add --password to user commands for updating passwords to user specified password

jmccormick2001 · jmccormick2001 · commit 0e358401d4a9 · 2018-09-25T15:02:37.000-04:00
diff --git a/apiserver/clusterservice/clusterimpl.go b/apiserver/clusterservice/clusterimpl.go
@@ -375,7 +375,7 @@ func query(dbUser, dbHost, dbPort, database, dbPassword string) bool {
 	var err error
 
 	connString := "sslmode=disable user=" + dbUser + " host=" + dbHost + " port=" + dbPort + " dbname=" + database + " password=" + dbPassword
-	log.Debugf("connString=%s", connString)
+	//log.Debugf("connString=%s", connString)
 
 	conn, err = sql.Open("postgres", connString)
 	if err != nil {
@@ -1066,7 +1066,7 @@ func validateBackrestConfig(labels map[string]string) error {
 			//check the global configmap here
 			_, found := kubeapi.GetConfigMap(apiserver.Clientset, util.GLOBAL_CUSTOM_CONFIGMAP, apiserver.Namespace)
 			if !found {
-				log.Debugf("%s was not found", util.GLOBAL_CUSTOM_CONFIGMAP )
+				log.Debugf("%s was not found", util.GLOBAL_CUSTOM_CONFIGMAP)
 				return errors.New(util.GLOBAL_CUSTOM_CONFIGMAP + " global configmap or --custom-config flag not set, one of these is required for enabling pgbackrest")
 			}
 
diff --git a/apiserver/userservice/userimpl.go b/apiserver/userservice/userimpl.go
@@ -149,7 +149,7 @@ func User(request *msgs.UserRequest) msgs.UserResponse {
 							if err != nil {
 								log.Error("error in updating password")
 							}
-							log.Debug("new password for %s is %s new expiration is %s\n", v.Rolname, newPassword, newExpireDate)
+							//log.Debug("new password for %s is %s new expiration is %s\n", v.Rolname, newPassword, newExpireDate)
 						}
 					}
 				} else {
@@ -227,7 +227,7 @@ func updatePassword(clusterName string, p connInfo, username, newPassword, passw
 	//var ts string
 	var rows *sql.Rows
 	querystr := "ALTER user " + username + " PASSWORD '" + newPassword + "'"
-	log.Debug(querystr)
+	//log.Debug(querystr)
 	rows, err = conn.Query(querystr)
 	if err != nil {
 		log.Debug(err.Error())
@@ -356,7 +356,7 @@ func getPostgresUserInfo(namespace, clusterName string) connInfo {
 }
 
 // addUser ...
-func addUser(UserDBAccess, namespace, clusterName string, info connInfo, newUser string, ManagedUser bool) error {
+func addUser(request *msgs.CreateUserRequest, namespace, clusterName string, info connInfo) error {
 	var conn *sql.DB
 	var err error
 
@@ -368,18 +368,18 @@ func addUser(UserDBAccess, namespace, clusterName string, info connInfo, newUser
 
 	var rows *sql.Rows
 
-	querystr := "create user " + newUser
+	querystr := "create user " + request.Name
 	log.Debug(querystr)
 	rows, err = conn.Query(querystr)
 	if err != nil {
 		log.Error(err.Error())
 		return err
 	}
 
-	if UserDBAccess != "" {
-		querystr = "grant all on database " + UserDBAccess + " to  " + newUser
+	if request.UserDBAccess != "" {
+		querystr = "grant all on database " + request.UserDBAccess + " to  " + request.Name
 	} else {
-		querystr = "grant all on database userdb to  " + newUser
+		querystr = "grant all on database userdb to  " + request.Name
 	}
 	log.Debug(querystr)
 	rows, err = conn.Query(querystr)
@@ -398,8 +398,11 @@ func addUser(UserDBAccess, namespace, clusterName string, info connInfo, newUser
 	}()
 
 	//add a secret if managed
-	if ManagedUser {
-		err = util.CreateUserSecret(apiserver.Clientset, clusterName, newUser, info.Password, namespace)
+	if request.ManagedUser {
+		if request.Password != "" {
+			info.Password = request.Password
+		}
+		err = util.CreateUserSecret(apiserver.Clientset, clusterName, request.Name, info.Password, namespace)
 		if err != nil {
 			log.Error(err.Error())
 			return err
@@ -494,7 +497,7 @@ func CreateUser(request *msgs.CreateUserRequest) msgs.CreateUserResponse {
 	for _, c := range clusterList.Items {
 		info := getPostgresUserInfo(apiserver.Namespace, c.Name)
 
