delete secrets of system users too
This commit is contained in:
Felix Kunde
parent
8ff7658ed3
commit
782349dd98
|
|
@ -822,10 +822,6 @@ func (c *Cluster) Delete() {
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, obj := range c.Secrets {
|
for _, obj := range c.Secrets {
|
||||||
if doDelete, user := c.shouldDeleteSecret(obj); !doDelete {
|
|
||||||
c.logger.Warningf("not removing secret %q for the system user %q", obj.GetName(), user)
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
if err := c.deleteSecret(obj); err != nil {
|
if err := c.deleteSecret(obj); err != nil {
|
||||||
c.logger.Warningf("could not delete secret: %v", err)
|
c.logger.Warningf("could not delete secret: %v", err)
|
||||||
}
|
}
|
||||||
|
|
@ -1300,11 +1296,6 @@ func (c *Cluster) Unlock() {
|
||||||
c.mu.Unlock()
|
c.mu.Unlock()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Cluster) shouldDeleteSecret(secret *v1.Secret) (delete bool, userName string) {
|
|
||||||
secretUser := string(secret.Data["username"])
|
|
||||||
return (secretUser != c.OpConfig.ReplicationUsername && secretUser != c.OpConfig.SuperUsername), secretUser
|
|
||||||
}
|
|
||||||
|
|
||||||
type simpleActionWithResult func() error
|
type simpleActionWithResult func() error
|
||||||
|
|
||||||
type clusterObjectGet func(name string) (spec.NamespacedName, error)
|
type clusterObjectGet func(name string) (spec.NamespacedName, error)
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,6 @@ import (
|
||||||
"github.com/zalando/postgres-operator/pkg/util/constants"
|
"github.com/zalando/postgres-operator/pkg/util/constants"
|
||||||
"github.com/zalando/postgres-operator/pkg/util/k8sutil"
|
"github.com/zalando/postgres-operator/pkg/util/k8sutil"
|
||||||
"github.com/zalando/postgres-operator/pkg/util/teams"
|
"github.com/zalando/postgres-operator/pkg/util/teams"
|
||||||
v1 "k8s.io/api/core/v1"
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/client-go/tools/record"
|
"k8s.io/client-go/tools/record"
|
||||||
)
|
)
|
||||||
|
|
@ -334,36 +333,6 @@ func TestInitHumanUsersWithSuperuserTeams(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldDeleteSecret(t *testing.T) {
|
|
||||||
testName := "TestShouldDeleteSecret"
|
|
||||||
|
|
||||||
tests := []struct {
|
|
||||||
secret *v1.Secret
|
|
||||||
outcome bool
|
|
||||||
}{
|
|
||||||
{
|
|
||||||
secret: &v1.Secret{Data: map[string][]byte{"username": []byte("foobar")}},
|
|
||||||
outcome: true,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
secret: &v1.Secret{Data: map[string][]byte{"username": []byte(superUserName)}},
|
|
||||||
|
|
||||||
outcome: false,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
secret: &v1.Secret{Data: map[string][]byte{"username": []byte(replicationUserName)}},
|
|
||||||
outcome: false,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, tt := range tests {
|
|
||||||
if outcome, username := cl.shouldDeleteSecret(tt.secret); outcome != tt.outcome {
|
|
||||||
t.Errorf("%s expects the check for deletion of the username %q secret to return %t, got %t",
|
|
||||||
testName, username, tt.outcome, outcome)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestPodAnnotations(t *testing.T) {
|
func TestPodAnnotations(t *testing.T) {
|
||||||
testName := "TestPodAnnotations"
|
testName := "TestPodAnnotations"
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue