(feature): allow storeprocedure run in publicapi mtar deployment (#3637)

* Refactor configureDb function to accept a pointer to the database config map in metricsforwarder config

* Refactor database configuration in autoscaler API and metrics forwarder

 • Centralize database configuration logic into db.ConfigureDb and db.ConfigureStoredProcedureDb
 • Remove individual configurePolicyDb and configureBindingDb functions
 • Move DatabaseConfig struct to a new models.go file in the db package
 • Update calls to database configuration in both API and metrics forwarder to use the new centralized functions

* Refactor database configuration in autoscaler API and metrics forwarder

 • Change db.ConfigureDb calls to vcapReader.ConfigureDb for PolicyDb and BindingDb.
 • Introduce vcapReader.ConfigureStoredProcedureDb for handling stored procedure database configuration.
 • Remove ConfigureStoredProcedureDb and ConfigureDb from db/helper.go.
 • Update tests to reflect changes in database configuration methods.

* Remove debug print statements and enable ConfigureStoredProcedureDb test in autoscaler config utils

* Add time import and DatabaseConfig struct to db.go; remove models.go

 - Import the "time" package in db.go for time.Duration usage.
 - Introduce DatabaseConfig struct in db.go with connection parameters.
 - Delete models.go, moving DatabaseConfig to db.go.

* Add stored procedure support to autoscaler API config

 • Implement configuration loading for stored procedure database in config.go
 • Enable tests for stored procedure database when cred_helper_impl is set to default in config_test.go

* Potential fix for code scanning alert no. 431: Potentially unsafe quoting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Fix lints

* Increase instances for publicapiserver and metricsforwarder, add eventgenerator module with configuration and routes, and set default instances to 0 for new modules in autoscaler app.

* correct public api server properties

* debug: register broker

* reduce code duplication

* Makes metricsforwarde and api config dry for databases

* Deploy only one public api

* Fix sonarqube issues

* Add list-apps target to Makefile and create list_apps.sh script for listing apps with org and space names

* Remove missing repetitive definition

* Fix code duplication warning

* Add nosec comment to suppress false positive in configutil test dbUri

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Arsalan Khan <[email protected]>

Author: 3 people

Makefile

@@ -476,6 +476,10 @@ start-scheduler:
 	make --directory='./src/scheduler' start DBURL="${DBURL}"
 
 
+list-apps:
+	echo " - listing apps"
+	DEBUG="${DEBUG}" ${CI_DIR}/../scripts/list_apps.sh
+
 deploy-apps:
 	echo " - deploying apps"
 	DEBUG="${DEBUG}" ${CI_DIR}/autoscaler/scripts/deploy-apps.sh

ci/autoscaler/scripts/register-broker.sh

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 set -euo pipefail
+
 script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 source "${script_dir}/vars.source.sh"
 

scripts/list_apps.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+echo "Fetching all apps with org and space names..."
+
+NEXT_URL="/v3/apps"
+
+while [ "$NEXT_URL" != "null" ]; do
+  RESPONSE=$(cf curl "$NEXT_URL")
+
+  echo "$RESPONSE" | jq -c '.resources[]' | while read -r app; do
+    APP_NAME=$(echo "$app" | jq -r '.name')
+    SPACE_GUID=$(echo "$app" | jq -r '.relationships.space.data.guid')
+
+    # Get space details
+    SPACE_INFO=$(cf curl "/v3/spaces/$SPACE_GUID")
+    SPACE_NAME=$(echo "$SPACE_INFO" | jq -r '.name')
+    ORG_GUID=$(echo "$SPACE_INFO" | jq -r '.relationships.organization.data.guid')
+
+    # Get org details
+    ORG_NAME=$(cf curl "/v3/organizations/$ORG_GUID" | jq -r '.name')
+
+    echo "$ORG_NAME / $SPACE_NAME / $APP_NAME"
+  done
+
+  NEXT_URL=$(echo "$RESPONSE" | jq -r '.pagination.next.href')
+done
+

src/autoscaler/api/config/config.go

@@ -36,7 +36,6 @@ const (
 )
 
 var (
-	ErrReadYaml                      = errors.New("failed to read config file")
 	ErrPublicApiServerConfigNotFound = errors.New("publicapiserver config service not found")
 )
 
@@ -140,6 +139,7 @@ func defaultConfig() Config {
 				SkipSSLValidation: false,
 			},
 		},
+		Db: make(map[string]db.DatabaseConfig),
 		RateLimit: models.RateLimitConfig{
 			MaxAmount:     DefaultMaxAmount,
 			ValidDuration: DefaultValidDuration,
@@ -164,24 +164,6 @@ func defaultConfig() Config {
 		},
 	}
 }
-func loadYamlFile(filepath string, conf *Config) error {
-	if filepath == "" {
-		return nil
-	}
-	file, err := os.Open(filepath)
-	if err != nil {
-		fmt.Fprintf(os.Stdout, "failed to open config file '%s': %s\n", filepath, err)
-		return ErrReadYaml
-	}
-	defer file.Close()
-
-	dec := yaml.NewDecoder(file)
-	dec.KnownFields(true)
-	if err := dec.Decode(conf); err != nil {
-		return fmt.Errorf("%w: %v", ErrReadYaml, err)
-	}
-	return nil
-}
 func loadPublicApiServerConfig(conf *Config, vcapReader configutil.VCAPConfigurationReader) error {
 	data, err := vcapReader.GetServiceCredentialContent("publicapiserver-config", "publicapiserver-config")
 	if err != nil {
@@ -203,15 +185,7 @@ func loadVcapConfig(conf *Config, vcapReader configutil.VCAPConfigurationReader)
 		return err
 	}
 
