From d4ad04e57fc8c50ff9d73cbe6f27f19d704a11c6 Mon Sep 17 00:00:00 2001
From: mazano <addloe@gmail.com>
Date: Fri, 2 Dec 2022 13:44:07 +0200
Subject: [PATCH] fix pg_hba (#396)

* fix unreported bug with mismatch values in pg_hba.conf and fix health check test
---
 docker-compose.yml      | 2 +-
 scripts/env-data.sh     | 2 +-
 scripts/setup-pg_hba.sh | 2 ++
 scripts/setup.sh        | 8 ++++++++
 4 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 481bf55..c557b13 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -23,7 +23,7 @@ services:
       - "5432"
     restart: on-failure
     healthcheck:
-      test: "exit 0"
+      test: "PGPASSWORD=docker pg_isready -h 127.0.0.1 -U docker -d gis"
 
   dbbackups:
     image: kartoza/pg-backup:15-3.3
diff --git a/scripts/env-data.sh b/scripts/env-data.sh
index 5255bfb..bdd82e2 100644
--- a/scripts/env-data.sh
+++ b/scripts/env-data.sh
@@ -418,7 +418,7 @@ function restart_postgres {
 function entry_point_script {
   SETUP_LOCKFILE="${SCRIPTS_LOCKFILE_DIR}/.entry_point.lock"
   # If lockfile doesn't exists, proceed.
-  if [[ ! -f "${SETUP_LOCKFILE}" ]] || [ "${IGNORE_INIT_HOOK_LOCKFILE}" =~ [Tt][Rr][Uu][Ee] ]; then
+  if [[ ! -f "${SETUP_LOCKFILE}" ]] || [[ "${IGNORE_INIT_HOOK_LOCKFILE}" =~ [Tt][Rr][Uu][Ee] ]]; then
       if find "/docker-entrypoint-initdb.d" -mindepth 1 -print -quit 2>/dev/null | grep -q .; then
           for f in /docker-entrypoint-initdb.d/*; do
           export PGPASSWORD=${POSTGRES_PASS}
diff --git a/scripts/setup-pg_hba.sh b/scripts/setup-pg_hba.sh
index 3a27d60..65d2afd 100644
--- a/scripts/setup-pg_hba.sh
+++ b/scripts/setup-pg_hba.sh
@@ -81,4 +81,6 @@ if [[ -z "$REPLICATE_FROM" ]]; then
 fi
 
 # Put lock file to make sure conf was not reinitialized
+export PASSWORD_AUTHENTICATION
+envsubst < $ROOT_CONF/pg_hba.conf > /tmp/pg_hba.conf && mv /tmp/pg_hba.conf $ROOT_CONF/pg_hba.conf
 touch ${SETUP_LOCKFILE}
diff --git a/scripts/setup.sh b/scripts/setup.sh
index 3ec65b0..e553ee6 100755
--- a/scripts/setup.sh
+++ b/scripts/setup.sh
@@ -7,4 +7,12 @@ source /scripts/env-data.sh
 
 # Create backup template for conf
 cat $CONF > $CONF.template
+
+# Create backup template for pg_hba.conf
+sed -i 's/scram-sha-256/${PASSWORD_AUTHENTICATION}/g' $ROOT_CONF/pg_hba.conf
+sed -i 's/md5/${PASSWORD_AUTHENTICATION}/g' $ROOT_CONF/pg_hba.conf
+
+
 cat $ROOT_CONF/pg_hba.conf > $ROOT_CONF/pg_hba.conf.template
+
+