Browse Source

Merge pull request #3 from tekliner/IN-74

In 74
pull/4/head
Vladimir Smagin 1 year ago
committed by GitHub
parent
commit
47450ec381
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 97 additions and 57 deletions
  1. +10
    -10
      deploy/crds/rabbitmq_v1_rabbitmq_cr.yaml
  2. +51
    -24
      pkg/controller/rabbitmq/rabbitmq_policies.go
  3. +36
    -23
      pkg/controller/rabbitmq/rabbitmq_users.go

+ 10
- 10
deploy/crds/rabbitmq_v1_rabbitmq_cr.yaml View File

@@ -26,13 +26,13 @@ spec:
- PLAIN
- AMQPLAIN
volume_size: 1Gi
# policies:
# - name: ha-three
# vhost: "rabbit"
# pattern: ".*"
# definition:
# ha-mode: "exactly"
# ha-params: 3
# ha-sync-mode: "automatic"
# priority: 0
# apply-to: all
policies:
- name: ha-three
vhost: "rabbit"
pattern: ".*"
definition:
ha-mode: "exactly"
ha-params: 3
ha-sync-mode: "automatic"
priority: 0
apply-to: all

+ 51
- 24
pkg/controller/rabbitmq/rabbitmq_policies.go View File

@@ -11,19 +11,21 @@ import (

// setPolicies run as go routine
func (r *ReconcileRabbitmq) setPolicies(ctx context.Context, reqLogger logr.Logger, cr *rabbitmqv1.Rabbitmq, secretNames secretResouces) error {
var secret basicAuthCredentials

// get service account credentials
var serviceAccount basicAuthCredentials

username, err := r.getSecretData(reqLogger, cr.Namespace, secretNames.ServiceAccount, "username")
secret.username = username
serviceAccount.username = username
if err != nil {
reqLogger.Info("Policies: auth username not found")
reqLogger.Info("Users: auth username not found")
return err
}

password, err := r.getSecretData(reqLogger, cr.Namespace, secretNames.ServiceAccount, "password")
secret.password = password
serviceAccount.password = password
if err != nil {
reqLogger.Info("Policies: auth password not found")
reqLogger.Info("Users: auth password not found")
return err
}

@@ -35,34 +37,29 @@ func (r *ReconcileRabbitmq) setPolicies(ctx context.Context, reqLogger logr.Logg
reqLogger.Info("Rabbitmq API service failed", "Service name", r.apiServiceHostname(cr), "Error", err.Error())
return err
}
reqLogger.Info("Using API service: "+r.apiServiceAddress(cr), "username", secret.username, "password", secret.password)
reqLogger.Info("Policies: Using API service: "+r.apiServiceAddress(cr), "username", serviceAccount.username, "password", serviceAccount.password)

var policiesCR []rabbitmqv1.RabbitmqPolicy

//clean rabbit before fulfilling policies list
reqLogger.Info("Removing all policies")
// get exiting policies
reqLogger.Info("Reading exiting policies")

policies, err := r.apiPolicyList(reqLogger, cr, secret)
policiesRabbit, err := r.apiPolicyList(reqLogger, cr, serviceAccount)
if err != nil {
reqLogger.Info("Error while receiving policies list", "Error", err.Error())
return err
}
reqLogger.Info("Removing all policies from list", "Policies", policies)
for _, policyRecord := range policies {
reqLogger.Info("Removing " + policyRecord.Name)
err = r.apiPolicyRemove(reqLogger, cr, secret, policyRecord.Vhost, policyRecord.Name)
if err != nil {
return err
}
}

reqLogger.Info("Uploading policies from CRD")
// get policies from CR
reqLogger.Info("Reading policies from CRD")

// detect default vhost for all policies
// set default vhost for all policies
policiesDefaultVhost := "%2f"
if cr.Spec.RabbitmqVhost != "" {
policiesDefaultVhost = cr.Spec.RabbitmqVhost
}

// add new policies to Rabbit
// detect vhost to use
for _, policy := range cr.Spec.RabbitmqPolicies {
// detect vhost to use
policyVhost := ""
@@ -72,11 +69,41 @@ func (r *ReconcileRabbitmq) setPolicies(ctx context.Context, reqLogger logr.Logg
policyVhost = policiesDefaultVhost
}

// send policy to api service
reqLogger.Info("Adding policy " + policy.Name + " to vhost " + policyVhost)
err = r.apiPolicyAdd(reqLogger, cr, secret, policyVhost, policy)
policy.Vhost = policyVhost

policiesCR = append(policiesCR, policy)

}

// ok, now syncing

// remove policies from rabbit
for _, policyRabbit := range policiesRabbit {

// search
policyFound := false
for _, policyCR := range policiesCR {
if policyCR.Name == policyRabbit.Name {
policyFound =true
}
}

if !policyFound {
reqLogger.Info("Removing " + policyRabbit.Name)
err = r.apiPolicyRemove(reqLogger, cr, serviceAccount, policyRabbit.Vhost, policyRabbit.Name)
if err != nil {
return err
}
}

