-
Notifications
You must be signed in to change notification settings - Fork 0
Diagram
Fay edited this page Mar 11, 2026
·
4 revisions
Here's a mermaid diagram of the current working of the reconcile loop, some error handling has been left off to make it more legible
flowchart TD
A["Reconcile PostgresAccess or owned Secret event"] --> B["Get PostgresAccess"]
B -->|Found| C["finalizePostgresAccess()"]
C --> D{"DeletionTimestamp set?"}
D -->|No| E{"Finalizer present?"}
E -->|No| F["Add finalizer and Update resource"]
E -->|Yes| S["CreateOrUpdate generated Secret"]
F -->|update error| ERRF["returnWithErrorStatus(FinalizeFailed)"]
F --> S
D -->|Yes| G{"Finalizer present?"}
G -->|Yes| H["Resolve excludedUsers from singleton Controller settings"]
H -->|error| ERRF
H --> I{"Username excluded?"}
I -->|Yes| J["Remove finalizer and Update resource"]
J -->|update error| ERRF
I -->|No| L["Connect to database"]
L -->|error| ERRF
L --> M["Get current DB users"]
M -->|error| ERRF
M --> N["cleanupPolicy = spec.cleanupPolicy or Restrict"]
N --> O["Drop matching DB user if it exists"]
O --> P["Remove finalizer and Update resource"]
P -->|update error| ERRF
S --> T{"Secret already has password?"}
T -->|Yes| U["Reuse existing password"]
T -->|No| V["Generate password with rand.Text(); mark inSync=false"]
U --> W["Write username/password and ownerRef"]
V --> W
W -->|secret sync error| ERRS["returnWithErrorStatus(SecretSyncFailed)"]
W --> R1["reconcilePostgresAccess()"]
subgraph DBSync ["Database sync details"]
R1 --> R4["Connect to database and get current grants"]
R4 -->|error| ERRD["returnWithErrorStatus(DatabaseSyncFailed)"]
R4 --> R5["Get current DB users"]
R5 -->|error| ERRD
R5 --> R6["List all PostgresAccess resources in namespace"]
R6 -->|error| ERRD
R6 --> R7["Resolve excludedUsers from Controller settings"]
R7 -->|error| ERRD
R7 --> R8["Seed usersHandled with excluded users"]
R8 --> R9{"More PostgresAccess configs remaining?"}
R9 -->|Yes| R10{"Username excluded?"}
R10 -->|Yes| R9
R10 -->|No| R11["Load password from generated Secret"]
R11 -->|error| RERR["Mark inSync=false and continue"]
R11 --> R12{"DB user exists?"}
R12 -->|No| R13["Create DB user"]
R13 -->|error| RERR
R13 --> R15["Diff desired grants vs current grants"]
R12 -->|Yes| R14["Update DB user password"]
R14 -->|error| RERR
R14 --> R15
R15 --> R16["Grant missing privileges"]
R16 -->|error| RERR
R16 --> R17["Revoke stale privileges"]
R17 -->|error| RERR
R17 --> R9
R9 -->|No| R18["Drop unmanaged DB users with Restrict policy"]
R18 -->|drop error| R19["Mark inSync=false"]
end
R18 --> X{"Overall inSync?"}
R19 --> X
X -->|Yes| Y["Set status Success<br/>Ready=True, Success=True, InProgress=False<br/>LastLog='PostgresAccess is in sync'"]
X -->|No| Y2["Set status InProgress<br/>Ready=False, Success=False, InProgress=True<br/>LastLog='PostgresAccess is not yet in sync'"]
Y --> Y3["Emit Normal event: ReconcileSuccess"]
Y3 --> Y4["RequeueAfter 5 minutes"]
Y2 --> Y5["RequeueAfter 30 seconds"]
ERRF --> E1["Set status Error<br/>emit Warning event<br/>return error"]
ERRS --> E1
ERRD --> E1