-
Notifications
You must be signed in to change notification settings - Fork 944
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New secret syncing #385
New secret syncing #385
Conversation
Since now it's done before through the plan
pkg/cluster/actions.go
Outdated
|
||
type MetaData struct { | ||
cluster *Cluster | ||
namespace string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
namespace
is unused
|
||
var NoActions []Action = []Action{} | ||
|
||
type MetaData struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably "ActionMetaData" reads better?
pkg/controller/postgresql.go
Outdated
|
||
if hasNewName { | ||
return util.NameFromMeta(event.NewSpec.ObjectMeta) | ||
} else { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this else
really needed ? just leave the 2nd return on its own.
|
||
type Action interface { | ||
Name() string | ||
Validate() error |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so the intention is to validate before applying but it is up to the interface user to make so ?
|
||
// if this secret belongs to the infrastructure role and the password has | ||
// changed - replace it in the secret | ||
updateSecret := (user.Password != string(action.secret.Data["password"]) && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mustUpdateInfraRoleSecret
?
msg = "Could not update infrastructure role secret for role %q: %v" | ||
return fmt.Errorf(msg, action.secretUsername, err) | ||
} | ||
} else { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's a bit confusing in a sense that if in one branch I see secret update, in the other branch I excpect to see logic describing what happens if a secret is not updated, and not the udpate of a secret of another type
pkg/cluster/cluster.go
Outdated
@@ -200,6 +200,45 @@ func (c *Cluster) initUsers() error { | |||
return nil | |||
} | |||
|
|||
func CreateSecrets() []Action { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that deserves a comment because I'd expect this function to return sth secret-related and not simply nil
pkg/cluster/cluster.go
Outdated
} | ||
|
||
// TODO: mind the secrets of the deleted/new users | ||
func (c *Cluster) PlanForSecrets() (plan []Action) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it is worth commenting here what a plan actually means (sequence of actions i assume? ) It is not immediately obvious for a person w/o operator and DB background
@erthalion can you please add an overview of the idea so that other people can easier join reviewing ? |
Add user initialization since it's required for secrets
pkg/cluster/actions.go
Outdated
|
||
type MetaData struct { | ||
cluster *Cluster | ||
namespace string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
namespace
is unused
So, @zerg-junior @alexeyklyukin what do you think about this feature? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- during debugging is there a way to see a generated plan without applying it first ?
- this change needs some overview documentation to ensure we are all on the same page
} | ||
|
||
func (c *Controller) validatePlan(plan cluster.Plan) (err error) { | ||
for _, action := range plan { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'd prefer to have all actions validates first and reported to the end user at once, to avoid re-running the validation just to discover an error after an error .
// build plan | ||
actions := c.generatePlan(event) | ||
if err := c.validatePlan(actions); err != nil { | ||
c.logger.Errorf("Invalid plan: %v", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so we nevertheless apply the erroneous plan ?
} | ||
|
||
func (action ActionSecret) Validate() error { | ||
if action.secret.Data["username"] == nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do all the secrets handled by the operator always have the username
field ?
@erthalion you might want to answer those questions above? |
pkg/controller/postgresql_test.go
Outdated
False = false | ||
True = true | ||
False = false | ||
logger = logrus.New().WithField("test", "cluster") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
logger
is unused (from deadcode
)
pkg/controller/postgresql_test.go
Outdated
) | ||
|
||
const ( | ||
superUserName = "postgres" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
superUserName
is unused (from deadcode
)
pkg/controller/postgresql_test.go
Outdated
|
||
const ( | ||
superUserName = "postgres" | ||
replicationUserName = "standby" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
replicationUserName
is unused (from deadcode
)
@erthalion @Jan-M what is our position on this change ? do we continue ? |
Of course we need to continue. |
closed for now due to the lack of activity |
First implementation of idea to make the operator more transparent.