mirror of
https://github.com/cloudnative-pg/plugin-barman-cloud.git
synced 2026-01-11 21:23:12 +01:00
1be34fe13e
Adopt the new attribution information for contributions to CloudNativePG: ``` Copyright © contributors to CloudNativePG, established as CloudNativePG a Series of LF Projects, LLC. ``` Adopt the SPDX format for Apache License 2.0 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com> Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com> Co-authored-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
221 lines
6.2 KiB
Go
221 lines
6.2 KiB
Go
/*
|
|
Copyright © contributors to CloudNativePG, established as
|
|
CloudNativePG a Series of LF Projects, LLC.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
|
|
SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
package operator
|
|
|
|
import (
|
|
"context"
|
|
|
|
cnpgv1 "github.com/cloudnative-pg/cloudnative-pg/api/v1"
|
|
"github.com/cloudnative-pg/cnpg-i-machinery/pkg/pluginhelper/decoder"
|
|
"github.com/cloudnative-pg/cnpg-i-machinery/pkg/pluginhelper/object"
|
|
"github.com/cloudnative-pg/cnpg-i/pkg/reconciler"
|
|
"github.com/cloudnative-pg/machinery/pkg/log"
|
|
rbacv1 "k8s.io/api/rbac/v1"
|
|
"k8s.io/apimachinery/pkg/api/equality"
|
|
apierrs "k8s.io/apimachinery/pkg/api/errors"
|
|
"sigs.k8s.io/controller-runtime/pkg/client"
|
|
|
|
barmancloudv1 "github.com/cloudnative-pg/plugin-barman-cloud/api/v1"
|
|
"github.com/cloudnative-pg/plugin-barman-cloud/internal/cnpgi/operator/config"
|
|
"github.com/cloudnative-pg/plugin-barman-cloud/internal/cnpgi/operator/specs"
|
|
)
|
|
|
|
// ReconcilerImplementation implements the Reconciler capability
|
|
type ReconcilerImplementation struct {
|
|
Client client.Client
|
|
reconciler.UnimplementedReconcilerHooksServer
|
|
}
|
|
|
|
// GetCapabilities implements the Reconciler interface
|
|
func (r ReconcilerImplementation) GetCapabilities(
|
|
_ context.Context,
|
|
_ *reconciler.ReconcilerHooksCapabilitiesRequest,
|
|
) (*reconciler.ReconcilerHooksCapabilitiesResult, error) {
|
|
return &reconciler.ReconcilerHooksCapabilitiesResult{
|
|
ReconcilerCapabilities: []*reconciler.ReconcilerHooksCapability{
|
|
{
|
|
Kind: reconciler.ReconcilerHooksCapability_KIND_CLUSTER,
|
|
},
|
|
{
|
|
Kind: reconciler.ReconcilerHooksCapability_KIND_BACKUP,
|
|
},
|
|
},
|
|
}, nil
|
|
}
|
|
|
|
// Pre implements the reconciler interface
|
|
func (r ReconcilerImplementation) Pre(
|
|
ctx context.Context,
|
|
request *reconciler.ReconcilerHooksRequest,
|
|
) (*reconciler.ReconcilerHooksResult, error) {
|
|
contextLogger := log.FromContext(ctx)
|
|
contextLogger.Info("Pre hook reconciliation start")
|
|
reconciledKind, err := object.GetKind(request.GetResourceDefinition())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if reconciledKind != "Cluster" {
|
|
return &reconciler.ReconcilerHooksResult{
|
|
Behavior: reconciler.ReconcilerHooksResult_BEHAVIOR_CONTINUE,
|
|
}, nil
|
|
}
|
|
|
|
contextLogger.Debug("parsing cluster definition")
|
|
var cluster cnpgv1.Cluster
|
|
if err := decoder.DecodeObjectLenient(
|
|
request.GetResourceDefinition(),
|
|
&cluster,
|
|
); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
contextLogger = contextLogger.WithValues("name", cluster.Name, "namespace", cluster.Namespace)
|
|
ctx = log.IntoContext(ctx, contextLogger)
|
|
|
|
pluginConfiguration := config.NewFromCluster(&cluster)
|
|
|
|
contextLogger.Debug("parsing barman object configuration")
|
|
|
|
barmanObjects := make([]barmancloudv1.ObjectStore, 0, len(pluginConfiguration.GetReferredBarmanObjectsKey()))
