TEST_TABLE="test_table1"
function database_cmd() {
@ -46,16 +45,20 @@ EOF
INSERT INTO ${TEST_TABLE} VALUES ( 'name1', '1' );
EOF
# Create a test user if it has not been created before.
if ${PSQL} -tc "SELECT rolname FROM pg_roles WHERE rolname='${TEST_DB_USER}';" | grep ${TEST_DB_USER}; then
echo "Test user already exists in namespace ${NAMESPACE}"
else
${PSQL} -tc "CREATE ROLE ${TEST_DB_USER};"
echo "Test user created in namespace ${NAMESPACE}."
fi
if [[ -n ${TEST_DB_USER} ]]; then
# Create a test user if it has not been created before.
if ${PSQL} -tc "SELECT rolname FROM pg_roles WHERE rolname='${TEST_DB_USER}';" | grep ${TEST_DB_USER}; then
echo "Test user already exists in namespace ${NAMESPACE}"
else
${PSQL} -tc "CREATE ROLE ${TEST_DB_USER};"
echo "Test user created in namespace ${NAMESPACE}."
fi
# Note, if the GRANT is already there, the following command will not fail,
# so no need to check existence first.
${PSQL} -tc "GRANT ALL PRIVILEGES ON DATABASE ${TEST_DB_NAME} TO ${TEST_DB_USER};"
echo "Test user is granted permissions to the test database in namespace ${NAMESPACE}."
# Note, if the GRANT is already there, the following command will not fail,
# so no need to check existence first.
${PSQL} -tc "GRANT ALL PRIVILEGES ON DATABASE ${TEST_DB_NAME} TO ${TEST_DB_USER};"
echo "Test user is granted permissions to the test database in namespace ${NAMESPACE}."
else
echo "No test user configured to access test database in namespace ${NAMESPACE}"
fi
done

