superusers instead of admin

2020-10-15 13:40:41 +02:00 · 2020-10-15 13:40:41 +02:00 · 4cd82220d2
parent 0f86eff13e
commit 4cd82220d2
6 changed files with 39 additions and 50 deletions
--- a/manifests/postgresteam.crd.yaml
+++ b/manifests/postgresteam.crd.yaml
@ -34,7 +34,7 @@ spec:
        spec:
          type: object
          properties:
-            additionalAdminTeams:
+            additionalSuperuserTeams:
              type: object
              description: "Map for teamId and associted additional admin teams"
              additionalProperties:
--- a/pkg/apis/acid.zalan.do/v1/postgres_team_type.go
+++ b/pkg/apis/acid.zalan.do/v1/postgres_team_type.go
@ -17,9 +17,9 @@ type PostgresTeam struct {

 // PostgresTeamSpec defines the specification for the PostgresTeam TPR.
 type PostgresTeamSpec struct {
-	AdditionalAdminTeams map[string][]string `json:"additionalAdminTeams,omitempty"`
-	AdditionalTeams      map[string][]string `json:"additionalTeams,omitempty"`
-	AdditionalMembers    map[string][]string `json:"additionalMembers,omitempty"`
+	AdditionalSuperuserTeams map[string][]string `json:"additionalSuperuserTeams,omitempty"`
+	AdditionalTeams          map[string][]string `json:"additionalTeams,omitempty"`
+	AdditionalMembers        map[string][]string `json:"additionalMembers,omitempty"`
 }

 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
--- a/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go
@ -774,8 +774,8 @@ func (in *PostgresTeamList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *PostgresTeamSpec) DeepCopyInto(out *PostgresTeamSpec) {
 	*out = *in
-	if in.AdditionalAdminTeams != nil {
-		in, out := &in.AdditionalAdminTeams, &out.AdditionalAdminTeams
+	if in.AdditionalSuperuserTeams != nil {
+		in, out := &in.AdditionalSuperuserTeams, &out.AdditionalSuperuserTeams
 		*out = make(map[string][]string, len(*in))
 		for key, val := range *in {
 			var outVal []string
--- a/pkg/cluster/cluster.go
+++ b/pkg/cluster/cluster.go
@ -1130,27 +1130,24 @@ func (c *Cluster) initTeamMembers(teamID string, isPostgresSuperuserTeam bool) e

 func (c *Cluster) initHumanUsers() error {

-	adminTeams := c.PgTeamMap.GetAdditionalTeams(c.Spec.TeamID, true)
+	superuserTeams := c.PgTeamMap.GetAdditionalSuperuserTeams(c.Spec.TeamID, true)
 	var clusterIsOwnedBySuperuserTeam bool
 	for _, postgresSuperuserTeam := range c.OpConfig.PostgresSuperuserTeams {
-		isAdditionalAdminTeam := false
-		for _, adminTeam := range adminTeams {
-			if postgresSuperuserTeam == adminTeam {
-				isAdditionalAdminTeam = true
+		isAdditionalSuperuserTeam := false
+		for _, superuserTeam := range superuserTeams {
+			if postgresSuperuserTeam == superuserTeam {
+				isAdditionalSuperuserTeam = true
 			}
 		}
-		if !(isAdditionalAdminTeam) {
-			adminTeams = append(adminTeams, postgresSuperuserTeam)
-		}
-		if postgresSuperuserTeam == c.Spec.TeamID {
-			clusterIsOwnedBySuperuserTeam = true
-		}
 	}

-	for _, adminTeam := range adminTeams {
+	for _, superuserTeam := range superuserTeams {
 		err := c.initTeamMembers(adminTeam, true)
 		if err != nil {
-			return fmt.Errorf("Cannot create team %q of Postgres superusers: %v", adminTeam, err)
+			return fmt.Errorf("Cannot create team %q of Postgres superusers: %v", superuserTeam, err)
+		}
+		if superuserTeam == c.Spec.TeamID {
+			clusterIsOwnedBySuperuserTeam = true
 		}
 	}

