diff --git a/.secrets.baseline b/.secrets.baseline index de4dd6a77..7f1664aa1 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -75,10 +75,6 @@ { "path": "detect_secrets.filters.allowlist.is_line_allowlisted" }, - { - "path": "detect_secrets.filters.common.is_baseline_file", - "filename": ".secrets.baseline" - }, { "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", "min_level": 2 @@ -118,6 +114,15 @@ } ], "results": { + ".git/config": [ + { + "type": "Base64 High Entropy String", + "filename": ".git/config", + "hashed_secret": "a16bf940eb9599e3a77ae599906a4e71e4e52243", + "is_verified": false, + "line_number": 23 + } + ], "apis/clusterresources/v1beta1/cassandrauser_types.go": [ { "type": "Secret Keyword", @@ -136,15 +141,6 @@ "line_number": 62 } ], - "apis/clusterresources/v1beta1/postgresqluser_types.go": [ - { - "type": "Secret Keyword", - "filename": "apis/clusterresources/v1beta1/postgresqluser_types.go", - "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", - "is_verified": false, - "line_number": 82 - } - ], "apis/clusterresources/v1beta1/redisuser_types.go": [ { "type": "Secret Keyword", @@ -170,13 +166,6 @@ "hashed_secret": "44e17306b837162269a410204daaa5ecee4ec22c", "is_verified": false, "line_number": 548 - }, - { - "type": "Secret Keyword", - "filename": "apis/clusterresources/v1beta1/zz_generated.deepcopy.go", - "hashed_secret": "44864ab66d6b2c4df1459dc1e597a82f957dab32", - "is_verified": false, - "line_number": 684 } ], "apis/clusters/v1beta1/cadence_types.go": [ @@ -335,21 +324,21 @@ "filename": "apis/clusters/v1beta1/postgresql_types.go", "hashed_secret": "5ffe533b830f08a0326348a9160afafc8ada44db", "is_verified": false, - "line_number": 374 + "line_number": 375 }, { "type": "Secret Keyword", "filename": "apis/clusters/v1beta1/postgresql_types.go", "hashed_secret": "a3d7d4a96d18c8fc5a1cf9c9c01c45b4690b4008", "is_verified": false, - "line_number": 380 + "line_number": 381 }, { "type": "Secret Keyword", "filename": "apis/clusters/v1beta1/postgresql_types.go", "hashed_secret": "a57ce131bd944bdf8ba2f2f93e179dc416ed0315", "is_verified": false, - "line_number": 500 + "line_number": 501 } ], "apis/clusters/v1beta1/redis_types.go": [ @@ -400,6 +389,15 @@ "line_number": 239 } ], + "apis/clusters/v1beta1/zz_generated.deepcopy.go": [ + { + "type": "Secret Keyword", + "filename": "apis/clusters/v1beta1/zz_generated.deepcopy.go", + "hashed_secret": "44e17306b837162269a410204daaa5ecee4ec22c", + "is_verified": false, + "line_number": 2101 + } + ], "apis/kafkamanagement/v1beta1/kafkauser_types.go": [ { "type": "Secret Keyword", @@ -532,29 +530,6 @@ "line_number": 7 } ], - "controllers/clusterresources/postgresqluser_controller.go": [ - { - "type": "Secret Keyword", - "filename": "controllers/clusterresources/postgresqluser_controller.go", - "hashed_secret": "d7b035bd4516a073375fc3f385b16ab026eb8492", - "is_verified": false, - "line_number": 151 - }, - { - "type": "Basic Auth Credentials", - "filename": "controllers/clusterresources/postgresqluser_controller.go", - "hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3", - "is_verified": false, - "line_number": 345 - }, - { - "type": "Secret Keyword", - "filename": "controllers/clusterresources/postgresqluser_controller.go", - "hashed_secret": "dfe914dad87f58ca3fbf9e77036e1add2070da45", - "is_verified": false, - "line_number": 386 - } - ], "controllers/clusters/cadence_controller.go": [ { "type": "Secret Keyword", @@ -599,26 +574,12 @@ } ], "controllers/clusters/postgresql_controller.go": [ - { - "type": "Secret