psw docs and config changes related to

Jeff McCormick · Jeff McCormick · commit 58e80a921e2b · 2017-09-14T11:52:12.000-05:00
diff --git a/client/cmd/psw.go b/client/cmd/psw.go
@@ -26,7 +26,7 @@ import (
 	"github.com/crunchydata/postgres-operator/operator/util"
 	//"github.com/crunchydata/postgres-operator/tpr"
 	"github.com/spf13/cobra"
-	//"github.com/spf13/viper"
+	"github.com/spf13/viper"
 	//"io/ioutil"
 	//kerrors "k8s.io/apimachinery/pkg/api/errors"
 	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -47,6 +47,11 @@ type PswResult struct {
 	ConnDetails   ConnInfo
 }
 
+const DEFAULT_AGE_DAYS = 365
+const DEFAULT_PSW_LEN = 8
+
+var PasswordAgeDays, PasswordLength int
+
 var Expired string
 var UpdatePasswords bool
 
@@ -71,6 +76,7 @@ func init() {
 	pswCmd.Flags().StringVarP(&Selector, "selector", "s", "", "The selector to use for cluster filtering ")
 	pswCmd.Flags().StringVarP(&Expired, "expired", "e", "", "--expired=7 shows passwords that will expired in 7 days")
 	pswCmd.Flags().BoolVarP(&UpdatePasswords, "update-passwords", "u", false, "--update-passwords performs password updating on expired passwords")
+	getDefaults()
 
 }
 
@@ -103,8 +109,8 @@ func passwordManager() {
 				for _, v := range results {
 					fmt.Printf("RoleName %s Role Valid Until %s\n", v.Rolname, v.Rolvaliduntil)
 					if UpdatePasswords {
-						newPassword := util.GeneratePassword(8)
-						newExpireDate := GeneratePasswordExpireDate(60)
+						newPassword := util.GeneratePassword(PasswordLength)
+						newExpireDate := GeneratePasswordExpireDate(PasswordAgeDays)
 						err = updatePassword(v, newPassword, newExpireDate)
 						if err != nil {
 							fmt.Println("error in updating password")
@@ -246,3 +252,20 @@ func GeneratePasswordExpireDate(daysFromNow int) string {
 	return futureTime.Format("2006-01-02")
 
 }
+
+func getDefaults() {
+	PasswordAgeDays = DEFAULT_AGE_DAYS
+	PasswordLength = DEFAULT_PSW_LEN
+	str := viper.GetString("CLUSTER.PASSWORD_AGE_DAYS")
+	if str != "" {
+		PasswordAgeDays, _ = strconv.Atoi(str)
+		log.Debugf("PasswordAgeDays set to %d\n", PasswordAgeDays)
+
+	}
+	str = viper.GetString("CLUSTER.PASSWORD_LENGTH")
+	if str != "" {
+		PasswordLength, _ = strconv.Atoi(str)
+		log.Debugf("PasswordLength set to %d\n", PasswordLength)
+	}
+
+}
diff --git a/client/cmd/root.go b/client/cmd/root.go
@@ -217,5 +217,21 @@ func validateConfig() {
 			os.Exit(2)
 		}
 	}
+	passwordAge := viper.GetString("CLUSTER.PASSWORD_AGE_DAYS")
+	if passwordAge != "" {
+		_, err := resource.ParseQuantity(passwordAge)
+		if err != nil {
+			log.Error("CLUSTER.PASSWORD_AGE not a valid quantity")
+			os.Exit(2)
+		}
+	}
+	passwordLen := viper.GetString("CLUSTER.PASSWORD_LENGTH")
+	if passwordLen != "" {
+		_, err := resource.ParseQuantity(passwordLen)
+		if err != nil {
+			log.Error("CLUSTER.PASSWORD_LENGTH not a valid quantity")
+			os.Exit(2)
+		}
+	}
 
 }
diff --git a/docs/config.asciidoc b/docs/config.asciidoc
@@ -38,6 +38,8 @@ CLUSTER:
   STRATEGY:  1
   REPLICAS:  0
   POLICIES:  policy1,policy2
+  PASSWORD_AGE_DAYS:  60
+  PASSWORD_LENGTH:  8
 MASTER_STORAGE:
   PVC_NAME:  crunchy-pvc
   STORAGE_CLASS:  standard
@@ -85,6 +87,8 @@ Values in the pgo configuration file have the following meaning:
 |CLUSTER.STRATEGY        | sets the deployment strategy to be used for deploying a cluster, currently there is only strategy *1*
 |CLUSTER.REPLICAS        | the number of cluster replicas to create for newly created clusters
 |CLUSTER.POLICIES        | optional, list of policies to apply to a newly created cluster, comma separated, must be valid policies in the catalog
+|CLUSTER.PASSWORD_AGE_DAYS        | optional, if set, will set the VALID UNTIL date on passwords to this many days in the future when creating users or setting passwords, defaults to 365 days
+|CLUSTER.PASSWORD_LENGTH        | optional, if set, will determine the password length used when creating passwords, defaults to 8
 |MASTER_STORAGE.PVC_NAME        |for the master postgres deployment, if set, the PVC to use for created databases, used when the storage type is *existing*
 |MASTER_STORAGE.STORAGE_CLASS        |for the master postgres deployment, for a dynamic storage type, you can specify the storage class used for storage provisioning(e.g. standard, gold, fast)
 |MASTER_STORAGE.PVC_ACCESS_MODE        |for the master postgres deployment, the access mode for new PVCs (e.g. ReadWriteMany, ReadWriteOnce)
diff --git a/examples/pgo.yaml.emptydir b/examples/pgo.yaml.emptydir
@@ -9,6 +9,8 @@ CLUSTER:
   PG_PASSWORD:  password
   PG_DATABASE:  userdb
   PG_ROOT_PASSWORD:  password
+  PASSWORD_AGE_DAYS:  60
+  PASSWORD_LENGTH:  8
   STRATEGY:  1
   REPLICAS:  0
 MASTER_STORAGE:
diff --git a/examples/pgo.yaml.nfs b/examples/pgo.yaml.nfs
@@ -9,6 +9,8 @@ CLUSTER:
   PG_PASSWORD:  password
   PG_DATABASE:  userdb
   PG_ROOT_PASSWORD:  password
+  PASSWORD_AGE_DAYS:  60
+  PASSWORD_LENGTH:  8
   STRATEGY:  1
   REPLICAS:  0
 MASTER_STORAGE:
diff --git a/examples/pgo.yaml.storageclass b/examples/pgo.yaml.storageclass
@@ -9,6 +9,8 @@ CLUSTER:
   PG_PASSWORD:  password
   PG_DATABASE:  userdb
   PG_ROOT_PASSWORD:  password
+  PASSWORD_AGE_DAYS:  60
+  PASSWORD_LENGTH:  8
   STRATEGY:  1
   REPLICAS:  0
 MASTER_STORAGE:
