diff --git a/internal/controller/postgrescluster/postgres.go b/internal/controller/postgrescluster/postgres.go index c0660b970..6414fdedf 100644 --- a/internal/controller/postgrescluster/postgres.go +++ b/internal/controller/postgrescluster/postgres.go @@ -379,10 +379,9 @@ func (r *Reconciler) reconcilePostgresUserSecrets( r.Recorder.Event(cluster, corev1.EventTypeWarning, "InvalidUser", allErrors.ToAggregate().Error()) } else { - identifier := v1beta1.PostgresIdentifier(cluster.Name) specUsers = []v1beta1.PostgresUserSpec{{ - Name: identifier, - Databases: []v1beta1.PostgresIdentifier{identifier}, + Name: cluster.Name, + Databases: []string{cluster.Name}, }} } } diff --git a/internal/controller/postgrescluster/postgres_test.go b/internal/controller/postgrescluster/postgres_test.go index 5395b6f95..a6966fc80 100644 --- a/internal/controller/postgrescluster/postgres_test.go +++ b/internal/controller/postgrescluster/postgres_test.go @@ -163,7 +163,7 @@ func TestGeneratePostgresUserSecret(t *testing.T) { } // Present when specified. - spec.Databases = []v1beta1.PostgresIdentifier{"db1"} + spec.Databases = []string{"db1"} secret, err = reconciler.generatePostgresUserSecret(cluster, &spec, nil) assert.NilError(t, err) @@ -180,7 +180,7 @@ func TestGeneratePostgresUserSecret(t *testing.T) { } // Only the first in the list. - spec.Databases = []v1beta1.PostgresIdentifier{"first", "asdf"} + spec.Databases = []string{"first", "asdf"} secret, err = reconciler.generatePostgresUserSecret(cluster, &spec, nil) assert.NilError(t, err) @@ -214,7 +214,7 @@ func TestGeneratePostgresUserSecret(t *testing.T) { // Includes a URI when possible. spec := *spec - spec.Databases = []v1beta1.PostgresIdentifier{"yes", "no"} + spec.Databases = []string{"yes", "no"} secret, err = reconciler.generatePostgresUserSecret(cluster, &spec, nil) assert.NilError(t, err) diff --git a/internal/pgadmin/users_test.go b/internal/pgadmin/users_test.go index 17bec2320..4dba70f81 100644 --- a/internal/pgadmin/users_test.go +++ b/internal/pgadmin/users_test.go @@ -235,7 +235,7 @@ with create_app().app_context(): []v1beta1.PostgresUserSpec{ { Name: "user-no-options", - Databases: []v1beta1.PostgresIdentifier{"db1"}, + Databases: []string{"db1"}, }, { Name: "user-no-databases", diff --git a/internal/postgres/users_test.go b/internal/postgres/users_test.go index 63ac8c482..cd768bd07 100644 --- a/internal/postgres/users_test.go +++ b/internal/postgres/users_test.go @@ -131,7 +131,7 @@ COMMIT;`)) []v1beta1.PostgresUserSpec{ { Name: "user-no-options", - Databases: []v1beta1.PostgresIdentifier{"db1"}, + Databases: []string{"db1"}, }, { Name: "user-no-databases", @@ -175,7 +175,7 @@ COMMIT;`)) []v1beta1.PostgresUserSpec{ { Name: "postgres", - Databases: []v1beta1.PostgresIdentifier{"all", "ignored"}, + Databases: []string{"all", "ignored"}, Options: "NOLOGIN CONNECTION LIMIT 0", }, }, @@ -213,18 +213,18 @@ func TestWriteUsersSchemasInPostgreSQL(t *testing.T) { []v1beta1.PostgresUserSpec{ { Name: "user-single-db", - Databases: []v1beta1.PostgresIdentifier{"db1"}, + Databases: []string{"db1"}, }, { Name: "user-no-databases", }, { Name: "user-multi-dbs", - Databases: []v1beta1.PostgresIdentifier{"db1", "db2"}, + Databases: []string{"db1", "db2"}, }, { Name: "public", - Databases: []v1beta1.PostgresIdentifier{"db3"}, + Databases: []string{"db3"}, }, }, )) diff --git a/pkg/apis/postgres-operator.crunchydata.com/v1beta1/postgres_types.go b/pkg/apis/postgres-operator.crunchydata.com/v1beta1/postgres_types.go index cb6948166..44252478a 100644 --- a/pkg/apis/postgres-operator.crunchydata.com/v1beta1/postgres_types.go +++ b/pkg/apis/postgres-operator.crunchydata.com/v1beta1/postgres_types.go @@ -6,10 +6,10 @@ package v1beta1 // PostgreSQL identifiers are limited in length but may contain any character. // More info: https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-IDENTIFIERS -// +// --- // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=63 -type PostgresIdentifier string +type PostgresIdentifier = string type PostgresPasswordSpec struct { // Type of password to generate. Defaults to ASCII. Valid options are ASCII @@ -23,6 +23,7 @@ type PostgresPasswordSpec struct { // // +kubebuilder:default=ASCII // +kubebuilder:validation:Enum={ASCII,AlphaNumeric} + // +required Type string `json:"type"` } @@ -33,20 +34,21 @@ const ( ) type PostgresUserSpec struct { - + // The name of this PostgreSQL user. The value may contain only lowercase + // letters, numbers, and hyphen so that it fits into Kubernetes metadata. + // --- // This value goes into the name of a corev1.Secret and a label value, so // it must match both IsDNS1123Subdomain and IsValidLabelValue. The pattern // below is IsDNS1123Subdomain without any dots, U+002E. - - // The name of this PostgreSQL user. The value may contain only lowercase - // letters, numbers, and hyphen so that it fits into Kubernetes metadata. + // // +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` - // +kubebuilder:validation:Type=string + // +required Name PostgresIdentifier `json:"name"` // Databases to which this user can connect and create objects. Removing a // database from this list does NOT revoke access. This field is ignored for // the "postgres" user. + // --- // +listType=set // +optional Databases []PostgresIdentifier `json:"databases,omitempty"` @@ -54,6 +56,7 @@ type PostgresUserSpec struct { // ALTER ROLE options except for PASSWORD. This field is ignored for the // "postgres" user. // More info: https://www.postgresql.org/docs/current/role-attributes.html + // --- // +kubebuilder:validation:MaxLength=200 // +kubebuilder:validation:Pattern=`^[^;]*$` // +kubebuilder:validation:XValidation:rule=`!self.matches("(?i:PASSWORD)")`,message="cannot assign password" @@ -62,6 +65,7 @@ type PostgresUserSpec struct { Options string `json:"options,omitempty"` // Properties of the password generated for this user. + // --- // +optional Password *PostgresPasswordSpec `json:"password,omitempty"` }