diff --git a/go.mod b/go.mod index c3ed48127..97a0ec535 100644 --- a/go.mod +++ b/go.mod @@ -20,11 +20,11 @@ require ( k8s.io/component-base v0.21.1 k8s.io/klog/v2 v2.9.0 k8s.io/kubectl v0.21.1 - kmodules.xyz/client-go v0.0.0-20220427165208-36281a681909 + kmodules.xyz/client-go v0.0.0-20220512223652-dc247aa7f6df kmodules.xyz/custom-resources v0.0.0-20220422215041-237eae1d7ddd - kmodules.xyz/monitoring-agent-api v0.0.0-20220319222118-0290ed5b75e1 - kubedb.dev/apimachinery v0.26.1-0.20220508053725-74c4fc13ef02 - stash.appscode.dev/apimachinery v0.20.0 + kmodules.xyz/monitoring-agent-api v0.0.0-20220519191512-5a48a0a1d3f8 + kubedb.dev/apimachinery v0.26.1-0.20220519193141-3634eb14c9ac + stash.appscode.dev/apimachinery v0.20.1 ) require github.com/josharian/intern v1.0.0 // indirect diff --git a/go.sum b/go.sum index 8d35931bb..74329cd84 100644 --- a/go.sum +++ b/go.sum @@ -266,6 +266,7 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg78 github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/gobuffalo/flect v0.2.2/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc= github.com/gobuffalo/flect v0.2.3/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc= +github.com/gobuffalo/flect v0.2.5/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8= github.com/gobuffalo/here v0.6.0/go.mod h1:wAG085dHOYqUpf+Ap+WOdrPTp5IYcDAs/x7PLa8Y5fM= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -1253,8 +1254,9 @@ kmodules.xyz/client-go v0.0.0-20220104114408-2a3a05dbe89f/go.mod h1:xxl1ve1Obe4x kmodules.xyz/client-go v0.0.0-20220203031013-1de48437aaf3/go.mod h1:aOwnhdxO0uh54ds1wQYRlKVtYlzLyakaesmMQeupVek= kmodules.xyz/client-go v0.0.0-20220215012708-9963581d69a7/go.mod h1:sOq5P3AkZdv6D/skvUPwEG15NDYy5olwBllH/JXfhGI= kmodules.xyz/client-go v0.0.0-20220317213815-2a6d5a5784f2/go.mod h1:7pExIHGzUdu8ZGveYvAaXEhS4GdczoOy8z+hq6x6K9A= -kmodules.xyz/client-go v0.0.0-20220427165208-36281a681909 h1:c/7SJgQbmEzPdziKnx5uC7EtkTmbbyLBz7gQGfVGvSg= kmodules.xyz/client-go v0.0.0-20220427165208-36281a681909/go.mod h1:7pExIHGzUdu8ZGveYvAaXEhS4GdczoOy8z+hq6x6K9A= +kmodules.xyz/client-go v0.0.0-20220512223652-dc247aa7f6df h1:ATThnmUo1tKu7rW0O8iyU0XJCTibXnbVIePLJeIQH0c= +kmodules.xyz/client-go v0.0.0-20220512223652-dc247aa7f6df/go.mod h1:7pExIHGzUdu8ZGveYvAaXEhS4GdczoOy8z+hq6x6K9A= kmodules.xyz/constants v0.0.0-20210218100002-2c304bfda278/go.mod h1:DbiFk1bJ1KEO94t1SlAn7tzc+Zz95rSXgyUKa2nzPmY= kmodules.xyz/crd-schema-fuzz v0.0.0-20210618002152-fae23aef5fb4/go.mod h1:IIkUctlfoptoci0BOrsUf8ya+MOG5uaeh1PE4uzaIbA= kmodules.xyz/crd-schema-fuzz v0.0.0-20211025154117-6edb24ef11bc/go.mod h1:yLOBJKasPhnCodKSZGFZ6OGFFrp0tq3ALS9rDnYFjkg= @@ -1263,8 +1265,9 @@ kmodules.xyz/custom-resources v0.0.0-20220314103517-150ada19b198/go.mod h1:cDD2g kmodules.xyz/custom-resources v0.0.0-20220317220154-7beb809b1f5e/go.mod h1:OCLmlMhRowPtBPP1bu4xreNLj8/TYu/4lY477+eAzUM= kmodules.xyz/custom-resources v0.0.0-20220422215041-237eae1d7ddd h1:Y5w0ZxHMSPUnzjAlVKXS6+ED/wXlxXyWVYckarkiBBA= kmodules.xyz/custom-resources v0.0.0-20220422215041-237eae1d7ddd/go.mod h1:OCLmlMhRowPtBPP1bu4xreNLj8/TYu/4lY477+eAzUM= -kmodules.xyz/monitoring-agent-api v0.0.0-20220319222118-0290ed5b75e1 h1:V+UN7+86GIrRszwCwWJAPSHq9mfgZR5K1xX7hYRmQRg= kmodules.xyz/monitoring-agent-api v0.0.0-20220319222118-0290ed5b75e1/go.mod h1:UewkaANM5lHuURg/WPjuBmsdbfYN2yG0y0L2fxmADw8= +kmodules.xyz/monitoring-agent-api v0.0.0-20220519191512-5a48a0a1d3f8 h1:19VqNl4srnb9BBaw3d9WGrzcuGSC6pzH/M2BrjCBW1A= +kmodules.xyz/monitoring-agent-api v0.0.0-20220519191512-5a48a0a1d3f8/go.mod h1:5ihy4/VxICVhjoTZVlDHtG8chavHI6yolcJ4mJQLnJ0= kmodules.xyz/objectstore-api v0.0.0-20211207131029-3271069de43e/go.mod h1:IICnDdPFOEeGXdaPVHOGYfdwD1cyh/p1I/TWMkyNTIE= kmodules.xyz/objectstore-api v0.0.0-20220317220441-f1d593d0a778 h1:1biCLf6zjBzg9YI9xDjrH6RrKtizpKVB7iuo/5NWOo0= kmodules.xyz/objectstore-api v0.0.0-20220317220441-f1d593d0a778/go.mod h1:rJ3QmHvS0CCJAhhdbXh+O2nlEY5gEmgYdpo3vA4nAm4= @@ -1284,8 +1287,8 @@ kmodules.xyz/resource-metrics v0.0.8/go.mod h1:M7rWuo2qh3BpHhogiEVPnvGY9Xx4Pfygq kmodules.xyz/schema-checker v0.2.0/go.mod h1:J1QUIFsqW0h/WNrIGzzy3UopTzg+RmMJXxvAZfmYDb4= kmodules.xyz/schema-checker v0.2.1/go.mod h1:1R2s4FH23Rz73DnfT8paWGNeMQpT7ia3KoyF8X4HCGU= kmodules.xyz/webhook-runtime v0.0.0-20220317222714-0ddfc9e4c221/go.mod h1:Q+4LHbCHVlkKxpEgaDa/EyZb5p/Bpj767zInBwyyitc= -kubedb.dev/apimachinery v0.26.1-0.20220508053725-74c4fc13ef02 h1:PnqoNtWm6bBb8AH8vvR3fMR1loR+NTLdFElPKLYqN9A= -kubedb.dev/apimachinery v0.26.1-0.20220508053725-74c4fc13ef02/go.mod h1:atLQjkN5sVQc7WJJCyxTt0AD8ZODyZYUxudYAQIxL2Y= +kubedb.dev/apimachinery v0.26.1-0.20220519193141-3634eb14c9ac h1:xdQ7eCssD8CrmofM/8hWgkhP96f21wYvE2dCQikjzvE= +kubedb.dev/apimachinery v0.26.1-0.20220519193141-3634eb14c9ac/go.mod h1:atLQjkN5sVQc7WJJCyxTt0AD8ZODyZYUxudYAQIxL2Y= modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= @@ -1326,5 +1329,5 @@ software.sslmate.com/src/go-pkcs12 v0.0.0-20180114231543-2291e8f0f237/go.mod h1: software.sslmate.com/src/go-pkcs12 v0.0.0-20200830195227-52f69702a001/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= stash.appscode.dev/apimachinery v0.18.0/go.mod h1:MDzqJ66A2QZKAHRksfHT5crOD29a0S5Hfuy/D5hHAjw= -stash.appscode.dev/apimachinery v0.20.0 h1:JxBT94F/bfV6hkc8PxYoNOFiNeXa8YRLBp1hAX2NDz0= -stash.appscode.dev/apimachinery v0.20.0/go.mod h1:HyYlJ56VT8QgUM7NPCMrRRr/9e+eltUHGtd7GBXUCJo= +stash.appscode.dev/apimachinery v0.20.1 h1:pWmqoGydibXTbwFGesMdVulxPGE/J3gdSGY/9E6LOh0= +stash.appscode.dev/apimachinery v0.20.1/go.mod h1:HyYlJ56VT8QgUM7NPCMrRRr/9e+eltUHGtd7GBXUCJo= diff --git a/vendor/kmodules.xyz/client-go/core/v1/kubernetes.go b/vendor/kmodules.xyz/client-go/core/v1/kubernetes.go index e2ab73f60..6d780305e 100644 --- a/vendor/kmodules.xyz/client-go/core/v1/kubernetes.go +++ b/vendor/kmodules.xyz/client-go/core/v1/kubernetes.go @@ -71,10 +71,6 @@ func EnsureContainerDeleted(containers []core.Container, name string) []core.Con func UpsertContainer(containers []core.Container, upsert core.Container) []core.Container { for i, container := range containers { if container.Name == upsert.Name { - // can't be updated. So, keep existing values. usually not set in upsert. - upsert.TerminationMessagePath = container.TerminationMessagePath - upsert.TerminationMessagePolicy = container.TerminationMessagePolicy - err := mergo.Merge(&container, upsert, mergo.WithOverride) if err != nil { panic(err) diff --git a/vendor/kubedb.dev/apimachinery/apis/dashboard/v1alpha1/constants.go b/vendor/kubedb.dev/apimachinery/apis/dashboard/v1alpha1/constants.go index e31670b58..82f9254ba 100644 --- a/vendor/kubedb.dev/apimachinery/apis/dashboard/v1alpha1/constants.go +++ b/vendor/kubedb.dev/apimachinery/apis/dashboard/v1alpha1/constants.go @@ -96,10 +96,10 @@ var ( DashboardsDefaultResources = core.ResourceRequirements{ Requests: core.ResourceList{ core.ResourceCPU: resource.MustParse(".100"), - core.ResourceMemory: resource.MustParse("512Mi"), + core.ResourceMemory: resource.MustParse("1Gi"), }, Limits: core.ResourceList{ - core.ResourceMemory: resource.MustParse("512Mi"), + core.ResourceMemory: resource.MustParse("1Gi"), }, } ) diff --git a/vendor/kubedb.dev/apimachinery/apis/dashboard/v1alpha1/types.go