new default values for user and role definition
This commit is contained in:
Felix Kunde
parent
d68ef1a20e
commit
5d7c0959dc
|
|
@ -138,7 +138,6 @@ spec:
|
|||
type: object
|
||||
required:
|
||||
- secretname
|
||||
- userkey
|
||||
- passwordkey
|
||||
properties:
|
||||
secretname:
|
||||
|
|
@ -149,6 +148,10 @@ spec:
|
|||
type: string
|
||||
rolekey:
|
||||
type: string
|
||||
defaultuservalue:
|
||||
type: string
|
||||
defaultrolevalue:
|
||||
type: string
|
||||
details:
|
||||
type: string
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -134,7 +134,6 @@ spec:
|
|||
type: object
|
||||
required:
|
||||
- secretname
|
||||
- userkey
|
||||
- passwordkey
|
||||
properties:
|
||||
secretname:
|
||||
|
|
@ -145,6 +144,10 @@ spec:
|
|||
type: string
|
||||
rolekey:
|
||||
type: string
|
||||
defaultuservalue:
|
||||
type: string
|
||||
defaultrolevalue:
|
||||
type: string
|
||||
details:
|
||||
type: string
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -916,7 +916,7 @@ var OperatorConfigCRDResourceValidation = apiextv1beta1.CustomResourceValidation
|
|||
Items: &apiextv1beta1.JSONSchemaPropsOrArray{
|
||||
Schema: &apiextv1beta1.JSONSchemaProps{
|
||||
Type: "object",
|
||||
Required: []string{"secretname", "userkey", "passwordkey"},
|
||||
Required: []string{"secretname", "passwordkey"},
|
||||
Properties: map[string]apiextv1beta1.JSONSchemaProps{
|
||||
"secretname": {
|
||||
Type: "string",
|
||||
|
|
@ -930,6 +930,12 @@ var OperatorConfigCRDResourceValidation = apiextv1beta1.CustomResourceValidation
|
|||
"rolekey": {
|
||||
Type: "string",
|
||||
},
|
||||
"defaultuservalue": {
|
||||
Type: "string",
|
||||
},
|
||||
"defaultrolevalue": {
|
||||
Type: "string",
|
||||
},
|
||||
"details": {
|
||||
Type: "string",
|
||||
},
|
||||
|
|
|
|||
|
|
@ -207,7 +207,7 @@ func (c *Cluster) deleteConnectionPooler() (err error) {
|
|||
serviceName = service.Name
|
||||
}
|
||||
|
||||
// set delete propagation policy to foreground, so that all the dependant
|
||||
// set delete propagation policy to foreground, so that all the dependent
|
||||
// will be deleted.
|
||||
err = c.KubeClient.
|
||||
Services(c.Namespace).
|
||||
|
|
|
|||
|
|
@ -500,6 +500,7 @@ func (c *Cluster) syncSecrets() error {
|
|||
c.logger.Warningf("secret %q does not contain the role %q", secretSpec.Name, secretUsername)
|
||||
continue
|
||||
}
|
||||
c.Secrets[secret.UID] = secret
|
||||
c.logger.Debugf("secret %q already exists, fetching its password", util.NameFromMeta(secret.ObjectMeta))
|
||||
if secretUsername == c.systemUsers[constants.SuperuserKeyName].Name {
|
||||
secretUsername = constants.SuperuserKeyName
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import (
|
|||
acidv1 "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do/v1"
|
||||
"github.com/zalando/postgres-operator/pkg/cluster"
|
||||
"github.com/zalando/postgres-operator/pkg/spec"
|
||||
"github.com/zalando/postgres-operator/pkg/util"
|
||||
"github.com/zalando/postgres-operator/pkg/util/config"
|
||||
"github.com/zalando/postgres-operator/pkg/util/k8sutil"
|
||||
"gopkg.in/yaml.v2"
|
||||
|
|
@ -159,13 +160,17 @@ func (c *Controller) getInfrastructureRoleDefinitions() []*config.Infrastructure
|
|||
roleDef.PasswordKey = value
|
||||
case "rolekey":
|
||||
roleDef.RoleKey = value
|
||||
case "defaultuservalue":
|
||||
roleDef.DefaultUserValue = value
|
||||
case "defaultrolevalue":
|
||||
roleDef.DefaultRoleValue = value
|
||||
default:
|
||||
c.logger.Warningf("Role description is not known: %s", properties)
|
||||
}
|
||||
}
|
||||
|
||||
if roleDef.SecretName != emptyName &&
|
||||
roleDef.UserKey != "" &&
|
||||
(roleDef.UserKey != "" || roleDef.DefaultUserValue != "") &&
|
||||
roleDef.PasswordKey != "" {
|
||||
rolesDefs = append(rolesDefs, &roleDef)
|
||||
}
|
||||
|
|
@ -328,9 +333,10 @@ func (c *Controller) getInfrastructureRole(
|
|||
return nil, fmt.Errorf("could not decode yaml role: %v", err)
|
||||
}
|
||||
} else {
|
||||
roleDescr.Name = string(secretData[infraRole.UserKey])
|
||||
roleDescr.Name = util.Coalesce(string(secretData[infraRole.UserKey]), infraRole.DefaultUserValue)
|
||||
roleDescr.Password = string(secretData[infraRole.PasswordKey])
|
||||
roleDescr.MemberOf = append(roleDescr.MemberOf, string(secretData[infraRole.RoleKey]))
|
||||
roleDescr.MemberOf = append(roleDescr.MemberOf,
|
||||
util.Coalesce(string(secretData[infraRole.RoleKey]), infraRole.DefaultRoleValue))
|
||||
}
|
||||
|
||||
if roleDescr.Valid() {
|
||||
|
|
|
|||
|
|
@ -326,6 +326,25 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
// new configmap format with defaultRoleValue
|
||||
{
|
||||
[]*config.InfrastructureRole{},
|
||||
spec.NamespacedName{},
|
||||
"secretname: infrastructureroles-new-test, userkey: test-user, passwordkey: test-password, defaultrolevalue: test-role",
|
||||
[]*config.InfrastructureRole{
|
||||
&config.InfrastructureRole{
|
||||
SecretName: spec.NamespacedName{
|
||||
Namespace: v1.NamespaceDefault,
|
||||
Name: testInfrastructureRolesNewSecretName,
|
||||
},
|
||||
UserKey: "test-user",
|
||||
PasswordKey: "test-password",
|
||||
RoleKey: "",
|
||||
DefaultRoleValue: "test-role",
|
||||
Template: false,
|
||||
},
|
||||
},
|
||||
},
|
||||
// only old CRD and configmap format
|
||||
{
|
||||
[]*config.InfrastructureRole{},
|
||||
|
|
|
|||
|
|
@ -61,6 +61,9 @@ type InfrastructureRole struct {
|
|||
PasswordKey string
|
||||
RoleKey string
|
||||
|
||||
DefaultUserValue string
|
||||
DefaultRoleValue string
|
||||
|
||||
// This field point out the detailed yaml definition of the role, if exists
|
||||
Details string
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue