-
Notifications
You must be signed in to change notification settings - Fork 23.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mdd psql user aws fix #23988
Mdd psql user aws fix #23988
Conversation
The test
|
a4e8099
to
c55cf73
Compare
You wrote:
|
|
Beyond that it would be nice to have unit test cases but the refactoring I started should be continued with extreme prejudice, including converting all SQL string statements to prepared statements. |
Hello, |
# different | ||
return True | ||
|
||
if password == current_role_attrs['rolpassword']: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just return password != current_role_attrs['rolpassword']
if encrypted == 'ENCRYPTED' and not password.startswith('md5'): | ||
try: | ||
from passlib.hash import postgres_md5 as pm | ||
if pm.encrypt(password, user) == current_role_attrs['rolpassword']: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just return pm.encrypt(password, user) != current_role_attrs['rolpassword']:
|
||
if encrypted == 'ENCRYPTED' and not password.startswith('md5'): | ||
try: | ||
from passlib.hash import postgres_md5 as pm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please don't import here, import globally
# Do we actually need to do anything? | ||
|
||
if encrypted == 'ENCRYPTED' and password.startswith('md5'): | ||
if password == current_role_attrs['rolpassword']: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same as others, return directly test
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please, update the description of 'no_password_changes'.
# apparently port is automagically handled below; comment out to relieve | ||
# flake8 error; delete when tests verify | ||
# | ||
# port = module.params["port"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove the whole unused line (and the comments).
6274d49
to
6bd6e5f
Compare
6bd6e5f
to
1c60713
Compare
The test
|
except ImportError: | ||
passlib_hash_found = False | ||
else: | ||
passlib_hash_found = True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a couple style note, usually we import from stdlib, then from 3rd party libs, and then from ansible libs.
For setting whether passlib is found, you can do it like this to save a line:
try:
from passlib.hash import postgres_md5 as pm
passlib_hash_found = True
except ImportError:
passlib_hash_found = False
Since passlib_hash_found is a toplevel constant, style-wise it should be all uppercase:
PASSLIB_HASH_FOUND
I found some style things but nothing important. @nerzhul and @pilou- Does this change look good to you now? I'll merge when you think it's ready. Also I see that #22613 currently needs to be rebased. Perhaps after this goes in, @nerzhul would rebase that and then @michael-dev2rights would care to review it. And then, when it's ready, one of you can ping me to merge that one too? |
@abadger I discussed about this PR with @michael-dev2rights during ansible fest (see), there is a problem (due to a complex rebase): |
I added 2 commits (on a branch based on this one):
@abadger could you update this pull-request adding these two commits and then merge ? |
…according to suggestions from PR review
TASK [postgresql : Normal user isn't allowed to access pg_authid relation: password comparison will fail, password will be updated] *** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: psycopg2.ProgrammingError: permission denied for relation pg_authid
641a32a
to
103b0d9
Compare
I've merged to devel (for 2.4.0). If @nerzhul pokes me on IRC we can decide whether to backport to 2.3.x as well. |
SUMMARY
This is an attempt to fix Ansible Bug #18933 - make postgresql user creation work on Amazon RDS instances. It has worked on our internal branch based off Ansible stable 2.3 and has been cherry picked to devel for upstream inclusion into the project.
ISSUE TYPE
COMPONENT NAME
posgresql_user module
ANSIBLE VERSION
ADDITIONAL INFORMATION
Not yet nearly fully tested.