Merge branch 'master' into patch-1

Author: onedr0p

.github/workflows/validate-deployments.yaml

@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4
         with:
           version: "latest"
 

README.md

@@ -194,12 +194,14 @@ Every PostgresUser has a generated Kubernetes secret attached to it, which conta
 |  Key                 | Comment             |
 |----------------------|---------------------|
 | `DATABASE_NAME`      | Name of the database, same as in `Postgres` CR, copied for convenience |
-| `HOST`               | PostgreSQL server host |
+| `HOST`               | PostgreSQL server host (including port number) |
 | `PASSWORD`           | Autogenerated password for user |
 | `ROLE`               | Autogenerated role with login enabled (user) |
 | `LOGIN`              | Same as `ROLE`. In case `POSTGRES_CLOUD_PROVIDER` is set to "Azure", `LOGIN` it will be set to `{role}@{serverName}`, serverName is extracted from `POSTGRES_USER` from operator's config. |
 | `POSTGRES_URL`       | Connection string for Posgres, could be used for Go applications |
 | `POSTGRES_JDBC_URL`  | JDBC compatible Postgres URI, formatter as `jdbc:postgresql://{POSTGRES_HOST}/{DATABASE_NAME}` |
+| `HOSTNAME`           | The PostgreSQL server hostname (without port) |
+| `PORT`               | The PostgreSQL server port |
 
 ### Multiple operator support
 
@@ -219,12 +221,14 @@ meeting the specific needs of different applications.
 
 Available context:
 
-| Variable    | Meaning                  |
-|-------------|--------------------------|
-| `.Host`     | Database host            |
-| `.Role`     | Generated user/role name |
-| `.Database` | Referenced database name |
-| `.Password` | Generated role password  |
+| Variable    | Meaning                      |
+|-------------|------------------------------|
+| `.Host`     | Database host                |
+| `.Role`     | Generated user/role name     |
+| `.Database` | Referenced database name     |
+| `.Password` | Generated role password      |
+| `.Hostname` | Database host (without port) |
+| `.Port`     | Database port                |
 
 ### Compatibility
 

go.mod

@@ -8,9 +8,9 @@ require (
 	github.com/onsi/ginkgo/v2 v2.23.3
 	github.com/onsi/gomega v1.37.0
 	go.uber.org/mock v0.5.2
-	k8s.io/api v0.33.2
-	k8s.io/apimachinery v0.33.2
-	k8s.io/client-go v0.33.2
+	k8s.io/api v0.33.3
+	k8s.io/apimachinery v0.33.3
+	k8s.io/client-go v0.33.3
 	sigs.k8s.io/controller-runtime v0.21.0
 )
 

go.sum

@@ -226,16 +226,16 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.33.2 h1:YgwIS5jKfA+BZg//OQhkJNIfie/kmRsO0BmNaVSimvY=
-k8s.io/api v0.33.2/go.mod h1:fhrbphQJSM2cXzCWgqU29xLDuks4mu7ti9vveEnpSXs=
+k8s.io/api v0.33.3 h1:SRd5t//hhkI1buzxb288fy2xvjubstenEKL9K51KBI8=
+k8s.io/api v0.33.3/go.mod h1:01Y/iLUjNBM3TAvypct7DIj0M0NIZc+PzAHCIo0CYGE=
 k8s.io/apiextensions-apiserver v0.33.0 h1:d2qpYL7Mngbsc1taA4IjJPRJ9ilnsXIrndH+r9IimOs=
 k8s.io/apiextensions-apiserver v0.33.0/go.mod h1:VeJ8u9dEEN+tbETo+lFkwaaZPg6uFKLGj5vyNEwwSzc=
-k8s.io/apimachinery v0.33.2 h1:IHFVhqg59mb8PJWTLi8m1mAoepkUNYmptHsV+Z1m5jY=
-k8s.io/apimachinery v0.33.2/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
+k8s.io/apimachinery v0.33.3 h1:4ZSrmNa0c/ZpZJhAgRdcsFcZOw1PQU1bALVQ0B3I5LA=
+k8s.io/apimachinery v0.33.3/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
 k8s.io/apiserver v0.33.0 h1:QqcM6c+qEEjkOODHppFXRiw/cE2zP85704YrQ9YaBbc=
 k8s.io/apiserver v0.33.0/go.mod h1:EixYOit0YTxt8zrO2kBU7ixAtxFce9gKGq367nFmqI8=
-k8s.io/client-go v0.33.2 h1:z8CIcc0P581x/J1ZYf4CNzRKxRvQAwoAolYPbtQes+E=
-k8s.io/client-go v0.33.2/go.mod h1:9mCgT4wROvL948w6f6ArJNb7yQd7QsvqavDeZHvNmHo=
+k8s.io/client-go v0.33.3 h1:M5AfDnKfYmVJif92ngN532gFqakcGi6RvaOF16efrpA=
+k8s.io/client-go v0.33.3/go.mod h1:luqKBQggEf3shbxHY4uVENAxrDISLOarxpTKMiUuujg=
 k8s.io/component-base v0.33.0 h1:Ot4PyJI+0JAD9covDhwLp9UNkUja209OzsJ4FzScBNk=
 k8s.io/component-base v0.33.0/go.mod h1:aXYZLbw3kihdkOPMDhWbjGCO6sg+luw554KP51t8qCU=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=