Keyword", - "filename": "controllers/clusters/postgresql_controller.go", - "hashed_secret": "a57ce131bd944bdf8ba2f2f93e179dc416ed0315", - "is_verified": false, - "line_number": 576 - }, - { - "type": "Secret Keyword", - "filename": "controllers/clusters/postgresql_controller.go", - "hashed_secret": "b5d01701d58992dc3e388a02b55f1780c5e395a4", - "is_verified": false, - "line_number": 597 - }, { "type": "Secret Keyword", "filename": "controllers/clusters/postgresql_controller.go", "hashed_secret": "5ffe533b830f08a0326348a9160afafc8ada44db", "is_verified": false, - "line_number": 1674 + "line_number": 1362 } ], "controllers/clusters/zookeeper_controller_test.go": [ @@ -783,7 +744,7 @@ "filename": "pkg/instaclustr/client.go", "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", "is_verified": false, - "line_number": 2017 + "line_number": 2042 } ], "pkg/instaclustr/mock/client.go": [ @@ -1174,5 +1135,5 @@ } ] }, - "generated_at": "2024-02-02T08:53:13Z" + "generated_at": "2024-02-05T15:02:47Z" } diff --git a/apis/clusterresources/v1beta1/postgresqluser_types.go b/apis/clusterresources/v1beta1/postgresqluser_types.go deleted file mode 100644 index 9c9a02f20..000000000 --- a/apis/clusterresources/v1beta1/postgresqluser_types.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright 2022. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/controller-runtime/pkg/client" - - "github.com/instaclustr/operator/pkg/models" -) - -// PostgreSQLUserSpec defines the desired state of PostgreSQLUser -type PostgreSQLUserSpec struct { - // SecretRef references to the secret which stores user's credentials - SecretRef *SecretReference `json:"secretRef"` -} - -// PostgreSQLUserStatus defines the observed state of PostgreSQLUser -type PostgreSQLUserStatus struct { - // ClustersInfo efficiently stores data about clusters that related to this user. - // The keys of the map represent the cluster IDs, values are cluster info that consists of default secret namespaced name or event. - ClustersInfo map[string]ClusterInfo `json:"clustersInfo,omitempty"` -} - -type ClusterInfo struct { - DefaultSecretNamespacedName NamespacedName `json:"defaultSecretNamespacedName"` - Event string `json:"event,omitempty"` -} - -type NamespacedName struct { - Namespace string `json:"namespace"` - Name string `json:"name"` -} - -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status - -// PostgreSQLUser is the Schema for the postgresqlusers API -type PostgreSQLUser struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec PostgreSQLUserSpec `json:"spec,omitempty"` - Status PostgreSQLUserStatus `json:"status,omitempty"` -} - -//+kubebuilder:object:root=true - -// PostgreSQLUserList contains a list of PostgreSQLUser -type PostgreSQLUserList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []PostgreSQLUser `json:"items"` -} - -func (r *PostgreSQLUser) NewPatch() client.Patch { - old := r.DeepCopy() - return client.MergeFrom(old) -} - -func init() { - SchemeBuilder.Register(&PostgreSQLUser{}, &PostgreSQLUserList{}) -} - -func (r *PostgreSQLUser) ToInstAPI(username, password string) *models.InstaUser { - return &models.InstaUser{ - Username: username, - Password: password, - InitialPermission: "standard", - } -} - -func (r *PostgreSQLUser) GetDeletionFinalizer() string { - return models.DeletionFinalizer + "_" + r.Namespace + "_" + r.Name -} diff --git a/apis/clusterresources/v1beta1/postgresqluser_webhook.go b/apis/clusterresources/v1beta1/postgresqluser_webhook.go deleted file mode 100644 index c4a5733ef..000000000 --- a/apis/clusterresources/v1beta1/postgresqluser_webhook.go +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright 2022. