public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use encrypted passwords while creating robot users

This commit is contained in:
Murat Kabilov 2017-03-24 10:02:17 +01:00
parent 48ba6adf8a
commit 3aaa05fb96
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/cluster/pg.go
View File

@ -8,10 +8,11 @@ import (
_ "github.com/lib/pq"
"github.bus.zalan.do/acid/postgres-operator/pkg/spec"
"github.bus.zalan.do/acid/postgres-operator/pkg/util"
"github.bus.zalan.do/acid/postgres-operator/pkg/util/constants"
)
var createUserSQL = `SET LOCAL synchronous_commit = 'local'; CREATE ROLE "%s" %s PASSWORD %s;`
var createUserSQL = `SET LOCAL synchronous_commit = 'local'; CREATE ROLE "%s" %s %s;`
func (c *Cluster) pgConnectionString() string {
hostname := fmt.Sprintf("%s.%s.svc.cluster.local", c.Metadata.Name, c.Metadata.Namespace)
@ -68,9 +69,9 @@ func (c *Cluster) createPgUser(user spec.PgUser) (isHuman bool, err error) {
}
userFlags := strings.Join(flags, " ")
userPassword := fmt.Sprintf("'%s'", user.Password)
userPassword := fmt.Sprintf("ENCRYPTED PASSWORD '%s'", util.PGUserPassword(user))
if user.Password == "" {
userPassword = "NULL"
userPassword = "PASSWORD NULL"
}
query := fmt.Sprintf(createUserSQL, user.Name, userFlags, userPassword)

8
pkg/util/util.go
View File

@ -1,6 +1,8 @@
package util
import (
"crypto/md5"
"encoding/hex"
"fmt"
"math/rand"
"time"
@ -52,3 +54,9 @@ func PodSpiloRole(pod *v1.Pod) string {
func ClusterDNSName(clusterName, teamName, hostedZone string) string {
return fmt.Sprintf("%s.%s.%s", clusterName, teamName, hostedZone)
}
func PGUserPassword(user spec.PgUser) string {
s := md5.Sum([]byte(user.Password + user.Name))
return "md5" + hex.EncodeToString(s[:])
}