feat: Add support for replica urls (with bouncer supported)

oxyno-zeta · oxyno-zeta · commit b6e7c495a18d · 2024-04-10T13:33:45.000+02:00
diff --git a/api/postgresql/v1alpha1/postgresqlengineconfiguration_types.go b/api/postgresql/v1alpha1/postgresqlengineconfiguration_types.go
@@ -78,6 +78,12 @@ type UserConnections struct {
 	// Bouncer connection is referring to a pg bouncer node.
 	// +optional
 	BouncerConnection *GenericUserConnection `json:"bouncerConnection,omitempty"`
+	// Replica connections are referring to the replica nodes.
+	// +optional
+	ReplicaConnections []*GenericUserConnection `json:"replicaConnections,omitempty"`
+	// Replica Bouncer connections are referring to pg bouncer nodes.
+	// +optional
+	ReplicaBouncerConnections []*GenericUserConnection `json:"replicaBouncerConnections,omitempty"`
 }
 
 type GenericUserConnection struct {
diff --git a/api/postgresql/v1alpha1/zz_generated.deepcopy.go b/api/postgresql/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/postgresql.easymile.com_postgresqlengineconfigurations.yaml b/config/crd/bases/postgresql.easymile.com_postgresqlengineconfigurations.yaml
@@ -129,6 +129,44 @@ spec:
                     - host
                     - uriArgs
                     type: object
+                  replicaBouncerConnections:
+                    description: Replica Bouncer connections are referring to pg bouncer
+                      nodes.
+                    items:
+                      properties:
+                        host:
+                          description: Hostname
+                          type: string
+                        port:
+                          description: Port
+                          type: integer
+                        uriArgs:
+                          description: URI args like sslmode, ...
+                          type: string
+                      required:
+                      - host
+                      - uriArgs
+                      type: object
+                    type: array
+                  replicaConnections:
+                    description: Replica connections are referring to the replica
+                      nodes.
+                    items:
+                      properties:
+                        host:
+                          description: Hostname
+                          type: string
+                        port:
+                          description: Port
+                          type: integer
+                        uriArgs:
+                          description: URI args like sslmode, ...
+                          type: string
+                      required:
+                      - host
+                      - uriArgs
+                      type: object
+                    type: array
                 type: object
               waitLinkedResourcesDeletion:
                 description: Wait for linked resource to be deleted
diff --git a/config/samples/engineconfiguration/full-example.yaml b/config/samples/engineconfiguration/full-example.yaml
@@ -45,3 +45,16 @@ spec:
     #   host: localhost
     #   uriArgs: sslmode=disable
     #   port: 6432
+    # Replica connections are referring to the replica nodes.
+    # replicaConnections:
+    #   - host: localhost
+    #     uriArgs: sslmode=disable
+    #     port: 5433
+    #   - host: localhost
+    #     uriArgs: sslmode=disable
+    #     port: 5434
+    # Replica Bouncer connections are referring to pg bouncer nodes.
+    # replicaBouncerConnections:
+    #   - host: localhost
+    #     uriArgs: sslmode=disable
+    #     port: 6432
diff --git a/docs/crds/PostgresqlEngineConfiguration.md b/docs/crds/PostgresqlEngineConfiguration.md
@@ -40,10 +40,12 @@ All these names are available for `kubectl`:
 
 ### UserConnections
 
-| Field             | Description                                                                                                                              | Scheme                                          | Required |
-| ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | -------- |
-| primaryConnection | Primary connection is referring to the primary node connection. If not being set, all values will be set from spec (host, port, uriArgs) | [GenericUserConnection](#genericuserconnection) | false    |
-| bouncerConnection | Bouncer connection is referring to a pg bouncer node. The default port will be 6432 if other fields are filled but not port.             | [GenericUserConnection](#genericuserconnection) | false    |
+| Field                     | Description                                                                                                                              | Scheme                                            | Required |
+| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | -------- |
+| primaryConnection         | Primary connection is referring to the primary node connection. If not being set, all values will be set from spec (host, port, uriArgs) | [GenericUserConnection](#genericuserconnection)   | false    |
+| bouncerConnection         | Bouncer connection is referring to a pg bouncer node. The default port will be 6432 if other fields are filled but not port.             | [GenericUserConnection](#genericuserconnection)   | false    |
+| replicaConnections        | Replica connections are referring to the replica nodes. The default port will be 6432 if other fields are filled but not port.           | [[GenericUserConnection](#genericuserconnection)] | false    |
+| replicaBouncerConnections | Replica Bouncer connections are referring to pg bouncer nodes. The default port will be 6432 if other fields are filled but not port.    | [[GenericUserConnection](#genericuserconnection)] | false    |
 