internal/controller/postgres_controller.go

@@ -207,7 +207,6 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 		// Set privileges on schema
 		schemaPrivilegesReader := postgres.PostgresSchemaPrivileges{
 			DB:           database,
-			Creator:      owner,
 			Role:         reader,
 			Schema:       schema,
 			Privs:        readerPrivs,
@@ -220,7 +219,6 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 		}
 		schemaPrivilegesWriter := postgres.PostgresSchemaPrivileges{
 			DB:           database,
-			Creator:      owner,
 			Role:         writer,
 			Schema:       schema,
 			Privs:        writerPrivs,
@@ -233,7 +231,6 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 		}
 		schemaPrivilegesOwner := postgres.PostgresSchemaPrivileges{
 			DB:           database,
-			Creator:      owner,
 			Role:         owner,
 			Schema:       schema,
 			Privs:        writerPrivs,

internal/controller/postgresuser_controller.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"maps"
+	"net"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -177,7 +178,7 @@ func (r *PostgresUserReconciler) Reconcile(ctx context.Context, req ctrl.Request
 		return r.requeue(ctx, instance, err)
 	}
 
-	secret, err := r.newSecretForCR(instance, role, password, login)
+	secret, err := r.newSecretForCR(reqLogger, instance, role, password, login)
 	if err != nil {
 		return r.requeue(ctx, instance, err)
 	}
@@ -232,10 +233,17 @@ func (r *PostgresUserReconciler) getPostgresCR(ctx context.Context, instance *db
 	return &database, nil
 }
 
-func (r *PostgresUserReconciler) newSecretForCR(cr *dbv1alpha1.PostgresUser, role, password, login string) (*corev1.Secret, error) {
+func (r *PostgresUserReconciler) newSecretForCR(reqLogger logr.Logger, cr *dbv1alpha1.PostgresUser, role, password, login string) (*corev1.Secret, error) {
+	hostname, port, err := net.SplitHostPort(r.pgHost)
+	if err != nil {
+		hostname = r.pgHost
+		port = "5432"
+		reqLogger.Error(err, fmt.Sprintf("failed to parse host and port from: '%s', using default port 5432", r.pgHost))
+	}
+
 	pgUserUrl := fmt.Sprintf("postgresql://%s:%s@%s/%s", role, password, r.pgHost, cr.Status.DatabaseName)
 	pgJDBCUrl := fmt.Sprintf("jdbc:postgresql://%s/%s", r.pgHost, cr.Status.DatabaseName)
-	pgDotnetUrl := fmt.Sprintf("User ID=%s;Password=%s;Host=%s;Port=5432;Database=%s;", role, password, r.pgHost, cr.Status.DatabaseName)
+	pgDotnetUrl := fmt.Sprintf("User ID=%s;Password=%s;Host=%s;Port=%s;Database=%s;", role, password, hostname, port, cr.Status.DatabaseName)
 	labels := map[string]string{
 		"app": cr.Name,
 	}
@@ -253,6 +261,8 @@ func (r *PostgresUserReconciler) newSecretForCR(cr *dbv1alpha1.PostgresUser, rol
 		Host:     r.pgHost,
 		Database: cr.Status.DatabaseName,
 		Password: password,
+		Hostname: hostname,
+		Port:     port,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("render templated keys: %w", err)
@@ -267,6 +277,8 @@ func (r *PostgresUserReconciler) newSecretForCR(cr *dbv1alpha1.PostgresUser, rol
 		"ROLE":                []byte(role),
 		"PASSWORD":            []byte(password),
 		"LOGIN":               []byte(login),
+		"PORT":                []byte(port),
+		"HOSTNAME":            []byte(hostname),
 	}
 	// templates may override standard keys
 	if len(templateData) > 0 {

internal/controller/postgresuser_controller_test.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/go-logr/logr"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"go.uber.org/mock/gomock"
@@ -324,6 +325,8 @@ var _ = Describe("PostgresUser Controller", func() {
 				Expect(foundSecret.Data).To(HaveKey("POSTGRES_JDBC_URL"))
 				Expect(foundSecret.Data).To(HaveKey("POSTGRES_URL"))
 				Expect(foundSecret.Data).To(HaveKey("ROLE"))
+				Expect(foundSecret.Data).To(HaveKey("HOSTNAME"))
+				Expect(foundSecret.Data).To(HaveKey("PORT"))
 			})
 
