Skip to content

Commit 1c65787

Browse files
ThoSapThoSap
authored
Refactor SecretRef and ClusterReference to one common ResourceRef (#38)
* update to Quarkus 3.32.1 and update dependencies to latest versions * validate K8s resource references against the RFC 1123 hostname format Kubernetes uses * refactor SecretRef and ClusterReference to one common ResourceRef type * fix the test by having a own SchemaCustomizer for Kubernetes names * do not short-circuit the PostgreSQLInstanceReadinessCheck check once one instance is down * let the PostgreSQLContextFactory exception bubble up * reformat code * fix compile issue * the namespace should come always first * add explicit string max length check of 63 * add explicit string max length check of 63
1 parent 3381f8c commit 1c65787

31 files changed

Lines changed: 180 additions & 205 deletions

docs/cluster-connection.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -12,15 +12,15 @@ Other Custom Resources (like `Database`, `Role`, `Schema`, `Grant`, `DefaultPriv
1212
| `host` | `string` | The hostname of the PostgreSQL instance. | Yes |
1313
| `port` | `integer` | The port of the PostgreSQL instance (1-65535). | Yes |
1414
| `database` | `string` | The database to connect to (usually `postgres` for admin operations). | Yes |
15-
| `adminSecretRef` | `SecretRef` | Reference to the secret containing admin credentials. | Yes |
15+
| `adminSecretRef` | `ResourceRef` | Reference to the Kubernetes Secret containing the admin credentials. | Yes |
1616
| `parameters` | `map[string]string` | Additional connection parameters. | No |
1717

18-
### SecretRef
18+
### ResourceRef (`adminSecretRef`)
1919

20-
| Field | Type | Description | Required |
21-
|-------------|----------|---------------------------------------------------------------------|----------|
22-
| `name` | `string` | Name of the secret. | Yes |
23-
| `namespace` | `string` | Namespace of the secret. If not specified, uses the CR's namespace. | No |
20+
| Field | Type | Description | Required |
21+
|-------------|----------|----------------------------------------------------------------------------------------------------|----------|
22+
| `namespace` | `string` | Namespace of the referenced Kubernetes `Secret`. If not specified, uses the owning CR's namespace. | No |
23+
| `name` | `string` | Name of the referenced Kubernetes `Secret`. | Yes |
2424

2525
The referenced secret must be of type `kubernetes.io/basic-auth` and contain the keys `username` and `password`.
2626

docs/database.md

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -4,19 +4,19 @@ The `Database` Custom Resource Definition (CRD) is responsible for managing Post
44

55
## Spec
66

7-
| Field | Type | Description | Required | Immutable |
8-
|-----------------|--------------------|------------------------------------------------------------------------------------------------------|----------|-----------|
9-
| `clusterRef` | `ClusterReference` | Reference to the `ClusterConnection` to use. | Yes | No |
10-
| `name` | `string` | The name of the database to create. | Yes | Yes |
11-
| `owner` | `string` | The owner of the database. | No | No |
12-
| `reclaimPolicy` | `string` | The policy for reclaiming the database when the CR is deleted. Values: `Retain` (Default), `Delete`. | No | No |
13-
14-
### ClusterReference
15-
16-
| Field | Type | Description | Required |
17-
|-------------|----------|----------------------------------------------------------------------------------|----------|
18-
| `name` | `string` | Name of the `ClusterConnection`. | Yes |
19-
| `namespace` | `string` | Namespace of the `ClusterConnection`. If not specified, uses the CR's namespace. | No |
7+
| Field | Type | Description | Required | Immutable |
8+
|-----------------|---------------|------------------------------------------------------------------------------------------------------|----------|-----------|
9+
| `clusterRef` | `ResourceRef` | Reference to the `ClusterConnection` to use. | Yes | No |
10+
| `name` | `string` | The name of the database to create. | Yes | Yes |
11+
| `owner` | `string` | The owner of the database. | No | No |
12+
| `reclaimPolicy` | `string` | The policy for reclaiming the database when the CR is deleted. Values: `Retain` (Default), `Delete`. | No | No |
13+
14+
### ResourceRef (`clusterRef`)
15+
16+
| Field | Type | Description | Required |
17+
|-------------|----------|----------------------------------------------------------------------------------------------------|----------|
18+
| `namespace` | `string` | Namespace of the referenced `ClusterConnection`. If not specified, uses the owning CR's namespace. | No |
19+
| `name` | `string` | Name of the referenced `ClusterConnection`. | Yes |
2020

2121
### Reclaim Policy
2222

docs/default-privilege.md

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,15 @@ The `DefaultPrivilege` Custom Resource Definition (CRD) manages default privileg
44

