-
Notifications
You must be signed in to change notification settings - Fork 612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ALTER ROLE query always runs #216
Labels
Comments
mlehner616
added a commit
to mlehner616/puppetlabs-postgresql
that referenced
this issue
Jul 25, 2013
…be run every time the puppet agent runs. This should fix that. Fixes puppetlabs#216
kbarber
added a commit
to kbarber/puppetlabs-postgresql
that referenced
this issue
Aug 1, 2013
…words The postgresql::role defined type was not idempotent when passed cleartext passwords. This is because we were comparing it with its md5 equivalent in the db. This patch converts any cleartext passwords to md5 before comparison, but only if they are cleartext (ie. not starting with md5). I also bumped the version of rspec-system-puppet to get use of the refresh method, plus did some cleanup because the old tests were a bit dusty, again taking advantage of refresh plus changing some matchers for clarity. Signed-off-by: Ken Barber <ken@bob.sh>
The PR in #225 adapts @mlehner616's approach instead moving the md5 process to puppet. It also only hashes for comparison if the string seems not to be md5. This keeps the code backwards compatible, but fixes the issue at the same time. |
apenney
pushed a commit
that referenced
this issue
Aug 1, 2013
…not-idempotent (GH-216) Alter role call not idempotent with cleartext passwords
Fixed with #225. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue stems from puppetlabs/puppetlabs-puppetdb#72
Every time I run
postgresql::db
class with a password, the "ALTER ROLE" query always runs. Per a comment by @jtopjian in the issue in the puppetdb project puppetlabs/puppetlabs-puppetdb#72 (comment) :See line 82 of
postgresql/manifests/role.pp
:The
unless
is trying to verify userpuppetdb
exists with a passwd of$password_hash
.$password_hash
is simply the unhashed password passed down by the puppetdb module -- no hashing is ever done.If the
unless
query is modified to:Then everything works.
The text was updated successfully, but these errors were encountered: