issue-135, saving and updating the PostgreSQL default password were implemented #447
Conversation
| } | ||
|
|
||
| func (pg *PostgreSQL) GetUserSecret(ctx context.Context, k8sClient client.Client) (*k8sCore.Secret, error) { | ||
| userSecret := &k8sCore.Secret{} | ||
| userSecretNamespacedName := types.NamespacedName{ | ||
| Name: pg.Status.DefaultUserSecretName, | ||
| Name: models.DefaultUserSecretPrefix + pg.Name, |
There was a problem hiding this comment.
What if user already has secret with this name that is not related to pg cluster?
There was a problem hiding this comment.
We work only with secrets that have DefaultSecretLabel == "true", I described it in findSecretObject method
There was a problem hiding this comment.
And I don't think there will be such name default-user-password-$postgresClusterName
| @@ -356,9 +355,15 @@ func (pg *PostgreSQL) NewUserSecret() *k8sCore.Secret { | |||
| ObjectMeta: metav1.ObjectMeta{ | |||
| Name: models.DefaultUserSecretPrefix + pg.Name, | |||
There was a problem hiding this comment.
If user already has a secret with the same name it can be an issue
There was a problem hiding this comment.
I answered in the previous comment, I handled it
| err = r.createDefaultPassword(pg, logger) | ||
| if err != nil { | ||
| logger.Error(err, "Cannot create default password for PostgreSQL", | ||
| "cluster name", pg.Spec.Name, | ||
| "clusterID", pg.Status.ID, | ||
| ) | ||
|
|
||
| return models.ReconcileRequeue | ||
| } | ||
|
|
||
| return models.ExitReconcile |
There was a problem hiding this comment.
You set UpdatingEvent in the createPassword(), but use exitReconcile.
I suggest you either don't set any events in the createPassword() or set an updatedEvent
| case models.SecretEvent: | ||
| return r.handleUpdateDefaultUserPassword(ctx, pg, logger), nil |
There was a problem hiding this comment.
Please move the handleUpdatePassword() to the handleUpdate() to prevent interuption of the secret event by update event
There was a problem hiding this comment.
We need to update secret only if it is secret event I think
| if s.Labels[models.DefaultSecretLabel] != "true" { | ||
| return []reconcile.Request{} | ||
| } |
There was a problem hiding this comment.
I think it is better to make this label resource-related, e.g. pgDefaultSecretLabel, so this condition can filter secrets from other resources
There was a problem hiding this comment.
We won't use or store default passwords for other entities, this logic will be only for postgresql
pkg/models/postgresql_apiv2.go
Outdated
| @@ -22,6 +22,7 @@ type PGCluster struct { | |||
| PostgreSQLVersion string `json:"postgresqlVersion"` | |||
| DataCentres []*PGDataCentre `json:"dataCentres"` | |||
| SynchronousModeStrict bool `json:"synchronousModeStrict"` | |||
| DefaultUserPassword string `json:"defaultUserPassword,omitempty"` | |||
There was a problem hiding this comment.
Don't store password in the spec
| logger.Error(err, "Cannot create default password for PostgreSQL", | ||
| "cluster name", pg.Spec.Name, | ||
| "clusterID", pg.Status.ID, | ||
| ) |
There was a problem hiding this comment.
Let's add an event (r.EventRecorder.Eventf) message here
There was a problem hiding this comment.
Agree, added for all such cases
| logger.Error(err, "PostgreSQL cannot get user secret", | ||
| "cluster name", pg.Spec.Name, | ||
| "cluster ID", pg.Status.ID, | ||
| ) |
There was a problem hiding this comment.
Let's change the error message here, like PostgreSQL cannot get user secret -> Cannot get the user secret for the PostgreSQL cluster
and add an event
|
|
||
| defaultUserPassword, err := pg.DefaultPasswordFromInstAPI(iData) | ||
| if err != nil { | ||
| l.Error(err, "Cannot convert PostgreSQL cluster status from Instaclustr", |
There was a problem hiding this comment.
Cannot get default user creds for PostgreSQL cluster from the Instaclustr API maybe?
| } | ||
|
|
||
| if secret != nil { | ||
| return nil |
There was a problem hiding this comment.
I suggest you add here a log info that a secret already exists.
| } | ||
|
|
||
| func (pg *PostgreSQL) GetUserSecret(ctx context.Context, k8sClient client.Client) (*k8sCore.Secret, error) { | ||
| userSecret := &k8sCore.Secret{} | ||
| userSecretNamespacedName := types.NamespacedName{ | ||
| Name: pg.Status.DefaultUserSecretName, | ||
| Name: models.DefaultUserSecretPrefix + pg.Name, |
There was a problem hiding this comment.
Use printf and some constant format to have the same name in different parts of code
Closes #446
We need to get default user password and store it in secret to be able to create new PostgreSQL user.
In this Pr, I updated the current logic for creating secret with default user password and username when cluster is creating.
Also, fixed and improved logic for updating default password when secret is updated.