|
9 | 9 | "context" |
10 | 10 | "fmt" |
11 | 11 | "io" |
| 12 | + k8serrors "k8s.io/apimachinery/pkg/api/errors" |
| 13 | + "k8s.io/apimachinery/pkg/types" |
12 | 14 | "net" |
13 | 15 | "net/url" |
14 | 16 | "regexp" |
@@ -494,6 +496,14 @@ func (r *Reconciler) reconcilePostgresUserSecrets( |
494 | 496 | userSpecs[string(specUsers[i].Name)] = &specUsers[i] |
495 | 497 | } |
496 | 498 |
|
| 499 | + for _, user := range specUsers { |
| 500 | + if user.SecretName != "" { |
| 501 | + if err := r.updateCustomSecretLabels(ctx, cluster, user); err != nil { |
| 502 | + return specUsers, nil, err |
| 503 | + } |
| 504 | + } |
| 505 | + } |
| 506 | + |
497 | 507 | secrets := &corev1.SecretList{} |
498 | 508 | selector, err := naming.AsSelector(naming.ClusterPostgresUsers(cluster.Name)) |
499 | 509 | if err == nil { |
@@ -582,6 +592,51 @@ func (r *Reconciler) reconcilePostgresUserSecrets( |
582 | 592 | return specUsers, userSecrets, err |
583 | 593 | } |
584 | 594 |
|
| 595 | +// updateCustomSecretLabels checks if a custom secret exists and updates it |
| 596 | +// with required labels if they are missing that enabled the |
| 597 | +// naming.AsSelector(naming.ClusterPostgresUsers(cluster.Name)) to identify them. |
| 598 | +func (r *Reconciler) updateCustomSecretLabels( |
| 599 | + ctx context.Context, cluster *v1beta1.PostgresCluster, user v1beta1.PostgresUserSpec, |
| 600 | +) error { |
| 601 | + secretName := string(user.SecretName) |
| 602 | + userName := string(user.Name) |
| 603 | + |
| 604 | + secret := &corev1.Secret{} |
| 605 | + err := r.Client.Get(ctx, types.NamespacedName{ |
| 606 | + Name: secretName, |
| 607 | + Namespace: cluster.Namespace, |
| 608 | + }, secret) |
| 609 | + if err != nil { |
| 610 | + if k8serrors.IsNotFound(err) { |
| 611 | + return nil |
| 612 | + } |
| 613 | + return errors.Wrap(err, fmt.Sprintf("failed to get user %s secret %s", userName, secretName)) |
| 614 | + } |
| 615 | + |
| 616 | + requiredLabels := map[string]string{ |
| 617 | + naming.LabelCluster: cluster.Name, |
| 618 | + naming.LabelPostgresUser: userName, |
| 619 | + } |
| 620 | + |
| 621 | + needsUpdate := false |
| 622 | + if secret.Labels == nil { |
| 623 | + secret.Labels = make(map[string]string) |
| 624 | + } |
| 625 | + |
| 626 | + for labelKey, labelValue := range requiredLabels { |
| 627 | + if existing, exists := secret.Labels[labelKey]; !exists || existing != labelValue { |
| 628 | + secret.Labels[labelKey] = labelValue |
| 629 | + needsUpdate = true |
| 630 | + } |
| 631 | + } |
| 632 | + |
| 633 | + if needsUpdate { |
| 634 | + return errors.WithStack(r.Client.Update(ctx, secret)) |
| 635 | + } |
| 636 | + |
| 637 | + return nil |
| 638 | +} |
| 639 | + |
585 | 640 | // reconcilePostgresUsersInPostgreSQL creates users inside of PostgreSQL and |
586 | 641 | // sets their options and database access as specified. |
587 | 642 | func (r *Reconciler) reconcilePostgresUsersInPostgreSQL( |
|
0 commit comments