Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove user creation #2894

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Remove user creation #2894

wants to merge 9 commits into from

Conversation

GuanqunYang193
Copy link
Contributor

remove user creation since it is not patroni's task to manage user creation.

@GuanqunYang193 GuanqunYang193 changed the title remove user creation Remove user creation Oct 5, 2023
CyberDem0n
CyberDem0n reviewed Oct 17, 2023
View reviewed changes
Copy link
Collaborator

@CyberDem0n CyberDem0n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should remove bootstrap.users from sample config files and from the documentation even before merging this PR.
Docs:

  1. patroni/docs/ENVIRONMENT.rst

    Lines 27 to 34 in 60d8bc3

    Bootstrap configuration
    -----------------------
    It is possible to create new database users right after the successful initialization of a new cluster. This process is defined by the following variables:
    - **PATRONI\_<username>\_PASSWORD='<password>'**
    - **PATRONI\_<username>\_OPTIONS='list,of,options'**
    Example: defining ``PATRONI_admin_PASSWORD=strongpasswd`` and ``PATRONI_admin_OPTIONS='createrole,createdb'`` will cause creation of the user **admin** with the password **strongpasswd** that is allowed to create other users and databases.

  2. patroni/docs/yaml_configuration.rst

    Lines 57 to 68 in 60d8bc3

    Bootstrap users configuration
    =============================
    Users which need to be created after initializing the cluster:
    - **admin**: the name of user
    - **password**: (optional) password for the user
    - **options**: list of options for CREATE USER statement
    - **- createrole**
    - **- createdb**

Besides that, there is also code that handles ENV variables:

patroni/patroni/config.py

Lines 814 to 829 in 60d8bc3

users = {}
for param in list(os.environ.keys()):
if param.startswith(PATRONI_ENV_PREFIX):
name, suffix = (param[len(PATRONI_ENV_PREFIX):].rsplit('_', 1) + [''])[:2]
# PATRONI_<username>_PASSWORD=<password>, PATRONI_<username>_OPTIONS=<option1,option2,...>
# CREATE USER "<username>" WITH <OPTIONS> PASSWORD '<password>'
if name and suffix == 'PASSWORD':
password = os.environ.pop(param)
if password:
users[name] = {'password': password}
options = os.environ.pop(param[:-9] + '_OPTIONS', None) # replace "_PASSWORD" with "_OPTIONS"
options = options and _parse_list(options)
if options:
users[name]['options'] = options
if users:
ret['bootstrap']['users'] = users

patroni/postgresql/bootstrap.py Outdated Show resolved Hide resolved
patroni/postgresql/bootstrap.py Outdated Show resolved Hide resolved
patroni/postgresql/bootstrap.py
for name, value in (config.get('users') or {}).items():
if all(name != a.get('username') for a in (superuser, replication, rewind)):
self.create_or_update_role(name, value.get('password'), value.get('options', []))
if config.get('users'):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When the feature is removed we probably better complain only if there are any users different from superuser, replication, rewind

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We still need to prevent some users from initializing those three users using the 'users' option. They might provide other initialization options, which will be ignored after we have removed this feature.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For example:
replication:
options:
- createdb (which will be ignored but not complained)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These three users are already created earlier. I am not suggesting to create them once again (it didn't happen before). My suggestion it to show not error if there are no other users.

Also, probably I am overthinking it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

got you, let's complain everything about deleted "users" options when people tries to use it.

@GuanqunYang193
Copy link
Contributor Author

I wonder if we should remove bootstrap.users from sample config files and from the documentation even before merging this PR. Docs:

  1. patroni/docs/ENVIRONMENT.rst

    Lines 27 to 34 in 60d8bc3

    Bootstrap configuration
    -----------------------
    It is possible to create new database users right after the successful initialization of a new cluster. This process is defined by the following variables:
    - **PATRONI\_<username>\_PASSWORD='<password>'**
    - **PATRONI\_<username>\_OPTIONS='list,of,options'**
    Example: defining ``PATRONI_admin_PASSWORD=strongpasswd`` and ``PATRONI_admin_OPTIONS='createrole,createdb'`` will cause creation of the user **admin** with the password **strongpasswd** that is allowed to create other users and databases.

  2. patroni/docs/yaml_configuration.rst

    Lines 57 to 68 in 60d8bc3

    Bootstrap users configuration
    =============================
    Users which need to be created after initializing the cluster:
    - **admin**: the name of user
    - **password**: (optional) password for the user
    - **options**: list of options for CREATE USER statement
    - **- createrole**
    - **- createdb**

Besides that, there is also code that handles ENV variables:

patroni/patroni/config.py

Lines 814 to 829 in 60d8bc3

users = {}
for param in list(os.environ.keys()):
if param.startswith(PATRONI_ENV_PREFIX):
name, suffix = (param[len(PATRONI_ENV_PREFIX):].rsplit('_', 1) + [''])[:2]
# PATRONI_<username>_PASSWORD=<password>, PATRONI_<username>_OPTIONS=<option1,option2,...>
# CREATE USER "<username>" WITH <OPTIONS> PASSWORD '<password>'
if name and suffix == 'PASSWORD':
password = os.environ.pop(param)
if password:
users[name] = {'password': password}
options = os.environ.pop(param[:-9] + '_OPTIONS', None) # replace "_PASSWORD" with "_OPTIONS"
options = options and _parse_list(options)
if options:
users[name]['options'] = options
if users:
ret['bootstrap']['users'] = users

That's a good idea, I will submit a separate PR for the doc first.

@coveralls
Copy link

coveralls commented Oct 19, 2023
edited

Pull Request Test Coverage Report for Build 8185245284

Details

  • 0 of 1 (0.0%) changed or added relevant line in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.008%) to 99.853%
Changes Missing Coverage Covered Lines Changed/Added Lines %
patroni/postgresql/bootstrap.py 0 1 0.0%
Totals Coverage Status
Change from base Build 8168220195: -0.008%
Covered Lines: 13599
Relevant Lines: 13619
💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hughcapet hughcapet Awaiting requested review from hughcapet hughcapet is a code owner

@CyberDem0n CyberDem0n Awaiting requested review from CyberDem0n CyberDem0n is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@GuanqunYang193 @coveralls @CyberDem0n