Trying to configure graph-node inside a Kubernetes Pod that will connect to a PostgreSQL database using the PGPASSFILE, so that I don't need to place the password inside the config file.
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.
If I define the connection string as connection="postgres://username@hostname:port/database" without the password, and defining a file with the folowing content:
/.pgpassfile (0600)
hostname:port:database:username:mysuperpassword
Confusing messages, postgres and graph-node says they failed to authenticate but then graph-node says it connects and finishes the migrations ? :thinking:
postgres_1 | 2023-02-03 16:56:09.578 UTC [57] FATAL: password authentication failed for user "graph-node"
postgres_1 | 2023-02-03 16:56:09.578 UTC [57] DETAIL: Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
graph-node_1 | Feb 03 16:56:09.579 ERRO Failed to connect notification listener: db error: FATAL: password authentication failed for user "graph-node", retry_delay_s: 1, attempt: 0, channel: store_events, component: NotificationListener
graph-node_1 | Feb 03 16:56:09.579 INFO Connecting to Postgres, weight: 1, conn_pool_size: 10, url: postgresql://graph-node@postgres:5432/graph-node?sslmode=prefer, pool: main, shard: primary
graph-node_1 | Feb 03 16:56:09.580 INFO Pool successfully connected to Postgres, pool: main, shard: primary, component: Store
graph-node_1 | Feb 03 16:56:09.596 INFO Setting up fdw, pool: main, shard: primary, component: ConnectionPool
graph-node_1 | Feb 03 16:56:09.612 INFO Running migrations, pool: main, shard: primary, component: ConnectionPool
graph-node_1 | Feb 03 16:56:09.614 INFO Migrations finished, pool: main, shard: primary, component: ConnectionPool
And an ENV PGPASSFILE=/.pgpassfile, should be enough to make the connection.
PGPASSFILE will support any combination of credentials with a unique tuple hostname:port:database:username and lookup its password.
What is the expected behavior?
The expected behavior is for graph-node supports connecting to PostgreSQL database with password defined via PGPASSFILE.
Do you want to request a feature or report a bug?
I think it's a BUG.
What is the current behavior?
Trying to configure graph-node inside a Kubernetes Pod that will connect to a PostgreSQL database using the
PGPASSFILE
, so that I don't need to place the password inside the config file.If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.
If I define the connection string as
connection="postgres://username@hostname:port/database"
without the password, and defining a file with the folowing content:/.pgpassfile (0600)
Confusing messages, postgres and graph-node says they failed to authenticate but then graph-node says it connects and finishes the migrations ? :thinking:
And an ENV
PGPASSFILE=/.pgpassfile
, should be enough to make the connection.PGPASSFILE
will support any combination of credentials with a unique tuplehostname:port:database:username
and lookup its password.What is the expected behavior?
The expected behavior is for graph-node supports connecting to PostgreSQL database with password defined via
PGPASSFILE
.Sources: https://www.postgresql.org/docs/13/libpq-pgpass.html