public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

set secret name template via config map

This commit is contained in:
Murat Kabilov 2017-09-18 14:09:26 +02:00
parent 20ce38f585
commit d876f4d88e
4 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
manifests/configmap.yaml
View File

@ -12,6 +12,7 @@ data:
dns_name_format: '{cluster}.{team}.staging.{hostedzone}' dns_name_format: '{cluster}.{team}.staging.{hostedzone}'
docker_image: registry.opensource.zalan.do/acid/spiloprivate-9.6:1.2-p4 docker_image: registry.opensource.zalan.do/acid/spiloprivate-9.6:1.2-p4
etcd_host: etcd-client.default.svc.cluster.local:2379 etcd_host: etcd-client.default.svc.cluster.local:2379
secret_name_template: '{username}.{clustername}.credentials.{tprkind}.{tprgroup}'
infrastructure_roles_secret_name: postgresql-infrastructure-roles infrastructure_roles_secret_name: postgresql-infrastructure-roles
oauth_token_secret_name: postgresql-operator oauth_token_secret_name: postgresql-operator
pam_configuration: | pam_configuration: |

9
pkg/cluster/util.go
View File

@ -331,9 +331,12 @@ func (c *Cluster) credentialSecretName(username string) string {
func (c *Cluster) credentialSecretNameForCluster(username string, clusterName string) string { func (c *Cluster) credentialSecretNameForCluster(username string, clusterName string) string {
// secret must consist of lower case alphanumeric characters, '-' or '.', // secret must consist of lower case alphanumeric characters, '-' or '.',
// and must start and end with an alphanumeric character // and must start and end with an alphanumeric character
return fmt.Sprintf(constants.UserSecretTemplate,
strings.Replace(username, "_", "-", -1), return c.OpConfig.SecretNameTemplate.Format(
clusterName) "username", strings.Replace(username, "_", "-", -1),
"clustername", clusterName,
"tprkind", constants.TPRKind,
"tprgroup", constants.TPRGroup)
} }
func (c *Cluster) podSpiloRole(pod *v1.Pod) string { func (c *Cluster) podSpiloRole(pod *v1.Pod) string {

1
pkg/util/config/config.go
View File

@ -32,6 +32,7 @@ type Resources struct {
// Auth describes authentication specific configuration parameters // Auth describes authentication specific configuration parameters
type Auth struct { type Auth struct {
SecretNameTemplate stringTemplate `name:"secret_name_template" default:"{username}.{clustername}.credentials.{tprkind}.{tprgroup}"`
PamRoleName string `name:"pam_role_name" default:"zalandos"` PamRoleName string `name:"pam_role_name" default:"zalandos"`
PamConfiguration string `name:"pam_configuration" default:"https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees"` PamConfiguration string `name:"pam_configuration" default:"https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees"`
TeamsAPIUrl string `name:"teams_api_url" default:"https://teams.example.com/api/"` TeamsAPIUrl string `name:"teams_api_url" default:"https://teams.example.com/api/"`

1
pkg/util/constants/roles.go
View File

@ -3,7 +3,6 @@ package constants
// Roles specific constants // Roles specific constants
const ( const (
PasswordLength = 64 PasswordLength = 64
UserSecretTemplate = "%s.%s.credentials." + TPRKind + "." + TPRGroup // Username, ClusterName
SuperuserKeyName = "superuser" SuperuserKeyName = "superuser"
ReplicationUserKeyName = "replication" ReplicationUserKeyName = "replication"
RoleFlagSuperuser = "SUPERUSER" RoleFlagSuperuser = "SUPERUSER"