|
|
for _, barmanObjectKey := range pluginConfiguration.GetReferredBarmanObjectsKey() {
|
|
var barmanObject barmancloudv1.ObjectStore
|
|
if err := r.Client.Get(ctx, barmanObjectKey, &barmanObject); err != nil {
|
|
if apierrs.IsNotFound(err) {
|
|
contextLogger.Info(
|
|
"barman object configuration not found, requeuing",
|
|
"name", barmanObjectKey.Name,
|
|
"namespace", barmanObjectKey.Namespace)
|
|
return &reconciler.ReconcilerHooksResult{
|
|
Behavior: reconciler.ReconcilerHooksResult_BEHAVIOR_REQUEUE,
|
|
}, nil
|
|
}
|
|
|
|
return nil, err
|
|
}
|
|
|
|
barmanObjects = append(barmanObjects, barmanObject)
|
|
}
|
|
|
|
if err := r.ensureRole(ctx, &cluster, barmanObjects); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if err := r.ensureRoleBinding(ctx, &cluster); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
contextLogger.Info("Pre hook reconciliation completed")
|
|
return &reconciler.ReconcilerHooksResult{
|
|
Behavior: reconciler.ReconcilerHooksResult_BEHAVIOR_CONTINUE,
|
|
}, nil
|
|
}
|
|
|
|
// Post implements the reconciler interface
|
|
func (r ReconcilerImplementation) Post(
|
|
_ context.Context,
|
|
_ *reconciler.ReconcilerHooksRequest,
|
|
) (*reconciler.ReconcilerHooksResult, error) {
|
|
return &reconciler.ReconcilerHooksResult{
|
|
Behavior: reconciler.ReconcilerHooksResult_BEHAVIOR_CONTINUE,
|
|
}, nil
|
|
}
|
|
|
|
func (r ReconcilerImplementation) ensureRole(
|
|
ctx context.Context,
|
|
cluster *cnpgv1.Cluster,
|
|
barmanObjects []barmancloudv1.ObjectStore,
|
|
) error {
|
|
contextLogger := log.FromContext(ctx)
|
|
newRole := specs.BuildRole(cluster, barmanObjects)
|
|
|
|
var role rbacv1.Role
|
|
if err := r.Client.Get(ctx, client.ObjectKey{
|
|
Namespace: newRole.Namespace,
|
|
Name: newRole.Name,
|
|
}, &role); err != nil {
|
|
if !apierrs.IsNotFound(err) {
|
|
return err
|
|
}
|
|
|
|
contextLogger.Info(
|
|
"Creating role",
|
|
"name", newRole.Name,
|
|
"namespace", newRole.Namespace,
|
|
)
|
|
|
|
if err := setOwnerReference(cluster, newRole); err != nil {
|
|
return err
|
|
}
|
|
|
|
return r.Client.Create(ctx, newRole)
|
|
}
|
|
|
|
if equality.Semantic.DeepEqual(newRole.Rules, role.Rules) {
|
|
// There's no need to hit the API server again
|
|
return nil
|
|
}
|
|
|
|
contextLogger.Info(
|
|
"Patching role",
|
|
"name", newRole.Name,
|
|
"namespace", newRole.Namespace,
|
|
"rules", newRole.Rules,
|
|
)
|
|
|
|
oldRole := role.DeepCopy()
|
|
|
|
// Apply to the role the new rules
|
|
role.Rules = newRole.Rules
|
|
|
|
// Push it back to the API server
|
|
return r.Client.Patch(ctx, &role, client.MergeFrom(oldRole))
|
|
}
|
|
|
|
func (r ReconcilerImplementation) ensureRoleBinding(
|
|
ctx context.Context,
|
|
cluster *cnpgv1.Cluster,
|
|
) error {
|
|
var role rbacv1.RoleBinding
|
|
if err := r.Client.Get(ctx, client.ObjectKey{
|
|
Namespace: cluster.Namespace,
|
|
Name: specs.GetRBACName(cluster.Name),
|
|
}, &role); err != nil {
|
|
if apierrs.IsNotFound(err) {
|
|
return r.createRoleBinding(ctx, cluster)
|
|
}
|
|
return err
|
|
}
|
|
|
|
// TODO: this assumes role bindings never change.
|
|
// Is that true? Should we relax this assumption?
|
|
return nil
|
|
}
|
|
|
|
func (r ReconcilerImplementation) createRoleBinding(
|
|
ctx context.Context,
|
|
cluster *cnpgv1.Cluster,
|
|
) error {
|
|
roleBinding := specs.BuildRoleBinding(cluster)
|
|
if err := setOwnerReference(cluster, roleBinding); err != nil {
|
|
return err
|
|
}
|
|
return r.Client.Create(ctx, roleBinding)
|
|
}
|