MCPcopy Index your code
hub / github.com/zalando/postgres-operator / getInfrastructureRole

Method getInfrastructureRole

pkg/controller/util.go:271–401  ·  view source on GitHub ↗

Generate list of users representing one infrastructure role based on its description in various K8S objects. An infrastructure role could be described by a secret and optionally a config map. The former should contain the secret information, i.e. username, password, role. The latter could contain an

(
	infraRole *config.InfrastructureRole)

Source from the content-addressed store, hash-verified

269// FIXME: This dependency on two different objects is rather unnecessary
270// complicated, so let's get rid of it via deprecation process.
271func (c *Controller) getInfrastructureRole(
272 infraRole *config.InfrastructureRole) (
273 []spec.PgUser, error) {
274
275 rolesSecret := infraRole.SecretName
276 roles := []spec.PgUser{}
277
278 if rolesSecret == emptyName {
279 // we don't have infrastructure roles defined, bail out
280 return nil, nil
281 }
282
283 infraRolesSecret, err := c.KubeClient.
284 Secrets(rolesSecret.Namespace).
285 Get(context.TODO(), rolesSecret.Name, metav1.GetOptions{})
286 if err != nil {
287 msg := "could not get infrastructure roles secret %s/%s: %v"
288 return nil, fmt.Errorf(msg, rolesSecret.Namespace, rolesSecret.Name, err)
289 }
290
291 secretData := infraRolesSecret.Data
292
293 if infraRole.Template {
294 Users:
295 for i := 1; i <= len(secretData); i++ {
296 properties := []string{
297 infraRole.UserKey,
298 infraRole.PasswordKey,
299 infraRole.RoleKey,
300 }
301 t := spec.PgUser{Origin: spec.RoleOriginInfrastructure}
302 for _, p := range properties {
303 key := fmt.Sprintf("%s%d", p, i)
304 if val, present := secretData[key]; !present {
305 if p == "user" {
306 // exit when the user name with the next sequence id is
307 // absent
308 break Users
309 }
310 } else {
311 s := string(val)
312 switch p {
313 case "user":
314 t.Name = s
315 case "password":
316 t.Password = s
317 case "inrole":
318 t.MemberOf = append(t.MemberOf, s)
319 default:
320 c.logger.Warningf("unknown key %q", p)
321 }
322 }
323 // XXX: This is a part of the original implementation, which is
324 // rather obscure. Why do we delete this key? Wouldn't it be
325 // used later in comparison for configmap?
326 delete(secretData, key)
327 }
328

Callers 1

Calls 6

ValidMethod · 0.95
CoalesceFunction · 0.92
readDecodedRoleFunction · 0.85
GetMethod · 0.65
SecretsMethod · 0.45
ConfigMapsMethod · 0.45

Tested by

no test coverage detected