-		err = addUser(request.UserDBAccess, apiserver.Namespace, c.Name, info, request.Name, request.ManagedUser)
+		err = addUser(request, apiserver.Namespace, c.Name, info)
 		if err != nil {
 			resp.Status.Code = msgs.Error
 			resp.Status.Msg = err.Error()
@@ -505,6 +508,9 @@ func CreateUser(request *msgs.CreateUserRequest) msgs.CreateUserResponse {
 			resp.Results = append(resp.Results, msg)
 		}
 		newPassword := util.GeneratePassword(defaultPasswordLength)
+		if request.Password != "" {
+			newPassword = request.Password
+		}
 		newExpireDate := GeneratePasswordExpireDate(request.PasswordAgeDays)
 
 		pgbouncer := c.Spec.UserLabels[util.LABEL_PGBOUNCER] == "true"
@@ -723,3 +729,4 @@ func reconfigurePgpool(clusterName string) error {
 	}
 	return err
 }
+
diff --git a/apiservermsgs/usermsgs.go b/apiservermsgs/usermsgs.go
@@ -26,6 +26,7 @@ type UserRequest struct {
 	Namespace             string
 	PasswordAgeDays       int
 	ChangePasswordForUser string
+	Password              string
 	DeleteUser            string
 	ValidDays             string
 	UserDBAccess          string
@@ -52,6 +53,7 @@ type UserResponse struct {
 type CreateUserRequest struct {
 	Name            string
 	Selector        string
+	Password        string
 	ManagedUser     bool
 	UserDBAccess    string
 	PasswordAgeDays int
diff --git a/pgo/cmd/create.go b/pgo/cmd/create.go
@@ -226,6 +226,7 @@ func init() {
 	createPolicyCmd.Flags().StringVarP(&PolicyFile, "in-file", "", "", "The policy file path to use for adding a policy.")
 
 	createUserCmd.Flags().StringVarP(&Selector, "selector", "s", "", "The selector to use for cluster filtering.")
+	createUserCmd.Flags().StringVarP(&Password, "password", "", "", "The password to use for creating a new user which overrides a generated password.")
 	createUserCmd.Flags().BoolVarP(&ManagedUser, "managed", "", false, "Creates a user with secrets that can be managed by the Operator.")
 	createUserCmd.Flags().StringVarP(&UserDBAccess, "db", "", "", "Grants the user access to a database.")
 	createUserCmd.Flags().IntVarP(&PasswordAgeDays, "valid-days", "", 30, "Sets passwords for new users to X days.")
diff --git a/pgo/cmd/user.go b/pgo/cmd/user.go
@@ -56,7 +56,7 @@ var userCmd = &cobra.Command{
 
 	pgo user --selector=name=mycluster --update-passwords
 	pgo user --expired=7 --selector=name=mycluster
-	pgo user --change-password=bob --selector=name=mycluster`,
+	pgo user --change-password=bob --selector=name=mycluster --password=newpass`,
 	Run: func(cmd *cobra.Command, args []string) {
 		log.Debug("user called")
 		userManager()
@@ -71,6 +71,7 @@ func init() {
 	userCmd.Flags().IntVarP(&PasswordAgeDays, "valid-days", "", 30, "Sets passwords for new users to X days.")
 	userCmd.Flags().StringVarP(&ChangePasswordForUser, "change-password", "", "", "Updates the password for a user on selective clusters.")
 	userCmd.Flags().StringVarP(&UserDBAccess, "db", "", "", "Grants the user access to a database.")
+	userCmd.Flags().StringVarP(&Password, "password", "", "", "Specifies the user password when updating a user password or creating a new user.")
 	userCmd.Flags().BoolVarP(&UpdatePasswords, "update-passwords", "", false, "Performs password updating on expired passwords.")
 	userCmd.Flags().BoolVarP(&ManagedUser, "managed", "", false, "Creates a user with secrets that can be managed by the Operator.")
 
@@ -81,6 +82,7 @@ func userManager() {
 
 	request := msgs.UserRequest{}
 	request.Selector = Selector
+	request.Password = Password
 	request.PasswordAgeDays = PasswordAgeDays
 	request.ChangePasswordForUser = ChangePasswordForUser
 	request.DeleteUser = DeleteUser
@@ -124,6 +126,7 @@ func createUser(args []string) {
 	r := new(msgs.CreateUserRequest)
 	r.Name = args[0]
 	r.Selector = Selector
+	r.Password = Password
 	r.ManagedUser = ManagedUser
 	r.UserDBAccess = UserDBAccess
 	r.PasswordAgeDays = PasswordAgeDays
