public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

less code

This commit is contained in:
Felix Kunde 2020-08-10 17:39:22 +02:00
parent 9556fe1cc2 43163cf83b
commit 3ebf9dc09c
10 changed files with 654 additions and 548 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/postgres-operator/crds/operatorconfigurations.yaml
View File

@ -149,6 +149,10 @@ spec:
type: string type: string
rolekey: rolekey:
type: string type: string
defaultuservalue:
type: string
defaultrolevalue:
type: string
details: details:
type: string type: string
template: template:

1007
e2e/tests/test_e2e.py
View File

File diff suppressed because it is too large Load Diff

2
manifests/infrastructure-roles-new.yaml
View File

@ -3,8 +3,6 @@ data:
# infrastructure role definition in the new format # infrastructure role definition in the new format
# robot_zmon_acid_monitoring_new # robot_zmon_acid_monitoring_new
user: cm9ib3Rfem1vbl9hY2lkX21vbml0b3JpbmdfbmV3 user: cm9ib3Rfem1vbl9hY2lkX21vbml0b3JpbmdfbmV3
# robot_zmon_new
role: cm9ib3Rfem1vbl9uZXc=
# foobar_new # foobar_new
password: Zm9vYmFyX25ldw== password: Zm9vYmFyX25ldw==
kind: Secret kind: Secret

6
manifests/infrastructure-roles.yaml
View File

@ -7,12 +7,14 @@ data:
# provide other options in the configmap. # provide other options in the configmap.
# robot_zmon_acid_monitoring # robot_zmon_acid_monitoring
user1: cm9ib3Rfem1vbl9hY2lkX21vbml0b3Jpbmc= user1: cm9ib3Rfem1vbl9hY2lkX21vbml0b3Jpbmc=
# foobar
password1: Zm9vYmFy
# robot_zmon # robot_zmon
inrole1: cm9ib3Rfem1vbg== inrole1: cm9ib3Rfem1vbg==
# testuser # testuser
user2: dGVzdHVzZXI= user2: dGVzdHVzZXI=
# foobar # testpassword
password2: Zm9vYmFy password2: dGVzdHBhc3N3b3Jk
# user batman with the password justice # user batman with the password justice
# look for other fields in the infrastructure roles configmap # look for other fields in the infrastructure roles configmap
batman: anVzdGljZQ== batman: anVzdGljZQ==

4
manifests/operatorconfiguration.crd.yaml
View File

@ -145,6 +145,10 @@ spec:
type: string type: string
rolekey: rolekey:
type: string type: string
defaultuservalue:
type: string
defaultrolevalue:
type: string
details: details:
type: string type: string
template: template:

6
pkg/apis/acid.zalan.do/v1/crds.go
View File

@ -930,6 +930,12 @@ var OperatorConfigCRDResourceValidation = apiextv1beta1.CustomResourceValidation
"rolekey": { "rolekey": {
Type: "string", Type: "string",
}, },
"defaultuservalue": {
Type: "string",
},
"defaultrolevalue": {
Type: "string",
},
"details": { "details": {
Type: "string", Type: "string",
}, },

