zalando · FxKu · Feb 16, 2021 · Feb 4, 2021 · Feb 5, 2021 · Feb 8, 2021
@@ -49,7 +49,7 @@ var (
 type Config struct {
 	OpConfig                     config.Config
 	RestConfig                   *rest.Config
-	PgTeamMap                    pgteams.PostgresTeamMap
+	PgTeamMap                    *pgteams.PostgresTeamMap
 	InfrastructureRoles          map[string]spec.PgUser // inherited from the controller
 	PodServiceAccount            *v1.ServiceAccount
 	PodServiceAccountRoleBinding *rbacv1.RoleBinding
@@ -1143,8 +1143,8 @@ func (c *Cluster) initHumanUsers() error {
 	var clusterIsOwnedBySuperuserTeam bool
 	superuserTeams := []string{}
 
-	if c.OpConfig.EnablePostgresTeamCRDSuperusers {
-		superuserTeams = c.PgTeamMap.GetAdditionalSuperuserTeams(c.Spec.TeamID, true)
+	if c.OpConfig.EnablePostgresTeamCRD && c.OpConfig.EnablePostgresTeamCRDSuperusers && c.Config.PgTeamMap != nil {
+		superuserTeams = c.Config.PgTeamMap.GetAdditionalSuperuserTeams(c.Spec.TeamID, true)
 	}
 
 	for _, postgresSuperuserTeam := range c.OpConfig.PostgresSuperuserTeams {
@@ -1163,12 +1163,14 @@ func (c *Cluster) initHumanUsers() error {
 		}
 	}
 
-	additionalTeams := c.PgTeamMap.GetAdditionalTeams(c.Spec.TeamID, true)
-	for _, additionalTeam := range additionalTeams {
-		if !(util.SliceContains(superuserTeams, additionalTeam)) {
-			err := c.initTeamMembers(additionalTeam, false)
-			if err != nil {
-				return fmt.Errorf("Cannot initialize members for additional team %q for cluster owned by %q: %v", additionalTeam, c.Spec.TeamID, err)
+	if c.OpConfig.EnablePostgresTeamCRD && c.Config.PgTeamMap != nil {
+		additionalTeams := c.Config.PgTeamMap.GetAdditionalTeams(c.Spec.TeamID, true)
+		for _, additionalTeam := range additionalTeams {
+			if !(util.SliceContains(superuserTeams, additionalTeam)) {
+				err := c.initTeamMembers(additionalTeam, false)
+				if err != nil {
+					return fmt.Errorf("Cannot initialize members for additional team %q for cluster owned by %q: %v", additionalTeam, c.Spec.TeamID, err)
+				}
 			}
 		}
 	}

@@ -240,14 +240,23 @@ func (c *Cluster) getTeamMembers(teamID string) ([]string, error) {
 
 	c.logger.Debugf("fetching possible additional team members for team %q", teamID)
 	members := []string{}
-	additionalMembers := c.PgTeamMap[teamID].AdditionalMembers
-	for _, member := range additionalMembers {
-		members = append(members, member)
-	}
+	additionalMembers := []string{}
 
-	if !c.OpConfig.EnableTeamsAPI {
-		c.logger.Debugf("team API is disabled, only returning %d members for team %q", len(members), teamID)
-		return members, nil
+	if c.OpConfig.EnablePostgresTeamCRD && c.Config.PgTeamMap != nil {
+		for team, membership := range *c.Config.PgTeamMap {
+			if team == teamID {
+				additionalMembers = membership.AdditionalMembers
+			}
+		}
+
+		for _, member := range additionalMembers {
+			members = append(members, member)
+		}
+
+		if !c.OpConfig.EnableTeamsAPI {
+			c.logger.Debugf("team API is disabled, only returning %d members for team %q", len(members), teamID)
+			return members, nil
+		}
 	}
 
 	token, err := c.oauthTokenGetter.getOAuthToken()

@@ -329,10 +329,9 @@ func (c *Controller) initController() {
 
 	c.initSharedInformers()
 
+	c.pgTeamMap = teams.PostgresTeamMap{}
 	if c.opConfig.EnablePostgresTeamCRD {
 		c.loadPostgresTeams()
-	} else {
-		c.pgTeamMap = teams.PostgresTeamMap{}
 	}
 
 	if c.opConfig.DebugLogging {

@@ -15,7 +15,6 @@ import (
 	acidv1 "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do/v1"
 	"github.com/zalando/postgres-operator/pkg/cluster"
 	"github.com/zalando/postgres-operator/pkg/spec"
-	"github.com/zalando/postgres-operator/pkg/teams"
 	"github.com/zalando/postgres-operator/pkg/util"
 	"github.com/zalando/postgres-operator/pkg/util/config"
 	"github.com/zalando/postgres-operator/pkg/util/k8sutil"
@@ -31,7 +30,7 @@ func (c *Controller) makeClusterConfig() cluster.Config {
 	return cluster.Config{
 		RestConfig:          c.config.RestConfig,
 		OpConfig:            config.Copy(c.opConfig),
-		PgTeamMap:           c.pgTeamMap,
+		PgTeamMap:           &c.pgTeamMap,
 		InfrastructureRoles: infrastructureRoles,
 		PodServiceAccount:   c.PodServiceAccount,
 	}
@@ -395,9 +394,6 @@ func (c *Controller) getInfrastructureRole(
 }
 
 func (c *Controller) loadPostgresTeams() {
-	// reset team map
-	c.pgTeamMap = teams.PostgresTeamMap{}
-
 	pgTeams, err := c.KubeClient.PostgresTeamsGetter.PostgresTeams(c.opConfig.WatchedNamespace).List(context.TODO(), metav1.ListOptions{})
 	if err != nil {
 		c.logger.Errorf("could not list postgres team objects: %v", err)

