diff --git a/scripts/src/hwlab-node/secret-scripts.ts b/scripts/src/hwlab-node/secret-scripts.ts index 9100de2f..80849417 100644 --- a/scripts/src/hwlab-node/secret-scripts.ts +++ b/scripts/src/hwlab-node/secret-scripts.ts @@ -1372,7 +1372,7 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime `db_user=${shellQuote(spec.cloudApiDbUser)}`, `db_host=${shellQuote(spec.cloudApiDbHost)}`, `cloud_api_deployment=${shellQuote(spec.cloudApiDeployment)}`, - "db_consumer_deployments=\"hwlab-cloud-api hwlab-user-billing hwlab-workbench-runtime\"", + "db_consumer_deployments=\"hwlab-cloud-api hwlab-user-billing hwlab-workbench-runtime hwlab-project-management\"", `action_request=${shellQuote(options.action)}`, `dry_run=${shellQuote(options.dryRun ? "true" : "false")}`, `field_manager=${shellQuote(spec.fieldManager)}`, @@ -1418,6 +1418,16 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime " if [ \"$role_exit\" -eq 0 ] && [ \"$database_exit\" -eq 0 ]; then probe_exit=0; else probe_exit=$role_exit/$database_exit; fi", " fi", "}", + "deployment_ready_flag() {", + " deploy=$1", + " desired=$(kubectl -n \"$namespace\" get deployment \"$deploy\" -o 'jsonpath={.spec.replicas}' 2>/dev/null || true)", + " updated=$(kubectl -n \"$namespace\" get deployment \"$deploy\" -o 'jsonpath={.status.updatedReplicas}' 2>/dev/null || true)", + " available=$(kubectl -n \"$namespace\" get deployment \"$deploy\" -o 'jsonpath={.status.availableReplicas}' 2>/dev/null || true)", + " [ -n \"$desired\" ] || desired=0", + " [ -n \"$updated\" ] || updated=0", + " [ -n \"$available\" ] || available=0", + " if [ \"$updated\" = \"$desired\" ] && [ \"$available\" = \"$desired\" ]; then printf yes; else printf no; fi", + "}", "before_exists=$(secret_exists_flag \"$name\")", "before_postgres_exists=$(secret_exists_flag \"$postgres_secret\")", "before_url_b64=$(secret_b64_key \"$name\" \"$database_url_key\")", @@ -1437,6 +1447,15 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime "db_role_exists_before=$role_result", "db_database_exists_before=$database_result", "db_probe_exit_before=$probe_exit", + "consumer_not_ready=false", + "consumer_ready_before=", + "consumer_not_ready_before=", + "for deployment in $db_consumer_deployments; do", + " ready_flag=$(deployment_ready_flag \"$deployment\")", + " if [ \"$ready_flag\" = yes ]; then consumer_ready_before=\"$consumer_ready_before $deployment\"; else consumer_not_ready=true; consumer_not_ready_before=\"$consumer_not_ready_before $deployment\"; fi", + "done", + "consumer_ready_before=$(printf '%s' \"$consumer_ready_before\" | sed 's/^ //')", + "consumer_not_ready_before=$(printf '%s' \"$consumer_not_ready_before\" | sed 's/^ //')", "action=observed", "mutation=false", "apply_exit=", @@ -1455,11 +1474,11 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime " [ \"$db_role_exists_before\" = t ] || missing_db=true", " [ \"$db_database_exists_before\" = t ] || missing_db=true", " if [ \"$dry_run\" = true ]; then", - " if [ \"$before_postgres_exists\" != yes ] || [ \"$postgres_admin_present\" != yes ] || [ \"$missing_secret\" = true ] || [ \"$missing_db\" = true ]; then action=would-ensure; else action=kept; fi", + " if [ \"$before_postgres_exists\" != yes ] || [ \"$postgres_admin_present\" != yes ] || [ \"$missing_secret\" = true ] || [ \"$missing_db\" = true ] || [ \"$consumer_not_ready\" = true ]; then action=would-ensure; else action=kept; fi", " elif [ \"$before_postgres_exists\" != yes ] || [ \"$postgres_admin_present\" != yes ] || [ -z \"$postgres_admin_password\" ]; then", " action=postgres-admin-secret-missing", " apply_exit=44", - " elif [ \"$missing_secret\" = false ] && [ \"$missing_db\" = false ]; then", + " elif [ \"$missing_secret\" = false ] && [ \"$missing_db\" = false ] && [ \"$consumer_not_ready\" = false ]; then", " action=kept", " else", " database_url=\"postgres://$db_user:$postgres_admin_password@$db_host:5432/$db_name?sslmode=disable\"", @@ -1478,7 +1497,7 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime "SQL", " db_ensure_exit=$?", " if [ \"$db_ensure_exit\" -eq 0 ]; then", - " if [ \"$missing_secret\" = true ] || [ \"$missing_db\" = true ]; then", + " if [ \"$missing_secret\" = true ] || [ \"$missing_db\" = true ] || [ \"$consumer_not_ready\" = true ]; then", " rollout_restart_exit=0", " for deployment in $db_consumer_deployments; do", " kubectl -n \"$namespace\" rollout restart \"deployment/$deployment\" >/tmp/hwlab-db-consumer-rollout-restart-$deployment.out 2>/tmp/hwlab-db-consumer-rollout-restart-$deployment.err", @@ -1537,6 +1556,8 @@ export function cloudApiDbSecretScript(options: NodeSecretOptions, spec: Runtime "printf 'beforeDatabaseUrlSslmode\\t%s\\n' \"$before_url_sslmode\"", "printf 'beforeDatabaseUrlPasswordPresent\\t%s\\n' \"$before_url_password_present\"", "printf 'beforeDatabaseUrlMatchesExpected\\t%s\\n' \"$before_url_matches_expected\"", + "printf 'beforeConsumerDeploymentsReady\\t%s\\n' \"$consumer_ready_before\"", + "printf 'beforeConsumerDeploymentsNotReady\\t%s\\n' \"$consumer_not_ready_before\"", "printf 'afterExists\\t%s\\n' \"$after_exists\"", "printf 'afterDatabaseUrlPresent\\t%s\\n' \"$after_url_present\"", "printf 'afterDatabaseUrlBytes\\t%s\\n' \"$after_url_bytes\"",