vertica · spilchen · Nov 8, 2023 · Nov 6, 2023 · Nov 7, 2023 · Nov 7, 2023
@@ -15,6 +15,10 @@ on:
       vertica-deployment-method:
         type: string
         required: false
+      vertica-superuser-name:
+        type: string
+        required: false
-        required: false
+        required: false
+        default: "myadmin"
-        required: false
+        required: false
+        default: "myadmin"
+        default: myadmin
     secrets:
       DOCKERHUB_USERNAME:
         description: 'When working with images from docker.io, this is the username for login purposes'
@@ -44,6 +48,11 @@ on:
         options:
         - admintools
         - vclusterops
+      vertica-superuser-name:
+        description: 'Vertica superuser name'
+        type: string
+        required: false
+        default: myadmin
 
 jobs:
 
@@ -72,6 +81,10 @@ jobs:
         export E2E_TEST_DIRS="tests/e2e-leg-4"
         export VERTICA_DEPLOYMENT_METHOD=${{ inputs.vertica-deployment-method }}
         if [ "${VERTICA_DEPLOYMENT_METHOD}" != "vclusterops" ]; then E2E_TEST_DIRS+=" tests/e2e-leg-4-at-only"; fi
+        export VERTICA_SUPERUSER_NAME=${{ inputs.vertica-superuser-name }}
+        if [ -z "${VERTICA_SUPERUSER_NAME}" -o "${VERTICA_DEPLOYMENT_METHOD}" != "vclusterops" ]; then 
+          export VERTICA_SUPERUSER_NAME="dbadmin"
+        fi
         # All helm deployments will use cert-manager to create the webhook cert
         export HELM_OVERRIDES="--set webhook.certSource=cert-manager"
         scripts/run-k8s-int-tests.sh -s -e tests/external-images-s3-ci.txt

@@ -523,7 +523,7 @@ func (s *SubclusterStatus) InstallCount() int32 {
 	return c
 }
 
-// GetVerticaUser returns the user name associated with the passwordSecret.
+// GetVerticaUser returns the name of Vertica superuser generated in database creation.
 func (v *VerticaDB) GetVerticaUser() string {
-	return "dbadmin"
+	return vmeta.GetSuperuserName(v.Annotations)
 }
@@ -449,9 +449,6 @@ const (
 	AutoUpgrade UpgradePolicyType = "Auto"
 )
 
-// SuperUser is an automatically-created user in database creation
-const SuperUser = "dbadmin"
-
 type HTTPServerModeType string
 
 const (

@@ -0,0 +1,5 @@
+kind: Added
+body: Ability to control the name of the superuser
+time: 2023-11-07T09:38:13.490515872-04:00
+custom:
+  Issue: "578"
@@ -36,25 +36,25 @@ var _ = Describe("k8s/cmds", func() {
 
 	It("should add the password option to vsql command", func() {
 		cmd := []string{"-tAc", "select 1"}
-		fpr := &FakePodRunner{SUPassword: "vertica"}
+		fpr := &FakePodRunner{VerticaSUPassword: "vertica"}
 		podName := types.NamespacedName{Namespace: "default", Name: "vdb-pod"}
 		_, _, _ = fpr.ExecVSQL(ctx, podName, "server", cmd...)
-		lastCall := fpr.FindCommands("vsql", "--password", fpr.SUPassword, "-tAc", "select 1")
+		lastCall := fpr.FindCommands("vsql", "--password", fpr.VerticaSUPassword, "-tAc", "select 1")
 		Expect(len(lastCall)).Should(Equal(1))
 	})
 
 	It("should add password option for db_add_node", func() {
 		cmd := []string{"-t", "db_add_node"}
-		fpr := &FakePodRunner{SUPassword: "vertica"}
+		fpr := &FakePodRunner{VerticaSUPassword: "vertica"}
 		podName := types.NamespacedName{Namespace: "default", Name: "vdb-pod"}
 		_, _, _ = fpr.ExecAdmintools(ctx, podName, "server", cmd...)
-		lastCall := fpr.FindCommands("/opt/vertica/bin/admintools", "-t", "db_add_node", "--password", fpr.SUPassword)
+		lastCall := fpr.FindCommands("/opt/vertica/bin/admintools", "-t", "db_add_node", "--password", fpr.VerticaSUPassword)
 		Expect(len(lastCall)).Should(Equal(1))
 	})
 