--- a/pkg/teams/postgres_team.go
+++ b/pkg/teams/postgres_team.go
@ -8,9 +8,9 @@ import (
 type PostgresTeamMap map[string]postgresTeamMembership

 type postgresTeamMembership struct {
-	AdditionalAdminTeams []string
-	AdditionalTeams      []string
-	AdditionalMembers    []string
+	AdditionalSuperuserTeams []string
+	AdditionalTeams          []string
+	AdditionalMembers        []string
 }

 type teamHashSet map[string]map[string]struct{}
@ -55,26 +55,18 @@ func fetchTeams(teamset *map[string]struct{}, set teamHashSet) {
 	}
 }

-func (ptm *PostgresTeamMap) fetchAdditionalTeams(team string, adminTeams bool, transitive bool, exclude *[]string) []string {
+func (ptm *PostgresTeamMap) fetchAdditionalTeams(team string, superuserTeams bool, transitive bool, exclude *[]string) []string {

-	var teams, allTeams []string
+	var teams []string

-	if adminTeams {
-		teams = (*ptm)[team].AdditionalAdminTeams
-		allTeams = teams
-		for _, otherPrivilegedTeam := range (*ptm)[team].AdditionalTeams {
-			allTeams = append(allTeams, otherPrivilegedTeam)
-		}
+	if superuserTeams {
+		teams = (*ptm)[team].AdditionalSuperuserTeams
 	} else {
 		teams = (*ptm)[team].AdditionalTeams
-		allTeams = teams
-		for _, otherPrivilegedTeam := range (*ptm)[team].AdditionalAdminTeams {
-			allTeams = append(allTeams, otherPrivilegedTeam)
-		}
 	}
 	if transitive {
 		*exclude = append(*exclude, team)
-		for _, additionalTeam := range allTeams {
+		for _, additionalTeam := range teams {
 			getTransitiveTeams := true
 			for _, excludedTeam := range *exclude {
 				if additionalTeam == excludedTeam {
@ -82,7 +74,7 @@ func (ptm *PostgresTeamMap) fetchAdditionalTeams(team string, adminTeams bool, t
 				}
 			}
 			if getTransitiveTeams {
-				transitiveTeams := (*ptm).fetchAdditionalTeams(additionalTeam, adminTeams, transitive, exclude)
+				transitiveTeams := (*ptm).fetchAdditionalTeams(additionalTeam, superuserTeams, transitive, exclude)

 				if len(transitiveTeams) > 0 {
 					for _, transitiveTeam := range transitiveTeams {
@ -102,31 +94,31 @@ func (ptm *PostgresTeamMap) GetAdditionalTeams(team string, transitive bool) []s
 }

 // GetAdditionalTeams function to retrieve list of additional teams
-func (ptm *PostgresTeamMap) GetAdditionalAdminTeams(team string, transitive bool) []string {
+func (ptm *PostgresTeamMap) GetAdditionalSuperuserTeams(team string, transitive bool) []string {
 	return ptm.fetchAdditionalTeams(team, true, transitive, &[]string{})
 }

 // Load function to import data from PostgresTeam CRD
 func (ptm *PostgresTeamMap) Load(pgTeams *acidv1.PostgresTeamList) {
-	adminTeamSet := teamHashSet{}
+	superuserTeamSet := teamHashSet{}
 	teamSet := teamHashSet{}
 	teamMemberSet := teamHashSet{}
 	teamIDs := make(map[string]struct{})

