Merge branch 'main' into K8SPG-708-remove-hardcoded-image

Author: hors

.golangci.next.yaml

@@ -10,7 +10,6 @@ linters:
   enable:
     - contextcheck
     - err113
-    - errchkjson
     - gocritic
     - godot
     - godox
@@ -28,13 +27,16 @@ linters:
     - wastedassign
 
 issues:
+  exclude-rules:
+    # We call external linters when they are installed: Flake8, ShellCheck, etc.
+    - linters: [gosec]
+      path: '_test[.]go$'
+      text: 'G204: Subprocess launched with variable'
+
   # https://github.com/golangci/golangci-lint/issues/2239
   exclude-use-default: false
 
 linters-settings:
-  errchkjson:
-    check-error-free-encoding: true
-
   thelper:
     # https://github.com/kulti/thelper/issues/27
     tb:   { begin: true, first: true }

.golangci.yaml

@@ -3,7 +3,6 @@
 linters:
   disable:
     - contextcheck
-    - errchkjson
     - gci
     - gofumpt
     - goimports
@@ -47,6 +46,15 @@ linters-settings:
           - pkg: github.com/percona/percona-postgresql-operator/internal/testing/*
             desc: The "internal/testing" packages should be used only in tests.
 
+      tests:
+        files: ['$test']
+        deny:
+          - pkg: github.com/pkg/errors
+            desc: Use the "errors" package unless you are interacting with stack traces.
+
+  errchkjson:
+    check-error-free-encoding: true
+
   exhaustive:
     default-signifies-exhaustive: true
 
@@ -73,6 +81,10 @@ run:
   build-tags:
     - envtest
 issues:
-  exclude-dirs:
-    - pkg/generated
-    - hack
+  exclude-generated: strict
+  exclude-rules:
+    # These value types have unmarshal methods.
+    # https://github.com/raeperd/recvcheck/issues/7
+    - linters: [recvcheck]
+      path: internal/pki/pki.go
+      text: 'methods of "(Certificate|PrivateKey)"'

Makefile

@@ -9,9 +9,6 @@ PGMONITOR_DIR ?= hack/tools/pgmonitor
 PGMONITOR_VERSION ?= v4.11.0
 QUERIES_CONFIG_DIR ?= hack/tools/queries
 
-EXTERNAL_SNAPSHOTTER_DIR ?= hack/tools/external-snapshotter
-EXTERNAL_SNAPSHOTTER_VERSION ?= v8.0.1
-
 # Buildah's "build" used to be "bud". Use the alias to be compatible for a while.
 BUILDAH_BUILD ?= buildah bud
 
@@ -56,12 +53,6 @@ get-pgmonitor:
 	cp -r '$(PGMONITOR_DIR)/postgres_exporter/common/.' '${QUERIES_CONFIG_DIR}'
 	cp '$(PGMONITOR_DIR)/postgres_exporter/linux/queries_backrest.yml' '${QUERIES_CONFIG_DIR}'
 
-.PHONY: get-external-snapshotter
-get-external-snapshotter:
-	git -C '$(dir $(EXTERNAL_SNAPSHOTTER_DIR))' clone https://github.com/kubernetes-csi/external-snapshotter.git || git -C '$(EXTERNAL_SNAPSHOTTER_DIR)' fetch origin
-	@git -C '$(EXTERNAL_SNAPSHOTTER_DIR)' checkout '$(EXTERNAL_SNAPSHOTTER_VERSION)'
-	@git -C '$(EXTERNAL_SNAPSHOTTER_DIR)' config pull.ff only
-
 .PHONY: clean
 clean: ## Clean resources
 clean: clean-deprecated
@@ -209,7 +200,7 @@ check: get-pgmonitor
 check-envtest: ## Run check using envtest and a mock kube api
 check-envtest: ENVTEST_USE = hack/tools/setup-envtest --bin-dir=$(CURDIR)/hack/tools/envtest use $(ENVTEST_K8S_VERSION)
 check-envtest: SHELL = bash
-check-envtest: get-pgmonitor get-external-snapshotter
+check-envtest: get-pgmonitor tools/setup-envtest
 	GOBIN='$(CURDIR)/hack/tools' $(GO) install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 	@$(ENVTEST_USE) --print=overview && echo
 	source <($(ENVTEST_USE) --print=env) && PGO_NAMESPACE="postgres-operator" QUERIES_CONFIG_DIR="$(CURDIR)/${QUERIES_CONFIG_DIR}" \
@@ -221,7 +212,7 @@ check-envtest: get-pgmonitor get-external-snapshotter
 # make check-envtest-existing PGO_TEST_TIMEOUT_SCALE=1.2
 .PHONY: check-envtest-existing
 check-envtest-existing: ## Run check using envtest and an existing kube api
-check-envtest-existing: get-pgmonitor get-external-snapshotter
+check-envtest-existing: get-pgmonitor
 check-envtest-existing: createnamespaces
 	kubectl apply --server-side -k ./config/dev
 	USE_EXISTING_CLUSTER=true PGO_NAMESPACE="postgres-operator" QUERIES_CONFIG_DIR="$(CURDIR)/${QUERIES_CONFIG_DIR}" \

