added db to role

raffis · raffis · commit f73d6e5da975 · 2021-08-10T12:08:01.000+02:00
diff --git a/api/v1beta1/database_types.go b/api/v1beta1/database_types.go
@@ -73,7 +73,8 @@ type SecretReference struct {
 }
 
 type Role struct {
-	Name string `json:"name"`
+	Name string  `json:"name"`
+	Db   *string `json:"db,omitempty"`
 }
 
 // Extension is a resource representing database extension
diff --git a/api/v1beta1/mongodbuser_type.go b/api/v1beta1/mongodbuser_type.go
@@ -76,8 +76,12 @@ func (in *MongoDBUser) GetCredentials() *SecretReference {
 	return in.Spec.Credentials
 }
 
-func (in *MongoDBUser) GetRoles() *[]Role {
-	return in.Spec.Roles
+func (in *MongoDBUser) GetRoles() []Role {
+	if in.Spec.Roles == nil {
+		return []Role{}
+	}
+
+	return *in.Spec.Roles
 }
 
 // +kubebuilder:object:root=true
diff --git a/api/v1beta1/postgresqluser_type.go b/api/v1beta1/postgresqluser_type.go
@@ -68,9 +68,9 @@ func (in *PostgreSQLUser) GetCredentials() *SecretReference {
 	return in.Spec.Credentials
 }
 
-func (in *PostgreSQLUser) GetRoles() *[]Role {
+func (in *PostgreSQLUser) GetRoles() []Role {
 	// NOOP
-	return nil
+	return []Role{}
 }
 
 // +kubebuilder:object:root=true
diff --git a/common/db/handler.go b/common/db/handler.go
@@ -2,6 +2,8 @@ package db
 
 import (
 	"context"
+
+	infrav1beta1 "github.com/doodlescheduling/k8sdb-controller/api/v1beta1"
 )
 
 // Invoke a database handler
@@ -10,7 +12,7 @@ type Invoke func(ctx context.Context, uri, database, username, password string)
 // Handler is a wrapper arround a certain database client
 type Handler interface {
 	Close() error
-	SetupUser(database string, username string, password string, roles []string) error
+	SetupUser(database string, username string, password string, roles []infrav1beta1.Role) error
 	DropUser(database string, username string) error
 	CreateDatabaseIfNotExists(database string) error
 	EnableExtension(name string) error
diff --git a/common/db/mongodb.go b/common/db/mongodb.go
@@ -10,6 +10,8 @@ import (
 	"go.mongodb.org/mongo-driver/mongo"
 	"go.mongodb.org/mongo-driver/mongo/options"
 	"go.mongodb.org/mongo-driver/mongo/readpref"
+
+	infrav1beta1 "github.com/doodlescheduling/k8sdb-controller/api/v1beta1"
 )
 
 const (
@@ -67,7 +69,7 @@ func (m *MongoDBRepository) CreateDatabaseIfNotExists(database string) error {
 	return nil
 }
 
-func (m *MongoDBRepository) SetupUser(database string, username string, password string, roles []string) error {
+func (m *MongoDBRepository) SetupUser(database string, username string, password string, roles []infrav1beta1.Role) error {
 	doesUserExist, err := m.doesUserExist(database, username)
 	if err != nil {
 		return err
@@ -138,25 +140,30 @@ func (m *MongoDBRepository) getAllUsers(database string, username string) (Users
 	return users, nil
 }
 
-func (m *MongoDBRepository) getRoles(database string, roles []string) []bson.M {
+func (m *MongoDBRepository) getRoles(database string, roles []infrav1beta1.Role) []bson.M {
 	// by default, assign readWrite role (backward compatibility)
-	if roles == nil || len(roles) == 0 {
+	if len(roles) == 0 {
 		return []bson.M{{
 			"role": "readWrite",
 			"db":   database,
 		}}
 	}
 	rs := make([]bson.M, 0)
 	for _, r := range roles {
+		db := r.Db
+		if db == nil {
+			db = &database
+		}
+
 		rs = append(rs, bson.M{
-			"role": r,
-			"db":   database,
+			"role": r.Name,
+			"db":   db,
 		})
 	}
 	return rs
 }
 
-func (m *MongoDBRepository) createUser(database string, username string, password string, roles []string) error {
+func (m *MongoDBRepository) createUser(database string, username string, password string, roles []infrav1beta1.Role) error {
 	command := &bson.D{primitive.E{Key: "createUser", Value: username}, primitive.E{Key: "pwd", Value: password},
 		primitive.E{Key: "roles", Value: m.getRoles(database, roles)}}
 	r := m.runCommand(database, command)
@@ -166,7 +173,7 @@ func (m *MongoDBRepository) createUser(database string, username string, passwor
 	return nil
 }
 
-func (m *MongoDBRepository) updateUserPasswordAndRoles(database string, username string, password string, roles []string) error {
+func (m *MongoDBRepository) updateUserPasswordAndRoles(database string, username string, password string, roles []infrav1beta1.Role) error {
 	command := &bson.D{primitive.E{Key: "updateUser", Value: username}, primitive.E{Key: "pwd", Value: password},
 		primitive.E{Key: "roles", Value: m.getRoles(database, roles)}}
 	r := m.runCommand(database, command)
diff --git a/common/db/postgresql.go b/common/db/postgresql.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"net/url"
 
