From e2f338ed8f35b9d75bed4377f574bcc642fc8b20 Mon Sep 17 00:00:00 2001 From: Philipp Eberle Date: Fri, 2 Aug 2024 09:10:12 +0200 Subject: [PATCH 1/4] Update default password hashing algorithm --- api/v1/postgres_types.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/api/v1/postgres_types.go b/api/v1/postgres_types.go index b16703c3..6e26b623 100644 --- a/api/v1/postgres_types.go +++ b/api/v1/postgres_types.go @@ -84,6 +84,7 @@ const ( defaultPostgresParamValueWalKeepSegments = "64" defaultPostgresParamValueWalKeepSize = "1GB" defaultPostgresParamValuePGStatStatementsMax = "500" + defaultPostgresParamValuePasswordEncryption = "scram-sha-256" // PostgresAutoAssignedIPNamePrefix a prefix to add to the generated random name PostgresAutoAssignedIPNamePrefix = "pgaas-autoassign-" @@ -982,6 +983,8 @@ func setDefaultPostgresParams(parameters map[string]string, version string) { } parameters["pg_stat_statements.max"] = defaultPostgresParamValuePGStatStatementsMax + + parameters["password_encryption"] = defaultPostgresParamValuePasswordEncryption } // setPostgresParams add the provided params to the parameter map (but ignore params that are blocked) From fc971ff18e085e88246764a36acf23483b7d5b69 Mon Sep 17 00:00:00 2001 From: Philipp Eberle Date: Fri, 2 Aug 2024 09:15:10 +0200 Subject: [PATCH 2/4] Tell the linter that this is not a password --- api/v1/postgres_types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/v1/postgres_types.go b/api/v1/postgres_types.go index 6e26b623..f0c3fc6f 100644 --- a/api/v1/postgres_types.go +++ b/api/v1/postgres_types.go @@ -84,7 +84,7 @@ const ( defaultPostgresParamValueWalKeepSegments = "64" defaultPostgresParamValueWalKeepSize = "1GB" defaultPostgresParamValuePGStatStatementsMax = "500" - defaultPostgresParamValuePasswordEncryption = "scram-sha-256" + defaultPostgresParamValuePasswordEncryption = "scram-sha-256" // nolint // PostgresAutoAssignedIPNamePrefix a prefix to add to the generated random name PostgresAutoAssignedIPNamePrefix = "pgaas-autoassign-" From daadf2f63c88e9aadfcb7f74ba6fcb49d7e13cec Mon Sep 17 00:00:00 2001 From: Philipp Eberle Date: Thu, 31 Oct 2024 11:28:21 +0100 Subject: [PATCH 3/4] Sort alphabetically --- api/v1/postgres_types.go | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/api/v1/postgres_types.go b/api/v1/postgres_types.go index d75e4651..49937ff9 100644 --- a/api/v1/postgres_types.go +++ b/api/v1/postgres_types.go @@ -959,12 +959,13 @@ func enableAuditLogs(parameters map[string]string) { // setDefaultPostgresParams configures default keepalive values func setDefaultPostgresParams(parameters map[string]string, version string) { // set default parameters - parameters["tcp_keepalives_idle"] = defaultPostgresParamValueTCPKeepAlivesIdle - parameters["tcp_keepalives_interval"] = defaultPostgresParamValueTCPKeepAlivesInterval parameters["log_file_mode"] = defaultPostgresParamValueLogFileMode - - parameters["ssl_prefer_server_ciphers"] = defaultPostgresParamValueSSLPreferServerCiphers + parameters["password_encryption"] = defaultPostgresParamValuePasswordEncryption + parameters["pg_stat_statements.max"] = defaultPostgresParamValuePGStatStatementsMax parameters["ssl_ciphers"] = defaultPostgresParamValueSSLCiphers + parameters["ssl_prefer_server_ciphers"] = defaultPostgresParamValueSSLPreferServerCiphers + parameters["tcp_keepalives_idle"] = defaultPostgresParamValueTCPKeepAlivesIdle + parameters["tcp_keepalives_interval"] = defaultPostgresParamValueTCPKeepAlivesInterval // set version specific parameters v, err := strconv.Atoi(version) @@ -981,10 +982,6 @@ func setDefaultPostgresParams(parameters map[string]string, version string) { } else { parameters["wal_keep_segments"] = defaultPostgresParamValueWalKeepSegments } - - parameters["pg_stat_statements.max"] = defaultPostgresParamValuePGStatStatementsMax - - parameters["password_encryption"] = defaultPostgresParamValuePasswordEncryption } // setPostgresParams add the provided params to the parameter map (but ignore params that are blocked) From b16715301f2a051317203ecc95d706f74138f79e Mon Sep 17 00:00:00 2001 From: Philipp Eberle Date: Thu, 31 Oct 2024 11:31:15 +0100 Subject: [PATCH 4/4] Add additional logging params --- api/v1/postgres_types.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/api/v1/postgres_types.go b/api/v1/postgres_types.go index 49937ff9..ce95330f 100644 --- a/api/v1/postgres_types.go +++ b/api/v1/postgres_types.go @@ -85,6 +85,9 @@ const ( defaultPostgresParamValueWalKeepSize = "1GB" defaultPostgresParamValuePGStatStatementsMax = "500" defaultPostgresParamValuePasswordEncryption = "scram-sha-256" // nolint + defaultPostgresParamValueLogMinErrorStatement = "WARNING" + defaultPostgresParamValueLogErrorVerbosity = "VERBOSE" + defaultPostgresParamValueLogLinePrefix = "%m [%p]: [%l-1] db=%d,user=%u,app=%a,client=%h " // PostgresAutoAssignedIPNamePrefix a prefix to add to the generated random name PostgresAutoAssignedIPNamePrefix = "pgaas-autoassign-" @@ -959,7 +962,10 @@ func enableAuditLogs(parameters map[string]string) { // setDefaultPostgresParams configures default keepalive values func setDefaultPostgresParams(parameters map[string]string, version string) { // set default parameters + parameters["log_error_verbosity"] = defaultPostgresParamValueLogErrorVerbosity parameters["log_file_mode"] = defaultPostgresParamValueLogFileMode + parameters["log_line_prefix"] = defaultPostgresParamValueLogLinePrefix + parameters["log_min_error_statement"] = defaultPostgresParamValueLogMinErrorStatement parameters["password_encryption"] = defaultPostgresParamValuePasswordEncryption parameters["pg_stat_statements.max"] = defaultPostgresParamValuePGStatStatementsMax parameters["ssl_ciphers"] = defaultPostgresParamValueSSLCiphers