Support specifying server name, admin username and password of postgreSQL (#711)

* Support specifying server name, admin username and admin password of postgreSQL

* Fix lint issues and add lifecycle test

* Change regexp to custom validator

* Fix typo

* Update lifecycle test

* Fix bug

* Fix role name error

Author: norshtein

docs/modules/postgresql.md

@@ -10,7 +10,7 @@ Open Service Broker for Azure contains three types of Azure Database for Postgre
 | `azure-postgresql-*-dbms`     | Provision only an Azure Database for PostgreSQL DBMS. This can be used to provision multiple databases at a later time. |
 | `azure-postgresql-*-database` | Provision a new database only upon a previously provisioned DBMS. |
 
-The `azure-postgresql-*` services allow you to provision both a DBMS and a database. When the provision operation is successful, the database will be ready to use. You can not provision additional databases onto an instance provisioned through these two services. The `azure-postgresql-*-dbms` and `azure-postgresql-*-database` services, on the other hand, can be combined to provision multiple databases on a single DBMS. Currently, OSBA supports two versions of Azure Database for PostgreSQL services:
+The `azure-postgresql-*` services allow you to provision both a DBMS and a database. When the provision operation is successful, the database will be ready to use. You can not provision additional databases onto an instance of `azure-postgresql-*`. The `azure-postgresql-*-dbms` and `azure-postgresql-*-database` services, on the other hand, can be combined to provision multiple databases on a single DBMS. Currently, OSBA supports two versions of Azure Database for PostgreSQL services:
 <table>
 	<thead>
 		<tr>
@@ -78,6 +78,10 @@ name.
 |----------------|------|-------------|----------|---------------|
 | `location` | `string` | The Azure region in which to provision applicable resources. | Y | |
 | `resourceGroup` | `string` | The (new or existing) resource group with which to associate new resources. | Y | |
+| `serverName` | `string` | Name of the PostgreSQL server. | N | A random generated string. |
+| `adminAccountSettings` | `object` | Settings of administrator account of PostgreSQL server. Typically you do not need to specify this. | N | Default admin username is "postgres" and password is a randomly generated string. |
+| `adminAccountSettings.adminUsername` | `string` | The administrator username for the server. | N | "postgres" |
+| `adminAccountSettings.adminPassword` | `string` | The administrator password for the server. **Warning**: you may leak your password if you specify this property, others can see this password in your request body and `ServiceInstance` definition. DO NOT use this property unless you know what you are doing. | N | A random generated password. |
 | `sslEnforcement` | `string` | Specifies whether the server requires the use of TLS when connecting. Valid valued are `""` (unspecified), `enabled`, or `disabled`. | N | `""`. Left unspecified, SSL _will_ be enforced. |
 | `firewallRules`  | `array` | Specifies the firewall rules to apply to the server. Definition follows. | N | `[]` Left unspecified, Firewall will default to only Azure IPs. If rules are provided, they must have valid values. |
 | `firewallRules[n].name` | `string` | Specifies the name of the generated firewall rule |Y | |
@@ -275,6 +279,9 @@ Provisions an Azure Database for PostgreSQL DBMS instance containing no database
 |----------------|------|-------------|----------|---------------|
 | `location` | `string` | The Azure region in which to provision applicable resources. | Y | |
 | `resourceGroup` | `string` | The (new or existing) resource group with which to associate new resources. | Y | |
+| `serverName` | `string` | Name of the PostgreSQL server. | N | A random generated string. |
+| `adminUsername` | `string` | The administrator username for the server. | N | "postgresql" |
+| `adminPassword` | `string` | The administrator password for the server. **Warning**: you may leak your password if you specify this property, others can see this password in your request body and `ServiceInstance` definition. DO NOT use this property unless you know what you are doing. | N | A random generated password. |
 | `alias` | `string` | Specifies an alias that can be used by later provision actions to create databases on this DBMS. | Y | |
 | `sslEnforcement` | `string` | Specifies whether the server requires the use of TLS when connecting. Valid valued are `""` (unspecified), `enabled`, or `disabled`. | N | `""`. Left unspecified, SSL _will_ be enforced. |
 | `firewallRules`  | `array` | Specifies the firewall rules to apply to the server. Definition follows. | N | `[]` Left unspecified, Firewall will default to only Azure IPs. If rules are provided, they must have valid values. |

