From 647a4d3023d4dd13e9d88e2bf7242237623b58bf Mon Sep 17 00:00:00 2001
From: Dmitry Dolgov <9erthalion6@gmail.com>
Date: Fri, 11 Oct 2019 11:06:14 +0200
Subject: [PATCH] Remove service accounts cache (#685)

For optimization purposes operator was creating a cache map to remember
if service accounts and role binding was deployed to a namespace. This
could lead to a problem, when a namespace was deleted, since this
cache was not synchronized. For the sake of correctness remove the
cache, and check every time if required service account and rbac is
present. In the normal case this introduces an overhead of two API calls
per an event (one to get a service accounts, one to get a role binding),
which should not be a problem, unless proven otherwise.
---
 pkg/controller/controller.go |  1 -
 pkg/controller/postgresql.go | 10 ++++------
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
index a492a85e2..9162ce27d 100644
--- a/pkg/controller/controller.go
+++ b/pkg/controller/controller.go
@@ -58,7 +58,6 @@ type Controller struct {
 
 	PodServiceAccount            *v1.ServiceAccount
 	PodServiceAccountRoleBinding *rbacv1beta1.RoleBinding
-	namespacesWithDefinedRBAC    sync.Map
 }
 
 // NewController creates a new controller
diff --git a/pkg/controller/postgresql.go b/pkg/controller/postgresql.go
index 5b76af12f..8e8f9ae85 100644
--- a/pkg/controller/postgresql.go
+++ b/pkg/controller/postgresql.go
@@ -493,17 +493,16 @@ func (c *Controller) postgresqlDelete(obj interface{}) {
 }
 
 /*
-  Ensures the pod service account and role bindings exists in a namespace before a PG cluster is created there so that a user does not have to deploy these credentials manually.
-  StatefulSets require the service account to create pods; Patroni requires relevant RBAC bindings to access endpoints.
+  Ensures the pod service account and role bindings exists in a namespace
+  before a PG cluster is created there so that a user does not have to deploy
+  these credentials manually.  StatefulSets require the service account to
+  create pods; Patroni requires relevant RBAC bindings to access endpoints.
 
   The operator does not sync accounts/role bindings after creation.
 */
 func (c *Controller) submitRBACCredentials(event ClusterEvent) error {
 
 	namespace := event.NewSpec.GetNamespace()
-	if _, ok := c.namespacesWithDefinedRBAC.Load(namespace); ok {
-		return nil
-	}
 
 	if err := c.createPodServiceAccount(namespace); err != nil {
 		return fmt.Errorf("could not create pod service account %v : %v", c.opConfig.PodServiceAccountName, err)
@@ -512,7 +511,6 @@ func (c *Controller) submitRBACCredentials(event ClusterEvent) error {
 	if err := c.createRoleBindings(namespace); err != nil {
 		return fmt.Errorf("could not create role binding %v : %v", c.PodServiceAccountRoleBinding.Name, err)
 	}
-	c.namespacesWithDefinedRBAC.Store(namespace, true)
 	return nil
 }