Merge pull request #288 from mintel/INFRA-30570-mariadb-extrausers

[INFRA-30570] add extraUsers for mariadb
mintel · Jul 26, 2023 · a116a2e · a116a2e
2 parents 5b65ad9 + e8b5425
commit a116a2e
Show file tree

Hide file tree

Showing 7 changed files with 344 additions and 2 deletions.
diff --git a/charts/standard-application-stack/CHANGELOG.md b/charts/standard-application-stack/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v5.10.0] - 2023-07-26
+### Added
+- Added `extraUsers` for mariadb
+
 ## [v5.9.4] - 2023-07-26
 ### Fixed
 - Updated README.md

diff --git a/charts/standard-application-stack/Chart.yaml b/charts/standard-application-stack/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 5.9.4
+version: 5.10.0
 
 dependencies:
   - name: redis

diff --git a/charts/standard-application-stack/README.md b/charts/standard-application-stack/README.md
@@ -1,6 +1,6 @@
 # standard-application-stack
 
-![Version: 5.9.4](https://img.shields.io/badge/Version-5.9.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 5.10.0](https://img.shields.io/badge/Version-5.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A generic chart to support most common application requirements
 
@@ -191,6 +191,7 @@ A generic chart to support most common application requirements
 | mariadb.client.resources.requests.cpu | string | `"100m"` |  |
 | mariadb.client.resources.requests.memory | string | `"64Mi"` |  |
 | mariadb.enabled | bool | `false` |  |
+| mariadb.extraUsers | object | `{"enabled":false,"users":[]}` | set up extra users for a database and table that already exist |
 | mariadb.metrics.enabled | bool | `false` |  |
 | mariadb.metrics.resources.limits.cpu | string | `"300m"` |  |
 | mariadb.metrics.resources.limits.memory | string | `"128Mi"` |  |

