postgres-operator icon indicating copy to clipboard operation
postgres-operator copied to clipboard

Published 20 hours ago verified publisher icon zalando

Is there an idiomatic way to change a users password?

Open d0x2f opened this issue 4 years ago • 4 comments

  • Which image of the operator are you using? registry.opensource.zalan.do/acid/postgres-operator:v1.5.0 with some customisations #1058
  • Where do you run it - cloud or metal? Kubernetes or OpenShift? GCP GKE
  • Are you running Postgres Operator in production? yes
  • Type of issue? question/feature request

Hi there,

As the title states I'm enquiring about the process needed to change a user password (i.e not the super admin or stand-by user). I assume I can't just change it in the database since then the kube secret won't reflect the right password. So would it be safe to change it in both places? or is there a more robust way of achieving this?

There are a couple of reasons I want to be able to do this:

  • In case the password is accidently leaked via an application error or by being inadvertantly logged into our log aggregator.
  • For general operational security best practice I'd like to automate rotating the password every so often.

Ideally I'd like to be able to change the password in a way that will let me avoid downtime, such as creating a second user, swapping credentials in my application, then removing the first user. So any advice you might have to that end would also be appreciated.

Thanks!

d0x2f avatar Nov 23 '20 03:11 d0x2f

With some experimentation I've discovered a few things.

If you remove a user from the postgresql yaml definition, it doesn't remove the user from the database and logins still work. At this point if you edit the password in the secret and re-add the user to the postgresql yaml, then the password is changed to what you set.

I can envision a way to change passwords without downtime by having two user accounts and switching between them while using the above method to change the passwords of each at appropriate times.

I'm not sure how much I could rely on such behaviour however, it seems like something that could easily change in a future version (e.g. removing the user when it's removed from the postgresql yaml).

d0x2f avatar Nov 24 '20 23:11 d0x2f

Thanx for this hint. I'm still searching a clean way to setup the postgres clusters with predefined passwords.

alfsch avatar Aug 13 '21 10:08 alfsch

If you remove a user from the postgresql yaml definition, it doesn't remove the user from the database and logins still work. At this point if you edit the password in the secret and re-add the user to the postgresql yaml, then the password is changed to what you set.

Did this require dropping the role in Postgres as well (and having postgres-operator recreate it? Or was done purely with cluster manifest and secret values?

Does editing just the secret cause the operator to "sync" the new password in the k8s secret with the Postgres user?

bchrobot avatar Mar 17 '22 13:03 bchrobot

Seems like #1953 might relate to this?

d0x2f avatar Aug 18 '22 17:08 d0x2f