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - ctrl "sigs.k8s.io/controller-runtime" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" - - "github.com/instaclustr/operator/pkg/models" -) - -var postgresqluserlog = logf.Log.WithName("postgresqluser-resource") - -func (u *PostgreSQLUser) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(u). - Complete() -} - -// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. -//+kubebuilder:webhook:path=/validate-clusterresources-instaclustr-com-v1beta1-postgresqluser,mutating=false,failurePolicy=fail,sideEffects=None,groups=clusterresources.instaclustr.com,resources=postgresqlusers,verbs=create;update,versions=v1beta1,name=vpostgresqluser.kb.io,admissionReviewVersions=v1 - -var _ webhook.Validator = &PostgreSQLUser{} - -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (u *PostgreSQLUser) ValidateCreate() error { - postgresqluserlog.Info("validate create", "name", u.Name) - - if u.Spec.SecretRef.Name == "" || u.Spec.SecretRef.Namespace == "" { - return models.ErrEmptySecretRef - } - - return nil -} - -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (u *PostgreSQLUser) ValidateUpdate(old runtime.Object) error { - postgresqluserlog.Info("validate update", "name", u.Name) - - oldUser := old.(*PostgreSQLUser) - if *u.Spec.SecretRef != *oldUser.Spec.SecretRef { - return models.ErrImmutableSecretRef - } - - return nil -} - -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (u *PostgreSQLUser) ValidateDelete() error { - postgresqluserlog.Info("validate delete", "name", u.Name) - - // TODO(user): fill in your validation logic upon object deletion. - return nil -} diff --git a/apis/clusterresources/v1beta1/webhook_suite_test.go b/apis/clusterresources/v1beta1/webhook_suite_test.go index 7b6882975..7551c7a48 100644 --- a/apis/clusterresources/v1beta1/webhook_suite_test.go +++ b/apis/clusterresources/v1beta1/webhook_suite_test.go @@ -141,9 +141,6 @@ var _ = BeforeSuite(func() { err = (&ClusterBackup{}).SetupWebhookWithManager(mgr) Expect(err).NotTo(HaveOccurred()) - err = (&PostgreSQLUser{}).SetupWebhookWithManager(mgr) - Expect(err).NotTo(HaveOccurred()) - //+kubebuilder:scaffold:webhook go func() { diff --git a/apis/clusterresources/v1beta1/zz_generated.deepcopy.go b/apis/clusterresources/v1beta1/zz_generated.deepcopy.go index b89deb205..e19cde096 100644 --- a/apis/clusterresources/v1beta1/zz_generated.deepcopy.go +++ b/apis/clusterresources/v1beta1/zz_generated.deepcopy.go @@ -678,22 +678,6 @@ func (in *ClusterBackupStatus) DeepCopy() *ClusterBackupStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterInfo) DeepCopyInto(out *ClusterInfo) { - *out = *in - out.DefaultSecretNamespacedName = in.DefaultSecretNamespacedName -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterInfo. -func (in *ClusterInfo) DeepCopy() *ClusterInfo { - if in == nil { - return nil - } - out := new(ClusterInfo) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterNetworkFirewallRule) DeepCopyInto(out *ClusterNetworkFirewallRule) { *out = *in @@ -1199,21 +1183,6 @@ func (in *MaintenanceEventsStatus) DeepCopy() *MaintenanceEventsStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NamespacedName) DeepCopyInto(out *NamespacedName) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespacedName. -func (in *NamespacedName) DeepCopy() *NamespacedName { - if in == nil { - return nil - } - out := new(NamespacedName) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Node) DeepCopyInto(out *Node) { *out = *in @@ -1642,107 +1611,6 @@ func (in *PeeringStatus) DeepCopy() *PeeringStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PostgreSQLUser) DeepCopyInto(out *PostgreSQLUser) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PostgreSQLUser. -func (in *PostgreSQLUser) DeepCopy() *PostgreSQLUser { - if in == nil { - return nil - } - out := new(PostgreSQLUser) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PostgreSQLUser) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PostgreSQLUserList) DeepCopyInto(out *PostgreSQLUserList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]PostgreSQLUser, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PostgreSQLUserList. -func (in *PostgreSQLUserList) DeepCopy() *PostgreSQLUserList { - if in == nil { - return nil - } - out := new(PostgreSQLUserList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PostgreSQLUserList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PostgreSQLUserSpec) DeepCopyInto(out *PostgreSQLUserSpec) { - *out = *in - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(apiextensions.ObjectReference) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PostgreSQLUserSpec. -func (in *PostgreSQLUserSpec) DeepCopy() *PostgreSQLUserSpec { - if in == nil { - return nil - } - out := new(PostgreSQLUserSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PostgreSQLUserStatus) DeepCopyInto(out *PostgreSQLUserStatus) { - *out = *in - if in.ClustersInfo != nil { - in, out := &in.ClustersInfo, &out.ClustersInfo - *out = make(map[string]ClusterInfo, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PostgreSQLUserStatus. -func (in *PostgreSQLUserStatus) DeepCopy() *PostgreSQLUserStatus { - if in == nil { - return nil - } - out := new(PostgreSQLUserStatus) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RedisUser) DeepCopyInto(out *RedisUser) { *out = *in diff --git a/apis/clusters/v1beta1/postgresql_types.go b/apis/clusters/v1beta1/postgresql_types.go index eeb3c9591..42f331a0b 100644 --- a/apis/clusters/v1beta1/postgresql_types.go +++ b/apis/clusters/v1beta1/postgresql_types.go @@ -88,7 +88,8 @@ type PgSpec struct { // PgStatus defines the observed state of PostgreSQL type PgStatus struct { - ClusterStatus `json:",inline"` + ClusterStatus `json:",inline"` + DefaultUserSecretRef *Reference `json:"userRefs,omitempty"` } //+kubebuilder:object:root=true diff --git a/apis/clusters/v1beta1/zz_generated.deepcopy.go b/apis/clusters/v1beta1/zz_generated.deepcopy.go index f0928bf79..364ee3429 100644 --- a/apis/clusters/v1beta1/zz_generated.deepcopy.go +++ b/apis/clusters/v1beta1/zz_generated.deepcopy.go @@ -2098,6 +2098,11 @@ func (in *PgSpec) DeepCopy() *PgSpec { func (in *PgStatus) DeepCopyInto(out *PgStatus) { *out = *in in.ClusterStatus.DeepCopyInto(&out.ClusterStatus) + if in.DefaultUserSecretRef != nil { + in, out := &in.DefaultUserSecretRef, &out.DefaultUserSecretRef + *out = new(apiextensions.ObjectReference) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PgStatus. diff --git a/config/crd/bases/clusters.instaclustr.com_postgresqls.yaml b/config/crd/bases/clusters.instaclustr.com_postgresqls.yaml index 0d590c2b3..b34162aa1 100644 --- a/config/crd/bases/clusters.instaclustr.com_postgresqls.yaml +++ b/config/crd/bases/clusters.instaclustr.com_postgresqls.yaml @@ -506,6 +506,17 @@ spec: type: string twoFactorDeleteEnabled: type: boolean + userRefs: + description: ObjectReference is namespaced reference to an object + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object type: object type: object served: true diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 66f1e5990..d82f75c40 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -477,32 +477,6 @@ rules: - get - patch - update -- apiGroups: - - clusterresources.instaclustr.com - resources: - - postgresqlusers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - clusterresources.instaclustr.com - resources: - - postgresqlusers/finalizers - verbs: - - update -- apiGroups: - - clusterresources.instaclustr.com - resources: - - postgresqlusers/status - verbs: - - get - - patch - - update - apiGroups: - clusterresources.instaclustr.com resources: diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 5f3224c53..dd48c1fe6 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -692,26 +692,6 @@ webhooks: resources: - opensearchusers sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-clusterresources-instaclustr-com-v1beta1-postgresqluser - failurePolicy: Fail - name: vpostgresqluser.kb.io - rules: - - apiGroups: - - clusterresources.instaclustr.com - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - postgresqlusers - sideEffects: None - admissionReviewVersions: - v1 clientConfig: diff --git a/controllers/clusters/postgresql_controller.go b/controllers/clusters/postgresql_controller.go index 4164885ca..c992d3b3b 100644 --- a/controllers/clusters/postgresql_controller.go +++ b/controllers/clusters/postgresql_controller.go @@ -354,19 +354,6 @@ func (r *PostgreSQLReconciler) handleCreateCluster( pg, models.Normal, models.Created, "Cluster backups check job is started", ) - - if pg.Spec.UserRefs != nil { - err = r.startUsersCreationJob(pg) - if err != nil { - l.Error(err, "Failed to start user PostreSQL creation job") - r.EventRecorder.Eventf(pg, models.Warning, models.CreationFailed, - "User creation job is failed. Reason: %v", err) - return reconcile.Result{}, err - } - - r.EventRecorder.Event(pg, models.Normal, models.Created, - "Cluster user creation job is started") - } } err = r.createDefaultPassword(ctx, pg, l) @@ -534,262 +521,6 @@ func (r *PostgreSQLReconciler) handleUpdateCluster(ctx context.Context, pg *v1be return models.ExitReconcile, nil } -func (r *PostgreSQLReconciler) createUser( - ctx context.Context, - l logr.Logger, - c *v1beta1.PostgreSQL, - uRef *v1beta1.Reference, -) error { - req := types.NamespacedName{ - Namespace: uRef.Namespace, - Name: uRef.Name, - } - - u := &clusterresourcesv1beta1.PostgreSQLUser{} - err := r.Get(ctx, req, u) - if err != nil { - if k8serrors.IsNotFound(err) { - l.Error(err, "Cannot create a PostgreSQL user. The resource is not found", "request", req) - r.EventRecorder.Eventf(c, models.Warning, models.NotFound, - "User is not found, create a new one PostgreSQL User or provide correct userRef."+ - "Current provided reference: %v", uRef) - return err - } - - l.Error(err, "Cannot get PostgreSQL user", "user", u.Spec) - r.EventRecorder.Eventf(c, models.Warning, models.CreationFailed, - "Cannot get PostgreSQL user. User reference: %v", uRef) - return err - } - - secret, err := v1beta1.GetDefaultPgUserSecret(ctx, c.Name, c.Namespace, r.Client) - if err != nil && !k8serrors.IsNotFound(err) { - r.EventRecorder.Eventf( - c, models.Warning, models.FetchFailed, - "Default user secret fetch is failed. Reason: %v", - err, - ) - - return err - } - - defaultSecretNamespacedName := types.NamespacedName{ - Namespace: secret.Namespace, - Name: secret.Name, - } - - if _, exist := u.Status.ClustersInfo[c.Status.ID]; exist { - l.Info("User is already existing on the cluster", - "user reference", uRef) - r.EventRecorder.Eventf(c, models.Normal, models.CreationFailed, - "User is already existing on the cluster. User reference: %v", uRef) - - return nil - } - - patch := u.NewPatch() - - if u.Status.ClustersInfo == nil { - u.Status.ClustersInfo = make(map[string]clusterresourcesv1beta1.ClusterInfo) - } - - u.Status.ClustersInfo[c.Status.ID] = clusterresourcesv1beta1.ClusterInfo{ - DefaultSecretNamespacedName: clusterresourcesv1beta1.NamespacedName{ - Namespace: defaultSecretNamespacedName.Namespace, - Name: defaultSecretNamespacedName.Name, - }, - Event: models.CreatingEvent, - } - - err = r.Status().Patch(ctx, u, patch) - if err != nil { - l.Error(err, "Cannot patch the PostgreSQL User status with the CreatingEvent", - "cluster name", c.Spec.Name, "cluster ID", c.Status.ID) - r.EventRecorder.Eventf(c, models.Warning, models.CreationFailed, - "Cannot add PostgreSQL User to the cluster. Reason: %v", err) - return err - } - - return nil -} - -func (r *PostgreSQLReconciler) handleUsersDelete( - ctx context.Context, - l logr.Logger, - pg *v1beta1.PostgreSQL, - uRef *v1beta1.Reference, -) error { - req := types.NamespacedName{ - Namespace: uRef.Namespace, - Name: uRef.Name, - } - - u := &clusterresourcesv1beta1.PostgreSQLUser{} - err := r.Get(ctx, req, u) - if err != nil { - if k8serrors.IsNotFound(err) { - l.Error(err, "Cannot delete a PostgreSQL user, the user is not found", "request", req) - r.EventRecorder.Eventf(pg, models.Warning, models.NotFound, - "Cannot delete a PostgreSQL user, the user %v is not found", req) - return nil - } - - l.Error(err, "Cannot get PostgreSQL user", "user", req) - r.EventRecorder.Eventf(pg, models.Warning, models.DeletionFailed, - "Cannot get PostgreSQL user. user reference: %v", req) - return err - } - - if _, exist := u.Status.ClustersInfo[pg.Status.ID]; !exist { - l.Info("User is not existing on the cluster", - "user reference", uRef) - r.EventRecorder.Eventf(pg, models.Normal, models.DeletionFailed, - "User is not existing on the cluster. User reference: %v", req) - - return nil - } - - patch := u.NewPatch() - - defaultSecretNamespacedName := u.Status.ClustersInfo[pg.Status.ID].DefaultSecretNamespacedName - - u.Status.ClustersInfo[pg.Status.ID] = clusterresourcesv1beta1.ClusterInfo{ - DefaultSecretNamespacedName: clusterresourcesv1beta1.NamespacedName{ - Namespace: defaultSecretNamespacedName.Namespace, - Name: defaultSecretNamespacedName.Name, - }, - Event: models.DeletingEvent, - } - - err = r.Status().Patch(ctx, u, patch) - if err != nil { - l.Error(err, "Cannot patch the PostgreSQL User status with the DeletingEvent", - "cluster name", pg.Spec.Name, "cluster ID", pg.Status.ID) - r.EventRecorder.Eventf(pg, models.Warning, models.DeletionFailed, - "Cannot patch the PostgreSQL User status with the DeletingEvent. Reason: %v", err) - return err - } - - l.Info("User has been added to the queue for deletion", - "User resource", u.Namespace+"/"+u.Name, - "PostgreSQL resource", pg.Namespace+"/"+pg.Name) - - return nil -} - -func (r *PostgreSQLReconciler) handleUsersDetach( - ctx context.Context, - l logr.Logger, - c *v1beta1.PostgreSQL, - uRef *v1beta1.Reference, -) error { - req := types.NamespacedName{ - Namespace: uRef.Namespace, - Name: uRef.Name, - } - - u := &clusterresourcesv1beta1.PostgreSQLUser{} - err := r.Get(ctx, req, u) - if err != nil { - if k8serrors.IsNotFound(err) { - l.Error(err, "Cannot detach a PostgreSQL user, the user is not found", "request", req) - r.EventRecorder.Eventf(c, models.Warning, models.NotFound, - "Cannot detach a PostgreSQL user, the user %v is not found", req) - return nil - } - - l.Error(err, "Cannot get PostgreSQL user", "user", req) - r.EventRecorder.Eventf(c, models.Warning, models.DeletionFailed, - "Cannot get PostgreSQL user. user reference: %v", req) - return err - } - - if _, exist := u.Status.ClustersInfo[c.Status.ID]; !exist { - l.Info("User is not existing in the cluster", "user reference", uRef) - r.EventRecorder.Eventf(c, models.Normal, models.DeletionFailed, - "User