fix: make compatbile for Azure Database for PostgreSQL (#21)

* feat: support for Azure managed Postgres database
* feat: new config variable: POSTGRES_DEFAULT_DATABASE to use for connecting to the database
* add login attribute to CRD
* chore: manual replaced github.com entries to relative directory so git diff is smaller

Author: Pieter C

deploy/crds/db.movetokube.com_postgresusers_crd.yaml

@@ -51,13 +51,16 @@ spec:
               type: string
             postgresGroup:
               type: string
+            postgresLogin:
+              type: string
             postgresRole:
               type: string
             succeeded:
               type: boolean
           required:
           - databaseName
           - postgresGroup
+          - postgresLogin
           - postgresRole
           - succeeded
           type: object

pkg/apis/db/v1alpha1/postgresuser_types.go

@@ -22,6 +22,7 @@ type PostgresUserSpec struct {
 type PostgresUserStatus struct {
 	Succeeded     bool   `json:"succeeded"`
 	PostgresRole  string `json:"postgresRole"`
+	PostgresLogin string `json:"postgresLogin"`
 	PostgresGroup string `json:"postgresGroup"`
 	DatabaseName  string `json:"databaseName"`
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster

pkg/apis/db/v1alpha1/zz_generated.openapi.go

@@ -293,6 +293,12 @@ func schema_pkg_apis_db_v1alpha1_PostgresUserStatus(ref common.ReferenceCallback
 							Format: "",
 						},
 					},
+					"postgresLogin": {
+						SchemaProps: spec.SchemaProps{
+							Type:   []string{"string"},
+							Format: "",
+						},
+					},
 					"postgresGroup": {
 						SchemaProps: spec.SchemaProps{
 							Type:   []string{"string"},
@@ -306,7 +312,7 @@ func schema_pkg_apis_db_v1alpha1_PostgresUserStatus(ref common.ReferenceCallback
 						},
 					},
 				},
-				Required: []string{"succeeded", "postgresRole", "postgresGroup", "databaseName"},
+				Required: []string{"succeeded", "postgresRole", "postgresLogin", "postgresGroup", "databaseName"},
 			},
 		},
 	}

pkg/controller/postgres/postgres_controller.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	goerr "errors"
 	"fmt"
+
 	"github.com/go-logr/logr"
 	dbv1alpha1 "github.com/movetokube/postgres-operator/pkg/apis/db/v1alpha1"
 	"github.com/movetokube/postgres-operator/pkg/postgres"
@@ -35,7 +36,8 @@ func newReconciler(mgr manager.Manager) reconcile.Reconciler {
 	pgPass := utils.MustGetEnv("POSTGRES_PASS")
 	pgUriArgs := utils.MustGetEnv("POSTGRES_URI_ARGS")
 	pgCloudProvider := utils.GetEnv("POSTGRES_CLOUD_PROVIDER")
-	pg, err := postgres.NewPG(pgHost, pgUser, pgPass, pgUriArgs, pgCloudProvider, log.WithName("postgres"))
+	pgDefaultDatabase := utils.GetEnv("POSTGRES_DEFAULT_DATABASE")
+	pg, err := postgres.NewPG(pgHost, pgUser, pgPass, pgUriArgs, pgDefaultDatabase, pgCloudProvider, log.WithName("postgres"))
 	if err != nil {
 		return nil
 	}

pkg/controller/postgresuser/postgresuser_controller.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	goerr "errors"
 	"fmt"
+
 	"github.com/go-logr/logr"
 	dbv1alpha1 "github.com/movetokube/postgres-operator/pkg/apis/db/v1alpha1"
 	"github.com/movetokube/postgres-operator/pkg/postgres"
@@ -44,7 +45,8 @@ func newReconciler(mgr manager.Manager) reconcile.Reconciler {
 	pgPass := utils.MustGetEnv("POSTGRES_PASS")
 	pgUriArgs := utils.MustGetEnv("POSTGRES_URI_ARGS")
 	pgCloudProvider := utils.GetEnv("POSTGRES_CLOUD_PROVIDER")
-	pg, err := postgres.NewPG(pgHost, pgUser, pgPass, pgUriArgs, pgCloudProvider, log.WithName("postgres"))
+	pgDefaultDatabase := utils.GetEnv("POSTGRES_DEFAULT_DATABASE")
+	pg, err := postgres.NewPG(pgHost, pgUser, pgPass, pgUriArgs, pgDefaultDatabase, pgCloudProvider, log.WithName("postgres"))
 	if err != nil {
 		return nil
 	}
@@ -139,7 +141,7 @@ func (r *ReconcilePostgresUser) Reconcile(request reconcile.Request) (reconcile.
 	}
 
 	// Creation logic
-	var role string
+	var role, login string
 	password := utils.GetRandomString(15)
 
 	if instance.Status.PostgresRole == "" {
@@ -151,7 +153,7 @@ func (r *ReconcilePostgresUser) Reconcile(request reconcile.Request) (reconcile.
 		// Create user role
 		suffix := utils.GetRandomString(6)
 		role = fmt.Sprintf("%s-%s", instance.Spec.Role, suffix)
-		err = r.pg.CreateUserRole(role, password)
+		login, err = r.pg.CreateUserRole(role, password)
 		if err != nil {
 			return r.requeue(instance, errors.NewInternalError(err))
 		}
@@ -181,13 +183,15 @@ func (r *ReconcilePostgresUser) Reconcile(request reconcile.Request) (reconcile.
 
 		instance.Status.PostgresRole = role
 		instance.Status.PostgresGroup = groupRole
+		instance.Status.PostgresLogin = login
 		instance.Status.DatabaseName = database.Spec.Database
 		err = r.client.Status().Update(context.TODO(), instance)
 		if err != nil {
 			return r.requeue(instance, err)
 		}
 	} else {
 		role = instance.Status.PostgresRole
+		login = instance.Status.PostgresLogin
 	}
 
 	err = r.addFinalizer(reqLogger, instance)
@@ -199,7 +203,7 @@ func (r *ReconcilePostgresUser) Reconcile(request reconcile.Request) (reconcile.
 		return r.requeue(instance, err)
 	}
 
-	secret := r.newSecretForCR(instance, role, password)
+	secret := r.newSecretForCR(instance, role, password, login)
 
 	// Set PostgresUser instance as the owner and controller
 	if err := controllerutil.SetControllerReference(instance, secret, r.scheme); err != nil {
@@ -248,7 +252,7 @@ func (r *ReconcilePostgresUser) addFinalizer(reqLogger logr.Logger, m *dbv1alpha
 	return nil
 }
 
-func (r *ReconcilePostgresUser) newSecretForCR(cr *dbv1alpha1.PostgresUser, role, password string) *corev1.Secret {
+func (r *ReconcilePostgresUser) newSecretForCR(cr *dbv1alpha1.PostgresUser, role, password, login string) *corev1.Secret {
 	pgUserUrl := fmt.Sprintf("postgresql://%s:%s@%s/%s", role, password, r.pgHost, cr.Status.DatabaseName)
 	labels := map[string]string{
 		"app": cr.Name,
@@ -263,6 +267,7 @@ func (r *ReconcilePostgresUser) newSecretForCR(cr *dbv1alpha1.PostgresUser, role
 			"POSTGRES_URL": []byte(pgUserUrl),
 			"ROLE":         []byte(role),
 			"PASSWORD":     []byte(password),
+			"LOGIN":        []byte(login),
 		},
 	}
 }

pkg/postgres/aws.go

@@ -11,10 +11,10 @@ type awspg struct {
 	pg
 }
 
-func newAWSPG(postgres *pg) (PG, error) {
+func newAWSPG(postgres *pg) PG {
 	return &awspg{
 		*postgres,
-	}, nil
+	}
 }
 
 func (c *awspg) AlterDefaultLoginRole(role, setRole string) error {

pkg/postgres/azure.go

@@ -0,0 +1,49 @@
+package postgres
+
+import (
+	"fmt"
+	"strings"
+)
+
+type azurepg struct {
+	serverName string
+	pg
+}
+
+func newAzurePG(postgres *pg) PG {
+	splitUser := strings.Split(postgres.user, "@")
+	serverName := ""
+	if len(splitUser) > 1 {
+		serverName = splitUser[1]
+	}
+	return &azurepg{
+		serverName,
+		*postgres,
+	}
+}
+
+func (azpg *azurepg) CreateUserRole(role, password string) (string, error) {
+	returnedRole, err := azpg.pg.CreateUserRole(role, password)
+	if err != nil {
+		return "", err
+	}
+	return fmt.Sprintf("%s@%s", returnedRole, azpg.serverName), nil
+}
+
+func (azpg *azurepg) GetRoleForLogin(login string) string {
+	splitUser := strings.Split(azpg.user, "@")
+	if len(splitUser) > 1 {
+		return splitUser[0]
+	}
+	return login
+}
+
+func (azpg *azurepg) CreateDB(dbname, role string) error {
+	// Have to add the master role to the group role before we can transfer the database owner
+	err := azpg.GrantRole(role, azpg.GetRoleForLogin(azpg.user))
+	if err != nil {
+		return err
+	}
+
+	return azpg.pg.CreateDB(dbname, role)
+}

pkg/postgres/postgres.go

@@ -12,7 +12,7 @@ type PG interface {
 	CreateDB(dbname, username string) error
 	CreateSchema(db, role, schema string, logger logr.Logger) error
 	CreateGroupRole(role string) error
-	CreateUserRole(role, password string) error
+	CreateUserRole(role, password string) (string, error)
 	UpdatePassword(role, password string) error
 	GrantRole(role, grantee string) error
 	SetSchemaPrivileges(db, creator, role, schema, privs string, logger logr.Logger) error
@@ -32,9 +32,9 @@ type pg struct {
 	args string
 }
 
-func NewPG(host, user, password, uri_args, cloud_type string, logger logr.Logger) (PG, error) {
+func NewPG(host, user, password, uri_args, default_database, cloud_type string, logger logr.Logger) (PG, error) {
 	postgres := &pg{
-		db:   GetConnection(user, password, host, "", uri_args, logger),
+		db:   GetConnection(user, password, host, default_database, uri_args, logger),
 		log:  logger,
 		host: host,
 		user: user,
@@ -44,7 +44,9 @@ func NewPG(host, user, password, uri_args, cloud_type string, logger logr.Logger
 
 	switch cloud_type {
 	case "AWS":
-		return newAWSPG(postgres)
+		return newAWSPG(postgres), nil
+	case "Azure":
+		return newAzurePG(postgres), nil
 	default:
 		return postgres, nil
 	}

pkg/postgres/role.go

@@ -28,12 +28,12 @@ func (c *pg) CreateGroupRole(role string) error {
 	return nil
 }
 
-func (c *pg) CreateUserRole(role, password string) error {
+func (c *pg) CreateUserRole(role, password string) (string, error) {
 	_, err := c.db.Exec(fmt.Sprintf(CREATE_USER_ROLE, role, password))
 	if err != nil {
-		return err
+		return "", err
 	}
-	return nil
+	return role, nil
 }
 
 func (c *pg) GrantRole(role, grantee string) error {