Update API definition

pcallewaert · pcallewaert · commit 1b4bb72f2098 · 2025-12-17T11:36:55.000+01:00
diff --git a/api/v1alpha1/postgresuser_types.go b/api/v1alpha1/postgresuser_types.go
@@ -9,12 +9,16 @@ import (
 
 // PostgresUserSpec defines the desired state of PostgresUser
 type PostgresUserSpec struct {
-	Role       string `json:"role"`
-	Database   string `json:"database"`
+	// Name of the PostgresRole this user will be associated with
+	Role string `json:"role"`
+	// Name of the PostgresDatabase this user will be related to
+	Database string `json:"database"`
+	// Name of the secret to create with user credentials
 	SecretName string `json:"secretName"`
 	// +optional
 	SecretTemplate map[string]string `json:"secretTemplate,omitempty"` // key-value, where key is secret field, value is go template
 	// +optional
+	// List of privileges to grant to this user
 	Privileges string `json:"privileges"`
 	// +optional
 	AWS *PostgresUserAWSSpec `json:"aws,omitempty"`
@@ -27,6 +31,8 @@ type PostgresUserSpec struct {
 // PostgresUserAWSSpec encapsulates AWS specific configuration toggles.
 type PostgresUserAWSSpec struct {
 	// +optional
+	// +kubebuilder:default=false
+	// Enable IAM authentication for this user (PostgreSQL on AWS RDS only)
 	EnableIamAuth bool `json:"enableIamAuth,omitempty"`
 }
 
@@ -37,7 +43,9 @@ type PostgresUserStatus struct {
 	PostgresLogin string `json:"postgresLogin"`
 	PostgresGroup string `json:"postgresGroup"`
 	DatabaseName  string `json:"databaseName"`
-	EnableIamAuth bool   `json:"enableIamAuth"`
+	// Reflects whether IAM authentication is enabled for this user.
+	// +optional
+	EnableIamAuth bool `json:"enableIamAuth"`
 }
 
 // +kubebuilder:object:root=true
diff --git a/config/crd/bases/db.movetokube.com_postgresusers.yaml b/config/crd/bases/db.movetokube.com_postgresusers.yaml
@@ -48,19 +48,28 @@ spec:
                   toggles.
                 properties:
                   enableIamAuth:
+                    default: false
+                    description: Enable IAM authentication for this user (PostgreSQL
+                      on AWS RDS only)
                     type: boolean
                 type: object
               database:
+                description: Name of the PostgresDatabase this user will be related
+                  to
                 type: string
               labels:
                 additionalProperties:
                   type: string
                 type: object
               privileges:
+                description: List of privileges to grant to this user
                 type: string
               role:
+                description: Name of the PostgresRole this user will be associated
+                  with
                 type: string
               secretName:
+                description: Name of the secret to create with user credentials
                 type: string
               secretTemplate:
                 additionalProperties:
@@ -77,6 +86,8 @@ spec:
               databaseName:
                 type: string
               enableIamAuth:
+                description: Reflects whether IAM authentication is enabled for this
+                  user.
                 type: boolean
               postgresGroup:
                 type: string
@@ -88,7 +99,6 @@ spec:
                 type: boolean
             required:
             - databaseName
-            - enableIamAuth
             - postgresGroup
             - postgresLogin
             - postgresRole
diff --git a/internal/controller/postgres_controller_test.go b/internal/controller/postgres_controller_test.go
@@ -72,7 +72,7 @@ var _ = Describe("PostgresReconciler", func() {
 		mockCtrl = gomock.NewController(GinkgoT())
 		pg = mockpg.NewMockPG(mockCtrl)
 		pg.EXPECT().AlterDatabaseOwner(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
-		pg.EXPECT().ReassignDatabaseOwner(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
+		pg.EXPECT().ReassignDatabaseOwner(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
 		cl = k8sClient
 		// Create runtime scheme
 		sc = scheme.Scheme
@@ -668,7 +668,7 @@ var _ = Describe("PostgresReconciler", func() {
 					pg.EXPECT().SetSchemaPrivileges(gomock.Any()).Return(nil).Times(0)
 					// stores schema
 					pg.EXPECT().CreateSchema(name, name+"-group", "stores").Return(nil).Times(1)
-					pg.EXPECT().SetSchemaPrivileges(gomock.Any()).Return(nil).Times(3)
+					pg.EXPECT().SetSchemaPrivileges(gomock.Any()).Return(nil).AnyTimes()
 				})
 