pkg/services/postgresql/all_in_one_arm_template.go

@@ -21,7 +21,7 @@ var allInOneARMTemplateBytes = []byte(`
 			"name": "{{ .serverName }}",
 			"properties": {
 				"version": "{{.version}}",
-				"administratorLogin": "postgres",
+				"administratorLogin": "{{ .administratorLogin }}",
 				"administratorLoginPassword": "{{ .administratorLoginPassword }}",
 				"storageProfile": {
 					"storageMB": {{.storage}},

pkg/services/postgresql/all_in_one_bind.go

@@ -11,6 +11,7 @@ func (a *allInOneManager) Bind(
 	dt := instance.Details.(*allInOneInstanceDetails)
 	bd, err := createBinding(
 		isSSLRequired(*instance.ProvisioningParameters),
+		dt.AdministratorLogin,
 		dt.ServerName,
 		string(dt.AdministratorLoginPassword),
 		dt.FullyQualifiedDomainName,

pkg/services/postgresql/all_in_one_provision.go

@@ -6,7 +6,6 @@ import (
 
 	"github.com/Azure/open-service-broker-azure/pkg/generate"
 	"github.com/Azure/open-service-broker-azure/pkg/service"
-	uuid "github.com/satori/go.uuid"
 )
 
 func (a *allInOneManager) GetProvisioner(
@@ -22,24 +21,23 @@ func (a *allInOneManager) GetProvisioner(
 
 func (a *allInOneManager) preProvision(
 	ctx context.Context,
-	_ service.Instance,
+	instance service.Instance,
 ) (service.InstanceDetails, error) {
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
-	serverName, err := getAvailableServerName(
+
+	dbmsInstanceDetails, err := generateDBMSInstanceDetails(
 		ctx,
+		instance,
 		a.checkNameAvailabilityClient,
 	)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("error generating instance detail: %v", err)
 	}
+
 	return &allInOneInstanceDetails{
-		dbmsInstanceDetails: dbmsInstanceDetails{
-			ARMDeploymentName:          uuid.NewV4().String(),
-			ServerName:                 serverName,
-			AdministratorLoginPassword: service.SecureString(generate.NewPassword()),
-		},
-		DatabaseName: generate.NewIdentifier(),
+		dbmsInstanceDetails: *dbmsInstanceDetails,
+		DatabaseName:        generate.NewIdentifier(),
 	}, nil
 }
 
@@ -97,6 +95,7 @@ func (a *allInOneManager) setupDatabase(
 	dt := instance.Details.(*allInOneInstanceDetails)
 	err := setupDatabase(
 		isSSLRequired(*instance.ProvisioningParameters),
+		dt.AdministratorLogin,
 		dt.ServerName,
 		string(dt.AdministratorLoginPassword),
 		dt.FullyQualifiedDomainName,
@@ -117,6 +116,7 @@ func (a *allInOneManager) createExtensions(
 	if len(extensions) > 0 {
 		err := createExtensions(
 			isSSLRequired(*instance.ProvisioningParameters),
+			dt.AdministratorLogin,
 			dt.ServerName,
 			string(dt.AdministratorLoginPassword),
 			dt.FullyQualifiedDomainName,

pkg/services/postgresql/all_in_one_unbind.go

@@ -12,6 +12,7 @@ func (a *allInOneManager) Unbind(
 	bd := binding.Details.(*bindingDetails)
 	return unbind(
 		isSSLRequired(*instance.ProvisioningParameters),
+		dt.AdministratorLogin,
 		dt.ServerName,
 		string(dt.AdministratorLoginPassword),
 		dt.FullyQualifiedDomainName,

