add --expired flag to pgo show user, updated docs

Author: jmccormick2001

apiserver/userservice/userimpl.go

@@ -138,7 +138,6 @@ func User(request *msgs.UserRequest) msgs.UserResponse {
 				if len(results) > 0 {
 					log.Debug("expired passwords....")
 					for _, v := range results {
-						resp.Results = append(resp.Results, "RoleName "+v.Rolname+" Role Valid Until "+v.Rolvaliduntil)
 						log.Debug("RoleName " + v.Rolname + " Role Valid Until " + v.Rolvaliduntil)
 						if request.UpdatePasswords {
 							newPassword := util.GeneratePassword(defaultPasswordLength)
@@ -152,9 +151,6 @@ func User(request *msgs.UserRequest) msgs.UserResponse {
 							//log.Debug("new password for %s is %s new expiration is %s\n", v.Rolname, newPassword, newExpireDate)
 						}
 					}
-				} else {
-					log.Debug("no expired passwords....")
-					resp.Results = append(resp.Results, "no users were found with expired passwords")
 				}
 			}
 
@@ -627,7 +623,7 @@ func isManaged(secretName string) (bool, error) {
 }
 
 // ShowUser ...
-func ShowUser(name, selector string) msgs.ShowUserResponse {
+func ShowUser(name, selector, expired string) msgs.ShowUserResponse {
 	var err error
 
 	response := msgs.ShowUserResponse{}
@@ -652,11 +648,54 @@ func ShowUser(name, selector string) msgs.ShowUserResponse {
 		return response
 	}
 
+	var expiredInt int
+	if expired != "" {
+		expiredInt, err = strconv.Atoi(expired)
+		if err != nil {
+			response.Status.Code = msgs.Error
+			response.Status.Msg = "--expired is not a valid integer"
+			return response
+		}
+		if expiredInt < 1 {
+			response.Status.Code = msgs.Error
+			response.Status.Msg = "--expired is requited to be greater than 0"
+			return response
+		}
+	}
+
 	log.Debug("clusters found len is %d\n", len(clusterList.Items))
 
 	for _, c := range clusterList.Items {
 		detail := msgs.ShowUserDetail{}
 		detail.Cluster = c
+		detail.ExpiredMsgs = make([]string, 0)
+
+		if expired != "" {
+			selector := util.LABEL_PG_CLUSTER + "=" + c.Spec.Name + "," + util.LABEL_PRIMARY + "=true"
+			deployments, err := kubeapi.GetDeployments(apiserver.Clientset, selector, apiserver.Namespace)
+			if err != nil {
+				response.Status.Code = msgs.Error
+				response.Status.Msg = err.Error()
+				return response
+			}
+
+			for _, d := range deployments.Items {
+				info := getPostgresUserInfo(apiserver.Namespace, d.ObjectMeta.Name)
+				if expired != "" {
+					results := callDB(info, d.ObjectMeta.Name, expired)
+					if len(results) > 0 {
+						log.Debug("expired passwords....")
+						for _, v := range results {
+							detail.ExpiredMsgs = append(detail.ExpiredMsgs, "RoleName "+v.Rolname+" Role Valid Until "+v.Rolvaliduntil)
+							log.Debug("RoleName " + v.Rolname + " Role Valid Until " + v.Rolvaliduntil)
+
+						}
+					}
+				}
+
+			}
+		}
+
 		detail.Secrets, err = apiserver.GetSecrets(&c)
 		if err != nil {
 			response.Status.Code = msgs.Error

apiserver/userservice/userservice.go

@@ -161,7 +161,7 @@ func ShowUserHandler(w http.ResponseWriter, r *http.Request) {
 		resp.Status = msgs.Status{Code: msgs.Error, Msg: apiserver.VERSION_MISMATCH_ERROR}
 		resp.Results = make([]msgs.ShowUserDetail, 0)
 	} else {
-		resp = ShowUser(clustername, selector)
+		resp = ShowUser(clustername, selector, expired)
 	}
 	json.NewEncoder(w).Encode(resp)
 

apiservermsgs/usermsgs.go

@@ -75,8 +75,9 @@ type ShowUserSecret struct {
 
 // ShowUsersDetail ...
 type ShowUserDetail struct {
-	Cluster crv1.Pgcluster
-	Secrets []ShowUserSecret
+	Cluster     crv1.Pgcluster
+	Secrets     []ShowUserSecret
+	ExpiredMsgs []string
 }
 
 // ShowUsersResponse ...

hugo/content/getting-started/_index.adoc

@@ -434,6 +434,21 @@ are available on user management below.
 pgo show user mycluster
 ....
 
