New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a global password_encryption parameter #1584
Add a global password_encryption parameter #1584
Conversation
The function postgresql::password() looks at the default for encryption. If you want to use SCRAM on PostgreSQL < 14 then the default must be overridden, or specified for every use. This parameter allows it to be globally overridden.
@@ -25,7 +25,7 @@ | |||
$manage_selinux = pick($manage_selinux, false) | |||
$package_ensure = 'present' | |||
$module_workdir = pick($module_workdir,'/tmp') | |||
$password_encryption = versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' } | |||
$password_encryption = pick($password_encryption, versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' }) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does that work? pick()
refrences the variable itself? And line 21-24 follow the same pattern 馃
should it be:
$password_encryption = pick($password_encryption, versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' }) | |
$password_encryption = pick($postgresql::globals::password_encryption, versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' }) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I was also surprised. I think it's (ab)using the parser a bit. I wanted to remain consistent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
okay. so it's probably coming from globals. interesting. Not sure if that works on purpose or by accident :D
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"yes"
Summary
The function postgresql::password() looks at the default for encryption. If you want to use SCRAM on PostgreSQL < 14 then the default must be overridden, or specified for every use. This parameter allows it to be globally overridden.
Related Issues (if any)
Found in theforeman/foreman-installer#924 when testing out SCRAM support with PostgreSQL 13.
Checklist
puppet apply
)