psw code

Jeff McCormick · Jeff McCormick · commit 8846e3da41e5 · 2017-09-13T17:08:35.000-05:00
diff --git a/client/cmd/cluster.go b/client/cmd/cluster.go
@@ -25,6 +25,7 @@ import (
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/client-go/pkg/api/v1"
 	"k8s.io/client-go/pkg/apis/extensions/v1beta1"
+	"time"
 )
 
 func showCluster(args []string) {
@@ -67,6 +68,7 @@ func showCluster(args []string) {
 				if PostgresVersion == "" || (PostgresVersion != "" && cluster.Spec.POSTGRES_FULL_VERSION == PostgresVersion) {
 					fmt.Println("cluster : " + cluster.Spec.Name + " (" + cluster.Spec.POSTGRES_FULL_VERSION + ")")
 					log.Debug("listing cluster " + arg)
+					fmt.Printf("last password update %v\n", cluster.Spec.PSW_LAST_UPDATE)
 					//list the deployments
 					listDeployments(cluster.Spec.Name)
 					//list the replicasets
@@ -199,6 +201,8 @@ func createCluster(args []string) {
 		// Create an instance of our TPR
 		newInstance := getClusterParams(arg)
 
+		newInstance.Spec.PSW_LAST_UPDATE = time.Now()
+
 		err = Tprclient.Post().
 			Resource(tpr.CLUSTER_RESOURCE).
 			Namespace(Namespace).
@@ -293,6 +297,7 @@ func getClusterParams(name string) *tpr.PgCluster {
 	if SecretFrom != "" {
 		spec.SECRET_FROM = SecretFrom
 	}
+
 	spec.BACKUP_PATH = BackupPath
 	if BackupPVC != "" {
 		spec.BACKUP_PVC_NAME = BackupPVC
diff --git a/client/cmd/psw.go b/client/cmd/psw.go
@@ -16,8 +16,11 @@
 package cmd
 
 import (
+	"database/sql"
 	"fmt"
 	log "github.com/Sirupsen/logrus"
+	_ "github.com/lib/pq"
+	//"k8s.io/apimachinery/pkg/labels"
 	//"github.com/crunchydata/postgres-operator/operator/util"
 	//"github.com/crunchydata/postgres-operator/tpr"
 	"github.com/spf13/cobra"
@@ -29,6 +32,11 @@ import (
 	//"strings"
 )
 
+type PswResult struct {
+	Rolname       string
+	Rolvaliduntil string
+}
+
 var pswCmd = &cobra.Command{
 	Use:   "psw",
 	Short: "manage passwords",
@@ -78,9 +86,95 @@ func updatePasswords() {
 
 	for _, d := range deployments.Items {
 		fmt.Println("deployment : " + d.ObjectMeta.Name)
+		getExpiredInfo(d.ObjectMeta.Name, "7")
 		if !DryRun {
 		}
 
 	}
 
 }
+
+func getExpiredInfo(clusterName, MAX_DAYS string) {
+	//var err error
+
+	results := callDB(clusterName, MAX_DAYS)
+	for _, v := range results {
+		fmt.Printf("RoleName %s Role Valid Until %s\n", v.Rolname, v.Rolvaliduntil)
+	}
+
+}
+
+func callDB(clusterName, maxdays string) []PswResult {
+	var conn *sql.DB
+
+	results := []PswResult{}
+
+	//get the service for the cluster
+	service, err := Clientset.CoreV1().Services(Namespace).Get(clusterName, meta_v1.GetOptions{})
+	if err != nil {
+		log.Error("error getting list of services" + err.Error())
+		return results
+	}
+
+	//get the secrets for this cluster
+	lo := meta_v1.ListOptions{LabelSelector: "pg-database=" + clusterName}
+	secrets, err := Clientset.Secrets(Namespace).List(lo)
+	if err != nil {
+		log.Error("error getting list of secrets" + err.Error())
+		return results
+	}
+
+	//get the postgres user secret info
+	var username, password, database, hostip string
+	for _, s := range secrets.Items {
+		username = string(s.Data["username"][:])
+		password = string(s.Data["password"][:])
+		database = "postgres"
+		hostip = service.Spec.ClusterIP
+		if username == "postgres" {
+			log.Debug("got postgres user secrets")
+			break
+		}
+	}
+
+	//query the database for users that have expired
+	strPort := fmt.Sprint(service.Spec.Ports[0].Port)
+	conn, err = sql.Open("postgres", "sslmode=disable user="+username+" host="+hostip+" port="+strPort+" dbname="+database+" password="+password)
+	if err != nil {
+		log.Debug(err.Error())
+		return results
+	}
+
+	var ts string
+	var rows *sql.Rows
+
+	querystr := "SELECT rolname, rolvaliduntil as expiring_soon FROM pg_authid WHERE rolvaliduntil < now() + '" + maxdays + " days'"
+	log.Debug(querystr)
+	rows, err = conn.Query(querystr)
+	if err != nil {
+		log.Debug(err.Error())
+		return results
+	}
+
+	defer func() {
+		if conn != nil {
+			conn.Close()
+		}
+		if rows != nil {
+			rows.Close()
+		}
+	}()
+
+	for rows.Next() {
+		p := PswResult{}
+		if err = rows.Scan(&p.Rolname, &p.Rolvaliduntil); err != nil {
+			log.Debug(err.Error())
+			return results
+		}
+		results = append(results, p)
+		log.Debug("returned " + ts)
+	}
+
+	return results
+
+}
diff --git a/tpr/cluster.go b/tpr/cluster.go
@@ -22,6 +22,7 @@ import (
 	"encoding/json"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"time"
 )
 
 const CLUSTER_RESOURCE = "pgclusters"
@@ -52,6 +53,7 @@ type PgClusterSpec struct {
 	PGROOT_SECRET_NAME    string        `json:"pgrootsecretname"`
 	PGMASTER_SECRET_NAME  string        `json:"pgmastersecretname"`
 	STATUS                string        `json:"status"`
+	PSW_LAST_UPDATE       time.Time     `json:"pswlastupdate"`
 }
 
 type PgCluster struct {

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@ import (`
`22`	`22`	`"encoding/json"`
`23`	`23`	`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
`24`	`24`	`"k8s.io/apimachinery/pkg/runtime/schema"`
	`25`	`+ "time"`
`25`	`26`	`)`
`26`	`27`
`27`	`28`	`const CLUSTER_RESOURCE = "pgclusters"`
`@@ -52,6 +53,7 @@ type PgClusterSpec struct {`
`52`	`53`	PGROOT_SECRET_NAME string `json:"pgrootsecretname"`
`53`	`54`	PGMASTER_SECRET_NAME string `json:"pgmastersecretname"`
`54`	`55`	STATUS string `json:"status"`
	`56`	+ PSW_LAST_UPDATE time.Time `json:"pswlastupdate"`
`55`	`57`	`}`
`56`	`58`
`57`	`59`	`type PgCluster struct {`