+
+===== Viewing Users With Passwords Set to Expire
+
+To see user passwords that have expired past a certain number
+of days in the *mycluster* cluster:
+....
+pgo show user --expired=7 --selector=name=mycluster
+....
+
+[width="100%",cols="5,^1,^1, 13",options="header"]
+|=========================================================
+|Name |Shorthand |Input |Usage
+|`--expired` |N/A |String |
+|=========================================================
+
 ===== PostgreSQL Version
 
 Filter the results based on the PostgeSQL version of the cluster with the `--ccp-image-tag` flag:
@@ -1241,7 +1256,8 @@ Updates the password for a user on selective clusters.
 Grants the user access to a database.
 
 |`--expired` |N/A |String |
-Shows passwords that will expire in X days.
+Specifies number of days to check for expiring passwords when
+using --update-passwords flag to update passwords.
 
 |`--managed` |N/A |N/A |
 Creates a user with secrets that can be managed by the Operator.
@@ -1323,13 +1339,6 @@ If pgpool is part of your cluster, changing a managed user password
 will cause pgpool to be reconfigured to pick up the password change.
 
 
-===== Viewing Expired Passwords
-
-To see user passwords that have expired past a certain number
-of days in the *mycluster* cluster:
-....
-pgo user --expired=7 --selector=name=mycluster
-....
 
 ===== Updating Expired Passwords
 

pgo/api/user.go

@@ -24,11 +24,11 @@ import (
 	"net/http"
 )
 
-func ShowUser(httpclient *http.Client, arg, selector string, SessionCredentials *msgs.BasicAuthCredentials) (msgs.ShowUserResponse, error) {
+func ShowUser(httpclient *http.Client, arg, selector, expired string, SessionCredentials *msgs.BasicAuthCredentials) (msgs.ShowUserResponse, error) {
 
 	var response msgs.ShowUserResponse
 
-	url := SessionCredentials.APIServerURL + "/users/" + arg + "?selector=" + selector + "&version=" + msgs.PGO_VERSION
+	url := SessionCredentials.APIServerURL + "/users/" + arg + "?selector=" + selector + "&version=" + msgs.PGO_VERSION + "&expired=" + expired
 
 	log.Debug("show users called [" + url + "]")
 

pgo/cmd/show.go

@@ -104,6 +104,8 @@ func init() {
 	ShowScheduleCmd.Flags().StringVarP(&ScheduleName, "schedule-name", "", "", "The name of the schedule to show.")
 	ShowScheduleCmd.Flags().BoolVarP(&NoPrompt, "no-prompt", "n", false, "No command line confirmation.")
 	ShowUserCmd.Flags().StringVarP(&Selector, "selector", "s", "", "The selector to use for cluster filtering.")
+	ShowUserCmd.Flags().StringVarP(&Expired, "expired", "", "", "Shows passwords that will expire in X days.")
+
 }
 
 var ShowConfigCmd = &cobra.Command{
@@ -237,7 +239,7 @@ var ShowUserCmd = &cobra.Command{
 	},
 }
 
-// ShowUserCmd represents the show user command
+// ShowScheduleCmd represents the show schedule command
 var ShowScheduleCmd = &cobra.Command{
 	Use:   "schedule",
 	Short: "Show schedule information",

pgo/cmd/user.go

@@ -55,7 +55,6 @@ var userCmd = &cobra.Command{
 	Long: `USER allows you to manage users and passwords across a set of clusters. For example:
 
 	pgo user --selector=name=mycluster --update-passwords
-	pgo user --expired=7 --selector=name=mycluster
 	pgo user --change-password=bob --selector=name=mycluster --password=newpass`,
 	Run: func(cmd *cobra.Command, args []string) {
 		log.Debug("user called")
@@ -67,7 +66,7 @@ func init() {
 	RootCmd.AddCommand(userCmd)
 
 	userCmd.Flags().StringVarP(&Selector, "selector", "s", "", "The selector to use for cluster filtering.")
-	userCmd.Flags().StringVarP(&Expired, "expired", "", "", "Shows passwords that will expire in X days.")
+	userCmd.Flags().StringVarP(&Expired, "expired", "", "", "required flag when updating passwords that will expire in X days using --update-passwords flag.")
 	userCmd.Flags().IntVarP(&PasswordAgeDays, "valid-days", "", 30, "Sets passwords for new users to X days.")
 	userCmd.Flags().StringVarP(&ChangePasswordForUser, "change-password", "", "", "Updates the password for a user on selective clusters.")
 	userCmd.Flags().StringVarP(&UserDBAccess, "db", "", "", "Grants the user access to a database.")
@@ -184,7 +183,7 @@ func showUser(args []string) {
 
 	for _, v := range args {
 
-		response, err := api.ShowUser(httpclient, v, Selector, &SessionCredentials)
+		response, err := api.ShowUser(httpclient, v, Selector, Expired, &SessionCredentials)
 		if err != nil {
 			fmt.Println("Error: ", err.Error())
 			os.Exit(2)
@@ -227,5 +226,11 @@ func printUsers(detail *msgs.ShowUserDetail) {
 		fmt.Println(TreeBranch + "username: " + s.Username)
 		fmt.Println(TreeTrunk + "password: " + s.Password)
 	}
+	if len(detail.ExpiredMsgs) > 0 {
+		fmt.Printf("\nexpired passwords: \n")
+		for _, e := range detail.ExpiredMsgs {
+			fmt.Println(e)
+		}
+	}
 
 }