feat: wip

Author: oxyno-zeta

.mise.toml

@@ -1,7 +1,7 @@
 #:schema https://mise.jdx.dev/schema/mise.json
 
 [tools]
-go = '1.25.5'
+go = '1.25.6'
 golangci-lint = "2.7.2"
 "aqua:operator-framework/operator-sdk" = "1.42.0"
 "aqua:kubernetes-sigs/kind" = "0.31.0"

api/postgresql/v1alpha1/postgresqlbackup_types.go

@@ -57,8 +57,6 @@ type PostgresqlBackupStatus struct {
 	// True if all resources are in a ready state and all work is done.
 	// +optional
 	Ready bool `json:"ready,omitempty"`
-	// Resource Spec hash
-	Hash string `json:"hash,omitempty"`
 	// BackupProvider spec hash
 	ProviderHash string `json:"providerHash,omitempty"`
 }

api/postgresql/v1alpha1/postgresqlbackupprovider_types.go

@@ -47,9 +47,10 @@ type PostgresqlBackupProviderSpec struct {
 	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
 	// +optional
 	Annotations map[string]string `json:"annotations,omitempty"`
-	// Generated Secret name used to populate pg_dump information
+	// Generated Secret name prefix used to populate pg_dump information
+	// Must be limited to 20 characters
 	// +optional
-	GeneratedSecretName string `json:"generatedSecretName,omitempty"`
+	GeneratedSecretNamePrefix string `json:"generatedSecretNamePrefix,omitempty"`
 	// Wait for linked resource to be deleted
 	// +optional
 	WaitLinkedResourcesDeletion bool `json:"waitLinkedResourcesDeletion,omitempty"`
@@ -74,7 +75,7 @@ type PostgresqlBackupProviderStatus struct {
 	// +optional
 	Ready bool `json:"ready,omitempty"`
 	// Generated secret name
-	GeneratedSecretName string `json:"generatedSecretName,omitempty"`
+	GeneratedSecretNamePrefix string `json:"generatedSecretNamePrefix,omitempty"`
 	// Cron job name
 	CronJobName string `json:"cronJobName,omitempty"`
 }

config/crd/bases/postgresql.easymile.com_postgresqlbackups.yaml

@@ -74,9 +74,6 @@ spec:
           status:
             description: PostgresqlBackupStatus defines the observed state of PostgresqlBackup.
             properties:
-              hash:
-                description: Resource Spec hash
-                type: string
               message:
                 description: Human-readable message indicating details about current
                   operator phase or error.

internal/controller/postgresql/postgresqlbackup_controller.go

@@ -19,16 +19,21 @@ package postgresql
 import (
 	"context"
 	"reflect"
+	"strconv"
+	"strings"
 	"time"
 
 	"github.com/go-logr/logr"
 	"github.com/prometheus/client_golang/prometheus"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/tools/record"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	ctrl "sigs.k8s.io/controller-runtime"
 
 	postgresqlv1alpha1 "github.com/easymile/postgresql-operator/api/postgresql/v1alpha1"
@@ -47,6 +52,15 @@ type PostgresqlBackupReconciler struct {
 	ReconcileTimeout                    time.Duration
 }
 
+const (
+	pgDumpEnvHost     = "PGHOST"
+	pgDumpEnvPort     = "PGPORT"
+	pgDumpEnvUser     = "PGUSER"
+	pgDumpEnvPassword = "PGPASSWORD"
+	pgDumpEnvDatabase = "PGDATABASE"
+	pgDumpEnvSSLMode  = "PGSSLMODE"
+)
+
 // +kubebuilder:rbac:groups=postgresql.easymile.com,resources=postgresqlbackups,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=postgresql.easymile.com,resources=postgresqlbackups/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=postgresql.easymile.com,resources=postgresqlbackups/finalizers,verbs=update
@@ -158,13 +172,27 @@ func (r *PostgresqlBackupReconciler) mainReconcile(
 	if err != nil {
 		return r.manageError(ctx, reqLogger, instance, originalPatch, err)
 	}
+	// Check that postgres database is ready before continue but only if it is the first time
+	// If not, requeue event
+	if !database.Status.Ready {
+		reqLogger.Info("PostgresqlDatabase not ready, waiting for it")
+		r.Recorder.Event(instance, "Warning", "Processing", "Processing stopped because PostgresqlDatabase isn't ready. Waiting for it.")
+
+		return ctrl.Result{}, nil
+	}
 
