-
Notifications
You must be signed in to change notification settings - Fork 813
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove user creation #2894
base: master
Are you sure you want to change the base?
Remove user creation #2894
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if we should remove bootstrap.users
from sample config files and from the documentation even before merging this PR.
Docs:
Lines 27 to 34 in 60d8bc3
Bootstrap configuration ----------------------- It is possible to create new database users right after the successful initialization of a new cluster. This process is defined by the following variables: - **PATRONI\_<username>\_PASSWORD='<password>'** - **PATRONI\_<username>\_OPTIONS='list,of,options'** Example: defining ``PATRONI_admin_PASSWORD=strongpasswd`` and ``PATRONI_admin_OPTIONS='createrole,createdb'`` will cause creation of the user **admin** with the password **strongpasswd** that is allowed to create other users and databases. patroni/docs/yaml_configuration.rst
Lines 57 to 68 in 60d8bc3
Bootstrap users configuration ============================= Users which need to be created after initializing the cluster: - **admin**: the name of user - **password**: (optional) password for the user - **options**: list of options for CREATE USER statement - **- createrole** - **- createdb**
Besides that, there is also code that handles ENV variables:
Lines 814 to 829 in 60d8bc3
users = {} | |
for param in list(os.environ.keys()): | |
if param.startswith(PATRONI_ENV_PREFIX): | |
name, suffix = (param[len(PATRONI_ENV_PREFIX):].rsplit('_', 1) + [''])[:2] | |
# PATRONI_<username>_PASSWORD=<password>, PATRONI_<username>_OPTIONS=<option1,option2,...> | |
# CREATE USER "<username>" WITH <OPTIONS> PASSWORD '<password>' | |
if name and suffix == 'PASSWORD': | |
password = os.environ.pop(param) | |
if password: | |
users[name] = {'password': password} | |
options = os.environ.pop(param[:-9] + '_OPTIONS', None) # replace "_PASSWORD" with "_OPTIONS" | |
options = options and _parse_list(options) | |
if options: | |
users[name]['options'] = options | |
if users: | |
ret['bootstrap']['users'] = users |
for name, value in (config.get('users') or {}).items(): | ||
if all(name != a.get('username') for a in (superuser, replication, rewind)): | ||
self.create_or_update_role(name, value.get('password'), value.get('options', [])) | ||
if config.get('users'): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When the feature is removed we probably better complain only if there are any users different from superuser, replication, rewind
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We still need to prevent some users from initializing those three users using the 'users' option. They might provide other initialization options, which will be ignored after we have removed this feature.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For example:
replication:
options:
- createdb (which will be ignored but not complained)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These three users are already created earlier. I am not suggesting to create them once again (it didn't happen before). My suggestion it to show not error if there are no other users.
Also, probably I am overthinking it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
got you, let's complain everything about deleted "users" options when people tries to use it.
That's a good idea, I will submit a separate PR for the doc first. |
Pull Request Test Coverage Report for Build 8185245284Details
💛 - Coveralls |
remove user creation since it is not patroni's task to manage user creation.