@@ -6,7 +6,7 @@ import (
 )
 
 // PostgresTeamMap is the operator's internal representation of all PostgresTeam CRDs
-type PostgresTeamMap map[string]postgresTeamMembership
+type PostgresTeamMap map[string]*postgresTeamMembership
 
 type postgresTeamMembership struct {
 	AdditionalSuperuserTeams []string
@@ -94,6 +94,9 @@ func (ptm *PostgresTeamMap) GetAdditionalSuperuserTeams(team string, transitive
 
 // Load function to import data from PostgresTeam CRD
 func (ptm *PostgresTeamMap) Load(pgTeams *acidv1.PostgresTeamList) {
+	var emptyTeamMap = make(PostgresTeamMap, 0)
+	*ptm = emptyTeamMap
+
 	superuserTeamSet := teamHashSet{}
 	teamSet := teamHashSet{}
 	teamMemberSet := teamHashSet{}
@@ -109,7 +112,7 @@ func (ptm *PostgresTeamMap) Load(pgTeams *acidv1.PostgresTeamList) {
 	fetchTeams(&teamIDs, teamMemberSet)
 
 	for teamID := range teamIDs {
-		(*ptm)[teamID] = postgresTeamMembership{
+		(*ptm)[teamID] = &postgresTeamMembership{
 			AdditionalSuperuserTeams: util.CoalesceStrArr(superuserTeamSet.toMap()[teamID], []string{}),
 			AdditionalTeams:          util.CoalesceStrArr(teamSet.toMap()[teamID], []string{}),
 			AdditionalMembers:        util.CoalesceStrArr(teamMemberSet.toMap()[teamID], []string{}),

@@ -46,9 +46,36 @@ var (
 			},
 		},
 	}
+	pgTeamMap = PostgresTeamMap{
+		"teamA": {
+			AdditionalSuperuserTeams: []string{"teamB", "team24x7"},
+			AdditionalTeams:          []string{"teamC"},
+			AdditionalMembers:        []string{},
+		},
+		"teamB": {
+			AdditionalSuperuserTeams: []string{"teamA", "teamC", "team24x7"},
+			AdditionalTeams:          []string{},
+			AdditionalMembers:        []string{"drno"},
+		},
+		"teamC": {
+			AdditionalSuperuserTeams: []string{"team24x7"},
+			AdditionalTeams:          []string{"teamA", "teamB", "acid"},
+			AdditionalMembers:        []string{},
+		},
+		"team24x7": {
+			AdditionalSuperuserTeams: []string{},
+			AdditionalTeams:          []string{},
+			AdditionalMembers:        []string{"optimusprime"},
+		},
+		"acid": {
+			AdditionalSuperuserTeams: []string{},
+			AdditionalTeams:          []string{},
+			AdditionalMembers:        []string{"batman"},
+		},
+	}
 )
 
-// PostgresTeamMap is the operator's internal representation of all PostgresTeam CRDs
+// TestLoadingPostgresTeamCRD PostgresTeamMap is the operator's internal representation of all PostgresTeam CRDs
 func TestLoadingPostgresTeamCRD(t *testing.T) {
 	tests := []struct {
 		name  string
@@ -59,33 +86,7 @@ func TestLoadingPostgresTeamCRD(t *testing.T) {
 		{
 			"Check that CRD is imported correctly into the internal format",
 			pgTeamList,
-			PostgresTeamMap{
-				"teamA": {
-					AdditionalSuperuserTeams: []string{"teamB", "team24x7"},
-					AdditionalTeams:          []string{"teamC"},
-					AdditionalMembers:        []string{},
-				},
-				"teamB": {
-					AdditionalSuperuserTeams: []string{"teamA", "teamC", "team24x7"},
-					AdditionalTeams:          []string{},
-					AdditionalMembers:        []string{"drno"},
-				},
-				"teamC": {
-					AdditionalSuperuserTeams: []string{"team24x7"},
-					AdditionalTeams:          []string{"teamA", "teamB", "acid"},
-					AdditionalMembers:        []string{},
-				},
-				"team24x7": {
-					AdditionalSuperuserTeams: []string{},
-					AdditionalTeams:          []string{},
-					AdditionalMembers:        []string{"optimusprime"},
-				},
-				"acid": {
-					AdditionalSuperuserTeams: []string{},
-					AdditionalTeams:          []string{},
-					AdditionalMembers:        []string{"batman"},
-				},
-			},
+			pgTeamMap,
 			"Mismatch between PostgresTeam CRD and internal map",
 		},
 	}