public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

let udateSecret get the secret

This commit is contained in:
Felix Kunde 2022-02-09 19:51:11 +01:00
parent 11c286fe9a
commit 23b70aa49b
2 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/cluster/sync.go
View File

@ -625,23 +625,19 @@ func (c *Cluster) syncSecrets() error {
retentionUsers := make([]string, 0) retentionUsers := make([]string, 0)
currentTime := time.Now() currentTime := time.Now()
for secretUsername, generatedSecretSpec := range generatedSecrets { for secretUsername, generatedSecret := range generatedSecrets {
secret, err := c.KubeClient.Secrets(generatedSecretSpec.Namespace).Create(context.TODO(), generatedSecretSpec, metav1.CreateOptions{}) secret, err := c.KubeClient.Secrets(generatedSecret.Namespace).Create(context.TODO(), generatedSecret, metav1.CreateOptions{})
if err == nil { if err == nil {
c.Secrets[secret.UID] = secret c.Secrets[secret.UID] = secret
c.logger.Debugf("created new secret %s, namespace: %s, uid: %s", util.NameFromMeta(secret.ObjectMeta), generatedSecretSpec.Namespace, secret.UID) c.logger.Debugf("created new secret %s, namespace: %s, uid: %s", util.NameFromMeta(secret.ObjectMeta), generatedSecret.Namespace, secret.UID)
continue continue
} }
if k8sutil.ResourceAlreadyExists(err) { if k8sutil.ResourceAlreadyExists(err) {
if secret, err = c.KubeClient.Secrets(generatedSecretSpec.Namespace).Get(context.TODO(), generatedSecretSpec.Name, metav1.GetOptions{}); err != nil { if err = c.updateSecret(secretUsername, generatedSecret, &rotationUsers, &retentionUsers, currentTime); err != nil {
return fmt.Errorf("could not get current secret: %v", err)
}
c.Secrets[secret.UID] = secret
if err = c.updateSecret(secretUsername, generatedSecretSpec, secret, &rotationUsers, &retentionUsers, currentTime); err != nil {
c.logger.Warningf("syncing secret %s failed: %v", util.NameFromMeta(secret.ObjectMeta), err) c.logger.Warningf("syncing secret %s failed: %v", util.NameFromMeta(secret.ObjectMeta), err)
} }
} else { } else {
return fmt.Errorf("could not create secret for user %s: in namespace %s: %v", secretUsername, generatedSecretSpec.Namespace, err) return fmt.Errorf("could not create secret for user %s: in namespace %s: %v", secretUsername, generatedSecret.Namespace, err)
} }
} }
@ -680,11 +676,11 @@ func (c *Cluster) syncSecrets() error {
func (c *Cluster) updateSecret( func (c *Cluster) updateSecret(
secretUsername string, secretUsername string,
generatedSecret *v1.Secret, generatedSecret *v1.Secret,
secret *v1.Secret,
rotationUsers *spec.PgUserMap, rotationUsers *spec.PgUserMap,
retentionUsers *[]string, retentionUsers *[]string,
currentTime time.Time) error { currentTime time.Time) error {
var ( var (
secret *v1.Secret
err error err error
updateSecret bool updateSecret bool
updateSecretMsg string updateSecretMsg string
@ -692,6 +688,12 @@ func (c *Cluster) updateSecret(
nextRotationDateStr string nextRotationDateStr string
) )
// get the secret first
if secret, err = c.KubeClient.Secrets(generatedSecret.Namespace).Get(context.TODO(), generatedSecret.Name, metav1.GetOptions{}); err != nil {
return fmt.Errorf("could not get current secret: %v", err)
}
c.Secrets[secret.UID] = secret
// fetch user map to update later // fetch user map to update later
var userMap map[string]spec.PgUser var userMap map[string]spec.PgUser
var userKey string var userKey string

4
pkg/cluster/sync_test.go
View File

@ -307,7 +307,7 @@ func TestUpdateSecret(t *testing.T) {
generatedSecret := cluster.Secrets[secret.UID] generatedSecret := cluster.Secrets[secret.UID]
// now update the secret setting next rotation date (yesterday + interval) // now update the secret setting next rotation date (yesterday + interval)
cluster.updateSecret(username, generatedSecret, secret, &rotationUsers, &retentionUsers, yesterday) cluster.updateSecret(username, generatedSecret, &rotationUsers, &retentionUsers, yesterday)
updatedSecret, err := cluster.KubeClient.Secrets(namespace).Get(context.TODO(), secretTemplate.Format("username", username, "cluster", clusterName), metav1.GetOptions{}) updatedSecret, err := cluster.KubeClient.Secrets(namespace).Get(context.TODO(), secretTemplate.Format("username", username, "cluster", clusterName), metav1.GetOptions{})
assert.NoError(t, err) assert.NoError(t, err)
@ -318,7 +318,7 @@ func TestUpdateSecret(t *testing.T) {
} }
// update secret again but use current time to trigger rotation // update secret again but use current time to trigger rotation
cluster.updateSecret(username, generatedSecret, updatedSecret, &rotationUsers, &retentionUsers, time.Now()) cluster.updateSecret(username, generatedSecret, &rotationUsers, &retentionUsers, time.Now())
updatedSecret, err = cluster.KubeClient.Secrets(namespace).Get(context.TODO(), secretTemplate.Format("username", username, "cluster", clusterName), metav1.GetOptions{}) updatedSecret, err = cluster.KubeClient.Secrets(namespace).Get(context.TODO(), secretTemplate.Format("username", username, "cluster", clusterName), metav1.GetOptions{})
assert.NoError(t, err) assert.NoError(t, err)