Fix escaping of parameter values and extra spaces.

- document the newly introduced option (for now in the main README) - make query error output more readable.
2017-11-06 13:04:36 +01:00 · 2017-11-06 13:04:36 +01:00 · 71f57c9fe3
parent 415a7fdc4d
commit 71f57c9fe3
3 changed files with 25 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -201,6 +201,14 @@ The following steps will get you the docker image built and deployed.
    $ make docker
    $ sed -e "s/\(image\:.*\:\).*$/\1$TAG/" manifests/postgres-operator.yaml|kubectl --context minikube create  -f -

+
+### Operator Configuration Parameters
+
+* api_roles_configuration - a map represented as *"key1:value1,key2:value2"*
+of configuration parameters applied to the roles fetched from the API.
+By default is set to *"log_statement:all"*. See [PostgreSQL documentation on ALTER ROLE .. SET](https://www.postgresql.org/docs/current/static/sql-alterrole.html) for to learn about the available options.
+
+
 ### Debugging the operator itself

 There is a web interface in the operator to observe its internal state. The operator listens on port 8080. It is possible to expose it to the localhost:8080 by doing:
--- a/pkg/util/config/config.go
+++ b/pkg/util/config/config.go
@ -71,7 +71,7 @@ type Config struct {
 	APIPort               int               `name:"api_port" default:"8080"`
 	RingLogLines          int               `name:"ring_log_lines" default:"100"`
 	ClusterHistoryEntries int               `name:"cluster_history_entries" default:"1000"`
-	APIRolesParameters    map[string]string `name:"api_roles_configuration" default:"log_statement:all"`
+	APIRolesParameters    map[string]string `name:"api_roles_configuration" default:"log_statement:'all'"`

 	PodTerminateGracePeriod time.Duration `name:"pod_terminate_grace_period" default:"5m"`
 }
--- a/pkg/util/users/users.go
+++ b/pkg/util/users/users.go
@ -14,7 +14,7 @@ const (
 	createUserSQL    = `SET LOCAL synchronous_commit = 'local'; CREATE ROLE "%s" %s %s;`
 	alterUserSQL     = `ALTER ROLE "%s" %s`
 	alterRoleResetAllSQL = `ALTER ROLE "%s" RESET ALL`
-	alterRoleSetSQL	 = `ALTER ROLE "%s" SET "%s" TO "%s"`
+	alterRoleSetSQL	 = `ALTER ROLE "%s" SET %s TO %s`
 	grantToUserSQL   = `GRANT %s TO "%s"`
 	doBlockStmt      = `SET LOCAL synchronous_commit = 'local'; DO $$ BEGIN %s; END;$$;`
 	passwordTemplate = "ENCRYPTED PASSWORD '%s'"
@ -96,7 +96,7 @@ func (strategy DefaultUserSyncStrategy) alterPgUserSet(user spec.PgUser, db *sql
 	queries := produceAlterRoleSetStmts(user)
 	query := fmt.Sprintf(doBlockStmt, strings.Join(queries, ";"))
 	if _, err = db.Query(query); err != nil {
-		err = fmt.Errorf("dB error: %v, query: %q", err, query)
+		err = fmt.Errorf("dB error: %v, query: %s", err, query)
 		return
 	}
 	return
@ -122,7 +122,7 @@ func (s DefaultUserSyncStrategy) createPgUser(user spec.PgUser, db *sql.DB) (err

 	_, err = db.Query(query) // TODO: Try several times
 	if err != nil {
-		err = fmt.Errorf("dB error: %v, query: %q", err, query)
+		err = fmt.Errorf("dB error: %v, query: %s", err, query)
 		return
 	}

@ -148,7 +148,7 @@ func (s DefaultUserSyncStrategy) alterPgUser(user spec.PgUser, db *sql.DB) (err

 	_, err = db.Query(query) // TODO: Try several times
 	if err != nil {
-		err = fmt.Errorf("dB error: %v query %q", err, query)
+		err = fmt.Errorf("dB error: %v query %s", err, query)
 		return
 	}

@ -157,7 +157,7 @@ func (s DefaultUserSyncStrategy) alterPgUser(user spec.PgUser, db *sql.DB) (err

 func produceAlterStmt(user spec.PgUser) string {
 	// ALTER ROLE ... LOGIN ENCRYPTED PASSWORD ..
-	result := make([]string, 1)
+	result := make([]string, 0)
 	password := user.Password
 	flags := user.Flags

@ -171,10 +171,10 @@ func produceAlterStmt(user spec.PgUser) string {
 }

 func produceAlterRoleSetStmts(user spec.PgUser) []string {
-	result := make([]string, 1)
+	result := make([]string, 0)
 	result = append(result, fmt.Sprintf(alterRoleResetAllSQL, user.Name))
 	for key, value := range(user.Parameters) {
-		result = append(result, fmt.Sprintf(alterRoleSetSQL, user.Name, key, value))
+		result = append(result, fmt.Sprintf(alterRoleSetSQL, user.Name, key, quoteValue(value)))
 	}
 	return result
 }
@ -191,3 +191,12 @@ func quoteMemberList(user spec.PgUser) string {
 	}
 	return strings.Join(memberof, ",")
 }
+
+// quoteVal quotes values to be used at ALTER ROLE SET param = value if necessary
+func quoteValue(val string) string {
+	if (strings.HasPrefix(val, `"`) && strings.HasSuffix(val, `"`)) ||
+		(strings.HasPrefix(val, `'`) && strings.HasSuffix(val, `'`)) {
+			return val
+	}
+	return fmt.Sprintf(`"%s"`, strings.Trim(val," "))
+}