From ada0a421000f5e867e4ee161490eab0363bbb116 Mon Sep 17 00:00:00 2001
From: kobzonega <122476665+kobzonega@users.noreply.github.com>
Date: Wed, 28 Aug 2024 21:19:56 +0800
Subject: [PATCH] fix encryption config ID backward compatibility (#244)

* fix encryption config ID backward compatibility

* revert database encryption key secret path
---
 api/v1alpha1/const.go                           | 4 ++--
 deploy/ydb-operator/Chart.yaml                  | 4 ++--
 internal/controllers/storage/controller_test.go | 2 +-
 internal/resources/database.go                  | 4 ++--
 internal/resources/databasenodeset.go           | 2 +-
 internal/resources/resource.go                  | 4 ++--
 internal/resources/storage.go                   | 2 +-
 internal/resources/storage_init_job.go          | 2 +-
 internal/resources/storagenodeset.go            | 2 +-
 9 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/api/v1alpha1/const.go b/api/v1alpha1/const.go
index c66d193a..293647e7 100644
--- a/api/v1alpha1/const.go
+++ b/api/v1alpha1/const.go
@@ -30,8 +30,8 @@ const (
 	ConfigDir      = "/opt/ydb/cfg"
 	ConfigFileName = "config.yaml"
 
-	DatabaseEncryptionKeySecretDir  = "encryption"
-	DatabaseEncryptionKeySecretFile = "key.pem"
+	DatabaseEncryptionKeySecretDir  = "database_encryption"
+	DatabaseEncryptionKeySecretFile = "key"
 	DatabaseEncryptionKeyConfigFile = "key.txt"
 
 	BinariesDir      = "/opt/ydb/bin"
diff --git a/deploy/ydb-operator/Chart.yaml b/deploy/ydb-operator/Chart.yaml
index 93f27ec1..03fa4f92 100644
--- a/deploy/ydb-operator/Chart.yaml
+++ b/deploy/ydb-operator/Chart.yaml
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.24
+version: 0.5.25
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.5.24"
+appVersion: "0.5.25"
diff --git a/internal/controllers/storage/controller_test.go b/internal/controllers/storage/controller_test.go
index 92e74ff3..fb364be3 100644
--- a/internal/controllers/storage/controller_test.go
+++ b/internal/controllers/storage/controller_test.go
@@ -123,7 +123,7 @@ var _ = Describe("Storage controller medium tests", func() {
 			}, &foundStorage)).Should(Succeed())
 
 			foundConfigurationChecksumAnnotation := false
-			if podAnnotations[annotations.ConfigurationChecksum] == resources.GetConfigurationChecksum(foundStorage.Spec.Configuration) {
+			if podAnnotations[annotations.ConfigurationChecksum] == resources.SHAChecksum(foundStorage.Spec.Configuration) {
 				foundConfigurationChecksumAnnotation = true
 			}
 			Expect(foundConfigurationChecksumAnnotation).To(BeTrue())
diff --git a/internal/resources/database.go b/internal/resources/database.go
index c439c0cf..2328207c 100644
--- a/internal/resources/database.go
+++ b/internal/resources/database.go
@@ -43,7 +43,7 @@ func (b *DatabaseBuilder) GetResourceBuilders(restConfig *rest.Config) []Resourc
 	statefulSetLabels.Merge(map[string]string{labels.StatefulsetComponent: b.Name})
 
 	statefulSetAnnotations := CopyDict(b.Spec.AdditionalAnnotations)
-	statefulSetAnnotations[annotations.ConfigurationChecksum] = GetConfigurationChecksum(b.Spec.Configuration)
+	statefulSetAnnotations[annotations.ConfigurationChecksum] = SHAChecksum(b.Spec.Configuration)
 
