add ability to merge in uri args

halkeye · halkeye · commit 410609ecabca · 2024-11-02T20:57:22.000-07:00
diff --git a/README.md b/README.md
@@ -168,6 +168,7 @@ Every PostgresUser has a generated Kubernetes secret attached to it, which conta
 |----------------------|---------------------|
 | `DATABASE_NAME`      | Name of the database, same as in `Postgres` CR, copied for convenience |
 | `HOST`               | PostgreSQL server host |
+| `URI_ARGS`           | URI Args, same as in `Postgres` CR, copied for convenience |
 | `PASSWORD`           | Autogenerated password for user |
 | `ROLE`               | Autogenerated role with login enabled (user) |
 | `LOGIN`              | Same as `ROLE`. In case `POSTGRES_CLOUD_PROVIDER` is set to "Azure", `LOGIN` it will be set to `{role}@{serverName}`, serverName is extracted from `POSTGRES_USER` from operator's config. |
@@ -202,6 +203,10 @@ Available context:
 | `.Database`   | Referenced database name   |
 | `.Password`   | Generated role password    |
 
+| Functions      | Meaning                                                           |
+|----------------|-------------------------------------------------------------------|
+| `mergeUriArgs` | Merge any provided uri args with any set in the `Postgres` CR     |
+
 ### Contribution
 
 You can contribute to this project by opening a PR to merge to `master`, or one of the `vX.X.X` branches.
diff --git a/pkg/controller/postgresuser/postgresuser_controller.go b/pkg/controller/postgresuser/postgresuser_controller.go
@@ -5,15 +5,10 @@ import (
 	"context"
 	goerr "errors"
 	"fmt"
+	"net/url"
 	"text/template"
 
-	"github.com/movetokube/postgres-operator/pkg/config"
-
 	"github.com/go-logr/logr"
-	dbv1alpha1 "github.com/movetokube/postgres-operator/pkg/apis/db/v1alpha1"
-	"github.com/movetokube/postgres-operator/pkg/postgres"
-	"github.com/movetokube/postgres-operator/pkg/utils"
-
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -27,6 +22,11 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 	"sigs.k8s.io/controller-runtime/pkg/source"
+
+	dbv1alpha1 "github.com/movetokube/postgres-operator/pkg/apis/db/v1alpha1"
+	"github.com/movetokube/postgres-operator/pkg/config"
+	"github.com/movetokube/postgres-operator/pkg/postgres"
+	"github.com/movetokube/postgres-operator/pkg/utils"
 )
 
 var log = logf.Log.WithName("controller_postgresuser")
@@ -55,6 +55,7 @@ func newReconciler(mgr manager.Manager) reconcile.Reconciler {
 		scheme:         mgr.GetScheme(),
 		pg:             pg,
 		pgHost:         c.PostgresHost,
+		pgUriArgs:      c.PostgresUriArgs,
 		pgPort:         c.PostgresPort,
 		instanceFilter: c.AnnotationFilter,
 		keepSecretName: c.KeepSecretName,
@@ -102,6 +103,7 @@ type ReconcilePostgresUser struct {
 	pg             postgres.PG
 	pgHost         string
 	pgPort         uint32
+	pgUriArgs      string
 	instanceFilter string
 	keepSecretName bool // use secret name as defined in PostgresUserSpec
 }
@@ -299,6 +301,7 @@ func (r *ReconcilePostgresUser) newSecretForCR(cr *dbv1alpha1.PostgresUser, role
 		Host:       fmt.Sprintf("%s:%d", r.pgHost, r.pgPort),
 		HostNoPort: r.pgHost,
 		Port:       r.pgPort,
+		UriArgs:    r.pgUriArgs,
 		Login:      login,
 		Database:   cr.Status.DatabaseName,
 		Password:   password,
@@ -312,6 +315,7 @@ func (r *ReconcilePostgresUser) newSecretForCR(cr *dbv1alpha1.PostgresUser, role
 		"POSTGRES_JDBC_URL":   []byte(pgJDBCUrl),
 		"POSTGRES_DOTNET_URL": []byte(pgDotnetUrl),
 		"HOST":                []byte(fmt.Sprintf("%s:%d", r.pgHost, r.pgPort)),
+		"URI_ARGS":            []byte(r.pgUriArgs),
 		"DATABASE_NAME":       []byte(cr.Status.DatabaseName),
 		"ROLE":                []byte(role),
 		"PASSWORD":            []byte(password),
@@ -393,6 +397,7 @@ type templateContext struct {
 	Login      string
 	Database   string
 	Password   string
+	UriArgs    string
 }
 
