Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/postgresql-pgpool] encrypt health check passwords inside pgp… #74021

Merged
merged 2 commits into from
Oct 31, 2024
Merged

[bitnami/postgresql-pgpool] encrypt health check passwords inside pgp… #74021

merged 2 commits into from
Oct 31, 2024

Conversation

yukha-dw
Copy link
Contributor

@yukha-dw yukha-dw commented Oct 29, 2024
edited
Loading

Description of the change

Fix password leak sr_check_password and health_check_password on pgpool.conf (by default has 644 permission) using pg_enc and pg_md5.

Benefits

Hides sr_check_password & health_check_password

Possible drawbacks

No drawback

Applicable issues

Additional information

@github-actions github-actions bot added pgpool triage Triage is needed labels Oct 29, 2024
@github-actions github-actions bot requested a review from javsalgar October 29, 2024 08:42
@javsalgar javsalgar added verify Execute verification workflow for these changes in-progress labels Oct 29, 2024
@github-actions github-actions bot removed the triage Triage is needed label Oct 29, 2024
@github-actions github-actions bot removed the request for review from javsalgar October 29, 2024 09:39
@github-actions github-actions bot requested a review from dgomezleon October 29, 2024 09:40
dgomezleon
dgomezleon requested changes Oct 31, 2024
View reviewed changes
Copy link
Member

@dgomezleon dgomezleon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please test it using the docker-compose.yaml included in bitnami/pgpool? I executed a quick test building the image with these changes, a using it with the docker-compose. It kept showing these logs:

...
pgpool-1  | 2024-10-31 08:35:56.880: main pid 1: LOG:  find_primary_node: make_persistent_db_connection_noerror failed on node 0
pgpool-1  | 2024-10-31 08:35:56.882: main pid 1: LOG:  find_primary_node: make_persistent_db_connection_noerror failed on node 1
pgpool-1  | 2024-10-31 08:35:57.890: main pid 1: LOG:  find_primary_node: make_persistent_db_connection_noerror failed on node 0
pgpool-1  | 2024-10-31 08:35:57.892: main pid 1: LOG:  find_primary_node: make_persistent_db_connection_noerror failed on node 1
...

Also, values for sr_check_password and health_check_password were empty in pgpool.conf

bitnami/pgpool/4/debian-12/rootfs/opt/bitnami/scripts/libpgpool.sh Outdated Show resolved Hide resolved
@yukha-dw
Copy link
Contributor Author

@dgomezleon My bad, I've mistakenly put debug_execute. It was working fine because I used BITNAMI_DEBUG=true when test it

@yukha-dw yukha-dw force-pushed the fix/pgpool/encrypt-password-on-conf branch from 08cfb6b to 5747864 Compare October 31, 2024 09:30
@yukha-dw yukha-dw force-pushed the fix/pgpool/encrypt-password-on-conf branch from 5747864 to d7c01c4 Compare October 31, 2024 09:35
dgomezleon
dgomezleon approved these changes Oct 31, 2024
View reviewed changes
Copy link
Member

@dgomezleon dgomezleon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@dgomezleon dgomezleon merged commit a161996 into bitnami:main Oct 31, 2024
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgomezleon dgomezleon dgomezleon approved these changes

Assignees

@dgomezleon dgomezleon

Labels
pgpool solved verify Execute verification workflow for these changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yukha-dw @dgomezleon @javsalgar