121 lines
3.5 KiB
Go
121 lines
3.5 KiB
Go
package controller
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"k8s.io/client-go/pkg/api"
|
|
"k8s.io/client-go/pkg/api/v1"
|
|
extv1beta "k8s.io/client-go/pkg/apis/extensions/v1beta1"
|
|
|
|
"github.bus.zalan.do/acid/postgres-operator/pkg/cluster"
|
|
"github.bus.zalan.do/acid/postgres-operator/pkg/spec"
|
|
"github.bus.zalan.do/acid/postgres-operator/pkg/util/constants"
|
|
"github.bus.zalan.do/acid/postgres-operator/pkg/util/k8sutil"
|
|
)
|
|
|
|
func (c *Controller) makeClusterConfig() cluster.Config {
|
|
return cluster.Config{
|
|
KubeClient: c.KubeClient,
|
|
RestClient: c.RestClient,
|
|
EtcdClient: c.EtcdClient,
|
|
TeamsAPIClient: c.TeamsAPIClient,
|
|
OpConfig: c.opConfig,
|
|
InfrastructureRoles: c.InfrastructureRoles,
|
|
}
|
|
}
|
|
|
|
func (c *Controller) getOAuthToken() (string, error) {
|
|
// Temporary getting postgresql-operator secret from the NamespaceDefault
|
|
credentialsSecret, err := c.KubeClient.Secrets(api.NamespaceDefault).Get(c.opConfig.OAuthTokenSecretName)
|
|
|
|
if err != nil {
|
|
c.logger.Debugf("Oauth token secret name: %s", c.opConfig.OAuthTokenSecretName)
|
|
return "", fmt.Errorf("Can't get credentials Secret: %s", err)
|
|
}
|
|
data := credentialsSecret.Data
|
|
|
|
if string(data["read-only-token-type"]) != "Bearer" {
|
|
return "", fmt.Errorf("Wrong token type: %s", data["read-only-token-type"])
|
|
}
|
|
|
|
return string(data["read-only-token-secret"]), nil
|
|
}
|
|
|
|
func thirdPartyResource(TPRName string) *extv1beta.ThirdPartyResource {
|
|
return &extv1beta.ThirdPartyResource{
|
|
ObjectMeta: v1.ObjectMeta{
|
|
//ThirdPartyResources are cluster-wide
|
|
Name: TPRName,
|
|
},
|
|
Versions: []extv1beta.APIVersion{
|
|
{Name: constants.TPRApiVersion},
|
|
},
|
|
Description: constants.TPRDescription,
|
|
}
|
|
}
|
|
|
|
func (c *Controller) createTPR() error {
|
|
TPRName := fmt.Sprintf("%s.%s", constants.TPRName, constants.TPRVendor)
|
|
tpr := thirdPartyResource(TPRName)
|
|
|
|
_, err := c.KubeClient.ExtensionsV1beta1().ThirdPartyResources().Create(tpr)
|
|
if err != nil {
|
|
if !k8sutil.ResourceAlreadyExists(err) {
|
|
return err
|
|
} else {
|
|
c.logger.Infof("ThirdPartyResource '%s' is already registered", TPRName)
|
|
}
|
|
} else {
|
|
c.logger.Infof("ThirdPartyResource '%s' has been registered", TPRName)
|
|
}
|
|
|
|
restClient := c.RestClient
|
|
|
|
return k8sutil.WaitTPRReady(restClient, c.opConfig.TPR.ReadyWaitInterval, c.opConfig.TPR.ReadyWaitTimeout, c.PodNamespace)
|
|
}
|
|
|
|
func (c *Controller) getInfrastructureRoles() (result map[string]spec.PgUser, err error) {
|
|
if c.opConfig.InfrastructureRolesSecretName == "" {
|
|
// we don't have infrastructure roles defined, bail out
|
|
return nil, nil
|
|
}
|
|
infraRolesSecret, err := c.KubeClient.Secrets(api.NamespaceDefault).Get(c.opConfig.InfrastructureRolesSecretName)
|
|
if err != nil {
|
|
c.logger.Debugf("Infrastructure roles secret name: %s", c.opConfig.InfrastructureRolesSecretName)
|
|
return nil, fmt.Errorf("Can't get infrastructure roles Secret: %s", err)
|
|
}
|
|
data := infraRolesSecret.Data
|
|
result = make(map[string]spec.PgUser)
|
|
Users:
|
|
// in worst case we would have one line per user
|
|
for i := 1; i <= len(data); i++ {
|
|
properties := []string{"user", "password", "inrole"}
|
|
t := spec.PgUser{}
|
|
for _, p := range properties {
|
|
key := fmt.Sprintf("%s%d", p, i)
|
|
if val, present := data[key]; !present {
|
|
if p == "user" {
|
|
// exit when the user name with the next sequence id is absent
|
|
break Users
|
|
}
|
|
} else {
|
|
s := string(val)
|
|
switch p {
|
|
case "user":
|
|
t.Name = s
|
|
case "password":
|
|
t.Password = s
|
|
case "inrole":
|
|
t.MemberOf = s
|
|
default:
|
|
c.logger.Warnf("Unknown key %s", p)
|
|
}
|
|
}
|
|
}
|
|
if t.Name != "" {
|
|
result[t.Name] = t
|
|
}
|
|
}
|
|
return result, nil
|
|
}
|