b/vendor/kubedb.dev/apimachinery/apis/dashboard/v1alpha1/types.go index ec3bc3424..b1088a972 100644 --- a/vendor/kubedb.dev/apimachinery/apis/dashboard/v1alpha1/types.go +++ b/vendor/kubedb.dev/apimachinery/apis/dashboard/v1alpha1/types.go @@ -75,13 +75,16 @@ const ( StatsServiceAlias ServiceAlias = "stats" ) -// +kubebuilder:validation:Enum=green;yellow;red +// +kubebuilder:validation:Enum=green;yellow;red;available;degraded;unavailable type DashboardServerState string const ( - StateGreen DashboardServerState = "green" - StateYellow DashboardServerState = "yellow" - StateRed DashboardServerState = "red" + StateGreen DashboardServerState = "green" + StateYellow DashboardServerState = "yellow" + StateRed DashboardServerState = "red" + StateAvailable DashboardServerState = "available" + StateDegraded DashboardServerState = "degraded" + StateUnavailable DashboardServerState = "unavailable" ) // +kubebuilder:validation:Enum=dashboard-custom-config;dashboard-temp-config;dashboard-config;kibana-server;database-client diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/constants.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/constants.go index 117f3270f..cc87b4345 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/constants.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/constants.go @@ -200,6 +200,7 @@ const ( MySQLTLSConfigPreferred = "preferred" MySQLRouterContainerName = "mysql-router" + MySQLCoordinatorContainerName = "mysql-coordinator" MySQLRouterInitScriptDirectoryName = "init-scripts" MySQLRouterInitScriptDirectoryPath = "/scripts" MySQLRouterConfigDirectoryName = "router-config-secret" @@ -259,6 +260,9 @@ const ( PostgresCoordinatorClientPort = 2379 PostgresCoordinatorClientPortName = "coordinatclient" + RaftMetricsExporterPort = 23790 + RaftMetricsExporterPortName = "raft-metrics" + PostgresRunScriptMountPath = "/run_scripts" PostgresRunScriptVolumeName = "scripts" @@ -286,6 +290,13 @@ const ( ProxySQLAdminPortName = "admin" ProxySQLDataMountPath = "/var/lib/proxysql" ProxySQLCustomConfigMountPath = "/etc/custom-config" + + ProxySQLBackendSSLMountPath = "/var/lib/certs" + ProxySQLFrontendSSLMountPath = "/var/lib/frontend" + ProxySQLClusterAdmin = "cluster" + ProxySQLClusterPasswordField = "cluster_password" + ProxySQLTLSConfigCustom = "custom" + ProxySQLTLSConfigSkipVerify = "skip-verify" // =========================== Redis Constants ============================ RedisConfigKey = "redis.conf" // RedisConfigKey is going to create for the customize redis configuration // DefaultConfigKey is going to create for the default redis configuration @@ -345,20 +356,26 @@ const ( DatabasePaused = "Paused" // used for Databases that are halted DatabaseHalted = "Halted" + // used for pausing health check of a Database + DatabaseHealthCheckPaused = "HealthCheckPaused" + // used for Databases whose internal user credentials are synced + InternalUsersSynced = "InternalUsersSynced" // Condition reasons - DataRestoreStartedByExternalInitializer = "DataRestoreStartedByExternalInitializer" - DatabaseSuccessfullyRestored = "SuccessfullyDataRestored" - FailedToRestoreData = "FailedToRestoreData" - AllReplicasAreReady = "AllReplicasReady" - SomeReplicasAreNotReady = "SomeReplicasNotReady" - DatabaseAcceptingConnectionRequest = "DatabaseAcceptingConnectionRequest" - DatabaseNotAcceptingConnectionRequest = "DatabaseNotAcceptingConnectionRequest" - ReadinessCheckSucceeded = "ReadinessCheckSucceeded" - ReadinessCheckFailed = "ReadinessCheckFailed" - DatabaseProvisioningStartedSuccessfully = "DatabaseProvisioningStartedSuccessfully" - DatabaseSuccessfullyProvisioned = "DatabaseSuccessfullyProvisioned" - DatabaseHaltedSuccessfully = "DatabaseHaltedSuccessfully" + DataRestoreStartedByExternalInitializer = "DataRestoreStartedByExternalInitializer" + DatabaseSuccessfullyRestored = "SuccessfullyDataRestored" + FailedToRestoreData = "FailedToRestoreData" + AllReplicasAreReady = "AllReplicasReady" + SomeReplicasAreNotReady = "SomeReplicasNotReady" + DatabaseAcceptingConnectionRequest = "DatabaseAcceptingConnectionRequest" + DatabaseNotAcceptingConnectionRequest = "DatabaseNotAcceptingConnectionRequest" + ReadinessCheckSucceeded = "ReadinessCheckSucceeded" + ReadinessCheckFailed = "ReadinessCheckFailed" + DatabaseProvisioningStartedSuccessfully = "DatabaseProvisioningStartedSuccessfully" + DatabaseSuccessfullyProvisioned = "DatabaseSuccessfullyProvisioned" + DatabaseHaltedSuccessfully = "DatabaseHaltedSuccessfully" + InternalUsersCredentialSyncFailed = "InternalUsersCredentialsSyncFailed" + InternalUsersCredentialsSyncedSuccessfully = "InternalUsersCredentialsSyncedSuccessfully" ) // Resource kind related constants diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/elasticsearch_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/elasticsearch_helpers.go index ca7d184d1..1ea0e2c13 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/elasticsearch_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/elasticsearch_helpers.go @@ -27,6 +27,7 @@ import ( "kubedb.dev/apimachinery/apis/kubedb" "kubedb.dev/apimachinery/crds" + "github.com/Masterminds/semver/v3" "gomodules.xyz/pointer" core "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -595,7 +596,53 @@ func (e *Elasticsearch) setDefaultInternalUsersAndRoleMappings(esVersion *catalo return } - // The internalUsers feature only works with searchGuard, openSearch, and openDistro + version, err := semver.NewVersion(esVersion.Spec.Version) + if err != nil { + return + } + // set missing internal users for Xpack, + // internal users are supported for version>=7.8.x + if esVersion.Spec.AuthPlugin == catalog.ElasticsearchAuthPluginXpack && + (version.Major() >= 8 || (version.Major() == 7 && version.Minor() >= 8)) { + inUsers := e.Spec.InternalUsers + // If not set, create empty map + if inUsers == nil { + inUsers = make(map[string]ElasticsearchUserSpec) + } + + // "elastic" user + if userSpec, exists := inUsers[string(ElasticsearchInternalUserElastic)]; !exists { + inUsers[string(ElasticsearchInternalUserElastic)] = ElasticsearchUserSpec{ + BackendRoles: []string{"superuser"}, + } + } else { + // upsert "superuser" role, if missing + // elastic user must have the superuser role + userSpec.BackendRoles = upsertStringSlice(userSpec.BackendRoles, "superuser") + inUsers[string(ElasticsearchInternalUserElastic)] = userSpec + } + + // "Kibana_system", "logstash_system", "beats_system", "apm_system", "remote_monitoring_user" user + setMissingElasticsearchUser(inUsers, string(ElasticsearchInternalUserKibanaSystem), ElasticsearchUserSpec{ + BackendRoles: []string{"kibana_system"}, + }) + setMissingElasticsearchUser(inUsers, string(ElasticsearchInternalUserBeatsSystem), ElasticsearchUserSpec{ + BackendRoles: []string{"beats_system"}, + }) + setMissingElasticsearchUser(inUsers, string(ElasticsearchInternalUserApmSystem), ElasticsearchUserSpec{ + BackendRoles: []string{"apm_system"}, + }) + setMissingElasticsearchUser(inUsers, string(ElasticsearchInternalUserRemoteMonitoringUser), ElasticsearchUserSpec{ + BackendRoles: []string{"remote_monitoring_collector", "remote_monitoring_agent"}, + }) + setMissingElasticsearchUser(inUsers, string(ElasticsearchInternalUserLogstashSystem), ElasticsearchUserSpec{ + BackendRoles: []string{"logstash_system"}, + }) + + e.Spec.InternalUsers = inUsers + } + + // set missing internal users and roles for OpenDistro, SearchGuard & OpenSearch if esVersion.Spec.AuthPlugin == catalog.ElasticsearchAuthPluginOpenDistro || esVersion.Spec.AuthPlugin == catalog.ElasticsearchAuthPluginSearchGuard || esVersion.Spec.AuthPlugin == catalog.ElasticsearchAuthPluginOpenSearch { @@ -630,26 +677,6 @@ func (e *Elasticsearch) setDefaultInternalUsersAndRoleMappings(esVersion *catalo setMissingElasticsearchUser(inUsers, string(ElasticsearchInternalUserMetricsExporter), ElasticsearchUserSpec{}) } - // Set missing user secret names - for username, userSpec := range inUsers { - // For admin user, spec.authSecret.Name must have high precedence over default field - if username == string(ElasticsearchInternalUserAdmin) { - if e.Spec.AuthSecret != nil && e.Spec.AuthSecret.Name != "" { - userSpec.SecretName = e.Spec.AuthSecret.Name - } else { - if userSpec.SecretName == "" { - userSpec.SecretName = e.DefaultUserCredSecretName(username) - } - e.Spec.AuthSecret = &core.LocalObjectReference{ - Name: userSpec.SecretName, - } - } - } else if userSpec.SecretName == "" { - userSpec.SecretName = e.DefaultUserCredSecretName(username) - } - inUsers[username] = userSpec - } - // If monitoring is enabled, // The "metric_exporter" user needs to have "readall_monitor" role mapped to itself. if e.Spec.Monitor != nil { @@ -691,6 +718,28 @@ func (e *Elasticsearch) setDefaultInternalUsersAndRoleMappings(esVersion *catalo } e.Spec.InternalUsers = inUsers } + + inUsers := e.Spec.InternalUsers + // Set missing user secret names + for username, userSpec := range inUsers { + // For admin user, spec.authSecret.Name must have high precedence over default field + if username == string(ElasticsearchInternalUserAdmin) || username == string(ElasticsearchInternalUserElastic) { + if e.Spec.AuthSecret != nil && e.Spec.AuthSecret.Name != "" { + userSpec.SecretName = e.Spec.AuthSecret.Name + } else { + if userSpec.SecretName == "" { + userSpec.SecretName = e.DefaultUserCredSecretName(username) + } + e.Spec.AuthSecret = &core.LocalObjectReference{ + Name: userSpec.SecretName, + } + } + } else if userSpec.SecretName == "" { + userSpec.SecretName = e.DefaultUserCredSecretName(username) + } + inUsers[username] = userSpec + } + e.Spec.InternalUsers = inUsers } // set default tls configuration (ie. alias, secretName) @@ -752,11 +801,14 @@ func (e *Elasticsearch) SetTLSDefaults(esVersion *catalog.ElasticsearchVersion) // archiver tlsConfig.Certificates = kmapi.SetMissingSpecForCertificate(tlsConfig.Certificates, kmapi.CertificateSpec{ - Alias: string(ElasticsearchArchiverCert), - SecretName: e.CertificateName(ElasticsearchArchiverCert), + Alias: string(ElasticsearchClientCert), + SecretName: e.CertificateName(ElasticsearchClientCert), }) } + // remove archiverCert from old spec if exists + tlsConfig.Certificates = kmapi.RemoveCertificate(tlsConfig.Certificates, string(ElasticsearchArchiverCert)) + for id := range tlsConfig.Certificates { // Force overwrite the private key encoding type to PKCS#8 tlsConfig.Certificates[id].PrivateKey = &kmapi.CertificatePrivateKey{ diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/elasticsearch_types.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/elasticsearch_types.go index aa6975bcc..4af243090 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/elasticsearch_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/elasticsearch_types.go @@ -206,7 +206,7 @@ type ElasticsearchNode struct { MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty"` } -// +kubebuilder:validation:Enum=ca;transport;http;admin;archiver;metrics-exporter +// +kubebuilder:validation:Enum=ca;transport;http;admin;client;archiver;metrics-exporter type ElasticsearchCertificateAlias string const ( @@ -214,6 +214,7 @@ const ( ElasticsearchTransportCert ElasticsearchCertificateAlias = "transport" ElasticsearchHTTPCert ElasticsearchCertificateAlias = "http" ElasticsearchAdminCert ElasticsearchCertificateAlias = "admin" + ElasticsearchClientCert ElasticsearchCertificateAlias = "client" ElasticsearchArchiverCert ElasticsearchCertificateAlias = "archiver" ElasticsearchMetricsExporterCert ElasticsearchCertificateAlias = "metrics-exporter" ) @@ -221,25 +222,50 @@ const ( type ElasticsearchInternalUser string const ( - ElasticsearchInternalUserElastic ElasticsearchInternalUser = "elastic" - ElasticsearchInternalUserAdmin ElasticsearchInternalUser = "admin" - ElasticsearchInternalUserKibanaserver ElasticsearchInternalUser = "kibanaserver" - ElasticsearchInternalUserKibanaro ElasticsearchInternalUser = "kibanaro" - ElasticsearchInternalUserLogstash ElasticsearchInternalUser = "logstash" - ElasticsearchInternalUserReadall ElasticsearchInternalUser = "readall" - ElasticsearchInternalUserSnapshotrestore ElasticsearchInternalUser = "snapshotrestore" - ElasticsearchInternalUserMetricsExporter ElasticsearchInternalUser = "metrics_exporter" + ElasticsearchInternalUserElastic ElasticsearchInternalUser = "elastic" + ElasticsearchInternalUserAdmin ElasticsearchInternalUser = "admin" + ElasticsearchInternalUserKibanaserver ElasticsearchInternalUser = "kibanaserver" + ElasticsearchInternalUserKibanaSystem ElasticsearchInternalUser = "kibana_system" + ElasticsearchInternalUserLogstashSystem ElasticsearchInternalUser = "logstash_system" + ElasticsearchInternalUserBeatsSystem ElasticsearchInternalUser = "beats_system" + ElasticsearchInternalUserApmSystem ElasticsearchInternalUser = "apm_system" + ElasticsearchInternalUserRemoteMonitoringUser ElasticsearchInternalUser = "remote_monitoring_user" + ElasticsearchInternalUserKibanaro ElasticsearchInternalUser = "kibanaro" + ElasticsearchInternalUserLogstash ElasticsearchInternalUser = "logstash" + ElasticsearchInternalUserReadall ElasticsearchInternalUser = "readall" + ElasticsearchInternalUserSnapshotrestore ElasticsearchInternalUser = "snapshotrestore" + ElasticsearchInternalUserMetricsExporter ElasticsearchInternalUser = "metrics_exporter" ) -// Specifies the security plugin internal user structure. +// ElasticsearchUserSpec specifies the security plugin internal user structure. // Both 'json' and 'yaml' tags are used in structure metadata. // The `json` tags (camel case) are used while taking input from users. // The `yaml` tags (snake case) are used by the operator to generate internal_users.yml file. +// For Elastic-Stack built-in users, there is no yaml files, instead the operator is responsible for +// creating/syncing the users. For the fields that are only used by operator, +// the metadata yaml tag is kept empty ("-") so that they do not interrupt in other distributions YAML generation. type ElasticsearchUserSpec struct { // Specifies the hash of the password. // +optional Hash string `json:"-" yaml:"hash,omitempty"` + // Specifies The full name of the user + // Only applicable for xpack authplugin + FullName string `json:"full_name,omitempty" yaml:"-"` + + // Specifies Arbitrary metadata that you want to associate with the user + // Only applicable for xpack authplugin + Metadata