adds ability to configure database details for registry server (#2800)

* adds ability to configure database details for registry server

Signed-off-by: Chris Burns <[email protected]>

* bunmps crds chart

Signed-off-by: Chris Burns <[email protected]>

---------

Signed-off-by: Chris Burns <[email protected]>

Author: ChrisJBurns

cmd/thv-operator/api/v1alpha1/mcpregistry_types.go

@@ -54,6 +54,20 @@ type MCPRegistrySpec struct {
 	// +kubebuilder:pruning:PreserveUnknownFields
 	// +kubebuilder:validation:Type=object
 	PodTemplateSpec *runtime.RawExtension `json:"podTemplateSpec,omitempty"`
+
+	// DatabaseConfig defines the PostgreSQL database configuration for the registry API server.
+	// If not specified, defaults will be used:
+	//   - Host: "postgres"
+	//   - Port: 5432
+	//   - User: "db_app"
+	//   - MigrationUser: "db_migrator"
+	//   - Database: "registry"
+	//   - SSLMode: "prefer"
+	//   - MaxOpenConns: 10
+	//   - MaxIdleConns: 2
+	//   - ConnMaxLifetime: "30m"
+	// +optional
+	DatabaseConfig *MCPRegistryDatabaseConfig `json:"databaseConfig,omitempty"`
 }
 
 // MCPRegistryConfig defines the configuration for a registry data source
@@ -187,6 +201,66 @@ type TagFilter struct {
 	Exclude []string `json:"exclude,omitempty"`
 }
 
+// MCPRegistryDatabaseConfig defines PostgreSQL database configuration for the registry API server.
+// Uses a two-user security model: separate users for operations and migrations.
+type MCPRegistryDatabaseConfig struct {
+	// Host is the database server hostname
+	// +kubebuilder:default="postgres"
+	// +optional
+	Host string `json:"host,omitempty"`
+
+	// Port is the database server port
+	// +kubebuilder:default=5432
+	// +kubebuilder:validation:Minimum=1
+	// +kubebuilder:validation:Maximum=65535
+	// +optional
+	Port int `json:"port,omitempty"`
+
+	// User is the application user (limited privileges: SELECT, INSERT, UPDATE, DELETE)
+	// Credentials should be provided via pgpass file or environment variables
+	// +kubebuilder:default="db_app"
+	// +optional
+	User string `json:"user,omitempty"`
+
+	// MigrationUser is the migration user (elevated privileges: CREATE, ALTER, DROP)
+	// Used for running database schema migrations
+	// Credentials should be provided via pgpass file or environment variables
+	// +kubebuilder:default="db_migrator"
+	// +optional
+	MigrationUser string `json:"migrationUser,omitempty"`
+
+	// Database is the database name
+	// +kubebuilder:default="registry"
+	// +optional
+	Database string `json:"database,omitempty"`
+
+	// SSLMode is the SSL mode for the connection
+	// Valid values: disable, allow, prefer, require, verify-ca, verify-full
+	// +kubebuilder:validation:Enum=disable;allow;prefer;require;verify-ca;verify-full
+	// +kubebuilder:default="prefer"
+	// +optional
+	SSLMode string `json:"sslMode,omitempty"`
+
+	// MaxOpenConns is the maximum number of open connections to the database
+	// +kubebuilder:default=10
+	// +kubebuilder:validation:Minimum=1
+	// +optional
+	MaxOpenConns int `json:"maxOpenConns,omitempty"`
+
+	// MaxIdleConns is the maximum number of idle connections in the pool
+	// +kubebuilder:default=2
+	// +kubebuilder:validation:Minimum=0
+	// +optional
+	MaxIdleConns int `json:"maxIdleConns,omitempty"`
+
+	// ConnMaxLifetime is the maximum amount of time a connection may be reused (Go duration format)
+	// Examples: "30m", "1h", "24h"
+	// +kubebuilder:validation:Pattern=^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
+	// +kubebuilder:default="30m"
+	// +optional
+	ConnMaxLifetime string `json:"connMaxLifetime,omitempty"`
+}
+
 // MCPRegistryStatus defines the observed state of MCPRegistry
 type MCPRegistryStatus struct {
 	// Phase represents the current overall phase of the MCPRegistry