 	grpcServiceLabels := databaseLabels.Copy()
 	grpcServiceLabels.Merge(b.Spec.Service.GRPC.AdditionalLabels)
@@ -123,7 +123,7 @@ func (b *DatabaseBuilder) GetResourceBuilders(restConfig *rest.Config) []Resourc
 						api.DatabaseEncryptionKeySecretDir,
 						api.DatabaseEncryptionKeySecretFile,
 					),
-					ID:      b.Name,
+					ID:      SHAChecksum(b.Spec.StorageClusterRef.Name),
 					Pin:     b.Spec.Encryption.Pin,
 					Version: 1,
 				},
diff --git a/internal/resources/databasenodeset.go b/internal/resources/databasenodeset.go
index 5050fbc2..b3e1d041 100644
--- a/internal/resources/databasenodeset.go
+++ b/internal/resources/databasenodeset.go
@@ -69,7 +69,7 @@ func (b *DatabaseNodeSetResource) GetResourceBuilders(restConfig *rest.Config) [
 	}
 
 	statefulSetAnnotations := CopyDict(b.Spec.AdditionalAnnotations)
-	statefulSetAnnotations[annotations.ConfigurationChecksum] = GetConfigurationChecksum(b.Spec.Configuration)
+	statefulSetAnnotations[annotations.ConfigurationChecksum] = SHAChecksum(b.Spec.Configuration)
 
 	var resourceBuilders []ResourceBuilder
 	resourceBuilders = append(resourceBuilders,
diff --git a/internal/resources/resource.go b/internal/resources/resource.go
index c16ecc60..c48965cf 100644
--- a/internal/resources/resource.go
+++ b/internal/resources/resource.go
@@ -564,9 +564,9 @@ func buildCAStorePatchingCommandArgs(
 	return command, args
 }
 
-func GetConfigurationChecksum(configuration string) string {
+func SHAChecksum(text string) string {
 	hasher := sha256.New()
-	hasher.Write([]byte(configuration))
+	hasher.Write([]byte(text))
 	return hex.EncodeToString(hasher.Sum(nil))
 }
 
diff --git a/internal/resources/storage.go b/internal/resources/storage.go
index 38169a60..83f83661 100644
--- a/internal/resources/storage.go
+++ b/internal/resources/storage.go
@@ -36,7 +36,7 @@ func (b *StorageClusterBuilder) GetResourceBuilders(restConfig *rest.Config) []R
 	statefulSetLabels.Merge(map[string]string{labels.StatefulsetComponent: b.Name})
 
 	statefulSetAnnotations := CopyDict(b.Spec.AdditionalAnnotations)
-	statefulSetAnnotations[annotations.ConfigurationChecksum] = GetConfigurationChecksum(b.Spec.Configuration)
+	statefulSetAnnotations[annotations.ConfigurationChecksum] = SHAChecksum(b.Spec.Configuration)
 
 	grpcServiceLabels := storageLabels.Copy()
 	grpcServiceLabels.Merge(b.Spec.Service.GRPC.AdditionalLabels)
diff --git a/internal/resources/storage_init_job.go b/internal/resources/storage_init_job.go
index 0507623e..f5399c20 100644
--- a/internal/resources/storage_init_job.go
+++ b/internal/resources/storage_init_job.go
@@ -70,7 +70,7 @@ func GetInitJobBuilder(storage *api.Storage) ResourceBuilder {
 		}
 		if storage.Spec.InitJob.AdditionalAnnotations != nil {
 			jobAnnotations = CopyDict(storage.Spec.InitJob.AdditionalAnnotations)
-			jobAnnotations[annotations.ConfigurationChecksum] = GetConfigurationChecksum(storage.Spec.Configuration)
+			jobAnnotations[annotations.ConfigurationChecksum] = SHAChecksum(storage.Spec.Configuration)
 		}
 	}
 
diff --git a/internal/resources/storagenodeset.go b/internal/resources/storagenodeset.go
index efbc446c..7f69425f 100644
--- a/internal/resources/storagenodeset.go
+++ b/internal/resources/storagenodeset.go
@@ -69,7 +69,7 @@ func (b *StorageNodeSetResource) GetResourceBuilders(restConfig *rest.Config) []
 	}
 
 	statefulSetAnnotations := CopyDict(b.Spec.AdditionalAnnotations)
-	statefulSetAnnotations[annotations.ConfigurationChecksum] = GetConfigurationChecksum(b.Spec.Configuration)
+	statefulSetAnnotations[annotations.ConfigurationChecksum] = SHAChecksum(b.Spec.Configuration)
 
 	var resourceBuilders []ResourceBuilder
 	resourceBuilders = append(