Skip to content

Commit 2de42f2

Browse files
tkcontianttkcontiant
committed
reoslve conflicts after rebase
1 parent 35f852c commit 2de42f2

File tree

1 file changed

+52
-0
lines changed

1 file changed

+52
-0
lines changed

internal/controller/postgresuser_controller.go

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -286,6 +286,58 @@ func (r *PostgresUserReconciler) Reconcile(ctx context.Context, req ctrl.Request
286286
}
287287
} else if awsIamRequested {
288288
reqLogger.WithValues("role", role).Info("IAM Auth requested while we are not running with AWS cloud provider config")
289+
290+
// Reconcile logic for changes in group membership
291+
// This is only applicable if user role is already created
292+
// and privileges are changed in spec
293+
if instance.Status.PostgresRole != "" {
294+
295+
// We need to get the Postgres CR to get the group role name
296+
database, err := r.getPostgresCR(ctx, instance)
297+
if err != nil {
298+
return r.requeue(ctx, instance, errors.NewInternalError(err))
299+
}
300+
301+
// Determine desired group role
302+
var desiredGroup string
303+
switch instance.Spec.Privileges {
304+
case "READ":
305+
desiredGroup = database.Status.Roles.Reader
306+
case "WRITE":
307+
desiredGroup = database.Status.Roles.Writer
308+
default:
309+
desiredGroup = database.Status.Roles.Owner
310+
}
311+
312+
currentGroup := instance.Status.PostgresGroup
313+
if desiredGroup != "" && currentGroup != desiredGroup {
314+
315+
// Remove the old group membership if present
316+
if currentGroup != "" {
317+
err = r.pg.RevokeRole(currentGroup, role)
318+
if err != nil {
319+
return r.requeue(ctx, instance, errors.NewInternalError(err))
320+
}
321+
}
322+
323+
// Grant the new group role
324+
err = r.pg.GrantRole(desiredGroup, role)
325+
if err != nil {
326+
return r.requeue(ctx, instance, errors.NewInternalError(err))
327+
}
328+
329+
// Ensure objects created by the user are owned by the new group
330+
err = r.pg.AlterDefaultLoginRole(role, desiredGroup)
331+
if err != nil {
332+
return r.requeue(ctx, instance, errors.NewInternalError(err))
333+
}
334+
335+
instance.Status.PostgresGroup = desiredGroup
336+
err = r.Status().Update(ctx, instance)
337+
if err != nil {
338+
return r.requeue(ctx, instance, err)
339+
}
340+
}
289341
}
290342

291343
err = r.addFinalizer(ctx, reqLogger, instance)

0 commit comments

Comments
 (0)