Skip to content

Commit 5cd08ee

Browse files
tkcontianttkcontiant
committed
reoslve conflicts after rebase
1 parent 68d34fb commit 5cd08ee

File tree

1 file changed

+52
-0
lines changed

1 file changed

+52
-0
lines changed

internal/controller/postgresuser_controller.go

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -258,6 +258,58 @@ func (r *PostgresUserReconciler) Reconcile(ctx context.Context, req ctrl.Request
258258
}
259259
} else if awsIamRequested {
260260
reqLogger.WithValues("role", role).Info("IAM Auth requested while we are not running with AWS cloud provider config")
261+
262+
// Reconcile logic for changes in group membership
263+
// This is only applicable if user role is already created
264+
// and privileges are changed in spec
265+
if instance.Status.PostgresRole != "" {
266+
267+
// We need to get the Postgres CR to get the group role name
268+
database, err := r.getPostgresCR(ctx, instance)
269+
if err != nil {
270+
return r.requeue(ctx, instance, errors.NewInternalError(err))
271+
}
272+
273+
// Determine desired group role
274+
var desiredGroup string
275+
switch instance.Spec.Privileges {
276+
case "READ":
277+
desiredGroup = database.Status.Roles.Reader
278+
case "WRITE":
279+
desiredGroup = database.Status.Roles.Writer
280+
default:
281+
desiredGroup = database.Status.Roles.Owner
282+
}
283+
284+
currentGroup := instance.Status.PostgresGroup
285+
if desiredGroup != "" && currentGroup != desiredGroup {
286+
287+
// Remove the old group membership if present
288+
if currentGroup != "" {
289+
err = r.pg.RevokeRole(currentGroup, role)
290+
if err != nil {
291+
return r.requeue(ctx, instance, errors.NewInternalError(err))
292+
}
293+
}
294+
295+
// Grant the new group role
296+
err = r.pg.GrantRole(desiredGroup, role)
297+
if err != nil {
298+
return r.requeue(ctx, instance, errors.NewInternalError(err))
299+
}
300+
301+
// Ensure objects created by the user are owned by the new group
302+
err = r.pg.AlterDefaultLoginRole(role, desiredGroup)
303+
if err != nil {
304+
return r.requeue(ctx, instance, errors.NewInternalError(err))
305+
}
306+
307+
instance.Status.PostgresGroup = desiredGroup
308+
err = r.Status().Update(ctx, instance)
309+
if err != nil {
310+
return r.requeue(ctx, instance, err)
311+
}
312+
}
261313
}
262314

263315
err = r.addFinalizer(ctx, reqLogger, instance)

0 commit comments

Comments
 (0)