Skip to content

feat: Grant additional access for Groups & Recocile logic for masterRole Changes & Metrics Support #253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 40 commits into
base: master
Choose a base branch
from
Open

feat: Grant additional access for Groups & Recocile logic for masterRole Changes & Metrics Support #253

wants to merge 40 commits into from

Conversation

tkcontiant
Copy link
Contributor

@tkcontiant tkcontiant commented Sep 17, 2025
edited
Loading

I notice we are missing sequences and functions access.

  • Owner-Group user should have Grant ALL, as it will most likely be used for Flyway migrations, etc.
ownerPrivs          = "ALL"
ownerFunctionPrivs  = "ALL"
ownerSequencePrivs  = "ALL"

The Second Writer-Group should have limited access to Sequences and execute the Functions.

writerSequencePrivs = "USAGE,SELECT"
writerFunctionPrivs = "EXECUTE"

Reader-Group remains the same

Update Owner-Group if the masterRole was renamed or changed

  • I assume the operator needs to keep the state always, as defined in the CRD

Re-assign the user group membership

  • My user was a reader, and I needed to be part of a writer or owner group.

Leader election

  • Enable Leader election for the operator, allowing the organizations to run the operator in HA mode
  • Update the RBAC so Operator can access the correct privileges to acquire the leader lock
  • Enable the Prometheus metrics endpoint

PodMonitor

Added for Prometheus Operator Discovery
PodMonitor

Enable Metrics

  • Useful metrics are already available
# TYPE controller_runtime_reconcile_total counter
controller_runtime_reconcile_total{controller="postgres",result="error"} 0
controller_runtime_reconcile_total{controller="postgres",result="requeue"} 0
controller_runtime_reconcile_total{controller="postgres",result="requeue_after"} 0
controller_runtime_reconcile_total{controller="postgres",result="success"} 0
controller_runtime_reconcile_total{controller="postgresuser",result="error"} 0
controller_runtime_reconcile_total{controller="postgresuser",result="requeue"} 0
controller_runtime_reconcile_total{controller="postgresuser",result="requeue_after"} 0
controller_runtime_reconcile_total{controller="postgresuser",result="success"} 0

@tkcontiant tkcontiant marked this pull request as draft September 18, 2025 09:24
@tkcontiant tkcontiant marked this pull request as ready for review September 19, 2025 12:33
@tkcontiant tkcontiant changed the title feat: Grant additional access for Sequences and Functions feat: Grant additional access for Groups & Provide Recocile logic for masterRole Change & Metrics Support Sep 19, 2025
@tkcontiant tkcontiant changed the title feat: Grant additional access for Groups & Provide Recocile logic for masterRole Change & Metrics Support feat: Grant additional access for Groups & Provide Recocile logic for masterRole Changes & Metrics Support Sep 19, 2025
@tkcontiant tkcontiant changed the title feat: Grant additional access for Groups & Provide Recocile logic for masterRole Changes & Metrics Support feat: Grant additional access for Groups & Recocile logic for masterRole Changes & Metrics Support Sep 19, 2025
@tkcontiant tkcontiant marked this pull request as draft September 19, 2025 13:12
@tkcontiant tkcontiant marked this pull request as ready for review September 19, 2025 15:48
@tkcontiant tkcontiant force-pushed the feat/support-sequences-and-functions branch from c680836 to 6b789fe Compare September 19, 2025 15:50
pcallewaert
pcallewaert reviewed Sep 22, 2025
View reviewed changes
Copy link
Contributor

@pcallewaert pcallewaert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I like all these improvements. Some feedback added.

@tkcontiant tkcontiant force-pushed the feat/support-sequences-and-functions branch from 1469980 to 738f725 Compare September 25, 2025 15:35
@tkcontiant tkcontiant force-pushed the feat/support-sequences-and-functions branch from 2216b8c to d590544 Compare September 25, 2025 16:31
@tkcontiant
Copy link
Contributor Author

Thanks, I like all these improvements. Some feedback added.

Thanks for the review. I believe we are ready.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pcallewaert pcallewaert pcallewaert left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tkcontiant @pcallewaert