Support Operator to Add/delete User for PostgreSQL database

api/v1alpha1/postgresqluser_types.go

@@ -0,0 +1,61 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// PostgreSQLUserSpec defines the desired state of PostgreSqlUser
+type PostgreSQLUserSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+	Server        string   `json:"server"`
+	DbName        string   `json:"dbName"`
+	ResourceGroup string   `json:"resourceGroup,omitempty"`
+	Roles         []string `json:"roles"`
+	// optional
+	AdminSecret            string   `json:"adminSecret,omitempty"`
+	AdminSecretKeyVault    string   `json:"adminSecretKeyVault,omitempty"`
+	Username               string   `json:"username,omitempty"`
+	KeyVaultToStoreSecrets string   `json:"keyVaultToStoreSecrets,omitempty"`
+	KeyVaultSecretPrefix   string   `json:"keyVaultSecretPrefix,omitempty"`
+	KeyVaultSecretFormats  []string `json:"keyVaultSecretFormats,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// PostgreSQLUser is the Schema for the postgresqlusers API
+// +kubebuilder:resource:shortName=psqlu,path=psqluser
+// +kubebuilder:printcolumn:name="Provisioned",type="string",JSONPath=".status.provisioned"
+// +kubebuilder:printcolumn:name="Message",type="string",JSONPath=".status.message"
+type PostgreSQLUser struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   PostgreSQLUserSpec `json:"spec,omitempty"`
+	Status ASOStatus          `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// PostgreSQLUserList contains a list of PostgreSQLUser
+type PostgreSQLUserList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []PostgreSQLUser `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&PostgreSQLUser{}, &PostgreSQLUserList{})
+}
+
+// IsSubmitted checks if sqluser is provisioning
+func (s *PostgreSQLUser) IsSubmitted() bool {
+	return s.Status.Provisioning || s.Status.Provisioned
+}

config/crd/patches/cainjection_in_postgresqlusers.yaml

@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: psqlusers.azure.microsoft.com

config/samples/azure_v1alpha1_postgresqluser.yaml

@@ -0,0 +1,33 @@
+apiVersion: azure.microsoft.com/v1alpha1
+kind: PostgreSQLUser
+metadata:
+  name: psqluser-sample2
+spec:
+  server: postgresqlserver-sample
+  dbName: postgresqldatabase-sample
+  resourceGroup: resourcegroup-azure-operators
+  # The Azure Database for PostgreSQL server is created with the 3 default roles defined.
+  # azure_pg_admin
+  # azure_superuser
+  # your server admin user
+  roles:
+    - "azure_pg_admin"
+   # Specify a specific username for the user
+  username: hong
+  # Specify adminSecret and adminSecretKeyVault if you want to 
+  # read the PSQL server admin creds from a specific keyvault secret
+  adminSecret: default-postgresqlserver-sample
+  adminSecretKeyVault: asokeyvault
+
+  # Use the field below to optionally specify a different keyvault 
+  # to store the secrets in
+  # keyVaultToStoreSecrets: asokeyvault
+
+  # Below are optional fields that allow customizing the secrets you need
+  # keyVaultSecretPrefix: sqlServer-sqlDatabase
+  # valid secret formats
+  # adonet, adonet-urlonly, jdbc, jdbc-urlonly, odbc, odbc-urlonly, server, database, username, password
+  #keyVaultSecretFormats:  
+  #   - "adonet"
+
+

controllers/postgresqluser_controller.go

@@ -0,0 +1,44 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package controllers
+
+import (
+	ctrl "sigs.k8s.io/controller-runtime"
+
+	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
+)
+
+// PSqlServerPort is the default server port for psql server
+const PSqlServerPort = 5432
+
+// DriverName is driver name for db connection
+const PDriverName = "postgres"
+
+// SecretUsernameKey is the username key in secret
+const PSecretUsernameKey = "username"
+
+// SecretPasswordKey is the password key in secret
+const PSecretPasswordKey = "password"
+
+// PSQLUserFinalizerName is the name of the finalizer
+const PSQLUserFinalizerName = "psqluser.finalizers.azure.com"
+
+// PostgreSQLUserReconciler reconciles a PSQLUser object
+type PostgreSQLUserReconciler struct {
+	Reconciler *AsyncReconciler
+}
+
+// +kubebuilder:rbac:groups=azure.microsoft.com,resources=PostgreSQLUsers,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=azure.microsoft.com,resources=PostgreSQLUsers/status,verbs=get;update;patch
+
+func (r *PostgreSQLUserReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+	return r.Reconciler.Reconcile(req, &azurev1alpha1.PostgreSQLUser{})
+}
+
+// SetupWithManager runs reconcile loop with manager
+func (r *PostgreSQLUserReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&azurev1alpha1.PostgreSQLUser{}).
+		Complete(r)
+}

main.go

@@ -46,6 +46,7 @@ import (
 	pip "github.com/Azure/azure-service-operator/pkg/resourcemanager/pip"
 	psqldatabase "github.com/Azure/azure-service-operator/pkg/resourcemanager/psql/database"
 	psqlfirewallrule "github.com/Azure/azure-service-operator/pkg/resourcemanager/psql/firewallrule"
+	psqluser "github.com/Azure/azure-service-operator/pkg/resourcemanager/psql/psqluser"
 	psqlserver "github.com/Azure/azure-service-operator/pkg/resourcemanager/psql/server"
 	psqlvnetrule "github.com/Azure/azure-service-operator/pkg/resourcemanager/psql/vnetrule"
 	resourcemanagerrediscache "github.com/Azure/azure-service-operator/pkg/resourcemanager/rediscaches"
@@ -170,6 +171,10 @@ func main() {
 	psqlserverclient := psqlserver.NewPSQLServerClient(secretClient, mgr.GetScheme())
 	psqldatabaseclient := psqldatabase.NewPSQLDatabaseClient()
 	psqlfirewallruleclient := psqlfirewallrule.NewPSQLFirewallRuleClient()
+	psqlusermanager := psqluser.NewPostgreSqlUserManager(
+		secretClient,
+		scheme,
+	)
 	sqlUserManager := resourcemanagersqluser.NewAzureSqlUserManager(
 		secretClient,
 		scheme,
@@ -536,6 +541,22 @@ func main() {
 		os.Exit(1)
 	}
 
+	if err = (&controllers.PostgreSQLUserReconciler{
+		Reconciler: &controllers.AsyncReconciler{
+			Client:      mgr.GetClient(),
+			AzureClient: psqlusermanager,
+			Telemetry: telemetry.InitializeTelemetryDefault(
+				"PSQLUser",
+				ctrl.Log.WithName("controllers").WithName("PSQLUser"),
+			),
+			Recorder: mgr.GetEventRecorderFor("PSQLUser-controller"),
+			Scheme:   scheme,
+		},
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "PSQLUser")
+		os.Exit(1)
+	}
+
 	if err = (&controllers.ApimServiceReconciler{
 		Reconciler: &controllers.AsyncReconciler{
 			Client:      mgr.GetClient(),

pkg/resourcemanager/psql/database/database.go

@@ -19,7 +19,8 @@ func NewPSQLDatabaseClient() *PSQLDatabaseClient {
 	return &PSQLDatabaseClient{}
 }
 
-func getPSQLDatabasesClient() (psql.DatabasesClient, error) {
+//GetPSQLDatabasesClient retrieves the psqldabase
+func GetPSQLDatabasesClient() (psql.DatabasesClient, error) {
 	databasesClient := psql.NewDatabasesClientWithBaseURI(config.BaseURI(), config.SubscriptionID())
 	a, err := iam.GetResourceManagementAuthorizer()
 	if err != nil {
@@ -64,7 +65,7 @@ func (p *PSQLDatabaseClient) CheckDatabaseNameAvailability(ctx context.Context,
 
 func (p *PSQLDatabaseClient) CreateDatabaseIfValid(ctx context.Context, databasename string, servername string, resourcegroup string) (*http.Response, error) {
 
-	client, err := getPSQLDatabasesClient()
+	client, err := GetPSQLDatabasesClient()
 	if err != nil {
 		return &http.Response{
 			StatusCode: 500,
@@ -99,7 +100,7 @@ func (p *PSQLDatabaseClient) CreateDatabaseIfValid(ctx context.Context, database
 
 func (p *PSQLDatabaseClient) DeleteDatabase(ctx context.Context, databasename string, servername string, resourcegroup string) (status string, err error) {
 
-	client, err := getPSQLDatabasesClient()
+	client, err := GetPSQLDatabasesClient()
 	if err != nil {
 		return "", err
 	}
@@ -116,7 +117,7 @@ func (p *PSQLDatabaseClient) DeleteDatabase(ctx context.Context, databasename st
 
 func (p *PSQLDatabaseClient) GetDatabase(ctx context.Context, resourcegroup string, servername string, databasename string) (db psql.Database, err error) {
 
-	client, err := getPSQLDatabasesClient()
+	client, err := GetPSQLDatabasesClient()
 	if err != nil {
 		return psql.Database{}, err
 	}