 	for _, pgTeam := range pgTeams.Items {
-		adminTeamSet.mergeCrdMap(pgTeam.Spec.AdditionalAdminTeams)
+		superuserTeamSet.mergeCrdMap(pgTeam.Spec.AdditionalSuperuserTeams)
 		teamSet.mergeCrdMap(pgTeam.Spec.AdditionalTeams)
 		teamMemberSet.mergeCrdMap(pgTeam.Spec.AdditionalMembers)
 	}
-	fetchTeams(&teamIDs, adminTeamSet)
+	fetchTeams(&teamIDs, superuserTeamSet)
 	fetchTeams(&teamIDs, teamSet)
 	fetchTeams(&teamIDs, teamMemberSet)

 	for teamID := range teamIDs {
 		(*ptm)[teamID] = postgresTeamMembership{
-			AdditionalAdminTeams: adminTeamSet.toMap()[teamID],
-			AdditionalTeams:      teamSet.toMap()[teamID],
-			AdditionalMembers:    teamMemberSet.toMap()[teamID],
+			AdditionalSuperuserTeams: superuserTeamSet.toMap()[teamID],
+			AdditionalTeams:          teamSet.toMap()[teamID],
+			AdditionalMembers:        teamMemberSet.toMap()[teamID],
 		}
 	}
 }
--- a/pkg/teams/postgres_team_test.go
+++ b/pkg/teams/postgres_team_test.go
@ -38,7 +38,7 @@ func TestLoadingPostgresTeamCRD(t *testing.T) {
 							Name: "teamAB",
 						},
 						Spec: acidv1.PostgresTeamSpec{
-							AdditionalAdminTeams: map[string][]string{"teamA": []string{"teamB", "team24/7"}, "teamB": []string{"teamA", "team24/7"}},
+							AdditionalSuperuserTeams: map[string][]string{"teamA": []string{"teamB", "team24/7"}, "teamB": []string{"teamA", "team24/7"}},
 							AdditionalTeams:      map[string][]string{"teamA": []string{"teamC"}, "teamB": []string{}},
 							AdditionalMembers:    map[string][]string{"team24/7": []string{"optimusprime"}, "teamB": []string{"drno"}},
 						},
@ -51,7 +51,7 @@ func TestLoadingPostgresTeamCRD(t *testing.T) {
 							Name: "teamC",
 						},
 						Spec: acidv1.PostgresTeamSpec{
-							AdditionalAdminTeams: map[string][]string{"teamC": []string{"team24/7"}},
+							AdditionalSuperuserTeams: map[string][]string{"teamC": []string{"team24/7"}},
 							AdditionalTeams:      map[string][]string{"teamA": []string{"teamC"}, "teamC": []string{"teamA", "teamB"}},
 							AdditionalMembers:    map[string][]string{"acid": []string{"batman"}},
 						},
@ -60,27 +60,27 @@ func TestLoadingPostgresTeamCRD(t *testing.T) {
 			},
 			PostgresTeamMap{
 				"teamA": {
-					AdditionalAdminTeams: []string{"teamB", "team24/7"},
+					AdditionalSuperuserTeams: []string{"teamB", "team24/7"},
 					AdditionalTeams:      []string{"teamC"},
 					AdditionalMembers:    nil,
 				},
 				"teamB": {
-					AdditionalAdminTeams: []string{"teamA", "team24/7"},
+					AdditionalSuperuserTeams: []string{"teamA", "team24/7"},
 					AdditionalTeams:      []string{},
 					AdditionalMembers:    []string{"drno"},
 				},
 				"teamC": {
-					AdditionalAdminTeams: []string{"team24/7"},
+					AdditionalSuperuserTeams: []string{"team24/7"},
 					AdditionalTeams:      []string{"teamA", "teamB"},
 					AdditionalMembers:    nil,
 				},
 				"team24/7": {
-					AdditionalAdminTeams: nil,
+					AdditionalSuperuserTeams: nil,
 					AdditionalTeams:      nil,
 					AdditionalMembers:    []string{"optimusprime"},
 				},
 				"acid": {
-					AdditionalAdminTeams: nil,
+					AdditionalSuperuserTeams: nil,
 					AdditionalTeams:      nil,
 					AdditionalMembers:    []string{"batman"},
 				},