diff --git a/charts/standard-application-stack/templates/mariadb-py-dba.yaml b/charts/standard-application-stack/templates/mariadb-py-dba.yaml
@@ -0,0 +1,80 @@
+{{- if (and .Values.mariadb .Values.mariadb.enabled) }}
+{{- if (and .Values.mariadb.extraUsers .Values.mariadb.extraUsers.enabled) }}
+---
+{{- $data := dict "Release" $.Release "Chart" $.Chart "Values" $.Values "component" .name }}
+apiVersion: {{ include "common.capabilities.job.apiVersion" $ }}
+kind: Job
+metadata:
+  name: {{ include "mintel_common.fullname" $data }}
+  labels: {{ include "mintel_common.labels" $data | nindent 4 }}
+  annotations:
+    {{- include "mintel_common.commonAnnotations" $ | nindent 4 }}
+    {{ if .argo }}
+    {{ include "mintel_common.argoAnnotations" .argo | nindent 4 }}
+    {{ end }}
+    helm.sh/chart: {{ include "mintel_common.chart" $ }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  ttlSecondsAfterFinished: 600
+  template:
+    spec:
+      {{- include "mintel_common.imagePullSecrets" $ | nindent 6 }}
+      securityContext:
+        runAsUser: 1000
+        runAsNonRoot: true
+      serviceAccountName: {{ $.Values.serviceAccount.name | default (include "mintel_common.fullname" $)}}
+      restartPolicy: "Never"
+      containers:
+      - name: main
+        image: 551844124467.dkr.ecr.us-east-2.amazonaws.com/gitlab/mintel/satoshi/tools/py-dba:v0.1.0
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: 'CONFIG_FILE'
+          value: '/etc/config/py-dba-config'
+        - name: DB_ENGINE
+          value: mariadb
+        - name: USER_SECRET_PREFIX
+          value: {{ (printf "%s/%s/mariadb" (.Release.Namespace) (include "mintel_common.fullname" .)) }}
+        envFrom:
+        - secretRef:
+            name: {{ (printf "%s-mariadb" (include "mintel_common.fullname" .)) }}
+        resources:
+          limits:
+            cpu: 200m
+            memory: 64Mi
+          requests:
+            cpu: 100m
+            memory: 32Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          runAsNonRoot: true
+          runAsUser: 1000
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/config
+      volumes:
+      - name: config-volume
+        configMap:
+          name: {{ (printf "%s-py-dba-config" (include "mintel_common.fullname" .)) }}
+---
+{{- $data := dict "Release" $.Release "Chart" $.Chart "Values" $.Values "component" .name }}
+apiVersion: {{ include "common.capabilities.configmap.apiVersion" . }}
+kind: ConfigMap
+metadata:
+  name: {{ (printf "%s-py-dba-config" (include "mintel_common.fullname" .)) }}
+  labels: {{ include "mintel_common.labels" $data | nindent 4 }}
+  annotations:
+    {{ include "mintel_common.commonAnnotations" $data | nindent 4 }}
+    {{ if .argo }}
+    {{ include "mintel_common.argoAnnotations" .argo | nindent 4 }}
+    {{ end }}
+  namespace: {{ .Release.Namespace }}
+data:
+  {{- with .Values.mariadb.extraUsers.users }}
+  py-dba-config: | {{ (printf "users:\n%s" (toYaml .)) | nindent 10 }}
+  {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/standard-application-stack/tests/__snapshot__/mariadb_py_dba_test.yaml.snap b/charts/standard-application-stack/tests/__snapshot__/mariadb_py_dba_test.yaml.snap
@@ -0,0 +1,176 @@
+adds correct config to configmap:
+  1: |
+    apiVersion: batch/v1
+    kind: Job
+    metadata:
+      annotations:
+        app.mintel.com/placeholder: placeholder
+        helm.sh/chart: standard-application-stack-5.10.0
+      labels:
+        app.kubernetes.io/component: app
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: test-app
+        app.mintel.com/env: local
+        app.mintel.com/region: local
+        name: test-app
+      name: test-app
+      namespace: test-namespace
+    spec:
+      template:
+        spec:
+          containers:
+            - env:
+                - name: CONFIG_FILE
+                  value: /etc/config/py-dba-config
+                - name: DB_ENGINE
+                  value: mariadb
+                - name: USER_SECRET_PREFIX
+                  value: test-namespace/test-app/mariadb
+              envFrom:
+                - secretRef:
+                    name: test-app-mariadb
+              image: 551844124467.dkr.ecr.us-east-2.amazonaws.com/gitlab/mintel/satoshi/tools/py-dba:v0.1.0
+              imagePullPolicy: IfNotPresent
+              name: main
+              resources:
+                limits:
+                  cpu: 200m
+                  memory: 64Mi
+                requests:
+                  cpu: 100m
+                  memory: 32Mi
+              securityContext:
+                allowPrivilegeEscalation: false
+                capabilities:
+                  drop:
+                    - ALL
+                runAsNonRoot: true
+                runAsUser: 1000
+              volumeMounts:
+                - mountPath: /etc/config
+                  name: config-volume
+          imagePullSecrets:
+            - name: image-pull-gitlab
+            - name: image-pull-docker-hub
+          restartPolicy: Never
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 1000
+          serviceAccountName: test-app
+          volumes:
+            - configMap:
+                name: test-app-py-dba-config
+              name: config-volume
+      ttlSecondsAfterFinished: 600
+  2: |
+    apiVersion: v1
+    data:
+      py-dba-config: |
+        users:
+        - database: test_db
+          tables:
+          - permissions:
+            - ALL
+            table: table1
+          username: user1
