feat: use namespace in generated secrets (#4095)

This patch fixes an issue where generated secrets did not include a fully qualified hostname, limiting their usefulness to applications deployed within the same namespace as the PostgreSQL cluster. To enhance the functionality of these secrets, the hostname is now qualified with the namespace, enabling applications in different namespaces to utilize them. This improvement is particularly beneficial for operators integrating schema-migration tools with Kubernetes environments. Closes: #4062 Signed-off-by: Pierrick <pierrick.chovelon@dalibo.com> (cherry picked from commit 50f8a89)
cloudnative-pg · Apr 6, 2024 · d76c029 · d76c029
1 parent eea3274
commit d76c029
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 13 deletions.
diff --git a/pkg/specs/secrets.go b/pkg/specs/secrets.go
@@ -27,7 +27,7 @@ import (
 	"github.com/cloudnative-pg/cloudnative-pg/pkg/utils"
 )
 
-// CreateSecret create a secret with the PostgreSQL and the owner passwords
+// CreateSecret creates a secret with the PostgreSQL and the owner passwords
 func CreateSecret(
 	name string,
 	namespace string,
@@ -36,7 +36,7 @@ func CreateSecret(
 	username string,
 	password string,
 ) *corev1.Secret {
-	uriBuilder := newConnectionStringBuilder(hostname, dbname, username, password)
+	uriBuilder := newConnectionStringBuilder(hostname, dbname, username, password, namespace)
 
 	return &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
@@ -68,18 +68,20 @@ func CreateSecret(
 }
 
 type connectionStringBuilder struct {
-	host     string
-	dbname   string
-	username string
-	password string
+	host      string
+	dbname    string
+	username  string
+	password  string
+	namespace string
 }
 
-func newConnectionStringBuilder(hostname, dbname, username, password string) *connectionStringBuilder {
+func newConnectionStringBuilder(hostname, dbname, username, password, namespace string) *connectionStringBuilder {
 	return &connectionStringBuilder{
-		host:     fmt.Sprintf("%s:%d", hostname, postgres.ServerPort),
-		dbname:   dbname,
-		username: username,
-		password: password,
+		host:      fmt.Sprintf("%s.%s:%d", hostname, namespace, postgres.ServerPort),
+		dbname:    dbname,
+		username:  username,
+		password:  password,
+		namespace: namespace,
 	}
 }
 

diff --git a/pkg/specs/secrets_test.go b/pkg/specs/secrets_test.go
@@ -34,10 +34,10 @@ var _ = Describe("Secret creation", func() {
 		Expect(secret.StringData["host"]).To(Equal("thishost"))
 		Expect(secret.StringData["port"]).To(Equal("5432"))
 		Expect(secret.StringData["uri"]).To(
-			Equal("postgresql://thisuser:thispassword@thishost:5432/thisdb"),
+			Equal("postgresql://thisuser:thispassword@thishost.namespace:5432/thisdb"),
 		)
 		Expect(secret.StringData["jdbc-uri"]).To(
-			Equal("jdbc:postgresql://thishost:5432/thisdb?password=thispassword&user=thisuser"),
+			Equal("jdbc:postgresql://thishost.namespace:5432/thisdb?password=thispassword&user=thisuser"),
 		)
 	})
 })