}

// add to rabbit from CR
for _, policyCR := range policiesCR {
reqLogger.Info("Adding policy " + policyCR.Name + " to vhost " + policyCR.Vhost)
err = r.apiPolicyAdd(reqLogger, cr, serviceAccount, policyCR.Vhost, policyCR)
if err != nil {
reqLogger.Info("Error adding policy "+policy.Name+" to vhost "+policyVhost, "Error", err)
reqLogger.Info("Error adding policy "+policyCR.Name+" to vhost "+policyCR.Vhost, "Error", err)
return err
}
}


+ 36
- 23
pkg/controller/rabbitmq/rabbitmq_users.go View File

@@ -12,17 +12,19 @@ import (
// Like policies, we need to remove all users and add them from secret

func (r *ReconcileRabbitmq) syncUsersCredentials(ctx context.Context, reqLogger logr.Logger, cr *rabbitmqv1.Rabbitmq, secretNames secretResouces) error {
var secret basicAuthCredentials

// get service account credentials
var serviceAccount basicAuthCredentials

username, err := r.getSecretData(reqLogger, cr.Namespace, secretNames.ServiceAccount, "username")
secret.username = username
serviceAccount.username = username
if err != nil {
reqLogger.Info("Users: auth username not found")
return err
}

password, err := r.getSecretData(reqLogger, cr.Namespace, secretNames.ServiceAccount, "password")
secret.password = password
serviceAccount.password = password
if err != nil {
reqLogger.Info("Users: auth password not found")
return err
@@ -36,41 +38,52 @@ func (r *ReconcileRabbitmq) syncUsersCredentials(ctx context.Context, reqLogger
reqLogger.Info("Rabbitmq API service failed", "Service name", r.apiServiceHostname(cr), "Error", err.Error())
return err
}
reqLogger.Info("Using API service: "+r.apiServiceAddress(cr), "username", secret.username, "password", secret.password)
reqLogger.Info("Users: Using API service: "+r.apiServiceAddress(cr), "username", serviceAccount.username, "password", serviceAccount.password)

//clean rabbit before fulfilling users list
reqLogger.Info("Removing all users")
// get user from secret
usersSecret, err := r.getSecret(secretNames.Credentials, cr.Namespace)
reqLogger.Info("Users from secret", "CRD", cr.Name , "SecretNames", secretNames, "Users", usersSecret, "ServiceAccount", serviceAccount.username)

users, err := r.apiUserList(reqLogger, cr, secret)
// get users from rabbit api
reqLogger.Info("Reading all users from rabbitmq")
usersRabbit, err := r.apiUserList(reqLogger, cr, serviceAccount)
if err != nil {
reqLogger.Info("Error while receiving users list", "Error", err.Error())
return err
}
reqLogger.Info("Removing all users from list", "Users", users)
for _, user := range users {
if user.Name == secret.username {
// do not delete service account
continue

reqLogger.Info("Sync users started")

// search users to remove
for _, userRabbitName := range usersRabbit {

userFound := false

for userSecretName, _ := range usersSecret.Data {
if userSecretName == userRabbitName.Name {
userFound = true
}
}
reqLogger.Info("Removing " + user.Name)
err = r.apiUserRemove(reqLogger, cr, secret, user)
if err != nil {
return err

// user from RabbitMQ not found in secret resource, so add to remove list
if (!userFound) && (userRabbitName.Name != serviceAccount.username) {
reqLogger.Info("Removing " + userRabbitName.Name)
err = r.apiUserRemove(reqLogger, cr, serviceAccount, rabbitmqUserStruct{Name:userRabbitName.Name})
if err != nil {
return err
}
}
}

reqLogger.Info("Uploading users from secret")

// get secret with users
credentialsSecret, err := r.getSecret(secretNames.Credentials, cr.Namespace)

// add new users to Rabbit
for user, password := range credentialsSecret.Data {
reqLogger.Info("Adding user " + user + " Password " + string(password))
for userName, userPassword := range usersSecret.Data {
reqLogger.Info("Adding user " + userName + " Password " + string(userPassword))

err = r.apiUserAdd(reqLogger, cr, secret, rabbitmqUserStruct{Name: user, Password: string(password), Tags: "management"})
err = r.apiUserAdd(reqLogger, cr, serviceAccount, rabbitmqUserStruct{Name: userName, Password: string(userPassword), Tags: "management"})
if err != nil {
reqLogger.Info("Error adding user "+user, "Error", err)
reqLogger.Info("Error adding user "+userName, "Error", err)
return err
}
}


Loading…
Cancel
Save