 ### GenericUserConnection
 
diff --git a/docs/crds/PostgresqlUserRole.md b/docs/crds/PostgresqlUserRole.md
@@ -153,3 +153,31 @@ data:
   PORT: "5432"
   ARGS: sslmode=require
 ```
+
+Here is an example with replica:
+
+```yaml
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: managed-simple-rotation
+data:
+  ARGS: sslmode=disable
+  DATABASE: database1
+  HOST: localhost
+  LOGIN: fake-0
+  PASSWORD: password
+  PORT: "5432"
+  POSTGRES_URL: postgresql://fake-0:password@localhost:5432/database1
+  POSTGRES_URL_ARGS: postgresql://fake-0:password@localhost:5432/database1?sslmode=disable
+  REPLICA_0_ARGS: sslmode=disable
+  REPLICA_0_DATABASE: database1
+  REPLICA_0_HOST: localhost
+  REPLICA_0_LOGIN: fake-0
+  REPLICA_0_PASSWORD: password
+  REPLICA_0_PORT: "5432"
+  REPLICA_0_POSTGRES_URL: postgresql://fake-0:password@localhost:5432/database1
+  REPLICA_0_POSTGRES_URL_ARGS: postgresql://fake-0:password@localhost:5432/database1?sslmode=disable
+  # And so on, ... The numbers are the iteration number and so order in initial list.
+```
diff --git a/internal/controller/postgresql/postgresqlengineconfiguration_controller.go b/internal/controller/postgresql/postgresqlengineconfiguration_controller.go
@@ -317,6 +317,22 @@ func (*PostgresqlEngineConfigurationReconciler) addDefaultValues(instance *postg
 			instance.Spec.UserConnections.BouncerConnection.Port = DefaultBouncerPort
 		}
 	}
+
+	// Loop over replica connections
+	for _, item := range instance.Spec.UserConnections.ReplicaConnections {
+		// Check port
+		if item.Port == 0 {
+			item.Port = DefaultPGPort
+		}
+	}
+
+	// Loop over replica bouncer connections
+	for _, item := range instance.Spec.UserConnections.ReplicaBouncerConnections {
+		// Check port
+		if item.Port == 0 {
+			item.Port = DefaultBouncerPort
+		}
+	}
 }
 
 func (r *PostgresqlEngineConfigurationReconciler) manageError(
diff --git a/internal/controller/postgresql/postgresqluserrole_controller.go b/internal/controller/postgresql/postgresqluserrole_controller.go
@@ -53,6 +53,17 @@ const (
 	UsernameSecretKey                          = "USERNAME"
 	PasswordSecretKey                          = "PASSWORD"
 	ManagedPasswordSize                        = 15
+
+	SecretMainKeyPostgresURL     = "POSTGRES_URL"      //nolint:gosec // Nothing here
+	SecretMainKeyPostgresURLArgs = "POSTGRES_URL_ARGS" //nolint:gosec // Nothing here
+	SecretMainKeyPassword        = "PASSWORD"
+	SecretMainKeyLogin           = "LOGIN"
+	SecretMainKeyDatabase        = "DATABASE"
+	SecretMainKeyHost            = "HOST"
+	SecretMainKeyPort            = "PORT"
+	SecretMainKeyArgs            = "ARGS"
+
+	SecretKeyReplicaPrefix = "REPLICA"
 )
 
 // PostgresqlUserRoleReconciler reconciles a PostgresqlUserRole object.
@@ -513,6 +524,44 @@ func (r *PostgresqlUserRoleReconciler) newSecretForPGUser(
 
 	pgUserURL := postgres.TemplatePostgresqlURL(uc.Host, username, password, dbInstance.Status.Database, uc.Port)
