Merge pull request #73 from fabiobrz/fix.postgres-prov-secret

Fixing the PostgreSQLImageOpenShiftProvisioner application secret management

testsuite/src/test/java/org/jboss/intersmash/testsuite/provision/openshift/HyperfoilOperatorProvisionerTest.java

@@ -34,6 +34,7 @@
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.MethodOrderer;
 import org.junit.jupiter.api.Order;
 import org.junit.jupiter.api.Test;
@@ -48,6 +49,7 @@
 
 @CleanBeforeAll
 @TestMethodOrder(MethodOrderer.OrderAnnotation.class)
+@Disabled("https://github.com/Intersmash/intersmash/issues/78")
 public class HyperfoilOperatorProvisionerTest {
 	private static final Logger logger = LoggerFactory.getLogger(HyperfoilOperatorProvisionerTest.class);
 	private static final String NAME = "hyperfoil";

testsuite/src/test/java/org/jboss/intersmash/testsuite/provision/openshift/KeycloakRealmImportOperatorProvisionerTest.java

@@ -33,6 +33,7 @@
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 import org.keycloak.k8s.v2alpha1.Keycloak;
 import org.keycloak.k8s.v2alpha1.KeycloakRealmImport;
@@ -70,6 +71,7 @@
  */
 @Slf4j
 @CleanBeforeAll
+@Disabled("https://github.com/Intersmash/intersmash/issues/76")
 public class KeycloakRealmImportOperatorProvisionerTest {
 	private static KeycloakRealmImportOperatorProvisioner KEYCLOAK_OPERATOR_PROVISIONER;
 
@@ -250,12 +252,14 @@ public void exampleSsoWithDatabase() {
 					db.setHost(POSTGRESQL_IMAGE_PROVISIONER.getServiceName());
 					db.setPort(Integer.toUnsignedLong(POSTGRESQL_IMAGE_PROVISIONER.getPort()));
 					UsernameSecret usernameSecret = new UsernameSecret();
-					usernameSecret.setName(POSTGRESQL_IMAGE_PROVISIONER.getSecretName());
-					usernameSecret.setKey(PostgreSQLImageOpenShiftProvisioner.POSTGRESQL_USER_KEY);
+					usernameSecret.setName(
+							POSTGRESQL_IMAGE_PROVISIONER.getApplication().getApplicationSecretName());
+					usernameSecret.setKey(PostgreSQLImageOpenShiftApplication.POSTGRESQL_USER_KEY);
 					db.setUsernameSecret(usernameSecret);
 					PasswordSecret passwordSecret = new PasswordSecret();
-					passwordSecret.setName(POSTGRESQL_IMAGE_PROVISIONER.getSecretName());
-					passwordSecret.setKey(PostgreSQLImageOpenShiftProvisioner.POSTGRESQL_PASSWORD_KEY);
+					passwordSecret.setName(
+							POSTGRESQL_IMAGE_PROVISIONER.getApplication().getApplicationSecretName());
+					passwordSecret.setKey(PostgreSQLImageOpenShiftApplication.POSTGRESQL_PASSWORD_KEY);
 					db.setPasswordSecret(passwordSecret);
 					db.setDatabase(POSTGRESQL_IMAGE_PROVISIONER.getApplication().getDbName());
 					spec.setDb(db);

testsuite/src/test/java/org/jboss/intersmash/testsuite/provision/openshift/ProvisionerCleanupTestCase.java

@@ -17,7 +17,9 @@
 
 import java.util.stream.Stream;
 
