new default values for user and role definition

charts/postgres-operator/crds/operatorconfigurations.yaml

@@ -138,7 +138,6 @@ spec:
                     type: object
                     required:
                       - secretname
-                      - userkey
                       - passwordkey
                     properties:
                       secretname:
@@ -149,6 +148,10 @@ spec:
                         type: string
                       rolekey:
                         type: string
+                      defaultuservalue:
+                        type: string
+                      defaultrolevalue:
+                        type: string
                       details:
                         type: string
                       template:

manifests/operatorconfiguration.crd.yaml

@@ -134,7 +134,6 @@ spec:
                     type: object
                     required:
                       - secretname
-                      - userkey
                       - passwordkey
                     properties:
                       secretname:
@@ -145,6 +144,10 @@ spec:
                         type: string
                       rolekey:
                         type: string
+                      defaultuservalue:
+                        type: string
+                      defaultrolevalue:
+                        type: string
                       details:
                         type: string
                       template:

pkg/apis/acid.zalan.do/v1/crds.go

@@ -916,7 +916,7 @@ var OperatorConfigCRDResourceValidation = apiextv1beta1.CustomResourceValidation
 								Items: &apiextv1beta1.JSONSchemaPropsOrArray{
 									Schema: &apiextv1beta1.JSONSchemaProps{
 										Type:     "object",
-										Required: []string{"secretname", "userkey", "passwordkey"},
+										Required: []string{"secretname", "passwordkey"},
 										Properties: map[string]apiextv1beta1.JSONSchemaProps{
 											"secretname": {
 												Type: "string",
@@ -930,6 +930,12 @@ var OperatorConfigCRDResourceValidation = apiextv1beta1.CustomResourceValidation
 											"rolekey": {
 												Type: "string",
 											},
+											"defaultuservalue": {
+												Type: "string",
+											},
+											"defaultrolevalue": {
+												Type: "string",
+											},
 											"details": {
 												Type: "string",
 											},

pkg/cluster/resources.go

@@ -207,7 +207,7 @@ func (c *Cluster) deleteConnectionPooler() (err error) {
 		serviceName = service.Name
 	}
 
-	// set delete propagation policy to foreground, so that all the dependant
+	// set delete propagation policy to foreground, so that all the dependent
 	// will be deleted.
 	err = c.KubeClient.
 		Services(c.Namespace).

pkg/cluster/sync.go

@@ -500,6 +500,7 @@ func (c *Cluster) syncSecrets() error {
 				c.logger.Warningf("secret %q does not contain the role %q", secretSpec.Name, secretUsername)
 				continue
 			}
+			c.Secrets[secret.UID] = secret
 			c.logger.Debugf("secret %q already exists, fetching its password", util.NameFromMeta(secret.ObjectMeta))
 			if secretUsername == c.systemUsers[constants.SuperuserKeyName].Name {
 				secretUsername = constants.SuperuserKeyName

pkg/controller/util.go

@@ -15,6 +15,7 @@ import (
 	acidv1 "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do/v1"
 	"github.com/zalando/postgres-operator/pkg/cluster"
 	"github.com/zalando/postgres-operator/pkg/spec"
+	"github.com/zalando/postgres-operator/pkg/util"
 	"github.com/zalando/postgres-operator/pkg/util/config"
 	"github.com/zalando/postgres-operator/pkg/util/k8sutil"
 	"gopkg.in/yaml.v2"
@@ -159,13 +160,17 @@ func (c *Controller) getInfrastructureRoleDefinitions() []*config.Infrastructure
 				roleDef.PasswordKey = value
 			case "rolekey":
 				roleDef.RoleKey = value
+			case "defaultuservalue":
+				roleDef.DefaultUserValue = value
+			case "defaultrolevalue":
+				roleDef.DefaultRoleValue = value
 			default:
 				c.logger.Warningf("Role description is not known: %s", properties)
 			}
 		}
 
 		if roleDef.SecretName != emptyName &&
-			roleDef.UserKey != "" &&
+			(roleDef.UserKey != "" || roleDef.DefaultUserValue != "") &&
 			roleDef.PasswordKey != "" {
 			rolesDefs = append(rolesDefs, &roleDef)
 		}
@@ -328,9 +333,10 @@ func (c *Controller) getInfrastructureRole(
 				return nil, fmt.Errorf("could not decode yaml role: %v", err)
 			}
 		} else {
-			roleDescr.Name = string(secretData[infraRole.UserKey])
+			roleDescr.Name = util.Coalesce(string(secretData[infraRole.UserKey]), infraRole.DefaultUserValue)
 			roleDescr.Password = string(secretData[infraRole.PasswordKey])
-			roleDescr.MemberOf = append(roleDescr.MemberOf, string(secretData[infraRole.RoleKey]))
+			roleDescr.MemberOf = append(roleDescr.MemberOf,
+				util.Coalesce(string(secretData[infraRole.RoleKey]), infraRole.DefaultRoleValue))
 		}
 
 		if roleDescr.Valid() {

pkg/controller/util_test.go

@@ -326,6 +326,25 @@ func TestInfrastructureRoleDefinitions(t *testing.T) {
 				},
 			},
 		},
+		// new configmap format with defaultRoleValue
+		{
+			[]*config.InfrastructureRole{},
+			spec.NamespacedName{},
+			"secretname: infrastructureroles-new-test, userkey: test-user, passwordkey: test-password, defaultrolevalue: test-role",
+			[]*config.InfrastructureRole{
+				&config.InfrastructureRole{
+					SecretName: spec.NamespacedName{
+						Namespace: v1.NamespaceDefault,
+						Name:      testInfrastructureRolesNewSecretName,
+					},
+					UserKey:          "test-user",
+					PasswordKey:      "test-password",
+					RoleKey:          "",
+					DefaultRoleValue: "test-role",
+					Template:         false,
+				},
+			},
+		},
 		// only old CRD and configmap format
 		{
 			[]*config.InfrastructureRole{},

pkg/util/config/config.go

@@ -61,6 +61,9 @@ type InfrastructureRole struct {
 	PasswordKey string
 	RoleKey     string
 
+	DefaultUserValue string
+	DefaultRoleValue string
+
 	// This field point out the detailed yaml definition of the role, if exists
 	Details string