 	It("should not add password to an admintools' tool which does not support it", func() {
 		cmd := []string{"-t", "list_allnodes"}
-		fpr := &FakePodRunner{SUPassword: "vertica"}
+		fpr := &FakePodRunner{VerticaSUPassword: "vertica"}
 		podName := types.NamespacedName{Namespace: "default", Name: "vdb-pod"}
 		_, _, _ = fpr.ExecAdmintools(ctx, podName, "server", cmd...)
 		lastCall := fpr.FindCommands("/opt/vertica/bin/admintools", "-t", "list_allnodes")
@@ -63,7 +63,7 @@ var _ = Describe("k8s/cmds", func() {
 
 	It("should not add password to vsql command", func() {
 		cmd := []string{"-tAc", "select 1"}
-		fpr := &FakePodRunner{SUPassword: ""}
+		fpr := &FakePodRunner{VerticaSUPassword: ""}
 		podName := types.NamespacedName{Namespace: "default", Name: "vdb-pod"}
 		_, _, _ = fpr.ExecVSQL(ctx, podName, "server", cmd...)
 		lastCall := fpr.FindCommands("vsql", "-tAc", "select 1")
@@ -72,7 +72,7 @@ var _ = Describe("k8s/cmds", func() {
 
 	It("should not add password to admintools", func() {
 		cmd := []string{"-t", "db_add_node"}
-		fpr := &FakePodRunner{SUPassword: ""}
+		fpr := &FakePodRunner{VerticaSUPassword: ""}
 		podName := types.NamespacedName{Namespace: "default", Name: "vdb-pod"}
 		_, _, _ = fpr.ExecAdmintools(ctx, podName, "server", cmd...)
 		lastCall := fpr.FindCommands("/opt/vertica/bin/admintools", "-t", "db_add_node")

@@ -45,14 +45,15 @@ type PodRunner interface {
 }
 
 type ClusterPodRunner struct {
-	Log        logr.Logger
-	Cfg        *rest.Config
-	SUPassword string
+	Log               logr.Logger
+	Cfg               *rest.Config
+	VerticaSUName     string // vertica superuser generated in database creation
+	VerticaSUPassword string
 }
 
 // MakeClusterPodRunnerr will build a ClusterPodRunner object
-func MakeClusterPodRunner(log logr.Logger, cfg *rest.Config, passwd string) *ClusterPodRunner {
-	return &ClusterPodRunner{Log: log, Cfg: cfg, SUPassword: passwd}
+func MakeClusterPodRunner(log logr.Logger, cfg *rest.Config, verticaSUName, passwd string) *ClusterPodRunner {
+	return &ClusterPodRunner{Log: log, Cfg: cfg, VerticaSUName: verticaSUName, VerticaSUPassword: passwd}
 }
 
 // logInfoCmd calls log function for the given command
@@ -140,14 +141,14 @@ func (c *ClusterPodRunner) CopyToPod(ctx context.Context, podName types.Namespac
 // ExecVSQL appends options to the vsql command and calls ExecInPod
 func (c *ClusterPodRunner) ExecVSQL(ctx context.Context, podName types.NamespacedName,
 	contName string, command ...string) (stdout, stderr string, err error) {
-	command = UpdateVsqlCmd(c.SUPassword, command...)
+	command = UpdateVsqlCmd(c.VerticaSUName, c.VerticaSUPassword, command...)
 	return c.ExecInPod(ctx, podName, contName, command...)
 }
 
 // ExecAdmintools appends options to the admintools command and calls ExecInPod
 func (c *ClusterPodRunner) ExecAdmintools(ctx context.Context, podName types.NamespacedName,
 	contName string, command ...string) (stdout, stderr string, err error) {
-	command = UpdateAdmintoolsCmd(c.SUPassword, command...)
+	command = UpdateAdmintoolsCmd(c.VerticaSUPassword, command...)
 	return c.ExecInPod(ctx, podName, contName, command...)
 }
 