11
pkg/cluster/resources.go
View File

@ -229,11 +229,9 @@ func (c *Cluster) deleteConnectionPooler() (err error) {
if err != nil { if err != nil {
c.logger.Debugf("could not get connection pooler secret %q: %v", secretName, err) c.logger.Debugf("could not get connection pooler secret %q: %v", secretName, err)
} else { } else {
uid := secret.UID if err = c.deleteSecret(secret.UID, *secret); err != nil {
if err = c.deleteSecret(uid, *secret); err != nil {
return fmt.Errorf("could not delete pooler secret: %v", err) return fmt.Errorf("could not delete pooler secret: %v", err)
} }
c.Secrets[uid] = nil
} }
c.ConnectionPooler = nil c.ConnectionPooler = nil
@ -761,12 +759,13 @@ func (c *Cluster) deleteSecrets() error {
func (c *Cluster) deleteSecret(uid types.UID, secret v1.Secret) error { func (c *Cluster) deleteSecret(uid types.UID, secret v1.Secret) error {
c.setProcessName("deleting secret") c.setProcessName("deleting secret")
c.logger.Debugf("deleting secret %q", util.NameFromMeta(secret.ObjectMeta)) secretName := util.NameFromMeta(secret.ObjectMeta)
c.logger.Debugf("deleting secret %q", secretName)
err := c.KubeClient.Secrets(secret.Namespace).Delete(context.TODO(), secret.Name, c.deleteOptions) err := c.KubeClient.Secrets(secret.Namespace).Delete(context.TODO(), secret.Name, c.deleteOptions)
if err != nil { if err != nil {
return fmt.Errorf("could not delete secret %q: %v", util.NameFromMeta(secret.ObjectMeta), err) return fmt.Errorf("could not delete secret %q: %v", secretName, err)
} }
c.logger.Infof("secret %q has been deleted", util.NameFromMeta(secret.ObjectMeta)) c.logger.Infof("secret %q has been deleted", secretName)
c.Secrets[uid] = nil c.Secrets[uid] = nil
return nil return nil

38
pkg/controller/util.go
View File

@ -15,6 +15,7 @@ import (
acidv1 "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do/v1" acidv1 "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do/v1"
"github.com/zalando/postgres-operator/pkg/cluster" "github.com/zalando/postgres-operator/pkg/cluster"
"github.com/zalando/postgres-operator/pkg/spec" "github.com/zalando/postgres-operator/pkg/spec"
"github.com/zalando/postgres-operator/pkg/util"
"github.com/zalando/postgres-operator/pkg/util/config" "github.com/zalando/postgres-operator/pkg/util/config"
"github.com/zalando/postgres-operator/pkg/util/k8sutil" "github.com/zalando/postgres-operator/pkg/util/k8sutil"
"gopkg.in/yaml.v2" "gopkg.in/yaml.v2"
@ -118,13 +119,9 @@ var emptyName = (spec.NamespacedName{})
// configuration in ConfigMap & CRD. // configuration in ConfigMap & CRD.
func (c *Controller) getInfrastructureRoleDefinitions() []*config.InfrastructureRole { func (c *Controller) getInfrastructureRoleDefinitions() []*config.InfrastructureRole {
var roleDef config.InfrastructureRole var roleDef config.InfrastructureRole
rolesDefs := c.opConfig.InfrastructureRoles
