public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

check for superusers when creating normal teams

This commit is contained in:
Felix Kunde 2020-10-16 11:50:22 +02:00
parent 8372c00127
commit d246e8492b
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/cluster/cluster.go
View File

@ -1160,9 +1160,11 @@ func (c *Cluster) initHumanUsers() error {
additionalTeams := c.PgTeamMap.GetAdditionalTeams(c.Spec.TeamID, true) additionalTeams := c.PgTeamMap.GetAdditionalTeams(c.Spec.TeamID, true)
for _, additionalTeam := range additionalTeams { for _, additionalTeam := range additionalTeams {
err := c.initTeamMembers(additionalTeam, false) if !(util.SliceContains(superuserTeams, additionalTeam)) {
if err != nil { err := c.initTeamMembers(additionalTeam, false)
return fmt.Errorf("Cannot create additional team %q for cluster owner by %q: %v", additionalTeam, c.Spec.TeamID, err) if err != nil {
return fmt.Errorf("Cannot create additional team %q for cluster owner by %q: %v", additionalTeam, c.Spec.TeamID, err)
}
} }
} }

10
pkg/teams/postgres_team_test.go
View File

@ -26,7 +26,7 @@ var (
Name: "teamAB", Name: "teamAB",
}, },
Spec: acidv1.PostgresTeamSpec{ Spec: acidv1.PostgresTeamSpec{
AdditionalSuperuserTeams: map[string][]string{"teamA": []string{"teamB", "team24/7"}, "teamB": []string{"teamA", "team24/7"}}, AdditionalSuperuserTeams: map[string][]string{"teamA": []string{"teamB", "team24/7"}, "teamB": []string{"teamA", "teamC", "team24/7"}},
AdditionalTeams: map[string][]string{"teamA": []string{"teamC"}, "teamB": []string{}}, AdditionalTeams: map[string][]string{"teamA": []string{"teamC"}, "teamB": []string{}},
AdditionalMembers: map[string][]string{"team24/7": []string{"optimusprime"}, "teamB": []string{"drno"}}, AdditionalMembers: map[string][]string{"team24/7": []string{"optimusprime"}, "teamB": []string{"drno"}},
}, },
@ -66,7 +66,7 @@ func TestLoadingPostgresTeamCRD(t *testing.T) {
AdditionalMembers: nil, AdditionalMembers: nil,
}, },
"teamB": { "teamB": {
AdditionalSuperuserTeams: []string{"teamA", "team24/7"}, AdditionalSuperuserTeams: []string{"teamA", "teamC", "team24/7"},
AdditionalTeams: []string{}, AdditionalTeams: []string{},
AdditionalMembers: []string{"drno"}, AdditionalMembers: []string{"drno"},
}, },
@ -153,17 +153,17 @@ func TestGetAdditionalSuperuserTeams(t *testing.T) {
error string error string
}{ }{
{ {
"Check that additional teams are returned", "Check that additional superuser teams are returned",
"teamA", "teamA",
false, false,
[]string{"teamB", "team24/7"}, []string{"teamB", "team24/7"},
"GetAdditionalTeams returns wrong list", "GetAdditionalTeams returns wrong list",
}, },
{ {
"Check that additional teams are returned incl. transitive teams", "Check that additional superuser teams are returned incl. transitive superuser teams",
"teamA", "teamA",
true, true,
[]string{"teamB", "team24/7"}, []string{"teamB", "teamC", "team24/7"},
"GetAdditionalTeams returns wrong list", "GetAdditionalTeams returns wrong list",
}, },
} }