is not existing in the cluster. User reference: %v", uRef) - return nil - } - - defaultSecretNamespacedName := u.Status.ClustersInfo[c.Status.ID].DefaultSecretNamespacedName - - patch := u.NewPatch() - u.Status.ClustersInfo[c.Status.ID] = clusterresourcesv1beta1.ClusterInfo{ - DefaultSecretNamespacedName: clusterresourcesv1beta1.NamespacedName{ - Namespace: defaultSecretNamespacedName.Namespace, - Name: defaultSecretNamespacedName.Name, - }, - Event: models.DeletingEvent, - } - - err = r.Status().Patch(ctx, u, patch) - if err != nil { - l.Error(err, "Cannot patch the PostgreSQL user status with the ClusterDeletingEvent", - "cluster name", c.Spec.Name, "cluster ID", c.Status.ID) - r.EventRecorder.Eventf(c, models.Warning, models.DeletionFailed, - "Cannot patch the PostgreSQL user status with the ClusterDeletingEvent. Reason: %v", err) - return err - } - - l.Info("User has been added to the queue for detaching", "username", u.Name) - - return nil -} - -func (r *PostgreSQLReconciler) handleUserEvent( - newObj *v1beta1.PostgreSQL, - oldUsers []*v1beta1.Reference, -) { - ctx := context.TODO() - l := log.FromContext(ctx) - - for _, newUser := range newObj.Spec.UserRefs { - var exist bool - - for _, oldUser := range oldUsers { - if *newUser == *oldUser { - exist = true - break - } - } - - if exist { - continue - } - - err := r.createUser(ctx, l, newObj, newUser) - if err != nil { - l.Error(err, "Cannot create PostgreSQL user in predicate", "user", newUser) - r.EventRecorder.Eventf(newObj, models.Warning, models.CreatingEvent, - "Cannot create user. Reason: %v", err) - } - - oldUsers = append(oldUsers, newUser) - } - - for _, oldUser := range oldUsers { - var exist bool - - for _, newUser := range newObj.Spec.UserRefs { - if *oldUser == *newUser { - exist = true - break - } - } - - if exist { - continue - } - - err := r.handleUsersDelete(ctx, l, newObj, oldUser) - if err != nil { - l.Error(err, "Cannot delete Cassandra user", "user", oldUser) - r.EventRecorder.Eventf(newObj, models.Warning, models.CreatingEvent, - "Cannot delete user from cluster. Reason: %v", err) - } - } -} - func (r *PostgreSQLReconciler) handleDeleteCluster( ctx context.Context, pg *v1beta1.PostgreSQL, @@ -908,17 +639,9 @@ func (r *PostgreSQLReconciler) handleDeleteCluster( "Cluster backup resources are deleted", ) - r.Scheduler.RemoveJob(pg.GetJobID(scheduler.UserCreator)) r.Scheduler.RemoveJob(pg.GetJobID(scheduler.BackupsChecker)) r.Scheduler.RemoveJob(pg.GetJobID(scheduler.StatusChecker)) - for _, ref := range pg.Spec.UserRefs { - err = r.handleUsersDetach(ctx, l, pg, ref) - if err != nil { - return reconcile.Result{}, err - } - } - controllerutil.RemoveFinalizer(pg, models.DeletionFinalizer) pg.Annotations[models.ResourceStateAnnotation] = models.DeletedEvent err = r.patchClusterMetadata(ctx, pg, l) @@ -1102,17 +825,6 @@ func (r *PostgreSQLReconciler) startClusterBackupsJob(pg *v1beta1.PostgreSQL) er return nil } -func (r *PostgreSQLReconciler) startUsersCreationJob(cluster *v1beta1.PostgreSQL) error { - job := r.newUsersCreationJob(cluster) - - err := r.Scheduler.ScheduleJob(cluster.GetJobID(scheduler.UserCreator), scheduler.UserCreationInterval, job) - if err != nil { - return err - } - - return nil -} - func (r *PostgreSQLReconciler) newWatchStatusJob(pg *v1beta1.PostgreSQL) scheduler.Job { l := log.Log.WithValues("component", "postgreSQLStatusClusterJob") @@ -1288,6 +1000,7 @@ func (r *PostgreSQLReconciler) newWatchStatusJob(pg *v1beta1.PostgreSQL) schedul } func (r *PostgreSQLReconciler) createDefaultPassword(ctx context.Context, pg *v1beta1.PostgreSQL, l