+    kind: ConfigMap
+    metadata:
+      annotations:
+        app.mintel.com/placeholder: placeholder
+      labels:
+        app.kubernetes.io/component: app
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: test-app
+        app.mintel.com/env: local
+        app.mintel.com/region: local
+        name: test-app
+      name: test-app-py-dba-config
+      namespace: test-namespace
+extraUsers adds job and configmap:
+  1: |
+    apiVersion: batch/v1
+    kind: Job
+    metadata:
+      annotations:
+        app.mintel.com/placeholder: placeholder
+        helm.sh/chart: standard-application-stack-5.10.0
+      labels:
+        app.kubernetes.io/component: app
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: test-app
+        app.mintel.com/env: local
+        app.mintel.com/region: local
+        name: test-app
+      name: test-app
+      namespace: test-namespace
+    spec:
+      template:
+        spec:
+          containers:
+            - env:
+                - name: CONFIG_FILE
+                  value: /etc/config/py-dba-config
+                - name: DB_ENGINE
+                  value: mariadb
+                - name: USER_SECRET_PREFIX
+                  value: test-namespace/test-app/mariadb
+              envFrom:
+                - secretRef:
+                    name: test-app-mariadb
+              image: 551844124467.dkr.ecr.us-east-2.amazonaws.com/gitlab/mintel/satoshi/tools/py-dba:v0.1.0
+              imagePullPolicy: IfNotPresent
+              name: main
+              resources:
+                limits:
+                  cpu: 200m
+                  memory: 64Mi
+                requests:
+                  cpu: 100m
+                  memory: 32Mi
+              securityContext:
+                allowPrivilegeEscalation: false
+                capabilities:
+                  drop:
+                    - ALL
+                runAsNonRoot: true
+                runAsUser: 1000
+              volumeMounts:
+                - mountPath: /etc/config
+                  name: config-volume
+          imagePullSecrets:
+            - name: image-pull-gitlab
+            - name: image-pull-docker-hub
+          restartPolicy: Never
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 1000
+          serviceAccountName: test-app
+          volumes:
+            - configMap:
+                name: test-app-py-dba-config
+              name: config-volume
+      ttlSecondsAfterFinished: 600
+  2: |
+    apiVersion: v1
+    data:
+      py-dba-config: |
+        users:
+        - database: test_db
+          tables:
+          - permissions:
+            - ALL
+            table: table1
+          username: user1
+    kind: ConfigMap
+    metadata:
+      annotations:
+        app.mintel.com/placeholder: placeholder
+      labels:
+        app.kubernetes.io/component: app
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: test-app
+        app.mintel.com/env: local
+        app.mintel.com/region: local
+        name: test-app
+      name: test-app-py-dba-config
+      namespace: test-namespace
diff --git a/charts/standard-application-stack/tests/mariadb_py_dba_test.yaml b/charts/standard-application-stack/tests/mariadb_py_dba_test.yaml
@@ -0,0 +1,56 @@
+suite: Test MariaDB py-dba configs
+templates:
+  - mariadb-py-dba.yaml
+release:
+  namespace: test-namespace
+tests:
+  - it: extraUsers adds job and configmap
+    set:
+      global.name: test-app
+      mariadb:
+        enabled: true
+        extraUsers:
+          enabled: true
+          users:
+          - username: user1
+            database: test_db
+            tables:
+            - table: table1
+              permissions: ["ALL"]
+
+    asserts:
+      - matchSnapshot: {} # Check for regressions and unexpected changes.
+      - isKind:
+          of: ConfigMap
+        documentIndex: 1
+      - isKind:
+          of: Job
+        documentIndex: 0
+
+  - it: adds correct config to configmap
+    set:
+      global.name: test-app
+      mariadb:
+        enabled: true
+        extraUsers:
+          enabled: true
+          users:
+          - username: user1
+            database: test_db
+            tables:
+            - table: table1
+              permissions: ["ALL"]
+
+    asserts:
+      - matchSnapshot: {} # Check for regressions and unexpected changes.
+      - equal:
+          path: data.py-dba-config
+          value: |
+            users:
+            - database: test_db
+              tables:
+              - permissions:
+                - ALL
+                table: table1
+              username: user1
+        documentIndex: 1
diff --git a/charts/standard-application-stack/values.yaml b/charts/standard-application-stack/values.yaml
@@ -1024,6 +1024,31 @@ mariadb:
       requests:
         cpu: 100m
         memory: 64Mi
+  # -- set up extra users for a database and table that already exist
+  extraUsers:
+    enabled: false
+    users: []
+    # List of objects with format:
+    # username: "my_user"
+    # database: "my_db"
+    # tables:
+    # - table: "my_table"
+    #   permissions: ["ALL"]
+    #
+    # Example:
+    # - username: "user1"
+    #   database: "test_db"
+    #   tables:
+    #   - table: "table1"
+    #     permissions: ["SELECT", "UPDATE"]
+    #   - table: "table2"
+    #     permissions: ["INSERT"]
+    # - username: "user2"
+    #   database: "test_db"
+    #   tables:
+    #   - table: "table1"
+    #     permissions: ["DELETE"]
+
 
 memcached:
   enabled: false