less code

2020-08-10 17:39:22 +02:00 · 2020-08-10 17:39:22 +02:00 · 3ebf9dc09c
parent 9556fe1cc2 43163cf83b
commit 3ebf9dc09c
10 changed files with 654 additions and 548 deletions
--- a/charts/postgres-operator/crds/operatorconfigurations.yaml
+++ b/charts/postgres-operator/crds/operatorconfigurations.yaml
@ -149,6 +149,10 @@ spec:
                        type: string
                      rolekey:
                        type: string
+                      defaultuservalue:
+                        type: string
+                      defaultrolevalue:
+                        type: string
                      details:
                        type: string
                      template:
--- a/e2e/tests/test_e2e.py
+++ b/e2e/tests/test_e2e.py
--- a/manifests/infrastructure-roles-new.yaml
+++ b/manifests/infrastructure-roles-new.yaml
@ -3,8 +3,6 @@ data:
  # infrastructure role definition in the new format
  # robot_zmon_acid_monitoring_new
  user: cm9ib3Rfem1vbl9hY2lkX21vbml0b3JpbmdfbmV3
-  # robot_zmon_new
-  role: cm9ib3Rfem1vbl9uZXc=
  # foobar_new
  password: Zm9vYmFyX25ldw==
 kind: Secret
--- a/manifests/infrastructure-roles.yaml
+++ b/manifests/infrastructure-roles.yaml
@ -7,12 +7,14 @@ data:
  # provide other options in the configmap.
  # robot_zmon_acid_monitoring
  user1: cm9ib3Rfem1vbl9hY2lkX21vbml0b3Jpbmc=
+  # foobar
+  password1: Zm9vYmFy
  # robot_zmon
  inrole1: cm9ib3Rfem1vbg==
  # testuser
  user2: dGVzdHVzZXI=
-  # foobar
-  password2: Zm9vYmFy
+  # testpassword
+  password2: dGVzdHBhc3N3b3Jk
  # user batman with the password justice
  # look for other fields in the infrastructure roles configmap
  batman: anVzdGljZQ==
--- a/manifests/operatorconfiguration.crd.yaml
+++ b/manifests/operatorconfiguration.crd.yaml
@ -145,6 +145,10 @@ spec:
                        type: string
                      rolekey:
                        type: string
+                      defaultuservalue:
+                        type: string
+                      defaultrolevalue:
+                        type: string
                      details:
                        type: string
                      template:
--- a/pkg/apis/acid.zalan.do/v1/crds.go
+++ b/pkg/apis/acid.zalan.do/v1/crds.go
@ -930,6 +930,12 @@ var OperatorConfigCRDResourceValidation = apiextv1beta1.CustomResourceValidation
 											"rolekey": {
 												Type: "string",
 											},
+											"defaultuservalue": {
+												Type: "string",
+											},
+											"defaultrolevalue": {
+												Type: "string",
+											},
 											"details": {
 												Type: "string",
 											},
--- a/pkg/cluster/resources.go
+++ b/pkg/cluster/resources.go
@ -229,11 +229,9 @@ func (c *Cluster) deleteConnectionPooler() (err error) {
 	if err != nil {
 		c.logger.Debugf("could not get connection pooler secret %q: %v", secretName, err)
 	} else {
-		uid := secret.UID
-		if err = c.deleteSecret(uid, *secret); err != nil {
+		if err = c.deleteSecret(secret.UID, *secret); err != nil {
 			return fmt.Errorf("could not delete pooler secret: %v", err)
 		}
-		c.Secrets[uid] = nil
 	}

 	c.ConnectionPooler = nil
@ -761,12 +759,13 @@ func (c *Cluster) deleteSecrets() error {

 func (c *Cluster) deleteSecret(uid types.UID, secret v1.Secret) error {
 	c.setProcessName("deleting secret")
-	c.logger.Debugf("deleting secret %q", util.NameFromMeta(secret.ObjectMeta))
+	secretName := util.NameFromMeta(secret.ObjectMeta)
+	c.logger.Debugf("deleting secret %q", secretName)
 	err := c.KubeClient.Secrets(secret.Namespace).Delete(context.TODO(), secret.Name, c.deleteOptions)
 	if err != nil {
-		return fmt.Errorf("could not delete secret %q: %v", util.NameFromMeta(secret.ObjectMeta), err)
+		return fmt.Errorf("could not delete secret %q: %v", secretName, err)
 	}
-	c.logger.Infof("secret %q has been deleted", util.NameFromMeta(secret.ObjectMeta))
+	c.logger.Infof("secret %q has been deleted", secretName)
 	c.Secrets[uid] = nil

 	return nil
--- a/pkg/controller/util.go
+++ b/pkg/controller/util.go
@ -15,6 +15,7 @@ import (
 	acidv1 "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do/v1"
 	"github.com/zalando/postgres-operator/pkg/cluster"
 	"github.com/zalando/postgres-operator/pkg/spec"
+	"github.com/zalando/postgres-operator/pkg/util"
 	"github.com/zalando/postgres-operator/pkg/util/config"
 	"github.com/zalando/postgres-operator/pkg/util/k8sutil"
 	"gopkg.in/yaml.v2"
@ -118,13 +119,9 @@ var emptyName = (spec.NamespacedName{})
 // configuration in ConfigMap & CRD.
 func (c *Controller) getInfrastructureRoleDefinitions() []*config.InfrastructureRole {
 	var roleDef config.InfrastructureRole
-	rolesDefs := c.opConfig.InfrastructureRoles

-	if c.opConfig.InfrastructureRolesSecretName == emptyName {
-		// All the other possibilities require secret name to be present, so if
-		// it is not, then nothing else to be done here.
-		return rolesDefs
-	}
+	// take from CRD configuration
+	rolesDefs := c.opConfig.InfrastructureRoles

 	// check if we can extract something from the configmap config option
 	if c.opConfig.InfrastructureRolesDefs != "" {
@ -163,27 +160,33 @@ func (c *Controller) getInfrastructureRoleDefinitions() []*config.Infrastructure
 				roleDef.PasswordKey = value
 			case "rolekey":
 				roleDef.RoleKey = value
+			case "defaultuservalue":
+				roleDef.DefaultUserValue = value
+			case "defaultrolevalue":
+				roleDef.DefaultRoleValue = value
 			default:
 				c.logger.Warningf("Role description is not known: %s", properties)
 			}
 		}
-	} else {
+
+		if roleDef.SecretName != emptyName &&
+			(roleDef.UserKey != "" || roleDef.DefaultUserValue != "") &&
+			roleDef.PasswordKey != "" {
+			rolesDefs = append(rolesDefs, &roleDef)
+		}
+	}
+
+	if c.opConfig.InfrastructureRolesSecretName != emptyName {
 		// At this point we deal with the old format, let's replicate it
 		// via existing definition structure and remember that it's just a
 		// template, the real values are in user1,password1,inrole1 etc.
-		roleDef = config.InfrastructureRole{
+		rolesDefs = append(rolesDefs, &config.InfrastructureRole{
 			SecretName:  c.opConfig.InfrastructureRolesSecretName,
 			UserKey:     "user",
 			PasswordKey: "password",
 			RoleKey:     "inrole",
 			Template:    true,
-		}
-	}
-
-	if roleDef.UserKey != "" &&
-		roleDef.PasswordKey != "" &&
-		roleDef.RoleKey != "" {
-		rolesDefs = append(rolesDefs, &roleDef)
+		})
 	}

 	return rolesDefs
@ -330,9 +333,10 @@ func (c *Controller) getInfrastructureRole(
 				return nil, fmt.Errorf("could not decode yaml role: %v", err)
 			}
 		} else {
-			roleDescr.Name = string(secretData[infraRole.UserKey])
+			roleDescr.Name = util.Coalesce(string(secretData[infraRole.UserKey]), infraRole.DefaultUserValue)
 			roleDescr.Password = string(secretData[infraRole.PasswordKey])
-			roleDescr.MemberOf = append(roleDescr.MemberOf, string(secretData[infraRole.RoleKey]))
+			roleDescr.MemberOf = append(roleDescr.MemberOf,
+				util.Coalesce(string(secretData[infraRole.RoleKey]), infraRole.DefaultRoleValue))
 		}

