public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix syncSecrets and remove pooler secret

This commit is contained in:
Felix Kunde 2020-08-10 08:59:09 +02:00
parent 7cf2fae6df
commit 521c27ffc8
3 changed files with 44 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/cluster/cluster.go
View File

@ -124,7 +124,7 @@ func New(cfg Config, kubeClient k8sutil.KubernetesClient, pgSpec acidv1.Postgres
return fmt.Sprintf("%s-%s", e.PodName, e.ResourceVersion), nil return fmt.Sprintf("%s-%s", e.PodName, e.ResourceVersion), nil
}) })
password_encryption, ok := pgSpec.Spec.PostgresqlParam.Parameters["password_encryption"] password_encryption, ok := pgSpec.Spec.PostgresqlParam.Parameters["password_encryption"]
if !ok { if !ok {
password_encryption = "md5" password_encryption = "md5"
} }

49
pkg/cluster/resources.go
View File

@ -13,7 +13,9 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
"github.com/zalando/postgres-operator/pkg/spec"
"github.com/zalando/postgres-operator/pkg/util" "github.com/zalando/postgres-operator/pkg/util"
"github.com/zalando/postgres-operator/pkg/util/constants"
"github.com/zalando/postgres-operator/pkg/util/k8sutil" "github.com/zalando/postgres-operator/pkg/util/k8sutil"
"github.com/zalando/postgres-operator/pkg/util/retryutil" "github.com/zalando/postgres-operator/pkg/util/retryutil"
) )
@ -207,8 +209,6 @@ func (c *Cluster) deleteConnectionPooler() (err error) {
serviceName = service.Name serviceName = service.Name
} }
// set delete propagation policy to foreground, so that all the dependant
// will be deleted.
err = c.KubeClient. err = c.KubeClient.
Services(c.Namespace). Services(c.Namespace).
Delete(context.TODO(), serviceName, options) Delete(context.TODO(), serviceName, options)
@ -221,6 +221,29 @@ func (c *Cluster) deleteConnectionPooler() (err error) {
c.logger.Infof("Connection pooler service %q has been deleted", serviceName) c.logger.Infof("Connection pooler service %q has been deleted", serviceName)
// Repeat the same for the secret object
connectionPoolerUser := spec.PgUser{
Origin: spec.RoleConnectionPooler,
Name: c.OpConfig.ConnectionPooler.User,
Flags: []string{constants.RoleFlagLogin},
Password: util.RandomPassword(constants.PasswordLength),
}
secretTemplate := c.generateSingleUserSecret(c.Namespace, connectionPoolerUser)
secret, err := c.KubeClient.
Secrets(c.Namespace).
Get(context.TODO(), secretTemplate.Name, metav1.GetOptions{})
if err != nil {
c.logger.Debugf("could not get connection pooler secret %q: %v", secretTemplate.Name, err)
} else {
uid := secret.UID
if err = c.deleteSecret(uid, *secret); err != nil {
return fmt.Errorf("could not delete pooler secret: %v", err)
}
c.Secrets[uid] = nil
}
c.ConnectionPooler = nil c.ConnectionPooler = nil
return nil return nil
} }
@ -730,14 +753,11 @@ func (c *Cluster) deleteSecrets() error {
var errors []string var errors []string
errorCount := 0 errorCount := 0
for uid, secret := range c.Secrets { for uid, secret := range c.Secrets {
c.logger.Debugf("deleting secret %q", util.NameFromMeta(secret.ObjectMeta)) err := c.deleteSecret(uid, *secret)
err := c.KubeClient.Secrets(secret.Namespace).Delete(context.TODO(), secret.Name, c.deleteOptions)
if err != nil { if err != nil {
errors = append(errors, fmt.Sprintf("could not delete secret %q: %v", util.NameFromMeta(secret.ObjectMeta), err)) errors = append(errors, fmt.Sprintf("%v", err))
errorCount++ errorCount++
} }
c.logger.Infof("secret %q has been deleted", util.NameFromMeta(secret.ObjectMeta))
c.Secrets[uid] = nil
} }
if errorCount > 0 { if errorCount > 0 {
@ -747,6 +767,21 @@ func (c *Cluster) deleteSecrets() error {
return nil return nil
} }
func (c *Cluster) deleteSecret(uid types.UID, secret v1.Secret) error {
c.setProcessName("deleting secret")
c.logger.Debugf("deleting secret %q", util.NameFromMeta(secret.ObjectMeta))
err := c.KubeClient.Secrets(secret.Namespace).Delete(context.TODO(), secret.Name, c.deleteOptions)
if k8sutil.ResourceNotFound(err) {
c.logger.Debugf("Connection pooler secret was already deleted")
} else if err != nil {
return fmt.Errorf("could not delete secret %q: %v", util.NameFromMeta(secret.ObjectMeta), err)
}
c.logger.Infof("secret %q has been deleted", util.NameFromMeta(secret.ObjectMeta))
c.Secrets[uid] = nil
return nil
}
func (c *Cluster) createRoles() (err error) { func (c *Cluster) createRoles() (err error) {
// TODO: figure out what to do with duplicate names (humans and robots) among pgUsers // TODO: figure out what to do with duplicate names (humans and robots) among pgUsers
return c.syncRoles() return c.syncRoles()

1
pkg/cluster/sync.go
View File

@ -500,6 +500,7 @@ func (c *Cluster) syncSecrets() error {
c.logger.Warningf("secret %q does not contain the role %q", secretSpec.Name, secretUsername) c.logger.Warningf("secret %q does not contain the role %q", secretSpec.Name, secretUsername)
continue continue
} }
c.Secrets[secret.UID] = secret
c.logger.Debugf("secret %q already exists, fetching its password", util.NameFromMeta(secret.ObjectMeta)) c.logger.Debugf("secret %q already exists, fetching its password", util.NameFromMeta(secret.ObjectMeta))
if secretUsername == c.systemUsers[constants.SuperuserKeyName].Name { if secretUsername == c.systemUsers[constants.SuperuserKeyName].Name {
secretUsername = constants.SuperuserKeyName secretUsername = constants.SuperuserKeyName