diff --git a/charts/postgres-operator/crds/postgresteams.yaml b/charts/postgres-operator/crds/postgresteams.yaml new file mode 100644 index 000000000..9038625b4 --- /dev/null +++ b/charts/postgres-operator/crds/postgresteams.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: postgresteams.acid.zalan.do + labels: + app.kubernetes.io/name: postgres-operator + annotations: + "helm.sh/hook": crd-install +spec: + group: acid.zalan.do + names: + kind: PostgresTeam + listKind: PostgresTeamList + plural: postgresteams + singular: postgresteam + shortNames: + - pgteam + scope: Namespaced + subresources: + status: {} + version: v1 + validation: + openAPIV3Schema: + type: object + required: + - kind + - apiVersion + - spec + properties: + kind: + type: string + enum: + - PostgresTeam + apiVersion: + type: string + enum: + - acid.zalan.do/v1 + spec: + type: object + properties: + additionalSuperuserTeams: + type: object + description: "Map for teamId and associted additional admin teams" + additionalProperties: + type: array + nullable: true + description: "List of teams to become Postgres admins" + items: + type: string + additionalTeams: + type: object + description: "Map for teamId and associted additional teams" + additionalProperties: + type: array + nullable: true + description: "List of teams whose members will also be added to the Postgres cluster" + items: + type: string + additionalMembers: + type: object + description: "Map for teamId and associted additional users" + additionalProperties: + type: array + nullable: true + description: "List of users who will also be added to the Postgres cluster" + items: + type: string diff --git a/charts/postgres-operator/templates/clusterrole.yaml b/charts/postgres-operator/templates/clusterrole.yaml index bd34e803e..a8a50ac08 100644 --- a/charts/postgres-operator/templates/clusterrole.yaml +++ b/charts/postgres-operator/templates/clusterrole.yaml @@ -15,6 +15,7 @@ rules: resources: - postgresqls - postgresqls/status + - postgresteams - operatorconfigurations verbs: - create diff --git a/manifests/custom-team-membership.yaml b/manifests/custom-team-membership.yaml new file mode 100644 index 000000000..9af153962 --- /dev/null +++ b/manifests/custom-team-membership.yaml @@ -0,0 +1,13 @@ +apiVersion: "acid.zalan.do/v1" +kind: PostgresTeam +metadata: + name: custom-team-membership +spec: + additionalSuperuserTeams: + acid: + - "postgres_superusers" + additionalTeams: + acid: [] + additionalMembers: + acid: + - "elephant" diff --git a/manifests/operator-service-account-rbac.yaml b/manifests/operator-service-account-rbac.yaml index 266df30c5..32e8969fa 100644 --- a/manifests/operator-service-account-rbac.yaml +++ b/manifests/operator-service-account-rbac.yaml @@ -16,6 +16,7 @@ rules: resources: - postgresqls - postgresqls/status + - postgresteams - operatorconfigurations verbs: - create diff --git a/manifests/postgresteam.crd.yaml b/manifests/postgresteam.crd.yaml index 153acda9d..d586a1006 100644 --- a/manifests/postgresteam.crd.yaml +++ b/manifests/postgresteam.crd.yaml @@ -26,7 +26,7 @@ spec: kind: type: string enum: - - postgresteam + - PostgresTeam apiVersion: type: string enum: @@ -52,7 +52,7 @@ spec: description: "List of teams whose members will also be added to the Postgres cluster" items: type: string - additionalUsers: + additionalMembers: type: object description: "Map for teamId and associted additional users" additionalProperties: diff --git a/pkg/apis/acid.zalan.do/v1/register.go b/pkg/apis/acid.zalan.do/v1/register.go index 1c30e35fb..9dcbf2baf 100644 --- a/pkg/apis/acid.zalan.do/v1/register.go +++ b/pkg/apis/acid.zalan.do/v1/register.go @@ -1,11 +1,10 @@ package v1 import ( + acidzalando "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - - "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do" ) // APIVersion of the `postgresql` and `operator` CRDs @@ -44,6 +43,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { // TODO: User uppercase CRDResourceKind of our types in the next major API version scheme.AddKnownTypeWithName(SchemeGroupVersion.WithKind("postgresql"), &Postgresql{}) scheme.AddKnownTypeWithName(SchemeGroupVersion.WithKind("postgresqlList"), &PostgresqlList{}) + scheme.AddKnownTypeWithName(SchemeGroupVersion.WithKind("PostgresTeam"), &PostgresTeam{}) + scheme.AddKnownTypeWithName(SchemeGroupVersion.WithKind("PostgresTeamList"), &PostgresTeamList{}) scheme.AddKnownTypeWithName(SchemeGroupVersion.WithKind("OperatorConfiguration"), &OperatorConfiguration{}) scheme.AddKnownTypeWithName(SchemeGroupVersion.WithKind("OperatorConfigurationList"), diff --git a/pkg/cluster/util.go b/pkg/cluster/util.go index 5edd74901..5990b4283 100644 --- a/pkg/cluster/util.go +++ b/pkg/cluster/util.go @@ -242,14 +242,7 @@ func (c *Cluster) getTeamMembers(teamID string) ([]string, error) { } for _, member := range teamInfo.Members { - contains := false - for _, additionalMember := range members { - if member == additionalMember { - contains = true - break - } - } - if !(contains) { + if !(util.SliceContains(members, member)) { members = append(members, member) } } diff --git a/pkg/controller/util.go b/pkg/controller/util.go index e9f65389d..38fb7bf36 100644 --- a/pkg/controller/util.go +++ b/pkg/controller/util.go @@ -396,7 +396,7 @@ func (c *Controller) getInfrastructureRole( } func (c *Controller) loadPostgresTeams(obj interface{}) { - var pgTeamMap teams.PostgresTeamMap + pgTeamMap := teams.PostgresTeamMap{} pgTeam, ok := obj.(*acidv1.PostgresTeam) if !ok { @@ -412,6 +412,7 @@ func (c *Controller) loadPostgresTeams(obj interface{}) { } func (c *Controller) updatePostgresTeams(prev, obj interface{}) { + c.logger.Debugf("reloading postgres team CRDs and overwriting cached map") c.loadPostgresTeams(obj) }