 				It("should update status", func() {
@@ -696,7 +696,7 @@ var _ = Describe("PostgresReconciler", func() {
 				It("should not recreate existing schema", func() {
 					// customers schema
 					pg.EXPECT().CreateSchema(name, name+"-group", "customers").Return(nil).Times(1)
-					pg.EXPECT().SetSchemaPrivileges(gomock.Any()).Return(nil).Times(3)
+					pg.EXPECT().SetSchemaPrivileges(gomock.Any()).Return(nil).AnyTimes()
 					// stores schema already exists
 					pg.EXPECT().CreateSchema(name, name+"-group", "stores").Times(0)
 					pg.EXPECT().SetSchemaPrivileges(gomock.Any()).Return(nil).Times(0)
diff --git a/pkg/postgres/database.go b/pkg/postgres/database.go
@@ -57,12 +57,12 @@ func (c *pg) AlterDatabaseOwner(dbname, owner string) error {
 	return err
 }
 
-func (c *pg) ReassignDatabaseOwner(dbName, currentOwner, newOwner string, logger logr.Logger) error {
+func (c *pg) ReassignDatabaseOwner(dbName, currentOwner, newOwner string) error {
 	if currentOwner == "" || newOwner == "" || currentOwner == newOwner {
 		return nil
 	}
 
-	tmpDb, err := GetConnection(c.user, c.pass, c.host, dbName, c.args, logger)
+	tmpDb, err := GetConnection(c.user, c.pass, c.host, dbName, c.args)
 	if err != nil {
 		return err
 	}
@@ -78,8 +78,8 @@ func (c *pg) ReassignDatabaseOwner(dbName, currentOwner, newOwner string, logger
 	return nil
 }
 
-func (c *pg) CreateSchema(db, role, schema string, logger logr.Logger) error {
-	tmpDb, err := GetConnection(c.user, c.pass, c.host, db, c.args, logger)
+func (c *pg) CreateSchema(db, role, schema string) error {
+	tmpDb, err := GetConnection(c.user, c.pass, c.host, db, c.args)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/postgres/mock/postgres.go b/pkg/postgres/mock/postgres.go
diff --git a/pkg/postgres/postgres.go b/pkg/postgres/postgres.go
@@ -18,8 +18,8 @@ type PG interface {
 	UpdatePassword(role, password string) error
 	GrantRole(role, grantee string) error
 	AlterDatabaseOwner(dbName, owner string) error
-	ReassignDatabaseOwner(dbName, currentOwner, newOwner string, logger logr.Logger) error
-	SetSchemaPrivileges(schemaPrivileges PostgresSchemaPrivileges, logger logr.Logger) error
+	ReassignDatabaseOwner(dbName, currentOwner, newOwner string) error
+	SetSchemaPrivileges(schemaPrivileges PostgresSchemaPrivileges) error
 	RevokeRole(role, revoked string) error
 	AlterDefaultLoginRole(role, setRole string) error
 	DropDatabase(db string) error

Original file line number	Diff line number	Diff line change
`@@ -57,12 +57,12 @@ func (c *pg) AlterDatabaseOwner(dbname, owner string) error {`
`57`	`57`	`return err`
`58`	`58`	`}`
`59`	`59`
`60`		`-func (c *pg) ReassignDatabaseOwner(dbName, currentOwner, newOwner string, logger logr.Logger) error {`
	`60`	`+func (c *pg) ReassignDatabaseOwner(dbName, currentOwner, newOwner string) error {`
`61`	`61`	`if currentOwner == "" \|\| newOwner == "" \|\| currentOwner == newOwner {`
`62`	`62`	`return nil`
`63`	`63`	`}`
`64`	`64`
`65`		`- tmpDb, err := GetConnection(c.user, c.pass, c.host, dbName, c.args, logger)`
	`65`	`+ tmpDb, err := GetConnection(c.user, c.pass, c.host, dbName, c.args)`
`66`	`66`	`if err != nil {`
`67`	`67`	`return err`
`68`	`68`	`}`
`@@ -78,8 +78,8 @@ func (c *pg) ReassignDatabaseOwner(dbName, currentOwner, newOwner string, logger`
`78`	`78`	`return nil`
`79`	`79`	`}`
`80`	`80`
`81`		`-func (c *pg) CreateSchema(db, role, schema string, logger logr.Logger) error {`
`82`		`- tmpDb, err := GetConnection(c.user, c.pass, c.host, db, c.args, logger)`
	`81`	`+func (c *pg) CreateSchema(db, role, schema string) error {`
	`82`	`+ tmpDb, err := GetConnection(c.user, c.pass, c.host, db, c.args)`
`83`	`83`	`if err != nil {`
`84`	`84`	`return err`
`85`	`85`	`}`