feat: wip

oxyno-zeta · oxyno-zeta · commit 74caa4b5037e · 2025-02-05T11:22:14.000+01:00
diff --git a/api/postgresql/v1alpha1/postgresqluserrole_types.go b/api/postgresql/v1alpha1/postgresqluserrole_types.go
@@ -56,6 +56,8 @@ type PostgresqlUserRolePrivilege struct {
 	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:MinLength=1
 	GeneratedSecretName string `json:"generatedSecretName"`
+	// Extra connection URL Parameters
+	ExtraConnectionURLParameters map[string]string `json:"extraConnectionUrlParameters,omitempty"`
 }
 
 type PostgresqlUserRoleAttributes struct {
diff --git a/api/postgresql/v1alpha1/zz_generated.deepcopy.go b/api/postgresql/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/postgresql.easymile.com_postgresqluserroles.yaml b/config/crd/bases/postgresql.easymile.com_postgresqluserroles.yaml
@@ -93,6 +93,11 @@ spec:
                       required:
                       - name
                       type: object
+                    extraConnectionUrlParameters:
+                      additionalProperties:
+                        type: string
+                      description: Extra connection URL Parameters
+                      type: object
                     generatedSecretName:
                       description: Generated secret name prefix
                       minLength: 1
diff --git a/config/samples/userrole/managed-simple-rotation.yaml b/config/samples/userrole/managed-simple-rotation.yaml
@@ -20,3 +20,7 @@ spec:
         name: simple
       # Generated secret name with information for the selected database
       generatedSecretName: managed-simple-rotation
+      # Extra connection URL Parameters
+      extraConnectionUrlParameters:
+        {}
+        # param1: value1
diff --git a/config/samples/userrole/managed-simple.yaml b/config/samples/userrole/managed-simple.yaml
@@ -18,6 +18,10 @@ spec:
         name: simple
       # Generated secret name with information for the selected database
       generatedSecretName: managed-simple
+      # Extra connection URL Parameters
+      extraConnectionUrlParameters:
+        {}
+        # param1: value1
   # Role attributes
   # Note: Only attributes that aren't conflicting with operator are supported.
   roleAttributes:
diff --git a/config/samples/userrole/provided-simple.yaml b/config/samples/userrole/provided-simple.yaml
@@ -16,6 +16,10 @@ spec:
         name: simple
       # Generated secret name with information for the selected database
       generatedSecretName: simple1
+      # Extra connection URL Parameters
+      extraConnectionUrlParameters:
+        {}
+        # param1: value1
   # Import secret that will contain "USERNAME" and "PASSWORD" for provided mode
   importSecretName: provided-simple
   # Role attributes
diff --git a/docs/crds/PostgresqlUserRole.md b/docs/crds/PostgresqlUserRole.md
@@ -37,12 +37,13 @@ All these names are available for `kubectl`:
 
 ### PostgresqlUserRolePrivilege
 
-| Field               | Description                                                                                                                                                                               | Scheme            | Required |
-| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | -------- |
-| privilege           | User privilege on database. Enumeration is `OWNER`, `WRITER`, `READER`.                                                                                                                   | String            | true     |
-| connectionType      | Connection type to be used for secret generation (Can be set to BOUNCER if wanted and supported by engine configuration). Enumeration is `PRIMARY`, `BOUNCER`. Default value is `PRIMARY` | String            | false    |
-| database            | [PostgresqlDatabase](./PostgresqlDatabase.md) object reference                                                                                                                            | [CRLink](#crlink) | true     |
-| generatedSecretName | Generated secret name used for secret generation.                                                                                                                                         | String            | true     |
+| Field                        | Description                                                                                                                                                                               | Scheme              | Required |
+| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -------- |
+| privilege                    | User privilege on database. Enumeration is `OWNER`, `WRITER`, `READER`.                                                                                                                   | String              | true     |
+| connectionType               | Connection type to be used for secret generation (Can be set to BOUNCER if wanted and supported by engine configuration). Enumeration is `PRIMARY`, `BOUNCER`. Default value is `PRIMARY` | String              | false    |
+| database                     | [PostgresqlDatabase](./PostgresqlDatabase.md) object reference                                                                                                                            | [CRLink](#crlink)   | true     |
+| generatedSecretName          | Generated secret name used for secret generation.                                                                                                                                         | String              | true     |
+| extraConnectionUrlParameters | Extra connection url parameters that will be added into `POSTGRES_URL_ARGS` and `ARGS` fields in generated secret                                                                         | `map[string]string` | false    |
 