build/crd/crunchy/generated/postgres-operator.crunchydata.com_pgupgrades.yaml

@@ -20451,6 +20451,10 @@ spec:
                         type: string
                       type: array
                       x-kubernetes-list-type: set
+                    grantPublicSchemaAccess:
+                      description: Grant the user access to the public schema in each
+                        database listed under `databases`.
+                      type: boolean
                     name:
                       description: |-
                         The name of this PostgreSQL user. The value may contain only lowercase
@@ -20829,10 +20833,6 @@ spec:
                         type:
                           description: The pgBackRest backup type for this Job
                           type: string
-                      required:
-                      - cronJobName
-                      - repo
-                      - type
                       type: object
                     type: array
                 type: object

build/crd/crunchy/generated/postgres-operator.crunchydata.com_postgresclusters.yaml

@@ -58,8 +58,8 @@ spec:
             properties:
               autoCreateUserSchema:
                 description: |-
-                  Whether or not the cluster has schemas automatically created for the user
-                  defined in `spec.users` for all of the databases listed for that user.
+                  Indicates whether schemas are automatically created for the user
+                  specified in `spec.users` across all databases associated with that user.
                 type: boolean
               backups:
                 description: PostgreSQL backup configuration
@@ -18252,6 +18252,10 @@ spec:
                         type: string
                       type: array
                       x-kubernetes-list-type: set
+                    grantPublicSchemaAccess:
+                      description: Grant the user access to the public schema in each
+                        database listed under `databases`.
+                      type: boolean
                     name:
                       description: |-
                         The name of this PostgreSQL user. The value may contain only lowercase
@@ -18303,6 +18307,11 @@ spec:
             - instances
             - postgresVersion
             type: object
+            x-kubernetes-validations:
+            - message: PostgresVersion must be >= 15 if grantPublicSchemaAccess exists
+                and is true
+              rule: '!has(self.users) || self.postgresVersion >= 15 || self.users.all(u,
+                !has(u.grantPublicSchemaAccess) || !u.grantPublicSchemaAccess)'
           status:
             properties:
               host:

build/crd/percona/generated/pgv2.percona.com_perconapgclusters.yaml

@@ -16,7 +16,6 @@ package main
 */
 
 import (
-	"bytes"
 	"context"
 	"io"
 	"os"
@@ -96,18 +95,13 @@ func main() {
 	cmd := createPGBackRestCommand(cfg)
 	log.Infof("command to execute is [%s]", strings.Join(cmd, " "))
 
-	var output, stderr string
 	// now run the proper exec command depending on whether or not the config hashes should first
 	// be compared prior to executing the PGBackRest command
 	if !cfg.compareHash {
-		output, stderr, err = runCommand(ctx, k, cfg, cmd)
+		err = runCommand(ctx, k, cfg, cmd)
 	} else {
-		output, stderr, err = compareHashAndRunCommand(ctx, k, cfg, cmd)
+		err = compareHashAndRunCommand(ctx, k, cfg, cmd)
 	}
-
-	// log any output and check for errors
-	log.Info("output=[" + output + "]")
-	log.Info("stderr=[" + stderr + "]")
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -117,13 +111,11 @@ func main() {
 
 // Exec returns the stdout and stderr from running a command inside an existing
 // container.
-func (k *KubeAPI) Exec(ctx context.Context, namespace, pod, container string, stdin io.Reader, command []string) (string, string, error) {
-	var stdout, stderr bytes.Buffer
-
+func (k *KubeAPI) Exec(ctx context.Context, namespace, pod, container string, stdin io.Reader, command []string) error {
 	Scheme := runtime.NewScheme()
 	if err := corev1.AddToScheme(Scheme); err != nil {
 		log.Error(err)
-		return "", "", err
+		return err
 	}
 	ParameterCodec := runtime.NewParameterCodec(Scheme)
 
@@ -140,15 +132,58 @@ func (k *KubeAPI) Exec(ctx context.Context, namespace, pod, container string, st
 
 	exec, err := remotecommand.NewSPDYExecutor(k.Config, "POST", request.URL())
 
-	if err == nil {
-		err = exec.StreamWithContext(ctx, remotecommand.StreamOptions{
-			Stdin:  stdin,
-			Stdout: &stdout,
-			Stderr: &stderr,
-		})
-	}
+	stdoutReader, stdoutWriter := io.Pipe()
+	defer func() {
+		if err := stdoutWriter.Close(); err != nil {
+			log.Errorf("error closing stdoutWriter: %v", err)
+		}
+	}()
+
+	stderrReader, stderrWriter := io.Pipe()
+	defer func() {
+		if err := stderrWriter.Close(); err != nil {
+			log.Errorf("error closing stderrWriter: %v", err)
+		}
+	}()
+
+	go streamUsingPrefix("[pgbackrest:stdout]", stdoutReader)
+	go streamUsingPrefix("[pgbackrest:stderr]", stderrReader)
+
+	err = exec.StreamWithContext(ctx, remotecommand.StreamOptions{
+		Stdin:  stdin,
+		Stdout: stdoutWriter,
+		Stderr: stderrWriter,
+	})
 
-	return stdout.String(), stderr.String(), err
+	return err
+}
+
+// streamUsingPrefix reads from an io.Reader line by line and logs each line
+// prefixing it with a custom label provided as input.
+func streamUsingPrefix(prefix string, reader io.Reader) {
+	buf := make([]byte, 4096)
+	line := ""
+	for {
+		n, err := reader.Read(buf)
+		if n > 0 {
+			line += string(buf[:n])
+			for strings.Contains(line, "\n") {
+				idx := strings.Index(line, "\n")
+				part := line[:idx]
+				log.Infof("%s %s", prefix, part)
+				line = line[idx+1:]
+			}
+		}
+		if err != nil {
+			if err != io.EOF {
+				log.Errorf("%s error reading: %v", prefix, err)
+			}
+			break
+		}
+	}
+	if line != "" {
+		log.Infof("%s %s", prefix, line)
+	}
 }
 
 func NewConfig() (*rest.Config, error) {
@@ -313,7 +348,7 @@ func createPGBackRestCommand(cfg config) []string {
 // command.  Only if the hashes match will the pgBackRest command be run, otherwise and error will
 // be written and exit code 1 will be returned.  This is done to ensure a pgBackRest command is only
 // run when it can be verified that the exepected configuration is present.
-func compareHashAndRunCommand(ctx context.Context, kubeapi *KubeAPI, cfg config, cmd []string) (string, string, error) {
+func compareHashAndRunCommand(ctx context.Context, kubeapi *KubeAPI, cfg config, cmd []string) error {
 	// the base script used in both the local and exec commands created below
 	baseScript := `
 shopt -s globstar
@@ -352,7 +387,7 @@ fi
 
 // runCommand runs the provided pgBackRest command according to the configuration
 // provided
-func runCommand(ctx context.Context, kubeapi *KubeAPI, cfg config, cmd []string) (string, string, error) {
+func runCommand(ctx context.Context, kubeapi *KubeAPI, cfg config, cmd []string) error {
 	bashCmd := []string{"bash"}
 	reader := strings.NewReader(strings.Join(cmd, " "))
 	return kubeapi.Exec(ctx, cfg.namespace, cfg.podName, cfg.container, reader, bashCmd)

cmd/pgbackrest/main.go

@@ -92,7 +92,12 @@ func main() {
 	assertNoError(err)
 
 	assertNoError(features.Set(os.Getenv("PGO_FEATURE_GATES")))
-	log.Info("feature gates enabled", "PGO_FEATURE_GATES", features.String())
+	ctx = feature.NewContext(ctx, features)
+	log.Info("feature gates",
+		// These are set by the user
+		"PGO_FEATURE_GATES", feature.ShowAssigned(ctx),
+		// These are enabled, including features that are on by default
+		"enabled", feature.ShowEnabled(ctx))
 
 	cruntime.SetLogger(log)
 

cmd/postgres-operator/main.go

@@ -463,8 +463,8 @@ spec:
             properties:
               autoCreateUserSchema:
                 description: |-
-                  Whether or not the cluster has schemas automatically created for the user
-                  defined in `spec.users` for all of the databases listed for that user.
+                  Indicates whether schemas are automatically created for the user
+                  specified in `spec.users` across all databases associated with that user.
                 type: boolean
               backups:
                 description: PostgreSQL backup configuration
@@ -18657,6 +18657,10 @@ spec:
                         type: string
                       type: array
                       x-kubernetes-list-type: set
+                    grantPublicSchemaAccess:
+                      description: Grant the user access to the public schema in each
+                        database listed under `databases`.
+                      type: boolean
                     name:
                       description: |-
                         The name of this PostgreSQL user. The value may contain only lowercase
@@ -18708,6 +18712,11 @@ spec:
             - instances
             - postgresVersion
             type: object
+            x-kubernetes-validations:
+            - message: PostgresVersion must be >= 15 if grantPublicSchemaAccess exists
+                and is true
+              rule: '!has(self.users) || self.postgresVersion >= 15 || self.users.all(u,
+                !has(u.grantPublicSchemaAccess) || !u.grantPublicSchemaAccess)'
           status:
             properties:
               host:

config/crd/bases/pgv2.percona.com_perconapgclusters.yaml

@@ -20349,6 +20349,10 @@ spec:
                         type: string
                       type: array
                       x-kubernetes-list-type: set
+                    grantPublicSchemaAccess:
+                      description: Grant the user access to the public schema in each
+                        database listed under `databases`.
+                      type: boolean
                     name:
                       description: |-
                         The name of this PostgreSQL user. The value may contain only lowercase
@@ -20727,10 +20731,6 @@ spec:
                         type:
                           description: The pgBackRest backup type for this Job
                           type: string
-                      required:
-                      - cronJobName
-                      - repo
-                      - type
                       type: object
                     type: array
                 type: object