add policy apply logic for when a new cluster goes Ready

Jeff McCormick · Jeff McCormick · commit 0772b62ab505 · 2018-06-06T17:16:09.000-05:00
diff --git a/apis/cr/v1/task.go b/apis/cr/v1/task.go
@@ -26,6 +26,7 @@ const PgtaskDeleteBackups = "delete-backups"
 const PgtaskDeleteData = "delete-data"
 const PgtaskFailover = "failover"
 const PgtaskAutoFailover = "autofailover"
+const PgtaskAddPolicies = "addpolicies"
 
 // PgtaskSpec ...
 type PgtaskSpec struct {
diff --git a/apiserver/clusterservice/clusterimpl.go b/apiserver/clusterservice/clusterimpl.go
@@ -540,7 +540,7 @@ func CreateCluster(request *msgs.CreateClusterRequest) msgs.CreateClusterRespons
 
 		// Create an instance of our CRD
 		newInstance := getClusterParams(request, clusterName, userLabelsMap)
-		validateConfigPolicies(request.Policies)
+		validateConfigPolicies(clusterName, request.Policies)
 
 		t := time.Now()
 		newInstance.Spec.PswLastUpdate = t.Format(time.RFC3339)
@@ -558,18 +558,19 @@ func CreateCluster(request *msgs.CreateClusterRequest) msgs.CreateClusterRespons
 
 }
 
-func validateConfigPolicies(PoliciesFlag string) error {
+func validateConfigPolicies(clusterName, PoliciesFlag string) error {
 	var err error
 	var configPolicies string
+
 	if PoliciesFlag == "" {
-		log.Println(apiserver.Pgo.Cluster.Policies + " is Pgo.Cluster.Policies")
+		log.Debug(apiserver.Pgo.Cluster.Policies + " is Pgo.Cluster.Policies")
 		configPolicies = apiserver.Pgo.Cluster.Policies
 	} else {
 		configPolicies = PoliciesFlag
 	}
+
 	if configPolicies == "" {
-		log.Debug("no policies are specified")
-		err = errors.New("no policies are specified")
+		log.Debug("no policies are specified in either pgo.yaml or from user")
 		return err
 	}
 
@@ -590,8 +591,31 @@ func validateConfigPolicies(PoliciesFlag string) error {
 			log.Error("error getting pgpolicy " + v + err.Error())
 			return err
 		}
+		//create a pgtask to add the policy after the db is ready
+	}
+
+	spec := crv1.PgtaskSpec{}
+	spec.StorageSpec = crv1.PgStorageSpec{}
+	spec.TaskType = crv1.PgtaskAddPolicies
+	spec.Status = "requested"
+	spec.Parameters = make(map[string]string)
+	for _, v := range policies {
+		spec.Parameters[v] = v
+	}
+	spec.Name = clusterName + "-policies"
+	labels := make(map[string]string)
+	labels[util.LABEL_PG_CLUSTER] = clusterName
+
+	newInstance := &crv1.Pgtask{
+		ObjectMeta: meta_v1.ObjectMeta{
+			Name:   spec.Name,
+			Labels: labels,
+		},
+		Spec: spec,
 	}
 
+	kubeapi.Createpgtask(apiserver.RESTClient, newInstance, apiserver.Namespace)
+
 	return err
 }
 
diff --git a/conf/apiserver/pgo.yaml b/conf/apiserver/pgo.yaml
@@ -10,9 +10,9 @@ Cluster:
   Replicas:  0
   ArchiveMode:  false
   ArchiveTimeout:  60
-PrimaryStorage: storage3
-BackupStorage: storage3
-ReplicaStorage: storage3
+PrimaryStorage: storage1
+BackupStorage: storage1
+ReplicaStorage: storage1
 Storage:
   storage1:
     AccessMode:  ReadWriteMany
diff --git a/controller/podcontroller.go b/controller/podcontroller.go
@@ -19,6 +19,7 @@ import (
 	"context"
 	log "github.com/Sirupsen/logrus"
 	clusteroperator "github.com/crunchydata/postgres-operator/operator/cluster"
+	taskoperator "github.com/crunchydata/postgres-operator/operator/task"
 	"github.com/crunchydata/postgres-operator/util"
 	apiv1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/fields"
@@ -115,4 +116,17 @@ func (c *PodController) checkReadyStatus(oldpod, newpod *apiv1.Pod) {
 		}
 	}
 