logr.Logger) error { + patch := pg.NewPatch() iData, err := r.API.GetPostgreSQL(pg.Status.ID) if err != nil { l.Error( @@ -1357,6 +1070,24 @@ func (r *PostgreSQLReconciler) createDefaultPassword(ctx context.Context, pg *v1 secret.Name, ) + pg.Status.DefaultUserSecretRef = &v1beta1.Reference{ + Name: secret.Name, + Namespace: secret.Namespace, + } + + err = r.Status().Patch(ctx, pg, patch) + if err != nil { + l.Error(err, "Cannot patch PostgreSQL resource", + "cluster name", pg.Spec.Name, + "status", pg.Status) + + r.EventRecorder.Eventf( + pg, models.Warning, models.PatchFailed, + "Cluster resource patch is failed. Reason: %v", err) + + return err + } + return nil } @@ -1476,49 +1207,6 @@ func (r *PostgreSQLReconciler) newWatchBackupsJob(pg *v1beta1.PostgreSQL) schedu } } -func (r *PostgreSQLReconciler) newUsersCreationJob(c *v1beta1.PostgreSQL) scheduler.Job { - l := log.Log.WithValues("component", "postgresqlUsersCreationJob") - - return func() error { - ctx := context.Background() - - err := r.Get(ctx, types.NamespacedName{ - Namespace: c.Namespace, - Name: c.Name, - }, c) - if err != nil { - if k8serrors.IsNotFound(err) { - return nil - } - return err - } - - if c.Status.State != models.RunningStatus { - l.Info("User creation job is scheduled") - r.EventRecorder.Event(c, models.Normal, models.CreationFailed, - "User creation job is scheduled, cluster is not in the running state") - return nil - } - - for _, ref := range c.Spec.UserRefs { - err = r.createUser(ctx, l, c, ref) - if err != nil { - l.Error(err, "Failed to create a user for the cluster", "user ref", ref) - r.EventRecorder.Eventf(c, models.Warning, models.CreationFailed, - "Failed to create a user for the cluster. Reason: %v", err) - return err - } - } - - l.Info("User creation job successfully finished", "resource name", c.Name) - r.EventRecorder.Eventf(c, models.Normal, models.Created, "User creation job successfully finished") - - r.Scheduler.RemoveJob(c.GetJobID(scheduler.UserCreator)) - - return nil - } -} - func (r *PostgreSQLReconciler) listClusterBackups(ctx context.Context, clusterID, namespace string) (*clusterresourcesv1beta1.ClusterBackupList, error) { backupsList := &clusterresourcesv1beta1.ClusterBackupList{} listOpts := []client.ListOption{ @@ -1732,10 +1420,6 @@ func (r *PostgreSQLReconciler) SetupWithManager(mgr ctrl.Manager) error { return false } - oldObj := event.ObjectOld.(*v1beta1.PostgreSQL) - - r.handleUserEvent(newObj, oldObj.Spec.UserRefs) - event.ObjectNew.GetAnnotations()[models.ResourceStateAnnotation] = models.UpdatingEvent return true }, diff --git a/main.go b/main.go index 45d6d9814..b7ef5dbc5 100644 --- a/main.go +++ b/main.go @@ -431,14 +431,6 @@ func main() { setupLog.Error(err, "unable to create controller", "controller", "OpenSearchUser") os.Exit(1) } - if err = (&clusterresourcescontrollers.PostgreSQLUserReconciler{ - Client: mgr.GetClient(), - Scheme: mgr.GetScheme(), - EventRecorder: eventRecorder, - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "PostgreSQLUser") - os.Exit(1) - } if err = (&clusterresourcesv1beta1.OpenSearchUser{}).SetupWebhookWithManager(mgr); err != nil { setupLog.Error(err, "unable to create webhook", "webhook", "OpenSearchUser") os.Exit(1) @@ -493,10 +485,6 @@ func main() { setupLog.Error(err, "unable to create webhook", "webhook", "ClusterBackup") os.Exit(1) } - if err = (&clusterresourcesv1beta1.PostgreSQLUser{}).SetupWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "PostgreSQLUser") - os.Exit(1) - } if err = (&clusterresourcescontrollers.OpenSearchEgressRulesReconciler{ Client: mgr.GetClient(), Scheme: mgr.GetScheme(),