Skip to content

Prevent superuser from being a connection pool user #906

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 9, 2020
Merged

Prevent superuser from being a connection pool user #906

merged 2 commits into from
Apr 9, 2020

Conversation

@erthalion
Copy link
Contributor

@erthalion erthalion commented Apr 7, 2020

It's not supported, neither it's a best practice. Also fix potential
null pointer access.

@erthalion erthalion changed the title Prevent superuser from being connection pool user Prevent superuser from being a connection pool user Apr 7, 2020
@erthalion erthalion force-pushed the fix/pooler-not-superuser branch from 4079115 to 6ff099e Compare April 7, 2020 10:27
@erthalion
Prevent superuser from being connection pool user
6ff099e 
It's not supported, neither it's a best practice. Also fix potential
null pointer access.
@FxKu FxKu mentioned this pull request Apr 7, 2020
Closed
FxKu
FxKu reviewed Apr 7, 2020
View reviewed changes
pkg/controller/operator_config.go
Comment on lines +172 to +175
if result.ConnectionPooler.User == result.SuperUsername {
msg := "Connection pool user is not allowed to be the same as super user, username: %s"
panic(fmt.Errorf(msg, result.ConnectionPooler.User))
}
Copy link
Member

@FxKu FxKu Apr 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

isn't it validated in config.go anyway?

@FxKu
Copy link
Member

FxKu commented Apr 7, 2020

👍

@sdudoladov sdudoladov added this to the 1.5 milestone Apr 8, 2020
sdudoladov
sdudoladov reviewed Apr 8, 2020
View reviewed changes
@erthalion
Forbid also protected and other system users
e93b86d 
For protected users it makes sense by intent of protecting this users
(e.g. from being overriden or used as something else than supposed). For
system users the reason is the same as for superuser, it's about
replicastion user and it's under patroni control.
@sdudoladov
Copy link
Member

sdudoladov commented Apr 9, 2020

👍

1 similar comment
@FxKu
Copy link
Member

FxKu commented Apr 9, 2020

👍

@erthalion erthalion merged commit a1f2bd0 into master Apr 9, 2020
@erthalion erthalion deleted the fix/pooler-not-superuser branch April 9, 2020 07:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sdudoladov sdudoladov sdudoladov left review comments

@FxKu FxKu FxKu left review comments

@avaczi avaczi Awaiting requested review from avaczi

@CyberDem0n CyberDem0n Awaiting requested review from CyberDem0n

@Jan-M Jan-M Awaiting requested review from Jan-M Jan-M is a code owner

@RafiaSabih RafiaSabih Awaiting requested review from RafiaSabih

Assignees

No one assigned

Labels

bug zalando

Projects

None yet

Milestone

1.5

Development

Successfully merging this pull request may close these issues.

4 participants

@erthalion @FxKu @sdudoladov