Enabling multi cluster node

Author: mkottakota1

.github/workflows/ci.yaml

@@ -1,3 +1,4 @@
+
 name: Vertica CI
 
 on: [push, pull_request]
@@ -55,7 +56,6 @@ jobs:
           helm repo add vertica-charts https://vertica.github.io/charts
           helm repo add bitnami https://charts.bitnami.com/bitnami || true
           helm repo update
-
       # ---------------------------
       # MinIO Setup
       # ---------------------------
@@ -112,7 +112,6 @@ jobs:
           kubectl -n minio rollout status deployment/minio --timeout=2m
           kubectl get pods -n minio -o wide || true
           kubectl get svc -n minio || true
-
       - name: Ensure MinIO bucket exists
         run: |
           kubectl run mc-client --rm -i --restart=Never \
@@ -123,7 +122,6 @@ jobs:
               mc mb --ignore-existing localminio/vertica-fleeting && \
               mc ls localminio
             "
-
       - name: Create MinIO Secret
         run: |
           kubectl create ns my-verticadb-operator
@@ -133,7 +131,6 @@ jobs:
             --from-literal=accesskey="minioadmin" \
             --from-literal=secretkey="minioadmin"
           kubectl get secret communal-creds -n my-verticadb-operator -o yaml || true
-
       # ---------------------------
       # Vertica Operator + DB Deployment
       # ---------------------------
@@ -151,7 +148,6 @@ jobs:
           helm upgrade --install vdb-op vertica-charts/verticadb-operator \
             -n my-verticadb-operator -f operator-values.yaml --wait --timeout 10m
           kubectl -n my-verticadb-operator get pods -o wide || true
-
       - name: Deploy VerticaDB and per-node Services
         run: |
           cat <<'EOF' | kubectl apply -f -
@@ -160,8 +156,6 @@ jobs:
           metadata:
             name: verticadb-sample
             namespace: my-verticadb-operator
-            annotations:
-              vertica.com/k-safety: "0"
           spec:
             image: opentext/vertica-k8s:latest
             dbName: vdb
@@ -176,7 +170,7 @@ jobs:
               depotPath: /depot
             subclusters:
               - name: defaultsubcluster
-                size: 1
+                size: 3
           ---
           # -------------------------------------
           # Per-node Services (needed for LB tests)
@@ -220,7 +214,6 @@ jobs:
               - port: 5433
                 targetPort: 5433
           EOF
-
       - name: Wait for Vertica readiness
         run: |
           NS=my-verticadb-operator
@@ -230,22 +223,17 @@ jobs:
             kubectl get pod ${POD} -n ${NS} && break || sleep 10
           done
           kubectl wait --for=condition=Ready pod/${POD} -n ${NS} --timeout=5m
-
           echo "🚀 Creating test runner pod..."
           kubectl -n ${NS} run test-runner --image=python:3.13-slim --restart=Never --command -- sleep infinity
           kubectl -n ${NS} wait --for=condition=Ready pod/test-runner --timeout=180s
-
           echo "🩹 Adding Vertica pod entries to /etc/hosts in test pod..."
           for p in $(kubectl -n $NS get pods -l app.kubernetes.io/instance=verticadb-sample -o jsonpath='{.items[*].metadata.name}'); do
             IP=$(kubectl -n $NS get pod $p -o jsonpath='{.status.podIP}')
             echo "$IP $p.$NS.svc.cluster.local $p" | kubectl -n $NS exec -i test-runner -- tee -a /etc/hosts >/dev/null
             echo "✔ Added $p -> $IP"
           done
-
           echo "📂 Copying repository into pod..."
           kubectl -n ${NS} cp . test-runner:/workspace
-
-
       # ---------------------------
       # Keycloak + OAuth setup
       # ---------------------------
@@ -299,12 +287,10 @@ jobs:
               - port: 8080
                 targetPort: 8080
           EOF
-
       - name: Wait for Keycloak readiness
         run: |
           kubectl -n keycloak rollout status deploy/keycloak --timeout=2m
           kubectl -n keycloak get pods -o wide
-
       - name: Configure Keycloak realm, client, and user
         run: |
           kubectl -n keycloak exec deploy/keycloak -- \
