cortex icon indicating copy to clipboard operation
cortex copied to clipboard
verified publisher icon cortexproject

Configsdb: postgres auth fails after v1.15.0

Open friedrichg opened this issue 2 years ago • 4 comments

Describe the bug Configs: postgres auth fails after https://github.com/cortexproject/cortex/commit/1fed98a142b5077c3776e8d3def9992a8c8ae724

Configs is not ignoring the end line in password file anymore.

To Reproduce Steps to reproduce the behavior:

  1. Start Postgres with password enabled
docker run --rm -p 5432:5432 -e POSTGRES_PASSWORD=pass postgres:12-alpine -d postgres
  1. Create password file with end line
echo pass > password
  1. Start cortex with target configs
docker run --network=host -v $PWD/password:/password cortexproject/cortex:master-1fed98a -configs.database.uri=postgres://[email protected]/postgres?sslmode=disable -configs.database.password-file=password -target=configs
  1. See error authenticating:
level=info ts=2023-07-07T16:31:56.030503Z caller=main.go:194 msg="Starting Cortex" version="(version=1.14.0, branch=master, revision=1fed98a)"
level=info ts=2023-07-07T16:31:56.03981Z caller=server.go:306 http=[::]:80 grpc=[::]:9095 msg="server listening on addresses"
level=warn ts=2023-07-07T16:31:56.056675Z caller=postgres.go:62 msg="db connection not established, retrying..." err="pq: password authentication failed for user \"postgres\""

Previous commit works fine https://github.com/cortexproject/cortex/commit/a602a7f2825fcdd1336d16a170d551bee7a49c8b

docker run --network=host -v $PWD/password:/password cortexproject/cortex:master-a602a7f -configs.database.uri=postgres://[email protected]/postgres?sslmode=disable -configs.database.password-file=password -target=configs

Expected behavior Auth should work. We should remove end lines after the password, so password works. I doubt anybody is using end lines as part of the password.

Additional Context

lib/pq is more pedantic after https://github.com/lib/pq/commit/072e83d238c297c71cab11154695af301010031e and probably for good reasons.

The workaround is to create the password file without the end line:

echo -n pass > password
...

friedrichg avatar Jul 07 '23 16:07 friedrichg

@friedrichg Shall we revert that version? Or it is expected for the new version of library and it is not considered as a bug

yeya24 avatar Jul 10 '23 06:07 yeya24

I think the updated library is working better now, we should just sanitize the password before sending it to the library, that's it

friedrichg avatar Jul 10 '23 08:07 friedrichg

@friedrichg @yeya24 I gave this issue a good look and came up with a solution, please correct me if I'm wrong. Would adding password := strings.TrimSpace(string(passwordBytes)) to get rid of whitespaces and endlines in db.go file help here? If this looks good then I'll go ahead and open a PR for this.

moki1202 avatar Jul 25 '23 11:07 moki1202

If this looks good then I'll go ahead and open a PR for this. @moki1202 yeah that looks fine, go ahead please

friedrichg avatar Aug 05 '23 13:08 friedrichg

Is this issue still open?

Yaxhveer avatar May 02 '24 17:05 Yaxhveer