diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index 603011650..9a90af23c 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -860,7 +860,6 @@ func (c *Cluster) initSystemUsers() { // Connection pool user is an exception, if requested it's going to be // created by operator as a normal pgUser if c.needConnectionPool() { - // initialize empty connection pool if not done yet if c.Spec.ConnectionPool == nil { c.Spec.ConnectionPool = &acidv1.ConnectionPool{} @@ -870,11 +869,21 @@ func (c *Cluster) initSystemUsers() { c.Spec.ConnectionPool.User, c.OpConfig.ConnectionPool.User) - c.systemUsers[constants.ConnectionPoolUserKeyName] = spec.PgUser{ + // connection pooler application should be able to login with this role + connPoolUser := spec.PgUser{ Origin: spec.RoleConnectionPool, Name: username, + Flags: []string{constants.RoleFlagLogin}, Password: util.RandomPassword(constants.PasswordLength), } + + if _, exists := c.pgUsers[username]; !exists { + c.pgUsers[username] = connPoolUser + } + + if _, exists := c.systemUsers[constants.ConnectionPoolUserKeyName]; !exists { + c.systemUsers[constants.ConnectionPoolUserKeyName] = connPoolUser + } } } @@ -1256,12 +1265,16 @@ func (c *Cluster) needSyncConnPoolDefaults( podTemplate := deployment.Spec.Template poolContainer := podTemplate.Spec.Containers[constants.ConnPoolContainer] + if spec == nil { + spec = &acidv1.ConnectionPool{} + } + if spec.NumberOfInstances == nil && - deployment.Spec.Replicas != config.NumberOfInstances { + *deployment.Spec.Replicas != *config.NumberOfInstances { sync = true msg := fmt.Sprintf("NumberOfInstances is different (%d vs %d)", - deployment.Spec.Replicas, config.NumberOfInstances) + *deployment.Spec.Replicas, *config.NumberOfInstances) reasons = append(reasons, msg) } diff --git a/pkg/cluster/k8sres.go b/pkg/cluster/k8sres.go index 67417f277..333e8aa51 100644 --- a/pkg/cluster/k8sres.go +++ b/pkg/cluster/k8sres.go @@ -1803,7 +1803,7 @@ func (c *Cluster) getConnPoolEnvVars(spec *acidv1.PostgresSpec) []v1.EnvVar { }, { Name: "CONNECTION_POOL_MAX_DB_CONN", - Value: fmt.Sprint(effectiveMaxDBConn), + Value: fmt.Sprint(maxDBConn), }, } } diff --git a/pkg/cluster/sync.go b/pkg/cluster/sync.go index 27f024c95..f3f7d33f3 100644 --- a/pkg/cluster/sync.go +++ b/pkg/cluster/sync.go @@ -413,12 +413,18 @@ func (c *Cluster) syncSecrets() error { } else if secretUsername == c.systemUsers[constants.ReplicationUserKeyName].Name { secretUsername = constants.ReplicationUserKeyName userMap = c.systemUsers + } else if secretUsername == c.systemUsers[constants.ConnectionPoolUserKeyName].Name { + secretUsername = constants.ConnectionPoolUserKeyName + userMap = c.systemUsers } else { userMap = c.pgUsers } pwdUser := userMap[secretUsername] // if this secret belongs to the infrastructure role and the password has changed - replace it in the secret - if pwdUser.Password != string(secret.Data["password"]) && pwdUser.Origin == spec.RoleOriginInfrastructure { + if pwdUser.Password != string(secret.Data["password"]) && + (pwdUser.Origin == spec.RoleOriginInfrastructure || + pwdUser.Origin == spec.RoleConnectionPool) { + c.logger.Debugf("updating the secret %q from the infrastructure roles", secretSpec.Name) if _, err = c.KubeClient.Secrets(secretSpec.Namespace).Update(secretSpec); err != nil { return fmt.Errorf("could not update infrastructure role secret for role %q: %v", secretUsername, err) @@ -466,6 +472,7 @@ func (c *Cluster) syncRoles() (err error) { if c.needConnectionPool() { connPoolUser := c.systemUsers[constants.ConnectionPoolUserKeyName] userNames = append(userNames, connPoolUser.Name) + c.pgUsers[connPoolUser.Name] = connPoolUser } dbUsers, err = c.readPgUsersFromDatabase(userNames) @@ -473,20 +480,6 @@ func (c *Cluster) syncRoles() (err error) { return fmt.Errorf("error getting users from the database: %v", err) } - if c.needConnectionPool() { - connPoolUser := c.systemUsers[constants.ConnectionPoolUserKeyName] - - // An exception from system users, connection pool user should be - // created by operator, but never updated. If connection pool user - // already exist, do not update it. - if _, exist := dbUsers[connPoolUser.Name]; exist { - delete(dbUsers, connPoolUser.Name) - delete(c.pgUsers, connPoolUser.Name) - } else { - c.pgUsers[connPoolUser.Name] = connPoolUser - } - } - pgSyncRequests := c.userSyncStrategy.ProduceSyncRequests(dbUsers, c.pgUsers) if err = c.userSyncStrategy.ExecuteSyncRequests(pgSyncRequests, c.pgDb); err != nil { return fmt.Errorf("error executing sync statements: %v", err)