util

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 31, 2023 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	BackrestRepoDeploymentName = "%s-backrest-shared-repo"
	BackrestRepoServiceName    = "%s-backrest-shared-repo"
	BackrestRepoPVCName        = "%s-pgbr-repo"
	// #nosec: G101
	BackrestRepoSecretName = "%s-backrest-repo-config"
)
View Source 
const (
	// DefaultGeneratedPasswordLength is the length of what a generated password
	// is if it's not set in the pgo.yaml file, and to create some semblance of
	// consistency
	DefaultGeneratedPasswordLength = 24
	// DefaultPasswordValidUntilDays is the number of days until a PostgreSQL user's
	// password expires. If it is not set in the pgo.yaml file, we will use a
	// default of "0" which means that a password will never expire
	DefaultPasswordValidUntilDays = 0
)
View Source 
const (
	// three of these are exported, as they are used to help add the information
	// into the templates. Say the last one 10 times fast
	// #nosec: G101
	BackRestRepoSecretKeyAWSS3KeyAWSS3CACert = "aws-s3-ca.crt"
	// #nosec: G101
	BackRestRepoSecretKeyAWSS3KeyAWSS3Key = "aws-s3-key"
	// #nosec: G101
	BackRestRepoSecretKeyAWSS3KeyAWSS3KeySecret = "aws-s3-key-secret"
	// #nosec: G101
	BackRestRepoSecretKeyAWSS3KeyGCSKey = "gcs-key"
)

values for the keys used to access the pgBackRest repository Secret

View Source 
const (
	// SQLValidUntilAlways uses a special PostgreSQL value to ensure a password
	// is always valid
	SQLValidUntilAlways = "infinity"
	// SQLValidUntilNever uses a special PostgreSQL value to ensure a password
	// is never valid. This is exportable and used in other places
	SQLValidUntilNever = "-infinity"
)
View Source 
const (

	// InstanceRolePrimary indicates that an instance is a primary
	InstanceRolePrimary = "primary"
	// InstanceRoleReplica indicates that an instance is a replica
	InstanceRoleReplica = "replica"
)
View Source 
const BootstrapConfigPrefix = "%s-bootstrap-%s"

BootstrapConfigPrefix is the format of the prefix used for the Secret containing the pgBackRest configuration required to bootstrap a new cluster using a pgBackRest backup

Variables

View Source 
var (
	// ErrLabelInvalid indicates that a label is invalid
	ErrLabelInvalid = errors.New("invalid label")
	// ErrMissingConfigAnnotation represents an error thrown when the 'config' annotation is found
	// to be missing from the 'config' configMap created to store cluster-wide configuration
	ErrMissingConfigAnnotation error = errors.New("'config' annotation missing from cluster " +
		"configutation")
)

Functions

func CreateBackrestRepoSecrets 

func CreateBackrestRepoSecrets(clientset kubernetes.Interface,
	backrestRepoConfig BackrestRepoConfig) (*v1.Secret, error)

CreateBackrestRepoSecrets creates the secrets required to manage the pgBackRest repo container

func CreatePerconaRMDataTask added in v0.2.0 

func CreatePerconaRMDataTask(clientset kubeapi.Interface, cluster *crv1.PerconaPGCluster, replicaName string, deleteBackups, deleteData, isReplica, isBackup bool) error

CreatePerconaRMDataTask is a legacy method that was moved into this file. This spawns the "pgo-rmdata" task which cleans up assets related to removing an individual instance or a cluster. I cleaned up the code slightly.

func CreateRMDataTask 

func CreateRMDataTask(clientset kubeapi.Interface, cluster *crv1.Pgcluster, replicaName string, deleteBackups, deleteData, isReplica, isBackup bool) error

CreateRMDataTask is a legacy method that was moved into this file. This spawns the "pgo-rmdata" task which cleans up assets related to removing an individual instance or a cluster. I cleaned up the code slightly.

func CreateSecret 

func CreateSecret(clientset kubernetes.Interface, db, secretName, username, password, namespace string, labels map[string]string) error

CreateSecret create the secret, user, and primary secrets

func CreateUserSecret 

func CreateUserSecret(clientset kubernetes.Interface, cluster *crv1.Pgcluster, username, password string) error

