New secret syncing #385
New secret syncing #385
Conversation
Since now it's done before through the plan
erthalion
requested review from
alexeyklyukin,
avaczi,
CyberDem0n,
Jan-M and
sdudoladov
as code owners
pkg/cluster/actions.go
Outdated
|
|
||
| type MetaData struct { | ||
| cluster *Cluster | ||
| namespace string |
|
|
||
| var NoActions []Action = []Action{} | ||
|
|
||
| type MetaData struct { |
There was a problem hiding this comment.
probably "ActionMetaData" reads better?
pkg/controller/postgresql.go
Outdated
|
|
||
| if hasNewName { | ||
| return util.NameFromMeta(event.NewSpec.ObjectMeta) | ||
| } else { |
There was a problem hiding this comment.
is this else really needed ? just leave the 2nd return on its own.
|
|
||
| type Action interface { | ||
| Name() string | ||
| Validate() error |
There was a problem hiding this comment.
so the intention is to validate before applying but it is up to the interface user to make so ?
|
|
||
| // if this secret belongs to the infrastructure role and the password has | ||
| // changed - replace it in the secret | ||
| updateSecret := (user.Password != string(action.secret.Data["password"]) && |
| msg = "Could not update infrastructure role secret for role %q: %v" | ||
| return fmt.Errorf(msg, action.secretUsername, err) | ||
| } | ||
| } else { |
There was a problem hiding this comment.
that's a bit confusing in a sense that if in one branch I see secret update, in the other branch I excpect to see logic describing what happens if a secret is not updated, and not the udpate of a secret of another type
pkg/cluster/cluster.go
Outdated
| @@ -200,6 +200,45 @@ func (c *Cluster) initUsers() error { | |||
| return nil | |||
| } | |||
|
|
|||
| func CreateSecrets() []Action { | |||
There was a problem hiding this comment.
that deserves a comment because I'd expect this function to return sth secret-related and not simply nil
pkg/cluster/cluster.go
Outdated
| } | ||
|
|
||
| // TODO: mind the secrets of the deleted/new users | ||
| func (c *Cluster) PlanForSecrets() (plan []Action) { |
There was a problem hiding this comment.
it is worth commenting here what a plan actually means (sequence of actions i assume? ) It is not immediately obvious for a person w/o operator and DB background
|
@erthalion can you please add an overview of the idea so that other people can easier join reviewing ? |
Add user initialization since it's required for secrets
pkg/cluster/actions.go
Outdated
|
|
||
| type MetaData struct { | ||
| cluster *Cluster | ||
| namespace string |
|
So, @zerg-junior @alexeyklyukin what do you think about this feature? |
| } | ||
|
|
||
| func (c *Controller) validatePlan(plan cluster.Plan) (err error) { | ||
| for _, action := range plan { |
There was a problem hiding this comment.
i'd prefer to have all actions validates first and reported to the end user at once, to avoid re-running the validation just to discover an error after an error .
| // build plan | ||
| actions := c.generatePlan(event) | ||
| if err := c.validatePlan(actions); err != nil { | ||
| c.logger.Errorf("Invalid plan: %v", err) |
There was a problem hiding this comment.
so we nevertheless apply the erroneous plan ?
| } | ||
|
|
||
| func (action ActionSecret) Validate() error { | ||
| if action.secret.Data["username"] == nil { |
There was a problem hiding this comment.
do all the secrets handled by the operator always have the username field ?
|
@erthalion you might want to answer those questions above? |
pkg/controller/postgresql_test.go
Outdated
| False = false | ||
| True = true | ||
| False = false | ||
| logger = logrus.New().WithField("test", "cluster") |
pkg/controller/postgresql_test.go
Outdated
| ) | ||
|
|
||
| const ( | ||
| superUserName = "postgres" |
There was a problem hiding this comment.
superUserName is unused (from deadcode)
pkg/controller/postgresql_test.go
Outdated
|
|
||
| const ( | ||
| superUserName = "postgres" | ||
| replicationUserName = "standby" |
There was a problem hiding this comment.
replicationUserName is unused (from deadcode)
|
@erthalion @Jan-M what is our position on this change ? do we continue ? |
|
Of course we need to continue. |
|
closed for now due to the lack of activity |
First implementation of idea to make the operator more transparent.