set secret name template via config map

2017-09-18 14:09:26 +02:00 · 2017-09-18 14:09:26 +02:00 · d876f4d88e
parent 20ce38f585
commit d876f4d88e
4 changed files with 8 additions and 4 deletions
--- a/manifests/configmap.yaml
+++ b/manifests/configmap.yaml
@ -12,6 +12,7 @@ data:
  dns_name_format: '{cluster}.{team}.staging.{hostedzone}'
  docker_image: registry.opensource.zalan.do/acid/spiloprivate-9.6:1.2-p4
  etcd_host: etcd-client.default.svc.cluster.local:2379
+  secret_name_template: '{username}.{clustername}.credentials.{tprkind}.{tprgroup}'
  infrastructure_roles_secret_name: postgresql-infrastructure-roles
  oauth_token_secret_name: postgresql-operator
  pam_configuration: |
--- a/pkg/cluster/util.go
+++ b/pkg/cluster/util.go
@ -331,9 +331,12 @@ func (c *Cluster) credentialSecretName(username string) string {
 func (c *Cluster) credentialSecretNameForCluster(username string, clusterName string) string {
 	// secret  must consist of lower case alphanumeric characters, '-' or '.',
 	// and must start and end with an alphanumeric character
-	return fmt.Sprintf(constants.UserSecretTemplate,
-		strings.Replace(username, "_", "-", -1),
-		clusterName)
+
+	return c.OpConfig.SecretNameTemplate.Format(
+		"username", strings.Replace(username, "_", "-", -1),
+		"clustername", clusterName,
+		"tprkind", constants.TPRKind,
+		"tprgroup", constants.TPRGroup)
 }

 func (c *Cluster) podSpiloRole(pod *v1.Pod) string {
--- a/pkg/util/config/config.go
+++ b/pkg/util/config/config.go
@ -32,6 +32,7 @@ type Resources struct {

 // Auth describes authentication specific configuration parameters
 type Auth struct {
+	SecretNameTemplate            stringTemplate      `name:"secret_name_template" default:"{username}.{clustername}.credentials.{tprkind}.{tprgroup}"`
 	PamRoleName                   string              `name:"pam_role_name" default:"zalandos"`
 	PamConfiguration              string              `name:"pam_configuration" default:"https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees"`
 	TeamsAPIUrl                   string              `name:"teams_api_url" default:"https://teams.example.com/api/"`
--- a/pkg/util/constants/roles.go
+++ b/pkg/util/constants/roles.go
@ -3,7 +3,6 @@ package constants
 // Roles specific constants
 const (
 	PasswordLength         = 64
-	UserSecretTemplate     = "%s.%s.credentials." + TPRKind + "." + TPRGroup // Username, ClusterName
 	SuperuserKeyName       = "superuser"
 	ReplicationUserKeyName = "replication"
 	RoleFlagSuperuser      = "SUPERUSER"