Merge pull request #2516 from abrightwell/abrightwell-fix-devcontainer

Fix a few issues in `devcontainers`.

Author: jackc

.devcontainer/docker-compose.yml

@@ -21,6 +21,8 @@ services:
       PGPASSWORD: postgres
       PGDATABASE: pgx_test
       PGHOST: localhost
+      PGCLIENTENCODING: utf8
+
       # PGX test env vars target PG18 (port 5432) by default.
       # test.sh overrides these per-target.
       PGX_TEST_DATABASE: "host=localhost port=5432 user=postgres password=postgres dbname=pgx_test"
@@ -45,14 +47,16 @@ services:
       - ../testsetup/pg_ssl_init.sh:/docker-entrypoint-initdb.d/02-ssl-init.sh:ro
       - ../testsetup/pg_hba_devcontainer.conf:/etc/postgresql/pg_hba.conf:ro
       - ../testsetup/certs:/etc/postgresql/ssl:ro
+      - ../testsetup/postgresql_ssl.conf:/etc/postgresql/postgresql_ssl.conf:ro
       - pg-sockets:/var/run/postgresql
     network_mode: service:app
     environment:
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: postgres
       POSTGRES_DB: pgx_test
       POSTGRES_HOSTNAME: localhost
-    command: postgres -c port=5414 -c hba_file=/etc/postgresql/pg_hba.conf -c ssl=on -c ssl_cert_file=server.crt -c ssl_key_file=server.key -c ssl_ca_file=root.crt -c unix_socket_directories=/var/run/postgresql
+      PGPORT: 5414
+    command: postgres -c port=5414 -c hba_file=/etc/postgresql/pg_hba.conf -c unix_socket_directories=/var/run/postgresql
 
   postgres-15:
     image: postgres:15
@@ -63,14 +67,16 @@ services:
       - ../testsetup/pg_ssl_init.sh:/docker-entrypoint-initdb.d/02-ssl-init.sh:ro
       - ../testsetup/pg_hba_devcontainer.conf:/etc/postgresql/pg_hba.conf:ro
       - ../testsetup/certs:/etc/postgresql/ssl:ro
+      - ../testsetup/postgresql_ssl.conf:/etc/postgresql/postgresql_ssl.conf:ro
       - pg-sockets:/var/run/postgresql
     network_mode: service:app
     environment:
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: postgres
       POSTGRES_DB: pgx_test
       POSTGRES_HOSTNAME: localhost
-    command: postgres -c port=5415 -c hba_file=/etc/postgresql/pg_hba.conf -c ssl=on -c ssl_cert_file=server.crt -c ssl_key_file=server.key -c ssl_ca_file=root.crt -c unix_socket_directories=/var/run/postgresql
+      PGPORT: 5415
+    command: postgres -c port=5415 -c hba_file=/etc/postgresql/pg_hba.conf -c unix_socket_directories=/var/run/postgresql
 
   postgres-16:
     image: postgres:16
@@ -81,14 +87,16 @@ services:
       - ../testsetup/pg_ssl_init.sh:/docker-entrypoint-initdb.d/02-ssl-init.sh:ro
       - ../testsetup/pg_hba_devcontainer.conf:/etc/postgresql/pg_hba.conf:ro
       - ../testsetup/certs:/etc/postgresql/ssl:ro
+      - ../testsetup/postgresql_ssl.conf:/etc/postgresql/postgresql_ssl.conf:ro
       - pg-sockets:/var/run/postgresql
     network_mode: service:app
     environment:
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: postgres
       POSTGRES_DB: pgx_test
       POSTGRES_HOSTNAME: localhost
-    command: postgres -c port=5416 -c hba_file=/etc/postgresql/pg_hba.conf -c ssl=on -c ssl_cert_file=server.crt -c ssl_key_file=server.key -c ssl_ca_file=root.crt -c unix_socket_directories=/var/run/postgresql
+      PGPORT: 5416
+    command: postgres -c port=5416 -c hba_file=/etc/postgresql/pg_hba.conf -c unix_socket_directories=/var/run/postgresql
 