@@ -164,10 +165,13 @@ func (c *ClusterPodRunner) DumpAdmintoolsConf(ctx context.Context, podName types
 }
 
 // UpdateVsqlCmd generates a vsql command appending the options we need
-func UpdateVsqlCmd(passwd string, cmd ...string) []string {
+func UpdateVsqlCmd(suName, passwd string, cmd ...string) []string {
 	prefix := []string{"vsql"}
+	if suName != "" {
+		prefix = append(prefix, "-U", suName)
+	}
 	if passwd != "" {
-		prefix = []string{"vsql", "--password", passwd}
+		prefix = append(prefix, "--password", passwd)
 	}
 	cmd = append(prefix, cmd...)
 	return cmd

@@ -35,8 +35,10 @@ type FakePodRunner struct {
 	// The commands that were issue. The commands are in the same order that
 	// commands were received. This is filled in by ExecInPod and can be inspected.
 	Histories []CmdHistory
+	// fake username
+	VerticaSUName string
 	// fake password
-	SUPassword string
+	VerticaSUPassword string
 }
 
 // CmdResults stores the command result.  The key is the pod name.
@@ -76,14 +78,14 @@ func (f *FakePodRunner) ExecInPod(_ context.Context, podName types.NamespacedNam
 // ExecAdmintools calls ExecInPod
 func (f *FakePodRunner) ExecAdmintools(ctx context.Context, podName types.NamespacedName,
 	contName string, command ...string) (stdout, stderr string, err error) {
-	command = UpdateAdmintoolsCmd(f.SUPassword, command...)
+	command = UpdateAdmintoolsCmd(f.VerticaSUPassword, command...)
 	return f.ExecInPod(ctx, podName, contName, command...)
 }
 
 // ExecVSQL calls ExecInPod
 func (f *FakePodRunner) ExecVSQL(ctx context.Context, podName types.NamespacedName,
 	contName string, command ...string) (stdout, stderr string, err error) {
-	command = UpdateVsqlCmd(f.SUPassword, command...)
+	command = UpdateVsqlCmd(f.VerticaSUName, f.VerticaSUPassword, command...)
 	return f.ExecInPod(ctx, podName, contName, command...)
 }
 

@@ -124,7 +124,7 @@ func (r *VerticaDBReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 	if err != nil {
 		return ctrl.Result{}, err
 	}
-	prunner := cmds.MakeClusterPodRunner(log, r.Cfg, passwd)
+	prunner := cmds.MakeClusterPodRunner(log, r.Cfg, vdb.GetVerticaUser(), passwd)
 	// We use the same pod facts for all reconcilers. This allows to reuse as
 	// much as we can. Some reconcilers will purposely invalidate the facts if
 	// it is known they did something to make them stale.

@@ -119,6 +119,14 @@ const (
 	BuildRefAnnotation  = "vertica.com/buildRef"
 	// Annotation for the database's revive_instance_id
 	ReviveInstanceIDAnnotation = "vertica.com/revive-instance-id"
+
+	// Annotation for a customized superuser name. This annotation can be used
+	// when vclusterops annotation is set to true. It can explicitly specify the
+	// name of vertica superuser that is generated in database creation. If this
+	// annotation is not provided or vclusterops annotation is set to false, the
+	// default value "dbadmin" will be used.
+	SuperuserNameAnnotation   = "vertica.com/superuser-name"
+	SuperuserNameDefaultValue = "dbadmin"
 )
 
 // IsPauseAnnotationSet will check the annotations for a special value that will
@@ -192,6 +200,15 @@ func IncludeUIDInPath(annotations map[string]string) bool {
 	return lookupBoolAnnotation(annotations, IncludeUIDInPathAnnotation, false /* default value */)
 }
 
+// GetSuperuserName returns the name of customized vertica superuser name
+// for vclusterops style of deployments.
+func GetSuperuserName(annotations map[string]string) string {
+	if UseVClusterOps(annotations) {
+		return lookupStringAnnotation(annotations, SuperuserNameAnnotation, SuperuserNameDefaultValue)
+	}
+	return SuperuserNameDefaultValue
+}
+
 // lookupBoolAnnotation is a helper function to lookup a specific annotation and
 // treat it as if it were a boolean.
 func lookupBoolAnnotation(annotations map[string]string, annotation string, defaultValue bool) bool {

