Skip to content

Add preflight checks at start of each reconciliation loop#367

Merged
tmablunar merged 1 commit intomasterfrom
worktree-bold-fox-ag38
Apr 28, 2026
Merged

Add preflight checks at start of each reconciliation loop#367
tmablunar merged 1 commit intomasterfrom
worktree-bold-fox-ag38

Conversation

@tmablunar
Copy link
Copy Markdown
Contributor

@tmablunar tmablunar commented Apr 27, 2026
edited by cursor Bot
Loading

Summary

  • Verify controller assumptions before any side-effecting work in each reconciliation loop:
    • connection is alive
    • server is the writable primary (not in recovery)
    • connecting user is a member of rds_superuser (with rolsuper as a fallback for non-RDS test environments)
    • the configured management role exists
  • Errors name the violated assumption explicitly so operators can act on them. Wired into PostgreSQLDatabaseReconciler and CustomRoleReconciler; the latter gains a ManagerRoleName field fed by the existing --manager-role-name flag.

Test plan

  • go build ./... and go vet ./... pass
  • go test ./pkg/postgres/... (non-integration) passes
  • Integration: POSTGRESQL_CONTROLLER_INTEGRATION_HOST=... go test ./pkg/postgres/... -run TestPreflight covers sunshine, empty manager role, missing manager role, unprivileged user
  • Verify in a staging cluster that an under-privileged admin / missing management role surfaces a clear error in the resource status and the controller keeps retrying

🤖 Generated with Claude Code

Note

Medium Risk
Adds new preflight gating to PostgreSQLDatabase and CustomRole reconciliation; misconfiguration (missing manager role, insufficient privileges, replica host) will now cause reconciles to fail early and retry, potentially blocking provisioning until fixed.

Overview
Introduces a new postgres.Preflight check that validates controller prerequisites (reachable DB, writable primary, sufficient admin privileges, and existence of the configured management role) and returns explicit operator-facing errors.

Wires these checks into the start of each PostgreSQLDatabaseReconciler and CustomRoleReconciler loop (including a new runPreflight helper for databases), and plumbs --manager-role-name into CustomRoleReconciler from cmd/main.go.

Adds integration tests covering the passing case and key failure modes (empty manager role, missing role, and under-privileged user).

Reviewed by Cursor Bugbot for commit ba40568. Configure here.

@tmablunar tmablunar marked this pull request as ready for review April 27, 2026 11:14
@tmablunar tmablunar requested a review from a team as a code owner April 27, 2026 11:14
@tmablunar tmablunar mentioned this pull request Apr 28, 2026
Merged
4 tasks
@tmablunar @claude
Add preflight checks at the start of each reconciliation loop
7659b91 
Verify controller assumptions before any side-effecting work:
- the database connection is alive
- the connecting user is a member of the configured superuser role

The role defaults to rds_superuser (RDS's conventional admin role) and
can be overridden for non-RDS deployments via --superuser-role-name.
On failure the error names the violated assumption so operators can
act on it.

Wired into PostgreSQLDatabaseReconciler and CustomRoleReconciler.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@tmablunar tmablunar force-pushed the worktree-bold-fox-ag38 branch from d04c278 to 7659b91 Compare April 28, 2026 09:32
@tmablunar tmablunar merged commit 263ef74 into master Apr 28, 2026
5 checks passed
@tmablunar tmablunar deleted the worktree-bold-fox-ag38 branch April 28, 2026 10:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mahlunar mahlunar mahlunar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tmablunar @mahlunar