 			It("should fail if the database does not exist", func() {
@@ -528,7 +531,7 @@ var _ = Describe("PostgresUser Controller", func() {
 			}
 
 			// Call newSecretForCR with test values
-			secret, err := rp.newSecretForCR(cr, "role1", "pass1", "login1")
+			secret, err := rp.newSecretForCR(logr.Discard(), cr, "role1", "pass1", "login1")
 
 			// Verify results
 			Expect(err).NotTo(HaveOccurred())
@@ -574,7 +577,7 @@ var _ = Describe("PostgresUser Controller", func() {
 			}
 
 			// Call newSecretForCR
-			secret, err := rp.newSecretForCR(cr, "role2", "pass2", "login2")
+			secret, err := rp.newSecretForCR(logr.Discard(), cr, "role2", "pass2", "login2")
 
 			// Verify results
 			Expect(err).NotTo(HaveOccurred())
@@ -611,7 +614,7 @@ var _ = Describe("PostgresUser Controller", func() {
 			}
 
 			// Call newSecretForCR
-			secret, err := rp.newSecretForCR(cr, "role3", "pass3", "login3")
+			secret, err := rp.newSecretForCR(logr.Discard(), cr, "role3", "pass3", "login3")
 
 			// Verify results
 			Expect(err).NotTo(HaveOccurred())

pkg/postgres/database.go

@@ -16,7 +16,7 @@ const (
 	GRANT_USAGE_SCHEMA   = `GRANT USAGE ON SCHEMA "%s" TO "%s"`
 	GRANT_CREATE_TABLE   = `GRANT CREATE ON SCHEMA "%s" TO "%s"`
 	GRANT_ALL_TABLES     = `GRANT %s ON ALL TABLES IN SCHEMA "%s" TO "%s"`
-	DEFAULT_PRIVS_SCHEMA = `ALTER DEFAULT PRIVILEGES FOR ROLE "%s" IN SCHEMA "%s" GRANT %s ON TABLES TO "%s"`
+	DEFAULT_PRIVS_SCHEMA = `ALTER DEFAULT PRIVILEGES IN SCHEMA "%s" GRANT %s ON TABLES TO "%s"`
 	REVOKE_CONNECT       = `REVOKE CONNECT ON DATABASE "%s" FROM public`
 	TERMINATE_BACKEND    = `SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity	WHERE pg_stat_activity.datname = '%s' AND pid <> pg_backend_pid()`
 	GET_DB_OWNER         = `SELECT pg_catalog.pg_get_userbyid(d.datdba) FROM pg_catalog.pg_database d WHERE d.datname = '%s'`
@@ -115,7 +115,7 @@ func (c *pg) SetSchemaPrivileges(schemaPrivileges PostgresSchemaPrivileges, logg
 	}
 
 	// Grant role privs on future tables in schema
-	_, err = tmpDb.Exec(fmt.Sprintf(DEFAULT_PRIVS_SCHEMA, schemaPrivileges.Creator, schemaPrivileges.Schema, schemaPrivileges.Privs, schemaPrivileges.Role))
+	_, err = tmpDb.Exec(fmt.Sprintf(DEFAULT_PRIVS_SCHEMA, schemaPrivileges.Schema, schemaPrivileges.Privs, schemaPrivileges.Role))
 	if err != nil {
 		return err
 	}

pkg/postgres/postgres.go

@@ -38,7 +38,6 @@ type pg struct {
 
 type PostgresSchemaPrivileges struct {
 	DB           string
-	Creator      string
 	Role         string
 	Schema       string
 	Privs        string

pkg/utils/template.go

@@ -11,6 +11,8 @@ type TemplateContext struct {
 	Role     string
 	Database string
 	Password string
+	Hostname string // Hostname is different from Host as it does not contain the port number.
+	Port     string
 }
 
 func RenderTemplate(data map[string]string, tc TemplateContext) (map[string][]byte, error) {