Remove admin user from pgadmin secret. Generate a random password for setup user on startup. Adjust tests accordingly.

dsessler7 · dsessler7 · commit 598d1c48a9b4 · 2024-04-29T10:06:46.000-07:00
diff --git a/internal/controller/standalone_pgadmin/controller.go b/internal/controller/standalone_pgadmin/controller.go
@@ -125,8 +125,6 @@ func (r *PGAdminReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 		_          *corev1.Service
 	)
 
-	_, err = r.reconcilePGAdminSecret(ctx, pgAdmin)
-
 	if err == nil {
 		clusters, err = r.getClustersForPGAdmin(ctx, pgAdmin)
 	}
diff --git a/internal/controller/standalone_pgadmin/pod.go b/internal/controller/standalone_pgadmin/pod.go
@@ -124,15 +124,6 @@ func pod(
 				Name:  "PGADMIN_SETUP_EMAIL",
 				Value: fmt.Sprintf("admin@%s.%s.svc", inPGAdmin.Name, inPGAdmin.Namespace),
 			},
-			{
-				Name: "PGADMIN_SETUP_PASSWORD",
-				ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{
-					LocalObjectReference: corev1.LocalObjectReference{
-						Name: naming.StandalonePGAdmin(inPGAdmin).Name,
-					},
-					Key: "password",
-				}},
-			},
 			{
 				Name:  "PGADMIN_LISTEN_PORT",
 				Value: fmt.Sprintf("%d", pgAdminPort),
@@ -292,6 +283,7 @@ func startupScript(pgadmin *v1beta1.PGAdmin) []string {
 	// - https://www.pgadmin.org/docs/pgadmin4/development/server_deployment.html#standalone-gunicorn-configuration
 	// - https://docs.gunicorn.org/en/latest/configure.html
 	var startScript = fmt.Sprintf(`
+export PGADMIN_SETUP_PASSWORD="$(date +%%s | sha256sum | base64 | head -c 32)"
 PGADMIN_DIR=%s
 APP_RELEASE=$(cd $PGADMIN_DIR && python3 -c "import config; print(config.APP_RELEASE)")
 
diff --git a/internal/controller/standalone_pgadmin/pod_test.go b/internal/controller/standalone_pgadmin/pod_test.go
@@ -51,6 +51,7 @@ containers:
   - --
   - |-
     monitor() {
+    export PGADMIN_SETUP_PASSWORD="$(date +%s | sha256sum | base64 | head -c 32)"
     PGADMIN_DIR=/usr/local/lib/python3.11/site-packages/pgadmin4
     APP_RELEASE=$(cd $PGADMIN_DIR && python3 -c "import config; print(config.APP_RELEASE)")
 
@@ -103,11 +104,6 @@ containers:
   env:
   - name: PGADMIN_SETUP_EMAIL
     value: admin@pgadmin.postgres-operator.svc
-  - name: PGADMIN_SETUP_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        key: password
-        name: pgadmin-
   - name: PGADMIN_LISTEN_PORT
     value: "5050"
   name: pgadmin
@@ -229,6 +225,7 @@ containers:
   - --
   - |-
     monitor() {
+    export PGADMIN_SETUP_PASSWORD="$(date +%s | sha256sum | base64 | head -c 32)"
     PGADMIN_DIR=/usr/local/lib/python3.11/site-packages/pgadmin4
     APP_RELEASE=$(cd $PGADMIN_DIR && python3 -c "import config; print(config.APP_RELEASE)")
 
@@ -281,11 +278,6 @@ containers:
   env:
   - name: PGADMIN_SETUP_EMAIL
     value: admin@pgadmin.postgres-operator.svc
-  - name: PGADMIN_SETUP_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        key: password
-        name: pgadmin-
   - name: PGADMIN_LISTEN_PORT
     value: "5050"
   image: new-image
diff --git a/internal/controller/standalone_pgadmin/secret.go b/internal/controller/standalone_pgadmin/secret.go
diff --git a/internal/controller/standalone_pgadmin/users.go b/internal/controller/standalone_pgadmin/users.go
@@ -52,8 +52,8 @@ type pgAdminUserForJson struct {
 	Username string `json:"username"`
 }
 
-// reconcilePGAdminUsers reconciles the default admin user and the users listed in the pgAdmin spec,
-// adding them to the pgAdmin secret, and creating/updating them in pgAdmin when appropriate.
+// reconcilePGAdminUsers reconciles the users listed in the pgAdmin spec, adding them
+// to the pgAdmin secret, and creating/updating them in pgAdmin when appropriate.
 func (r *PGAdminReconciler) reconcilePGAdminUsers(ctx context.Context, pgadmin *v1beta1.PGAdmin) error {
 	const container = naming.ContainerPGAdmin
 	var podExecutor Executor
@@ -163,9 +163,6 @@ func (r *PGAdminReconciler) writePGAdminUsers(ctx context.Context, pgadmin *v1be
 
 	// Initialize secret data map, or copy existing data if not nil
 	intentUserSecret.Data = make(map[string][]byte)
-	if existingUserSecret.Data != nil {
-		intentUserSecret.Data = existingUserSecret.Data
-	}
 
 	setupScript := fmt.Sprintf(`
 PGADMIN_DIR=%s
diff --git a/testing/kuttl/e2e-other/standalone-pgadmin-v8/files/02-pgadmin.yaml b/testing/kuttl/e2e-other/standalone-pgadmin-v8/files/02-pgadmin.yaml
@@ -3,7 +3,6 @@ kind: PGAdmin
 metadata:
   name: pgadmin
 spec:
-  adminUsername: admin@pgo.com
   dataVolumeClaimSpec:
     accessModes:
     - "ReadWriteOnce"
diff --git a/testing/kuttl/e2e/standalone-pgadmin/files/00-pgadmin-check.yaml b/testing/kuttl/e2e/standalone-pgadmin/files/00-pgadmin-check.yaml
@@ -32,11 +32,3 @@ status:
     ready: true
     started: true
   phase: Running
----
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    postgres-operator.crunchydata.com/role: pgadmin
-    postgres-operator.crunchydata.com/pgadmin: pgadmin
-type: Opaque
diff --git a/testing/kuttl/e2e/standalone-pgadmin/files/02-pgadmin.yaml b/testing/kuttl/e2e/standalone-pgadmin/files/02-pgadmin.yaml
@@ -3,7 +3,6 @@ kind: PGAdmin
 metadata:
   name: pgadmin
 spec:
-  adminUsername: admin@pgo.com
   dataVolumeClaimSpec:
     accessModes:
     - "ReadWriteOnce"

Original file line number	Diff line number	Diff line change
`@@ -125,8 +125,6 @@ func (r *PGAdminReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct`
`125`	`125`	`_ *corev1.Service`
`126`	`126`	`)`
`127`	`127`
`128`		`- _, err = r.reconcilePGAdminSecret(ctx, pgAdmin)`
`129`		`-`
`130`	`128`	`if err == nil {`
`131`	`129`	`clusters, err = r.getClustersForPGAdmin(ctx, pgAdmin)`
`132`	`130`	`}`