55
## Spec
66

7-
| Field | Type | Description | Required | Immutable |
8-
|--------------|--------------------|---------------------------------------------------------------------------------------------------------|-------------|-----------|
9-
| `clusterRef` | `ClusterReference` | Reference to the `ClusterConnection` to use. | Yes | No |
10-
| `database` | `string` | The database where default privileges apply. | Yes | Yes |
11-
| `role` | `string` | The role to which default privileges are granted. | Yes | Yes |
12-
| `owner` | `string` | The role that owns the objects (the creator). Default privileges apply to objects created by this role. | Yes | Yes |
13-
| `schema` | `string` | The schema where default privileges apply. Required, unless `objectType` is `schema`. | Conditional | Yes |
14-
| `objectType` | `string` | The type of object. | Yes | Yes |
15-
| `privileges` | `array[string]` | List of privileges to grant. | Yes | No |
7+
| Field | Type | Description | Required | Immutable |
8+
|--------------|-----------------|---------------------------------------------------------------------------------------------------------|-------------|-----------|
9+
| `clusterRef` | `ResourceRef` | Reference to the `ClusterConnection` to use. | Yes | No |
10+
| `database` | `string` | The database where default privileges apply. | Yes | Yes |
11+
| `role` | `string` | The role to which default privileges are granted. | Yes | Yes |
12+
| `owner` | `string` | The role that owns the objects (the creator). Default privileges apply to objects created by this role. | Yes | Yes |
13+
| `schema` | `string` | The schema where default privileges apply. Required, unless `objectType` is `schema`. | Conditional | Yes |
14+
| `objectType` | `string` | The type of object. | Yes | Yes |
15+
| `privileges` | `array[string]` | List of privileges to grant. | Yes | No |
1616

1717
### Object Types
1818

@@ -39,12 +39,12 @@ Supported privileges depend on the `objectType`:
3939
- `update`
4040
- `usage`
4141

42-
### ClusterReference
42+
### ResourceRef (`clusterRef`)
4343

44-
| Field | Type | Description | Required |
45-
|-------------|----------|----------------------------------------------------------------------------------|----------|
46-
| `name` | `string` | Name of the `ClusterConnection`. | Yes |
47-
| `namespace` | `string` | Namespace of the `ClusterConnection`. If not specified, uses the CR's namespace. | No |
44+
| Field | Type | Description | Required |
45+
|-------------|----------|----------------------------------------------------------------------------------------------------|----------|
46+
| `namespace` | `string` | Namespace of the referenced `ClusterConnection`. If not specified, uses the owning CR's namespace. | No |
47+
| `name` | `string` | Name of the referenced `ClusterConnection`. | Yes |
4848

4949
## Example
5050

docs/grant.md

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,15 @@ The `Grant` Custom Resource Definition (CRD) is responsible for managing privile
44

55
## Spec
66

7-
| Field | Type | Description | Required | Immutable |
8-
|--------------|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------|-------------|-----------|
9-
| `clusterRef` | `ClusterReference` | Reference to the `ClusterConnection` to use. | Yes | No |
10-
| `database` | `string` | The database containing the objects. | Yes | Yes |
11-
| `role` | `string` | The role to which privileges are granted. | Yes | Yes |
12-
| `schema` | `string` | The schema containing the objects. Required, unless `objectType` is `database`. | Conditional | Yes |
13-
| `objectType` | `string` | The type of object. | Yes | Yes |
14-
| `objects` | `array[string]` | List of object names. If empty, all objects of this `objectType` will be granted. Required, unless `objectType` is `database` or `schema`. | Conditional | No |
15-
| `privileges` | `array[string]` | List of privileges to grant. | Yes | No |
7+
| Field | Type | Description | Required | Immutable |
8+
|--------------|-----------------|--------------------------------------------------------------------------------------------------------------------------------------------|-------------|-----------|
9+
| `clusterRef` | `ResourceRef` | Reference to the `ClusterConnection` to use. | Yes | No |
10+
| `database` | `string` | The database containing the objects. | Yes | Yes |
11+
| `role` | `string` | The role to which privileges are granted. | Yes | Yes |
12+
| `schema` | `string` | The schema containing the objects. Required, unless `objectType` is `database`. | Conditional | Yes |
13+
| `objectType` | `string` | The type of object. | Yes | Yes |
14+
| `objects` | `array[string]` | List of object names. If empty, all objects of this `objectType` will be granted. Required, unless `objectType` is `database` or `schema`. | Conditional | No |
15+
| `privileges` | `array[string]` | List of privileges to grant. | Yes | No |
1616

