Documentation
¶
Overview ¶
Package roles contains the code needed to reconcile roles with PostgreSQL
Index ¶
- func Create(ctx context.Context, db *sql.DB, role DatabaseRole) error
- func Delete(ctx context.Context, db *sql.DB, role DatabaseRole) error
- func GetLastTransactionID(ctx context.Context, db *sql.DB, role DatabaseRole) (int64, error)
- func GetParentRoles(ctx context.Context, db *sql.DB, role DatabaseRole) ([]string, error)
- func Reconcile(ctx context.Context, instance *postgres.Instance, cluster *apiv1.Cluster, ...) (reconcile.Result, error)
- func Update(ctx context.Context, db *sql.DB, role DatabaseRole) error
- func UpdateComment(ctx context.Context, db *sql.DB, role DatabaseRole) error
- func UpdateMembership(ctx context.Context, db *sql.DB, role DatabaseRole, rolesToGrant []string, ...) error
- type DatabaseRole
- type RoleError
- type RoleSynchronizer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Create ¶ added in v1.23.6
Create the role TODO: do we give the role any database-level permissions?
func GetLastTransactionID ¶ added in v1.23.6
GetLastTransactionID get the last xmin for the role, to help keep track of whether the role has been changed in on the Database since last reconciliation
func GetParentRoles ¶ added in v1.23.6
GetParentRoles get the in roles of this role
func Reconcile ¶
func Reconcile( ctx context.Context, instance *postgres.Instance, cluster *apiv1.Cluster, c client.Client, ) (reconcile.Result, error)
Reconcile triggers reconciliation of managed roles, gets their status, and updates it into the cluster Status
func UpdateComment ¶ added in v1.23.6
UpdateComment of the role
func UpdateMembership ¶ added in v1.23.6
func UpdateMembership( ctx context.Context, db *sql.DB, role DatabaseRole, rolesToGrant []string, rolesToRevoke []string, ) error
UpdateMembership of the role
IMPORTANT: the various REVOKE and GRANT commands that may be required to reconcile the role will be done in a single transaction. So, if any one of them fails, the role will not get updated
Types ¶
type DatabaseRole ¶
type DatabaseRole struct {
Name string `json:"name"`
Comment string `json:"comment,omitempty"`
Superuser bool `json:"superuser,omitempty"`
CreateDB bool `json:"createdb,omitempty"`
CreateRole bool `json:"createrole,omitempty"`
Inherit bool `json:"inherit,omitempty"` // defaults to true
Login bool `json:"login,omitempty"`
Replication bool `json:"replication,omitempty"`
BypassRLS bool `json:"bypassrls,omitempty"` // Row-Level Security
ConnectionLimit int64 `json:"connectionLimit,omitempty"` // default is -1
ValidUntil pgtype.Timestamp `json:"validUntil,omitempty"`
InRoles []string `json:"inRoles,omitempty"`
// contains filtered or unexported fields
}
DatabaseRole represents the role information read from / written to the Database The password management in the apiv1.RoleConfiguration assumes the use of Secrets, so cannot cleanly be mapped to Postgres
type RoleError ¶
RoleError is an EXPECTABLE error when performing role-related actions on the database. For example, we might try to drop a role that owns objects.
RoleError is NOT meant to represent unexpected errors such as a panic or a connection interruption
type RoleSynchronizer ¶
type RoleSynchronizer struct {
// contains filtered or unexported fields
}
A RoleSynchronizer is a Kubernetes manager.Runnable that makes sure the Roles in the PostgreSQL databases are in sync with the spec
c.f. https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/manager#Runnable
func NewRoleSynchronizer ¶
func NewRoleSynchronizer(instance *postgres.Instance, client client.Client) *RoleSynchronizer
NewRoleSynchronizer creates a new RoleSynchronizer
Source Files