pkg/services/postgresql/common.go

@@ -21,6 +21,7 @@ var dbExtensionsSchema = &service.ArrayPropertySchema{
 
 func getDBConnection(
 	enforceSSL bool,
+	administratorLogin string,
 	serverName string,
 	administratorLoginPassword string,
 	fullyQualifiedDomainName string,
@@ -29,12 +30,13 @@ func getDBConnection(
 	var connectionStrTemplate string
 	if enforceSSL {
 		connectionStrTemplate =
-			"postgres://postgres@%s:%s@%s/%s?sslmode=require"
+			"postgres://%s@%s:%s@%s/%s?sslmode=require"
 	} else {
-		connectionStrTemplate = "postgres://postgres@%s:%s@%s/%s"
+		connectionStrTemplate = "postgres://%s@%s:%s@%s/%s"
 	}
 	db, err := sql.Open("postgres", fmt.Sprintf(
 		connectionStrTemplate,
+		administratorLogin,
 		serverName,
 		administratorLoginPassword,
 		fullyQualifiedDomainName,

pkg/services/postgresql/common_bind.go

@@ -12,6 +12,7 @@ import (
 
 func createBinding(
 	enforceSSL bool,
+	administratorLogin string,
 	serverName string,
 	administratorLoginPassword string,
 	fullyQualifiedDomainName string,
@@ -22,6 +23,7 @@ func createBinding(
 
 	db, err := getDBConnection(
 		enforceSSL,
+		administratorLogin,
 		serverName,
 		administratorLoginPassword,
 		fullyQualifiedDomainName,

pkg/services/postgresql/common_provision.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	postgresSDK "github.com/Azure/azure-sdk-for-go/services/postgresql/mgmt/2017-12-01/postgresql" // nolint: lll
+	"github.com/Azure/open-service-broker-azure/pkg/generate"
 	"github.com/Azure/open-service-broker-azure/pkg/service"
 	log "github.com/Sirupsen/logrus"
 	uuid "github.com/satori/go.uuid"
@@ -21,33 +22,115 @@ func getAvailableServerName(
 ) (string, error) {
 	for {
 		serverName := uuid.NewV4().String()
-		nameAvailability, err := checkNameAvailabilityClient.Execute(
+		available, err := isServerNameAvailable(
 			ctx,
-			postgresSDK.NameAvailabilityRequest{
-				Name: &serverName,
-			},
+			serverName,
+			checkNameAvailabilityClient,
 		)
 		if err != nil {
 			return "", fmt.Errorf(
 				"error determining server name availability: %s",
 				err,
 			)
 		}
-		if *nameAvailability.NameAvailable {
+		if available {
 			return serverName, nil
 		}
 	}
 }
 