@@ -22,7 +22,6 @@ import (
 
 	vops "github.com/vertica/vcluster/vclusterops"
 	"github.com/vertica/vcluster/vclusterops/vstruct"
-	vapi "github.com/vertica/vertica-kubernetes/api/v1"
 	"github.com/vertica/vertica-kubernetes/pkg/events"
 	"github.com/vertica/vertica-kubernetes/pkg/net"
 	"github.com/vertica/vertica-kubernetes/pkg/vadmin/opts/addnode"
@@ -79,7 +78,7 @@ func (v *VClusterOps) genAddNodeOptions(s *addnode.Parms, certs *HTTPSCerts) vop
 	opts.Key = certs.Key
 	opts.Cert = certs.Cert
 	opts.CaCert = certs.CaCert
-	*opts.UserName = vapi.SuperUser
+	*opts.UserName = v.VDB.GetVerticaUser()
 	opts.Password = &v.Password
 
 	return opts

@@ -20,7 +20,6 @@ import (
 
 	vops "github.com/vertica/vcluster/vclusterops"
 	"github.com/vertica/vcluster/vclusterops/vstruct"
-	vapi "github.com/vertica/vertica-kubernetes/api/v1"
 	"github.com/vertica/vertica-kubernetes/pkg/net"
 	"github.com/vertica/vertica-kubernetes/pkg/vadmin/opts/addsc"
 )
@@ -60,7 +59,7 @@ func (v *VClusterOps) genAddSubclusterOptions(s *addsc.Parms) vops.VAddSubcluste
 	opts.IsPrimary = &s.IsPrimary
 
 	// auth options
-	*opts.UserName = vapi.SuperUser
+	*opts.UserName = v.VDB.GetVerticaUser()
 	opts.Password = &v.Password
 	*opts.HonorUserInput = true
 

@@ -21,7 +21,6 @@ import (
 
 	vops "github.com/vertica/vcluster/vclusterops"
 	"github.com/vertica/vcluster/vclusterops/vstruct"
-	vapi "github.com/vertica/vertica-kubernetes/api/v1"
 	"github.com/vertica/vertica-kubernetes/pkg/events"
 	"github.com/vertica/vertica-kubernetes/pkg/net"
 	"github.com/vertica/vertica-kubernetes/pkg/vadmin/opts/createdb"
@@ -87,7 +86,7 @@ func (v *VClusterOps) genCreateDBOptions(s *createdb.Parms, certs *HTTPSCerts) v
 	opts.Key = certs.Key
 	opts.Cert = certs.Cert
 	opts.CaCert = certs.CaCert
-	*opts.UserName = vapi.SuperUser
+	*opts.UserName = v.VDB.GetVerticaUser()
 	if v.Password != "" {
 		opts.Password = &v.Password
 	}

@@ -20,7 +20,6 @@ import (
 
 	vops "github.com/vertica/vcluster/vclusterops"
 	"github.com/vertica/vcluster/vclusterops/vstruct"
-	vapi "github.com/vertica/vertica-kubernetes/api/v1"
 	"github.com/vertica/vertica-kubernetes/pkg/net"
 	"github.com/vertica/vertica-kubernetes/pkg/vadmin/opts/fetchnodestate"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -68,7 +67,7 @@ func (v *VClusterOps) genFetchNodeStateOptions(s *fetchnodestate.Parms) vops.VFe
 	opts.Ipv6 = vstruct.MakeNullableBool(net.IsIPv6(s.InitiatorIP))
 
 	// auth options
-	*opts.UserName = vapi.SuperUser
+	*opts.UserName = v.VDB.GetVerticaUser()
 	opts.Password = &v.Password
 	*opts.HonorUserInput = true
 

@@ -96,7 +96,7 @@ func (v *VClusterOps) genReIPOptions(s *reip.Parms, certs *HTTPSCerts) vops.VReI
 	opts.Key = certs.Key
 	opts.Cert = certs.Cert
 	opts.CaCert = certs.CaCert
-	*opts.UserName = vapi.SuperUser
+	*opts.UserName = v.VDB.GetVerticaUser()
 	opts.Password = &v.Password
 	*opts.HonorUserInput = true
 

