Skip to content

Commit 38c410d

Browse files
author
Jeff McCormick
committed
updates to pgo user command
1 parent f550d8f commit 38c410d

File tree

2 files changed

+114
-55
lines changed

2 files changed

+114
-55
lines changed

client/cmd/user.go

Lines changed: 100 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -19,15 +19,15 @@ import (
1919
"database/sql"
2020
"fmt"
2121
log "github.com/Sirupsen/logrus"
22+
"github.com/crunchydata/postgres-operator/operator/util"
23+
"github.com/crunchydata/postgres-operator/tpr"
2224
_ "github.com/lib/pq"
25+
"github.com/spf13/cobra"
26+
"github.com/spf13/viper"
27+
"k8s.io/apimachinery/pkg/labels"
2328
"os"
2429
"strconv"
2530
"time"
26-
//"k8s.io/apimachinery/pkg/labels"
27-
"github.com/crunchydata/postgres-operator/operator/util"
28-
//"github.com/crunchydata/postgres-operator/tpr"
29-
"github.com/spf13/cobra"
30-
"github.com/spf13/viper"
3131
//"io/ioutil"
3232
//kerrors "k8s.io/apimachinery/pkg/api/errors"
3333
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -55,9 +55,12 @@ var PasswordAgeDays, PasswordLength int
5555

5656
var ChangePasswordForUser string
5757
var DeleteUser string
58+
var ValidDays string
59+
var UserDBAccess string
5860
var AddUser string
5961
var Expired string
6062
var UpdatePasswords bool
63+
var ManagedUser bool
6164

6265
var userCmd = &cobra.Command{
6366
Use: "user",
@@ -81,83 +84,115 @@ func init() {
8184

8285
userCmd.Flags().StringVarP(&Selector, "selector", "s", "", "The selector to use for cluster filtering ")
8386
userCmd.Flags().StringVarP(&Expired, "expired", "e", "", "--expired=7 shows passwords that will expired in 7 days")
87+
userCmd.Flags().IntVarP(&PasswordAgeDays, "valid-days", "v", 30, "--valid-days=7 sets passwords for new users to 7 days")
8488
userCmd.Flags().StringVarP(&AddUser, "add-user", "a", "", "--add-user=bob adds a new user to selective clusters")
8589
userCmd.Flags().StringVarP(&ChangePasswordForUser, "change-password", "c", "", "--change-password=bob updates the password for a user on selective clusters")
90+
userCmd.Flags().StringVarP(&UserDBAccess, "db", "b", "", "--db=userdb grants the user access to a database")
8691
userCmd.Flags().StringVarP(&DeleteUser, "delete-user", "d", "", "--delete-user=bob deletes a user on selective clusters")
8792
userCmd.Flags().BoolVarP(&UpdatePasswords, "update-passwords", "u", false, "--update-passwords performs password updating on expired passwords")
93+
userCmd.Flags().BoolVarP(&ManagedUser, "managed", "m", false, "--managed creates a user with secrets")
8894
getDefaults()
8995

9096
}
9197

9298
func userManager() {
9399
//build the selector based on the selector parameter
94-
//get the clusters list
95100

96-
//get filtered list of Deployments
101+
//set up the selector
97102
var sel string
98103
if Selector != "" {
99104
sel = Selector + ",pg-cluster,!replica"
100105
} else {
101-
sel = "pg-cluster,!replica"
106+
log.Error("--selector is required")
107+
return
108+
102109
}
103110
log.Infoln("selector string=[" + sel + "]")
104111

105-
lo := meta_v1.ListOptions{LabelSelector: sel}
106-
deployments, err := Clientset.ExtensionsV1beta1().Deployments(Namespace).List(lo)
112+
myselector, err := labels.Parse(sel)
107113
if err != nil {
108-
log.Error("error getting list of deployments" + err.Error())
114+
log.Error("could not parse --selector value " + err.Error())
109115
return
110116
}
111117

112-
for _, d := range deployments.Items {
113-
fmt.Println("deployment : " + d.ObjectMeta.Name)
114-
info := getPostgresUserInfo(d.ObjectMeta.Name)
115-
116-
if ChangePasswordForUser != "" {
117-
fmt.Println("changing password of user " + ChangePasswordForUser)
118-
newPassword := util.GeneratePassword(PasswordLength)
119-
newExpireDate := GeneratePasswordExpireDate(PasswordAgeDays)
120-
err = updatePassword(info, ChangePasswordForUser, newPassword, newExpireDate)
121-
if err != nil {
122-
log.Error(err.Error())
123-
os.Exit(2)
124-
}
125-
}
126-
if DeleteUser != "" {
127-
fmt.Println("deleting user " + DeleteUser)
128-
deleteUser(info, DeleteUser)
118+
//get the clusters list
119+
clusterList := tpr.PgClusterList{}
120+
err = Tprclient.Get().
121+
Resource(tpr.CLUSTER_RESOURCE).
122+
Namespace(Namespace).
123+
LabelsSelectorParam(myselector).
124+
Do().
125+
Into(&clusterList)
126+
if err != nil {
127+
log.Error("error getting cluster list" + err.Error())
128+
return
129+
}
130+
131+
if len(clusterList.Items) == 0 {
132+
fmt.Println("no clusters found")
133+
return
134+
}
135+
136+
for _, cluster := range clusterList.Items {
137+
138+
sel = "pg-cluster=" + cluster.Spec.Name + ",!replica"
139+
lo := meta_v1.ListOptions{LabelSelector: sel}
140+
deployments, err := Clientset.ExtensionsV1beta1().Deployments(Namespace).List(lo)
141+
if err != nil {
142+
log.Error("error getting list of deployments" + err.Error())
143+
return
129144
}
130-
if AddUser != "" {
131-
fmt.Println("adding new user " + AddUser)
132-
addUser(info, AddUser)
133-
newPassword := util.GeneratePassword(PasswordLength)
134-
newExpireDate := GeneratePasswordExpireDate(PasswordAgeDays)
135-
err = updatePassword(info, AddUser, newPassword, newExpireDate)
136-
if err != nil {
137-
log.Error(err.Error())
138-
os.Exit(2)
145+
146+
for _, d := range deployments.Items {
147+
fmt.Println("deployment : " + d.ObjectMeta.Name)
148+
info := getPostgresUserInfo(d.ObjectMeta.Name)
149+
150+
if ChangePasswordForUser != "" {
151+
fmt.Println("changing password of user " + ChangePasswordForUser)
152+
newPassword := util.GeneratePassword(PasswordLength)
153+
newExpireDate := GeneratePasswordExpireDate(PasswordAgeDays)
154+
err = updatePassword(info, ChangePasswordForUser, newPassword, newExpireDate)
155+
if err != nil {
156+
log.Error(err.Error())
157+
os.Exit(2)
158+
}
159+
}
160+
if DeleteUser != "" {
161+
fmt.Println("deleting user " + DeleteUser)
162+
deleteUser(info, DeleteUser)
163+
}
164+
if AddUser != "" {
165+
fmt.Println("adding new user " + AddUser)
166+
addUser(d.ObjectMeta.Name, info, AddUser)
167+
newPassword := util.GeneratePassword(PasswordLength)
168+
newExpireDate := GeneratePasswordExpireDate(PasswordAgeDays)
169+
err = updatePassword(info, AddUser, newPassword, newExpireDate)
170+
if err != nil {
171+
log.Error(err.Error())
172+
os.Exit(2)
173+
}
139174
}
140-
}
141175