 func renderTemplate(data map[string]string, tc templateContext) (map[string][]byte, error) {
@@ -401,7 +406,27 @@ func renderTemplate(data map[string]string, tc templateContext) (map[string][]by
 	}
 	var out = make(map[string][]byte, len(data))
 	for key, templ := range data {
-		parsed, err := template.New("").Parse(templ)
+		tmplObj := template.New("")
+		tmplObj.Funcs(template.FuncMap{
+			"mergeUriArgs": func(uriArgs string) (string, error) {
+				inputArgs, err := url.ParseQuery(uriArgs)
+				if err != nil {
+					return uriArgs, fmt.Errorf("unable to parse input uri args: %w", err)
+				}
+
+				pgArgs, err := url.ParseQuery(tc.UriArgs)
+				if err != nil {
+					return uriArgs, fmt.Errorf("unable to parse pg uri args: %w", err)
+				}
+
+				for argName, values := range pgArgs {
+					inputArgs.Set(argName, values[0])
+				}
+
+				return inputArgs.Encode(), nil
+			},
+		})
+		parsed, err := tmplObj.Parse(templ)
 		if err != nil {
 			return nil, fmt.Errorf("parse template %q: %w", key, err)
 		}
diff --git a/pkg/controller/postgresuser/postgresuser_controller_test.go b/pkg/controller/postgresuser/postgresuser_controller_test.go
@@ -20,8 +20,9 @@ func assertEqual(t *testing.T, a interface{}, b interface{}) {
 
 func TestReconcilePostgresUser_newSecretForCR(t *testing.T) {
 	rpu := &ReconcilePostgresUser{
-		pgHost: "localhost",
-		pgPort: 5432,
+		pgHost:    "localhost",
+		pgPort:    5432,
+		pgUriArgs: "sslmode=disable",
 	}
 
 	cr := &dbv1alpha1.PostgresUser{
@@ -30,7 +31,9 @@ func TestReconcilePostgresUser_newSecretForCR(t *testing.T) {
 		},
 		Spec: dbv1alpha1.PostgresUserSpec{
 			SecretTemplate: map[string]string{
-				"all": "host={{.Host}} host_no_port={{.HostNoPort}} port={{.Port}} user={{.Role}} login={{.Login}} password={{.Password}} dbname={{.Database}}",
+				"all":                      "host={{.Host}} host_no_port={{.HostNoPort}} port={{.Port}} user={{.Role}} login={{.Login}} password={{.Password}} dbname={{.Database}}",
+				"uriArgsFilter":            `postgres://foobar?{{ "sslmode=no-verify" | mergeUriArgs }}`,
+				"uriArgsFilterEmptyString": `postgres://foobar?{{ "" | mergeUriArgs }}`,
 			},
 		},
 	}
@@ -46,5 +49,8 @@ func TestReconcilePostgresUser_newSecretForCR(t *testing.T) {
 
 	// keep old behavior of merging host and port
 	assertEqual(t, string(secret.Data["HOST"]), "localhost:5432")
+	assertEqual(t, string(secret.Data["URI_ARGS"]), "sslmode=disable")
 	assertEqual(t, string(secret.Data["all"]), "host=localhost:5432 host_no_port=localhost port=5432 user=role login=login password=password dbname=dbname")
+	assertEqual(t, string(secret.Data["uriArgsFilter"]), "postgres://foobar?sslmode=disable")
+	assertEqual(t, string(secret.Data["uriArgsFilterEmptyString"]), "postgres://foobar?sslmode=disable")
 }