map[string]string `json:"metadata,omitempty" yaml:"-"` + + // Specifies the email of the user. + // Only applicable for xpack authplugin + Email string `json:"email,omitempty" yaml:"-"` + + // A set of roles the user has. The roles determine the user’s access permissions. + // To create a user without any roles, specify an empty list: [] + // Only applicable for xpack authplugin + Roles []string `json:"roles,omitempty" yaml:"-"` + // Specifies the k8s secret name that holds the user credentials. // Default to "--cred". // +optional diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mysql_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mysql_helpers.go index 34c435b5a..e76664888 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mysql_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mysql_helpers.go @@ -238,6 +238,12 @@ func (m *MySQL) IsReadReplica() bool { *m.Spec.Topology.Mode == MySQLModeReadReplica } +func (m *MySQL) IsSemiSync() bool { + return m.Spec.Topology != nil && + m.Spec.Topology.Mode != nil && + *m.Spec.Topology.Mode == MySQLModeSemiSync +} + func (m *MySQL) SetDefaults(topology *core_util.Topology) { if m == nil { return diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mysql_types.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mysql_types.go index 91213c3ca..108bf5321 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mysql_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mysql_types.go @@ -31,13 +31,14 @@ const ( ResourcePluralMySQL = "mysqls" ) -// +kubebuilder:validation:Enum=GroupReplication;InnoDBCluster;ReadReplica +// +kubebuilder:validation:Enum=GroupReplication;InnoDBCluster;ReadReplica;SemiSync type MySQLMode string const ( MySQLModeGroupReplication MySQLMode = "GroupReplication" MySQLModeInnoDBCluster MySQLMode = "InnoDBCluster" MySQLModeReadReplica MySQLMode = "ReadReplica" + MySQLModeSemiSync MySQLMode = "SemiSync" ) // +kubebuilder:validation:Enum=Single-Primary @@ -180,6 +181,29 @@ type MySQLTopology struct { // and it will take reference of appbinding of the source // +optional ReadReplica *MySQLReadReplicaSpec `json:"readReplica,omitempty"` + // +optional + SemiSync *SemiSyncSpec `json:"semiSync,omitempty"` +} + +// +kubebuilder:validation:Enum= Clone;PseudoTransaction + +type ErrantTransactionRecoveryPolicy string + +const ( + ErrantTransactionRecoveryPolicyClone ErrantTransactionRecoveryPolicy = "Clone" + ErrantTransactionRecoveryPolicyPseudoTransaction ErrantTransactionRecoveryPolicy = "PseudoTransaction" +) + +type SemiSyncSpec struct { + // count of slave to wait for before commit + // +kubebuilder:default=1 + //+kubebuilder:validation:Minimum=1 + SourceWaitForReplicaCount int `json:"sourceWaitForReplicaCount,omitempty"` + // +kubebuilder:default="24h" + SourceTimeout metav1.Duration `json:"sourceTimeout,omitempty"` + // recovery method if the slave has any errant transaction + // +kubebuilder:default=PseudoTransaction + ErrantTransactionRecoveryPolicy *ErrantTransactionRecoveryPolicy `json:"errantTransactionRecoveryPolicy"` } type MySQLGroupSpec struct { diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/openapi_generated.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/openapi_generated.go index 675222666..df88cbaa7 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/openapi_generated.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/openapi_generated.go @@ -495,6 +495,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.RedisSpec": schema_apimachinery_apis_kubedb_v1alpha2_RedisSpec(ref), "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.RedisStatus": schema_apimachinery_apis_kubedb_v1alpha2_RedisStatus(ref), "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.ScriptSourceSpec": schema_apimachinery_apis_kubedb_v1alpha2_ScriptSourceSpec(ref), + "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.SemiSyncSpec": schema_apimachinery_apis_kubedb_v1alpha2_SemiSyncSpec(ref), "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.TLSPolicy": schema_apimachinery_apis_kubedb_v1alpha2_TLSPolicy(ref), "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.elasticsearchApp": schema_apimachinery_apis_kubedb_v1alpha2_elasticsearchApp(ref), "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.elasticsearchStatsService": schema_apimachinery_apis_kubedb_v1alpha2_elasticsearchStatsService(ref), @@ -21150,9 +21151,54 @@ func schema_apimachinery_apis_kubedb_v1alpha2_ElasticsearchUserSpec(ref common.R return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Specifies the security plugin internal user structure. Both 'json' and 'yaml' tags are used in structure metadata. The `json` tags (camel case) are used while taking input from users. The `yaml` tags (snake case) are used by the operator to generate internal_users.yml file.", + Description: "ElasticsearchUserSpec specifies the security plugin internal user structure. Both 'json' and 'yaml' tags are used in structure metadata. The `json` tags (camel case) are used while taking input from users. The `yaml` tags (snake case) are used by the operator to generate internal_users.yml file. For Elastic-Stack built-in users, there is no yaml files, instead the operator is responsible for creating/syncing the users. For the fields that are only used by operator, the metadata yaml tag is kept empty (\"-\") so that they do not interrupt in other distributions YAML generation.", Type: []string{"object"}, Properties: map[string]spec.Schema{ + "full_name": { + SchemaProps: spec.SchemaProps{ + Description: "Specifies The full name of the user Only applicable for xpack authplugin", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "Specifies Arbitrary metadata that you want to associate with the user Only applicable for xpack authplugin", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "email": { + SchemaProps: spec.SchemaProps{ + Description: "Specifies the email of the user. Only applicable for xpack authplugin", + Type: []string{"string"}, + Format: "", + }, + }, + "roles": { + SchemaProps: spec.SchemaProps{ + Description: "A set of roles the user has. The roles determine the user’s access permissions. To create a user without any roles, specify an empty list: [] Only applicable for xpack authplugin", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, "secretName": { SchemaProps: spec.SchemaProps{ Description: "Specifies the k8s secret name that holds the user credentials. Default to \"--cred\".", @@ -23079,11 +23125,16 @@ func schema_apimachinery_apis_kubedb_v1alpha2_MySQLTopology(ref common.Reference Ref: ref("kubedb.dev/apimachinery/apis/kubedb/v1alpha2.MySQLReadReplicaSpec"), }, }, + "semiSync": { + SchemaProps: spec.SchemaProps{ + Ref: ref("kubedb.dev/apimachinery/apis/kubedb/v1alpha2.SemiSyncSpec"), + }, + }, }, }, }, Dependencies: []string{ - "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.MySQLGroupSpec", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.MySQLInnoDBClusterSpec", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.MySQLReadReplicaSpec"}, + "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.MySQLGroupSpec", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.MySQLInnoDBClusterSpec", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.MySQLReadReplicaSpec", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.SemiSyncSpec"}, } } @@ -25050,6 +25101,41 @@ func schema_apimachinery_apis_kubedb_v1alpha2_ScriptSourceSpec(ref common.Refere } } +func schema_apimachinery_apis_kubedb_v1alpha2_SemiSyncSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "sourceWaitForReplicaCount": { + SchemaProps: spec.SchemaProps{ + Description: "count of slave to wait for before commit", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "sourceTimeout": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + }, + }, + "errantTransactionRecoveryPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "recovery method if the slave has any errant transaction", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"errantTransactionRecoveryPolicy"}, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + } +} + func schema_apimachinery_apis_kubedb_v1alpha2_TLSPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/proxysql_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/proxysql_helpers.go index 30b14482d..a6f171a75 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/proxysql_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/proxysql_helpers.go @@ -215,3 +215,9 @@ func (m *ProxySQL) GetCertSecretName(alias ProxySQLCertificateAlias) string { func (m *ProxySQL) CertificateName(alias ProxySQLCertificateAlias) string { return meta_util.NameWithSuffix(m.Name, fmt.Sprintf("%s-cert", string(alias))) } + +// IsCluster returns boolean true if the proxysql is in cluster mode, otherwise false +func (m *ProxySQL) IsCluster() bool { + r := m.Spec.Replicas + return *r > 1 +} diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/types.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/types.go index 330f480de..f2e00337c 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/types.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/types.go @@ -36,7 +36,7 @@ type ScriptSourceSpec struct { core.VolumeSource `json:",inline,omitempty"` } -// +kubebuilder:validation:Enum=Provisioning;DataRestoring;Ready;Critical;NotReady;Halted +// +kubebuilder:validation:Enum=Provisioning;DataRestoring;Ready;Critical;NotReady;Halted;Unknown type DatabasePhase string const ( @@ -52,6 +52,8 @@ const ( DatabasePhaseNotReady DatabasePhase = "NotReady" // used for Databases that are halted DatabasePhaseHalted DatabasePhase = "Halted" + // used for Databases for which Phase can't be calculated + DatabasePhaseUnknown DatabasePhase = "Unknown" ) // +kubebuilder:validation:Enum=Durable;Ephemeral diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/zz_generated.deepcopy.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/zz_generated.deepcopy.go index 06427abc5..86d5a55b9 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/zz_generated.deepcopy.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/zz_generated.deepcopy.go @@ -514,6 +514,18 @@ func (in *ElasticsearchStatus) DeepCopy() *ElasticsearchStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ElasticsearchUserSpec) DeepCopyInto(out *ElasticsearchUserSpec) { *out = *in + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Roles != nil { + in, out := &in.Roles, &out.Roles + *out = make([]string, len(*in)) + copy(*out, *in) + } if in.BackendRoles != nil { in, out := &in.BackendRoles, &out.BackendRoles *out = make([]string, len(*in)) @@ -1623,6 +1635,11 @@ func (in *MySQLTopology) DeepCopyInto(out *MySQLTopology) { *out = new(MySQLReadReplicaSpec) **out = **in } + if in.SemiSync != nil { + in, out := &in.SemiSync, &out.SemiSync + *out = new(SemiSyncSpec) + (*in).DeepCopyInto(*out) + } return } @@ -2663,6 +2680,28 @@ func (in *ScriptSourceSpec) DeepCopy() *ScriptSourceSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SemiSyncSpec) DeepCopyInto(out *SemiSyncSpec) { + *out = *in + out.SourceTimeout = in.SourceTimeout + if in.ErrantTransactionRecoveryPolicy != nil { + in, out := &in.ErrantTransactionRecoveryPolicy, &out.ErrantTransactionRecoveryPolicy + *out = new(ErrantTransactionRecoveryPolicy) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SemiSyncSpec. +func (in *SemiSyncSpec) DeepCopy() *SemiSyncSpec { + if in == nil { + return nil + } + out := new(SemiSyncSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TLSPolicy) DeepCopyInto(out *TLSPolicy) { *out = *in diff --git a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mariadbdatabase_helpers.go b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mariadbdatabase_helpers.go index 7c94c012d..8862f7eff 100644 --- a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mariadbdatabase_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mariadbdatabase_helpers.go @@ -17,12 +17,17 @@ limitations under the License. package v1alpha1 import ( + "context" + dbapi "kubedb.dev/apimachinery/apis/kubedb/v1alpha2" "kubedb.dev/apimachinery/crds" + core "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" "kmodules.xyz/client-go/apiextensions" "kmodules.xyz/client-go/meta" + "sigs.k8s.io/controller-runtime/pkg/client" ) const ( @@ -123,3 +128,54 @@ func (in *MariaDBDatabase) GetRepositorySecretMeta() metav1.ObjectMeta { } return meta } + +func (in *MariaDBDatabase) CheckDoubleOptIn(ctx context.Context, client client.Client) (bool, error) { + // Get updated MariaDBDatabase object + var schema MariaDBDatabase + err := client.Get(ctx, types.NamespacedName{ + Namespace: in.GetNamespace(), + Name: in.GetName(), + }, &schema) + if err != nil { + return false, err + } + + // Get the database server + var maria dbapi.MariaDB + err = client.Get(ctx, types.NamespacedName{ + Namespace: schema.Spec.Database.ServerRef.Namespace, + Name: schema.Spec.Database.ServerRef.Name, + }, &maria) + if err != nil { + return false, err + } + + if maria.Spec.AllowedSchemas == nil { + return false, nil + } + + // Get namespace object of the schema + var nsSchema core.Namespace + err = client.Get(ctx, types.NamespacedName{ + Name: schema.GetNamespace(), + }, &nsSchema) + if err != nil { + return false, err + } + + // Get namespace object of the Database server + var nsDB core.Namespace + err = client.Get(ctx, types.NamespacedName{ + Name: schema.Spec.Database.ServerRef.Namespace, + }, &nsDB) + if err != nil { + return false, err + } + + possible, err := CheckIfDoubleOptInPossible(schema.ObjectMeta, nsSchema.ObjectMeta, nsDB.ObjectMeta, maria.Spec.AllowedSchemas) + if err != nil { + return false, err + } + + return possible, nil +} diff --git a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mariadbdatabase_types.go b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mariadbdatabase_types.go index 4ee1987a6..569b75659 100644 --- a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mariadbdatabase_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mariadbdatabase_types.go @@ -79,6 +79,7 @@ type MariaDBDatabaseConfiguration struct { // +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true +// +kubebuilder:resource:path=mariadbdatabases,singular=mariadbdatabase,shortName=mdschema,categories={datastore,kubedb,appscode,all} // +kubebuilder:subresource:status // +kubebuilder:printcolumn:name="DB_SERVER",type="string",JSONPath=".spec.database.serverRef.name" // +kubebuilder:printcolumn:name="DB_NAME",type="string",JSONPath=".spec.database.config.name" diff --git a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mongodbdatabase_helpers.go b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mongodbdatabase_helpers.go index 3d4187830..6454e3186 100644 --- a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mongodbdatabase_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mongodbdatabase_helpers.go @@ -17,10 +17,16 @@ limitations under the License. package v1alpha1 import ( + "context" + + dbapi "kubedb.dev/apimachinery/apis/kubedb/v1alpha2" "kubedb.dev/apimachinery/crds" + core "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" "kmodules.xyz/client-go/apiextensions" "kmodules.xyz/client-go/meta" + "sigs.k8s.io/controller-runtime/pkg/client" ) const ( @@ -85,3 +91,54 @@ func (in *MongoDBDatabase) GetMongoAppBindingName() string { func (in *MongoDBDatabase) GetAuthSecretName(dbServerName string) string { return meta.NameWithSuffix(dbServerName, "auth") } + +func (in *MongoDBDatabase) CheckDoubleOptIn(ctx context.Context, client client.Client) (bool, error) { + // Get updated MongoDBDatabase object + var schema MongoDBDatabase + err := client.Get(ctx, types.NamespacedName{ + Namespace: in.GetNamespace(), + Name: in.GetName(), + }, &schema) + if err != nil { + return false, err + } + + // Get the database server + var mongo dbapi.MongoDB + err = client.Get(ctx, types.NamespacedName{ + Namespace: schema.Spec.Database.ServerRef.Namespace, + Name: schema.Spec.Database.ServerRef.Name, + }, &mongo) + if err != nil { + return false, err + } + + if mongo.Spec.AllowedSchemas == nil { + return false, nil + } + + // Get namespace object of the schema + var nsSchema core.Namespace + err = client.Get(ctx, types.NamespacedName{ + Name: schema.GetNamespace(), + }, &nsSchema) + if err != nil { + return false, err + } + + // Get namespace object of the Database server + var nsDB core.Namespace + err = client.Get(ctx, types.NamespacedName{ + Name: schema.Spec.Database.ServerRef.Namespace, + }, &nsDB) + if err != nil { + return false, err + } + + possible, err := CheckIfDoubleOptInPossible(schema.ObjectMeta, nsSchema.ObjectMeta, nsDB.ObjectMeta, mongo.Spec.AllowedSchemas) + if err != nil { + return false, err + } + + return possible, nil +} diff --git a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mongodbdatabase_types.go b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mongodbdatabase_types.go index 94c4332b7..601f7e76a 100644 --- a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mongodbdatabase_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mongodbdatabase_types.go @@ -66,6 +66,7 @@ type MongoDBDatabaseConfiguration struct { // +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true +// +kubebuilder:resource:path=mongodbdatabases,singular=mongodbdatabase,shortName=mgschema,categories={datastore,kubedb,appscode,all} // +kubebuilder:subresource:status // +kubebuilder:printcolumn:name="DB_SERVER",type="string",JSONPath=".spec.database.serverRef.name" // +kubebuilder:printcolumn:name="DB_NAME",type="string",JSONPath=".spec.database.config.name" diff --git a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mysqldatabase_helper.go b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mysqldatabase_helper.go index e1e802df5..81548087e 100644 --- a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mysqldatabase_helper.go +++ b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mysqldatabase_helper.go @@ -17,11 +17,17 @@ limitations under the License. package v1alpha1 import ( + "context" + + dbapi "kubedb.dev/apimachinery/apis/kubedb/v1alpha2" "kubedb.dev/apimachinery/crds" + core "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" "kmodules.xyz/client-go/apiextensions" "kmodules.xyz/client-go/meta" + "sigs.k8s.io/controller-runtime/pkg/client" ) const ( @@ -122,3 +128,54 @@ func (in *MySQLDatabase) GetRepositorySecretMeta() metav1.ObjectMeta { } return meta } + +func (in *MySQLDatabase) CheckDoubleOptIn(ctx context.Context, client client.Client) (bool, error) { + // Get updated MySQLDatabase object + var schema MySQLDatabase + err := client.Get(ctx, types.NamespacedName{ + Namespace: in.GetNamespace(), + Name: in.GetName(), + }, &schema) + if err != nil { + return false, err + } + + // Get the database server + var mysql dbapi.MySQL + err = client.Get(ctx, types.NamespacedName{ + Namespace: schema.Spec.Database.ServerRef.Namespace, + Name: schema.Spec.Database.ServerRef.Name, + }, &mysql) + if err != nil { + return false, err + } + + if mysql.Spec.AllowedSchemas == nil { + return false, nil + } + + // Get namespace object of the schema + var nsSchema core.Namespace + err = client.Get(ctx, types.NamespacedName{ + Name: schema.GetNamespace(), + }, &nsSchema) + if err != nil { + return false, err + } + + // Get namespace object of the Database server + var nsDB core.Namespace + err = client.Get(ctx, types.NamespacedName{ + Name: schema.Spec.Database.ServerRef.Namespace, + }, &nsDB) + if err != nil { + return false, err + } + + possible, err := CheckIfDoubleOptInPossible(schema.ObjectMeta, nsSchema.ObjectMeta, nsDB.ObjectMeta, mysql.Spec.AllowedSchemas) + if err != nil { + return false, err + } + + return possible, nil +} diff --git a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mysqldatabase_types.go b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mysqldatabase_types.go index 18da07d40..839d077a5 100644 --- a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mysqldatabase_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/mysqldatabase_types.go @@ -83,6 +83,7 @@ type MySQLDatabaseConfiguration struct { // +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true +// +kubebuilder:resource:path=mysqldatabases,singular=mysqldatabase,shortName=myschema,categories={datastore,kubedb,appscode,all} // +kubebuilder:subresource:status // +kubebuilder:printcolumn:name="DB_SERVER",type="string",JSONPath=".spec.database.serverRef.name" // +kubebuilder:printcolumn:name="DB_NAME",type="string",JSONPath=".spec.database.config.name" diff --git a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/postgresdatabase_helpers.go b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/postgresdatabase_helpers.go index 219867adb..6c1e94343 100644 --- a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/postgresdatabase_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/postgresdatabase_helpers.go @@ -17,13 +17,17 @@ limitations under the License. package v1alpha1 import ( + "context" "fmt" kdm "kubedb.dev/apimachinery/apis/kubedb/v1alpha2" "kubedb.dev/apimachinery/crds" + core "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" "kmodules.xyz/client-go/apiextensions" kmeta "kmodules.xyz/client-go/meta" + "sigs.k8s.io/controller-runtime/pkg/client" ) func (_ PostgresDatabase) CustomResourceDefinition() *apiextensions.CustomResourceDefinition { @@ -104,3 +108,54 @@ func GetPostgresSchemaRestoreSessionName(pgSchema *PostgresDatabase) string { func GetPostgresSchemaSecretName(pgSchema *PostgresDatabase) string { return