CreateUserSecret will create a new secret holding a user credential

func CurrentPrimaryUpdate 

func CurrentPrimaryUpdate(clientset pgo.Interface, cluster *crv1.Pgcluster, currentPrimary, namespace string) error

CurrentPrimaryUpdate prepares the needed data structures with the correct current primary value before passing them along to be patched into the current pgcluster CRD's annotations

func ExecPolicy 

func ExecPolicy(clientset kubeapi.Interface, restconfig *rest.Config, namespace, policyName, clusterName, port string) error

ExecPolicy execute a sql policy against a cluster

func GenerateExporterSecretName 

func GenerateExporterSecretName(clusterName string) string

GenerateExporterSecretName returns the name of the secret that contains information around a monitoring user

func GenerateNodeAffinity 

func GenerateNodeAffinity(affinityType crv1.NodeAffinityType, key string, values []string) *v1.NodeAffinity

GenerateNodeAffinity creates a Kubernetes node affinity object suitable for storage on our custom resource. For now, it only supports preferred affinity, though can be expanded to support more complex rules

func GeneratePassword 

func GeneratePassword(length int) (string, error)

GeneratePassword generate random password

func GeneratePgBouncerConfigMapName 

func GeneratePgBouncerConfigMapName(clusterName string) string

GeneratePgBouncerConfigMapName generates the name of the configmap file associated with the pgBouncer Deployment

func GeneratePgBouncerSecretName 

func GeneratePgBouncerSecretName(clusterName string) string

GeneratePgBouncerSecretName returns the name of the secret that contains information around a pgBouncer deployment

func GeneratePgBouncerUsersFileBytes 

func GeneratePgBouncerUsersFileBytes(hashedPassword string) []byte

GeneratePgBouncerUsersFileBytes generates the byte string that is used by the pgBouncer secret to authenticate a user into pgBouncer that is acting as the pgBouncer "service user" (aka PgBouncerUser).

The format of this file is `"username "hashed-password"`

where "hashed-password" is a MD5 or SCRAM hashed password

This is ultimately moutned by the pgBouncer Pod via the secret

func GeneratedPasswordLength 

func GeneratedPasswordLength(configuredPasswordLength string) int

GeneratedPasswordLength returns the value for what the length of a randomly generated password should be. It first determines if the user provided this value via a configuration file, and if not and/or the value is invalid, uses the default value

func GeneratedPasswordValidUntilDays 

func GeneratedPasswordValidUntilDays(configuredValidUntilDays string) int

GeneratedPasswordValidUntilDays returns the value for the number of days that a password is valid for, which is used as part of PostgreSQL's VALID UNTIL directive on a user. It first determines if the user provided this value via a configuration file, and if not and/or the value is invalid, uses the default value

func GetCustomLabels added in v0.2.0 

func GetCustomLabels(cluster *crv1.Pgcluster) map[string]string

GetCustomLabels gets a list of the custom labels that a user set so they can be applied to any non-Postgres cluster instance objects. This removes some of the "system labels" that get stuck in the "UserLabels" area.

Do **not** use this for the Postgres instance Deployments. Some of those labels are needed there.

Returns a map.

func GetLabels 

func GetLabels(name, clustername string, replica bool) string

GetLabels ...

func GetPasswordFromSecret 

func GetPasswordFromSecret(clientset kubernetes.Interface, namespace, secretName string) (string, error)

GetPasswordFromSecret will fetch the password from a user secret

func GetPolicySQL 

func GetPolicySQL(clientset pgo.Interface, namespace, policyName string) (string, error)

GetPolicySQL returns the SQL string from a policy

func GetPrimaryPod 

func GetPrimaryPod(clientset kubernetes.Interface, cluster *crv1.Pgcluster) (*v1.Pod, error)

GetPrimaryPod gets the Pod of the primary PostgreSQL instance. If somehow the query gets multiple pods, then the first one in the list is returned

func GetSecretPassword 

func GetSecretPassword(clientset kubernetes.Interface, db, suffix, Namespace string) (string, error)

GetSecretPassword ...

func GetStandardImageTag 

func GetStandardImageTag(imageName, imageTag string) string

GetStandardImageTag takes the current image name and the image tag value stored in the pgcluster CRD and, if the image being used is the crunchy-postgres-gis-ha container with the corresponding tag, it returns the tag without the addition of the GIS version. This tag value can then be used when provisioning containers using the standard containers tag.