+import org.jboss.intersmash.tools.provision.openshift.MysqlImageOpenShiftProvisioner;
 import org.jboss.intersmash.tools.provision.openshift.OpenShiftProvisioner;
+import org.jboss.intersmash.tools.provision.openshift.PostgreSQLImageOpenShiftProvisioner;
 import org.jboss.intersmash.tools.provision.openshift.WildflyBootableJarImageOpenShiftProvisioner;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.params.ParameterizedTest;
@@ -35,14 +37,16 @@ public class ProvisionerCleanupTestCase {
 	private static Stream<OpenShiftProvisioner> provisionerProvider() {
 		return Stream.of(
 				new WildflyBootableJarImageOpenShiftProvisioner(
-						(OpenShiftProvisionerTestBase.getWildflyBootableJarOpenShiftApplication())),
+						OpenShiftProvisionerTestBase.getWildflyBootableJarOpenShiftApplication()),
 				new WildflyBootableJarImageOpenShiftProvisioner(
-						(OpenShiftProvisionerTestBase.getWildflyBootableJarJavaxOpenShiftApplication())));
+						OpenShiftProvisionerTestBase.getWildflyBootableJarJavaxOpenShiftApplication()),
+				new MysqlImageOpenShiftProvisioner(OpenShiftProvisionerTestBase.getMysqlOpenShiftApplication()),
+				new PostgreSQLImageOpenShiftProvisioner(OpenShiftProvisionerTestBase.getPostgreSQLOpenShiftApplication()));
 	}
 
 	@ParameterizedTest(name = "{displayName}#class({0})")
 	@MethodSource("provisionerProvider")
-	public void undeploy(OpenShiftProvisioner provisioner) {
+	public void testProvisioningWorkflowCleanup(OpenShiftProvisioner provisioner) {
 		provisioner.configure();
 		try {
 			provisioner.preDeploy();

tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/application/openshift/PostgreSQLImageOpenShiftApplication.java

@@ -15,8 +15,15 @@
  */
 package org.jboss.intersmash.tools.application.openshift;
 
+import java.util.Collections;
+import java.util.List;
+
 import org.jboss.intersmash.tools.provision.openshift.PostgreSQLImageOpenShiftProvisioner;
 
+import cz.xtf.builder.builders.SecretBuilder;
+import cz.xtf.builder.builders.secret.SecretType;
+import io.fabric8.kubernetes.api.model.Secret;
+
 /**
  * End user Application interface which presents PostgreSQL image application on OpenShift Container Platform.
  *
@@ -33,7 +40,22 @@
  *     <li>{@link PostgreSQLImageOpenShiftProvisioner}</li>
  * </ul>
  */
-public interface PostgreSQLImageOpenShiftApplication extends DBImageOpenShiftApplication {
+public interface PostgreSQLImageOpenShiftApplication extends DBImageOpenShiftApplication, HasSecrets {
+
+	String POSTGRESQL_USER = "POSTGRESQL_USER";
+	String POSTGRESQL_PASSWORD = "POSTGRESQL_PASSWORD";
+	String POSTGRESQL_ADMIN_PASSWORD = "POSTGRESQL_ADMIN_PASSWORD";
+
+	String POSTGRESQL_USER_KEY = POSTGRESQL_USER.replace("_", "-").toLowerCase();
+	String POSTGRESQL_PASSWORD_KEY = POSTGRESQL_PASSWORD.replace("_", "-").toLowerCase();
+	String POSTGRESQL_ADMIN_PASSWORD_KEY = POSTGRESQL_ADMIN_PASSWORD.replace("_", "-").toLowerCase();
+
+	/**
+	 * @return name of the secret containing username and password for the database
+	 */
+	default String getApplicationSecretName() {
+		return getName() + "-credentials";
+	}
 
 	default String getName() {
 		return "postgresql";
@@ -42,4 +64,14 @@ default String getName() {
 	default String getAdminPassword() {
 		return "admin123";
 	}
+
+	@Override
+	default List<Secret> getSecrets() {
+		return Collections.singletonList(new SecretBuilder(getApplicationSecretName())
+				.setType(SecretType.OPAQUE).addData(POSTGRESQL_USER_KEY, getUser().getBytes())
+				.addData(POSTGRESQL_PASSWORD_KEY, getPassword().getBytes())
+				.addData(POSTGRESQL_ADMIN_PASSWORD_KEY,
+						getAdminPassword().getBytes())
+				.build());
+	}
 }

tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/DBImageOpenShiftProvisioner.java

@@ -145,11 +145,4 @@ public String getServiceName() {
 		return dbApplication.getName() + "-service";
 	}
 
-	/**
-	 * @return name of the secret containing username and password for the database
-	 */
-	public String getSecretName() {
-		return dbApplication.getName() + "-credentials";
-	}
-
 }

tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/provision/openshift/PostgreSQLImageOpenShiftProvisioner.java

