Remove port from endpoint (if added) #154
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Set sql_log_bin = 0 before execs in user reconciler Signed-off-by: Alejandro Recalde <[email protected]> * Set sql_log_bin = 0 before execs in user reconciler Signed-off-by: Alejandro Recalde <[email protected]> * Set sql_log_bin = 0 before execs in grant reconciler Signed-off-by: Alejandro Recalde <[email protected]> * Refactor error handling in create, update and delete grant reconciliation methods Signed-off-by: Alejandro Recalde <[email protected]> * Fix const `errSetSqlLogBin` should be `errSetSQLLogBin` (golint) Signed-off-by: Alejandro Recalde <[email protected]> * Update grant tests Signed-off-by: Alejandro Recalde <[email protected]> * Update user controller tests and reduce cyclotomic complexity Signed-off-by: Alejandro Recalde <[email protected]> * Update user controller update test Signed-off-by: Alejandro Recalde <[email protected]> * Add BinLog field to Database, Grant and User specs Signed-off-by: Alejandro Recalde <[email protected]> * Only set sql_log_bin to 0 if binlog spec field is false Signed-off-by: Alejandro Recalde <[email protected]> * Fix BinLog spec field comment Signed-off-by: Alejandro Recalde <[email protected]> * Update mysql Database resource sample to include forProvider field Signed-off-by: Alejandro Recalde <[email protected]> * Rename replicate crd field to binlog (Database, Grant and User specs) Signed-off-by: Alejandro Recalde <[email protected]> * Remove AuthPlugin and UsePassword fields from user type Signed-off-by: Alejandro Recalde <[email protected]> * Create an xsql.DB.Exec() wrapper in pkg/clients/mysql that allows disabling binlogs before the query and flushing privileges after the query Signed-off-by: Alejandro Recalde <[email protected]> --------- Signed-off-by: Alejandro Recalde <[email protected]> Signed-off-by: Timotej Avsec <[email protected]>
) * postgres: Expand grant privileges where required Inside postgresql, some privileges are altered[0] when issuing a `GRANT` - for example `ALL` is expanded to `CREATE, TEMPORARY, CONNECT`. When we observe the grant, we query privileges on the database to see if the ones in the grant exist. Given that they are expanded, we can't simply query for what the user gave us. Expand the privileges which need expanding before we make the query. Closes: crossplane-contrib#92 [0]: https://www.postgresql.org/docs/15/ddl-priv.html Signed-off-by: Iain Lane <[email protected]> * Sort the grants privileges before comparing them When we use them in the observation the order doesn't matter, but in the test we are generating a diff where it does, so compare them in the test. Signed-off-by: Iain Lane <[email protected]> --------- Signed-off-by: Iain Lane <[email protected]> Signed-off-by: Iain Lane <[email protected]> Signed-off-by: Timotej Avsec <[email protected]>
… (crossplane-contrib#148) * Support mysql grant option by updating grantRegex and parseGrants function Signed-off-by: Alejandro Recalde <[email protected]> Signed-off-by: Duologic <[email protected]> * When GRANT OPTION is present append WITH GRANT OPTION to query Signed-off-by: Alejandro Recalde <[email protected]> Signed-off-by: Duologic <[email protected]> * fix: tests Signed-off-by: Duologic <[email protected]> --------- Signed-off-by: Alejandro Recalde <[email protected]> Signed-off-by: Duologic <[email protected]> Co-authored-by: Alejandro Recalde <[email protected]> Co-authored-by: Duologic <[email protected]> Signed-off-by: Timotej Avsec <[email protected]>
Signed-off-by: Timotej Avsec <[email protected]>
* fix: correctly set GRANT OPTION privilege Signed-off-by: Duologic <[email protected]> * chore: introduce createRevokeQuery function Signed-off-by: Javier Palomo <[email protected]> * fix: use createRevokeQuery in Delete Signed-off-by: Javier Palomo <[email protected]> * fix: dont split user and host Signed-off-by: Javier Palomo <[email protected]> * fix: unnecessary type conversion in getPrivilegesString Signed-off-by: Javier Palomo <[email protected]> * fix(createRevokeQuery): use right MySQL syntax Signed-off-by: Javier Palomo <[email protected]> --------- Signed-off-by: Duologic <[email protected]> Signed-off-by: Javier Palomo <[email protected]> Co-authored-by: Duologic <[email protected]> Signed-off-by: Timotej Avsec <[email protected]>
