feat(init): configurable existing postgres db (#8045)

# Which Problems Are Solved The init job fails if no database called *postgres* or *defaultdb* for cockroach respectively exists. # How the Problems Are Solved The value is now configurable, for example by env variable *ZITADEL_DATABASE_POSTGRES_ADMIN_EXISTINGDATABASE* # Additional Context - Closes #5810
2025-08-11 21:17:32 +00:00 · 2024-06-10 12:49:30 +02:00
parent 7d852ad0df
commit b055d1d9e6
3 changed files with 31 additions and 5 deletions
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -120,6 +120,10 @@ Database:
        Cert: "" # ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT
        Key: "" # ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY
    Admin:
+      # By default, ExistingDatabase is not specified in the connection string
+      # If the connection resolves to a database that is not existing in your system, configure an existing one here
+      # It is used in zitadel init to connect to cockroach and create a dedicated database for ZITADEL.
+      ExistingDatabase: # ZITADEL_DATABASE_COCKROACH_ADMIN_EXISTINGDATABASE
      Username: root # ZITADEL_DATABASE_COCKROACH_ADMIN_USERNAME
      Password: "" # ZITADEL_DATABASE_COCKROACH_ADMIN_PASSWORD
      SSL:
@@ -147,6 +151,10 @@ Database:
        Cert: # ZITADEL_DATABASE_POSTGRES_USER_SSL_CERT
        Key: # ZITADEL_DATABASE_POSTGRES_USER_SSL_KEY
    Admin:
+      # The default ExistingDatabase is postgres
+      # If your db system doesn't have a database named postgres, configure an existing database here
+      # It is used in zitadel init to connect to postgres and create a dedicated database for ZITADEL.
+      ExistingDatabase: # ZITADEL_DATABASE_POSTGRES_ADMIN_EXISTINGDATABASE
      Username: # ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME
      Password: # ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD
      SSL:
--- a/internal/database/cockroach/crdb.go
+++ b/internal/database/cockroach/crdb.go
@@ -34,7 +34,7 @@ type Config struct {
 	MaxConnLifetime time.Duration
 	MaxConnIdleTime time.Duration
 	User            User
-	Admin           User
+	Admin           AdminUser
 	// Additional options to be appended as options=<Options>
 	// The value will be taken as is. Multiple options are space separated.
 	Options string
@@ -114,6 +114,12 @@ type User struct {
 	SSL      SSL
 }

+type AdminUser struct {
+	// ExistingDatabase is the database to connect to before the ZITADEL database exists
+	ExistingDatabase string
+	User             `mapstructure:",squash"`
+}
+
 type SSL struct {
 	// type of connection security
 	Mode string
@@ -147,7 +153,7 @@ func (c *Config) checkSSL(user User) {
 func (c Config) String(useAdmin bool, appName string) string {
 	user := c.User
 	if useAdmin {
-		user = c.Admin
+		user = c.Admin.User
 	}
 	c.checkSSL(user)
 	fields := []string{
@@ -163,6 +169,8 @@ func (c Config) String(useAdmin bool, appName string) string {
 	}
 	if !useAdmin {
 		fields = append(fields, "dbname="+c.Database)
+	} else if c.Admin.ExistingDatabase != "" {
+		fields = append(fields, "dbname="+c.Admin.ExistingDatabase)
 	}
 	if user.Password != "" {
 		fields = append(fields, "password="+user.Password)
--- a/internal/database/postgres/pg.go
+++ b/internal/database/postgres/pg.go
@@ -35,7 +35,7 @@ type Config struct {
 	MaxConnLifetime    time.Duration
 	MaxConnIdleTime    time.Duration
 	User               User
-	Admin              User
+	Admin              AdminUser
 	// Additional options to be appended as options=<Options>
 	// The value will be taken as is. Multiple options are space separated.
 	Options string
@@ -115,6 +115,12 @@ type User struct {
 	SSL      SSL
 }

+type AdminUser struct {
+	// ExistingDatabase is the database to connect to before the ZITADEL database exists
+	ExistingDatabase string
+	User             `mapstructure:",squash"`
+}
+
 type SSL struct {
 	// type of connection security
 	Mode string
@@ -148,7 +154,7 @@ func (s *Config) checkSSL(user User) {
 func (c Config) String(useAdmin bool, appName string) string {
 	user := c.User
 	if useAdmin {
-		user = c.Admin
+		user = c.Admin.User
 	}
 	c.checkSSL(user)
 	fields := []string{
@@ -167,7 +173,11 @@ func (c Config) String(useAdmin bool, appName string) string {
 	if !useAdmin {
 		fields = append(fields, "dbname="+c.Database)
 	} else {
-		fields = append(fields, "dbname=postgres")
+		defaultDB := c.Admin.ExistingDatabase
+		if defaultDB == "" {
+			defaultDB = "postgres"
+		}
+		fields = append(fields, "dbname="+defaultDB)
 	}
 	if user.SSL.Mode != sslDisabledMode {
 		if user.SSL.RootCert != "" {