1717
### Object Types
1818

@@ -40,12 +40,12 @@ Supported privileges depend on the `objectType`:
4040
- `update`
4141
- `usage`
4242

43-
### ClusterReference
43+
### ResourceRef (`clusterRef`)
4444

45-
| Field | Type | Description | Required |
46-
|-------------|----------|----------------------------------------------------------------------------------|----------|
47-
| `name` | `string` | Name of the `ClusterConnection`. | Yes |
48-
| `namespace` | `string` | Namespace of the `ClusterConnection`. If not specified, uses the CR's namespace. | No |
45+
| Field | Type | Description | Required |
46+
|-------------|----------|----------------------------------------------------------------------------------------------------|----------|
47+
| `namespace` | `string` | Namespace of the referenced `ClusterConnection`. If not specified, uses the owning CR's namespace. | No |
48+
| `name` | `string` | Name of the referenced `ClusterConnection`. | Yes |
4949

5050
## Example
5151

docs/role.md

Lines changed: 16 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -4,20 +4,24 @@ The `Role` Custom Resource Definition (CRD) manages PostgreSQL roles (users).
44

55
## Spec
66

7-
| Field | Type | Description | Required | Immutable |
8-
|---------------------|--------------------|-------------------------------------------------------------------------------------|----------|-----------|
9-
| `clusterRef` | `ClusterReference` | Reference to the `ClusterConnection` to use. | Yes | No |
10-
| `name` | `string` | The name of the role to create in the database. | Yes | Yes |
11-
| `comment` | `string` | A comment to add to the role. | No | No |
12-
| `passwordSecretRef` | `SecretRef` | Reference to a secret containing the password for the role to make it a LOGIN role. | No | No |
13-
| `flags` | `RoleFlags` | Flags and attributes for the role. | No | No |
7+
| Field | Type | Description | Required | Immutable |
8+
|---------------------|---------------|-------------------------------------------------------------------------------------|----------|-----------|
9+
| `clusterRef` | `ResourceRef` | Reference to the `ClusterConnection` to use. | Yes | No |
10+
| `name` | `string` | The name of the role to create in the database. | Yes | Yes |
11+
| `comment` | `string` | A comment to add to the role. | No | No |
12+
| `passwordSecretRef` | `ResourceRef` | Reference to a secret containing the password for the role to make it a LOGIN role. | No | No |
13+
| `flags` | `RoleFlags` | Flags and attributes for the role. | No | No |
1414

15-
### ClusterReference
15+
### ResourceRef (`clusterRef` and `passwordSecretRef`)
1616

17-
| Field | Type | Description | Required |
18-
|-------------|----------|----------------------------------------------------------------------------------|----------|
19-
| `name` | `string` | Name of the `ClusterConnection`. | Yes |
20-
| `namespace` | `string` | Namespace of the `ClusterConnection`. If not specified, uses the CR's namespace. | No |
17+
| Field | Type | Description | Required |
18+
|-------------|----------|-----------------------------------------------------------------------------------------|----------|
19+
| `namespace` | `string` | Namespace of the referenced resource. If not specified, uses the owning CR's namespace. | No |
20+
| `name` | `string` | Name of the referenced Kubernetes resource. | Yes |
21+
22+
**Note**:
23+
When used as `passwordSecretRef`, the referenced Kubernetes Secret must be of type `kubernetes.io/basic-auth`.
24+
The `username` key in the Secret is not strictly required, as the role name is specified by the `name` field in the CRD. Only the `password` key is used.
2125

2226
### RoleFlags
2327

@@ -34,17 +38,6 @@ The `Role` Custom Resource Definition (CRD) manages PostgreSQL roles (users).
3438
| `superuser` | `boolean` | `false` | Superuser status. |
3539
| `validUntil` | `string` | `null` | Date and time until the password is valid (ISO 8601). |
3640

37-
### SecretRef
38-
39-
| Field | Type | Description | Required |
40-
|-------------|----------|---------------------------------------------------------------------|----------|
41-
| `name` | `string` | Name of the secret. | Yes |
42-
| `namespace` | `string` | Namespace of the secret. If not specified, uses the CR's namespace. | No |
43-
44-
The referenced secret must be of type `kubernetes.io/basic-auth`.
45-
46-
**Note**: The `username` key in the secret is not strictly required, as the role name is specified by the `name` field in the CRD. Only the `password` key is used.
47-
4841
### Login vs No-Login Roles
4942

5043
The operator uses the presence of the `passwordSecretRef` field to determine if the role should have the `LOGIN` privilege (User) or not (Group).

0 commit comments

Comments
 (0)