@@ -325,7 +311,6 @@ jobs:
           kubectl -n keycloak exec deploy/keycloak -- \
             /opt/keycloak/bin/kcadm.sh set-password -r test \
               --username oauth_user --new-password password
-
       - name: Configure Vertica Authentication
         run: |
           NS=my-verticadb-operator
@@ -345,7 +330,6 @@ jobs:
               GRANT AUTHENTICATION v_dbadmin_hash TO dbadmin;
             \"
           "
-
       # ---------------------------
       # Testing section
       # ---------------------------
@@ -356,18 +340,15 @@ jobs:
           SVC=verticadb-sample-defaultsubcluster
           LOCATOR="${SVC}.${NS}.svc.cluster.local:5433"
           POD=py-test-runner
-
           # Decide image based on matrix value
           if [[ "${{ matrix.python-version }}" == pypy* ]]; then
             VERSION="${{ matrix.python-version }}"   # "pypy3.10"
             IMAGE="pypy:${VERSION#pypy}"             # "pypy:3.10"
           else
             IMAGE="python:${{ matrix.python-version }}"
           fi
-
           echo "Ensuring namespace ${NS} exists..."
           kubectl get ns ${NS} >/dev/null 2>&1 || kubectl create ns ${NS}
-
           echo "Waiting for Vertica service endpoints..."
           WAIT_TIMEOUT=300
           INTERVAL=5
@@ -377,19 +358,16 @@ jobs:
               -o jsonpath='{.subsets[*].addresses[*].ip}' 2>/dev/null || true)
             [ -n "$addrs" ] && break || sleep ${INTERVAL}
           done
-
           if [ -z "$addrs" ]; then
             echo "Vertica service endpoints not found"
             kubectl -n ${NS} get pods -o wide || true
             kubectl -n ${NS} get endpoints ${SVC} -o yaml || true
             exit 1
           fi
-
           echo "Retrieving access token from Keycloak with retries..."
           TOKEN=""
           for i in {1..10}; do
             echo "Attempt $i..."
-
             RAW=$(
               kubectl -n keycloak run curl-client \
                 --image=curlimages/curl:latest \
@@ -403,10 +381,8 @@ jobs:
                   -d "grant_type=password" \
                   -d "client_secret=${CLIENT_SECRET}"
             ) || true
-
             # Keep only the last line (JSON), remove kubectl noise
             RAW=$(printf "%s" "$RAW" | sed -n '$p')
-
             # Validate RAW is JSON
             # Validate JSON; do NOT exit — allow retry
             if ! printf '%s' "$RAW" | python3 -c 'import sys,json; json.load(sys.stdin)' >/dev/null 2>&1; then
@@ -416,28 +392,22 @@ jobs:
             # Extract token only if JSON is valid
               TOKEN=$(printf '%s' "$RAW" | python3 -c 'import sys,json; print(json.load(sys.stdin).get("access_token", ""))')
             fi
-
             if [ -n "$TOKEN" ] && [ "$TOKEN" != "null" ]; then
               echo "Access token retrieved successfully."
               break
             fi
-
             echo "Token fetch failed, Keycloak may not be ready yet."
             sleep 5
-
             if [ "$i" -eq 10 ]; then
               echo "Failed to fetch access token after multiple retries."
               exit 1
             fi
           done
-
           echo "Access token retrieved (length: ${#TOKEN})"
-
           echo "Creating Kubernetes Secret with token..."
           kubectl -n ${NS} delete secret oauth-token --ignore-not-found
           kubectl -n ${NS} create secret generic oauth-token \
             --from-literal=access_token="$TOKEN"
-
           echo "Creating Python test pod with secret mount..."
           kubectl -n ${NS} delete pod ${POD} --ignore-not-found || true
           cat <<EOF | kubectl apply -f -
@@ -471,19 +441,16 @@ jobs:
                   - name: VP_TEST_PASSWORD
                     value: ""
           EOF
-
           echo "Waiting for test pod readiness..."
           if ! kubectl -n ${NS} wait --for=condition=Ready pod/${POD} --timeout=180s; then
             echo "Pod did not become Ready. Collecting debug info..."
             kubectl -n ${NS} describe pod ${POD} || true
             kubectl -n ${NS} logs ${POD} || true
