PTEUDO-1616: update dsns when a new role claim is created (#336)

infobloxopen · Oct 16, 2024 · 1598f35 · 1598f35
1 parent a071789
commit 1598f35
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 14 deletions.
diff --git a/internal/controller/dbroleclaim_controller_test.go b/internal/controller/dbroleclaim_controller_test.go
@@ -146,6 +146,10 @@ var _ = Describe("RoleClaim Controller", Ordered, func() {
 				Data: map[string][]byte{
 					"password": []byte("masterpassword"),
 					"username": []byte("user_a"),
+					"port":     []byte("5432"),
+					"database": []byte("postgres"),
+					"hostname": []byte("localhost"),
+					"sslmode":  []byte("disable"),
 				},
 			}
 			Expect(k8sClient.Create(ctx, sec)).To(Succeed())

diff --git a/pkg/metrics/controllerMetrics.go → pkg/metrics/metrics.go b/pkg/metrics/controllerMetrics.go → pkg/metrics/metrics.go
diff --git a/pkg/roleclaim/roleclaim.go b/pkg/roleclaim/roleclaim.go
@@ -30,6 +30,7 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 )
 
+// RoleConfig is the configuration for the Role controller.
 type RoleConfig struct {
 	Viper      *viper.Viper
 	MasterAuth *rdsauth.MasterAuth
@@ -56,17 +57,13 @@ type dbcBaseConfig struct {
 	EnableSuperUser  bool
 }
 
-// RoleReconciler reconciles a DatabaseClaim object
+// DbRoleClaimReconciler reconciles a DatabaseClaim object
 type DbRoleClaimReconciler struct {
 	client.Client
 	Config *RoleConfig
-	//Input  *input
-}
-
-func Reconcile(r *DbRoleClaimReconciler, ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
-	return r.Reconcile(ctx, req)
 }
 
+// Reconcile reconciles the DbRoleClaim object.
 func (r *DbRoleClaimReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	// FIXME: dont shadow log package
 	log := log.FromContext(ctx).WithValues("databaserole", req.NamespacedName)
@@ -271,7 +268,6 @@ func (r *DbRoleClaimReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 	dbRoleClaim.Status.SecretUpdatedAt = &timeNow
 
 	return r.manageSuccess(ctx, &dbRoleClaim)
-
 }
 
 func (r *DbRoleClaimReconciler) readResourceSecret(ctx context.Context, dbcBaseConfig *dbcBaseConfig, dbClaim *v1.DatabaseClaim) (v1.DatabaseClaimConnectionInfo, error) {
@@ -584,25 +580,49 @@ func (r *DbRoleClaimReconciler) copySourceSecret(ctx context.Context, sourceSecr
 	secretName := dbRoleClaim.Spec.SecretName
 	sourceSecretData := sourceSecret.Data
 
+	// Updates the secret data with the new user and password if they are provided.
 	if newUser != "" {
 		sourceSecretData["username"] = []byte(newUser)
 	}
 	if newPassword != "" {
 		sourceSecretData["password"] = []byte(newPassword)
 	}
 
-	role_secret := &corev1.Secret{}
+	// Check if source secret data is valid, if not: return error.
+	if sourceSecretData["database"] == nil ||
+		sourceSecretData["hostname"] == nil ||
+		sourceSecretData["password"] == nil ||
+		sourceSecretData["port"] == nil ||
+		sourceSecretData["sslmode"] == nil ||
+		sourceSecretData["username"] == nil {
+		return fmt.Errorf("source secret data is incomplete")
+	}
+
+	database := string(sourceSecretData["database"])
+	hostname := string(sourceSecretData["hostname"])
+	password := string(sourceSecretData["password"])
+	port := string(sourceSecretData["port"])
+	sslmode := string(sourceSecretData["sslmode"])
+	username := string(sourceSecretData["username"])
+
+	sourceSecretData["dsn.txt"] = []byte(dbclient.PostgresConnectionString(hostname, port, username, password, database, sslmode))
+	sourceSecretData["uri_dsn.txt"] = []byte(dbclient.PostgresURI(hostname, port, username, password, database, sslmode))
+	if sourceSecretData["ro_uri_dsn.txt"] != nil {
+		sourceSecretData["ro_uri_dsn.txt"] = []byte(strings.Replace(string(sourceSecretData["uri_dsn.txt"]), ".cluster-", ".cluster-ro-", -1))
+	}
+
+	roleSecret := &corev1.Secret{}
 
-	//find SECRET
+	// Check if secret exists, if not: create it.
 	err := r.Client.Get(ctx, client.ObjectKey{
 		Namespace: dbRoleClaim.Namespace,
 		Name:      secretName,
-	}, role_secret)
+	}, roleSecret)
 	if err != nil {
 		if client.IgnoreNotFound(err) != nil {
 			return err
 		}
-		role_secret = &corev1.Secret{
+		roleSecret = &corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: dbRoleClaim.Namespace,
 				Name:      secretName,
@@ -621,11 +641,11 @@ func (r *DbRoleClaimReconciler) copySourceSecret(ctx context.Context, sourceSecr
 			Data: sourceSecretData,
 		}
 		log.Info("creating secret", "secret", secretName, "namespace", dbRoleClaim.Namespace)
-		return r.Client.Create(ctx, role_secret)
+		return r.Client.Create(ctx, roleSecret)
 	}
 
-	role_secret.Data = sourceSecretData
+	roleSecret.Data = sourceSecretData
 	log.Info("updating secret", "secret", secretName, "namespace", dbRoleClaim.Namespace)
-	return r.Client.Update(ctx, role_secret)
+	return r.Client.Update(ctx, roleSecret)
 
 }