Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Epic Link:
Password generation and rotation
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Dev Approval:
?
Docs Approval:
?
Feature Link:
OSPRH-811 - Red Hat OpenStack 18.0 Greenfield Deployment
PM Approval:
?
QE Approval:
?
Intelligence Requested:
Market:

Sprint:
PIDONE Board

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Right now, downstream controllers such as that of nova, glance, neutron, keystone have fields for databaseUser and Secret, which is passed along to create a MariaDBDatabase instance with that username and password; the username right now must match the configured database name used by that controller as these cannot be separate.

The goal is to replace databaseUser with databaseAccount in each CRD, and use new API functions in mariadb-operator to ensure that a MariaDBAccount + Secret exists at controller init time, and to consume the new username/pw from that API. These changes will allow operators to correctly consume MariaDBAccounts which will later be created by openstack-operator ahead of time. This change delivers rotateable username+password functionality to each operator, where changing databaseAccount to a new name will generate and deploy for a new username/pw in mariadb for that instance.

The initial proof of concept is in glance at https://github.com/openstack-k8s-operators/glance-operator/pull/426

depends on

OSPRH-4092 Implement account creation / mutation within the MariaDB operator

Closed

is depended on by

OSPRH-4113 implement interim MariaDB password generation with dynamic username generation in mariadb-operator

Closed

links to

openstack-k8s-operators/barbican-operator#107: migrate from databaseUsername to databaseAccount and fully use MariaDBAccount

openstack-k8s-operators/cinder-operator#348: migrate from databaseUsername to databaseAccount and fully use MariaDBAccount

openstack-k8s-operators/designate-operator#156: migrate from databaseUsername to databaseAccount and fully use MariaDBAccount

openstack-k8s-operators/glance-operator#426: migrate from databaseUsername to databaseAccount and fully use MariaDBAccount

openstack-k8s-operators/heat-operator#322: migrate from databaseUsername to databaseAccount and fully use MariaDBAccount

openstack-k8s-operators/ironic-operator#398: add DatabaseAccount and migrate to MariaDBAccount

openstack-k8s-operators/keystone-operator#371: migrate from databaseUsername to databaseAccount and fully use MariaDBAccount

openstack-k8s-operators/manila-operator#246: migrate from databaseUsername to databaseAccount and fully use MariaDBAccount

openstack-k8s-operators/neutron-operator#300: migrate from databaseUsername to databaseAccount and fully use MariaDBAccount

openstack-k8s-operators/nova-operator#681: migrate from databaseUsername to databaseAccount and fully use MariaDBAccount

openstack-k8s-operators/placement-operator#167: migrate from databaseUsername to databaseAccount

openstack-k8s-operators/telemetry-operator#333: migrate from databaseUsername to databaseAccount and fully use MariaDBAccount

mentioned on

Merge request - Updated US source to: 0ac0e42 Merge pull request #248 from openstack-k8s-operators/renovate/ginkgo

Merge request - Updated US source to: 033a606 Merge pull request #391 from gibizer/regenerate-go-mod2

Merge request - Updated US source to: 90a97e1 migrate from databaseUsername to databaseAccount

Merge request - Updated US source to: c2e2433 Merge pull request #355 from stuggi/pod_management_policy

Merge request - Updated US source to: d5b7c8a Merge pull request #300 from zzzeek/integrate_oo_accounts

(9 links to, 5 mentioned on)

1.	convert barbican-operator to use MariaDBAccount name in its CRD rather than databaseUser / Secret	Closed	Michael Bayer (Inactive)
2.	implement MariaDBAccount creation in openstack-operator for all sub-operators for which it is curating database connectivity	Closed	Michael Bayer (Inactive)
3.	convert cinder-operator to use MariaDBAccount name in its CRD rather than databaseUser / Secret	Closed	Michael Bayer (Inactive)
4.	convert designate-operator to use MariaDBAccount name in its CRD rather than databaseUser / Secret	Closed	Michael Bayer (Inactive)
5.	convert glance-operator to use MariaDBAccount name in its CRD rather than databaseUser / Secret	Closed	Michael Bayer (Inactive)
6.	convert heat-operator to use MariaDBAccount name in its CRD rather than databaseUser / Secret	Closed	Michael Bayer (Inactive)
7.	convert ironic-operator to use MariaDBAccount name in its CRD rather than databaseUser / Secret	Closed	Michael Bayer (Inactive)
8.	convert keystone-operator to use MariaDBAccount name in its CRD rather than databaseUser / Secret	Closed	Michael Bayer (Inactive)
9.	convert manila-operator to use MariaDBAccount name in its CRD rather than databaseUser / Secret	Closed	Michael Bayer (Inactive)
10.	convert neutron-operator to use MariaDBAccount name in its CRD rather than databaseUser / Secret	Closed	Michael Bayer (Inactive)
11.	convert nova-operator to use MariaDBAccount name in its CRD rather than databaseUser / Secret	Closed	Michael Bayer (Inactive)
12.	convert octavia-operator to use MariaDBAccount name in its CRD rather than databaseUser / Secret	Closed	Tom Weininger
13.	convert placement-operator to use MariaDBAccount name in its CRD rather than databaseUser / Secret	Closed	Michael Bayer (Inactive)
14.	convert telemetry-operator to use MariaDBAccount name in its CRD rather than databaseUser / Secret	Closed	Michael Bayer (Inactive)

Assignee:: Unassigned

Reporter:: Michael Bayer (Inactive)

Team:: rhos-dfg-pidone

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/01/25 2:39 PM

Updated:: 2024/03/14 1:03 PM

Resolved:: 2024/03/14 1:03 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Sub-Tasks

Activity

People

Dates

PagerDuty