delete secrets of system users too
This commit is contained in:
Felix Kunde
parent
8ff7658ed3
commit
782349dd98
|
|
@ -822,10 +822,6 @@ func (c *Cluster) Delete() {
|
|||
}
|
||||
|
||||
for _, obj := range c.Secrets {
|
||||
if doDelete, user := c.shouldDeleteSecret(obj); !doDelete {
|
||||
c.logger.Warningf("not removing secret %q for the system user %q", obj.GetName(), user)
|
||||
continue
|
||||
}
|
||||
if err := c.deleteSecret(obj); err != nil {
|
||||
c.logger.Warningf("could not delete secret: %v", err)
|
||||
}
|
||||
|
|
@ -1300,11 +1296,6 @@ func (c *Cluster) Unlock() {
|
|||
c.mu.Unlock()
|
||||
}
|
||||
|
||||
func (c *Cluster) shouldDeleteSecret(secret *v1.Secret) (delete bool, userName string) {
|
||||
secretUser := string(secret.Data["username"])
|
||||
return (secretUser != c.OpConfig.ReplicationUsername && secretUser != c.OpConfig.SuperUsername), secretUser
|
||||
}
|
||||
|
||||
type simpleActionWithResult func() error
|
||||
|
||||
type clusterObjectGet func(name string) (spec.NamespacedName, error)
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ import (
|
|||
"github.com/zalando/postgres-operator/pkg/util/constants"
|
||||
"github.com/zalando/postgres-operator/pkg/util/k8sutil"
|
||||
"github.com/zalando/postgres-operator/pkg/util/teams"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/client-go/tools/record"
|
||||
)
|
||||
|
|
@ -334,36 +333,6 @@ func TestInitHumanUsersWithSuperuserTeams(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestShouldDeleteSecret(t *testing.T) {
|
||||
testName := "TestShouldDeleteSecret"
|
||||
|
||||
tests := []struct {
|
||||
secret *v1.Secret
|
||||
outcome bool
|
||||
}{
|
||||
{
|
||||
secret: &v1.Secret{Data: map[string][]byte{"username": []byte("foobar")}},
|
||||
outcome: true,
|
||||
},
|
||||
{
|
||||
secret: &v1.Secret{Data: map[string][]byte{"username": []byte(superUserName)}},
|
||||
|
||||
outcome: false,
|
||||
},
|
||||
{
|
||||
secret: &v1.Secret{Data: map[string][]byte{"username": []byte(replicationUserName)}},
|
||||
outcome: false,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
if outcome, username := cl.shouldDeleteSecret(tt.secret); outcome != tt.outcome {
|
||||
t.Errorf("%s expects the check for deletion of the username %q secret to return %t, got %t",
|
||||
testName, username, tt.outcome, outcome)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestPodAnnotations(t *testing.T) {
|
||||
testName := "TestPodAnnotations"
|
||||
tests := []struct {
|
||||
|
|
|
|||
Loading…
Reference in New Issue