postgresql_passchanger_func.../README.md

# PostgreSQL expiration date management functions

## Description

This project tries to find a way to allow users the management of the `VALID UNTIL` expiration clause by themself.
All without granting `super` permissions and having a histoc of changes on a _pseudo-audit_ table

| :warning: WARNING          |
|:---------------------------|
| Amazon RDS has some notes at the end... |
| :warning: WARNING          |

## Instructions

### First deploy
Deploy `passchanger.sql` on the desired cluster/database.

It will:
  * create a `dba` schema
  * create a `dba` role
  * create the `pwdhistory` table for audit purpouses
  * Grant the minimum permissions for this new role so the whole thing works
  * Create the 2 needed functions and grant permissions on them to `dba`


### Allowing users to use that functions
Take the file `grants_to_grant.sql` and modify the username _dodger_ so it match the username that should have the permissions.
Execute the grants on the cluster/database you have deployed `passchanger.sql`


### Changing password & extending expiration date

The user should just execute:
```
select dba.change_my_password('YOUR_NEW_GENERATED_PASSWORD_NOT_THIS_ONE') ;
```

## Helper script

I've generated a helper script to make the process easier for users:
```
dodger@ciberterminal.net $ bash password_creator.sh 
-- CHECK: password check
-- <Wl}TxqRPBQaV_N<rU#A 
-- /CHECK: password check

-- ##############################################
select dba.change_my_password('<Wl}TxqRPBQaV_N<rU#A') ;
-- ##############################################
```


## RDS considerations

As Amazon has modified Postgresql so you don't have access as a *real* superuser, the _dangerous_ function
`change_valid_until` should run as the owner of the database (the user created when you deploy the database through AWS)

There's a `passchanger_rds.sqlp` file which should be used instead of the normal one.
changed README Initial documentation. 2022-01-20 09:39:45 +00:00			`# PostgreSQL expiration date management functions`

			`## Description`

			This project tries to find a way to allow users the management of the `VALID UNTIL` expiration clause by themself.
			All without granting `super` permissions and having a histoc of changes on a _pseudo-audit_ table

bugfixes 2022-05-09 15:56:08 +00:00			`\| :warning: WARNING \|`
			`\|:---------------------------\|`
Merged documentation 2022-05-09 16:05:15 +00:00			`\| Amazon RDS has some notes at the end... \|`
bugfixes 2022-05-09 15:56:08 +00:00			`\| :warning: WARNING \|`

changed README Initial documentation. 2022-01-20 09:39:45 +00:00			`## Instructions`

			`### First deploy`
			Deploy `passchanger.sql` on the desired cluster/database.

			`It will:`
			* create a `dba` schema
			* create a `dba` role
README changes, more 2022-01-20 09:42:01 +00:00			* create the `pwdhistory` table for audit purpouses
changed README Initial documentation. 2022-01-20 09:39:45 +00:00			`* Grant the minimum permissions for this new role so the whole thing works`
			* Create the 2 needed functions and grant permissions on them to `dba`


			`### Allowing users to use that functions`
			Take the file `grants_to_grant.sql` and modify the username _dodger_ so it match the username that should have the permissions.
			Execute the grants on the cluster/database you have deployed `passchanger.sql`


README changes, more 2022-01-20 09:42:01 +00:00			`### Changing password & extending expiration date`
changed README Initial documentation. 2022-01-20 09:39:45 +00:00
chande README, more+ 2022-01-20 09:51:59 +00:00			`The user should just execute:`
			```
			`select dba.change_my_password('YOUR_NEW_GENERATED_PASSWORD_NOT_THIS_ONE') ;`
			```
Initial commit 2022-01-04 17:28:26 +00:00
Changed readme 2022-05-06 07:23:48 +00:00			`## Helper script`
README updated 2022-01-04 17:47:12 +00:00
Changed readme 2022-05-06 07:23:48 +00:00			`I've generated a helper script to make the process easier for users:`
			```
			`dodger@ciberterminal.net $ bash password_creator.sh`
			`-- CHECK: password check`
			`-- <Wl}TxqRPBQaV_N<rU#A`
			`-- /CHECK: password check`

			`-- ##############################################`
			`select dba.change_my_password('<Wl}TxqRPBQaV_N<rU#A') ;`
			`-- ##############################################`
			```
Merged documentation 2022-05-09 16:05:15 +00:00

			`## RDS considerations`

			`As Amazon has modified Postgresql so you don't have access as a real superuser, the _dangerous_ function`
			`change_valid_until` should run as the owner of the database (the user created when you deploy the database through AWS)

			There's a `passchanger_rds.sqlp` file which should be used instead of the normal one.