Configurable renewCertDuration and Nodeport svc abrupt deletion fix

abhisbyk · abhisbyk · commit 8e59edbd482b · 2022-08-29T13:01:26.000+05:30
Signed-off-by: abhisbyk &lt;abhishek.by.kumar@oracle.com&gt;
diff --git a/apis/database/v1alpha1/singleinstancedatabase_types.go b/apis/database/v1alpha1/singleinstancedatabase_types.go
@@ -67,6 +67,7 @@ type SingleInstanceDatabaseSpec struct {
 	ArchiveLog         bool              `json:"archiveLog,omitempty"`
 	ForceLogging       bool              `json:"forceLog,omitempty"`
 	EnableTCPS         bool              `json:"enableTCPS,omitempty"`
+	CertRenewDuration  string            `json:"certRenewDuration,omitempty"`
 
 	CloneFrom            string `json:"cloneFrom,omitempty"`
 	ReadinessCheckPeriod int    `json:"readinessCheckPeriod,omitempty"`
@@ -151,8 +152,7 @@ type SingleInstanceDatabaseStatus struct {
 	// +kubebuilder:default:=false
 	IsTcpsEnabled         bool   `json:"isTcpsEnabled"`
 	CertCreationTimestamp string `json:"certCreationTimestamp,omitempty"`
-	DbHostname            string `json:"dbHostname,omitempty"`
-	DbPort                int    `json:"dbPort,omitempty"`
+	CertRenewDuration     string `json:"certRenewDuration,omitempty"`
 
 	// +patchMergeKey=type
 	// +patchStrategy=merge
diff --git a/apis/database/v1alpha1/singleinstancedatabase_webhook.go b/apis/database/v1alpha1/singleinstancedatabase_webhook.go
@@ -40,6 +40,7 @@ package v1alpha1
 
 import (
 	"strings"
+	"time"
 
 	dbcommons "github.com/oracle/oracle-database-operator/commons/database"
 
@@ -244,6 +245,26 @@ func (r *SingleInstanceDatabase) ValidateCreate() error {
 		}
 	}
 
+	// Certificate Renew Duration Validation
+	if r.Spec.CertRenewDuration != "" {
+		duration, err := time.ParseDuration(r.Spec.CertRenewDuration)
+		if err != nil {
+			allErrs = append(allErrs,
+				field.Invalid(field.NewPath("spec").Child("certRenewDuration"), r.Spec.CertRenewDuration,
+					"Please provide valid string to parse the certRenewDuration."))
+		}
+		maxLimit, _ := time.ParseDuration("26000h")
+		minLimit, _ := time.ParseDuration("1m")
+		if duration > maxLimit || duration < minLimit {
+			allErrs = append(allErrs,
+				field.Invalid(field.NewPath("spec").Child("certRenewDuration"), r.Spec.CertRenewDuration,
+					"Please specify certRenewDuration in the range: 1m to 26000h"))
+		}
+	} else {
+		// Setting the default value
+		r.Spec.CertRenewDuration = "26000h"
+	}
+
 	if len(allErrs) == 0 {
 		return nil
 	}
diff --git a/config/crd/bases/database.oracle.com_singleinstancedatabases.yaml b/config/crd/bases/database.oracle.com_singleinstancedatabases.yaml
@@ -77,6 +77,8 @@ spec:
                 type: object
               archiveLog:
                 type: boolean
+              certRenewDuration:
+                type: string
               charset:
                 type: string
               cloneFrom:
@@ -177,6 +179,8 @@ spec:
                 type: string
               certCreationTimestamp:
                 type: string
+              certRenewDuration:
+                type: string
               charset:
                 type: string
               cloneFrom:
@@ -263,10 +267,6 @@ spec:
               datafilesPatched:
                 default: "false"
                 type: string
-              dbHostname:
-                type: string
-              dbPort:
-                type: integer
               edition:
                 type: string
               flashBack:
diff --git a/config/samples/sidb/singleinstancedatabase.yaml b/config/samples/sidb/singleinstancedatabase.yaml
@@ -47,6 +47,10 @@ spec:
   ## Enable TCPS
   enableTCPS: false
 
+  ## Certificate Renewal Duration: The time after which certificates will be renewed if TCPS connections are enabled; can be in hours(h), minutes(m) and seconds(s)
+  ## Maximum value is 26000h
+  #certRenewDuration: 26000h
+
   ## NA if cloning from a SourceDB (cloneFrom is set)
   ## Specify both sgaSize and pgaSize (in MB) or dont specify both
   ## Specify Non-Zero value to use
diff --git a/controllers/database/singleinstancedatabase_controller.go b/controllers/database/singleinstancedatabase_controller.go
@@ -197,22 +197,22 @@ func (r *SingleInstanceDatabaseReconciler) Reconcile(ctx context.Context, req ct
 		}
 	}
 
-	// Configure TCPS
-	result, err = r.configTcps(singleInstanceDatabase, readyPod, ctx, req)
+	// Update DB config
+	result, err = r.updateDBConfig(singleInstanceDatabase, readyPod, ctx, req)
 	if result.Requeue {
 		r.Log.Info("Reconcile queued")
 		return result, nil
 	}
 
-	// Update DB config
-	result, err = r.updateDBConfig(singleInstanceDatabase, readyPod, ctx, req)
+	// Update Init Parameters
+	result, err = r.updateInitParameters(singleInstanceDatabase, readyPod, ctx, req)
 	if result.Requeue {
 		r.Log.Info("Reconcile queued")
 		return result, nil
 	}
 
-	// Update Init Parameters
-	result, err = r.updateInitParameters(singleInstanceDatabase, readyPod, ctx, req)
+	// Configure TCPS
+	result, err = r.configTcps(singleInstanceDatabase, readyPod, ctx, req)
 	if result.Requeue {
 		r.Log.Info("Reconcile queued")
 		return result, nil
@@ -1114,7 +1114,7 @@ func (r *SingleInstanceDatabaseReconciler) createOrReplaceSVC(ctx context.Contex
 			extSvcPort = extSvc.Spec.Ports[1].NodePort
 		}
 
-		if extSvc.Spec.Type != extSvcType || extSvcPort != svcPort || extSvc.Spec.Ports[1].TargetPort.IntVal != extSvcTargetPort {
+		if extSvc.Spec.Type != extSvcType || (m.Spec.ServicePort != 0 && extSvcPort != svcPort) || extSvc.Spec.Ports[1].TargetPort.IntVal != extSvcTargetPort {
 			// Deleting th service
 			log.Info("Deleting service", "name", extSvcName)
 			err := r.Delete(ctx, extSvc)
@@ -1794,16 +1794,15 @@ func (r *SingleInstanceDatabaseReconciler) updateClientWallet(m *dbapi.SingleIns
 				port = extSvc.Spec.Ports[1].NodePort
 			}
 		}
-		if host != "" && host != m.Status.DbHostname && port != int32(m.Status.DbPort) {
-			_, err := dbcommons.ExecCommand(r, r.Config, readyPod.Name, readyPod.Namespace, "",
-				ctx, req, false, "bash", "-c", fmt.Sprintf(dbcommons.ClientWalletUpdate, host, port))
-			if err != nil {
-				r.Log.Error(err, err.Error())
-				return err
-			}
-			m.Status.DbHostname = host
-			m.Status.DbPort = int(port)
+
+		r.Log.Info("Updating the client wallet...")
+		_, err := dbcommons.ExecCommand(r, r.Config, readyPod.Name, readyPod.Namespace, "",
+			ctx, req, false, "bash", "-c", fmt.Sprintf(dbcommons.ClientWalletUpdate, host, port))
+		if err != nil {
+			r.Log.Error(err, err.Error())
+			return err
 		}
+
 	} else {
 		r.Log.Info("Unable to get the service while updating the clientWallet", "Service.Namespace", extSvc.Namespace, "Service.Name", extSvcName)
 		return getExtSvcErr
@@ -1842,8 +1841,9 @@ func (r *SingleInstanceDatabaseReconciler) configTcps(m *dbapi.SingleInstanceDat
 		eventMsg = "TCPS Enabled."
 		r.Recorder.Eventf(m, corev1.EventTypeNormal, eventReason, eventMsg)
 
-		// 26040h = 1085 days
-		futureRequeue = ctrl.Result{Requeue: true, RequeueAfter: func() time.Duration { requeueDuration, _ := time.ParseDuration("26040h"); return requeueDuration }()}
+		requeueDuration, _ := time.ParseDuration(m.Spec.CertRenewDuration)
+		requeueDuration += func() time.Duration { requeueDuration, _ := time.ParseDuration("1s"); return requeueDuration }()
+		futureRequeue = ctrl.Result{Requeue: true, RequeueAfter: requeueDuration}
 
 		// update clientWallet
 		err = r.updateClientWallet(m, readyPod, ctx, req)
@@ -1879,7 +1879,7 @@ func (r *SingleInstanceDatabaseReconciler) configTcps(m *dbapi.SingleInstanceDat
 		// Certificates are renewed when 10 days remain for certs expiry
 		certCreationTimestamp, _ := time.Parse(time.RFC3339, m.Status.CertCreationTimestamp)
 		duration := time.Since(certCreationTimestamp)
-		allowdDuration, _ := time.ParseDuration("26000h")
+		allowdDuration, _ := time.ParseDuration(m.Spec.CertRenewDuration)
 		if duration > allowdDuration {
 			m.Status.Status = dbcommons.StatusUpdating
 			r.Status().Update(ctx, m)
@@ -1898,8 +1898,16 @@ func (r *SingleInstanceDatabaseReconciler) configTcps(m *dbapi.SingleInstanceDat
 			eventMsg := "TCPS Certificates Renewed at time %s,"
 			r.Recorder.Eventf(m, corev1.EventTypeNormal, eventReason, eventMsg, time.Now().Format(time.RFC3339))
 
-			// 26040h = 1085 days
-			futureRequeue = ctrl.Result{Requeue: true, RequeueAfter: func() time.Duration { requeueDuration, _ := time.ParseDuration("26040h"); return requeueDuration }()}
+			requeueDuration, _ := time.ParseDuration(m.Spec.CertRenewDuration)
+			requeueDuration += func() time.Duration { requeueDuration, _ := time.ParseDuration("1s"); return requeueDuration }()
+			futureRequeue = ctrl.Result{Requeue: true, RequeueAfter: requeueDuration}
+		}
+		if m.Status.CertRenewDuration != m.Spec.CertRenewDuration {
+			requeueDuration, _ := time.ParseDuration(m.Spec.CertRenewDuration)
+			requeueDuration += func() time.Duration { requeueDuration, _ := time.ParseDuration("1s"); return requeueDuration }()
+			futureRequeue = ctrl.Result{Requeue: true, RequeueAfter: requeueDuration}
+
+			m.Status.CertRenewDuration = m.Spec.CertRenewDuration
 		}
 		// update clientWallet
 		err := r.updateClientWallet(m, readyPod, ctx, req)
