charts
charts copied to clipboard
bitnami
[bitnami/postgresql-ha] Fix postgres account password incorrect if username is specified
Description of the change
Fix postgres account password incorrect if username is specified
Benefits
Will get correct postgres password
Possible drawbacks
None
Applicable issues
Additional information
Original source: https://github.com/nobidev/bitnami-charts/pull/16
Checklist
- [x] Chart version bumped in
Chart.yamlaccording to semver. This is not necessary when the changes only affect README.md files. - [x] Variables are documented in the values.yaml and added to the
README.mdusing readme-generator-for-helm - [x] Title of the pull request follows this pattern [bitnami/<name_of_the_chart>] Descriptive title
- [x] All commits signed off and in agreement of Developer Certificate of Origin (DCO)
With the following configuration, it will run wrong
postgresql:
username: client
Will have
apiVersion: v1
data:
postgresql-password: <random>
postgresql-postgres-password: <random>
repmgr-password: <random>
kind: Secret
metadata:
name: postgresql-postgresql
type: Opaque
but StatefulSet doesn't use postgres password
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgresql-postgresql
spec:
template:
spec:
containers:
- env:
- name: POSTGRES_USER
value: client
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: postgresql-password
name: postgresql-postgresql
name: postgresql
Please read https://github.com/bitnami/charts/blob/master/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml#L177-L181 -> Check condition at line https://github.com/bitnami/charts/blob/master/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml#L172 wrong
include "postgresql-ha.postgresqlCreateSecret" => Do you create a secret? => true
include "postgresql-ha.postgresqlPasswordProvided" => Is it clear to specify a password for postgres? => false
include "postgresql-ha.postgresqlUsername" => username of database => client
and (or (not (include "postgresql-ha.postgresqlCreateSecret" .)) (include "postgresql-ha.postgresqlPasswordProvided" .)) (not (eq (include "postgresql-ha.postgresqlUsername" .) "postgres"))
Become
and (or (not true) false) (not (eq "client" "postgres")) hay (!true || false) && ("client" != "postgres") => false
And based on trying to understand the above condition => Change and to or as follows
or (or (not (include "postgresql-ha.postgresqlCreateSecret" .)) (include "postgresql-ha.postgresqlPasswordProvided" .)) (not (eq (include "postgresql-ha.postgresqlUsername" .) "postgres"))
Become
or (or (not true) false) (not (eq "client" "postgres")) hay (!true || false) || ("client" != "postgres") => true
Note
- I tried to check Postgres Password from Secret (postgresql-postgres-password), it's not correct. With User
clientand password from secret (postgresql-password) => It is correct. Postgres account has password but I can't tell what it is??? - I listed the accounts in Postgres, the
clientaccount is not the top one (same as postgres)
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
client | Create DB | {}
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
repmgr | Superuser, Replication | {}
This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Pull Request. Do not hesitate to reopen it later if necessary.