func GetTolerations 

func GetTolerations(tolerations []v1.Toleration) string

GetTolerations returns any tolerations that may be defined in a tolerations in JSON format. Otherwise, it returns an empty string

func GetValueOrDefault 

func GetValueOrDefault(value, defaultValue string) string

GetValueOrDefault checks whether the first value given is set. If it is, that value is returned. If not, the second, default value is returned instead

func IsPostgreSQLUserSystemAccount 

func IsPostgreSQLUserSystemAccount(username string) bool

IsPostgreSQLUserSystemAccount determines whether or not this is a system PostgreSQL user account, as if this returns true, one likely may not want to allow a user to directly access the account Normalizes the lookup by downcasing it

func IsStringOneOf 

func IsStringOneOf(testVal string, acceptedVals ...string) bool

IsStringOneOf tests to see string testVal is included in the list of strings provided using acceptedVals

func PatchClusterCRD 

func PatchClusterCRD(clientset pgo.Interface, labelMap map[string]string, oldCrd *crv1.Pgcluster, currentPrimary, namespace string) error

PatchClusterCRD patches the pgcluster CRD with any updated labels, or an updated current primary annotation value. As this uses a JSON merge patch, it will only updates those values that are different between the old and new CRD values.

func RandStringBytesRmndr 

func RandStringBytesRmndr(n int) string

RandStringBytesRmndr ...

func SQLQuoteIdentifier 

func SQLQuoteIdentifier(identifier string) string

SQLQuoteIdentifier quotes an "identifier" (e.g. a table or a column name) to be used as part of an SQL statement.

Any double quotes in name will be escaped. The quoted identifier will be case sensitive when used in a query. If the input string contains a zero byte, the result will be truncated immediately before it.

Implementation borrowed from lib/pq: https://github.com/lib/pq which is licensed under the MIT License

func SQLQuoteLiteral 

func SQLQuoteLiteral(literal string) string

SQLQuoteLiteral quotes a 'literal' (e.g. a parameter, often used to pass literal to DDL and other statements that do not accept parameters) to be used as part of an SQL statement.

Any single quotes in name will be escaped. Any backslashes (i.e. "\") will be replaced by two backslashes (i.e. "\\") and the C-style escape identifier that PostgreSQL provides ('E') will be prepended to the string.

Implementation borrowed from lib/pq: https://github.com/lib/pq which is licensed under the MIT License. Curiously, @jkatz and @cbandy were the ones who worked on the patch to add this, prior to being at Crunchy Data

func SetPostgreSQLPassword 

func SetPostgreSQLPassword(clientset kubernetes.Interface, restconfig *rest.Config, pod *v1.Pod, port, username, password, sqlCustom string) error

SetPostgreSQLPassword updates the password for a PostgreSQL role in the PostgreSQL cluster by executing into the primary Pod and changing it

Note: it is recommended to pre-hash the password (e.g. md5, SCRAM) so that way the plaintext password is not logged anywhere. This also avoids potential SQL injections

func StopPostgreSQLInstance 

func StopPostgreSQLInstance(clientset kubernetes.Interface, restconfig *rest.Config, pod *v1.Pod, instanceName string) error

StopPostgreSQLInstance issues a "fast" shutdown command to the PostgreSQL instance. This will immediately terminate any connections and safely shut down PostgreSQL so it does not have to start up in crash recovery mode

func ToggleAutoFailover 

func ToggleAutoFailover(clientset kubernetes.Interface, enable bool, pghaScope, namespace string) error

ToggleAutoFailover enables or disables autofailover for a cluster. Disabling autofailover means "pausing" Patroni, which will result in Patroni stepping aside from managing the cluster. This will effectively cause Patroni to stop responding to failures or other database activities, e.g. it will not attempt to start the database when stopped to perform maintenance

func UpdateUserSecret 

func UpdateUserSecret(clientset kubernetes.Interface, cluster *crv1.Pgcluster, username, password string) error

UpdateUserSecret updates a user secret with a new password. It follows the following method:

1. If the Secret exists, it updates the value of the Secret 2. If the Secret does not exist, it creates the secret

func ValidateLabels 

func ValidateLabels(labels map[string]string) error

ValidateLabels validates if the input is a valid Kubernetes label.

A label is composed of a key and value.

The key can either be a name or have an optional prefix that i terminated by a "/", e.g. "prefix/name"

The name must be a valid DNS 1123 value THe prefix must be a valid DNS 1123 subdomain

The value can be validated by machinery provided by Kubernetes

Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

func ValidatePVCResize added in v0.2.0 

func ValidatePVCResize(oldSize, newSize string) error

ValidatePVCResize ensures that the quantities being used in a PVC resize are valid, and the resize is moving in an increasing direction

func ValidatePolicy 

func ValidatePolicy(clientset pgo.Interface, namespace string, policyName string) error

ValidatePolicy tests to see if a policy exists

Types

type AWSS3Secret 

type AWSS3Secret struct {
	AWSS3CA        []byte
	AWSS3Key       string
	AWSS3KeySecret string
}

AWSS3Secret is a structured representation for providing an AWS S3 key and key secret

func GetS3CredsFromBackrestRepoSecret 

func GetS3CredsFromBackrestRepoSecret(clientset kubernetes.Interface, namespace, clusterName string) (AWSS3Secret, error)

GetS3CredsFromBackrestRepoSecret retrieves the AWS S3 credentials, i.e. the key and key secret, from a specific cluster's backrest repo secret

type BackrestRepoConfig 

type BackrestRepoConfig struct {
	// BackrestS3CA is the byte string value of the CA that should be used for the
	// S3 inerfacd pgBackRest repository
	BackrestS3CA        []byte
	BackrestS3Key       string
	BackrestS3KeySecret string
	BackrestGCSKey      []byte
	ClusterName         string
	ClusterNamespace    string
	CustomLabels        map[string]string
	OperatorNamespace   string
}

BackrestRepoConfig represents the configuration required to created backrest repo secrets

type GCSSecret added in v0.2.0 

type GCSSecret struct {
	Key []byte
}

GCSSecret is a structured representation for providing the GCS key

func GetGCSCredsFromBackrestRepoSecret added in v0.2.0 

func GetGCSCredsFromBackrestRepoSecret(clientset kubernetes.Interface, namespace, clusterName string) (GCSSecret, error)

GetGCSCredsFromBackrestRepoSecret retrieves the GCS credentials, i.e. the key "file" from the pgBackRest Secret

type InstanceReplicationInfo 

type InstanceReplicationInfo struct {
	Name           string
	Node           string
	ReplicationLag int
	Status         string
	Timeline       int
	PendingRestart bool
	PodName        string
	Role           string
}

InstanceReplicationInfo is the user friendly information for the current status of key replication metrics for a PostgreSQL instance

type ReplicationStatusRequest 

type ReplicationStatusRequest struct {
	RESTConfig  *rest.Config
	Clientset   kubernetes.Interface
	Namespace   string
	ClusterName string
}

type ReplicationStatusResponse 

type ReplicationStatusResponse struct {
	Instances []InstanceReplicationInfo
}

func ReplicationStatus 

func ReplicationStatus(request ReplicationStatusRequest, includePrimary, includeBusted bool) (ReplicationStatusResponse, error)

ReplicationStatus is responsible for retrieving and returning the replication information about the status of the replicas in a PostgreSQL cluster. It executes into a single replica pod and leverages the functionality of Patroni for getting the key metrics that are appropriate to help the user understand the current state of their replicas.

Statistics include: the current node the replica is on, if it is up, the replication lag, etc.

By default information is only returned for replicas within the cluster. However, if primary information is also needed, the inlcudePrimary flag can set set to true and primary information will will also be included in the ReplicationStatusResponse.

Also by default we do not include any "busted" Pods, e.g. a Pod that is not in a happy phase. That Pod may be lacking a "role" label. From there, we zero out the statistics and apply an error

type SSHKey 

type SSHKey struct {
	Private []byte
	Public  []byte
}

SSHKey stores byte slices that represent private and public ssh keys

func NewPrivatePublicKeyPair 

func NewPrivatePublicKeyPair() (SSHKey, error)

NewPrivatePublicKeyPair generates a an ed25519 ssh private and public key

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.