feat(dbaas-client): read connection properties from mounted secrets with REST fallback#115
Open
kichasov wants to merge 2 commits into
Open
feat(dbaas-client): read connection properties from mounted secrets with REST fallback#115kichasov wants to merge 2 commits into
kichasov wants to merge 2 commits into
Conversation
…ith REST fallback Port of the Go base-client mounted-secret provider (qubership-core-lib-go-dbaas-base-client PR #70) to the Spring dbaas-client. DatabasePool now reads a database's connection properties from a Secret mounted at /etc/secrets/dbaas-secrets before calling dbaas over REST; on a miss it falls back to REST exactly as before. This removes the runtime dependency on dbaas-aggregator for services whose Secret is materialized by the dbaas-operator DatabaseSecretClaim. - MountedSecretSource: indexes each Secret directory by its canonical (classifier, type, role) key, reads connectionProperties.json fresh on every resolve (rotation-safe), throttled re-scan on a miss, and evicts an entry whose files were removed. - ClassifierMatcher: canonical classifier (keys sorted recursively, scope lower-cased, empty top-level namespace/tenantId omitted, empty nested objects dropped); role matched exact after trim (an empty role matches a descriptor whose userRole was left unset). - DatabasePool.createDatabase: consult the mounted source between the custom LogicalDbProvider chain and the REST call; build the typed AbstractDatabase via synthetic-response (objectMapper.convertValue(map, type.getDatabaseClass())). Always on; when nothing is mounted the index is empty and the pool falls back to REST. Public API, constructors, the LogicalDbProvider SPI, the starters and the L2 cache key are unchanged: role participates only in the mounted-secret lookup, not in the cache key. Tests: MountedSecretSourceTest (hit/miss, fresh read on rotation, corrupt/missing metadata, evict on removal, exact role matching incl. empty-matches-unset, canonical order/scope/type case and omit-empty); DatabasePoolMountedSecretTest (source-first builds the DB without calling REST; falls back to REST when nothing is mounted).
…x field Address the SonarCloud quality gate on the mounted-secret feature (coverage on new code 73.4% < 80%, Reliability B): - Reliability: replace the volatile mutable Map index in MountedSecretSource with an AtomicReference (S3077). The reference was only ever swapped for an immutable map, but the volatile-mutable-type pattern dropped the rating to B. - Coverage: add tests for corrupt/incomplete metadata and connectionProperties, duplicate keys, non-directory entries, and the throttled re-scan on a miss (via a new package-private constructor seam that takes the rescan throttle); a ClassifierMatcherTest for the canonical edge cases (null type/role, null values, empty/non-empty nested objects, scalars); and a DatabasePool case exercising the synthetic-response fallbacks (name/namespace/settings). - Minor smells: drop an unused test parameter; suppress the fixed-mount-path S1075 and the deprecated DatabaseDefinitionHandler stub (DatabasePool's only constructors require it).
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Port of the Go base-client mounted-secret provider (
qubership-core-lib-go-dbaas-base-clientPR #70) to the Springdbaas-client, with REST fallback.DatabasePoolnow reads a database's connection properties from a Secret mounted at the fixed path/etc/secrets/dbaas-secretsbefore calling dbaas over REST; on a miss it falls back to REST exactly as before. This lets services whose Secret is materialized by the dbaas-operatorDatabaseSecretClaimresolve their database without a runtime dependency on dbaas-aggregator.Design:
dbaas-client-mounted-secret-source-design.md(Part I shared contract + Part II Spring).How
All changes are in
dbaas-client-base(driver base modules and starters are untouched):MountedSecretSource— indexes each Secret directory by its canonical(classifier, type, role)key, readsconnectionProperties.jsonfresh on every resolve (rotation-safe), does a throttled re-scan on a miss, and evicts an entry whose files were removed.ClassifierMatcher— canonical classifier (keys sorted recursively,scopelower-cased, empty top-levelnamespace/tenantIdomitted, empty nested objects dropped). The client canonicalizes both its own classifier and the descriptor, so they only need to agree with each other. Role is matched exact after trim (an empty role matches a descriptor whoseuserRolewas left unset).DatabasePool.createDatabase— consult the mounted source between the customLogicalDbProviderchain and the REST call; build the typedAbstractDatabasevia the synthetic-response mechanism (objectMapper.convertValue(map, type.getDatabaseClass())). Always on; when nothing is mounted the index is empty and the pool falls back to REST.pom.xml— addsjackson-databind(version managed by the parent).Backward compatibility
LogicalDbProviderSPI, the starters' beans and microservice code are unchanged.DatabaseConfig.userRole), not in the cache key./etc/secrets/dbaas-secretsabsent → empty index → REST). The feature is opt-in by mounting the Secret via the Deployment.Tests
mvn -pl dbaas-client/dbaas-client-java/dbaas-client-base -am test→ BUILD SUCCESS, 57 tests, 0 failures.MountedSecretSourceTest— hit/miss, fresh read on rotation, corrupt/missing metadata, evict on removal, exact role matching (incl. empty-matches-unset), canonical order/scope/type-case and omit-empty.DatabasePoolMountedSecretTest— source-first builds the DB without calling REST; falls back to REST when nothing is mounted.Scope / follow-ups
dbaas-client-java). Quarkus (core-quarkus-extensions/dbaas-client, Part III of the design —LogicalDbProviderchain + Mongo SPI) is a separate change.TestDatabase/TestDBConnection.NewKeyWithDiscriminator) is intentionally out of scope: the Spring discriminator slot is used by connector settings, and adding role would change REST-path caching too. The pre-existing "one classifier + multiple access roles share a cache entry" limitation is unchanged.Operational note
The mounted lookup matches the requested role string, with no aggregator-side role resolution.
DatabaseSecretClaim.spec.userRolemust equal what the consumer sends asDatabaseConfig.userRole(default: both empty → match). A mismatch is a silent miss that falls back to REST — observable via themounted-secretDEBUG hit/miss logs.