diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index e1220fa..18eb672 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -10,7 +10,7 @@ spec: spec: containers: - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 + image: quay.io/brancz/kube-rbac-proxy:v0.18.2 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/controllers/postgres/postgresqlconsumer_controller.go b/controllers/postgres/postgresqlconsumer_controller.go index 08c9b3c..2dc7f5a 100644 --- a/controllers/postgres/postgresqlconsumer_controller.go +++ b/controllers/postgres/postgresqlconsumer_controller.go @@ -339,52 +339,33 @@ func createDatabaseIfNotExist(provider postgresv1.PostgreSQLProviderSpec, consum case "azure": userName = strings.Split(consumer.Spec.Consumer.Username, "@") } - // @TODO: check the equivalent of of create if not exists - createDB := fmt.Sprintf("CREATE DATABASE \"%s\";", consumer.Spec.Consumer.Database) - _, err = db.Exec(createDB) - if err != nil { - return err - } + // @TODO: check the equivalent of of create if not exists createUser := fmt.Sprintf("CREATE USER \"%s\" WITH ENCRYPTED PASSWORD '%s';", userName[0], consumer.Spec.Consumer.Password) _, err = db.Exec(createUser) if err != nil { - // if user creation fails, drop the database that gets created - dropErr := dropDatabase(db, consumer.Spec.Consumer.Database) - if dropErr != nil { - return fmt.Errorf("unable drop database after failed user creation: %v", dropErr) - } return fmt.Errorf("unable to create user %s, dropped database %s: %v", consumer.Spec.Consumer.Username, consumer.Spec.Consumer.Database, err) } - grantUser := fmt.Sprintf("GRANT ALL PRIVILEGES ON DATABASE \"%s\" TO \"%s\";", consumer.Spec.Consumer.Database, userName[0]) - _, err = db.Exec(grantUser) + grantUserControl := fmt.Sprintf("GRANT \"%s\" TO \"%s\";", userName[0], provider.Username) + _, err = db.Exec(grantUserControl) if err != nil { - // if grants fails, drop the database and user that gets created - dropErr := dropDatabase(db, consumer.Spec.Consumer.Database) + dropErr := dropUser(db, consumer, provider) if dropErr != nil { - return fmt.Errorf("unable drop database after failed user grant: %v", dropErr) - } - dropErr = dropUser(db, consumer, provider) - if dropErr != nil { - return fmt.Errorf("unable drop user after failed user grant: %v", dropErr) + return fmt.Errorf("Unable drop user after failed ownership change: %v", dropErr) } - return fmt.Errorf("unable to grant user %s permissions on database %s: %v", userName[0], consumer.Spec.Consumer.Database, err) + return fmt.Errorf("Unable to grant user %s to provider : %v", userName[0], err) } - var changeOwner string - changeOwner = fmt.Sprintf("ALTER DATABASE \"%s\" OWNER TO \"%s\";", consumer.Spec.Consumer.Database, userName[0]) - _, err = db.Exec(changeOwner) + // @TODO: check the equivalent of of create if not exists + createDB := fmt.Sprintf("CREATE DATABASE \"%s\" OWNER \"%s\";", consumer.Spec.Consumer.Database, userName[0]) + _, err = db.Exec(createDB) if err != nil { - // if change ownership fails, drop the database and user that gets created - dropErr := dropDatabase(db, consumer.Spec.Consumer.Database) - if dropErr != nil { - return fmt.Errorf("Unable drop database after failed ownership change: %v", dropErr) - } - dropErr = dropUser(db, consumer, provider) + dropErr := dropUser(db, consumer, provider) if dropErr != nil { return fmt.Errorf("Unable drop user after failed ownership change: %v", dropErr) } - return fmt.Errorf("Unable to change owner of database %s to %s: %v", consumer.Spec.Consumer.Database, userName[0], err) + return fmt.Errorf("Unable to create database %s : %v", consumer.Spec.Consumer.Database, err) } + return nil } diff --git a/test-resources/Dockerfile.postgres b/test-resources/Dockerfile.postgres index cdd9507..eb10964 100644 --- a/test-resources/Dockerfile.postgres +++ b/test-resources/Dockerfile.postgres @@ -1,2 +1,2 @@ -FROM postgres:12.1 - +FROM postgres:15 +COPY postgres-init.sql ./docker-entrypoint-initdb.d diff --git a/test-resources/postgres-init.sql b/test-resources/postgres-init.sql new file mode 100644 index 0000000..8f6a2fd --- /dev/null +++ b/test-resources/postgres-init.sql @@ -0,0 +1,2 @@ +CREATE USER "root" WITH ENCRYPTED PASSWORD 'password' CREATEDB CREATEROLE; +ALTER DATABASE "postgres" OWNER TO "root"; diff --git a/test-resources/postgres/provider.yaml b/test-resources/postgres/provider.yaml index 9ca3f1e..4b81227 100644 --- a/test-resources/postgres/provider.yaml +++ b/test-resources/postgres/provider.yaml @@ -7,5 +7,4 @@ spec: hostname: postgres.172.17.0.1.nip.io password: password port: '5432' - user: postgres - + user: root