-	if conf.Db == nil {
-		conf.Db = make(map[string]db.DatabaseConfig)
-	}
-
-	if err := configurePolicyDb(conf, vcapReader); err != nil {
-		return err
-	}
-
-	if err := configureBindingDb(conf, vcapReader); err != nil {
+	if err := vcapReader.ConfigureDatabases(&conf.Db, conf.StoredProcedureConfig, conf.CredHelperImpl); err != nil {
 		return err
 	}
 
@@ -260,41 +234,10 @@ func configureScheduler(conf *Config) {
 	conf.Scheduler.TLSClientCerts.KeyFile = os.Getenv("CF_INSTANCE_KEY")
 }
 
-func configurePolicyDb(conf *Config, vcapReader configutil.VCAPConfigurationReader) error {
-	currentPolicyDb, ok := conf.Db[db.PolicyDb]
-	if !ok {
-		conf.Db[db.PolicyDb] = db.DatabaseConfig{}
-	}
-
-	dbURL, err := vcapReader.MaterializeDBFromService(db.PolicyDb)
-	currentPolicyDb.URL = dbURL
-	if err != nil {
-		return err
-	}
-	conf.Db[db.PolicyDb] = currentPolicyDb
-	return nil
-}
-
-func configureBindingDb(conf *Config, vcapReader configutil.VCAPConfigurationReader) error {
-	currentBindingDb, ok := conf.Db[db.BindingDb]
-	if !ok {
-		conf.Db[db.BindingDb] = db.DatabaseConfig{}
-	}
-
-	dbURL, err := vcapReader.MaterializeDBFromService(db.BindingDb)
-	currentBindingDb.URL = dbURL
-	if err != nil {
-		return err
-	}
-	conf.Db[db.BindingDb] = currentBindingDb
-
-	return nil
-}
-
 func LoadConfig(filepath string, vcapReader configutil.VCAPConfigurationReader) (*Config, error) {
 	conf := defaultConfig()
 
-	if err := loadYamlFile(filepath, &conf); err != nil {
+	if err := helpers.LoadYamlFile(filepath, &conf); err != nil {
 		return nil, err
 	}
 

src/autoscaler/api/config/config_test.go

@@ -113,6 +113,12 @@ var _ = Describe("Config", func() {
 
 			})
 
+			When("handling available databases", func() {
+				It("calls vcapReader ConfigureDatabases with the right arguments", func() {
+					testhelpers.ExpectConfigureDatabasesCalledOnce(err, mockVCAPConfigurationReader, conf.CredHelperImpl)
+				})
+			})
+
 			When("service is empty", func() {
 				var expectedErr error
 				BeforeEach(func() {
@@ -125,34 +131,6 @@ var _ = Describe("Config", func() {
 				})
 			})
 
-			When("VCAP_SERVICES has relational db service bind to app for policy db", func() {
-				BeforeEach(func() {
-					mockVCAPConfigurationReader.GetServiceCredentialContentReturns([]byte(`{ "cred_helper_impl": "default" }`), nil)                                                                           // #nosec G101
-					expectedDbUrl = "postgres://foo:[email protected]:5432/policy_db?sslcert=%2Ftmp%2Fclient_cert.sslcert&sslkey=%2Ftmp%2Fclient_key.sslkey&sslrootcert=%2Ftmp%2Fserver_ca.sslrootcert" // #nosec G101
-				})
-
-				It("loads the db config from VCAP_SERVICES successfully", func() {
-					Expect(err).NotTo(HaveOccurred())
-					Expect(conf.Db[db.PolicyDb].URL).To(Equal(expectedDbUrl))
-					actualDbName := mockVCAPConfigurationReader.MaterializeDBFromServiceArgsForCall(0)
-					Expect(actualDbName).To(Equal(db.PolicyDb))
-				})
-			})
-
-			When("VCAP_SERVICES has relational db service bind to app for binding db", func() {
-				BeforeEach(func() {
-					mockVCAPConfigurationReader.GetServiceCredentialContentReturns([]byte(`{ "cred_helper_impl": "default" }`), nil)                                                                            // #nosec G101
-					expectedDbUrl = "postgres://foo:[email protected]:5432/binding_db?sslcert=%2Ftmp%2Fclient_cert.sslcert&sslkey=%2Ftmp%2Fclient_key.sslkey&sslrootcert=%2Ftmp%2Fserver_ca.sslrootcert" // #nosec G101
-				})
-
-				It("loads the db config from VCAP_SERVICES successfully", func() {
-					Expect(err).NotTo(HaveOccurred())
-					Expect(conf.Db[db.BindingDb].URL).To(Equal(expectedDbUrl))
-					actualDbName := mockVCAPConfigurationReader.MaterializeDBFromServiceArgsForCall(1)
-					Expect(actualDbName).To(Equal(db.BindingDb))
-				})
-			})
-
 			When("VCAP_SERVICES has catalog", func() {
 				var expectedCatalogContent string
 

