set IsDbOwner in ProduceSyncRequests

2022-04-22 18:14:46 +02:00 · 2022-04-22 18:14:46 +02:00 · f1fdb4077c
parent e6156dbcfa
commit f1fdb4077c
2 changed files with 12 additions and 6 deletions
--- a/e2e/tests/test_e2e.py
+++ b/e2e/tests/test_e2e.py
@ -164,9 +164,13 @@ class EndToEndTestCase(unittest.TestCase):
           Test granting additional roles to existing database owners
        '''
        k8s = self.k8s
+
+        # first test - wait for the operator to get in sync and set everything up
+        self.eventuallyEqual(lambda: k8s.get_operator_state(), {"0": "idle"},
+            "Operator does not get in sync")
        leader = k8s.get_cluster_leader_pod()

-        # produce wrong membership from v1.8.0
+        # produce wrong membership for cron_admin
        grant_dbowner = """
            GRANT bar_owner TO cron_admin;
        """
--- a/pkg/util/users/users.go
+++ b/pkg/util/users/users.go
@ -54,7 +54,6 @@ func (strategy DefaultUserSyncStrategy) ProduceSyncRequests(dbUsers spec.PgUserM
 			}
 		} else {
 			r := spec.PgSyncUserRequest{}
-			r.User = dbUser
 			newMD5Password := util.NewEncryptor(strategy.PasswordEncryption).PGUserPassword(newUser)

 			// do not compare for roles coming from docker image
@ -62,12 +61,13 @@ func (strategy DefaultUserSyncStrategy) ProduceSyncRequests(dbUsers spec.PgUserM
 				r.User.Password = newMD5Password
 				r.Kind = spec.PGsyncUserAlter
 			}
-			if addNewFlags, equal := util.SubstractStringSlices(newUser.Flags, dbUser.Flags); !equal {
-				r.User.Flags = addNewFlags
-				r.Kind = spec.PGsyncUserAlter
-			}
 			if addNewRoles, equal := util.SubstractStringSlices(newUser.MemberOf, dbUser.MemberOf); !equal {
 				r.User.MemberOf = addNewRoles
+				r.User.IsDbOwner = newUser.IsDbOwner
+				r.Kind = spec.PGsyncUserAlter
+			}
+			if addNewFlags, equal := util.SubstractStringSlices(newUser.Flags, dbUser.Flags); !equal {
+				r.User.Flags = addNewFlags
 				r.Kind = spec.PGsyncUserAlter
 			}
 			if r.Kind == spec.PGsyncUserAlter {
@ -118,6 +118,8 @@ func (strategy DefaultUserSyncStrategy) ExecuteSyncRequests(requests []spec.PgSy
 			if err := strategy.alterPgUser(request.User, db); err != nil {
 				reqretries = append(reqretries, request)
 				errors = append(errors, fmt.Sprintf("could not alter user %q: %v", request.User.Name, err))
+				// check if additional owners are misconfigured as members to a database owner
+				// resolve it by revoking the database owner from the additional owner role
 				if request.User.IsDbOwner && len(additionalOwnerRoles) > 0 {
 					if err := resolveOwnerMembership(request.User, additionalOwnerRoles, db); err != nil {
 						errors = append(errors, fmt.Sprintf("could not resolve owner membership for %q: %v", request.User.Name, err))