Merge branch 'master' into master

README.md

@@ -28,12 +28,7 @@ Please consider sponsoring my work
 <a class="github-button" href="https://github.com/sponsors/hitman99" data-icon="octicon-heart" data-size="large" aria-label="Sponsor @hitman99 on GitHub">Sponsor</a>
 
 ### Current Sponsors
-
-<p align="center">
-    <a href="https://github.com/ElementAnalytics">
-        <img src="https://github.com/ElementAnalytics.png" width="50px" alt="ElementAnalytics" />
-    </a>
-</p>
+None
 
 ## Features
 
@@ -76,9 +71,17 @@ These environment variables are embedded in [deploy/operator.yaml](deploy/operat
 * `WATCH_NAMESPACE` - which namespace to watch. Defaults to empty string for all namespaces
 * `OPERATOR_NAME` - name of the operator, defaults to `ext-postgres-operator` 
 * `POSTGRES_INSTANCE` - identity of operator, this matched with `postgres.db.movetokube.com/instance` in CRs. Default is empty
+* `KEEP_SECRET_NAME` - use secret name as provided by user (disabled by default)
 
 `POSTGRES_INSTANCE` is only available since version 1.2.0
 
+> While using `KEEP_SECRET_NAME` could be a convenient way to define secrets with predictable and explicit names, 
+> the default logic reduces risk of operator from entering the endless reconcile loop as secret is very unlikely to exist. 
+>
+> The administrator should ensure that the `SecretName` does not collide with other secrets in the same namespace. 
+> If the secret already exists, the operator will never stop reconciling the CR until either offending secret is deleted 
+> or CR is deleted or updated with another SecretName
+
 ## Installation
 
 This operator requires a Kubernetes Secret to be created in the same namespace as operator itself.
@@ -172,7 +175,7 @@ spec:
     foo: "bar"
 ```
 
-This creates a user role `username-<hash>` and grants role `test-db-group`, `test-db-writer` or `test-db-reader` depending on `privileges` property. Its credentials are put in secret `my-secret-my-db-user`.
+This creates a user role `username-<hash>` and grants role `test-db-group`, `test-db-writer` or `test-db-reader` depending on `privileges` property. Its credentials are put in secret `my-secret-my-db-user` (unless `KEEP_SECRET_NAME` is enabled).
 
 `PostgresUser` needs to reference a `Postgres` in the same namespace.
 

deploy/operator.yaml

@@ -25,6 +25,8 @@ spec:
           env:
             - name: WATCH_NAMESPACE
               value: ""
+            - name: KEEP_SECRET_NAME
+              value: "false"
             - name: POD_NAME
               valueFrom:
                 fieldRef:

pkg/config/config.go

@@ -2,6 +2,7 @@ package config
 
 import (
 	"net/url"
+	"strconv"
 	"sync"
 
 	"github.com/movetokube/postgres-operator/pkg/utils"
@@ -15,6 +16,7 @@ type cfg struct {
 	PostgresDefaultDb string
 	CloudProvider     string
 	AnnotationFilter  string
+	KeepSecretName    bool
 }
 
 var doOnce sync.Once
@@ -30,6 +32,9 @@ func Get() *cfg {
 		config.PostgresDefaultDb = utils.GetEnv("POSTGRES_DEFAULT_DATABASE")
 		config.CloudProvider = utils.GetEnv("POSTGRES_CLOUD_PROVIDER")
 		config.AnnotationFilter = utils.GetEnv("POSTGRES_INSTANCE")
+		if value, err := strconv.ParseBool(utils.GetEnv("KEEP_SECRET_NAME")); err == nil {
+			config.KeepSecretName = value
+		}
 	})
 	return config
 }

pkg/controller/postgresuser/postgresuser_controller.go

@@ -54,6 +54,7 @@ func newReconciler(mgr manager.Manager) reconcile.Reconciler {
 		pg:             pg,
 		pgHost:         c.PostgresHost,
 		instanceFilter: c.AnnotationFilter,
+		keepSecretName: c.KeepSecretName,
 	}
 }
 
@@ -98,6 +99,7 @@ type ReconcilePostgresUser struct {
 	pg             postgres.PG
 	pgHost         string
 	instanceFilter string
+	keepSecretName bool // use secret name as defined in PostgresUserSpec
 }
 
 // The Controller will requeue the Request to be processed again if the returned error is non-nil or
@@ -276,10 +278,14 @@ func (r *ReconcilePostgresUser) newSecretForCR(cr *dbv1alpha1.PostgresUser, role
 		"app": cr.Name,
 	}
 	annotations := cr.Spec.Annotations
+	name := fmt.Sprintf("%s-%s", cr.Spec.SecretName, cr.Name)
+	if r.keepSecretName {
+		name = cr.Spec.SecretName
+	}
 
 	return &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:        fmt.Sprintf("%s-%s", cr.Spec.SecretName, cr.Name),
+			Name:        name,
 			Namespace:   cr.Namespace,
 			Labels:      labels,
 			Annotations: annotations,

pkg/postgres/database.go

@@ -58,7 +58,18 @@ func (c *pg) CreateSchema(db, role, schema string, logger logr.Logger) error {
 }
 
 func (c *pg) DropDatabase(database string, logger logr.Logger) error {
-	_, err := c.db.Exec(fmt.Sprintf(DROP_DATABASE, database))
+	_, err := c.db.Exec(fmt.Sprintf(REVOKE_CONNECT, database))
+	// Error code 3D000 is returned if database doesn't exist
+	if err != nil && err.(*pq.Error).Code != "3D000" {
+		return err
+	}
+
+	_, err = c.db.Exec(fmt.Sprintf(TERMINATE_BACKEND, database))
+	// Error code 3D000 is returned if database doesn't exist
+	if err != nil && err.(*pq.Error).Code != "3D000" {
+		return err
+	}
+	_, err = c.db.Exec(fmt.Sprintf(DROP_DATABASE, database))
 	// Error code 3D000 is returned if database doesn't exist
 	if err != nil && err.(*pq.Error).Code != "3D000" {
 		return err