 ### PostgresqlUserRoleAttributes
 
@@ -96,6 +97,9 @@ spec:
         name: simple
       # Generated secret name with information for the selected database
       generatedSecretName: simple1
+      # Extra connection URL Parameters
+      extraConnectionUrlParameters: {}
+      #   param1: value1
   # Import secret that will contain "USERNAME" and "PASSWORD" for provided mode
   importSecretName: provided-simple
   # Role attributes
diff --git a/internal/controller/postgresql/postgresqluserrole_controller.go b/internal/controller/postgresql/postgresqluserrole_controller.go
@@ -561,8 +561,17 @@ func (r *PostgresqlUserRoleReconciler) newSecretForPGUser(
 		uc = pgec.Spec.UserConnections.BouncerConnection
 	}
 
+	// Compute uri args from main ones to user defined ones
+	uriArgList := []string{uc.URIArgs}
+	// Loop over user defined list
+	for k, v := range rolePrivilege.ExtraConnectionURLParameters {
+		uriArgList = append(uriArgList, fmt.Sprintf("%s=%s", k, v))
+	}
+	// Join
+	uriArgs := strings.Join(uriArgList, "&")
+
 	pgUserURL := postgres.TemplatePostgresqlURL(uc.Host, username, password, dbInstance.Status.Database, uc.Port)
-	pgUserURLWArgs := postgres.TemplatePostgresqlURLWithArgs(uc.Host, username, password, uc.URIArgs, dbInstance.Status.Database, uc.Port)
+	pgUserURLWArgs := postgres.TemplatePostgresqlURLWithArgs(uc.Host, username, password, uriArgs, dbInstance.Status.Database, uc.Port)
 
 	// Create secret data
 	data := map[string][]byte{
@@ -573,7 +582,7 @@ func (r *PostgresqlUserRoleReconciler) newSecretForPGUser(
 		SecretMainKeyDatabase:        []byte(dbInstance.Status.Database),
 		SecretMainKeyHost:            []byte(uc.Host),
 		SecretMainKeyPort:            []byte(strconv.Itoa(uc.Port)),
-		SecretMainKeyArgs:            []byte(uc.URIArgs),
+		SecretMainKeyArgs:            []byte(uriArgs),
 	}
 
 	// Manage replica connections
@@ -585,8 +594,17 @@ func (r *PostgresqlUserRoleReconciler) newSecretForPGUser(
 	}
 	// Loop over list to inject in data replica data
 	for i, ruc := range rucList {
+		// Compute uri args from main ones to user defined ones
+		uriArgList := []string{ruc.URIArgs}
+		// Loop over user defined list
+		for k, v := range rolePrivilege.ExtraConnectionURLParameters {
+			uriArgList = append(uriArgList, fmt.Sprintf("%s=%s", k, v))
+		}
+		// Join
+		uriArgs := strings.Join(uriArgList, "&")
+
 		replicaPGUserURL := postgres.TemplatePostgresqlURL(ruc.Host, username, password, dbInstance.Status.Database, ruc.Port)
-		replicaPGUserURLWArgs := postgres.TemplatePostgresqlURLWithArgs(ruc.Host, username, password, ruc.URIArgs, dbInstance.Status.Database, ruc.Port)
+		replicaPGUserURLWArgs := postgres.TemplatePostgresqlURLWithArgs(ruc.Host, username, password, uriArgs, dbInstance.Status.Database, ruc.Port)
 
 		// Build template
 		keyTemplate := SecretKeyReplicaPrefix + "_" + strconv.Itoa(i) + "_%s"
@@ -598,7 +616,7 @@ func (r *PostgresqlUserRoleReconciler) newSecretForPGUser(
 		data[fmt.Sprintf(keyTemplate, SecretMainKeyDatabase)] = []byte(dbInstance.Status.Database)
 		data[fmt.Sprintf(keyTemplate, SecretMainKeyHost)] = []byte(ruc.Host)
 		data[fmt.Sprintf(keyTemplate, SecretMainKeyPort)] = []byte(strconv.Itoa(ruc.Port))
-		data[fmt.Sprintf(keyTemplate, SecretMainKeyArgs)] = []byte(ruc.URIArgs)
+		data[fmt.Sprintf(keyTemplate, SecretMainKeyArgs)] = []byte(uriArgs)
 	}
 
 	labels := map[string]string{
diff --git a/internal/controller/postgresql/postgresqluserrole_controller_test.go b/internal/controller/postgresql/postgresqluserrole_controller_test.go
diff --git a/internal/controller/postgresql/suite_test.go b/internal/controller/postgresql/suite_test.go

Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,8 @@ type PostgresqlUserRolePrivilege struct {`
`56`	`56`	`// +kubebuilder:validation:Required`
`57`	`57`	`// +kubebuilder:validation:MinLength=1`
`58`	`58`	GeneratedSecretName string `json:"generatedSecretName"`
	`59`	`+ // Extra connection URL Parameters`
	`60`	+ ExtraConnectionURLParameters map[string]string `json:"extraConnectionUrlParameters,omitempty"`
`59`	`61`	`}`
`60`	`62`
`61`	`63`	`type PostgresqlUserRoleAttributes struct {`