[POLICY] Fix DB related issues

- fix MariaDB configuration in PolicyAPI
- fix Postgres/MariaDB selection handling
- fix Secret definitions for DBs
- fix Postgres init script to be compliant to PG version 15+
- smaller linter fixes

Issue-ID: POLICY-5166

Change-Id: I7d95d50133eb1e9e1d91991d9fea05331442dea0
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>

diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml
index b3f5d4a..2bf703c 100755 (executable)
--- a/kubernetes/policy/Chart.yaml
+++ b/kubernetes/policy/Chart.yaml
@@ -19,7 +19,7 @@
 apiVersion: v2
 description: ONAP Policy
 name: policy
-version: 15.0.0
+version: 15.0.1
 
 dependencies:
   - name: common
@@ -28,7 +28,7 @@ dependencies:
   - name: mariadb-galera
     version: ~13.x-0
     repository: '@local'
-    condition: global.mariadbGalera.useInPolicy,global.mariadbGalera.localCluster
+    condition: global.mariadbGalera.localCluster
   - name: policy-nexus
     version: ~15.x-0
     repository: 'file://components/policy-nexus'
@@ -93,4 +93,4 @@ dependencies:
   - name: postgres
     version: ~13.x-0
     repository: '@local'
-    condition: global.postgres.useInPolicy,global.postgres.localCluster
+    condition: global.postgres.localCluster

diff --git a/kubernetes/policy/components/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml
index 4194d3c..6c3351a 100755 (executable)
--- a/kubernetes/policy/components/policy-api/Chart.yaml
+++ b/kubernetes/policy/components/policy-api/Chart.yaml
@@ -22,7 +22,7 @@
 apiVersion: v2
 description: ONAP Policy Design API
 name: policy-api
-version: 15.0.0
+version: 15.0.1
 
 dependencies:
   - name: common

diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
index c39a27b..3e357a6 100644 (file)
--- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
+++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
@@ -40,9 +40,6 @@ spring:
     hikari:
       maximumPoolSize: 20
   jpa:
-    properties:
-      hibernate:
-        dialect: org.hibernate.dialect.MariaDB103Dialect
     hibernate:
       ddl-auto: none
       naming:
@@ -64,10 +61,6 @@ spring:
       naming:
         physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
         implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
-    properties:
-      hibernate:
-        dialect: org.hibernate.dialect.PostgreSQLDialect
-        format_sql: true
 {{ end }}
 
 policy-api:

diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
index dc7f788..6f0a1bd 100644 (file)
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
@@ -141,4 +141,4 @@ SDNC_CONTEXT_URI=restconf/operations/
 # CDS
 
 CDS_GRPC_HOST={{.Values.cds.grpc.svcName}}
-CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}}
\ No newline at end of file
+CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}}

diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
index 3df3578..478cf84 100644 (file)
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
@@ -77,4 +77,4 @@ jakarta.persistence.jdbc.driver=org.postgresql.Driver
 jakarta.persistence.jdbc.url=jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/operationhistory
 {{ end }}
 jakarta.persistence.jdbc.user=${SQL_USER}
-jakarta.persistence.jdbc.password=${SQL_PASSWORD}
\ No newline at end of file
+jakarta.persistence.jdbc.password=${SQL_PASSWORD}

diff --git a/kubernetes/policy/resources/config/db-pg.sh b/kubernetes/policy/resources/config/db-pg.sh
index 913ccc7..a7fc088 100644 (file)
--- a/kubernetes/policy/resources/config/db-pg.sh
+++ b/kubernetes/policy/resources/config/db-pg.sh
@@ -20,10 +20,15 @@
 
 export PGPASSWORD=${PG_ADMIN_PASSWORD};
 
+echo "Create user ${PG_USER} is created in Host ${PG_HOST}"
 psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER \"${PG_USER}\" WITH PASSWORD '${PG_USER_PASSWORD}'"
 
 for db in migration pooling policyadmin policyclamp operationshistory clampacm
 do
+    echo "Create DB ${db}"
     psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE DATABASE ${db};"
+    echo "Grant privileges to DB ${db} for user ${PG_USER}"
     psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO \"${PG_USER}\";"
-done
\ No newline at end of file
+    echo "Grant privileges to SCHEMA public for user ${PG_USER}"
+    psql -h ${PG_HOST} -p ${PG_PORT} -d ${db} -U postgres --command "GRANT ALL ON SCHEMA public TO \"${PG_USER}\";"
+done

diff --git a/kubernetes/policy/resources/config/db_migrator_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_policy_init.sh
index a1d8fd8..32ccbf1 100644 (file)
--- a/kubernetes/policy/resources/config/db_migrator_policy_init.sh
+++ b/kubernetes/policy/resources/config/db_migrator_policy_init.sh
@@ -31,4 +31,4 @@ for schema in ${SQL_DB}; do
     fi
 done
 
