Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/postgresql] user-defined keys of an existing secret are not honoured when using password files #16707

Closed
pursultani opened this issue May 17, 2023 · 2 comments · Fixed by #16729
Closed

[bitnami/postgresql] user-defined keys of an existing secret are not honoured when using password files #16707

pursultani opened this issue May 17, 2023 · 2 comments · Fixed by #16729
Assignees
@migruiz4
Labels
postgresql solved tech-issues The user has a technical issue about an application

Comments

@pursultani
Copy link

Name and Version

bitnam/postgresql 12.5.2

What architecture are you using?

None

What steps will reproduce the bug?

Install any version of the PostgreSQL chart with the following values. The provided values are intended to use an existing Secret with user-defined keys for passwords and mount them as "password files".

Password file names are hard-coded and should be either password or postgres-password and auth.secretKeys.userPasswordKey and auth.secretKeys.adminPasswordKey values are not effective with password files. This means that users do not have other choices for naming the keys of the Secret.

Noting that this issue only occurs with password files. Using existing Secret with user-defined keys to pass passwords as environment variables is working as expected.

Are you using any custom parameters or values?

auth:
  usePasswordFiles: true
  existingSecret: my-postgresql-password
  secretKeys:
    adminPasswordKey: my-postgres-password
    userPasswordKey: my-user-password

What is the expected behavior?

In templates/primary/statefulset.yaml:

  • The value for POSTGRES_POSTGRES_PASSWORD_FILE environment variable to be /opt/bitnami/postgresql/secrets/my-postgres-password
  • The value for POSTGRES_PASSWORD_FILE environment variable to be /opt/bitnami/postgresql/secrets/my-password

What do you see instead?

In templates/primary/statefulset.yaml:

  • The value for POSTGRES_POSTGRES_PASSWORD_FILE environment variable to be /opt/bitnami/postgresql/secrets/postgres-password
  • The value for POSTGRES_PASSWORD_FILE environment variable to be /opt/bitnami/postgresql/secrets/password

Additional information

We encountered this GitLab Chart where we tried to upgrade Bitnami PostgreSQL dependency from 8.9.4 to 12.5.2. We worked around it by setting auth.usePasswordFiles=false and using environment variables as the default upgrade path and recommending renaming the Secret keys as an alternative upgrade path for users that do not want to store the password in environment variables.

Reference: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/4118#note_1376504623
@pursultani pursultani added the tech-issues The user has a technical issue about an application label May 17, 2023
@pursultani pursultani changed the title user-defined keys of an existing secret are not honoured when using password files [postgresql] user-defined keys of an existing secret are not honoured when using password files May 17, 2023
@bitnami-bot bitnami-bot added this to Triage in Support May 17, 2023
@pursultani pursultani changed the title [postgresql] user-defined keys of an existing secret are not honoured when using password files [bitnamin/postgresql] user-defined keys of an existing secret are not honoured when using password files May 17, 2023
@github-actions github-actions bot added the triage Triage is needed label May 17, 2023
@pursultani pursultani changed the title [bitnamin/postgresql] user-defined keys of an existing secret are not honoured when using password files [bitnami/postgresql] user-defined keys of an existing secret are not honoured when using password files May 17, 2023
@carrodher carrodher moved this from Triage to In progress in Support May 17, 2023
@github-actions github-actions bot added in-progress and removed triage Triage is needed labels May 17, 2023
@bitnami-bot bitnami-bot assigned migruiz4 and unassigned carrodher May 17, 2023
@WarheadsSE
Copy link
Contributor

WarheadsSE commented May 17, 2023
edited

👋 @carrodher @migruiz4

We isolated this to the ternary calls used to populate the XYZ_FILE entries for the environment(s), when using usePasswordFiles: true. They hard-code the default strings, instead of calling to get the same keys that are used when usePasswordFiles: false.

@migruiz4 migruiz4 mentioned this issue May 18, 2023
Merged
4 tasks
@migruiz4
Copy link
Member

Hi @pursultani @WarheadsSE,

Thank you for reporting this issue! I have submitted this PR #16729 fixing this.

I would appreciate if you could take a look and let us know if it works for you.

@github-actions github-actions bot moved this from In progress to Pending in Support May 18, 2023
@bitnami-bot bitnami-bot moved this from Pending to Solved in Support May 23, 2023
@github-actions github-actions bot removed this from Solved in Support May 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@migruiz4 migruiz4

Labels
postgresql solved tech-issues The user has a technical issue about an application
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[bitnami/postgresql] Allow usePasswordFile when using existingSecret + custom keys bitnami/charts
4 participants
@WarheadsSE @carrodher @pursultani @migruiz4