Skip to content

refactor(installer): centralise postgres users and vault secret names in codesphere package#492

Merged
schrodit merged 3 commits into
mainfrom
fix-postgres-users
Jun 16, 2026
Merged

refactor(installer): centralise postgres users and vault secret names in codesphere package#492
schrodit merged 3 commits into
mainfrom
fix-postgres-users

Conversation

@schrodit

@schrodit schrodit commented Jun 16, 2026

Copy link
Copy Markdown
Member

Introduce two canonical definitions in internal/codesphere to eliminate scattered string literals and duplicate service lists across the installer:

PostgresService struct (postgres.go)

  • Defines every Codesphere service that owns a dedicated postgres user, with an optional username override (e.g. usageAggregationRefresher → usage_aggregation_refresher).
  • Replaces independent []string slices that existed in config_yaml.go, secrets/secrets.go, and config_manager.go.

Secrets map (secrets.go)

  • Single map[string]string registry of every vault secret name used across the installer (auth keys, JWT tokens, postgres, ceph, TLS, OIDC, git providers, registry, ACME, OpenBao, monitoring, nix, optional Helm defaults).
  • Replaces the files.Secret* constants that were defined in secret_names.go (now deleted) and all raw string literals in EnsureSecrets functions, MergeVaultIntoConfig, and AddSecretsToVault.
  • MergedSecretNames slice (derived from the map) drives the known-secret set in MergeVaultIntoConfig, so the extra-secrets round-trip stays in sync automatically.

Extra secrets round-trip (config_yaml.go + config_manager.go)

  • RootConfig gains an ExtraSecrets []SecretEntry field (yaml:"-").
  • MergeVaultIntoConfig stores any vault entry not in MergedSecretNames into ExtraSecrets; AddSecretsToVault re-emits them last so custom vault entries survive a merge → extract cycle without overriding known secrets.

Tests added for PostgresService.DBUsername overrides, extra-secrets round-trip, and MergeVaultIntoConfig postgres password mapping.

@schrodit
refactor(installer): centralise postgres users and vault secret names…
3b4df74 
… in codesphere package

Introduce two canonical definitions in internal/codesphere to eliminate scattered
string literals and duplicate service lists across the installer:

**PostgresService struct** (postgres.go)
- Defines every Codesphere service that owns a dedicated postgres user, with an
  optional username override (e.g. usageAggregationRefresher → usage_aggregation_refresher).
- Replaces independent []string slices that existed in config_yaml.go,
  secrets/secrets.go, and config_manager.go.

**Secrets map** (secrets.go)
- Single map[string]string registry of every vault secret name used across the
  installer (auth keys, JWT tokens, postgres, ceph, TLS, OIDC, git providers,
  registry, ACME, OpenBao, monitoring, nix, optional Helm defaults).
- Replaces the files.Secret* constants that were defined in secret_names.go
  (now deleted) and all raw string literals in EnsureSecrets functions,
  MergeVaultIntoConfig, and AddSecretsToVault.
- MergedSecretNames slice (derived from the map) drives the known-secret set in
  MergeVaultIntoConfig, so the extra-secrets round-trip stays in sync automatically.

**Extra secrets round-trip** (config_yaml.go + config_manager.go)
- RootConfig gains an ExtraSecrets []SecretEntry field (yaml:"-").
- MergeVaultIntoConfig stores any vault entry not in MergedSecretNames into
  ExtraSecrets; AddSecretsToVault re-emits them last so custom vault entries
  survive a merge → extract cycle without overriding known secrets.

Tests added for PostgresService.DBUsername overrides, extra-secrets round-trip,
and MergeVaultIntoConfig postgres password mapping.

Signed-off-by: Tim Schrodi <tim@codesphere.com>
@schrodit schrodit requested a review from NJona June 16, 2026 10:02
NJona
NJona approved these changes Jun 16, 2026
View reviewed changes

@NJona NJona left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, but someone from OMS should also review I guess

Comment thread internal/codesphere/postgres.go
Comment thread internal/codesphere/secrets.go Outdated
schrodit added 2 commits June 16, 2026 14:43
@schrodit
refactor(installer): move secrets out of config structs into vault
f70b868 
All secret values (private keys, passwords, OAuth client IDs/secrets,
ACME EAB MAC keys, registry credentials) are removed from yaml:"-"
struct fields and stored exclusively in *files.InstallVault via
vault.SetSecret / vault.GetSecret.

Key changes:
- Add internal/installer/files/secret_names.go with typed const names
  for every secret previously scattered across config structs
- Remove MergeVaultIntoConfig (vault→config) and ExtractVault /
  AddSecretsToVault (config→vault) — callers now use vault directly
- Remove yaml:"-" secret fields from PostgresConfig, ACMEConfig,
  OAuthConfig, OpenBaoConfig, RegistryConfig and all git-provider
  OAuth structs
- Update all production code in bootstrap/gcp, installer and cli/cmd
  to read/write secrets through the vault
- Fix all affected tests to assert on vault contents instead of
  removed struct fields; drop tests for removed functions

Signed-off-by: Tim Schrodi <tim@codesphere.com>
@schrodit
fix tests
0ffdbd4 
Signed-off-by: Tim Schrodi <tim@codesphere.com>
@schrodit schrodit merged commit d4ebf98 into main Jun 16, 2026
6 checks passed
@schrodit schrodit deleted the fix-postgres-users branch June 16, 2026 14:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NautiluX NautiluX NautiluX approved these changes

@NJona NJona NJona approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@schrodit @NautiluX @NJona