 		if roleDescr.Valid() {
--- a/pkg/controller/util_test.go
+++ b/pkg/controller/util_test.go
@ -279,7 +279,7 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
 		roleSecrets    string
 		expectedDefs   []*config.InfrastructureRole
 	}{
-		// only new format
+		// only new CRD format
 		{
 			[]*config.InfrastructureRole{
 				&config.InfrastructureRole{
@ -287,9 +287,9 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
 						Namespace: v1.NamespaceDefault,
 						Name:      testInfrastructureRolesNewSecretName,
 					},
-					UserKey:     "user",
-					PasswordKey: "password",
-					RoleKey:     "inrole",
+					UserKey:     "test-user",
+					PasswordKey: "test-password",
+					RoleKey:     "test-role",
 					Template:    false,
 				},
 			},
@ -301,14 +301,50 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
 						Namespace: v1.NamespaceDefault,
 						Name:      testInfrastructureRolesNewSecretName,
 					},
-					UserKey:     "user",
-					PasswordKey: "password",
-					RoleKey:     "inrole",
+					UserKey:     "test-user",
+					PasswordKey: "test-password",
+					RoleKey:     "test-role",
 					Template:    false,
 				},
 			},
 		},
-		// only old format
+		// only new configmap format
+		{
+			[]*config.InfrastructureRole{},
+			spec.NamespacedName{},
+			"secretname: infrastructureroles-new-test, userkey: test-user, passwordkey: test-password, rolekey: test-role",
+			[]*config.InfrastructureRole{
+				&config.InfrastructureRole{
+					SecretName: spec.NamespacedName{
+						Namespace: v1.NamespaceDefault,
+						Name:      testInfrastructureRolesNewSecretName,
+					},
+					UserKey:     "test-user",
+					PasswordKey: "test-password",
+					RoleKey:     "test-role",
+					Template:    false,
+				},
+			},
+		},
+		// new configmap format with defaultRoleValue
+		{
+			[]*config.InfrastructureRole{},
+			spec.NamespacedName{},
+			"secretname: infrastructureroles-new-test, userkey: test-user, passwordkey: test-password, defaultrolevalue: test-role",
+			[]*config.InfrastructureRole{
+				&config.InfrastructureRole{
+					SecretName: spec.NamespacedName{
+						Namespace: v1.NamespaceDefault,
+						Name:      testInfrastructureRolesNewSecretName,
+					},
+					UserKey:          "test-user",
+					PasswordKey:      "test-password",
+					DefaultRoleValue: "test-role",
+					Template:         false,
+				},
+			},
+		},
+		// only old CRD and configmap format
 		{
 			[]*config.InfrastructureRole{},
 			spec.NamespacedName{
@ -329,19 +365,13 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
 				},
 			},
 		},
-		// only configmap format
+		// both formats for CRD
 		{
-			[]*config.InfrastructureRole{},
-			spec.NamespacedName{
-				Namespace: v1.NamespaceDefault,
-				Name:      testInfrastructureRolesOldSecretName,
-			},
-			"secretname: infrastructureroles-old-test, userkey: test-user, passwordkey: test-password, rolekey: test-role, template: false",
 			[]*config.InfrastructureRole{
 				&config.InfrastructureRole{
 					SecretName: spec.NamespacedName{
 						Namespace: v1.NamespaceDefault,
-						Name:      testInfrastructureRolesOldSecretName,
+						Name:      testInfrastructureRolesNewSecretName,
 					},
 					UserKey:     "test-user",
 					PasswordKey: "test-password",
@ -349,14 +379,69 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
 					Template:    false,
 				},
 			},
+			spec.NamespacedName{
+				Namespace: v1.NamespaceDefault,
+				Name:      testInfrastructureRolesOldSecretName,
 			},
-		// incorrect configmap format
+			"",
+			[]*config.InfrastructureRole{
+				&config.InfrastructureRole{
+					SecretName: spec.NamespacedName{
+						Namespace: v1.NamespaceDefault,
+						Name:      testInfrastructureRolesNewSecretName,
+					},
+					UserKey:     "test-user",
+					PasswordKey: "test-password",
+					RoleKey:     "test-role",
+					Template:    false,
+				},
+				&config.InfrastructureRole{
+					SecretName: spec.NamespacedName{
+						Namespace: v1.NamespaceDefault,
+						Name:      testInfrastructureRolesOldSecretName,
+					},
+					UserKey:     "user",
+					PasswordKey: "password",
+					RoleKey:     "inrole",
+					Template:    true,
+				},
+			},
+		},
+		// both formats for configmap
 		{
 			[]*config.InfrastructureRole{},
 			spec.NamespacedName{
 				Namespace: v1.NamespaceDefault,
 				Name:      testInfrastructureRolesOldSecretName,
 			},
+			"secretname: infrastructureroles-new-test, userkey: test-user, passwordkey: test-password, rolekey: test-role",
+			[]*config.InfrastructureRole{
+				&config.InfrastructureRole{
+					SecretName: spec.NamespacedName{
+						Namespace: v1.NamespaceDefault,
+						Name:      testInfrastructureRolesNewSecretName,
+					},
+					UserKey:     "test-user",
+					PasswordKey: "test-password",
+					RoleKey:     "test-role",
+					Template:    false,
+				},
+				&config.InfrastructureRole{
+					SecretName: spec.NamespacedName{
+						Namespace: v1.NamespaceDefault,
+						Name:      testInfrastructureRolesOldSecretName,
+					},
+					UserKey:     "user",
+					PasswordKey: "password",
+					RoleKey:     "inrole",
+					Template:    true,
+				},
+			},
+		},
+		// incorrect configmap format
+		{
+			[]*config.InfrastructureRole{},
+			spec.NamespacedName{},
 			"wrong-format",
 			[]*config.InfrastructureRole{},
 		},
@ -364,7 +449,7 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
 		{
 			[]*config.InfrastructureRole{},
 			spec.NamespacedName{},
-			"userkey: test-user, passwordkey: test-password, rolekey: test-role, template: false",
+			"userkey: test-user, passwordkey: test-password, rolekey: test-role",
 			[]*config.InfrastructureRole{},
 		},
 	}
--- a/pkg/util/config/config.go
+++ b/pkg/util/config/config.go
@ -61,6 +61,9 @@ type InfrastructureRole struct {
 	PasswordKey string
 	RoleKey     string

+	DefaultUserValue string
+	DefaultRoleValue string
+
 	// This field point out the detailed yaml definition of the role, if exists
 	Details string