Adding user management for standalone pgAdmin. When user is present in spec, reconcile loop will attempt to add or update it in pgAdmin as necessary, and the users.json file we keep in the pgadmin secret will be updated accordingly. Users removed from spec will be removed from users.json, but will not be deleted from pgAdmin. Add go and kuttl tests for this functionality. Move pod_client.go to controller/runtime package. Move PGADMIN_DIR value to a const.

Author: dsessler7

config/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml

@@ -20,7 +20,7 @@ spec:
   - name: v1beta1
     schema:
       openAPIV3Schema:
-        description: PGAdmin is the Schema for the pgadmins API
+        description: PGAdmin is the Schema for the PGAdmin API
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation
@@ -1442,16 +1442,40 @@ spec:
                       type: string
                   type: object
                 type: array
+              users:
+                description: pgAdmin users that are managed via the PGAdmin spec.
+                  Users can still be added via the pgAdmin GUI, but those users will
+                  not show up here.
+                items:
+                  properties:
+                    role:
+                      description: Role determines whether the user has admin privileges
+                        or not. Defaults to User. Valid options are Administrator
+                        and User.
+                      enum:
+                      - Administrator
+                      - User
+                      type: string
+                    username:
+                      description: The username for User in pgAdmin. Must be unique
+                        in the pgAdmin's users list.
+                      type: string
+                  required:
+                  - username
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - username
+                x-kubernetes-list-type: map
             required:
             - dataVolumeClaimSpec
             type: object
           status:
             description: PGAdminStatus defines the observed state of PGAdmin
             properties:
               conditions:
-                description: 'conditions represent the observations of pgadmin''s
-                  current state. Known .status.conditions.type are: "PersistentVolumeResizing",
-                  "Progressing", "ProxyAvailable"'
+                description: 'conditions represent the observations of pgAdmin''s
+                  current state. Known .status.conditions.type is: "PersistentVolumeResizing"'
                 items:
                   description: "Condition contains details for one aspect of the current
                     state of this API Resource. --- This struct is intended for direct
@@ -1522,6 +1546,14 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
+              imageSHA:
+                description: ImageSHA represents the image SHA for the container running
+                  pgAdmin.
+                type: string
+              majorVersion:
+                description: MajorVersion represents the major version of the running
+                  pgAdmin.
+                type: integer
               observedGeneration:
                 description: observedGeneration represents the .metadata.generation
                   on which the status was based.

internal/controller/postgrescluster/controller.go

@@ -43,6 +43,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/source"
 
 	"github.com/crunchydata/postgres-operator/internal/config"
+	"github.com/crunchydata/postgres-operator/internal/controller/runtime"
 	"github.com/crunchydata/postgres-operator/internal/logging"
 	"github.com/crunchydata/postgres-operator/internal/pgaudit"
 	"github.com/crunchydata/postgres-operator/internal/pgbackrest"
@@ -451,7 +452,7 @@ func (r *Reconciler) setOwnerReference(
 func (r *Reconciler) SetupWithManager(mgr manager.Manager) error {
 	if r.PodExec == nil {
 		var err error
-		r.PodExec, err = newPodExecutor(mgr.GetConfig())
+		r.PodExec, err = runtime.NewPodExecutor(mgr.GetConfig())
 		if err != nil {
 			return err
 		}

internal/controller/postgrescluster/pod_client.go renamed to internal/controller/runtime/pod_client.go

@@ -13,7 +13,7 @@
  limitations under the License.
 */
 
-package postgrescluster
+package runtime
 
 import (
 	"io"
@@ -41,7 +41,7 @@ func newPodClient(config *rest.Config) (rest.Interface, error) {
 
 // +kubebuilder:rbac:groups="",resources="pods/exec",verbs={create}
 
-func newPodExecutor(config *rest.Config) (podExecutor, error) {
+func NewPodExecutor(config *rest.Config) (podExecutor, error) {
 	client, err := newPodClient(config)
 
 	return func(

internal/controller/standalone_pgadmin/config.go

@@ -23,4 +23,7 @@ const (
 
 	// Port address used to define pod and service
 	pgAdminPort = 5050
+
+	// Directory for pgAdmin in container
+	pgAdminDir = "/usr/local/lib/python3.11/site-packages/pgadmin4"
 )

internal/controller/standalone_pgadmin/controller.go

@@ -16,6 +16,7 @@ package standalone_pgadmin
 
 import (
 	"context"
+	"io"
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -29,14 +30,19 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/source"
 
