fix: declare NC01 Monitor PostgreSQL consumer
This commit is contained in:
@@ -5,7 +5,8 @@ metadata:
|
||||
id: nc01-host-postgres
|
||||
description: NC01 host-native PostgreSQL 16 for local UniDesk/HWLAB/AgentRun runtime state
|
||||
owner: unidesk
|
||||
relatedIssues: []
|
||||
relatedIssues:
|
||||
- 1875
|
||||
|
||||
cluster:
|
||||
role: primary
|
||||
@@ -113,6 +114,11 @@ postgres:
|
||||
user: decision_center
|
||||
address: 10.42.0.0/16
|
||||
method: scram-sha-256
|
||||
- type: hostssl
|
||||
database: web_probe_monitor
|
||||
user: web_probe_monitor
|
||||
address: 10.42.0.0/16
|
||||
method: scram-sha-256
|
||||
|
||||
secrets:
|
||||
source: master-local
|
||||
@@ -146,6 +152,20 @@ secrets:
|
||||
DECISION_CENTER_NC01_DB_NAME: decision_center
|
||||
randomHex:
|
||||
DECISION_CENTER_NC01_DB_PASSWORD: 32
|
||||
- name: web-probe-monitor-nc01-db-credentials
|
||||
sourceRef: platform-db/web-probe-monitor-nc01-db.env
|
||||
type: env
|
||||
requiredKeys:
|
||||
- WEB_PROBE_MONITOR_NC01_DB_USER
|
||||
- WEB_PROBE_MONITOR_NC01_DB_PASSWORD
|
||||
- WEB_PROBE_MONITOR_NC01_DB_NAME
|
||||
createIfMissing:
|
||||
enabled: true
|
||||
values:
|
||||
WEB_PROBE_MONITOR_NC01_DB_USER: web_probe_monitor
|
||||
WEB_PROBE_MONITOR_NC01_DB_NAME: web_probe_monitor
|
||||
randomHex:
|
||||
WEB_PROBE_MONITOR_NC01_DB_PASSWORD: 32
|
||||
|
||||
objects:
|
||||
roles:
|
||||
@@ -167,6 +187,15 @@ objects:
|
||||
createdb: false
|
||||
createrole: false
|
||||
superuser: false
|
||||
- name: web_probe_monitor
|
||||
passwordRef:
|
||||
sourceRef: platform-db/web-probe-monitor-nc01-db.env
|
||||
key: WEB_PROBE_MONITOR_NC01_DB_PASSWORD
|
||||
login: true
|
||||
attributes:
|
||||
createdb: false
|
||||
createrole: false
|
||||
superuser: false
|
||||
databases:
|
||||
- name: agentrun_v02
|
||||
owner: agentrun_v02
|
||||
@@ -178,6 +207,11 @@ objects:
|
||||
encoding: UTF8
|
||||
locale: C.UTF-8
|
||||
extensions: []
|
||||
- name: web_probe_monitor
|
||||
owner: web_probe_monitor
|
||||
encoding: UTF8
|
||||
locale: C.UTF-8
|
||||
extensions: []
|
||||
|
||||
exports:
|
||||
connectionStrings:
|
||||
@@ -211,6 +245,21 @@ exports:
|
||||
- scope: decision-center
|
||||
secret: decision-center-runtime-secrets
|
||||
key: DATABASE_URL
|
||||
- name: web-probe-monitor-nc01-database-url
|
||||
sourceSecretRef: platform-db/web-probe-monitor-nc01-db.env
|
||||
render:
|
||||
envKey: DATABASE_URL
|
||||
format: postgresql://$(WEB_PROBE_MONITOR_NC01_DB_USER):$(WEB_PROBE_MONITOR_NC01_DB_PASSWORD)@$(PGHOST):5432/$(WEB_PROBE_MONITOR_NC01_DB_NAME)?sslmode=require
|
||||
variables:
|
||||
PGHOST: 10.42.0.1
|
||||
writeToSecretSource:
|
||||
sourceRef: hwlab/web-probe-monitor-db.env
|
||||
key: DATABASE_URL
|
||||
mode: update-or-insert
|
||||
consumers:
|
||||
- scope: hwlab-web-probe-monitor
|
||||
secret: hwlab-web-probe-monitor-db
|
||||
key: DATABASE_URL
|
||||
|
||||
backup:
|
||||
logicalDump:
|
||||
|
||||
@@ -0,0 +1,48 @@
|
||||
import { describe, expect, test } from "bun:test";
|
||||
import { rootPath } from "./config";
|
||||
