Bind pgAdmin to every IPv4 address by default

The upstream default is "127.0.0.1", the IPv4 loopback address, which
allows only local connections.

Issue: #3809
Issue: PGO-842

Author: cbandy

internal/controller/standalone_pgadmin/configmap.go

@@ -81,11 +81,19 @@ func configmap(pgadmin *v1beta1.PGAdmin,
 
 // generateConfig generates the config settings for the pgAdmin
 func generateConfig(pgadmin *v1beta1.PGAdmin) (string, error) {
+	settings := map[string]any{
+		// Bind to all IPv4 addresses by default. "0.0.0.0" here represents INADDR_ANY.
+		// - https://flask.palletsprojects.com/en/2.2.x/api/#flask.Flask.run
+		// - https://flask.palletsprojects.com/en/2.3.x/api/#flask.Flask.run
+		"DEFAULT_SERVER": "0.0.0.0",
+	}
 
-	settings := *pgadmin.Spec.Config.Settings.DeepCopy()
-	if settings == nil {
-		settings = make(map[string]interface{})
+	// Copy any specified settings over the defaults.
+	for k, v := range pgadmin.Spec.Config.Settings {
+		settings[k] = v
 	}
+
+	// Write mandatory settings over any specified ones.
 	// SERVER_MODE must always be enabled when running on a webserver.
 	// - https://github.com/pgadmin-org/pgadmin4/blob/REL-7_7/web/config.py#L110
 	settings["SERVER_MODE"] = true

internal/controller/standalone_pgadmin/configmap_test.go

@@ -27,25 +27,60 @@ import (
 func TestGenerateConfig(t *testing.T) {
 	require.ParallelCapacity(t, 0)
 
-	expectedString := `{
+	t.Run("Default", func(t *testing.T) {
+		pgadmin := new(v1beta1.PGAdmin)
+		result, err := generateConfig(pgadmin)
+
+		assert.NilError(t, err)
+		assert.Equal(t, result, `{
+  "DEFAULT_SERVER": "0.0.0.0",
+  "SERVER_MODE": true,
+  "UPGRADE_CHECK_ENABLED": false,
+  "UPGRADE_CHECK_KEY": "",
+  "UPGRADE_CHECK_URL": ""
+}`+"\n")
+	})
+
+	t.Run("Mandatory", func(t *testing.T) {
+		pgadmin := new(v1beta1.PGAdmin)
+		pgadmin.Spec.Config.Settings = map[string]any{
+			"SERVER_MODE":           false,
+			"UPGRADE_CHECK_ENABLED": true,
+		}
+		result, err := generateConfig(pgadmin)
+
+		assert.NilError(t, err)
+		assert.Equal(t, result, `{
+  "DEFAULT_SERVER": "0.0.0.0",
+  "SERVER_MODE": true,
+  "UPGRADE_CHECK_ENABLED": false,
+  "UPGRADE_CHECK_KEY": "",
+  "UPGRADE_CHECK_URL": ""
+}`+"\n")
+	})
+
+	t.Run("Specified", func(t *testing.T) {
+		pgadmin := new(v1beta1.PGAdmin)
+		pgadmin.Spec.Config.Settings = map[string]any{
+			"ALLOWED_HOSTS":  []any{"225.0.0.0/8", "226.0.0.0/7", "228.0.0.0/6"},
+			"DEFAULT_SERVER": "::",
+		}
+		result, err := generateConfig(pgadmin)
+
+		assert.NilError(t, err)
+		assert.Equal(t, result, `{
   "ALLOWED_HOSTS": [
     "225.0.0.0/8",
     "226.0.0.0/7",
     "228.0.0.0/6"
   ],
+  "DEFAULT_SERVER": "::",
   "SERVER_MODE": true,
   "UPGRADE_CHECK_ENABLED": false,
   "UPGRADE_CHECK_KEY": "",
   "UPGRADE_CHECK_URL": ""
-}
-`
-	pgadmin := new(v1beta1.PGAdmin)
-	pgadmin.Spec.Config.Settings = map[string]interface{}{
-		"ALLOWED_HOSTS": []interface{}{"225.0.0.0/8", "226.0.0.0/7", "228.0.0.0/6"},
-	}
-	actualString, err := generateConfig(pgadmin)
-	assert.NilError(t, err)
-	assert.Equal(t, actualString, expectedString)
+}`+"\n")
+	})
 }
 
 func TestGenerateClusterConfig(t *testing.T) {

testing/kuttl/e2e/standalone-pgadmin/README.md

@@ -6,7 +6,7 @@ Note: due to the (random) namespace being part of the host, we cannot check the
 
 * 00:
   * create a pgadmin with no server groups;
-  * check the correct existence of the secret, service, configmap, and pod.
+  * check the correct existence of the secret, configmap, and pod.
 * 01: dump the servers from pgAdmin and check that the list is empty.
 
 *Phase two*

testing/kuttl/e2e/standalone-pgadmin/files/00-pgadmin-check.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -7,6 +8,7 @@ metadata:
 data:
   pgadmin-settings.json: |
     {
+      "DEFAULT_SERVER": "0.0.0.0",
       "SERVER_MODE": true,
       "UPGRADE_CHECK_ENABLED": false,
       "UPGRADE_CHECK_KEY": "",