Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent superuser from being a connection pool user #906

Merged
merged 2 commits into from Apr 9, 2020
Merged

Prevent superuser from being a connection pool user #906

merged 2 commits into from Apr 9, 2020

Conversation

erthalion
Copy link
Contributor

It's not supported, neither it's a best practice. Also fix potential
null pointer access.

@erthalion erthalion changed the title Prevent superuser from being connection pool user Prevent superuser from being a connection pool user Apr 7, 2020
@erthalion
Prevent superuser from being connection pool user
6ff099e 
It's not supported, neither it's a best practice. Also fix potential
null pointer access.
@FxKu FxKu mentioned this pull request Apr 7, 2020
Closed
FxKu
FxKu reviewed Apr 7, 2020
View reviewed changes
pkg/controller/operator_config.go
Comment on lines +172 to +175
if result.ConnectionPooler.User == result.SuperUsername {
msg := "Connection pool user is not allowed to be the same as super user, username: %s"
panic(fmt.Errorf(msg, result.ConnectionPooler.User))
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

isn't it validated in config.go anyway?

@FxKu
Copy link
Member

FxKu commented Apr 7, 2020

👍

@sdudoladov sdudoladov added this to the 1.5 milestone Apr 8, 2020
sdudoladov
sdudoladov reviewed Apr 8, 2020
View reviewed changes
pkg/cluster/cluster.go Outdated Show resolved Hide resolved
@erthalion
Forbid also protected and other system users
e93b86d 
For protected users it makes sense by intent of protecting this users
(e.g. from being overriden or used as something else than supposed). For
system users the reason is the same as for superuser, it's about
replicastion user and it's under patroni control.
@sdudoladov
Copy link
Member

👍

1 similar comment
@FxKu
Copy link
Member

FxKu commented Apr 9, 2020

👍

@erthalion erthalion merged commit a1f2bd0 into master Apr 9, 2020
@erthalion erthalion deleted the fix/pooler-not-superuser branch April 9, 2020 07:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sdudoladov sdudoladov sdudoladov left review comments

@FxKu FxKu FxKu left review comments

@avaczi avaczi Awaiting requested review from avaczi

@CyberDem0n CyberDem0n Awaiting requested review from CyberDem0n

@Jan-M Jan-M Awaiting requested review from Jan-M Jan-M is a code owner

@RafiaSabih RafiaSabih Awaiting requested review from RafiaSabih

Assignees
No one assigned
Labels
bug zalando
Projects
None yet
Milestone
1.5
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@erthalion @FxKu @sdudoladov