From cf7b8dbb3d72f5c295b4817baa0a4bcbe6e918f3 Mon Sep 17 00:00:00 2001
From: Doug Aaser <douglas.aaser@att.com>
Date: Thu, 23 Jan 2020 20:09:26 +0000
Subject: [PATCH] Add explicit admin user to Patroni

In this PS we explicitly define the admin user rather than letting
patroni use the default username and password.

Change-Id: I9885314902c3a60e709f96e2850a719ff9586b3d
---
 postgresql/templates/statefulset.yaml |  4 ++--
 postgresql/values.yaml                | 10 ++++++++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/postgresql/templates/statefulset.yaml b/postgresql/templates/statefulset.yaml
index aa372ab563..b0e257eba0 100644
--- a/postgresql/templates/statefulset.yaml
+++ b/postgresql/templates/statefulset.yaml
@@ -328,9 +328,9 @@ spec:
               value: $(PATRONI_KUBERNETES_POD_IP):{{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
             - name: PATRONI_POSTGRESQL_LISTEN
               value: 0.0.0.0:{{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-            - name: PATRONI_admin_PASSWORD
+            - name: PATRONI_{{ .Values.endpoints.postgresql.auth.admin.username }}_PASSWORD
               value: $(PATRONI_SUPERUSER_PASSWORD)
-            - name: PATRONI_admin_OPTIONS
+            - name: PATRONI_{{ .Values.endpoints.postgresql.auth.admin.username }}_OPTIONS
               value: 'createrole,createdb'
             - name: PGSSLROOTCERT
               value: {{ .Values.secrets.pki.client_cert_path }}/ca.crt
diff --git a/postgresql/values.yaml b/postgresql/values.yaml
index f3b58e4b6e..402d24d50e 100644
--- a/postgresql/values.yaml
+++ b/postgresql/values.yaml
@@ -237,6 +237,12 @@ conf:
       - name: {{ tuple "postgresql" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
         port: {{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
     bootstrap:
+      users:
+        {{ .Values.endpoints.postgresql.auth.admin.username }}:
+          password: {{ .Values.endpoints.postgresql.auth.admin.password }}
+          options:
+          - createrole
+          - createdb
       dcs:
         ttl: 30
         loop_wait: 10
@@ -294,6 +300,10 @@ conf:
            Patroni moves this directory to a backup under the parent directory
            (/var/lib/postgresql) under certain failure recovery scenarios, so
            /var/lib/postgres itself must be exposed to the pod as a pvc mount.*/}}
+      authentication:
+        superuser:
+          username: {{ .Values.endpoints.postgresql.auth.admin.username }}
+          password: {{ .Values.endpoints.postgresql.auth.admin.password }}
       data_dir: '{{ .Values.storage.mount.path }}/pgdata'
       pgpass: '{{ .Values.storage.mount.path }}/pgpass'
       callbacks: