Skip to content

Feature/add revoke logic to grant pr1#207

Merged
Duologic merged 3 commits into
crossplane-contrib:masterfrom
kyriba:feature/add-revoke-logic-to-grant-pr1
Jan 13, 2025
Merged

Feature/add revoke logic to grant pr1#207
Duologic merged 3 commits into
crossplane-contrib:masterfrom
kyriba:feature/add-revoke-logic-to-grant-pr1

Conversation

@olikyr

@olikyr olikyr commented Jan 7, 2025

Copy link
Copy Markdown

Description of your changes

This is a sub PR of
#200

  1. I added a field called revokePublicOnDb in grant resource; if true, it will revoke from public access to DB; This usually a DBA requirement.
  2. I added a field called isPrivate revokePublicOnSchema in schema resource; if true, it will revoke from public access to a schema; This usually a DBA requirement.

I have:

  • Read and followed Crossplane's contribution process.
  • Run make reviewable to ensure this PR is ready for review.

How has this code been tested

inside the project

make clean
make build
make reviewable

@olikyr olikyr force-pushed the feature/add-revoke-logic-to-grant-pr1 branch from 4072a84 to ddac9e2 Compare January 7, 2025 15:13
… Schema resource isPrivate, added a revoke to database for non-owner users

update mariadb version to be similar to master version
use of HELM varibale instead of HELM3

Signed-off-by: oliver.zokra <oliver.zokra@kyriba.com>
@olikyr olikyr force-pushed the feature/add-revoke-logic-to-grant-pr1 branch from ddac9e2 to 6f2a496 Compare January 7, 2025 15:15

@Duologic Duologic left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are the parameters named differently?

@olikyr

olikyr commented Jan 10, 2025

Copy link
Copy Markdown
Author

I think you are right about this inconsistency, either they should be both isPrivate, or for schema adopt RevokePublicOnSchema.
I would go with RevokePublicOnSchema and RevokePublicOnDB as we are doing a specific command and I am afraid that private could infer a bigger context.
What do you think?

@Duologic

Copy link
Copy Markdown
Member

yeah, that's alright

Signed-off-by: oliver.zokra <oliver.zokra@kyriba.com>
@Duologic Duologic enabled auto-merge (squash) January 13, 2025 09:24
@Duologic Duologic disabled auto-merge January 13, 2025 09:25
Signed-off-by: oliver.zokra <oliver.zokra@kyriba.com>
@Duologic Duologic enabled auto-merge (squash) January 13, 2025 10:49
@Duologic Duologic merged commit fcd50ac into crossplane-contrib:master Jan 13, 2025
markphillips100 added a commit to markphillips100/provider-sql that referenced this pull request Jun 16, 2025
* Refresh build system - update to latest Go, Up, crossplane-runtime etc (crossplane-contrib#182)

* go get github.com/crossplane/crossplane-tools@master && go mod tidy && make generate

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* Add latest crossplane-runtime (including managementPolicies)

go get github.com/crossplane/crossplane-runtime@latest && go mod tidy && make generate

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* Update controller-runtime API after breaking changes upstream

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* Bump build/ and up version to be compatible with newer docker

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* Avoid deprecated k8s.io/utils/pointer

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* Bump Go to 1.21, golangci-linter to 1.54 (match build/)

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* Integration test: Set registry to xpkg.upbound.io/

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* Integration test: OS for Kind is always Linux

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

---------

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* PostgreSQL CREATE SCHEMA support (crossplane-contrib#181)

* Schema controller for PostgreSQL

This adds support for CREATE SCHEMA (not any DDL like Schema hero).
This is needed to run third party solutions that require the schema
to exist, like grafana operator and temporal operator.

Co-authored-by: Lars Haugan <456305+larhauga@users.noreply.github.com>
Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* Generate files for PostgreSQL Schema

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* Expand PostgreSQL config example to include secret and ssl mode, docker info

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* Avoid new(string) and use nicer ptr.To values in test

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

---------

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>
Co-authored-by: Lars Haugan <456305+larhauga@users.noreply.github.com>

* chore: add provider install documentation (crossplane-contrib#174)

Signed-off-by: Bastien CERIANI <bastien.ceriani@gmail.com>

* Give MySQL sql_log_bin at DSN level to take parameter into account (crossplane-contrib#171)

Signed-off-by: Florian Gaillot <fgaillot@qosenergy.com>

* change the host with endpoint to make it worked

Signed-off-by: Batuhan Apaydin <batuhan.apaydin@chainguard.dev>

* ci: fix upload-artifact ref

* allow to define login db (crossplane-contrib#192)

Signed-off-by: bakito <github@bakito.ch>

* add support for mssql schema in grants (crossplane-contrib#193)

Signed-off-by: bakito <github@bakito.ch>

* optional binlog parameters in mysql connection string to allow the use of DB default setting (crossplane-contrib#201)

Signed-off-by: Marius Leahu <Marius.Leahu@swisscom.com>

* fix: remove unneeded flush privileges call for mysql (crossplane-contrib#202)

Signed-off-by: Marius Ziemke <marius@ziemke.net>
Co-authored-by: Marius Ziemke <marius@ziemke.net>

* feat: add custom tls config support to mysql (crossplane-contrib#184)

* feat: add custom tls config support

Signed-off-by: Mathieu Frenette <silphid@users.noreply.github.com>

* use provider config name to make tls name unique

Signed-off-by: Mathieu Frenette <silphid@users.noreply.github.com>

* refactor integration tests into modular functions

Signed-off-by: Mathieu Frenette <silphid@users.noreply.github.com>

---------

Signed-off-by: Mathieu Frenette <silphid@users.noreply.github.com>
Co-authored-by: Mathieu Frenette <silphid@users.noreply.github.com>

* refactor(mysql): consistent username/host parameters (crossplane-contrib#205)

Signed-off-by: Duologic <jeroen@simplistic.be>

* chore: update build/, Makefile and integration test script (crossplane-contrib#204)

Signed-off-by: Duologic <jeroen@simplistic.be>

* feat(postgresql): add revoke public logic to grant and schema resources (crossplane-contrib#207)

- added a field called revokePublicOnDb in grant resource; if true, it will revoke from public access to DB; This usually a DBA requirement.
- added a field called revokePublicOnSchema in schema resource; if true, it will revoke from public access to a schema; This usually a DBA requirement.

Signed-off-by: oliver.zokra <oliver.zokra@kyriba.com>

* test(postgresql): implement postgresdb integration tests (crossplane-contrib#208)

Signed-off-by: oliver.zokra <oliver.zokra@kyriba.com>

* update helm repo before intalling mariadb (crossplane-contrib#209)

Signed-off-by: oliver.zokra <oliver.zokra@kyriba.com>

* chore: add chlunde to maintainers list (crossplane-contrib#225)

Signed-off-by: Duologic <jeroen@simplistic.be>

* bump github actions upload-action to latest release due to deprecation

Signed-off-by: Lars Haugan <lars.haugan@sparebank1.no>

* chore: bump golangci version (crossplane-contrib#216)

* chore: bump golangci

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

* chore: bump golangci on github actions workflow

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

* chore: bump golangci up to v2, bump up all action dependencies

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

* chore: even more actions pinned

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

---------

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

* chore: Update Go to 1.23.9 (crossplane-contrib#230)

Go 1.23.9 is a security update, and we also need to update
Go to get dependabot security updates out (dependabot does not
run 'go mod tidy').

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* Bump golang.org/x/crypto from 0.21.0 to 0.35.0 (crossplane-contrib#229)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.35.0.
- [Commits](golang/crypto@v0.21.0...v0.35.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.35.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump golang.org/x/net from 0.25.0 to 0.38.0 (crossplane-contrib#231)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.25.0 to 0.38.0.
- [Commits](golang/net@v0.25.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (crossplane-contrib#232)

Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.33.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: enable management policies (crossplane-contrib#215)

* fix: enable management policies

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

* fix: linter

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

* chore: offload lint changes to crossplane-contrib#216

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

* chore: revert changes as per peer review

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

---------

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

* Move negz to emeritus status (crossplane-contrib#226)

As requested on slack

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* test: add coverage of managementPolicies to e2e (crossplane-contrib#233)

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>

* chore: remove duplicate entry of golangci version (crossplane-contrib#236)

* chore: remove duplicate entry of golangci version

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

* chore: bump up versions for crossplane 1.20

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

* chore: restore changes

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

---------

Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>

* Refactor

* Revert to previous usertype contants

---------

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>
Signed-off-by: Bastien CERIANI <bastien.ceriani@gmail.com>
Signed-off-by: Florian Gaillot <fgaillot@qosenergy.com>
Signed-off-by: Batuhan Apaydin <batuhan.apaydin@chainguard.dev>
Signed-off-by: bakito <github@bakito.ch>
Signed-off-by: Marius Leahu <Marius.Leahu@swisscom.com>
Signed-off-by: Marius Ziemke <marius@ziemke.net>
Signed-off-by: Mathieu Frenette <silphid@users.noreply.github.com>
Signed-off-by: Duologic <jeroen@simplistic.be>
Signed-off-by: oliver.zokra <oliver.zokra@kyriba.com>
Signed-off-by: Lars Haugan <lars.haugan@sparebank1.no>
Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Carl Henrik Lunde <chlunde@ifi.uio.no>
Co-authored-by: Lars Haugan <456305+larhauga@users.noreply.github.com>
Co-authored-by: Bastien Cer <bastien.ceriani@gmail.com>
Co-authored-by: fgaillot-qosenergy <67331418+fgaillot-qosenergy@users.noreply.github.com>
Co-authored-by: Batuhan Apaydin <batuhan.apaydin@chainguard.dev>
Co-authored-by: Hasan Turken <turkenh@gmail.com>
Co-authored-by: Duologic <jeroen@simplistic.be>
Co-authored-by: Marc Brugger <github@bakito.ch>
Co-authored-by: Marius Leahu <11443917+mleahu@users.noreply.github.com>
Co-authored-by: Marius Ziemke <marius@ziemke.net>
Co-authored-by: Mathieu Frenette <1917993+silphid@users.noreply.github.com>
Co-authored-by: Mathieu Frenette <silphid@users.noreply.github.com>
Co-authored-by: olikyr <oliver.zokra@kyriba.com>
Co-authored-by: Lars Haugan <lars.haugan@sparebank1.no>
Co-authored-by: J. Fernández <7312236+fernandezcuesta@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
xocasdashdash pushed a commit to xocasdashdash/provider-sql that referenced this pull request Feb 11, 2026
…es (crossplane-contrib#207)

- added a field called revokePublicOnDb in grant resource; if true, it will revoke from public access to DB; This usually a DBA requirement.
- added a field called revokePublicOnSchema in schema resource; if true, it will revoke from public access to a schema; This usually a DBA requirement.

Signed-off-by: oliver.zokra <oliver.zokra@kyriba.com>
Signed-off-by: Joaquín Fernández Campo <xocasdashdash@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants