Skip to content

Commit aceabfb

Browse files
tkcontianttkcontiant
committed
feat: Update operator k8s role
1 parent 352b8c3 commit aceabfb

File tree

9 files changed

+54
-5
lines changed

9 files changed

+54
-5
lines changed

charts/ext-postgres-operator/templates/clusterrole.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,14 @@ rules:
1111
- secrets
1212
verbs:
1313
- "*"
14+
- apiGroups:
15+
- ""
16+
resources:
17+
- events
18+
verbs:
19+
- create
20+
- patch
21+
- update
1422
- apiGroups:
1523
- coordination.k8s.io
1624
resources:

charts/ext-postgres-operator/templates/role.yaml

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,15 @@ rules:
1818
resources:
1919
- pods
2020
verbs:
21-
- "get"
21+
- get
22+
- apiGroups:
23+
- ""
24+
resources:
25+
- events
26+
verbs:
27+
- create
28+
- patch
29+
- update
2230
- apiGroups:
2331
- coordination.k8s.io
2432
resources:
@@ -32,9 +40,9 @@ rules:
3240
- patch
3341
- delete
3442
- apiGroups:
35-
- "apps"
43+
- apps
3644
resources:
3745
- replicasets
3846
- deployments
3947
verbs:
40-
- "get"
48+
- get

internal/controller/postgres_controller.go

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -170,7 +170,7 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
170170
}
171171

172172
desiredOwner := instance.Spec.MasterRole
173-
// handle owner rename if was previously set by instance.Spec.MasterRole then was removed
173+
// reconcile instance.Spec.MasterRole if it was changed
174174
if desiredOwner == "" {
175175
desiredOwner = fmt.Sprintf("%s-group", instance.Spec.Database)
176176
}
@@ -184,6 +184,14 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
184184
instance.Status.Roles.Owner = desiredOwner
185185
}
186186

187+
// reconcile the desired owner of the database
188+
if instance.Status.Roles.Owner != "" {
189+
err = r.pg.AlterDatabaseOwner(instance.Spec.Database, instance.Status.Roles.Owner)
190+
if err != nil {
191+
return requeue(errors.NewInternalError(err))
192+
}
193+
}
194+
187195
// create extensions
188196
for _, extension := range instance.Spec.Extensions {
189197
// Check if extension is already added. Skip if already is added.
@@ -208,7 +216,7 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
208216
writerPrivs = "SELECT,INSERT,DELETE,UPDATE"
209217
writerSequencePrivs = "USAGE,SELECT"
210218
writerFunctionPrivs = "EXECUTE"
211-
ownerPrivs = "ALL,MAINTAIN"
219+
ownerPrivs = "ALL"
212220
ownerFunctionPrivs = "ALL"
213221
ownerSequencePrivs = "ALL"
214222
)

internal/controller/postgresuser_controller.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -224,6 +224,9 @@ func (r *PostgresUserReconciler) Reconcile(ctx context.Context, req ctrl.Request
224224
return r.requeue(ctx, instance, err)
225225
}
226226
}
227+
} else {
228+
role = instance.Status.PostgresRole
229+
login = instance.Status.PostgresLogin
227230
}
228231

229232
err = r.addFinalizer(ctx, reqLogger, instance)

pkg/postgres/aws.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,3 +78,7 @@ func (c *awspg) DropRole(role, newOwner, database string, logger logr.Logger) er
7878

7979
return c.pg.DropRole(role, newOwner, database, logger)
8080
}
81+
82+
func (c *awspg) AlterDatabaseOwner(dbName, owner string) error {
83+
return c.pg.AlterDatabaseOwner(dbName, owner)
84+
}

pkg/postgres/azure.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,3 +48,7 @@ func (azpg *azurepg) DropRole(role, newOwner, database string, logger logr.Logge
4848
// Delegate to parent implementation to perform the actual drop
4949
return azpg.pg.DropRole(role, newOwner, database, logger)
5050
}
51+
52+
func (azpg *azurepg) AlterDatabaseOwner(dbName, owner string) error {
53+
return azpg.pg.AlterDatabaseOwner(dbName, owner)
54+
}

pkg/postgres/database.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,15 @@ func (c *pg) CreateDB(dbname, role string) error {
4848
return nil
4949
}
5050

51+
// reconcile the desired owner of the database
52+
func (c *pg) AlterDatabaseOwner(dbname, owner string) error {
53+
_, err := c.db.Exec(fmt.Sprintf(ALTER_DB_OWNER, dbname, owner))
54+
if err != nil {
55+
return err
56+
}
57+
return nil
58+
}
59+
5160
func (c *pg) CreateSchema(db, role, schema string, logger logr.Logger) error {
5261
tmpDb, err := GetConnection(c.user, c.pass, c.host, db, c.args, logger)
5362
if err != nil {

pkg/postgres/gcp.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,3 +83,7 @@ func (c *gcppg) DropRole(role, newOwner, database string, logger logr.Logger) er
8383
}
8484
return nil
8585
}
86+
87+
func (c *gcppg) AlterDatabaseOwner(dbName, owner string) error {
88+
return c.pg.AlterDatabaseOwner(dbName, owner)
89+
}

pkg/postgres/postgres.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ type PG interface {
1818
CreateUserRole(role, password string) (string, error)
1919
UpdatePassword(role, password string) error
2020
GrantRole(role, grantee string) error
21+
AlterDatabaseOwner(dbName, owner string) error
2122
SetSchemaPrivileges(schemaPrivileges PostgresSchemaPrivileges, logger logr.Logger) error
2223
RevokeRole(role, revoked string) error
2324
AlterDefaultLoginRole(role, setRole string) error

0 commit comments

Comments
 (0)