@@ -22,20 +22,11 @@
 
 import cz.xtf.builder.builders.ApplicationBuilder;
 import cz.xtf.builder.builders.pod.ContainerBuilder;
-import cz.xtf.builder.builders.secret.SecretType;
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
 public class PostgreSQLImageOpenShiftProvisioner extends DBImageOpenShiftProvisioner<PostgreSQLImageOpenShiftApplication> {
 
-	public static final String POSTGRESQL_USER = "POSTGRESQL_USER";
-	public static final String POSTGRESQL_PASSWORD = "POSTGRESQL_PASSWORD";
-	public static final String POSTGRESQL_ADMIN_PASSWORD = "POSTGRESQL_ADMIN_PASSWORD";
-
-	public static final String POSTGRESQL_USER_KEY = POSTGRESQL_USER.replace("_", "-").toLowerCase();
-	public static final String POSTGRESQL_PASSWORD_KEY = POSTGRESQL_PASSWORD.replace("_", "-").toLowerCase();
-	public static final String POSTGRESQL_ADMIN_PASSWORD_KEY = POSTGRESQL_ADMIN_PASSWORD.replace("_", "-").toLowerCase();
-
 	public PostgreSQLImageOpenShiftProvisioner(PostgreSQLImageOpenShiftApplication pgSQLApplication) {
 		super(pgSQLApplication);
 	}
@@ -70,9 +61,9 @@ protected void configureContainer(ContainerBuilder containerBuilder) {
 	@Override
 	public Map<String, String> getImageVariables() {
 		Map<String, String> vars = super.getImageVariables();
-		vars.remove(POSTGRESQL_USER);
-		vars.remove(POSTGRESQL_PASSWORD);
-		vars.remove(POSTGRESQL_ADMIN_PASSWORD);
+		vars.remove(PostgreSQLImageOpenShiftApplication.POSTGRESQL_USER);
+		vars.remove(PostgreSQLImageOpenShiftApplication.POSTGRESQL_PASSWORD);
+		vars.remove(PostgreSQLImageOpenShiftApplication.POSTGRESQL_ADMIN_PASSWORD);
 		vars.remove("POSTGRESQL_USERNAME");
 		vars.put("POSTGRESQL_MAX_CONNECTIONS", "100");
 		vars.put("POSTGRESQL_SHARED_BUFFERS", "16MB");
@@ -87,19 +78,13 @@ public Map<String, String> getImageVariables() {
 
 	@Override
 	public void customizeApplication(ApplicationBuilder appBuilder) {
-		// the secret is supposed to be used by applications connecting to the database
-		appBuilder.secret(getSecretName())
-				.setType(SecretType.OPAQUE)
-				.addData(POSTGRESQL_USER_KEY, dbApplication.getUser().getBytes())
-				.addData(POSTGRESQL_PASSWORD_KEY, dbApplication.getPassword().getBytes())
-				.addData(POSTGRESQL_ADMIN_PASSWORD_KEY,
-						dbApplication.getAdminPassword().getBytes());
-		// the secret is also used to configure POSTGRESQL_USER, POSTGRESQL_PASSWORD, POSTGRESQL_ADMIN_PASSWORD
+		// the application secret is used to configure the PostgreSql container env vars, such as POSTGRESQL_USER,
+		// POSTGRESQL_PASSWORD, POSTGRESQL_ADMIN_PASSWORD
 		appBuilder.deploymentConfig().podTemplate().container().configFromConfigMap(
-				getSecretName(),
+				getApplication().getApplicationSecretName(),
 				(String t) -> t.replace("-", "_").toUpperCase(),
-				POSTGRESQL_USER_KEY,
-				POSTGRESQL_PASSWORD_KEY,
-				POSTGRESQL_ADMIN_PASSWORD_KEY);
+				PostgreSQLImageOpenShiftApplication.POSTGRESQL_USER_KEY,
+				PostgreSQLImageOpenShiftApplication.POSTGRESQL_PASSWORD_KEY,
+				PostgreSQLImageOpenShiftApplication.POSTGRESQL_ADMIN_PASSWORD_KEY);
 	}
 }