-
Notifications
You must be signed in to change notification settings - Fork 482
/
adapt.go
119 lines (108 loc) · 2.87 KB
/
adapt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package user
import (
"github.com/caos/orbos/mntr"
"github.com/caos/orbos/pkg/kubernetes"
"github.com/caos/orbos/pkg/labels"
"github.com/caos/orbos/pkg/secret"
"github.com/caos/orbos/pkg/secret/read"
"github.com/zitadel/zitadel/operator"
"github.com/zitadel/zitadel/operator/database/kinds/databases/managed/user/dbuser"
"github.com/zitadel/zitadel/operator/database/kinds/databases/managed/user/node"
"github.com/zitadel/zitadel/pkg/databases/certs/client"
"github.com/zitadel/zitadel/pkg/databases/db"
)
const (
execDBPod = "cockroachdb-0"
execDBContainer = "cockroachdb"
rootUserName = "root"
)
func AdaptFunc(
monitor mntr.Monitor,
namespace string,
componentLabels *labels.Component,
clusterDns string,
generateNodeIfNotExists bool,
userName string,
dbPasswd *secret.Secret,
dbPasswdExisting *secret.Existing,
pwSecretLabels *labels.Selectable,
pwSecretKey string,
containerCertsDir string,
nodeSecret string,
dbConn db.Connection,
) (
operator.QueryFunc,
operator.DestroyFunc,
operator.QueryFunc,
operator.DestroyFunc,
error,
) {
cMonitor := monitor.WithField("type", "users")
queryNode, destroyNode, err := node.AdaptFunc(
cMonitor,
namespace,
labels.MustForName(componentLabels, nodeSecret),
clusterDns,
generateNodeIfNotExists,
)
if err != nil {
return nil, nil, nil, nil, err
}
queryDBUser, destroyDBUser, err := dbuser.AdaptFunc(
monitor,
namespace,
execDBPod,
execDBContainer,
containerCertsDir,
userName,
pwSecretLabels,
pwSecretKey,
func(k8sClient kubernetes.ClientInt) (string, error) {
pwValue, err := read.GetSecretValue(k8sClient, dbPasswd, dbPasswdExisting)
if err != nil {
return "", err
}
if pwValue == "" {
pwValue = userName
}
return pwValue, nil
},
)
if err != nil {
return nil, nil, nil, nil, err
}
queryCert, destroyCert, err := client.AdaptFunc(
cMonitor,
namespace,
componentLabels,
dbConn,
)
if err != nil {
return nil, nil, nil, nil, err
}
beforeCRqueriers := []operator.QueryFunc{
queryNode,
queryCert(rootUserName),
queryCert(userName),
}
beforeCRdestroyers := []operator.DestroyFunc{
destroyCert(db.CertsSecret(userName)),
destroyCert(db.CertsSecret(rootUserName)),
destroyNode,
}
afterCRqueriers := []operator.QueryFunc{
queryDBUser,
}
afterCRdestroyers := []operator.DestroyFunc{
destroyDBUser,
}
return func(k8sClient kubernetes.ClientInt, queried map[string]interface{}) (operator.EnsureFunc, error) {
return operator.QueriersToEnsureFunc(cMonitor, false, beforeCRqueriers, k8sClient, queried)
},
operator.DestroyersToDestroyFunc(cMonitor, beforeCRdestroyers),
func(k8sClient kubernetes.ClientInt, queried map[string]interface{}) (operator.EnsureFunc, error) {
return operator.QueriersToEnsureFunc(cMonitor, false, afterCRqueriers, k8sClient, queried)
},
operator.DestroyersToDestroyFunc(cMonitor, afterCRdestroyers),
nil
}