 	pgUserURLWArgs := postgres.TemplatePostgresqlURLWithArgs(uc.Host, username, password, uc.URIArgs, dbInstance.Status.Database, uc.Port)
+
+	// Create secret data
+	data := map[string][]byte{
+		SecretMainKeyPostgresURL:     []byte(pgUserURL),
+		SecretMainKeyPostgresURLArgs: []byte(pgUserURLWArgs),
+		SecretMainKeyPassword:        []byte(password),
+		SecretMainKeyLogin:           []byte(username),
+		SecretMainKeyDatabase:        []byte(dbInstance.Status.Database),
+		SecretMainKeyHost:            []byte(uc.Host),
+		SecretMainKeyPort:            []byte(strconv.Itoa(uc.Port)),
+		SecretMainKeyArgs:            []byte(uc.URIArgs),
+	}
+
+	// Manage replica connections
+	// Prepare replica user connections
+	rucList := pgec.Spec.UserConnections.ReplicaConnections
+	// Check if it is a bouncer connection
+	if rolePrivilege.ConnectionType == v1alpha1.BouncerConnectionType {
+		rucList = pgec.Spec.UserConnections.ReplicaBouncerConnections
+	}
+	// Loop over list to inject in data replica data
+	for i, ruc := range rucList {
+		replicaPGUserURL := postgres.TemplatePostgresqlURL(ruc.Host, username, password, dbInstance.Status.Database, ruc.Port)
+		replicaPGUserURLWArgs := postgres.TemplatePostgresqlURLWithArgs(ruc.Host, username, password, ruc.URIArgs, dbInstance.Status.Database, ruc.Port)
+
+		// Build template
+		keyTemplate := SecretKeyReplicaPrefix + "_" + strconv.Itoa(i) + "_%s"
+		// Inject into data
+		data[fmt.Sprintf(keyTemplate, SecretMainKeyPostgresURL)] = []byte(replicaPGUserURL)
+		data[fmt.Sprintf(keyTemplate, SecretMainKeyPostgresURLArgs)] = []byte(replicaPGUserURLWArgs)
+		data[fmt.Sprintf(keyTemplate, SecretMainKeyPassword)] = []byte(password)
+		data[fmt.Sprintf(keyTemplate, SecretMainKeyLogin)] = []byte(username)
+		data[fmt.Sprintf(keyTemplate, SecretMainKeyDatabase)] = []byte(dbInstance.Status.Database)
+		data[fmt.Sprintf(keyTemplate, SecretMainKeyHost)] = []byte(ruc.Host)
+		data[fmt.Sprintf(keyTemplate, SecretMainKeyPort)] = []byte(strconv.Itoa(ruc.Port))
+		data[fmt.Sprintf(keyTemplate, SecretMainKeyArgs)] = []byte(ruc.URIArgs)
+	}
+
 	labels := map[string]string{
 		"app": instance.Name,
 	}
@@ -522,16 +571,7 @@ func (r *PostgresqlUserRoleReconciler) newSecretForPGUser(
 			Namespace: instance.Namespace,
 			Labels:    labels,
 		},
-		Data: map[string][]byte{
-			"POSTGRES_URL":      []byte(pgUserURL),
-			"POSTGRES_URL_ARGS": []byte(pgUserURLWArgs),
-			"PASSWORD":          []byte(password),
-			"LOGIN":             []byte(username),
-			"DATABASE":          []byte(dbInstance.Status.Database),
-			"HOST":              []byte(uc.Host),
-			"PORT":              []byte(strconv.Itoa(uc.Port)),
-			"ARGS":              []byte(uc.URIArgs),
-		},
+		Data: data,
 	}
 
 	// Set owner references
diff --git a/internal/controller/postgresql/postgresqluserrole_controller_test.go b/internal/controller/postgresql/postgresqluserrole_controller_test.go
diff --git a/internal/controller/postgresql/suite_test.go b/internal/controller/postgresql/suite_test.go
