search

graphprotocol / graph-node

Graph Node indexes data from blockchains such as Ethereum and serves it over GraphQL
https://thegraph.com
Apache License 2.0
2.89k stars 962 forks source link

graph-node won't work with PGPASSFILE environment variable #4336

Open endersonmaia opened 1 year ago

endersonmaia commented 1 year ago

Do you want to request a feature or report a bug?

I think it's a BUG.

What is the current behavior?

Trying to configure graph-node inside a Kubernetes Pod that will connect to a PostgreSQL database using the PGPASSFILE, so that I don't need to place the password inside the config file.

If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.

If I define the connection string as connection="postgres://username@hostname:port/database" without the password, and defining a file with the folowing content:

/.pgpassfile (0600)

hostname:port:database:username:mysuperpassword

Confusing messages, postgres and graph-node says they failed to authenticate but then graph-node says it connects and finishes the migrations ? :thinking: 

postgres_1    | 2023-02-03 16:56:09.578 UTC [57] FATAL:  password authentication failed for user "graph-node"
postgres_1    | 2023-02-03 16:56:09.578 UTC [57] DETAIL:  Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
graph-node_1  | Feb 03 16:56:09.579 ERRO Failed to connect notification listener: db error: FATAL: password authentication failed for user "graph-node", retry_delay_s: 1, attempt: 0, channel: store_events, component: NotificationListener
graph-node_1  | Feb 03 16:56:09.579 INFO Connecting to Postgres, weight: 1, conn_pool_size: 10, url: postgresql://graph-node@postgres:5432/graph-node?sslmode=prefer, pool: main, shard: primary
graph-node_1  | Feb 03 16:56:09.580 INFO Pool successfully connected to Postgres, pool: main, shard: primary, component: Store
graph-node_1  | Feb 03 16:56:09.596 INFO Setting up fdw, pool: main, shard: primary, component: ConnectionPool
graph-node_1  | Feb 03 16:56:09.612 INFO Running migrations, pool: main, shard: primary, component: ConnectionPool
graph-node_1  | Feb 03 16:56:09.614 INFO Migrations finished, pool: main, shard: primary, component: ConnectionPool

And an ENV PGPASSFILE=/.pgpassfile, should be enough to make the connection.

PGPASSFILE will support any combination of credentials with a unique tuple hostname:port:database:username and lookup its password.

What is the expected behavior?

The expected behavior is for graph-node supports connecting to PostgreSQL database with password defined via PGPASSFILE.

Sources: https://www.postgresql.org/docs/13/libpq-pgpass.html

github-actions[bot] commented 1 year ago

Looks like this issue has been open for 6 months with no activity. Is it still relevant? If not, please remember to close it.