Superuser toggle for team members

Make superuser toggleable for team members. Add and "admin" role to team members if superuser is disabled.

.gitignore

@@ -26,5 +26,6 @@ _testmain.go
 /.glide/
 /build/
 /docker/build/
+.idea
 
 scm-source.json

manifests/configmap.yaml

@@ -27,6 +27,9 @@ data:
   resource_check_timeout: 10m
   resync_period: 5m
   super_username: postgres
+  enable_teams_api: "false"
+  enable_team_superuser: "false"
+  team_admin_role: "admin"
   teams_api_url: http://fake-teams-api.default.svc.cluster.local
   workers: "4"
   enable_load_balancer: "true"

pkg/cluster/cluster.go

@@ -644,8 +644,17 @@ func (c *Cluster) initHumanUsers() error {
 		return fmt.Errorf("could not get list of team members: %v", err)
 	}
 	for _, username := range teamMembers {
-		flags := []string{constants.RoleFlagLogin, constants.RoleFlagSuperuser}
+		flags := []string{constants.RoleFlagLogin}
 		memberOf := []string{c.OpConfig.PamRoleName}
+
+		if c.OpConfig.EnableTeamSuperuser {
+			flags = append(flags, constants.RoleFlagSuperuser)
+		} else {
+			if c.OpConfig.TeamAdminRole != "" {
+				memberOf = append(memberOf, c.OpConfig.TeamAdminRole)
+			}
+		}
+
 		c.pgUsers[username] = spec.PgUser{Name: username, Flags: flags, MemberOf: memberOf}
 	}
 

pkg/util/config/config.go

@@ -58,6 +58,8 @@ type Config struct {
 	DebugLogging          bool           `name:"debug_logging" default:"true"`
 	EnableDBAccess        bool           `name:"enable_database_access" default:"true"`
 	EnableTeamsAPI        bool           `name:"enable_teams_api" default:"true"`
+	EnableTeamSuperuser   bool           `name:"enable_team_superuser" default:"false"`
+	TeamAdminRole         string         `name:"team_admin_role" default:"admin"`
 	EnableLoadBalancer    bool           `name:"enable_load_balancer" default:"true"`
 	MasterDNSNameFormat   stringTemplate `name:"master_dns_name_format" default:"{cluster}.{team}.{hostedzone}"`
 	ReplicaDNSNameFormat  stringTemplate `name:"replica_dns_name_format" default:"{cluster}-repl.{team}.{hostedzone}"`