 	// Find pgec
 	pgec, err := utils.FindPgEngineCfg(ctx, r.Client, database)
 	// Check error
 	if err != nil {
 		return r.manageError(ctx, reqLogger, instance, originalPatch, err)
 	}
+	if !pgec.Status.Ready {
+		reqLogger.Info("PostgresqlEngineConfiguration not ready, waiting for it")
+		r.Recorder.Event(instance, "Warning", "Processing", "Processing stopped because PostgresqlEngineConfiguration isn't ready. Waiting for it.")
+
+		return ctrl.Result{}, nil
+	}
 
 	// Find pgec secret
 	pgecSecret, err := utils.FindSecretPgEngineCfg(ctx, r.Client, pgec)
@@ -180,12 +208,125 @@ func (r *PostgresqlBackupReconciler) mainReconcile(
 		return r.manageError(ctx, reqLogger, instance, originalPatch, err)
 	}
 
-	// Compute spec hash
+	_, err = r.manageSecret(ctx, instance, database, pgec, pgecSecret, backupProvider)
+	if err != nil {
+		return r.manageError(ctx, reqLogger, instance, originalPatch, err)
+	}
+
+	// Manage cronjob part
 
 	// Success
 	return r.manageSuccess(ctx, reqLogger, instance, originalPatch)
 }
 
+func (r *PostgresqlBackupReconciler) manageSecret(
+	ctx context.Context,
+	instance *postgresqlv1alpha1.PostgresqlBackup,
+	database *postgresqlv1alpha1.PostgresqlDatabase,
+	pgec *postgresqlv1alpha1.PostgresqlEngineConfiguration,
+	pgecSecret *corev1.Secret,
+	backupProvider *postgresqlv1alpha1.PostgresqlBackupProvider,
+) (string, error) {
+	// TODO Add a random string to secret
+	secretName := backupProvider.Spec.GeneratedSecretNamePrefix
+	if secretName == "" {
+		return "", errors.NewBadRequest("backup provider generated secret name is empty")
+	}
+
+	user := string(pgecSecret.Data[pgecSecretUserKey])
+	password := string(pgecSecret.Data[pgecSecretPassKey])
+	if user == "" || password == "" {
+		return "", errors.NewBadRequest("engine configuration secret must contain \"user\" and \"password\" values")
+	}
+
+	databaseName := database.Status.Database
+	if databaseName == "" {
+		return "", errors.NewBadRequest("database name is empty")
+	}
+
+	host := pgec.Spec.Host
+	port := pgec.Spec.Port
+	uriArgs := pgec.Spec.URIArgs
+
+	data := map[string][]byte{
+		pgDumpEnvHost:     []byte(host),
+		pgDumpEnvPort:     []byte(strconv.Itoa(port)),
+		pgDumpEnvUser:     []byte(user),
+		pgDumpEnvPassword: []byte(password),
+		pgDumpEnvDatabase: []byte(databaseName),
+	}
+
+	if uriArgs != "" {
+		for _, part := range strings.Split(uriArgs, "&") {
+			if part == "" {
+				continue
+			}
+			keyValue := strings.SplitN(part, "=", 2)
+			if len(keyValue) == 2 && keyValue[0] == "sslmode" && keyValue[1] != "" {
+				data[pgDumpEnvSSLMode] = []byte(keyValue[1])
+
+				break
+			}
+		}
+	}
+
+	// Create secret structure
+	secret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        secretName,
+			Namespace:   instance.Namespace,
+			Labels:      backupProvider.Spec.Labels,
+			Annotations: backupProvider.Spec.Annotations,
+		},
+		Type: corev1.SecretTypeOpaque,
+		Data: data,
+	}
+
+	// Add controller reference
+	err := controllerutil.SetControllerReference(instance, secret, r.Scheme)
+	if err != nil {
+		return "", err
+	}
+
+	// Try to find it in kubernetes
+	found := &corev1.Secret{}
+	err = r.Get(
+		ctx,
+		types.NamespacedName{
+			Name:      secret.Name,
+			Namespace: secret.Namespace,
+		},
+		found,
+	)
+	// Check if error is present and it isn't a not found error
+	if err != nil && !errors.IsNotFound(err) {
+		return "", err
+	}
+
+	// Check if error is present and if it is a not found error
+	if err != nil && errors.IsNotFound(err) {
+		// Create secret
+		return secretName, r.Create(ctx, secret)
+	}
+
+	// Update case
+
+	// Check if update is needed
+	if !reflect.DeepEqual(found.Data, secret.Data) ||
+		!reflect.DeepEqual(found.Labels, secret.Labels) ||
+		!reflect.DeepEqual(found.Annotations, secret.Annotations) {
+		found.Data = secret.Data
+		found.Labels = secret.Labels
+		found.Annotations = secret.Annotations
+
+		// Update
+		return secretName, r.Update(ctx, found)
+	}
+
+	// Nothing to update or patch
+	return secretName, nil
+}
+
 func (r *PostgresqlBackupReconciler) updateInstance(
 	ctx context.Context,
 	instance *postgresqlv1alpha1.PostgresqlBackup,

