Add roleEnableLogsAttr to prevent password leakage in logs

[MatthewPugliese]

Currently, when a new role is created, the logs output the password
2022-07-25 18:53:15.069 UTC [49] LOG: statement: CREATE ROLE "my_role" WITH ENCRYPTED PASSWORD 'mypass' VALID UNTIL 'infinity' CONNECTION LIMIT -1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOBYPASSRLS NOREPLICATION

This new attribute, enable_logs, allows the user to determine whether or not they want the logs of any roles being created to be included or skipped, as shown below.

2022-07-25 18:55:13.616 UTC [51] LOG:  statement: CREATE ROLE "role_with_logs" WITH ENCRYPTED PASSWORD 'mypass' VALID UNTIL 'infinity' CONNECTION LIMIT -1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOBYPASSRLS NOREPLICATION

2022-07-25 18:55:13.632 UTC [53] DETAIL:  parameters: $1 = 'role_with_logs'

2022-07-25 18:55:13.645 UTC [56] DETAIL:  parameters: $1 = 'role_with_no_logs'

The attribute is defaulted to false for improved security. For those who want to enable these logs, when defining a new role, include enable_logs = true besides the other included attributes.

resource "postgresql_role" "role_with_logs" {
    name         = "role_with_logs"
    login        = true
    password     = "mypass"
    enable_logs  = true
}

[MatthewPugliese]

@cyrilgdn I have also tested all the above below automated tests on a local repository and everything passes.

[MatthewPugliese]

@cyrilgdn Any updates on when you can take a look at this? Thanks

[MatthewPugliese]

@cyrilgdn Hopefully we are all set to merge since all the checks passed :)

[BennettKnapek]

@cyrilgdn Are there any updates on this? I'm also being affected by the log leaks.

[omarabouelnour]

@cyrilgdn This password leakage is dangerous, and should be controlled. Can you please take a look at this ASAP?

[pfnsec]

We're seeing this behaviour as well - would be great to have this fixed.

[MatthewPugliese]

Hey @cyrilgdn have you had a chance to review this?

[MatthewPugliese]

Hey @cyrilgdn have you had a chance to review this?

[MatthewPugliese]

@cyrilgdn have you had a chance to review this yet?

[cyrilgdn]

Hi @MatthewPugliese ,

Sorry for the lack of response over the years.

Apart the comment I posted on the code, I have a concern on the fact that when you disabled the logs, unless the transaction is rollback, the logs will be disabled for the life of the connection so potentially for other resources during the same apply.

Is it expected for you? I wonder if people would not complain later about this unexpected behavior.

I wonder if it should not be a provider settings instead 🤔

Let me know what do you think.

[cyrilgdn]

I feel like you inverse the boolean no?

if areLogsEnabled is set to true, you disable the logs

[cyrilgdn]

I wonder if it should not be a provider settings instead 🤔

Another solution would be to get the current values of all settings you are changing and and reset to these values just after the create role actually.