Allow for Postgres system account user passwords to be updated

This introduces the "--set-system-account-password" flag to allow
for one to update the password for a PostgreSQL system account user.
The flag allows for an override as well as a safety mechanism for
one to think about the action they are going to partake in.

Issue: #2169

Author: jkatz

cmd/pgo/cmd/update.go

@@ -187,6 +187,7 @@ func init() {
 	UpdateUserCmd.Flags().BoolVar(&PasswordValidAlways, "valid-always", false, "Sets a password to never expire based on expiration time. Takes precedence over --valid-days")
 	UpdateUserCmd.Flags().BoolVar(&RotatePassword, "rotate-password", false, "Rotates the user's password with an automatically generated password. The length of the password is determine by either --password-length or the value set on the server, in that order.")
 	UpdateUserCmd.Flags().StringVarP(&Selector, "selector", "s", "", "The selector to use for cluster filtering.")
+	UpdateUserCmd.Flags().BoolVar(&ShowSystemAccounts, "set-system-account-password", false, "Allows for a system account password to be set.")
 }
 
 // UpdateCmd represents the update command

cmd/pgo/cmd/user.go

@@ -55,7 +55,8 @@ var PasswordLength int
 var PasswordValidAlways bool
 
 // ShowSystemAccounts enables the display of the PostgreSQL user accounts that
-// perform system functions, such as the "postgres" user
+// perform system functions, such as the "postgres" user, and for taking action
+// on these accounts
 var ShowSystemAccounts bool
 
 func createUser(args []string, ns string) {
@@ -366,20 +367,21 @@ func showUser(args []string, ns string) {
 func updateUser(clusterNames []string, namespace string) {
 	// set up the reuqest
 	request := msgs.UpdateUserRequest{
-		AllFlag:             AllFlag,
-		Clusters:            clusterNames,
-		Expired:             Expired,
-		ExpireUser:          ExpireUser,
-		ManagedUser:         ManagedUser,
-		Namespace:           namespace,
-		Password:            Password,
-		PasswordAgeDays:     PasswordAgeDays,
-		PasswordLength:      PasswordLength,
-		PasswordValidAlways: PasswordValidAlways,
-		PasswordType:        PasswordType,
-		RotatePassword:      RotatePassword,
-		Selector:            Selector,
-		Username:            strings.TrimSpace(Username),
+		AllFlag:                  AllFlag,
+		Clusters:                 clusterNames,
+		Expired:                  Expired,
+		ExpireUser:               ExpireUser,
+		ManagedUser:              ManagedUser,
+		Namespace:                namespace,
+		Password:                 Password,
+		PasswordAgeDays:          PasswordAgeDays,
+		PasswordLength:           PasswordLength,
+		PasswordValidAlways:      PasswordValidAlways,
+		PasswordType:             PasswordType,
+		RotatePassword:           RotatePassword,
+		Selector:                 Selector,
+		SetSystemAccountPassword: ShowSystemAccounts,
+		Username:                 strings.TrimSpace(Username),
 	}
 
 	// check to see if EnableLogin or DisableLogin is set. If so, set a value
@@ -391,8 +393,9 @@ func updateUser(clusterNames []string, namespace string) {
 	}
 
 	// check to see if this is a system account if a user name is passed in
-	if request.Username != "" && utiloperator.IsPostgreSQLUserSystemAccount(request.Username) {
-		fmt.Println("Error:", request.Username, "is a system account and cannot be used")
+	if request.Username != "" && utiloperator.IsPostgreSQLUserSystemAccount(request.Username) && !request.SetSystemAccountPassword {
+		fmt.Println("Error:", request.Username, "is a system account and cannot be used. "+
+			"You can override this with the \"--set-system-account-password\" flag.")
 		os.Exit(1)
 	}
 