@@ -20,7 +20,6 @@ import (
 
 	vops "github.com/vertica/vcluster/vclusterops"
 	"github.com/vertica/vcluster/vclusterops/vstruct"
-	vapi "github.com/vertica/vertica-kubernetes/api/v1"
 	"github.com/vertica/vertica-kubernetes/pkg/net"
 	"github.com/vertica/vertica-kubernetes/pkg/vadmin/opts/removenode"
 )
@@ -66,7 +65,7 @@ func (v *VClusterOps) genRemoveNodeOptions(s *removenode.Parms, certs *HTTPSCert
 	opts.Key = certs.Key
 	opts.Cert = certs.Cert
 	opts.CaCert = certs.CaCert
-	*opts.UserName = vapi.SuperUser
+	*opts.UserName = v.VDB.GetVerticaUser()
 	opts.Password = &v.Password
 
 	return opts

@@ -22,7 +22,6 @@ import (
 	"github.com/vertica/vcluster/rfc7807"
 	vops "github.com/vertica/vcluster/vclusterops"
 	"github.com/vertica/vcluster/vclusterops/vstruct"
-	vapi "github.com/vertica/vertica-kubernetes/api/v1"
 	"github.com/vertica/vertica-kubernetes/pkg/net"
 	"github.com/vertica/vertica-kubernetes/pkg/vadmin/opts/removesc"
 )
@@ -81,7 +80,7 @@ func (v *VClusterOps) genRemoveSubclusterOptions(s *removesc.Parms, certs *HTTPS
 	opts.Key = certs.Key
 	opts.Cert = certs.Cert
 	opts.CaCert = certs.CaCert
-	*opts.UserName = vapi.SuperUser
+	*opts.UserName = v.VDB.GetVerticaUser()
 	opts.Password = &v.Password
 
 	return opts

@@ -21,7 +21,6 @@ import (
 
 	vops "github.com/vertica/vcluster/vclusterops"
 	"github.com/vertica/vcluster/vclusterops/vstruct"
-	vapi "github.com/vertica/vertica-kubernetes/api/v1"
 	"github.com/vertica/vertica-kubernetes/pkg/net"
 	"github.com/vertica/vertica-kubernetes/pkg/vadmin/opts/restartnode"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -53,7 +52,7 @@ func (v *VClusterOps) RestartNode(ctx context.Context, opts ...restartnode.Optio
 }
 
 func (v *VClusterOps) genRestartNodeOptions(s *restartnode.Parms, certs *HTTPSCerts) *vops.VRestartNodesOptions {
-	su := vapi.SuperUser
+	su := v.VDB.GetVerticaUser()
 	honorUserInput := true
 	opts := vops.VRestartNodesOptions{
 		DatabaseOptions: vops.DatabaseOptions{

@@ -84,7 +84,7 @@ func (v *VClusterOps) genStartDBOptions(s *startdb.Parms, certs *HTTPSCerts) (vo
 	opts.Key = certs.Key
 	opts.Cert = certs.Cert
 	opts.CaCert = certs.CaCert
-	*opts.UserName = vapi.SuperUser
+	*opts.UserName = v.VDB.GetVerticaUser()
 	opts.Password = &v.Password
 	*opts.HonorUserInput = true
 

@@ -20,7 +20,6 @@ import (
 
 	vops "github.com/vertica/vcluster/vclusterops"
 	"github.com/vertica/vcluster/vclusterops/vstruct"
-	vapi "github.com/vertica/vertica-kubernetes/api/v1"
 	"github.com/vertica/vertica-kubernetes/pkg/net"
 	"github.com/vertica/vertica-kubernetes/pkg/vadmin/opts/stopdb"
 )
@@ -58,7 +57,7 @@ func (v *VClusterOps) genStopDBOptions(s *stopdb.Parms) vops.VStopDatabaseOption
 	opts.IsEon = vstruct.MakeNullableBool(v.VDB.IsEON())
 
 	// auth options
-	*opts.UserName = vapi.SuperUser
+	*opts.UserName = v.VDB.GetVerticaUser()
 	opts.Password = &v.Password
 	*opts.HonorUserInput = true