Various fixes

Sync pool user correctly, without overriding it. Fix numberOfInstances comparison in defaults. Fix maxDBConnections usage.
2020-03-06 13:32:04 +01:00 · 2020-03-06 13:32:04 +01:00 · 80fee17ea4
parent ab118dd78b
commit 80fee17ea4
3 changed files with 26 additions and 20 deletions
--- a/pkg/cluster/cluster.go
+++ b/pkg/cluster/cluster.go
@ -860,7 +860,6 @@ func (c *Cluster) initSystemUsers() {
 	// Connection pool user is an exception, if requested it's going to be
 	// created by operator as a normal pgUser
 	if c.needConnectionPool() {
-
 		// initialize empty connection pool if not done yet
 		if c.Spec.ConnectionPool == nil {
 			c.Spec.ConnectionPool = &acidv1.ConnectionPool{}
@ -870,11 +869,21 @@ func (c *Cluster) initSystemUsers() {
 			c.Spec.ConnectionPool.User,
 			c.OpConfig.ConnectionPool.User)

-		c.systemUsers[constants.ConnectionPoolUserKeyName] = spec.PgUser{
+		// connection pooler application should be able to login with this role
+		connPoolUser := spec.PgUser{
 			Origin:   spec.RoleConnectionPool,
 			Name:     username,
+			Flags:    []string{constants.RoleFlagLogin},
 			Password: util.RandomPassword(constants.PasswordLength),
 		}
+
+		if _, exists := c.pgUsers[username]; !exists {
+			c.pgUsers[username] = connPoolUser
+		}
+
+		if _, exists := c.systemUsers[constants.ConnectionPoolUserKeyName]; !exists {
+			c.systemUsers[constants.ConnectionPoolUserKeyName] = connPoolUser
+		}
 	}
 }

@ -1256,12 +1265,16 @@ func (c *Cluster) needSyncConnPoolDefaults(
 	podTemplate := deployment.Spec.Template
 	poolContainer := podTemplate.Spec.Containers[constants.ConnPoolContainer]

+	if spec == nil {
+		spec = &acidv1.ConnectionPool{}
+	}
+
 	if spec.NumberOfInstances == nil &&
-		deployment.Spec.Replicas != config.NumberOfInstances {
+		*deployment.Spec.Replicas != *config.NumberOfInstances {

 		sync = true
 		msg := fmt.Sprintf("NumberOfInstances is different (%d vs %d)",
-			deployment.Spec.Replicas, config.NumberOfInstances)
+			*deployment.Spec.Replicas, *config.NumberOfInstances)
 		reasons = append(reasons, msg)
 	}

--- a/pkg/cluster/k8sres.go
+++ b/pkg/cluster/k8sres.go
@ -1803,7 +1803,7 @@ func (c *Cluster) getConnPoolEnvVars(spec *acidv1.PostgresSpec) []v1.EnvVar {
 		},
 		{
 			Name:  "CONNECTION_POOL_MAX_DB_CONN",
-			Value: fmt.Sprint(effectiveMaxDBConn),
+			Value: fmt.Sprint(maxDBConn),
 		},
 	}
 }
--- a/pkg/cluster/sync.go
+++ b/pkg/cluster/sync.go
@ -413,12 +413,18 @@ func (c *Cluster) syncSecrets() error {
 			} else if secretUsername == c.systemUsers[constants.ReplicationUserKeyName].Name {
 				secretUsername = constants.ReplicationUserKeyName
 				userMap = c.systemUsers
+			} else if secretUsername == c.systemUsers[constants.ConnectionPoolUserKeyName].Name {
+				secretUsername = constants.ConnectionPoolUserKeyName
+				userMap = c.systemUsers
 			} else {
 				userMap = c.pgUsers
 			}
 			pwdUser := userMap[secretUsername]
 			// if this secret belongs to the infrastructure role and the password has changed - replace it in the secret
-			if pwdUser.Password != string(secret.Data["password"]) && pwdUser.Origin == spec.RoleOriginInfrastructure {
+			if pwdUser.Password != string(secret.Data["password"]) &&
+				(pwdUser.Origin == spec.RoleOriginInfrastructure ||
+					pwdUser.Origin == spec.RoleConnectionPool) {
+
 				c.logger.Debugf("updating the secret %q from the infrastructure roles", secretSpec.Name)
 				if _, err = c.KubeClient.Secrets(secretSpec.Namespace).Update(secretSpec); err != nil {
 					return fmt.Errorf("could not update infrastructure role secret for role %q: %v", secretUsername, err)
@ -466,6 +472,7 @@ func (c *Cluster) syncRoles() (err error) {
 	if c.needConnectionPool() {
 		connPoolUser := c.systemUsers[constants.ConnectionPoolUserKeyName]
 		userNames = append(userNames, connPoolUser.Name)
+		c.pgUsers[connPoolUser.Name] = connPoolUser
 	}

 	dbUsers, err = c.readPgUsersFromDatabase(userNames)
@ -473,20 +480,6 @@ func (c *Cluster) syncRoles() (err error) {
 		return fmt.Errorf("error getting users from the database: %v", err)
 	}

-	if c.needConnectionPool() {
-		connPoolUser := c.systemUsers[constants.ConnectionPoolUserKeyName]
-
-		// An exception from system users, connection pool user should be
-		// created by operator, but never updated. If connection pool user
-		// already exist, do not update it.
-		if _, exist := dbUsers[connPoolUser.Name]; exist {
-			delete(dbUsers, connPoolUser.Name)
-			delete(c.pgUsers, connPoolUser.Name)
-		} else {
-			c.pgUsers[connPoolUser.Name] = connPoolUser
-		}
-	}
-
 	pgSyncRequests := c.userSyncStrategy.ProduceSyncRequests(dbUsers, c.pgUsers)
 	if err = c.userSyncStrategy.ExecuteSyncRequests(pgSyncRequests, c.pgDb); err != nil {
 		return fmt.Errorf("error executing sync statements: %v", err)