internal/controller/postgresql/postgresqlbackupprovider_controller.go

@@ -48,6 +48,8 @@ type PostgresqlBackupProviderReconciler struct {
 	ReconcileTimeout                    time.Duration
 }
 
+const MaxGeneratedSecretNamePrefixLength = 20
+
 // +kubebuilder:rbac:groups=postgresql.easymile.com,resources=postgresqlbackupproviders,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=postgresql.easymile.com,resources=postgresqlbackupproviders/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=postgresql.easymile.com,resources=postgresqlbackupproviders/finalizers,verbs=update
@@ -156,6 +158,8 @@ func (r *PostgresqlBackupProviderReconciler) mainReconcile(
 		return ctrl.Result{}, nil
 	}
 
+	// TODO Validate instance
+
 	// Success
 	return r.manageSuccess(ctx, reqLogger, instance, originalPatch)
 }
@@ -171,9 +175,9 @@ func (r *PostgresqlBackupProviderReconciler) updateInstance(
 	controllerutil.AddFinalizer(instance, config.Finalizer)
 
 	// Check if generated secret name is set
-	if instance.Spec.GeneratedSecretName == "" {
-		instance.Spec.GeneratedSecretName = strings.ToLower(
-			utils.GetRandomString(DefaultWorkGeneratedSecretNameRandomLength),
+	if instance.Spec.GeneratedSecretNamePrefix == "" {
+		instance.Spec.GeneratedSecretNamePrefix = strings.ToLower(
+			utils.GetRandomString(MaxGeneratedSecretNamePrefixLength),
 		)
 	}
 

internal/controller/postgresql/postgresqlengineconfiguration_controller.go

@@ -41,6 +41,8 @@ import (
 const (
 	DefaultPGPort      = 5432
 	DefaultBouncerPort = 6432
+	pgecSecretUserKey  = "user"
+	pgecSecretPassKey  = "password"
 )
 
 // PostgresqlEngineConfigurationReconciler reconciles a PostgresqlEngineConfiguration object.
@@ -247,8 +249,8 @@ func (r *PostgresqlEngineConfigurationReconciler) mainReconcile(
 
 	// Got secret
 	// Check that secret is valid
-	user := string(secret.Data["user"])
-	password := string(secret.Data["password"])
+	user := string(secret.Data[pgecSecretUserKey])
+	password := string(secret.Data[pgecSecretPassKey])
 
 	if user == "" || password == "" {
 		return r.manageError(