add MariaDBAccount finalizer to Secret (and remove on delete) (PR 3 of 6) #344
+178
−46
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zzzeek
changed the title
zzzeek
force-pushed
the
OSPRH-14916-pr3
branch
2 times, most recently
from
193486c to
76514e6
Compare
zzzeek
force-pushed
the
OSPRH-14916-pr3
branch
2 times, most recently
from
2c15104 to
6633878
Compare
zzzeek
force-pushed
the
OSPRH-14916-pr3
branch
2 times, most recently
from
002d4b0 to
7a7e73c
Compare
Contributor
Author
|
/recheck |
Contributor
Author
|
/retest |
zzzeek
force-pushed
the
OSPRH-14916-pr3
branch
from
7a7e73c to
23e764e
Compare
zzzeek
force-pushed
the
OSPRH-14916-pr3
branch
2 times, most recently
from
59f8e74 to
edb9263
Compare
dciabrin
reviewed
Nov 5, 2025
dciabrin
reviewed
Nov 5, 2025
in mariadbdatabase_funcs, the EnsureMariaDBAccount function called by external controllers adds a finalizer for that calling controller to the Secret referenced by the MariaDBAccount. This seems a little off, since the Secret is most immediately needed by the MariaDBAccount CR itself, and the controller refers to that MariaDBAccount CR also. It seems more appropriate that MariaDBAccount itself should maintain its own finalizer on that Secret, so this logic is added there. The change here causes the API function EnsureMariaDBAccount to add a finalizer to the secret that is local to the mariadbaccount, rather than the helper passed for the calling controller. Existing "remove finalizer" calls which look for the calling controller's finalizer tag in the secret are maintained however to assist with backwards compatibility. This comes up now because we are seeking to add a new class of system-level MariaDBAccount that is used only by the Galera controller itself, but also that these accounts (really all accounts, but mainly the system ones) will support in-place password changes by updating the name of the Secret to be used, implying the old one is no longer needed once the change takes place; it therefore is most appropriate that MariaDBAccount maintain its own finalizers on these secrets.
zzzeek
force-pushed
the
OSPRH-14916-pr3
branch
from
edb9263 to
af80f46
Compare
Contributor
|
/lgtm |
|
/approve |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: lmiccini, zzzeek The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-merge-bot
bot
merged commit 44d4046
into
openstack-k8s-operators:main
7 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
in mariadbdatabase_funcs, the EnsureMariaDBAccount function
called by external controllers adds a finalizer for that calling
controller to the Secret referenced by the MariaDBAccount. This
seems a little off, since the Secret is most immediately needed
by the MariaDBAccount CR itself, and the controller refers to that
MariaDBAccount CR also. It seems more appropriate that
MariaDBAccount itself should maintain its own finalizer on that
Secret, so this logic is added there.
The change here causes the API function EnsureMariaDBAccount
to add a finalizer to the secret that is local to the mariadbaccount,
rather than the helper passed for the calling controller.
Existing "remove finalizer" calls which look for the calling
controller's finalizer tag in the secret are maintained however
to assist with backwards compatibility.
This comes up now because we are seeking to add a new class of
system-level MariaDBAccount that
is used only by the Galera controller itself, but also that these
accounts (really all accounts, but mainly the system ones) will
support in-place password changes by updating the name of the Secret
to be used, implying the old one is no longer needed once the change
takes place; it therefore is most appropriate that MariaDBAccount
maintain its own finalizers on these secrets.