-exit $rc
\ No newline at end of file
+exit $rc

diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index 3886a85..ad5b8fb 100755 (executable)
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -402,4 +402,4 @@ spec:
             items:
               - key: db_migrator_pg_policy_init.sh
                 path: db_migrator_pg_policy_init.sh
-{{ end }}
\ No newline at end of file
+{{ end }}

diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 356e5f3..6cd26dd 100644 (file)
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -20,12 +20,13 @@
 #################################################################
 global:
   mariadbGalera:
+    useInPolicy: true
+    localCluster: true
     # flag to enable the DB creation via mariadb-operator
     useOperator: false
     # if useOperator set to "true", set "enableServiceAccount to "false"
     # as the SA is created by the Operator
     enableServiceAccount: false
-    localCluster: true
     # '&mariadbConfig' means we "store" the values for  later use in the file
     # with '*mariadbConfig' pointer.
     config: &mariadbConfig
@@ -35,17 +36,21 @@ global:
     nameOverride: *mariadbService
     # (optional) if localCluster=false and an external secret is used set this variable
     #userRootSecret: <secretName>
-    useInPolicy: false
   prometheusEnabled: false
   postgres:
-    localCluster: true
+    useInPolicy: false
+    localCluster: false
+    # flag to enable the DB creation via pgo-operator
+    useOperator: false
     service:
       name: pgset
       name2: tcp-pgset-primary
       name3: tcp-pgset-replica
     container:
       name: postgres
-    useInPolicy: true
+    nameOverride: "policy-postgres"
+    # (optional) if localCluster=false and an external secret is used set this variable
+    #userRootSecret: <secretName>
   kafkaBootstrap: strimzi-kafka-bootstrap:9092
   policyKafkaUser: policy-kafka-user
   useStrimziKafka: true
@@ -61,27 +66,57 @@ secrets:
   - uid: db-root-password
     name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
     type: password
-    externalSecret: '{{ or .Values.global.postgres.useInPolicy .Values.global.mariadbGalera.useInPolicy | ternary (
-               ( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
-               ternary
-                  ""
-                  (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
-               )
-               ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
-                 ternary
+    externalSecret: '{{ .Values.global.mariadbGalera.useInPolicy | ternary
+               ( .Values.global.mariadbGalera.localCluster | ternary
+                 ( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret") | ternary
+                   ""
+                   (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
+                 )
+                 ( not (empty (default "" .Values.global.mariadbGalera.userRootSecret)) | ternary
                    .Values.global.mariadbGalera.userRootSecret
                    (include "common.mariadb.secret.rootPassSecretName"
                      (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
                    )
+                 )
+               )
+               ( .Values.global.postgres.localCluster | ternary
+                 ( hasSuffix "policy-db-root-password" (index .Values "postgres" "config" "pgRootPasswordExternalSecret") | ternary
+                   ""
+                   (tpl (default "" (index .Values "postgres" "config" "pgRootPasswordExternalSecret")) .)
+                 )
+                 ( not (empty (default "" .Values.global.postgres.userRootSecret)) | ternary
+                   .Values.global.postgres.userRootSecret
+                   (include "common.postgres.secret.rootPassSecretName"
+                     (dict "dot" . "chartName" .Values.global.postgres.nameOverride)
+                   )
+                 )
                ) }}'
-    password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
+    password: '{{ .Values.global.mariadbGalera.useInPolicy | ternary
+                  (index .Values "mariadb-galera" "rootUser" "password")
+                  (index .Values "postgres" "config" "pgRootPassword")
+               }}'
     policy: generate
   - uid: db-secret
     name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
     type: basicAuth
-    externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
-    login: '{{ index .Values "mariadb-galera" "db" "user" }}'
-    password: '{{ index .Values "mariadb-galera" "db" "password" }}'
+    externalSecret: '{{ .Values.global.mariadbGalera.useInPolicy | ternary
+                        ( hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret") | ternary
+                          ""
+                          (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .)
+                        )
+                        ( hasSuffix "policy-db-secret" (index .Values "postgres" "config" "pgUserExternalSecret") | ternary
+                          ""
+                          (tpl (default "" (index .Values "postgres" "config" "pgUserExternalSecret")) .)
+                        )
+                     }}'
+    login: '{{ .Values.global.mariadbGalera.useInPolicy | ternary
+               (index .Values "mariadb-galera" "db" "user")
+               (index .Values "postgres" "config" "pgUserName")
+            }}'
+    password: '{{ .Values.global.mariadbGalera.useInPolicy | ternary
+                  (index .Values "mariadb-galera" "db" "password")
+                  (index .Values "postgres" "config" "pgUserPassword")
+               }}'
     passwordPolicy: generate
   - uid: policy-app-user-creds
     name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
@@ -247,6 +282,7 @@ mariadb-galera:
   persistence:
     enabled: true
     mountSubPath: policy/maria/data
+    size: 3Gi
   serviceAccount:
     nameOverride: *mariadbService
 
@@ -265,6 +301,7 @@ postgres:
   persistence:
     mountSubPath: policy/postgres/data
     mountInitPath: policy
+    size: 3Gi
   config:
     pgUserName: policy-user
     pgDatabase: policyadmin