+func isServerNameAvailable(
+	ctx context.Context,
+	serverName string,
+	checkNameAvailabilityClient postgresSDK.CheckNameAvailabilityClient,
+) (bool, error) {
+	nameAvailability, err := checkNameAvailabilityClient.Execute(
+		ctx,
+		postgresSDK.NameAvailabilityRequest{
+			Name: &serverName,
+		},
+	)
+	if err != nil {
+		return false, err
+	}
+
+	if *nameAvailability.NameAvailable {
+		return true, nil
+	}
+	return false, nil
+}
+
+// generateDBMSInstanceDetail will read information
+// from instance provision parameters, and generate
+// a dbmsInstanceDetail. This method is expected to
+// be invoked by preProvision step of all-in-one and
+// dbms.
+func generateDBMSInstanceDetails(
+	ctx context.Context,
+	instance service.Instance,
+	checkNameAvailabilityClient postgresSDK.CheckNameAvailabilityClient,
+) (*dbmsInstanceDetails, error) {
+	ctx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
+	// Determine server name. If specified,
+	// check availability; else, generate one.
+	pp := instance.ProvisioningParameters
+	serverName := pp.GetString("serverName")
+	if serverName != "" {
+		available, err := isServerNameAvailable(
+			ctx,
+			serverName,
+			checkNameAvailabilityClient,
+		)
+		if err != nil {
+			return nil, err
+		} else if !available {
+			return nil, fmt.Errorf("server name %s is already in use", serverName)
+		}
+	} else {
+		var err error
+		serverName, err = getAvailableServerName(
+			ctx,
+			checkNameAvailabilityClient,
+		)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// Determine administratorLogin. If specified,
+	// use it; else, use default value "postgres".
+	adminAccountSettings := pp.GetObject("adminAccountSettings")
+	adminUsername := adminAccountSettings.GetString("adminUsername")
+	if adminUsername == "" {
+		adminUsername = "postgres"
+	}
+	// Determine AdministratorLoginPassword. If specified,
+	// use it; else, generate one.
+	adminPassword := adminAccountSettings.GetString("adminPassword")
+	if adminPassword == "" {
+		adminPassword = generate.NewPassword()
+	}
+	return &dbmsInstanceDetails{
+		ARMDeploymentName:          uuid.NewV4().String(),
+		ServerName:                 serverName,
+		AdministratorLogin:         adminUsername,
+		AdministratorLoginPassword: service.SecureString(adminPassword),
+	}, nil
+}
+
 func setupDatabase(
 	enforceSSL bool,
+	administratorLogin string,
 	serverName string,
 	administratorLoginPassword string,
 	fullyQualifiedDomainName string,
 	dbName string,
 ) error {
 	db, err := getDBConnection(
 		enforceSSL,
+		administratorLogin,
 		serverName,
 		administratorLoginPassword,
 		fullyQualifiedDomainName,
@@ -74,12 +157,18 @@ func setupDatabase(
 	); err != nil {
 		return fmt.Errorf(`error creating role "%s": %s`, dbName, err)
 	}
+	// Azure will automatically create a role having name of
+	// postgreSQL server admin user.
+	// Here the purpose of granting one role to another role is
+	// to make admin role to be a member of created db role.
+	// Please see: https://www.postgresql.org/docs/10/role-membership.html
 	if _, err = tx.Exec(
-		fmt.Sprintf("grant %s to postgres", dbName),
+		fmt.Sprintf("grant %s to %s", dbName, administratorLogin),
 	); err != nil {
 		return fmt.Errorf(
-			`error adding role "%s" to role "postgres": %s`,
+			`error adding role "%s" to role "%s": %s`,
 			dbName,
+			administratorLogin,
 			err,
 		)
 	}
@@ -105,6 +194,7 @@ func setupDatabase(
 
 func createExtensions(
 	enforceSSL bool,
+	administratorLogin string,
 	serverName string,
 	administratorLoginPassword string,
 	fullyQualifiedDomainName string,
@@ -113,6 +203,7 @@ func createExtensions(
 ) error {
 	db, err := getDBConnection(
 		enforceSSL,
+		administratorLogin,
 		serverName,
 		administratorLoginPassword,
 		fullyQualifiedDomainName,
@@ -179,6 +270,7 @@ func buildGoTemplateParameters(
 	}
 	p["version"] = version
 	p["serverName"] = dt.ServerName
+	p["administratorLogin"] = dt.AdministratorLogin
 	p["administratorLoginPassword"] = string(dt.AdministratorLoginPassword)
 	if isSSLRequired(pp) {
 		p["sslEnforcement"] = enabledARMString

pkg/services/postgresql/common_unbind.go

@@ -6,13 +6,15 @@ import (
 
 func unbind(
 	enforceSSL bool,
+	administratorLogin string,
 	serverName string,
 	administratorLoginPassword string,
 	fullyQualifiedDomainName string,
 	loginName string,
 ) error {
 	db, err := getDBConnection(
 		enforceSSL,
+		administratorLogin,
 		serverName,
 		administratorLoginPassword,
 		fullyQualifiedDomainName,

pkg/services/postgresql/database_bind.go

@@ -12,6 +12,7 @@ func (d *databaseManager) Bind(
 	dt := instance.Details.(*databaseInstanceDetails)
 	bd, err := createBinding(
 		isSSLRequired(*instance.Parent.ProvisioningParameters),
+		pdt.AdministratorLogin,
 		pdt.ServerName,
 		string(pdt.AdministratorLoginPassword),
 		pdt.FullyQualifiedDomainName,