pass infra roles to auth file via pooler entrypoint

pkg/cluster/connection_pooler.go

@@ -320,15 +320,16 @@ func (c *Cluster) generateConnectionPoolerPodTemplate(role PostgresRole) (
 	}
 	envVars = append(envVars, c.getConnectionPoolerEnvVars()...)
 
+	// allow infrastructure roles to be added to pgBouncer auth_file
 	infraRolesList := make([]string, 0)
-	for infraRoleName := range c.InfrastructureRoles {
-		infraRolesList = append(infraRolesList, infraRoleName)
+	for infraRoleName, infraRole := range c.InfrastructureRoles {
+		infraRolesList = append(infraRolesList, fmt.Sprintf("%s %s", infraRoleName, infraRole.Password))
 	}
 
 	if len(infraRolesList) > 0 {
 		envVars = append(envVars, v1.EnvVar{
 			Name:  "INFRASTRUCTURE_ROLES",
-			Value: strings.Join(infraRolesList, ","),
+			Value: strings.Join(infraRolesList, "\n"),
 		})
 	}
 

pooler/entrypoint.sh

@@ -17,4 +17,17 @@ fi
 envsubst < /etc/pgbouncer/pgbouncer.ini.tmpl > /etc/pgbouncer/pgbouncer.ini
 envsubst < /etc/pgbouncer/auth_file.txt.tmpl > /etc/pgbouncer/auth_file.txt
 
+# --- Append Infrastructure Roles ---
+if [ -n "${INFRASTRUCTURE_ROLES}" ]; then
+    # Use a loop to read each line from the multi-line variable
+    echo "${INFRASTRUCTURE_ROLES}" | while IFS= read -r line; do
+        # Skip empty lines
+        [ -z "${line}" ] && continue
+
+        # Append formatted "user" "password" pair to the auth file
+        # This assumes each line of $INFRASTRUCTURE_ROLES is "user password"
+        echo "${line}" | awk '{printf "\"%s\" \"%s\"\n", $1, $2}' >> /etc/pgbouncer/auth_file.txt
+    done
+fi
+
 exec /bin/pgbouncer /etc/pgbouncer/pgbouncer.ini

pooler/pgbouncer.ini.tmpl

@@ -9,7 +9,6 @@ pool_mode = $CONNECTION_POOLER_MODE
 listen_port = $CONNECTION_POOLER_PORT
 listen_addr = *
 admin_users = $PGUSER
-stats_users = $INFRASTRUCTURE_ROLES
 auth_dbname = postgres
 auth_file = /etc/pgbouncer/auth_file.txt
 auth_query = SELECT * FROM $PGSCHEMA.user_lookup($1)