[67117] Changes to connect to EDB using password (#1060)

* Retrieve Posgres password from secret

* Correct volume name used now

Signed-off-by: Abhishek Pandey <[email protected]>

* Enabling password authentication for Postgres during migration

Signed-off-by: Abhishek Pandey <[email protected]>

---------

Signed-off-by: Abhishek Pandey <[email protected]>

Author: abhishekp03

internal/controller/operator/containers.go

@@ -371,12 +371,8 @@ func buildAuthServiceContainer(instance *operatorv1alpha1.Authentication, authSe
 				MountPath: "/certs/saml-certs",
 			},
 			{
-				Name:      "pgsql-ca-cert",
-				MountPath: "/certs/pgsql-ca",
-			},
-			{
-				Name:      "pgsql-client-cert",
-				MountPath: "/certs/pgsql-client",
+				Name:      "pgsql-certs",
+				MountPath: "/certs/pgsql",
 			},
 			{
 				Name:      "pgsql-client-cred",
@@ -719,12 +715,8 @@ func buildIdentityProviderContainer(instance *operatorv1alpha1.Authentication, i
 				MountPath: "/certs/saml-certs",
 			},
 			{
-				Name:      "pgsql-ca-cert",
-				MountPath: "/certs/pgsql-ca",
-			},
-			{
-				Name:      "pgsql-client-cert",
-				MountPath: "/certs/pgsql-client",
+				Name:      "pgsql-certs",
+				MountPath: "/certs/pgsql",
 			},
 			{
 				Name:      "pgsql-client-cred",
@@ -1080,12 +1072,8 @@ func buildIdentityManagerContainer(instance *operatorv1alpha1.Authentication, id
 				MountPath: "/opt/ibm/identity-mgmt/config/scim-config",
 			},
 			{
-				Name:      "pgsql-ca-cert",
-				MountPath: "/certs/pgsql-ca",
-			},
-			{
-				Name:      "pgsql-client-cert",
-				MountPath: "/certs/pgsql-client",
+				Name:      "pgsql-certs",
+				MountPath: "/certs/pgsql",
 			},
 			{
 				Name:      "pgsql-client-cred",

internal/controller/operator/deployment.go

@@ -989,35 +989,10 @@ func buildIdpVolumes(ldapCACert string, routerCertSecret string) []corev1.Volume
 			},
 		},
 		{
-			Name: "pgsql-ca-cert",
+			Name: "pgsql-certs",
 			VolumeSource: corev1.VolumeSource{
 				Secret: &corev1.SecretVolumeSource{
-					SecretName: common.DatastoreEDBSecretName,
-					Items: []corev1.KeyToPath{
-						{
-							Key:  "ca.crt",
-							Path: "ca.crt",
-						},
-					},
-					DefaultMode: &partialAccess,
-				},
-			},
-		},
-		{
-			Name: "pgsql-client-cert",
-			VolumeSource: corev1.VolumeSource{
-				Secret: &corev1.SecretVolumeSource{
-					SecretName: common.DatastoreEDBSecretName,
-					Items: []corev1.KeyToPath{
-						{
-							Key:  "tls.crt",
-							Path: "tls.crt",
-						},
-						{
-							Key:  "tls.key",
-							Path: "tls.key",
-						},
-					},
+					SecretName:  common.DatastoreEDBSecretName,
 					DefaultMode: &partialAccess,
 				},
 			},

internal/controller/operator/migration.go

@@ -252,6 +252,20 @@ func (r *AuthenticationReconciler) getPostgresDB(ctx context.Context, req ctrl.R
 		return nil, err
 	}
 
+	if datastoreCertSecret.Data["DATABASE_PASSWORD"] != nil {
+		return dbconn.NewPostgresDB(
+			dbconn.Name(datastoreCertCM.Data["DATABASE_NAME"]),
+			dbconn.ID(req.Namespace),
+			dbconn.Port(datastoreCertCM.Data["DATABASE_PORT"]),
+			dbconn.User(datastoreCertCM.Data["DATABASE_USER"]),
+			dbconn.Password(string(datastoreCertSecret.Data["DATABASE_PASSWORD"])),
+			dbconn.Host(datastoreCertCM.Data["DATABASE_RW_ENDPOINT"]),
+			dbconn.Schemas("platformdb", "oauthdbschema", "metadata"),
+			dbconn.TLSConfig(
+				datastoreCertSecret.Data["ca.crt"],
+				datastoreCertSecret.Data["tls.crt"],
+				datastoreCertSecret.Data["tls.key"]))
+	}
 	return dbconn.NewPostgresDB(
 		dbconn.Name(datastoreCertCM.Data["DATABASE_NAME"]),
 		dbconn.ID(req.Namespace),

internal/database/connectors/dbconn.go

@@ -66,7 +66,12 @@ func NewPostgresDB(opts ...DBOption) (*PostgresDB, error) {
 }
 
 func (p *PostgresDB) Connect(ctx context.Context) (err error) {
-	dsn := fmt.Sprintf("host=%s user=%s dbname=%s port=%s sslmode=require", p.Host, p.User, p.Name, p.Port)
+	var dsn string
+	if len(p.Password) > 0 {
+		dsn = fmt.Sprintf("host=%s user=%s password=%s dbname=%s port=%s sslmode=require", p.Host, p.User, p.Password, p.Name, p.Port)
+	} else {
+		dsn = fmt.Sprintf("host=%s user=%s dbname=%s port=%s sslmode=require", p.Host, p.User, p.Name, p.Port)
+	}
 	var connConfig *pgx.ConnConfig
 	if connConfig, err = pgx.ParseConfig(dsn); err != nil {
 		return err