+	//handle applying policies after a database is made Ready
+	if newpod.ObjectMeta.Labels[util.LABEL_PRIMARY] == "true" {
+		for _, v := range newpod.Status.ContainerStatuses {
+			if v.Name == "database" {
+				//see if there are pgtasks for adding a policy
+				if v.Ready {
+					log.Debug(newpod.ObjectMeta.Labels[util.LABEL_PG_CLUSTER] + " went to Ready, apply policies...")
+					taskoperator.ApplyPolicies(newpod.ObjectMeta.Labels[util.LABEL_PG_CLUSTER], c.PodClientset, c.PodClient)
+				}
+			}
+		}
+	}
+
 }
diff --git a/operator/task/applypolicies.go b/operator/task/applypolicies.go
@@ -0,0 +1,129 @@
+package task
+
+/*
+ Copyright 2017-2018 Crunchy Data Solutions, Inc.
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+import (
+	"encoding/json"
+	log "github.com/Sirupsen/logrus"
+	crv1 "github.com/crunchydata/postgres-operator/apis/cr/v1"
+	"github.com/crunchydata/postgres-operator/kubeapi"
+	"github.com/crunchydata/postgres-operator/operator"
+	"github.com/crunchydata/postgres-operator/operator/cluster"
+	"github.com/crunchydata/postgres-operator/util"
+	jsonpatch "github.com/evanphx/json-patch"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	"strings"
+)
+
+// RemoveBackups ...
+func ApplyPolicies(clusterName string, Clientset *kubernetes.Clientset, RESTClient *rest.RESTClient) {
+
+	taskName := clusterName + "-policies"
+	task := crv1.Pgtask{}
+	task.Spec = crv1.PgtaskSpec{}
+	task.Spec.Name = taskName
+
+	found, err := kubeapi.Getpgtask(RESTClient, &task, taskName, operator.NAMESPACE)
+	if found && err == nil {
+		//apply those policies
+		for k, _ := range task.Spec.Parameters {
+			log.Debug("applying policy %s to %s", k, clusterName)
+			applyPolicy(Clientset, RESTClient, k, clusterName)
+		}
+		//delete the pgtask to not redo this again
+		kubeapi.Deletepgtask(RESTClient, taskName, operator.NAMESPACE)
+	}
+}
+
+func applyPolicy(clientset *kubernetes.Clientset, restclient *rest.RESTClient, policyName, clusterName string) {
+	err := util.ExecPolicy(clientset, restclient, operator.NAMESPACE, policyName, clusterName)
+	if err != nil {
+		log.Error(err)
+		return
+	}
+
+	labels := make(map[string]string)
+	labels[policyName] = "pgpolicy"
+
+	//look up the cluster CRD to get the strategy
+	cl := crv1.Pgcluster{}
+	_, err = kubeapi.Getpgcluster(restclient, &cl, clusterName, operator.NAMESPACE)
+	if err != nil {
+		log.Error(err)
+		return
+
+	}
+
+	var strategyMap map[string]cluster.Strategy
+	strategyMap = make(map[string]cluster.Strategy)
+	strategyMap["1"] = cluster.Strategy1{}
+
+	strategy, ok := strategyMap[cl.Spec.Strategy]
+	if !ok {
+		log.Error("invalid Strategy requested for cluster creation" + cl.Spec.Strategy)
+		return
+	}
+
+	err = strategy.UpdatePolicyLabels(clientset, clusterName, operator.NAMESPACE, labels)
+	if err != nil {
+		log.Error(err)
+	}
+
+	//update the pgcluster crd labels with the new policy
+	err = PatchPgcluster(restclient, policyName+"=pgpolicy", cl)
+	if err != nil {
+		log.Error(err)
+	}
+
+}
+
+func PatchPgcluster(restclient *rest.RESTClient, newLabel string, oldCRD crv1.Pgcluster) error {
+
+	fields := strings.Split(newLabel, "=")
+	labelKey := fields[0]
+	labelValue := fields[1]
+	oldData, err := json.Marshal(oldCRD)
+	if err != nil {
+		return err
+	}
+	if oldCRD.ObjectMeta.Labels == nil {
+		oldCRD.ObjectMeta.Labels = make(map[string]string)
+	}
+	oldCRD.ObjectMeta.Labels[labelKey] = labelValue
+	var newData, patchBytes []byte
+	newData, err = json.Marshal(oldCRD)
+	if err != nil {
+		return err
+	}
+	patchBytes, err = jsonpatch.CreateMergePatch(oldData, newData)
+	if err != nil {
+		return err
+	}
+
+	log.Debug(string(patchBytes))
+	_, err6 := restclient.Patch(types.MergePatchType).
+		Namespace(operator.NAMESPACE).
+		Resource(crv1.PgclusterResourcePlural).
+		Name(oldCRD.Spec.Name).
+		Body(patchBytes).
+		Do().
+		Get()
+
+	return err6
+
+}
