From 3aaa05fb966ea8fa67ba6e03af06460abb062134 Mon Sep 17 00:00:00 2001 From: Murat Kabilov Date: Fri, 24 Mar 2017 10:02:17 +0100 Subject: [PATCH] Use encrypted passwords while creating robot users --- pkg/cluster/pg.go | 7 ++++--- pkg/util/util.go | 8 ++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/pkg/cluster/pg.go b/pkg/cluster/pg.go index 176117b90..0ed9f0784 100644 --- a/pkg/cluster/pg.go +++ b/pkg/cluster/pg.go @@ -8,10 +8,11 @@ import ( _ "github.com/lib/pq" "github.bus.zalan.do/acid/postgres-operator/pkg/spec" + "github.bus.zalan.do/acid/postgres-operator/pkg/util" "github.bus.zalan.do/acid/postgres-operator/pkg/util/constants" ) -var createUserSQL = `SET LOCAL synchronous_commit = 'local'; CREATE ROLE "%s" %s PASSWORD %s;` +var createUserSQL = `SET LOCAL synchronous_commit = 'local'; CREATE ROLE "%s" %s %s;` func (c *Cluster) pgConnectionString() string { hostname := fmt.Sprintf("%s.%s.svc.cluster.local", c.Metadata.Name, c.Metadata.Namespace) @@ -68,9 +69,9 @@ func (c *Cluster) createPgUser(user spec.PgUser) (isHuman bool, err error) { } userFlags := strings.Join(flags, " ") - userPassword := fmt.Sprintf("'%s'", user.Password) + userPassword := fmt.Sprintf("ENCRYPTED PASSWORD '%s'", util.PGUserPassword(user)) if user.Password == "" { - userPassword = "NULL" + userPassword = "PASSWORD NULL" } query := fmt.Sprintf(createUserSQL, user.Name, userFlags, userPassword) diff --git a/pkg/util/util.go b/pkg/util/util.go index cfd73538b..f5fc73953 100644 --- a/pkg/util/util.go +++ b/pkg/util/util.go @@ -1,6 +1,8 @@ package util import ( + "crypto/md5" + "encoding/hex" "fmt" "math/rand" "time" @@ -52,3 +54,9 @@ func PodSpiloRole(pod *v1.Pod) string { func ClusterDNSName(clusterName, teamName, hostedZone string) string { return fmt.Sprintf("%s.%s.%s", clusterName, teamName, hostedZone) } + +func PGUserPassword(user spec.PgUser) string { + s := md5.Sum([]byte(user.Password + user.Name)) + + return "md5" + hex.EncodeToString(s[:]) +}