public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

check for superusers when creating normal teams

This commit is contained in:
Felix Kunde 2020-10-16 11:50:22 +02:00
parent 8372c00127
commit d246e8492b
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/cluster/cluster.go
View File

@ -1160,9 +1160,11 @@ func (c *Cluster) initHumanUsers() error {
additionalTeams := c.PgTeamMap.GetAdditionalTeams(c.Spec.TeamID, true)
for _, additionalTeam := range additionalTeams {
err := c.initTeamMembers(additionalTeam, false)
if err != nil {
return fmt.Errorf("Cannot create additional team %q for cluster owner by %q: %v", additionalTeam, c.Spec.TeamID, err)
if !(util.SliceContains(superuserTeams, additionalTeam)) {
err := c.initTeamMembers(additionalTeam, false)
if err != nil {
return fmt.Errorf("Cannot create additional team %q for cluster owner by %q: %v", additionalTeam, c.Spec.TeamID, err)
}
}
}

10
pkg/teams/postgres_team_test.go
View File

@ -26,7 +26,7 @@ var (
Name: "teamAB",
},
Spec: acidv1.PostgresTeamSpec{
AdditionalSuperuserTeams: map[string][]string{"teamA": []string{"teamB", "team24/7"}, "teamB": []string{"teamA", "team24/7"}},
AdditionalSuperuserTeams: map[string][]string{"teamA": []string{"teamB", "team24/7"}, "teamB": []string{"teamA", "teamC", "team24/7"}},
AdditionalTeams: map[string][]string{"teamA": []string{"teamC"}, "teamB": []string{}},
AdditionalMembers: map[string][]string{"team24/7": []string{"optimusprime"}, "teamB": []string{"drno"}},
},
@ -66,7 +66,7 @@ func TestLoadingPostgresTeamCRD(t *testing.T) {
AdditionalMembers: nil,
},
"teamB": {
AdditionalSuperuserTeams: []string{"teamA", "team24/7"},
AdditionalSuperuserTeams: []string{"teamA", "teamC", "team24/7"},
AdditionalTeams: []string{},
AdditionalMembers: []string{"drno"},
},
@ -153,17 +153,17 @@ func TestGetAdditionalSuperuserTeams(t *testing.T) {
error string
}{
{
"Check that additional teams are returned",
"Check that additional superuser teams are returned",
"teamA",
false,
[]string{"teamB", "team24/7"},
"GetAdditionalTeams returns wrong list",
},
{
"Check that additional teams are returned incl. transitive teams",
"Check that additional superuser teams are returned incl. transitive superuser teams",
"teamA",
true,
[]string{"teamB", "team24/7"},
[]string{"teamB", "teamC", "team24/7"},
"GetAdditionalTeams returns wrong list",
},
}