kmeta.NameWithSuffix(pgSchema.Name, kdm.ResourceSingularPostgres+"-secret") } + +func (in *PostgresDatabase) CheckDoubleOptIn(ctx context.Context, client client.Client) (bool, error) { + // Get updated PostgresDatabase object + var schema PostgresDatabase + err := client.Get(ctx, types.NamespacedName{ + Namespace: in.GetNamespace(), + Name: in.GetName(), + }, &schema) + if err != nil { + return false, err + } + + // Get the database server + var pg kdm.Postgres + err = client.Get(ctx, types.NamespacedName{ + Namespace: schema.Spec.Database.ServerRef.Namespace, + Name: schema.Spec.Database.ServerRef.Name, + }, &pg) + if err != nil { + return false, err + } + + if pg.Spec.AllowedSchemas == nil { + return false, nil + } + + // Get namespace object of the schema + var nsSchema core.Namespace + err = client.Get(ctx, types.NamespacedName{ + Name: schema.GetNamespace(), + }, &nsSchema) + if err != nil { + return false, err + } + + // Get namespace object of the Database server + var nsDB core.Namespace + err = client.Get(ctx, types.NamespacedName{ + Name: schema.Spec.Database.ServerRef.Namespace, + }, &nsDB) + if err != nil { + return false, err + } + + possible, err := CheckIfDoubleOptInPossible(schema.ObjectMeta, nsSchema.ObjectMeta, nsDB.ObjectMeta, pg.Spec.AllowedSchemas) + if err != nil { + return false, err + } + + return possible, nil +} diff --git a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/postgresdatabase_types.go b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/postgresdatabase_types.go index 8bf491a5a..c105b96cf 100644 --- a/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/postgresdatabase_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/schema/v1alpha1/postgresdatabase_types.go @@ -72,6 +72,7 @@ type Param struct { // +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true +// +kubebuilder:resource:path=postgresdatabases,singular=postgresdatabase,shortName=pgschema,categories={datastore,kubedb,appscode,all} // +kubebuilder:subresource:status // +kubebuilder:printcolumn:name="DB_SERVER",type="string",JSONPath=".spec.database.serverRef.name" // +kubebuilder:printcolumn:name="DB_NAME",type="string",JSONPath=".spec.database.config.name" diff --git a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_elasticsearches.yaml b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_elasticsearches.yaml index 31acfb16b..3a090bb13 100644 --- a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_elasticsearches.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_elasticsearches.yaml @@ -769,14 +769,26 @@ spec: type: array description: type: string + email: + type: string + full_name: + type: string hidden: type: boolean + metadata: + additionalProperties: + type: string + type: object opendistroSecurityRoles: items: type: string type: array reserved: type: boolean + roles: + items: + type: string + type: array searchGuardRoles: items: type: string @@ -3914,6 +3926,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_etcds.yaml b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_etcds.yaml index ae20821d6..cb067d824 100644 --- a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_etcds.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_etcds.yaml @@ -2605,6 +2605,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_mariadbs.yaml b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_mariadbs.yaml index 6b132aee4..e95f2e395 100644 --- a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_mariadbs.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_mariadbs.yaml @@ -2844,6 +2844,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_memcacheds.yaml b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_memcacheds.yaml index d26c2d41f..348e5c0f3 100644 --- a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_memcacheds.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_memcacheds.yaml @@ -2611,6 +2611,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_mongodbs.yaml b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_mongodbs.yaml index 5531c2a8f..c66865e8c 100644 --- a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_mongodbs.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_mongodbs.yaml @@ -9058,6 +9058,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_mysqls.yaml b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_mysqls.yaml index bf3b0f4de..bad64af75 100644 --- a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_mysqls.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_mysqls.yaml @@ -4387,6 +4387,7 @@ spec: - GroupReplication - InnoDBCluster - ReadReplica + - SemiSync type: string readReplica: properties: @@ -4410,6 +4411,24 @@ spec: required: - sourceRef type: object + semiSync: + properties: + errantTransactionRecoveryPolicy: + default: PseudoTransaction + enum: + - Clone + - PseudoTransaction + type: string + sourceTimeout: + default: 24h + type: string + sourceWaitForReplicaCount: + default: 1 + minimum: 1 + type: integer + required: + - errantTransactionRecoveryPolicy + type: object type: object useAddressType: default: DNS @@ -4462,6 +4481,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_perconaxtradbs.yaml b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_perconaxtradbs.yaml index 1a406b8a5..69140a92f 100644 --- a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_perconaxtradbs.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_perconaxtradbs.yaml @@ -2697,6 +2697,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_pgbouncers.yaml b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_pgbouncers.yaml index 4c6fcc9f4..401d876dd 100644 --- a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_pgbouncers.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_pgbouncers.yaml @@ -2021,6 +2021,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_postgreses.yaml b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_postgreses.yaml index f84e91d04..9d5858ecd 100644 --- a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_postgreses.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_postgreses.yaml @@ -2896,6 +2896,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_proxysqls.yaml b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_proxysqls.yaml index 896c063d0..ae83e7bcf 100644 --- a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_proxysqls.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_proxysqls.yaml @@ -2030,6 +2030,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_redises.yaml b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_redises.yaml index 60d326d0f..cd6854825 100644 --- a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_redises.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_redises.yaml @@ -2866,6 +2866,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_redissentinels.yaml b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_redissentinels.yaml index 937231043..c57e5afb8 100644 --- a/vendor/kubedb.dev/apimachinery/crds/kubedb.com_redissentinels.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/kubedb.com_redissentinels.yaml @@ -2001,6 +2001,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_mariadbdatabases.yaml b/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_mariadbdatabases.yaml index e181da62c..0debffe5a 100644 --- a/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_mariadbdatabases.