if c.opConfig.InfrastructureRolesSecretName == emptyName { // take from CRD configuration
// All the other possibilities require secret name to be present, so if rolesDefs := c.opConfig.InfrastructureRoles
// it is not, then nothing else to be done here.
return rolesDefs
}
// check if we can extract something from the configmap config option // check if we can extract something from the configmap config option
if c.opConfig.InfrastructureRolesDefs != "" { if c.opConfig.InfrastructureRolesDefs != "" {
@ -163,27 +160,33 @@ func (c *Controller) getInfrastructureRoleDefinitions() []*config.Infrastructure
roleDef.PasswordKey = value roleDef.PasswordKey = value
case "rolekey": case "rolekey":
roleDef.RoleKey = value roleDef.RoleKey = value
case "defaultuservalue":
roleDef.DefaultUserValue = value
case "defaultrolevalue":
roleDef.DefaultRoleValue = value
default: default:
c.logger.Warningf("Role description is not known: %s", properties) c.logger.Warningf("Role description is not known: %s", properties)
} }
} }
} else {
if roleDef.SecretName != emptyName &&
(roleDef.UserKey != "" || roleDef.DefaultUserValue != "") &&
roleDef.PasswordKey != "" {
rolesDefs = append(rolesDefs, &roleDef)
}
}
if c.opConfig.InfrastructureRolesSecretName != emptyName {
// At this point we deal with the old format, let's replicate it // At this point we deal with the old format, let's replicate it
// via existing definition structure and remember that it's just a // via existing definition structure and remember that it's just a
// template, the real values are in user1,password1,inrole1 etc. // template, the real values are in user1,password1,inrole1 etc.
roleDef = config.InfrastructureRole{ rolesDefs = append(rolesDefs, &config.InfrastructureRole{
SecretName: c.opConfig.InfrastructureRolesSecretName, SecretName: c.opConfig.InfrastructureRolesSecretName,
UserKey: "user", UserKey: "user",
PasswordKey: "password", PasswordKey: "password",
RoleKey: "inrole", RoleKey: "inrole",
Template: true, Template: true,
} })
}
if roleDef.UserKey != "" &&
roleDef.PasswordKey != "" &&
roleDef.RoleKey != "" {
rolesDefs = append(rolesDefs, &roleDef)
} }
return rolesDefs return rolesDefs
@ -330,9 +333,10 @@ func (c *Controller) getInfrastructureRole(
return nil, fmt.Errorf("could not decode yaml role: %v", err) return nil, fmt.Errorf("could not decode yaml role: %v", err)
} }
} else { } else {
roleDescr.Name = string(secretData[infraRole.UserKey]) roleDescr.Name = util.Coalesce(string(secretData[infraRole.UserKey]), infraRole.DefaultUserValue)
roleDescr.Password = string(secretData[infraRole.PasswordKey]) roleDescr.Password = string(secretData[infraRole.PasswordKey])
roleDescr.MemberOf = append(roleDescr.MemberOf, string(secretData[infraRole.RoleKey])) roleDescr.MemberOf = append(roleDescr.MemberOf,
util.Coalesce(string(secretData[infraRole.RoleKey]), infraRole.DefaultRoleValue))
} }
if roleDescr.Valid() { if roleDescr.Valid() {

