POSTGRES_PASSWORD required

The upstream PostgreSQL image now requires that POSTGRES_PASSWORD be set. This commit sets POSTGRES_PASSWORD to be the value of COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD if not set, or uses the Dockerfile default of password.
docker · Mar 27, 2020 · 8d2162b · 8d2162b
1 parent 389d8cb
commit 8d2162b
Showing 3 changed files with 19 additions and 13 deletions.
diff --git a/comanage-registry-postgres/Dockerfile b/comanage-registry-postgres/Dockerfile
@@ -36,7 +36,9 @@ ARG COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD
 
 ENV COMANAGE_REGISTRY_POSTGRES_DATABASE ${COMANAGE_REGISTRY_POSTGRES_DATABASE:-registry}
 ENV COMANAGE_REGISTRY_POSTGRES_USER ${COMANAGE_REGISTRY_POSTGRES_USER:-registry_user}
-ENV COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD ${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-}
+ENV COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD ${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-password}
+
+ENV POSTGRES_PASSWORD ${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-password}
 
 ENTRYPOINT ["/usr/local/bin/comanage-registry-postgres-entrypoint.sh"]
 

diff --git a/comanage-registry-postgres/README.md b/comanage-registry-postgres/README.md
@@ -71,11 +71,9 @@ The image supports the environment variables below and the `_FILE`
 `POSTGRES_PASSWORD`
 
 * Description: password for superuser
-* Required: no
-* Default: none
+* Required: yes
+* Default: value of COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD
 * Example: `l7cX28O3mt03y41EndjM`
-* Note: If you do not set a password for the superuser then
-any client with access to the container may connect to the database.
 
 `COMANAGE_REGISTRY_POSTGRES_DATABASE`
 
@@ -94,16 +92,15 @@ any client with access to the container may connect to the database.
 `COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD`
 
 * Description: password for database user
-* Required: no
-* Default: none
+* Required: yes
+* Default: `password`
 * Example: `5Aw9SzS4xqYi7daHw57c`
-* Note: If you do not set a password for the COmanage Registry user then
-any client with access to the container may connect to the database.
 
 ## Authentication
 
-If you do not set a password for the superuser or the COmanage Registry user then
-any client with access to the container may connect to the database.
+Authentication is not required to connect from within the container,
+but any client connecting from another host/container must provide
+a password.
 
 ## Ports
 
@@ -166,12 +163,14 @@ An example is
 docker run \
     -it \
     --rm \
-    --network temp_default \
+    --network _default \
     comanage-registry-postgres \
+    bash -c \
+    'PGPASSWORD="password" \
     pg_dump \
         -h comanage-registry-database \
         -U registry_user \
-        registry
+        registry'
 ```
 
 The output from the `pg_dump` command is sent to the stdout of the temporary

diff --git a/comanage-registry-postgres/comanage-registry-postgres-entrypoint.sh b/comanage-registry-postgres/comanage-registry-postgres-entrypoint.sh
@@ -34,4 +34,9 @@ if [[ -f "${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD_FILE}" ]]; then
     export COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD
 fi
 
+if [[ -z "${POSTGRES_PASSWORD}" && -z "${POSTGRES_PASSWORD_FILE}" ]]; then
+    POSTGRES_PASSWORD=${COMANAGE_REGISTRY_POSTGRES_USER_PASSWORD:-password}
+    export POSTGRES_PASSWORD
+fi
+
 exec "/docker-entrypoint.sh" "$@"