chore: support to restore the account of the sharding cluster (apeclo…

…ud#8434)
zjx20 · Nov 12, 2024 · c3861c2 · c3861c2
1 parent a94a08e
commit c3861c2
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 9 deletions.
diff --git a/controllers/apps/transformer_cluster_sharding_account.go b/controllers/apps/transformer_cluster_sharding_account.go
@@ -32,6 +32,7 @@ import (
 	"github.com/apecloud/kubeblocks/pkg/common"
 	"github.com/apecloud/kubeblocks/pkg/constant"
 	"github.com/apecloud/kubeblocks/pkg/controller/builder"
+	"github.com/apecloud/kubeblocks/pkg/controller/factory"
 	"github.com/apecloud/kubeblocks/pkg/controller/graph"
 	"github.com/apecloud/kubeblocks/pkg/controller/model"
 )
@@ -126,7 +127,7 @@ func (t *clusterShardingAccountTransformer) newSystemAccountSecret(transCtx *clu
 			return nil, err
 		}
 	default:
-		password = t.buildPassword(account)
+		password = t.buildPassword(transCtx, account, sharding.Name)
 	}
 	return t.newAccountSecretWithPassword(transCtx, sharding, accountName, password)
 }
@@ -179,9 +180,12 @@ func (t *clusterShardingAccountTransformer) getPasswordFromSecret(ctx graph.Tran
 	return secret.Data[constant.AccountPasswdForSecret], nil
 }
 
-func (t *clusterShardingAccountTransformer) buildPassword(account appsv1.SystemAccount) []byte {
-	// TODO: restore
-	return t.generatePassword(account)
+func (t *clusterShardingAccountTransformer) buildPassword(transCtx *clusterTransformContext, account appsv1.SystemAccount, shardingName string) []byte {
+	password := []byte(factory.GetRestoreSystemAccountPassword(transCtx.Cluster.Annotations, shardingName, account.Name))
+	if len(password) == 0 {
+		password = t.generatePassword(account)
+	}
+	return password
 }
 
 func (t *clusterShardingAccountTransformer) generatePassword(account appsv1.SystemAccount) []byte {

diff --git a/controllers/apps/transformer_component_account.go b/controllers/apps/transformer_component_account.go
@@ -135,7 +135,7 @@ func (t *componentAccountTransformer) getPasswordFromSecret(ctx graph.TransformC
 
 func (t *componentAccountTransformer) buildPassword(ctx *componentTransformContext, account appsv1.SystemAccount) []byte {
 	// get restore password if exists during recovery.
-	password := factory.GetRestoreSystemAccountPassword(ctx.SynthesizeComponent, account)
+	password := factory.GetRestoreSystemAccountPassword(ctx.SynthesizeComponent.Annotations, ctx.SynthesizeComponent.Name, account.Name)
 	if account.InitAccount && password == "" {
 		// initAccount can also restore from factory.GetRestoreSystemAccountPassword(ctx.SynthesizeComponent, account).
 		// This is compatibility processing.

diff --git a/controllers/dataprotection/backup_controller.go b/controllers/dataprotection/backup_controller.go
@@ -853,6 +853,9 @@ func setEncryptedSystemAccountsAnnotation(request *dpbackup.Request, cluster *kb
 			continue
 		}
 		componentName := secretList.Items[i].Labels[constant.KBAppComponentLabelKey]
+		if componentName == "" {
+			componentName = secretList.Items[i].Labels[constant.KBAppShardingNameLabelKey]
+		}
 		userName := string(secretList.Items[i].Data[usernameKey])
 		e := intctrlutil.NewEncryptor(viper.GetString(constant.CfgKeyDPEncryptionKey))
 		encryptedPwd, err := e.Encrypt(secretList.Items[i].Data[passwordKey])

diff --git a/pkg/controller/factory/builder.go b/pkg/controller/factory/builder.go
@@ -199,8 +199,8 @@ func GetRestorePassword(synthesizedComp *component.SynthesizedComponent) string
 }
 
 // GetRestoreSystemAccountPassword gets restore password if exists during recovery.
-func GetRestoreSystemAccountPassword(synthesizedComp *component.SynthesizedComponent, account appsv1.SystemAccount) string {
-	valueString := synthesizedComp.Annotations[constant.RestoreFromBackupAnnotationKey]
+func GetRestoreSystemAccountPassword(annotations map[string]string, componentName, accountName string) string {
+	valueString := annotations[constant.RestoreFromBackupAnnotationKey]
 	if len(valueString) == 0 {
 		return ""
 	}
@@ -209,7 +209,7 @@ func GetRestoreSystemAccountPassword(synthesizedComp *component.SynthesizedCompo
 	if err != nil {
 		return ""
 	}
-	backupSource, ok := backupMap[synthesizedComp.Name]
+	backupSource, ok := backupMap[componentName]
 	if !ok {
 		return ""
 	}
@@ -223,7 +223,7 @@ func GetRestoreSystemAccountPassword(synthesizedComp *component.SynthesizedCompo
 		return ""
 	}
 	e := intctrlutil.NewEncryptor(viper.GetString(constant.CfgKeyDPEncryptionKey))
-	encryptedPwd, ok := systemAccountsMap[account.Name]
+	encryptedPwd, ok := systemAccountsMap[accountName]
 	if !ok {
 		return ""
 	}

diff --git a/pkg/operations/restore.go b/pkg/operations/restore.go
@@ -223,5 +223,20 @@ func (r RestoreOpsHandler) getClusterObjFromBackup(backup *dpv1alpha1.Backup, op
 	for i := range cluster.Spec.ComponentSpecs {
 		cluster.Spec.ComponentSpecs[i].OfflineInstances = nil
 	}
+	r.rebuildShardAccountSecrets(cluster)
 	return cluster, nil
 }
+
+func (r RestoreOpsHandler) rebuildShardAccountSecrets(cluster *appsv1.Cluster) {
+	if len(cluster.Spec.Shardings) == 0 {
+		return
+	}
+	for i := range cluster.Spec.Shardings {
+		shardingSpec := &cluster.Spec.Shardings[i]
+		template := &shardingSpec.Template
+		for j := range template.SystemAccounts {
+			account := &template.SystemAccounts[j]
+			account.SecretRef = nil
+		}
+	}
+}