121
pkg/controller/util_test.go
View File

@ -279,7 +279,7 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
roleSecrets string roleSecrets string
expectedDefs []*config.InfrastructureRole expectedDefs []*config.InfrastructureRole
}{ }{
// only new format // only new CRD format
{ {
[]*config.InfrastructureRole{ []*config.InfrastructureRole{
&config.InfrastructureRole{ &config.InfrastructureRole{
@ -287,9 +287,9 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
Namespace: v1.NamespaceDefault, Namespace: v1.NamespaceDefault,
Name: testInfrastructureRolesNewSecretName, Name: testInfrastructureRolesNewSecretName,
}, },
UserKey: "user", UserKey: "test-user",
PasswordKey: "password", PasswordKey: "test-password",
RoleKey: "inrole", RoleKey: "test-role",
Template: false, Template: false,
}, },
}, },
@ -301,14 +301,50 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
Namespace: v1.NamespaceDefault, Namespace: v1.NamespaceDefault,
Name: testInfrastructureRolesNewSecretName, Name: testInfrastructureRolesNewSecretName,
}, },
UserKey: "user", UserKey: "test-user",
PasswordKey: "password", PasswordKey: "test-password",
RoleKey: "inrole", RoleKey: "test-role",
Template: false, Template: false,
}, },
}, },
}, },
// only old format // only new configmap format
{
[]*config.InfrastructureRole{},
spec.NamespacedName{},
"secretname: infrastructureroles-new-test, userkey: test-user, passwordkey: test-password, rolekey: test-role",
[]*config.InfrastructureRole{
&config.InfrastructureRole{
SecretName: spec.NamespacedName{
Namespace: v1.NamespaceDefault,
Name: testInfrastructureRolesNewSecretName,
},
UserKey: "test-user",
PasswordKey: "test-password",
RoleKey: "test-role",
Template: false,
},
},
},
// new configmap format with defaultRoleValue
{
[]*config.InfrastructureRole{},
spec.NamespacedName{},
"secretname: infrastructureroles-new-test, userkey: test-user, passwordkey: test-password, defaultrolevalue: test-role",
[]*config.InfrastructureRole{
&config.InfrastructureRole{
SecretName: spec.NamespacedName{
Namespace: v1.NamespaceDefault,
Name: testInfrastructureRolesNewSecretName,
},
UserKey: "test-user",
PasswordKey: "test-password",
DefaultRoleValue: "test-role",
Template: false,
},
},
},
// only old CRD and configmap format
{ {
[]*config.InfrastructureRole{}, []*config.InfrastructureRole{},
spec.NamespacedName{ spec.NamespacedName{
@ -329,19 +365,13 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
}, },
}, },
}, },
// only configmap format // both formats for CRD
{ {
[]*config.InfrastructureRole{},
spec.NamespacedName{
Namespace: v1.NamespaceDefault,
Name: testInfrastructureRolesOldSecretName,
},
"secretname: infrastructureroles-old-test, userkey: test-user, passwordkey: test-password, rolekey: test-role, template: false",
[]*config.InfrastructureRole{ []*config.InfrastructureRole{
&config.InfrastructureRole{ &config.InfrastructureRole{
SecretName: spec.NamespacedName{ SecretName: spec.NamespacedName{
Namespace: v1.NamespaceDefault, Namespace: v1.NamespaceDefault,
Name: testInfrastructureRolesOldSecretName, Name: testInfrastructureRolesNewSecretName,
}, },
UserKey: "test-user", UserKey: "test-user",
PasswordKey: "test-password", PasswordKey: "test-password",
@ -349,14 +379,69 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
Template: false, Template: false,
}, },
}, },
spec.NamespacedName{
Namespace: v1.NamespaceDefault,
Name: testInfrastructureRolesOldSecretName,
},
"",
[]*config.InfrastructureRole{
&config.InfrastructureRole{
SecretName: spec.NamespacedName{
Namespace: v1.NamespaceDefault,
Name: testInfrastructureRolesNewSecretName,
},
UserKey: "test-user",
PasswordKey: "test-password",
RoleKey: "test-role",
Template: false,
},
&config.InfrastructureRole{
SecretName: spec.NamespacedName{
Namespace: v1.NamespaceDefault,
Name: testInfrastructureRolesOldSecretName,
},
UserKey: "user",
PasswordKey: "password",
RoleKey: "inrole",
Template: true,
},
},
}, },
// incorrect configmap format // both formats for configmap
{ {
[]*config.InfrastructureRole{}, []*config.InfrastructureRole{},
spec.NamespacedName{ spec.NamespacedName{
Namespace: v1.NamespaceDefault, Namespace: v1.NamespaceDefault,
Name: testInfrastructureRolesOldSecretName, Name: testInfrastructureRolesOldSecretName,
}, },
"secretname: infrastructureroles-new-test, userkey: test-user, passwordkey: test-password, rolekey: test-role",
[]*config.InfrastructureRole{
&config.InfrastructureRole{
SecretName: spec.NamespacedName{
Namespace: v1.NamespaceDefault,
Name: testInfrastructureRolesNewSecretName,
},
UserKey: "test-user",
PasswordKey: "test-password",
RoleKey: "test-role",
Template: false,
},
&config.InfrastructureRole{
SecretName: spec.NamespacedName{
Namespace: v1.NamespaceDefault,
Name: testInfrastructureRolesOldSecretName,
},
UserKey: "user",
PasswordKey: "password",
RoleKey: "inrole",
Template: true,
},
},
},
// incorrect configmap format
{
[]*config.InfrastructureRole{},
spec.NamespacedName{},
"wrong-format", "wrong-format",
[]*config.InfrastructureRole{}, []*config.InfrastructureRole{},
}, },
@ -364,7 +449,7 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
{ {
[]*config.InfrastructureRole{}, []*config.InfrastructureRole{},
spec.NamespacedName{}, spec.NamespacedName{},
"userkey: test-user, passwordkey: test-password, rolekey: test-role, template: false", "userkey: test-user, passwordkey: test-password, rolekey: test-role",
[]*config.InfrastructureRole{}, []*config.InfrastructureRole{},
}, },
} }

3
pkg/util/config/config.go
View File

@ -61,6 +61,9 @@ type InfrastructureRole struct {
PasswordKey string PasswordKey string
RoleKey string RoleKey string
DefaultUserValue string
DefaultRoleValue string
// This field point out the detailed yaml definition of the role, if exists // This field point out the detailed yaml definition of the role, if exists
Details string Details string