cmd/thv-operator/api/v1alpha1/zz_generated.deepcopy.go

@@ -103,6 +103,41 @@ type Config struct {
 	// Defaults to "default" if not specified
 	RegistryName string           `yaml:"registryName,omitempty"`
 	Registries   []RegistryConfig `yaml:"registries"`
+	Database     *DatabaseConfig  `yaml:"database,omitempty"`
+}
+
+// DatabaseConfig defines PostgreSQL database configuration
+// Uses two-user security model: separate users for operations and migrations
+type DatabaseConfig struct {
+	// Host is the database server hostname
+	Host string `yaml:"host"`
+
+	// Port is the database server port
+	Port int `yaml:"port"`
+
+	// User is the application user (limited privileges: SELECT, INSERT, UPDATE, DELETE)
+	// Credentials provided via pgpass file
+	User string `yaml:"user"`
+
+	// MigrationUser is the migration user (elevated privileges: CREATE, ALTER, DROP)
+	// Used for running database schema migrations
+	// Credentials provided via pgpass file
+	MigrationUser string `yaml:"migrationUser"`
+
+	// Database is the database name
+	Database string `yaml:"database"`
+
+	// SSLMode is the SSL mode for the connection
+	SSLMode string `yaml:"sslMode"`
+
+	// MaxOpenConns is the maximum number of open connections to the database
+	MaxOpenConns int `yaml:"maxOpenConns"`
+
+	// MaxIdleConns is the maximum number of idle connections in the pool
+	MaxIdleConns int `yaml:"maxIdleConns"`
+
+	// ConnMaxLifetime is the maximum amount of time a connection may be reused
+	ConnMaxLifetime string `yaml:"connMaxLifetime"`
 }
 
 // RegistryConfig defines the configuration for a registry data source
@@ -228,6 +263,9 @@ func (cm *configManager) BuildConfig() (*Config, error) {
 		config.Registries = append(config.Registries, *registryConfig)
 	}
 
+	// Build database configuration from CRD spec or use defaults
+	config.Database = buildDatabaseConfig(mcpRegistry.Spec.DatabaseConfig)
+
 	return &config, nil
 }
 
@@ -371,3 +409,56 @@ func buildAPISourceConfig(api *mcpv1alpha1.APISource) (*APIConfig, error) {
 		Endpoint: api.Endpoint,
 	}, nil
 }
+
+// buildDatabaseConfig creates a DatabaseConfig from the CRD spec.
+// If the spec is nil or fields are empty, sensible defaults are used.
+func buildDatabaseConfig(dbConfig *mcpv1alpha1.MCPRegistryDatabaseConfig) *DatabaseConfig {
+	// Default values
+	config := &DatabaseConfig{
+		Host:            "postgres",
+		Port:            5432,
+		User:            "db_app",
+		MigrationUser:   "db_migrator",
+		Database:        "registry",
+		SSLMode:         "prefer",
+		MaxOpenConns:    10,
+		MaxIdleConns:    2,
+		ConnMaxLifetime: "30m",
+	}
+
+	// If no database config specified, return defaults
+	if dbConfig == nil {
+		return config
+	}
+
+	// Override defaults with values from CRD spec if provided
+	if dbConfig.Host != "" {
+		config.Host = dbConfig.Host
+	}
+	if dbConfig.Port != 0 {
+		config.Port = dbConfig.Port
+	}
+	if dbConfig.User != "" {
+		config.User = dbConfig.User
+	}
+	if dbConfig.MigrationUser != "" {
+		config.MigrationUser = dbConfig.MigrationUser
+	}
+	if dbConfig.Database != "" {
+		config.Database = dbConfig.Database
+	}
+	if dbConfig.SSLMode != "" {
+		config.SSLMode = dbConfig.SSLMode
+	}
+	if dbConfig.MaxOpenConns != 0 {
+		config.MaxOpenConns = dbConfig.MaxOpenConns
+	}
+	if dbConfig.MaxIdleConns != 0 {
+		config.MaxIdleConns = dbConfig.MaxIdleConns
+	}
+	if dbConfig.ConnMaxLifetime != "" {
+		config.ConnMaxLifetime = dbConfig.ConnMaxLifetime
+	}
+
+	return config
+}