   postgres-17:
     image: postgres:17
@@ -99,14 +107,16 @@ services:
       - ../testsetup/pg_ssl_init.sh:/docker-entrypoint-initdb.d/02-ssl-init.sh:ro
       - ../testsetup/pg_hba_devcontainer.conf:/etc/postgresql/pg_hba.conf:ro
       - ../testsetup/certs:/etc/postgresql/ssl:ro
+      - ../testsetup/postgresql_ssl.conf:/etc/postgresql/postgresql_ssl.conf:ro
       - pg-sockets:/var/run/postgresql
     network_mode: service:app
     environment:
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: postgres
       POSTGRES_DB: pgx_test
       POSTGRES_HOSTNAME: localhost
-    command: postgres -c port=5417 -c hba_file=/etc/postgresql/pg_hba.conf -c ssl=on -c ssl_cert_file=server.crt -c ssl_key_file=server.key -c ssl_ca_file=root.crt -c unix_socket_directories=/var/run/postgresql
+      PGPORT: 5417
+    command: postgres -c port=5417 -c hba_file=/etc/postgresql/pg_hba.conf -c unix_socket_directories=/var/run/postgresql
 
   postgres-18:
     image: postgres:18
@@ -117,14 +127,15 @@ services:
       - ../testsetup/pg_ssl_init.sh:/docker-entrypoint-initdb.d/02-ssl-init.sh:ro
       - ../testsetup/pg_hba_devcontainer.conf:/etc/postgresql/pg_hba.conf:ro
       - ../testsetup/certs:/etc/postgresql/ssl:ro
+      - ../testsetup/postgresql_ssl.conf:/etc/postgresql/postgresql_ssl.conf:ro
       - pg-sockets:/var/run/postgresql
     network_mode: service:app
     environment:
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: postgres
       POSTGRES_DB: pgx_test
       POSTGRES_HOSTNAME: localhost
-    command: postgres -c hba_file=/etc/postgresql/pg_hba.conf -c ssl=on -c ssl_cert_file=server.crt -c ssl_key_file=server.key -c ssl_ca_file=root.crt -c unix_socket_directories=/var/run/postgresql
+    command: postgres -c hba_file=/etc/postgresql/pg_hba.conf -c unix_socket_directories=/var/run/postgresql
 
   cockroachdb:
     image: cockroachdb/cockroach:v25.4.4

testsetup/pg_ssl_init.sh

@@ -1,7 +1,14 @@
 #!/bin/bash
-# Docker initdb script: copies SSL certificates to PGDATA with correct permissions.
-# Runs as the postgres user during container initialization.
+# Docker initdb script: copies SSL certificates to PGDATA with correct
+# permissions and enables SSL. Runs as the postgres user during container
+# initialization.
 base64 -d /etc/postgresql/ssl/localhost.crt.b64 > "$PGDATA/server.crt"
 base64 -d /etc/postgresql/ssl/localhost.key.b64 > "$PGDATA/server.key"
 base64 -d /etc/postgresql/ssl/ca.pem.b64 > "$PGDATA/root.crt"
 chmod 600 "$PGDATA/server.key"
+
+# Append SSL config to postgresql.conf rather than using command-line flags,
+# because the docker entrypoint passes command-line args to the temporary server
+# it starts before initdb scripts run. That temp server would fail with ssl=on
+# since the cert files don't exist yet.
+cat /etc/postgresql/postgresql_ssl.conf >> "$PGDATA/postgresql.conf"

testsetup/postgresql_setup.sql

@@ -12,9 +12,14 @@ set password_encryption = 'scram-sha-256';
 create user pgx_pw with superuser PASSWORD 'secret';
 create user pgx_scram with superuser PASSWORD 'secret';
 create user pgx_oauth with superuser;
-\set whoami `whoami`
-create user :whoami with superuser; -- unix domain socket user
 
+-- When running in devcontainers, `whoami` will be `postgres`. Since the
+-- `postgres` user already exists, attempting to recreate it will fail.
+-- Therefore, we'll guard against that by no-op'ing if/when the user already
+-- exists and thereby not aborting the remaining setup.
+\set whoami `whoami`
+select format('create user %I with superuser', :'whoami')
+where not exists (select from pg_roles where rolname = :'whoami') \gexec
 
 -- The tricky test user, below, has to actually exist so that it can be used in a test
 -- of aclitem formatting. It turns out aclitems cannot contain non-existing users/roles.