|
In our composition for RDS we have this: The address key was added in crossplane-contrib/provider-upjet-aws#530 |
|
Hey @Duologic , I'm not entirely sure if I am doing something wrong, but I don't think this is working as it should. This is my RDS manifest: apiVersion: rds.aws.upbound.io/v1beta1
kind: Instance
metadata:
annotations:
name: my-database
spec:
forProvider:
allocatedStorage: 20
autoMinorVersionUpgrade: true
engine: mysql
engineVersion: "8.0"
instanceClass: db.t3.micro
name: my-database
publiclyAccessible: true
region: eu-central-1
skipFinalSnapshot: true
storageEncrypted: false
storageType: gp2
username: admin
passwordSecretRef:
key: password
name: rds-initial-password
namespace: default
providerConfigRef:
name: default
writeConnectionSecretToRef:
name: very-secure-credentials-for-rds
namespace: defaultThe secret But when I create ---
apiVersion: mysql.sql.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
name: sql-config
spec:
credentials:
source: MySQLConnectionSecret
connectionSecretRef:
namespace: default
name: very-secure-credentials-for-rdsand create DB resource apiVersion: mysql.sql.crossplane.io/v1alpha1
kind: Database
metadata:
labels:
type: database
name: my-table
spec:
deletionPolicy: Orphan
providerConfigRef:
name: sql-config
forProvider: {}I get the following error when describing the database resource: Maybe, in this case, this should be moved to issues? |
|
We make use of compositions rather then directly dealing with managed resources, for example they can create/convert secrets to another format. |
|
I have an issue regarding the fact that the status:
atProvider: {}
conditions:
- lastTransitionTime: "2023-11-28T08:29:14Z"
message: 'observe failed: cannot select role: dial tcp: lookup xplane-harbor-5jxnh-9rb9t.cymnaynfchjt.eu-west-3.rds.amazonaws.com:5432:5432:
...I tried to define them here as you mentioned @Duologic . However these changes are applied to the secret being generated by the composition: kubectl get secrets -n crossplane-system 23172561-479b-4a39-a0f0-609562b8f2e3 -o yaml
apiVersion: v1
data:
endpoint: xxx
password: xx
username: xx
...In my case I want to have a predictable secret name in order to use it with this provider. kubectl get secrets -n harbor xplane-harbor-rds -o yaml
apiVersion: v1
data:
address: xxx
attribute.password: UmRzI2F6ZXJ0eTQy
endpoint: xx (contains host:5432)
host: xx
password: xxx
port: xx
username: xxCould you please give me a hand? should I open an issue? Why is the |
|
What is blocking fixing this? I am currently evaluating crossplane for an organisation, and ran into this issue when following tutorials from @vfarcic using AWS RDS: status:
conditions:
- lastTransitionTime: "2024-11-08T14:17:03Z"
message: 'observe failed: cannot select database: dial tcp: lookup <snip>.eu-north-1.rds.amazonaws.com:5432:5432:
no such host'
reason: ReconcileError
status: "False"
type: SyncedAs described above, I guess this looks up the address: <snip>.eu-north-1.rds.amazonaws.com
attribute.password: postgres
endpoint: <snip>.eu-north-1.rds.amazonaws.com:5432
host: <snip>.eu-north-1.rds.amazonaws.com
password: postgres
port: "5432"
username: masteruser |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of your changes
Today I tried using
provider-sqlwith AWS RDS provider, but RDS provider outputs the endpoint secret with port included (localhost:3306for example, instead of justlocalhost, as provider-sql expects). Therefore, crossplane can't access the database, as the formatted DSN, in this case, would belocalhost:3306:3306.This PR will remove the port from the endpoint string, if it exists.
I have:
make reviewableto ensure this PR is ready for review.How has this code been tested
I ran the tests, and tried creating new Database on the RDS instance (with MySQL engine).