+	infrav1beta1 "github.com/doodlescheduling/k8sdb-controller/api/v1beta1"
 	"github.com/jackc/pgx/v4"
 	"github.com/jackc/pgx/v4/pgxpool"
 )
@@ -69,7 +70,7 @@ func (s *PostgreSQLRepository) CreateDatabaseIfNotExists(database string) error
 	}
 }
 
-func (s *PostgreSQLRepository) SetupUser(database string, user string, password string, roles []string) error {
+func (s *PostgreSQLRepository) SetupUser(database string, user string, password string, roles []infrav1beta1.Role) error {
 	if err := s.createUserIfNotExists(user); err != nil {
 		return err
 	}
diff --git a/config/crd/bases/dbprovisioning.infra.doodle.com_mongodbusers.yaml b/config/crd/bases/dbprovisioning.infra.doodle.com_mongodbusers.yaml
@@ -80,6 +80,8 @@ spec:
                 - name: readWrite
                 items:
                   properties:
+                    db:
+                      type: string
                     name:
                       type: string
                   required:
diff --git a/controllers/handler.go b/controllers/handler.go
@@ -40,7 +40,7 @@ type user interface {
 	runtime.Object
 	GetStatusConditions() *[]metav1.Condition
 	GetCredentials() *infrav1beta1.SecretReference
-	GetRoles() *[]infrav1beta1.Role
+	GetRoles() []infrav1beta1.Role
 	GetDatabase() string
 }
 
@@ -73,17 +73,6 @@ func extractCredentials(credentials *infrav1beta1.SecretReference, secret *corev
 	return user, pw, nil
 }
 
-func extractRoles(roles *[]infrav1beta1.Role) []string {
-	if roles == nil || len(*roles) == 0 {
-		return nil
-	}
-	rolesToReturn := make([]string, 0)
-	for _, r := range *roles {
-		rolesToReturn = append(rolesToReturn, r.Name)
-	}
-	return rolesToReturn
-}
-
 func reconcileDatabase(c client.Client, pool *db.ClientPool, invoke db.Invoke, database database, recorder record.EventRecorder) (database, ctrl.Result) {
 	// Fetch referencing root secret
 	secret := &corev1.Secret{}
@@ -215,7 +204,7 @@ func reconcileUser(database database, c client.Client, pool *db.ClientPool, invo
 		return user, ctrl.Result{Requeue: true}
 	}
 
-	err = dbHandler.SetupUser(database.GetDatabaseName(), usr, pw, extractRoles(user.GetRoles()))
+	err = dbHandler.SetupUser(database.GetDatabaseName(), usr, pw, user.GetRoles())
 	if err != nil {
 		msg := fmt.Sprintf("Failed to provison user account: %s", err.Error())
 		recorder.Event(user, "Normal", "error", msg)

Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,8 @@ type SecretReference struct {`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`type Role struct {`
`76`		- Name string `json:"name"`
	`76`	+ Name string `json:"name"`
	`77`	+ Db *string `json:"db,omitempty"`
`77`	`78`	`}`
`78`	`79`
`79`	`80`	`// Extension is a resource representing database extension`
Original file line number	Diff line number	Diff line change
`@@ -76,8 +76,12 @@ func (in MongoDBUser) GetCredentials() SecretReference {`
`76`	`76`	`return in.Spec.Credentials`
`77`	`77`	`}`
`78`	`78`
`79`		`-func (in MongoDBUser) GetRoles() []Role {`
`80`		`- return in.Spec.Roles`
	`79`	`+func (in *MongoDBUser) GetRoles() []Role {`
	`80`	`+ if in.Spec.Roles == nil {`
	`81`	`+ return []Role{}`
	`82`	`+ }`
	`83`	`+`
	`84`	`+ return *in.Spec.Roles`
`81`	`85`	`}`
`82`	`86`
`83`	`87`	`// +kubebuilder:object:root=true`
Original file line number	Diff line number	Diff line change
`@@ -68,9 +68,9 @@ func (in PostgreSQLUser) GetCredentials() SecretReference {`
`68`	`68`	`return in.Spec.Credentials`
`69`	`69`	`}`
`70`	`70`
`71`		`-func (in PostgreSQLUser) GetRoles() []Role {`
	`71`	`+func (in *PostgreSQLUser) GetRoles() []Role {`
`72`	`72`	`// NOOP`
`73`		`- return nil`
	`73`	`+ return []Role{}`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`// +kubebuilder:object:root=true`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import (`
`6`	`6`	`"fmt"`
`7`	`7`	`"net/url"`
`8`	`8`
	`9`	`+ infrav1beta1 "github.com/doodlescheduling/k8sdb-controller/api/v1beta1"`
`9`	`10`	`"github.com/jackc/pgx/v4"`
`10`	`11`	`"github.com/jackc/pgx/v4/pgxpool"`
`11`	`12`	`)`
`@@ -69,7 +70,7 @@ func (s *PostgreSQLRepository) CreateDatabaseIfNotExists(database string) error`
`69`	`70`	`}`
`70`	`71`	`}`
`71`	`72`
`72`		`-func (s *PostgreSQLRepository) SetupUser(database string, user string, password string, roles []string) error {`
	`73`	`+func (s *PostgreSQLRepository) SetupUser(database string, user string, password string, roles []infrav1beta1.Role) error {`
`73`	`74`	`if err := s.createUserIfNotExists(user); err != nil {`
`74`	`75`	`return err`
`75`	`76`	`}`