-
Notifications
You must be signed in to change notification settings - Fork 576
/
common.go
148 lines (117 loc) · 4.36 KB
/
common.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
package v1
/*
Copyright 2017 - 2020 Crunchy Data Solutions, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
import (
"strconv"
"strings"
log "github.com/sirupsen/logrus"
)
// RootSecretSuffix ...
const RootSecretSuffix = "-postgres-secret"
// UserSecretSuffix ...
const UserSecretSuffix = "-secret"
// PrimarySecretSuffix ...
const PrimarySecretSuffix = "-primaryuser-secret"
// ExporterSecretSuffix ...
const ExporterSecretSuffix = "-exporter-secret"
// StorageExisting ...
const StorageExisting = "existing"
// StorageCreate ...
const StorageCreate = "create"
// StorageEmptydir ...
const StorageEmptydir = "emptydir"
// StorageDynamic ...
const StorageDynamic = "dynamic"
// the following are standard PostgreSQL user service accounts that are created
// as part of managed the PostgreSQL cluster environment via the Operator
const (
// PGUserAdmin is a special user that can perform administrative actions
// without being a superuser itself
PGUserAdmin = "crunchyadm"
// PGUserMonitor is the monitoring user that can access metric data
PGUserMonitor = "ccp_monitoring"
// PGUserPgBouncer is the user that's used for managing pgBouncer, which a
// user can use to access pgBouncer stats, etc.
PGUserPgBouncer = "pgbouncer"
// PGUserReplication is the user that's used for replication, which has
// elevated privileges
PGUserReplication = "primaryuser"
// PGUserSuperuser is the superuser account that can do anything
PGUserSuperuser = "postgres"
)
// PGFSGroup stores the UID of the PostgreSQL user that runs the PostgreSQL
// process, which is 26. This also sets up for future work, as the
// PodSecurityContext structure takes a *int64 for its FSGroup
//
// This has to be a "var" as Kubernetes requires for this to be a pointer
var PGFSGroup int64 = 26
// PGUserSystemAccounts maintains an easy-to-access list of what the systems
// accounts are, which may affect how information is returned, etc.
var PGUserSystemAccounts = map[string]struct{}{
PGUserAdmin: {},
PGUserMonitor: {},
PGUserPgBouncer: {},
PGUserReplication: {},
PGUserSuperuser: {},
}
// PgStorageSpec ...
// swagger:ignore
type PgStorageSpec struct {
Name string `json:"name"`
StorageClass string `json:"storageclass"`
AccessMode string `json:"accessmode"`
Size string `json:"size"`
StorageType string `json:"storagetype"`
SupplementalGroups string `json:"supplementalgroups"`
MatchLabels string `json:"matchLabels"`
}
// GetSupplementalGroups converts the comma-separated list of SupplementalGroups
// into a slice of int64 IDs. If it errors, it returns an empty slice and logs
// a warning
func (s PgStorageSpec) GetSupplementalGroups() []int64 {
supplementalGroups := []int64{}
// split the supplemental group list
results := strings.Split(s.SupplementalGroups, ",")
// iterate through the results and try to append to the supplementalGroups
// array
for _, result := range results {
result = strings.TrimSpace(result)
// if the result is the empty string (likely because there are no
// supplemental groups), continue on
if result == "" {
continue
}
supplementalGroup, err := strconv.Atoi(result)
// if there is an error, only warn about it and continue through the loop
if err != nil {
log.Warnf("malformed storage supplemental group: %v", err)
continue
}
// convert the int to an int64 to match the Kubernetes spec, and append to
// the supplementalGroups slice
supplementalGroups = append(supplementalGroups, int64(supplementalGroup))
}
return supplementalGroups
}
// CompletedStatus -
const CompletedStatus = "completed"
// InProgressStatus -
const InProgressStatus = "in progress"
// SubmittedStatus -
const SubmittedStatus = "submitted"
// JobCompletedStatus ....
const JobCompletedStatus = "job completed"
// JobSubmittedStatus ....
const JobSubmittedStatus = "job submitted"
// JobErrorStatus ....
const JobErrorStatus = "job error"