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_mariadbdatabases.yaml @@ -8,9 +8,16 @@ metadata: spec: group: schema.kubedb.com names: + categories: + - datastore + - kubedb + - appscode + - all kind: MariaDBDatabase listKind: MariaDBDatabaseList plural: mariadbdatabases + shortNames: + - mdschema singular: mariadbdatabase scope: Namespaced versions: diff --git a/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_mongodbdatabases.yaml b/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_mongodbdatabases.yaml index 9c91558f7..3b6bdf72d 100644 --- a/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_mongodbdatabases.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_mongodbdatabases.yaml @@ -8,9 +8,16 @@ metadata: spec: group: schema.kubedb.com names: + categories: + - datastore + - kubedb + - appscode + - all kind: MongoDBDatabase listKind: MongoDBDatabaseList plural: mongodbdatabases + shortNames: + - mgschema singular: mongodbdatabase scope: Namespaced versions: diff --git a/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_mysqldatabases.yaml b/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_mysqldatabases.yaml index 401d28135..9fcc48641 100644 --- a/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_mysqldatabases.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_mysqldatabases.yaml @@ -8,9 +8,16 @@ metadata: spec: group: schema.kubedb.com names: + categories: + - datastore + - kubedb + - appscode + - all kind: MySQLDatabase listKind: MySQLDatabaseList plural: mysqldatabases + shortNames: + - myschema singular: mysqldatabase scope: Namespaced versions: diff --git a/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_postgresdatabases.yaml b/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_postgresdatabases.yaml index 56d160b40..632e3ec06 100644 --- a/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_postgresdatabases.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/schema.kubedb.com_postgresdatabases.yaml @@ -8,9 +8,16 @@ metadata: spec: group: schema.kubedb.com names: + categories: + - datastore + - kubedb + - appscode + - all kind: PostgresDatabase listKind: PostgresDatabaseList plural: postgresdatabases + shortNames: + - pgschema singular: postgresdatabase scope: Namespaced versions: diff --git a/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_elasticsearchinsights.yaml b/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_elasticsearchinsights.yaml index 78e92336f..3db6163a3 100644 --- a/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_elasticsearchinsights.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_elasticsearchinsights.yaml @@ -115,6 +115,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_mariadbinsights.yaml b/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_mariadbinsights.yaml index 1880c4a64..a4c31d39a 100644 --- a/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_mariadbinsights.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_mariadbinsights.yaml @@ -108,6 +108,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_mongodbinsights.yaml b/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_mongodbinsights.yaml index a463838ee..ad6604a59 100644 --- a/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_mongodbinsights.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_mongodbinsights.yaml @@ -86,6 +86,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: enum: @@ -138,6 +139,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_mysqlinsights.yaml b/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_mysqlinsights.yaml index 843257835..554111713 100644 --- a/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_mysqlinsights.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_mysqlinsights.yaml @@ -108,6 +108,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_postgresinsights.yaml b/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_postgresinsights.yaml index 540ca0f6b..0c48c0e80 100644 --- a/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_postgresinsights.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_postgresinsights.yaml @@ -116,6 +116,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_redisinsights.yaml b/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_redisinsights.yaml index 9bdffac3c..27fb158e3 100644 --- a/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_redisinsights.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/ui.kubedb.com_redisinsights.yaml @@ -108,6 +108,7 @@ spec: - Critical - NotReady - Halted + - Unknown type: string type: object type: object diff --git a/vendor/kubedb.dev/apimachinery/pkg/validator/validate.go b/vendor/kubedb.dev/apimachinery/pkg/validator/validate.go index 8a47a4092..7a15031f7 100644 --- a/vendor/kubedb.dev/apimachinery/pkg/validator/validate.go +++ b/vendor/kubedb.dev/apimachinery/pkg/validator/validate.go @@ -97,3 +97,13 @@ func ValidateEnvVar(envs []core.EnvVar, forbiddenEnvs []string, resourceType str } return nil } + +func ValidateInternalUsers(users map[string]api.ElasticsearchUserSpec, allowedInternalUsers []string, resourceType string) error { + for user := range users { + present, _ := arrays.Contains(allowedInternalUsers, user) + if !present { + return fmt.Errorf("Internal user %s is forbidden to use in %s spec", user, resourceType) + } + } + return nil +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 4f5c96ec7..62c1bcaba 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -717,7 +717,7 @@ k8s.io/utils/exec k8s.io/utils/integer k8s.io/utils/pointer k8s.io/utils/trace -# kmodules.xyz/client-go v0.0.0-20220427165208-36281a681909 +# kmodules.xyz/client-go v0.0.0-20220512223652-dc247aa7f6df ## explicit; go 1.17 kmodules.xyz/client-go kmodules.xyz/client-go/api/v1 @@ -745,7 +745,7 @@ kmodules.xyz/custom-resources/client/clientset/versioned/typed/appcatalog/v1alph kmodules.xyz/custom-resources/client/clientset/versioned/typed/auditor/v1alpha1 kmodules.xyz/custom-resources/client/clientset/versioned/typed/metrics/v1alpha1 kmodules.xyz/custom-resources/crds -# kmodules.xyz/monitoring-agent-api v0.0.0-20220319222118-0290ed5b75e1 +# kmodules.xyz/monitoring-agent-api v0.0.0-20220519191512-5a48a0a1d3f8 ## explicit; go 1.17 kmodules.xyz/monitoring-agent-api/api/v1 kmodules.xyz/monitoring-agent-api/api/v1alpha1 @@ -758,7 +758,7 @@ kmodules.xyz/offshoot-api/api/v1 # kmodules.xyz/prober v0.0.0-20220317043828-5ae0114adcad ## explicit; go 1.15 kmodules.xyz/prober/api/v1 -# kubedb.dev/apimachinery v0.26.1-0.20220508053725-74c4fc13ef02 +# kubedb.dev/apimachinery v0.26.1-0.20220519193141-3634eb14c9ac ## explicit; go 1.17 kubedb.dev/apimachinery/apis kubedb.dev/apimachinery/apis/autoscaling @@ -916,7 +916,7 @@ sigs.k8s.io/structured-merge-diff/v4/value # sigs.k8s.io/yaml v1.3.0 ## explicit; go 1.12 sigs.k8s.io/yaml -# stash.appscode.dev/apimachinery v0.20.0 +# stash.appscode.dev/apimachinery v0.20.1 ## explicit; go 1.17 stash.appscode.dev/apimachinery/apis stash.appscode.dev/apimachinery/apis/repositories