Generate list of users representing one infrastructure role based on its description in various K8S objects. An infrastructure role could be described by a secret and optionally a config map. The former should contain the secret information, i.e. username, password, role. The latter could contain an
( infraRole *config.InfrastructureRole)
| 269 | // FIXME: This dependency on two different objects is rather unnecessary |
| 270 | // complicated, so let's get rid of it via deprecation process. |
| 271 | func (c *Controller) getInfrastructureRole( |
| 272 | infraRole *config.InfrastructureRole) ( |
| 273 | []spec.PgUser, error) { |
| 274 | |
| 275 | rolesSecret := infraRole.SecretName |
| 276 | roles := []spec.PgUser{} |
| 277 | |
| 278 | if rolesSecret == emptyName { |
| 279 | // we don't have infrastructure roles defined, bail out |
| 280 | return nil, nil |
| 281 | } |
| 282 | |
| 283 | infraRolesSecret, err := c.KubeClient. |
| 284 | Secrets(rolesSecret.Namespace). |
| 285 | Get(context.TODO(), rolesSecret.Name, metav1.GetOptions{}) |
| 286 | if err != nil { |
| 287 | msg := "could not get infrastructure roles secret %s/%s: %v" |
| 288 | return nil, fmt.Errorf(msg, rolesSecret.Namespace, rolesSecret.Name, err) |
| 289 | } |
| 290 | |
| 291 | secretData := infraRolesSecret.Data |
| 292 | |
| 293 | if infraRole.Template { |
| 294 | Users: |
| 295 | for i := 1; i <= len(secretData); i++ { |
| 296 | properties := []string{ |
| 297 | infraRole.UserKey, |
| 298 | infraRole.PasswordKey, |
| 299 | infraRole.RoleKey, |
| 300 | } |
| 301 | t := spec.PgUser{Origin: spec.RoleOriginInfrastructure} |
| 302 | for _, p := range properties { |
| 303 | key := fmt.Sprintf("%s%d", p, i) |
| 304 | if val, present := secretData[key]; !present { |
| 305 | if p == "user" { |
| 306 | // exit when the user name with the next sequence id is |
| 307 | // absent |
| 308 | break Users |
| 309 | } |
| 310 | } else { |
| 311 | s := string(val) |
| 312 | switch p { |
| 313 | case "user": |
| 314 | t.Name = s |
| 315 | case "password": |
| 316 | t.Password = s |
| 317 | case "inrole": |
| 318 | t.MemberOf = append(t.MemberOf, s) |
| 319 | default: |
| 320 | c.logger.Warningf("unknown key %q", p) |
| 321 | } |
| 322 | } |
| 323 | // XXX: This is a part of the original implementation, which is |
| 324 | // rather obscure. Why do we delete this key? Wouldn't it be |
| 325 | // used later in comparison for configmap? |
| 326 | delete(secretData, key) |
| 327 | } |
| 328 |
no test coverage detected