Skip to content

Commit a1894ab

Browse files
gkechgkech
committed
K8SPG-570 update custom secret with labels when they are missing
1 parent 1e421a5 commit a1894ab

File tree

1 file changed

+55
-0
lines changed

1 file changed

+55
-0
lines changed

internal/controller/postgrescluster/postgres.go

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,10 @@ import (
1919
"github.com/pkg/errors"
2020
appsv1 "k8s.io/api/apps/v1"
2121
corev1 "k8s.io/api/core/v1"
22+
k8serrors "k8s.io/apimachinery/pkg/api/errors"
2223
"k8s.io/apimachinery/pkg/api/resource"
2324
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
25+
"k8s.io/apimachinery/pkg/types"
2426
"k8s.io/apimachinery/pkg/util/sets"
2527
"k8s.io/apimachinery/pkg/util/validation/field"
2628
"sigs.k8s.io/controller-runtime/pkg/client"
@@ -494,6 +496,14 @@ func (r *Reconciler) reconcilePostgresUserSecrets(
494496
userSpecs[string(specUsers[i].Name)] = &specUsers[i]
495497
}
496498

499+
for _, user := range specUsers {
500+
if user.SecretName != "" {
501+
if err := r.updateCustomSecretLabels(ctx, cluster, user); err != nil {
502+
return specUsers, nil, err
503+
}
504+
}
505+
}
506+
497507
secrets := &corev1.SecretList{}
498508
selector, err := naming.AsSelector(naming.ClusterPostgresUsers(cluster.Name))
499509
if err == nil {
@@ -582,6 +592,51 @@ func (r *Reconciler) reconcilePostgresUserSecrets(
582592
return specUsers, userSecrets, err
583593
}
584594

595+
// updateCustomSecretLabels checks if a custom secret exists and updates it
596+
// with required labels if they are missing that enabled the
597+
// naming.AsSelector(naming.ClusterPostgresUsers(cluster.Name)) to identify them.
598+
func (r *Reconciler) updateCustomSecretLabels(
599+
ctx context.Context, cluster *v1beta1.PostgresCluster, user v1beta1.PostgresUserSpec,
600+
) error {
601+
secretName := string(user.SecretName)
602+
userName := string(user.Name)
603+
604+
secret := &corev1.Secret{}
605+
err := r.Client.Get(ctx, types.NamespacedName{
606+
Name: secretName,
607+
Namespace: cluster.Namespace,
608+
}, secret)
609+
if err != nil {
610+
if k8serrors.IsNotFound(err) {
611+
return nil
612+
}
613+
return errors.Wrap(err, fmt.Sprintf("failed to get user %s secret %s", userName, secretName))
614+
}
615+
616+
requiredLabels := map[string]string{
617+
naming.LabelCluster: cluster.Name,
618+
naming.LabelPostgresUser: userName,
619+
}
620+
621+
needsUpdate := false
622+
if secret.Labels == nil {
623+
secret.Labels = make(map[string]string)
624+
}
625+
626+
for labelKey, labelValue := range requiredLabels {
627+
if existing, exists := secret.Labels[labelKey]; !exists || existing != labelValue {
628+
secret.Labels[labelKey] = labelValue
629+
needsUpdate = true
630+
}
631+
}
632+
633+
if needsUpdate {
634+
return errors.WithStack(r.Client.Update(ctx, secret))
635+
}
636+
637+
return nil
638+
}
639+
585640
// reconcilePostgresUsersInPostgreSQL creates users inside of PostgreSQL and
586641
// sets their options and database access as specified.
587642
func (r *Reconciler) reconcilePostgresUsersInPostgreSQL(

0 commit comments

Comments
 (0)