cmd/thv-operator/pkg/registryapi/config/config.go

@@ -1000,3 +1000,149 @@ func TestBuildConfig_MultipleRegistries(t *testing.T) {
 	require.NotNil(t, config.Registries[1].Filter.Names)
 	assert.Equal(t, []string{"server-*"}, config.Registries[1].Filter.Names.Include)
 }
+
+func TestBuildConfig_DatabaseConfig(t *testing.T) {
+	t.Parallel()
+
+	t.Run("default database config when nil", func(t *testing.T) {
+		t.Parallel()
+		mcpRegistry := &mcpv1alpha1.MCPRegistry{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "test-registry",
+			},
+			Spec: mcpv1alpha1.MCPRegistrySpec{
+				Registries: []mcpv1alpha1.MCPRegistryConfig{
+					{
+						Name:   "default",
+						Format: mcpv1alpha1.RegistryFormatToolHive,
+						ConfigMapRef: &corev1.ConfigMapKeySelector{
+							LocalObjectReference: corev1.LocalObjectReference{
+								Name: "test-configmap",
+							},
+							Key: "registry.json",
+						},
+					},
+				},
+				// DatabaseConfig not specified, should use defaults
+			},
+		}
+
+		manager := NewConfigManagerForTesting(mcpRegistry)
+		config, err := manager.BuildConfig()
+
+		require.NoError(t, err)
+		require.NotNil(t, config)
+		require.NotNil(t, config.Database)
+
+		// Verify default values
+		assert.Equal(t, "postgres", config.Database.Host)
+		assert.Equal(t, 5432, config.Database.Port)
+		assert.Equal(t, "db_app", config.Database.User)
+		assert.Equal(t, "db_migrator", config.Database.MigrationUser)
+		assert.Equal(t, "registry", config.Database.Database)
+		assert.Equal(t, "prefer", config.Database.SSLMode)
+		assert.Equal(t, 10, config.Database.MaxOpenConns)
+		assert.Equal(t, 2, config.Database.MaxIdleConns)
+		assert.Equal(t, "30m", config.Database.ConnMaxLifetime)
+	})
+
+	t.Run("custom database config", func(t *testing.T) {
+		t.Parallel()
+		mcpRegistry := &mcpv1alpha1.MCPRegistry{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "test-registry",
+			},
+			Spec: mcpv1alpha1.MCPRegistrySpec{
+				Registries: []mcpv1alpha1.MCPRegistryConfig{
+					{
+						Name:   "default",
+						Format: mcpv1alpha1.RegistryFormatToolHive,
+						ConfigMapRef: &corev1.ConfigMapKeySelector{
+							LocalObjectReference: corev1.LocalObjectReference{
+								Name: "test-configmap",
+							},
+							Key: "registry.json",
+						},
+					},
+				},
+				DatabaseConfig: &mcpv1alpha1.MCPRegistryDatabaseConfig{
+					Host:            "custom-postgres.example.com",
+					Port:            15432,
+					User:            "custom_app_user",
+					MigrationUser:   "custom_migrator",
+					Database:        "custom_registry_db",
+					SSLMode:         "require",
+					MaxOpenConns:    25,
+					MaxIdleConns:    5,
+					ConnMaxLifetime: "1h",
+				},
+			},
+		}
+
+		manager := NewConfigManagerForTesting(mcpRegistry)
+		config, err := manager.BuildConfig()
+
+		require.NoError(t, err)
+		require.NotNil(t, config)
+		require.NotNil(t, config.Database)
+
+		// Verify custom values
+		assert.Equal(t, "custom-postgres.example.com", config.Database.Host)
+		assert.Equal(t, 15432, config.Database.Port)
+		assert.Equal(t, "custom_app_user", config.Database.User)
+		assert.Equal(t, "custom_migrator", config.Database.MigrationUser)
+		assert.Equal(t, "custom_registry_db", config.Database.Database)
+		assert.Equal(t, "require", config.Database.SSLMode)
+		assert.Equal(t, 25, config.Database.MaxOpenConns)
+		assert.Equal(t, 5, config.Database.MaxIdleConns)
+		assert.Equal(t, "1h", config.Database.ConnMaxLifetime)
+	})
+
+	t.Run("partial database config uses defaults for missing fields", func(t *testing.T) {
+		t.Parallel()
+		mcpRegistry := &mcpv1alpha1.MCPRegistry{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "test-registry",
+			},
+			Spec: mcpv1alpha1.MCPRegistrySpec{
+				Registries: []mcpv1alpha1.MCPRegistryConfig{
+					{
+						Name:   "default",
+						Format: mcpv1alpha1.RegistryFormatToolHive,
+						ConfigMapRef: &corev1.ConfigMapKeySelector{
+							LocalObjectReference: corev1.LocalObjectReference{
+								Name: "test-configmap",
+							},
+							Key: "registry.json",
+						},
+					},
+				},
+				DatabaseConfig: &mcpv1alpha1.MCPRegistryDatabaseConfig{
+					Host:     "custom-host",
+					Database: "custom-db",
+					// Other fields omitted, should use defaults
+				},
+			},
+		}
+
+		manager := NewConfigManagerForTesting(mcpRegistry)
+		config, err := manager.BuildConfig()
+
+		require.NoError(t, err)
+		require.NotNil(t, config)
+		require.NotNil(t, config.Database)
+
+		// Verify custom values are used
+		assert.Equal(t, "custom-host", config.Database.Host)
+		assert.Equal(t, "custom-db", config.Database.Database)
+
+		// Verify defaults are used for omitted fields
+		assert.Equal(t, 5432, config.Database.Port)
+		assert.Equal(t, "db_app", config.Database.User)
+		assert.Equal(t, "db_migrator", config.Database.MigrationUser)
+		assert.Equal(t, "prefer", config.Database.SSLMode)
+		assert.Equal(t, 10, config.Database.MaxOpenConns)
+		assert.Equal(t, 2, config.Database.MaxIdleConns)
+		assert.Equal(t, "30m", config.Database.ConnMaxLifetime)
+	})
+}

cmd/thv-operator/pkg/registryapi/config/config_test.go

@@ -2,5 +2,5 @@ apiVersion: v2
 name: toolhive-operator-crds
 description: A Helm chart for installing the ToolHive Operator CRDs into Kubernetes.
 type: application
-version: 0.0.70
+version: 0.0.71
 appVersion: "0.0.1"

deploy/charts/operator-crds/Chart.yaml

@@ -1,6 +1,6 @@
 # ToolHive Operator CRDs Helm Chart
 
-![Version: 0.0.70](https://img.shields.io/badge/Version-0.0.70-informational?style=flat-square)
+![Version: 0.0.71](https://img.shields.io/badge/Version-0.0.71-informational?style=flat-square)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A Helm chart for installing the ToolHive Operator CRDs into Kubernetes.