142-
if Expired != "" {
143-
results := callDB(info, d.ObjectMeta.Name, Expired)
144-
if len(results) > 0 {
145-
fmt.Println("expired passwords....")
146-
for _, v := range results {
147-
fmt.Printf("RoleName %s Role Valid Until %s\n", v.Rolname, v.Rolvaliduntil)
148-
if UpdatePasswords {
149-
newPassword := util.GeneratePassword(PasswordLength)
150-
newExpireDate := GeneratePasswordExpireDate(PasswordAgeDays)
151-
err = updatePassword(v.ConnDetails, v.Rolname, newPassword, newExpireDate)
152-
if err != nil {
153-
fmt.Println("error in updating password")
176+
if Expired != "" {
177+
results := callDB(info, d.ObjectMeta.Name, Expired)
178+
if len(results) > 0 {
179+
fmt.Println("expired passwords....")
180+
for _, v := range results {
181+
fmt.Printf("RoleName %s Role Valid Until %s\n", v.Rolname, v.Rolvaliduntil)
182+
if UpdatePasswords {
183+
newPassword := util.GeneratePassword(PasswordLength)
184+
newExpireDate := GeneratePasswordExpireDate(PasswordAgeDays)
185+
err = updatePassword(v.ConnDetails, v.Rolname, newPassword, newExpireDate)
186+
if err != nil {
187+
fmt.Println("error in updating password")
188+
}
189+
fmt.Printf("new password for %s is %s new expiration is %s\n", v.Rolname, newPassword, newExpireDate)
154190
}
155-
fmt.Printf("new password for %s is %s new expiration is %s\n", v.Rolname, newPassword, newExpireDate)
156191
}
157192
}
158193
}
159-
}
160194

195+
}
161196
}
162197

163198
}
@@ -322,7 +357,7 @@ func getPostgresUserInfo(clusterName string) ConnInfo {
322357
return info
323358
}
324359

325-
func addUser(info ConnInfo, newUser string) {
360+
func addUser(clusterName string, info ConnInfo, newUser string) {
326361
var conn *sql.DB
327362
var err error
328363

@@ -342,7 +377,11 @@ func addUser(info ConnInfo, newUser string) {
342377
os.Exit(2)
343378
}
344379

345-
querystr = "grant all on database userdb to " + newUser
380+
if UserDBAccess != "" {
381+
querystr = "grant all on database " + UserDBAccess + " to " + newUser
382+
} else {
383+
querystr = "grant all on database userdb to " + newUser
384+
}
346385
log.Debug(querystr)
347386
rows, err = conn.Query(querystr)
348387
if err != nil {
@@ -359,6 +398,13 @@ func addUser(info ConnInfo, newUser string) {
359398
}
360399
}()
361400

401+
//add a secret if managed
402+
if ManagedUser {
403+
err = util.CreateUserSecret(Clientset, clusterName, newUser, info.Password, Namespace)
404+
if err != nil {
405+
}
406+
}
407+
362408
}
363409
func deleteUser(info ConnInfo, user string) {
364410
var conn *sql.DB

operator/util/secrets.go

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ func CreateSecret(clientset *kubernetes.Clientset, db, secretName, username, pas
119119
if err != nil {
120120
log.Error("error creating secret" + err.Error())
121121
} else {
122-
log.Info("created secret secret")
122+
log.Info("created secret " + secret.Name)
123123
}
124124

125125
return err
@@ -210,3 +210,16 @@ func CopySecrets(clientset *kubernetes.Clientset, namespace string, fromCluster,
210210
return err
211211

212212
}
213+
214+
func CreateUserSecret(clientset *kubernetes.Clientset, clustername, username, password, namespace string) error {
215+
216+
var err error
217+
218+
secretName := clustername + "-" + username + "-secret"
219+
err = CreateSecret(clientset, clustername, secretName, username, password, namespace)
220+
if err != nil {
221+
log.Error("error creating secret" + err.Error())
222+
}
223+
224+
return err
225+
}

0 commit comments

Comments
 (0)