import { readYamlRecord } from "./platform-infra-ops-library";
|
||||
|
||||
describe("NC01 Host PG Monitor declaration", () => {
|
||||
test("声明独立 Monitor role、database、SCRAM HBA 与 DATABASE_URL consumer", () => {
|
||||
const config = readYamlRecord<Record<string, any>>(rootPath("config/platform-db/postgres-nc01.yaml"), "postgres-host-cluster");
|
||||
const monitorRole = config.objects.roles.find((role: Record<string, unknown>) => role.name === "web_probe_monitor");
|
||||
const monitorDatabase = config.objects.databases.find((database: Record<string, unknown>) => database.name === "web_probe_monitor");
|
||||
const monitorHba = config.postgres.auth.pgHba.find((rule: Record<string, unknown>) => rule.database === "web_probe_monitor" && rule.user === "web_probe_monitor");
|
||||
const monitorExport = config.exports.connectionStrings.find((entry: Record<string, unknown>) => entry.name === "web-probe-monitor-nc01-database-url");
|
||||
|
||||
expect(config.metadata.relatedIssues).toContain(1875);
|
||||
expect(config.secrets.entries).toEqual(expect.arrayContaining([
|
||||
expect.objectContaining({
|
||||
sourceRef: "platform-db/web-probe-monitor-nc01-db.env",
|
||||
requiredKeys: [
|
||||
"WEB_PROBE_MONITOR_NC01_DB_USER",
|
||||
"WEB_PROBE_MONITOR_NC01_DB_PASSWORD",
|
||||
"WEB_PROBE_MONITOR_NC01_DB_NAME",
|
||||
],
|
||||
}),
|
||||
]));
|
||||
expect(monitorRole).toMatchObject({
|
||||
passwordRef: { sourceRef: "platform-db/web-probe-monitor-nc01-db.env", key: "WEB_PROBE_MONITOR_NC01_DB_PASSWORD" },
|
||||
login: true,
|
||||
attributes: { createdb: false, createrole: false, superuser: false },
|
||||
});
|
||||
expect(monitorDatabase).toMatchObject({ owner: "web_probe_monitor", encoding: "UTF8", locale: "C.UTF-8" });
|
||||
expect(monitorHba).toEqual({ type: "hostssl", database: "web_probe_monitor", user: "web_probe_monitor", address: "10.42.0.0/16", method: "scram-sha-256" });
|
||||
expect(monitorExport).toMatchObject({
|
||||
sourceSecretRef: "platform-db/web-probe-monitor-nc01-db.env",
|
||||
render: { envKey: "DATABASE_URL", variables: { PGHOST: "10.42.0.1" } },
|
||||
writeToSecretSource: { sourceRef: "hwlab/web-probe-monitor-db.env", key: "DATABASE_URL", mode: "update-or-insert" },
|
||||
consumers: [{ scope: "hwlab-web-probe-monitor", secret: "hwlab-web-probe-monitor-db", key: "DATABASE_URL" }],
|
||||
});
|
||||
expect(monitorExport.render.format).not.toContain("web_probe_monitor:");
|
||||
});
|
||||
|
||||
test("既有应用 role 保持原有独立 sourceRef", () => {
|
||||
const config = readYamlRecord<Record<string, any>>(rootPath("config/platform-db/postgres-nc01.yaml"), "postgres-host-cluster");
|
||||
const sourceRefs = new Map(config.objects.roles.map((role: Record<string, any>) => [role.name, role.passwordRef.sourceRef]));
|
||||
|
||||
expect(sourceRefs.get("agentrun_v02")).toBe("platform-db/agentrun-nc01-v02-db.env");
|
||||
expect(sourceRefs.get("decision_center")).toBe("decision-center/nc01-db.env");
|
||||
expect(sourceRefs.get("web_probe_monitor")).toBe("platform-db/web-probe-monitor-nc01-db.env");
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user