src/autoscaler/build-extension-file.sh

@@ -87,6 +87,7 @@ modules:
     - name: database
     - name: syslog-client
     parameters:
+      instances: 2
       routes:
       - route: ${METRICSFORWARDER_HOST}.\${default-domain}
       - route: ${METRICSFORWARDER_MTLS_HOST}.\${default-domain}
@@ -128,7 +129,6 @@ resources:
             broker_password: $SERVICE_BROKER_PASSWORD
           - broker_username: 'autoscaler-broker-user-blue'
             broker_password: $SERVICE_BROKER_PASSWORD_BLUE
-
 - name: database
   parameters:
     config:

src/autoscaler/configutil/cf.go

@@ -5,7 +5,9 @@ import (
 	"errors"
 	"fmt"
 	"net/url"
+	"strings"
 
+	"code.cloudfoundry.org/app-autoscaler/src/autoscaler/db"
 	"code.cloudfoundry.org/app-autoscaler/src/autoscaler/models"
 	"github.com/cloud-gov/go-cfenv"
 )
@@ -21,6 +23,9 @@ type VCAPConfigurationReader interface {
 	GetServiceCredentialContent(serviceTag string, credentialKey string) ([]byte, error)
 	GetPort() int
 	IsRunningOnCF() bool
+
+	ConfigureStoredProcedureDb(dbName string, confDb *map[string]db.DatabaseConfig, storedProcedureConfig *models.StoredProcedureConfig) error
+	ConfigureDatabases(confDb *map[string]db.DatabaseConfig, storedProcedureConfig *models.StoredProcedureConfig, credHelperImpl string) error
 }
 
 type VCAPConfiguration struct {
@@ -34,6 +39,8 @@ func NewVCAPConfigurationReader() (result *VCAPConfiguration, err error) {
 	if cfenv.IsRunningOnCF() {
 		appEnv, err = cfenv.Current()
 		result.appEnv = appEnv
+	} else {
+		fmt.Println("VCAPConfigurationReader: Not running on CF")
 	}
 
 	return result, err
@@ -207,3 +214,62 @@ func (vc *VCAPConfiguration) addConnectionParam(service *cfenv.Service, dbName,
 	}
 	return nil
 }
+
+func (vc *VCAPConfiguration) ConfigureStoredProcedureDb(dbName string, confDb *map[string]db.DatabaseConfig, storedProcedureConfig *models.StoredProcedureConfig) error {
+	if err := vc.configureDb(dbName, confDb); err != nil {
+		return err
+	}
+
+	currentStoredProcedureDb := (*confDb)[dbName]
+	parsedUrl, err := url.Parse(currentStoredProcedureDb.URL)
+	if err != nil {
+		return err
+	}
+
+	if storedProcedureConfig != nil {
+		if storedProcedureConfig.Username != "" {
+			currentStoredProcedureDb.URL = strings.Replace(currentStoredProcedureDb.URL, parsedUrl.User.Username(), storedProcedureConfig.Username, 1)
+		}
+		if storedProcedureConfig.Password != "" {
+			bindingPassword, _ := parsedUrl.User.Password()
+			currentStoredProcedureDb.URL = strings.Replace(currentStoredProcedureDb.URL, bindingPassword, storedProcedureConfig.Password, 1)
+		}
+	}
+	(*confDb)[dbName] = currentStoredProcedureDb
+
+	return nil
+}
+
+func (vc *VCAPConfiguration) configureDb(dbName string, confDb *map[string]db.DatabaseConfig) error {
+	currentDb, ok := (*confDb)[dbName]
+	if !ok {
+		(*confDb)[dbName] = db.DatabaseConfig{}
+	}
+
+	dbURL, err := vc.MaterializeDBFromService(dbName)
+	currentDb.URL = dbURL
+	if err != nil {
+		return err
+	}
+	(*confDb)[dbName] = currentDb
+
+	return nil
+}
+
+func (vc *VCAPConfiguration) ConfigureDatabases(confDb *map[string]db.DatabaseConfig, storedProcedureConfig *models.StoredProcedureConfig, credHelperImpl string) error {
+	if err := vc.configureDb(db.PolicyDb, confDb); err != nil {
+		return err
+	}
+
+	if err := vc.configureDb(db.BindingDb, confDb); err != nil {
+		return err
+	}
+
+	if credHelperImpl == "stored_procedure" {
+		if err := vc.ConfigureStoredProcedureDb(db.StoredProcedureDb, confDb, storedProcedureConfig); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}