util

package
v4.5.3+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 1, 2021 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source
const (
	BackrestRepoDeploymentName = "%s-backrest-shared-repo"
	BackrestRepoServiceName    = "%s-backrest-shared-repo"
	BackrestRepoPVCName        = "%s-pgbr-repo"
	BackrestRepoSecretName     = "%s-backrest-repo-config"
)
View Source
const (
	// CloneParameterBackrestPVCSize is the parameter name for the Backrest PVC
	// size parameter
	CloneParameterBackrestPVCSize = "backrestPVCSize"
	// CloneParameterEnableMetrics if set to true, enables metrics collection in
	// a newly created cluster
	CloneParameterEnableMetrics = "enableMetrics"
	// CloneParameterPVCSize is the parameter name for the PVC parameter for
	// primary and replicas
	CloneParameterPVCSize = "pvcSize"
)
View Source
const (
	// DefaultGeneratedPasswordLength is the length of what a generated password
	// is if it's not set in the pgo.yaml file, and to create some semblance of
	// consistency
	DefaultGeneratedPasswordLength = 24
	// DefaultPasswordValidUntilDays is the number of days until a PostgreSQL user's
	// password expires. If it is not set in the pgo.yaml file, we will use a
	// default of "0" which means that a password will never expire
	DefaultPasswordValidUntilDays = 0
)
View Source
const (
	// three of these are exported, as they are used to help add the information
	// into the templates. Say the last one 10 times fast
	BackRestRepoSecretKeyAWSS3KeyAWSS3CACert    = "aws-s3-ca.crt"
	BackRestRepoSecretKeyAWSS3KeyAWSS3Key       = "aws-s3-key"
	BackRestRepoSecretKeyAWSS3KeyAWSS3KeySecret = "aws-s3-key-secret"
)

values for the keys used to access the pgBackRest repository Secret

View Source
const (
	// SQLValidUntilAlways uses a special PostgreSQL value to ensure a password
	// is always valid
	SQLValidUntilAlways = "infinity"
	// SQLValidUntilNever uses a special PostgreSQL value to ensure a password
	// is never valid. This is exportable and used in other places
	SQLValidUntilNever = "-infinity"
)
View Source
const UserSecretFormat = "%s-%s" + crv1.UserSecretSuffix

UserSecretFormat follows the pattern of how the user information is stored, which is "<clusteRName>-<userName>-secret"

Variables

View Source
var (
	// ErrMissingConfigAnnotation represents an error thrown when the 'config' annotation is found
	// to be missing from the 'config' configMap created to store cluster-wide configuration
	ErrMissingConfigAnnotation error = errors.New("'config' annotation missing from cluster " +
		"configutation")
)

Functions

func CreateBackrestRepoSecrets

func CreateBackrestRepoSecrets(clientset kubernetes.Interface,
	backrestRepoConfig BackrestRepoConfig) error

CreateBackrestRepoSecrets creates the secrets required to manage the pgBackRest repo container

func CreateSecret

func CreateSecret(clientset kubernetes.Interface, db, secretName, username, password, namespace string) error

CreateSecret create the secret, user, and primary secrets

func CreateUserSecret

func CreateUserSecret(clientset kubernetes.Interface, clustername, username, password, namespace string) error

CreateUserSecret will create a new secret holding a user credential

func CurrentPrimaryUpdate

func CurrentPrimaryUpdate(clientset pgo.Interface, cluster *crv1.Pgcluster, currentPrimary, namespace string) error

CurrentPrimaryUpdate prepares the needed data structures with the correct current primary value before passing them along to be patched into the current pgcluster CRD's annotations

func ExecPolicy

func ExecPolicy(clientset kubeapi.Interface, restconfig *rest.Config, namespace, policyName, serviceName, port string) error

ExecPolicy execute a sql policy against a cluster

func GeneratePassword

func GeneratePassword(length int) (string, error)

GeneratePassword generates a password of a given length out of the acceptable ASCII characters suitable for a password

func GeneratePgBouncerConfigMapName

func GeneratePgBouncerConfigMapName(clusterName string) string

GeneratePgBouncerConfigMapName generates the name of the configmap file associated with the pgBouncer Deployment

func GeneratePgBouncerSecretName

func GeneratePgBouncerSecretName(clusterName string) string

GeneratePgBouncerSecretName returns the name of the secret that contains information around a pgBouncer deployment

func GeneratePgBouncerUsersFileBytes

func GeneratePgBouncerUsersFileBytes(hashedPassword string) []byte

GeneratePgBouncerUsersFileBytes generates the byte string that is used by the pgBouncer secret to authenticate a user into pgBouncer that is acting as the pgBouncer "service user" (aka PgBouncerUser).