docs/content/pgo-client/reference/pgo_update_user.md

@@ -32,27 +32,28 @@ pgo update user [flags]
 ### Options
 
 ```
-      --all                    all clusters.
-      --disable-login          Disables a PostgreSQL user from being able to log into the PostgreSQL cluster.
-      --enable-login           Enables a PostgreSQL user to be able to log into the PostgreSQL cluster.
-      --expire-user            Performs expiring a user if set to true.
-      --expired int            Updates passwords that will expire in X days using an autogenerated password.
-  -h, --help                   help for user
-  -o, --output string          The output format. Supported types are: "json"
-      --password string        Specifies the user password when updating a user password or creating a new user. If --rotate-password is set as well, --password takes precedence.
-      --password-length int    If no password is supplied, sets the length of the automatically generated password. Defaults to the value set on the server.
-      --password-type string   The type of password hashing to use.Choices are: (md5, scram-sha-256). This only takes effect if the password is being changed. (default "md5")
-      --rotate-password        Rotates the user's password with an automatically generated password. The length of the password is determine by either --password-length or the value set on the server, in that order.
-  -s, --selector string        The selector to use for cluster filtering.
-      --username string        Updates the postgres user on selective clusters.
-      --valid-always           Sets a password to never expire based on expiration time. Takes precedence over --valid-days
-      --valid-days int         Sets the number of days that a password is valid. Defaults to the server value.
+      --all                           all clusters.
+      --disable-login                 Disables a PostgreSQL user from being able to log into the PostgreSQL cluster.
+      --enable-login                  Enables a PostgreSQL user to be able to log into the PostgreSQL cluster.
+      --expire-user                   Performs expiring a user if set to true.
+      --expired int                   Updates passwords that will expire in X days using an autogenerated password.
+  -h, --help                          help for user
+  -o, --output string                 The output format. Supported types are: "json"
+      --password string               Specifies the user password when updating a user password or creating a new user. If --rotate-password is set as well, --password takes precedence.
+      --password-length int           If no password is supplied, sets the length of the automatically generated password. Defaults to the value set on the server.
+      --password-type string          The type of password hashing to use.Choices are: (md5, scram-sha-256). This only takes effect if the password is being changed. (default "md5")
+      --rotate-password               Rotates the user's password with an automatically generated password. The length of the password is determine by either --password-length or the value set on the server, in that order.
+  -s, --selector string               The selector to use for cluster filtering.
+      --set-system-account-password   Allows for a system account password to be set.
+      --username string               Updates the postgres user on selective clusters.
+      --valid-always                  Sets a password to never expire based on expiration time. Takes precedence over --valid-days
+      --valid-days int                Sets the number of days that a password is valid. Defaults to the server value.
 ```
 
 ### Options inherited from parent commands
 
 ```
-      --apiserver-url string     The URL for the PostgreSQL Operator apiserver that will process the request from the pgo client.
+      --apiserver-url string     The URL for the PostgreSQL Operator apiserver that will process the request from the pgo client. Note that the URL should **not** end in a '/'.
       --debug                    Enable additional output for debugging.
       --disable-tls              Disable TLS authentication to the Postgres Operator.
       --exclude-os-trust         Exclude CA certs from OS default trust store
@@ -66,4 +67,4 @@ pgo update user [flags]
 
 * [pgo update](/pgo-client/reference/pgo_update/)	 - Update a pgouser, pgorole, or cluster
 
-###### Auto generated by spf13/cobra on 1-Oct-2020
+###### Auto generated by spf13/cobra on 14-Jan-2021

internal/apiserver/userservice/userimpl.go

@@ -593,9 +593,10 @@ func UpdateUser(request *msgs.UpdateUserRequest, pgouser string) msgs.UpdateUser
 
 	// if this involes updating a specific PostgreSQL account, and it is a system
 	// account, return here
-	if request.Username != "" && util.IsPostgreSQLUserSystemAccount(request.Username) {
+	if request.Username != "" && util.IsPostgreSQLUserSystemAccount(request.Username) && !request.SetSystemAccountPassword {
 		response.Status.Code = msgs.Error
-		response.Status.Msg = fmt.Sprintf(errSystemAccountFormat, request.Username)
+		response.Status.Msg = fmt.Sprintf(errSystemAccountFormat, request.Username) +
+			" You can override this with the \"--set-system-account-password\" flag."
 		return response
 	}
 

pkg/apiservermsgs/usermsgs.go

@@ -129,7 +129,10 @@ type UpdateUserRequest struct {
 	PasswordValidAlways bool
 	RotatePassword      bool
 	Selector            string
-	Username            string
+	// SetSystemAccountPassword allows one to override the password for a
+	// designated system account
+	SetSystemAccountPassword bool
+	Username                 string
 }
 
 // UpdateUserResponse contains the response after an update user request