From ffdaee7e2d8eac20ac463ee086d86a20d050059f Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Mon, 26 Jul 2021 15:23:51 +0200 Subject: [PATCH 1/3] fix searching for users with namespace in name and improve e2e test --- e2e/tests/test_e2e.py | 29 ++++++++++------------------- pkg/cluster/sync.go | 3 +-- 2 files changed, 11 insertions(+), 21 deletions(-) diff --git a/e2e/tests/test_e2e.py b/e2e/tests/test_e2e.py index 5815af24d..9a1b96ed3 100644 --- a/e2e/tests/test_e2e.py +++ b/e2e/tests/test_e2e.py @@ -588,16 +588,11 @@ def verify_role(): raise @timeout_decorator.timeout(TEST_TIMEOUT_SEC) - def test_zz_cross_namespace_secrets(self): + def test_cross_namespace_secrets(self): ''' Test secrets in different namespace ''' - app_namespace = "appspace" - - v1_appnamespace = client.V1Namespace(metadata=client.V1ObjectMeta(name=app_namespace)) - self.k8s.api.core_v1.create_namespace(v1_appnamespace) - self.k8s.wait_for_namespace_creation(app_namespace) - + # enable secret creation in separate namespace patch_cross_namespace_secret = { "data": { "enable_cross_namespace_secret": "true" @@ -605,30 +600,26 @@ def test_zz_cross_namespace_secrets(self): } self.k8s.update_config(patch_cross_namespace_secret, step="cross namespace secrets enabled") + self.eventuallyEqual(lambda: k8s.get_operator_state(), {"0": "idle"}, + "Operator does not get in sync") + # create secret in test namespace self.k8s.api.custom_objects_api.patch_namespaced_custom_object( 'acid.zalan.do', 'v1', 'default', 'postgresqls', 'acid-minimal-cluster', { 'spec': { 'users':{ - 'appspace.db_user': [], + 'test.db_user': [], } } }) - - self.eventuallyEqual(lambda: self.k8s.count_secrets_with_label("cluster-name=acid-minimal-cluster,application=spilo", app_namespace), + + self.eventuallyEqual(lambda: k8s.get_operator_state(), {"0": "idle"}, + "Operator does not get in sync") + self.eventuallyEqual(lambda: self.k8s.count_secrets_with_label("cluster-name=acid-minimal-cluster,application=spilo", self.test_namespace), 1, "Secret not created for user in namespace") - #reset the flag - unpatch_cross_namespace_secret = { - "data": { - "enable_cross_namespace_secret": "false", - } - } - self.k8s.update_config(unpatch_cross_namespace_secret, step="disable cross namespace secrets") - - @timeout_decorator.timeout(TEST_TIMEOUT_SEC) def test_lazy_spilo_upgrade(self): ''' diff --git a/pkg/cluster/sync.go b/pkg/cluster/sync.go index 53552f558..78bb9c013 100644 --- a/pkg/cluster/sync.go +++ b/pkg/cluster/sync.go @@ -386,7 +386,6 @@ func (c *Cluster) syncStatefulSet() error { return fmt.Errorf("could not set cluster-wide PostgreSQL configuration options: %v", err) } - if instancesRestartRequired { c.logger.Debugln("restarting Postgres server within pods") c.eventRecorder.Event(c.GetReference(), v1.EventTypeNormal, "Update", "restarting Postgres server within pods") @@ -626,7 +625,7 @@ func (c *Cluster) syncRoles() (err error) { if u.Namespace != c.Namespace && u.Namespace != "" { // to avoid the conflict of having multiple users of same name // but each in different namespace. - pgRole = fmt.Sprintf("%s.%s", u.Name, u.Namespace) + pgRole = fmt.Sprintf("%s.%s", u.Namespace, u.Name) } userNames = append(userNames, pgRole) // add team member role name with rename suffix in case we need to rename it back From e31885832a08ce556162a721b3bdb34abcf57ddc Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Mon, 26 Jul 2021 15:41:45 +0200 Subject: [PATCH 2/3] define k8s --- e2e/tests/test_e2e.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/e2e/tests/test_e2e.py b/e2e/tests/test_e2e.py index 9a1b96ed3..9e7df1aa2 100644 --- a/e2e/tests/test_e2e.py +++ b/e2e/tests/test_e2e.py @@ -592,6 +592,8 @@ def test_cross_namespace_secrets(self): ''' Test secrets in different namespace ''' + k8s = self.k8s + # enable secret creation in separate namespace patch_cross_namespace_secret = { "data": { From f736d22c61add7330b2953d3552bfc9d36d069c1 Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Mon, 26 Jul 2021 18:15:34 +0200 Subject: [PATCH 3/3] reomve reformatting username to query --- pkg/cluster/sync.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/pkg/cluster/sync.go b/pkg/cluster/sync.go index 78bb9c013..85d87b35a 100644 --- a/pkg/cluster/sync.go +++ b/pkg/cluster/sync.go @@ -622,11 +622,6 @@ func (c *Cluster) syncRoles() (err error) { // create list of database roles to query for _, u := range c.pgUsers { pgRole := u.Name - if u.Namespace != c.Namespace && u.Namespace != "" { - // to avoid the conflict of having multiple users of same name - // but each in different namespace. - pgRole = fmt.Sprintf("%s.%s", u.Namespace, u.Name) - } userNames = append(userNames, pgRole) // add team member role name with rename suffix in case we need to rename it back if u.Origin == spec.RoleOriginTeamsAPI && c.OpConfig.EnableTeamMemberDeprecation {