106
charts/postgresql-utility/templates/bin/utility/_pgutils.sh.tpl
View File

@ -1,7 +1,5 @@
#!/bin/bash
TEST_DB_USER="${TEST_DB_NAME}_user"
function database_cmd() {
NAMESPACE=$1
@ -147,14 +145,18 @@ function create_user_grants() {
CREATE_GRANTS_ARGS=("$@")
NAMESPACE=${CREATE_GRANTS_ARGS[1]}
DB_CMD=$(database_cmd ${NAMESPACE})
if [[ -n ${TEST_DB_USER} ]]; then
DB_CMD=$(database_cmd ${NAMESPACE})
# If the test user and grants do not exist already,
# give the test user privilege to access the test database
if ${DB_CMD} -tc "SELECT rolname FROM pg_roles WHERE rolname='${TEST_DB_USER}';" | grep ${TEST_DB_USER}; then
${DB_CMD} -tc "GRANT ALL PRIVILEGES ON DATABASE ${TEST_DB_NAME} TO ${TEST_DB_USER};"
# If the test user and grants do not exist already,
# give the test user privilege to access the test database
if ${DB_CMD} -tc "SELECT rolname FROM pg_roles WHERE rolname='${TEST_DB_USER}';" | grep ${TEST_DB_USER}; then
${DB_CMD} -tc "GRANT ALL PRIVILEGES ON DATABASE ${TEST_DB_NAME} TO ${TEST_DB_USER};"
else
echo "Test user does not exist in namespace ${NAMESPACE}"
fi
else
echo "Test user does not exist in namespace ${NAMESPACE}"
echo "Test user was not deployed in namespace ${NAMESPACE}"
fi
}
@ -171,43 +173,47 @@ function query_user() {
QUERY_ARGS=("$@")
NAMESPACE=${QUERY_ARGS[1]}
DB_CMD=$(database_cmd ${NAMESPACE})
if [[ -n ${TEST_DB_USER} ]]; then
DB_CMD=$(database_cmd ${NAMESPACE})
# Sub-command to retrieve the test user
DB_ARGS="\du ${TEST_DB_USER}"
# Sub-command to retrieve the test user
DB_ARGS="\du ${TEST_DB_USER}"
# Execute the command to query for the test user
# Result should look like this: (assuming TEST_DB_NAME = test)
# List of roles
# Role name | Attributes | Member of
# -------------------------+--------------+-----------
# test_user | Cannot login | {}
USERS=$(${DB_CMD} -tc ${DB_ARGS} | grep ${TEST_DB_USER} | wc -l)
if [[ ${USERS} -ne 1 ]]; then
# There should only be one user
echo "${TEST_DB_USER} does not exist"
return
# Execute the command to query for the test user
# Result should look like this: (assuming TEST_DB_NAME = test)
# List of roles
# Role name | Attributes | Member of
# -------------------------+--------------+-----------
# test_user | Cannot login | {}
USERS=$(${DB_CMD} -tc ${DB_ARGS} | grep ${TEST_DB_USER} | wc -l)
if [[ ${USERS} -ne 1 ]]; then
# There should only be one user
echo "${TEST_DB_USER} does not exist"
return
fi
# Sub-command to retrieve the grants for the test database
DB_ARGS="\l+ ${TEST_DB_NAME}"
# Execute the command to query the grants for the test user.
# Result should look like this: (assuming TEST_DB_NAME = test)
# List of databases
# Name | Owner | Encoding | Collate | Ctype | Access privileges | Size | Tablespace | Description
# --------------------+----------+----------+------------+------------+--------------------------------------+---------+------------+-------------
# test | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =Tc/postgres +| 7087 kB | pg_default |
# | | | | | postgres=CTc/postgres +| | |
# | | | | | test_user=CTc/postgres | | |
GRANTS=$(${DB_CMD} -tc ${DB_ARGS} | grep "${TEST_DB_USER}=CTc" | wc -l)
if [[ ${GRANTS} -ne 1 ]]; then
# There should only be 1 GRANT statement for this user
echo "${TEST_DB_USER} does not have the correct grants"
return
fi
echo "${TEST_DB_USER} exists and has the correct grants."
else
echo "Test user was not deployed in namespace ${NAMESPACE}"
fi
# Sub-command to retrieve the grants for the test database
DB_ARGS="\l+ ${TEST_DB_NAME}"
# Execute the command to query the grants for the test user.
# Result should look like this: (assuming TEST_DB_NAME = test)
# List of databases
# Name | Owner | Encoding | Collate | Ctype | Access privileges | Size | Tablespace | Description
# --------------------+----------+----------+------------+------------+--------------------------------------+---------+------------+-------------
# test | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =Tc/postgres +| 7087 kB | pg_default |
# | | | | | postgres=CTc/postgres +| | |
# | | | | | test_user=CTc/postgres | | |
GRANTS=$(${DB_CMD} -tc ${DB_ARGS} | grep "${TEST_DB_USER}=CTc" | wc -l)
if [[ ${GRANTS} -ne 1 ]]; then
# There should only be 1 GRANT statement for this user
echo "${TEST_DB_USER} does not have the correct grants"
return
fi
echo "${TEST_DB_USER} exists and has the correct grants."
}
# Params: <namespace>
@ -220,13 +226,17 @@ function delete_user_grants() {
DELETE_GRANTS_ARGS=("$@")
NAMESPACE=${DELETE_GRANTS_ARGS[1]}
DB_CMD=$(database_cmd ${NAMESPACE})
if [[ -n ${TEST_DB_USER} ]]; then
DB_CMD=$(database_cmd ${NAMESPACE})
# Execute the commands to delete the grants.
if $DB_CMD -tc "SELECT rolname FROM pg_roles WHERE rolname='${TEST_DB_USER}';" | grep ${TEST_DB_USER}; then
${DB_CMD} -tc "REVOKE ALL PRIVILEGES ON DATABASE ${TEST_DB_NAME} FROM ${TEST_DB_USER};"
# Execute the commands to delete the grants.
if $DB_CMD -tc "SELECT rolname FROM pg_roles WHERE rolname='${TEST_DB_USER}';" | grep ${TEST_DB_USER}; then
${DB_CMD} -tc "REVOKE ALL PRIVILEGES ON DATABASE ${TEST_DB_NAME} FROM ${TEST_DB_USER};"
else
echo "Test user does not exist in namespace ${NAMESPACE}"
fi
else
echo "Test user does not exist in namespace ${NAMESPACE}"
echo "Test user was not deployed in namespace ${NAMESPACE}"
fi
}
@ -309,5 +319,3 @@ function delete_backups() {
done
fi
}

4
charts/postgresql-utility/templates/deployment-utility.yaml
View File

@ -129,6 +129,10 @@ spec:
{{- if .Values.manifests.create_test_database }}
- name: TEST_DB_NAME
value: {{ .Values.conf.postgresql_backup_restore.test_database_name | quote }}
{{- if .Values.conf.postgresql_backup_restore.test_database_user }}
- name: TEST_DB_USER
value: {{ .Values.conf.postgresql_backup_restore.test_database_user | quote }}
{{- end }}
{{- end }}
volumeMounts:
- name: postgresql-utility-bin

1
charts/postgresql-utility/values.yaml
View File

@ -109,6 +109,7 @@ conf:
postgresql_backup_restore:
enabled_namespaces: "openstack"
test_database_name: "test_database"
test_database_user: "test_database_user"
secrets:
rgw_secret: postgresql-backup-user
conf_secret: postgresql-backup-restore