The format of this file is `"username "hashed-password"`

where "hashed-password" is a MD5 or SCRAM hashed password

This is ultimately moutned by the pgBouncer Pod via the secret

func GeneratedPasswordLength

func GeneratedPasswordLength(configuredPasswordLength string) int

GeneratedPasswordLength returns the value for what the length of a randomly generated password should be. It first determines if the user provided this value via a configuration file, and if not and/or the value is invalid, uses the default value

func GeneratedPasswordValidUntilDays

func GeneratedPasswordValidUntilDays(configuredValidUntilDays string) int

GeneratedPasswordValidUntilDays returns the value for the number of days that a password is valid for, which is used as part of PostgreSQL's VALID UNTIL directive on a user. It first determines if the user provided this value via a configuration file, and if not and/or the value is invalid, uses the default value

func GetLabels

func GetLabels(name, clustername string, replica bool) string

GetLabels ...

func GetPGBackRestRepoPath

func GetPGBackRestRepoPath(cluster crv1.Pgcluster) string

GetPGBackRestRepoPath is responsible for determining the repo path setting (i.e. 'repo1-path' flag) for use by pgBackRest. If a specific repo path has been defined in the pgcluster CR, then that path will be returned. Otherwise a default path will be returned, which is generated using the 'defaultBackrestRepoPath' constant and the cluster name.

func GetPasswordFromSecret

func GetPasswordFromSecret(clientset kubernetes.Interface, namespace, secretName string) (string, error)

GetPasswordFromSecret will fetch the password from a user secret

func GetPod

func GetPod(clientset kubernetes.Interface, deploymentName, namespace string) (*v1.Pod, error)

GetPod determines the best target to fail to

func GetPolicySQL

func GetPolicySQL(clientset pgo.Interface, namespace, policyName string) (string, error)

GetPolicySQL returns the SQL string from a policy

func GetPrimaryPod

func GetPrimaryPod(clientset kubernetes.Interface, cluster *crv1.Pgcluster) (*v1.Pod, error)

GetPrimaryPod gets the Pod of the primary PostgreSQL instance. If somehow the query gets multiple pods, then the first one in the list is returned

func GetSecretPassword

func GetSecretPassword(clientset kubernetes.Interface, db, suffix, Namespace string) (string, error)

GetSecretPassword ...

func GetStandardImageTag

func GetStandardImageTag(imageName, imageTag string) string

GetStandardImageTag takes the current image name and the image tag value stored in the pgcluster CRD and, if the image being used is the crunchy-postgres-gis-ha container with the corresponding tag, it returns the tag without the addition of the GIS version. This tag value can then be used when provisioning containers using the standard containers tag.

func GetValueOrDefault

func GetValueOrDefault(value, defaultValue string) string

GetValueOrDefault checks whether the first value given is set. If it is, that value is returned. If not, the second, default value is returned instead

func IsAutofailEnabled

func IsAutofailEnabled(cluster *crv1.Pgcluster) bool

IsAutofailEnabled - returns true if autofail label is set to true, false if not.

func IsPostgreSQLUserSystemAccount

func IsPostgreSQLUserSystemAccount(username string) bool

IsPostgreSQLUserSystemAccount determines whether or not this is a system PostgreSQL user account, as if this returns true, one likely may not want to allow a user to directly access the account Normalizes the lookup by downcasing it

func IsStringOneOf

func IsStringOneOf(testVal string, acceptedVals ...string) bool

IsStringOneOf tests to see string testVal is included in the list of strings provided using acceptedVals

func IsValidBackrestStorageType

func IsValidBackrestStorageType(storageType string) bool

IsValidBackrestStorageType determines if the storage source string contains valid pgBackRest storage type values

func Patch

func Patch(restclient rest.Interface, path string, value string, resource string, name string, namespace string) error

Patch will patch a particular resource

func PatchClusterCRD

func PatchClusterCRD(clientset pgo.Interface, labelMap map[string]string, oldCrd *crv1.Pgcluster, currentPrimary, namespace string) error

PatchClusterCRD patches the pgcluster CRD with any updated labels, or an updated current primary annotation value. As this uses a JSON merge patch, it will only updates those values that are different between the old and new CRD values.

func RandStringBytesRmndr

func RandStringBytesRmndr(n int) string

RandStringBytesRmndr ...

func SQLQuoteIdentifier

func SQLQuoteIdentifier(identifier string) string

SQLQuoteIdentifier quotes an "identifier" (e.g. a table or a column name) to be used as part of an SQL statement.

Any double quotes in name will be escaped. The quoted identifier will be case sensitive when used in a query. If the input string contains a zero byte, the result will be truncated immediately before it.

Implementation borrowed from lib/pq: https://github.com/lib/pq which is licensed under the MIT License

func SQLQuoteLiteral

func SQLQuoteLiteral(literal string) string

SQLQuoteLiteral quotes a 'literal' (e.g. a parameter, often used to pass literal to DDL and other statements that do not accept parameters) to be used as part of an SQL statement.

Any single quotes in name will be escaped. Any backslashes (i.e. "\") will be replaced by two backslashes (i.e. "\\") and the C-style escape identifier that PostgreSQL provides ('E') will be prepended to the string.

Implementation borrowed from lib/pq: https://github.com/lib/pq which is licensed under the MIT License. Curiously, @jkatz and @cbandy were the ones who worked on the patch to add this, prior to being at Crunchy Data

func SetPostgreSQLPassword

func SetPostgreSQLPassword(clientset kubernetes.Interface, restconfig *rest.Config, pod *v1.Pod, port, username, password, sqlCustom string) error

SetPostgreSQLPassword updates the password for a PostgreSQL role in the PostgreSQL cluster by executing into the primary Pod and changing it

Note: it is recommended to pre-hash the password (e.g. md5, SCRAM) so that way the plaintext password is not logged anywhere. This also avoids potential SQL injections

func StopPostgreSQLInstance

func StopPostgreSQLInstance(clientset kubernetes.Interface, restconfig *rest.Config, pod *v1.Pod, instanceName string) error

StopPostgreSQLInstance issues a "fast" shutdown command to the PostgreSQL instance. This will immediately terminate any connections and safely shut down PostgreSQL so it does not have to start up in crash recovery mode

func ToggleAutoFailover

func ToggleAutoFailover(clientset kubernetes.Interface, enable bool, pghaScope, namespace string) error

ToggleAutoFailover enables or disables autofailover for a cluster. Disabling autofailover means "pausing" Patroni, which will result in Patroni stepping aside from managing the cluster. This will effectively cause Patroni to stop responding to failures or other database activities, e.g. it will not attempt to start the database when stopped to perform maintenance

func UpdatePolicyLabels

func UpdatePolicyLabels(clientset kubernetes.Interface, clusterName string, namespace string, newLabels map[string]string) error

UpdatePolicyLabels ...

func UpdateUserSecret

func UpdateUserSecret(clientset kubernetes.Interface, clustername, username, password, namespace string) error

UpdateUserSecret updates a user secret with a new password. It follows the following method:

1. If the Secret exists, it updates the value of the Secret 2. If the Secret does not exist, it creates the secret

func ValidateBackrestStorageTypeOnBackupRestore

func ValidateBackrestStorageTypeOnBackupRestore(newBackRestStorageType,
	currentBackRestStorageType string, restore bool) error

ValidateBackrestStorageTypeOnBackupRestore checks to see if the pgbackrest storage type provided when performing either pgbackrest backup or restore is valid. This includes ensuring the value provided is a valid storage type (e.g. "s3" and/or "local"). This also includes ensuring the storage type specified (e.g. "s3" or "local") is enabled in the current cluster. And finally, validation is ocurring for a restore, the ensure only one storage type is selected.

func ValidatePolicy

func ValidatePolicy(clientset pgo.Interface, namespace string, policyName string) error

ValidatePolicy tests to see if a policy exists

Types

type AWSS3Secret

type AWSS3Secret struct {
	AWSS3CA        []byte
	AWSS3Key       string
	AWSS3KeySecret string
}

AWSS3Secret is a structured representation for providing an AWS S3 key and key secret

func GetS3CredsFromBackrestRepoSecret

func GetS3CredsFromBackrestRepoSecret(clientset kubernetes.Interface, namespace, clusterName string) (AWSS3Secret, error)

GetS3CredsFromBackrestRepoSecret retrieves the AWS S3 credentials, i.e. the key and key secret, from a specific cluster's backrest repo secret

type BackrestRepoConfig

type BackrestRepoConfig struct {
	// BackrestS3CA is the byte string value of the CA that should be used for the
	// S3 inerfacd pgBackRest repository
	BackrestS3CA        []byte
	BackrestS3Key       string
	BackrestS3KeySecret string
	ClusterName         string
	ClusterNamespace    string
	OperatorNamespace   string
}

BackrestRepoConfig represents the configuration required to created backrest repo secrets

type CloneClusterSecrets

type CloneClusterSecrets struct {
	// any additional selectors that can be added to the query that is made
	AdditionalSelectors []string
	// The Kubernetes Clientset used to make API calls to Kubernetes`
	ClientSet kubernetes.Interface
	// The Namespace that the clusters are in
	Namespace string
	// The name of the PostgreSQL cluster that the secrets are originating from
	SourceClusterName string
	// The name of the PostgreSQL cluster that we are copying the secrets to
	TargetClusterName string
}

CloneClusterSecrets will copy the secrets from a cluster into the secrets of another cluster

func (CloneClusterSecrets) Clone

func (cs CloneClusterSecrets) Clone() error

Clone performs the actual clone of the secrets between PostgreSQL clusters

type CloneTask

type CloneTask struct {
	BackrestPVCSize       string
	BackrestStorageSource string
	EnableMetrics         bool
	PGOUser               string
	PVCSize               string
	SourceClusterName     string
	TargetClusterName     string
	TaskStepLabel         string
	TaskType              string
	Timestamp             time.Time
	WorkflowID            string
}

CloneTask allows you to create a Pgtask CRD with the appropriate options

func (CloneTask) Create

func (clone CloneTask) Create() *crv1.Pgtask

newCloneTask returns a new instance of a Pgtask CRD

type InstanceReplicationInfo

type InstanceReplicationInfo struct {
	Name           string
	Node           string
	ReplicationLag int
	Status         string
	Timeline       int
	PendingRestart bool
	Role           string
}

InstanceReplicationInfo is the user friendly information for the current status of key replication metrics for a PostgreSQL instance

type JSONPatchOperation

type JSONPatchOperation struct {
	Op    string      `json:"op"`
	Path  string      `json:"path"`
	Value interface{} `json:"value"`
}

JSONPatchOperation represents the structure for a JSON patch operation

type ReplicationStatusRequest

type ReplicationStatusRequest struct {
	RESTConfig  *rest.Config
	Clientset   kubernetes.Interface
	Namespace   string
	ClusterName string
}

type ReplicationStatusResponse

type ReplicationStatusResponse struct {
	Instances []InstanceReplicationInfo
}

func ReplicationStatus

func ReplicationStatus(request ReplicationStatusRequest, includePrimary, includeBusted bool) (ReplicationStatusResponse, error)

ReplicationStatus is responsible for retrieving and returning the replication information about the status of the replicas in a PostgreSQL cluster. It executes into a single replica pod and leverages the functionality of Patroni for getting the key metrics that are appropriate to help the user understand the current state of their replicas.

Statistics include: the current node the replica is on, if it is up, the replication lag, etc.

By default information is only returned for replicas within the cluster. However, if primary information is also needed, the inlcudePrimary flag can set set to true and primary information will will also be included in the ReplicationStatusResponse.

Also by default we do not include any "busted" Pods, e.g. a Pod that is not in a happy phase. That Pod may be lacking a "role" label. From there, we zero out the statistics and apply an error

type SSHKey

type SSHKey struct {
	Private []byte
	Public  []byte
}

SSHKey stores byte slices that represent private and public ssh keys

func NewPrivatePublicKeyPair

func NewPrivatePublicKeyPair() (SSHKey, error)

NewPrivatePublicKeyPair generates a an ed25519 ssh private and public key

type ThingSpec

type ThingSpec struct {
	Op    string `json:"op"`
	Path  string `json:"path"`
	Value string `json:"value"`
}

ThingSpec is a json patch structure

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL