Merge pull request #51 from cybertec-postgresql/user_fix

Create user when adding monitoring container

Author: Schmaetz

pkg/cluster/cluster.go

@@ -354,7 +354,6 @@ func (c *Cluster) Create() (err error) {
 		c.logger.Info("a TDE secret was successfully created")
 	}
 	if c.Postgresql.Spec.Monitoring != nil {
-		c.logger.Infof("Spec.Users are %s", c.Spec.Users)
 		if err := c.createMonitoringSecret(); err != nil {
 			return fmt.Errorf("could not create the monitoring secret: %v", err)
 		}
@@ -947,14 +946,16 @@ func (c *Cluster) Update(oldSpec, newSpec *cpov1.Postgresql) error {
 	}
 	//Add monitoring user if required
 	if newSpec.Spec.Monitoring != nil {
-		flg := cpov1.UserFlags{constants.RoleFlagLogin}
-		if newSpec.Spec.Users != nil {
-			newSpec.Spec.Users[monitorUsername] = flg
-		} else {
-			users := make(map[string]cpov1.UserFlags)
-			newSpec.Spec.Users = users
-			newSpec.Spec.Users[monitorUsername] = flg
+		flags := []string{constants.RoleFlagLogin}
+		monitorUser := map[string]spec.PgUser{
+			monitorUsername: {
+				Origin:    spec.RoleOriginInfrastructure,
+				Name:      monitorUsername,
+				Namespace: c.Namespace,
+				Flags:     flags,
+			},
 		}
+		c.pgUsers[monitorUsername] = monitorUser[monitorUsername]
 	}
 	//Check if monitoring user is added in manifest
 	if _, ok := newSpec.Spec.Users["cpo-exporter"]; ok {
@@ -1013,7 +1014,9 @@ func (c *Cluster) Update(oldSpec, newSpec *cpov1.Postgresql) error {
 	}
 
 	//sync sts when there is a change in the pgbackrest secret, since we need to mount this
-	if !reflect.DeepEqual(oldSpec.Spec.Backup.Pgbackrest.Configuration, newSpec.Spec.Backup.Pgbackrest.Configuration) {
+	if newSpec.Spec.Backup != nil && oldSpec.Spec.Backup != nil &&
+		newSpec.Spec.Backup.Pgbackrest != nil && oldSpec.Spec.Backup.Pgbackrest != nil &&
+		!reflect.DeepEqual(oldSpec.Spec.Backup.Pgbackrest.Configuration, newSpec.Spec.Backup.Pgbackrest.Configuration) {
 		syncStatefulSet = true
 	}
 

pkg/cluster/resources.go

@@ -15,6 +15,7 @@ import (
 
 	cpov1 "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/apis/cpo.opensource.cybertec.at/v1"
 	"github.com/cybertec-postgresql/cybertec-pg-operator/pkg/util"
+	"github.com/cybertec-postgresql/cybertec-pg-operator/pkg/util/constants"
 	"github.com/cybertec-postgresql/cybertec-pg-operator/pkg/util/k8sutil"
 	"github.com/cybertec-postgresql/cybertec-pg-operator/pkg/util/retryutil"
 )
@@ -94,6 +95,16 @@ func (c *Cluster) createStatefulSet() (*appsv1.StatefulSet, error) {
 			Env: c.generateMonitoringEnvVars(),
 		}
 		c.Spec.Sidecars = append(c.Spec.Sidecars, *sidecar) //populate the sidecar spec so that the sidecar is automatically created
+
+		//Add monitoring user
+		flg := cpov1.UserFlags{constants.RoleFlagLogin}
+		if c.Spec.Users != nil {
+			c.Spec.Users[monitorUsername] = flg
+		} else {
+			users := make(map[string]cpov1.UserFlags)
+			c.Spec.Users = users
+			c.Spec.Users[monitorUsername] = flg
+		}
 	}
 
 	statefulSetSpec, err := c.generateStatefulSet(&c.Spec)

pkg/cluster/sync.go

@@ -192,6 +192,11 @@ func (c *Cluster) Sync(newSpec *cpov1.Postgresql) error {
 		return fmt.Errorf("error refreshing restore configmap: %v", err)
 	}
 
+	// sync monitoring
+	if err = c.syncMonitoringSecret(&oldSpec, newSpec); err != nil {
+		return fmt.Errorf("could not sync monitoring: %v", err)
+	}
+
 	if err = c.initUsers(); err != nil {
 		err = fmt.Errorf("could not init users: %v", err)
 		return err
@@ -282,11 +287,6 @@ func (c *Cluster) Sync(newSpec *cpov1.Postgresql) error {
 		return fmt.Errorf("could not sync connection pooler: %v", err)
 	}
 
-	// sync monitoring
-	if err = c.syncMonitoringSecret(&oldSpec, newSpec); err != nil {
-		return fmt.Errorf("could not sync monitoring: %v", err)
-	}
-
 	if len(c.Spec.Streams) > 0 {
 		c.logger.Debug("syncing streams")
 		if err = c.syncStreams(); err != nil {
@@ -1266,6 +1266,9 @@ DBUSERS:
 				continue DBUSERS
 			}
 		}
+		if dbUser.Name == monitorUsername && dbUser.Deleted {
+			delete(dbUsers, dbUser.Name)
+		}
 
 		// update pgUsers where a deleted role was found
 		// so that they are skipped in ProduceSyncRequests
@@ -1693,7 +1696,7 @@ func (c *Cluster) createMonitoringSecret() error {
 		},
 		Type: v1.SecretTypeOpaque,
 		Data: map[string][]byte{
-			"username": []byte(c.getMonitoringSecretName()),
+			"username": []byte(monitorUsername),
 			"password": []byte(fmt.Sprintf("%x", generatedKey)),
 		},
 	}
@@ -1734,8 +1737,6 @@ func (c *Cluster) deleteMonitoringSecret() (err error) {
 // 1. Update sts to in/exclude the exporter contianer
 // 2. Add/Delete the respective user
 // 3. Add/Delete the respective secret
-// Point 1 and 2 are taken care in Update func, so we only need to take care
-// Point 3 here.
 func (c *Cluster) syncMonitoringSecret(oldSpec, newSpec *cpov1.Postgresql) error {
 	c.logger.Info("syncing Monitoring secret")
 	c.setProcessName("syncing Monitoring secret")
@@ -1744,12 +1745,28 @@ func (c *Cluster) syncMonitoringSecret(oldSpec, newSpec *cpov1.Postgresql) error
 		// Create monitoring secret
 		if err := c.createMonitoringSecret(); err != nil {
 			return fmt.Errorf("could not create the monitoring secret: %v", err)
+		} else {
+			flags := []string{constants.RoleFlagLogin}
+			monitorUser := map[string]spec.PgUser{
+				monitorUsername: {
+					Origin:    spec.RoleOriginInfrastructure,
+					Name:      monitorUsername,
+					Namespace: c.Namespace,
+					Flags:     flags,
+				},
+			}
+			c.pgUsers[monitorUsername] = monitorUser[monitorUsername]
 		}
 		c.logger.Info("monitoring secret was successfully created")
 	} else if newSpec.Spec.Monitoring == nil && oldSpec.Spec.Monitoring != nil {
 		// Delete the monitoring secret
 		if err := c.deleteMonitoringSecret(); err != nil {
 			return fmt.Errorf("could not delete the monitoring secret: %v", err)
+		} else {
+			// Delete the monitoring user
+			monitorUser := c.pgUsers[monitorUsername]
+			monitorUser.Deleted = true
+			c.pgUsers[monitorUsername] = monitorUser
 		}
 		c.logger.Info("monitoring secret was successfully deleted")
 	}