+	controllerruntime "github.com/crunchydata/postgres-operator/internal/controller/runtime"
 	"github.com/crunchydata/postgres-operator/internal/logging"
 	"github.com/crunchydata/postgres-operator/pkg/apis/postgres-operator.crunchydata.com/v1beta1"
 )
 
 // PGAdminReconciler reconciles a PGAdmin object
 type PGAdminReconciler struct {
 	client.Client
-	Owner       client.FieldOwner
+	Owner   client.FieldOwner
+	PodExec func(
+		namespace, pod, container string,
+		stdin io.Reader, stdout, stderr io.Writer, command ...string,
+	) error
 	Recorder    record.EventRecorder
 	IsOpenShift bool
 }
@@ -51,6 +57,14 @@ type PGAdminReconciler struct {
 //
 // TODO(tjmoore4): This function is duplicated from a version that takes a PostgresCluster object.
 func (r *PGAdminReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	if r.PodExec == nil {
+		var err error
+		r.PodExec, err = controllerruntime.NewPodExecutor(mgr.GetConfig())
+		if err != nil {
+			return err
+		}
+	}
+
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&v1beta1.PGAdmin{}).
 		Owns(&corev1.ConfigMap{}).
@@ -146,12 +160,15 @@ func (r *PGAdminReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 	if err == nil {
 		err = r.reconcilePGAdminStatefulSet(ctx, pgAdmin, configmap, dataVolume)
 	}
+	if err == nil {
+		err = r.reconcilePGAdminUsers(ctx, pgAdmin)
+	}
 
 	if err == nil {
 		// at this point everything reconciled successfully, and we can update the
 		// observedGeneration
 		pgAdmin.Status.ObservedGeneration = pgAdmin.GetGeneration()
-		log.V(1).Info("reconciled cluster")
+		log.V(1).Info("reconciled pgadmin")
 	}
 
 	return ctrl.Result{}, err

internal/controller/standalone_pgadmin/pod.go

@@ -276,7 +276,7 @@ func startupScript(pgadmin *v1beta1.PGAdmin) []string {
 	// - https://www.pgadmin.org/docs/pgadmin4/development/server_deployment.html#standalone-gunicorn-configuration
 	// - https://docs.gunicorn.org/en/latest/configure.html
 	var startScript = fmt.Sprintf(`
-PGADMIN_DIR=/usr/local/lib/python3.11/site-packages/pgadmin4
+PGADMIN_DIR=%s
 APP_RELEASE=$(cd $PGADMIN_DIR && python3 -c "import config; print(config.APP_RELEASE)")
 
 echo "Running pgAdmin4 Setup"
@@ -303,7 +303,7 @@ loadServerCommand() {
     fi
 }
 loadServerCommand
-`, setupCommandV7, setupCommandV8, startCommandV7, startCommandV8, loadServerCommandV7, loadServerCommandV8)
+`, pgAdminDir, setupCommandV7, setupCommandV8, startCommandV7, startCommandV8, loadServerCommandV7, loadServerCommandV8)
 
 	// Use a Bash loop to periodically check:
 	// 1. the mtime of the mounted configuration volume for shared/discovered servers.

internal/controller/standalone_pgadmin/secret.go

@@ -72,12 +72,11 @@ func secret(pgadmin *v1beta1.PGAdmin, existing *corev1.Secret) (*corev1.Secret,
 		})
 
 	intent.Data = make(map[string][]byte)
-	intent.StringData = make(map[string]string)
 
 	// The username format is hardcoded,
 	// but append the full username to the secret for visibility
-	intent.StringData["username"] = fmt.Sprintf("admin@%s.%s.svc",
-		pgadmin.Name, pgadmin.Namespace)
+	intent.Data["username"] = []byte(fmt.Sprintf("admin@%s.%s.svc",
+		pgadmin.Name, pgadmin.Namespace))
 
 	// Copy existing password into the intent
 	if existing.Data != nil {
@@ -93,5 +92,10 @@ func secret(pgadmin *v1beta1.PGAdmin, existing *corev1.Secret) (*corev1.Secret,
 		intent.Data["password"] = []byte(password)
 	}
 
+	// Copy existing user data into the intent
+	if existing.Data["users.json"] != nil {
+		intent.Data["users.json"] = existing.Data["users.json"]
+	}
+
 	return intent, nil
 }