             exit 1
           fi
-
           echo "Copying repository into pod..."
           kubectl -n ${NS} exec -i ${POD} -- mkdir -p /workspace
           tar cf - . | kubectl -n ${NS} exec -i ${POD} -- tar xf - -C /workspace
-
           echo "Installing dependencies..."
           kubectl -n ${NS} exec ${POD} -- bash -lc '
             set -e
@@ -505,72 +472,56 @@ jobs:
             fi
             which tox && tox --version
           '
-
           echo "Running Python tests inside pod..."
           kubectl -n ${NS} exec -i ${POD} -- bash -lc "
             set -euo pipefail
             cd /workspace
-
             echo 'Checking connectivity to Vertica...'
             nc -zv \${VP_TEST_HOST} \${VP_TEST_PORT} || { echo 'Cannot reach Vertica host'; exit 1; }
-
             echo 'Vertica reachable; performing token introspection...'
             INTROSPECT_OUTPUT=\$(curl -s -X POST http://keycloak.keycloak.svc.cluster.local:8080/realms/test/protocol/openid-connect/token/introspect \
               -d 'client_id=${CLIENT_ID}' \
               -d 'client_secret=${CLIENT_SECRET}' \
               -d 'token='\${VP_TEST_OAUTH_ACCESS_TOKEN})
-
             if echo \"\$INTROSPECT_OUTPUT\" | grep -q '\"active\":true'; then
               echo 'Token introspection successful (active=true)'
             else
               echo 'Token introspection failed:'; echo \"\$INTROSPECT_OUTPUT\"; exit 1
             fi
-
             if command -v pypy3 >/dev/null 2>&1; then
               export PATH=\$PATH:/opt/pypy/bin
             fi
-
             echo 'Running pytest suite via tox...'
             tox -e py
           "
-
           echo "Cleaning up test pod..."
           kubectl -n ${NS} delete pod ${POD} --ignore-not-found || true
-
       # ---------------------------
       # Final Teardown (K8s + KinD)
       # ---------------------------
       - name: Cleanup Kubernetes resources
         if: always()
         run: |
           echo "Starting cleanup..."
-
           echo "Deleting Python test runner pods..."
           kubectl -n my-verticadb-operator delete pod test-runner --ignore-not-found || true
           kubectl -n my-verticadb-operator delete pod py-test-runner --ignore-not-found || true
-
           echo "Deleting Keycloak pods & services..."
           kubectl delete deployment keycloak -n keycloak --ignore-not-found || true
           kubectl delete service keycloak -n keycloak --ignore-not-found || true
           kubectl delete ns keycloak --ignore-not-found || true
-
           echo "Deleting VerticaDB and Operator..."
           kubectl delete verticadb verticadb-sample -n my-verticadb-operator --ignore-not-found || true
           helm uninstall vdb-op -n my-verticadb-operator || true
           kubectl delete ns my-verticadb-operator --ignore-not-found || true
-
           echo "Deleting MinIO..."
           kubectl delete -f minio.yaml --ignore-not-found || true
           kubectl delete ns minio --ignore-not-found || true
-
           echo "Deleting leftover services..."
           kubectl delete svc vertica-node-0 -n my-verticadb-operator --ignore-not-found || true
           kubectl delete svc vertica-node-1 -n my-verticadb-operator --ignore-not-found || true
           kubectl delete svc vertica-node-2 -n my-verticadb-operator --ignore-not-found || true
-
           echo "Kubernetes resources cleanup done."
-
-
       - name: Delete KinD cluster
         if: always()
         run: |

vertica_python/tests/integration_tests/test_authentication.py

@@ -239,5 +239,4 @@ def totp_wrong_code_scenario(self):
 
             finally:
                 cur.execute("DROP USER IF EXISTS totp_user")
-                cur.execute("DROP AUTHENTICATION IF EXISTS totp_auth CASCADE")
-
+                cur.execute("DROP AUTHENTICATION IF EXISTS totp_auth CASCADE")

vertica_python/vertica/messages/frontend_messages/startup.py

@@ -1,3 +1,4 @@
+
 # Copyright (c) 2018-2024 Open Text.
 # Copyright (c) 2018 Uber Technologies, Inc.
 #