From 2e226dee26afdb23b86a3893f1c22fd0b9988446 Mon Sep 17 00:00:00 2001 From: Oleksii Kliukin Date: Fri, 24 Nov 2017 21:39:28 +0100 Subject: [PATCH] Avoid overwriting infrastrure roles. When a role is defined in the infrastructure roles and the cluster manifest use the infrastructure role definition and add flags defined in the manifest. Previously the role has been overwritten by the definition from the manifest. Because a random password is generated for each role from the manifest the applications relying on the infrastructure role credentials from the infrastructure roles secret were unable to connect. --- pkg/cluster/cluster.go | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index 2b03f596f..2abeb5ed7 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -617,11 +617,19 @@ func (c *Cluster) initRobotUsers() error { if err != nil { return fmt.Errorf("invalid flags for user '%v': %v", username, err) } - - c.pgUsers[username] = spec.PgUser{ - Name: username, - Password: util.RandomPassword(constants.PasswordLength), - Flags: flags, + if _, present := c.pgUsers[username]; !present { + c.pgUsers[username] = spec.PgUser{ + Name: username, + Password: util.RandomPassword(constants.PasswordLength), + Flags: flags, + } + } else { + // avoid overwriting the password if the user is already there. The flags should be + // merged here, but since there is no mechanism to define them for non-robot roles + // they are assigned from the robot user. + c.logger.Debugf("merging user %q data", username) + user := c.pgUsers[username] + user.Flags = flags } } @@ -645,6 +653,10 @@ func (c *Cluster) initHumanUsers() error { } } + if _, present := c.pgUsers[username]; present { + c.logger.Warnf("overwriting existing user %q with the data from the teams API") + } + c.pgUsers[username] = spec.PgUser{ Name: username, Flags: flags,