Add POSTGRES_PASSWORD and USER, with warning on no password

[yosifkit]

Fixes #31

[tianon]

Lowercase/camel for "local" vars please. 👍 (and in that case, type is already an instruction so you'll need to choose a new word like op or something 😄)

[tianon]

Approach seems sane to me, just mostly minor style nits! 👍

[md5]

Won't this fail in the case that POSTGRES_USER != 'postgres' and POSTGRES_PASSWORD is blank? It will add a line to pg_hba.conf for a user that doesn't exist.

[tianon]

Ahahaha, good catch @md5.

[md5]

👐

[mmarzantowicz]

Can we add quotes here? It's more symmetrical
if [ "$POSTGRES_USER" = "postgres" ]; then

[yosifkit]

Fixed many nits; fixed specifying user and no pass.

[tianon]

To be consistent, shouldn't this be down in the else with authMethod=trust ?

[tianon]

LGTM other than that one minor consistency nit

[tianon]

LGTM

[yosifkit]

Fixed! (and a sneak version bump to 9.4 for rc1)

[md5]

Nice. Do you think this will be up in the Registry today? I'll build a new version of my postgis image once it is to pick up the changes.

[yosifkit]

👍, I am working on the docs for it and I'll poke @tianon to make the PR for official-images.

[jcf]

This caused a small issue for us. We were using a specific user to connect to the database, and that user was blocked by this change.

The solution we opted for (as this is a development environment) was to use a single user for everything, but in production we of course do things differently.

[mmarzantowicz]

You can also create additional users and databases during container initialization (in custom script).

[dcosson]

This also broke our dev environment, we have a couple different users in our setup to mirror prod and now it seems to be not possible to use this postgres container with multiple remote users. Or is there a way I'm not thinking of?

Can you make it an option to use host all all 0.0.0.0/0 md5 as the line in pg_hba.conf?

[mmarzantowicz]

@dcosson what about creating user accounts with passwords for that users? Optionally you can add your own custom line to pg_hba.conf (please see #23).

[tianon]

Indeed. Also, pg_hba.conf lives in the data directory, so you can even provide an entirely custom pg_hba.conf after the database is initialized.

[dcosson]

@mmarzantowicz sorry not sure I understand, we do create user accounts with passwords but we have multiple user accounts and it looks like the entrypoint script will only allow access by 1 user via the POSTGRES_USER env variable.

Otherwise we can do as suggested using the hook in PR #23

[yosifkit]

@dcosson, if you need more than the one account created by POSTGRES_USER then you will need to add the other users in init scripts as you noted, but you will also need to add lines to pg_hba.conf or replace it with your own file like @tianon suggested.

[dcosson]

Makes sense, thanks for the replies.