| 200 | } |
| 201 | |
| 202 | func (c *Controller) getInfrastructureRoles( |
| 203 | rolesSecrets []*config.InfrastructureRole) ( |
| 204 | map[string]spec.PgUser, error) { |
| 205 | |
| 206 | errors := make([]string, 0) |
| 207 | noRolesProvided := true |
| 208 | roles := []spec.PgUser{} |
| 209 | uniqRoles := make(map[string]spec.PgUser) |
| 210 | |
| 211 | // To be compatible with the legacy implementation we need to return nil if |
| 212 | // the provided secret name is empty. The equivalent situation in the |
| 213 | // current implementation is an empty rolesSecrets slice or all its items |
| 214 | // are empty. |
| 215 | for _, role := range rolesSecrets { |
| 216 | if role.SecretName != emptyName { |
| 217 | noRolesProvided = false |
| 218 | } |
| 219 | } |
| 220 | |
| 221 | if noRolesProvided { |
| 222 | return uniqRoles, nil |
| 223 | } |
| 224 | |
| 225 | for _, secret := range rolesSecrets { |
| 226 | infraRoles, err := c.getInfrastructureRole(secret) |
| 227 | |
| 228 | if err != nil || infraRoles == nil { |
| 229 | c.logger.Debugf("cannot get infrastructure role: %+v", *secret) |
| 230 | |
| 231 | if err != nil { |
| 232 | errors = append(errors, fmt.Sprintf("%v", err)) |
| 233 | } |
| 234 | |
| 235 | continue |
| 236 | } |
| 237 | |
| 238 | roles = append(roles, infraRoles...) |
| 239 | } |
| 240 | |
| 241 | for _, r := range roles { |
| 242 | if _, exists := uniqRoles[r.Name]; exists { |
| 243 | msg := "conflicting infrastructure roles: roles[%s] = (%q, %q)" |
| 244 | c.logger.Debugf(msg, r.Name, uniqRoles[r.Name], r) |
| 245 | } |
| 246 | |
| 247 | uniqRoles[r.Name] = r |
| 248 | } |
| 249 | |
| 250 | if len(errors) > 0 { |
| 251 | return uniqRoles, fmt.Errorf("%s", strings.Join(errors, `', '`)) |
| 252 | } |
| 253 | |
| 254 | return uniqRoles, nil |
| 255 | } |
| 256 | |
| 257 | // Generate list of users representing one infrastructure role based on its |
| 258 | // description in various K8S objects. An infrastructure role could be |