(GH-216) Alter role call not idempotent with cleartext passwords #225
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…words The postgresql::role defined type was not idempotent when passed cleartext passwords. This is because we were comparing it with its md5 equivalent in the db. This patch converts any cleartext passwords to md5 before comparison, but only if they are cleartext (ie. not starting with md5). I also bumped the version of rspec-system-puppet to get use of the refresh method, plus did some cleanup because the old tests were a bit dusty, again taking advantage of refresh plus changing some matchers for clarity. Signed-off-by: Ken Barber <ken@bob.sh>
|
Merged build triggered. (Status: PENDING, Details: null) |
|
Merged build started. (Status: PENDING, Details: http://box.bob.sh:8080/job/puppetlabs-postgresql/185/) |
|
Merged build finished. (Status: SUCCESS, Details: http://box.bob.sh:8080/job/puppetlabs-postgresql/185/) |
apenney
pushed a commit
that referenced
this pull request
Aug 1, 2013
…not-idempotent (GH-216) Alter role call not idempotent with cleartext passwords
This was referenced Aug 1, 2013
|
@kbarber Yes thank you for hammering this out. I'm new to the puppet community but I hope I can soon dive in and contribute to this already amazing product and community. |
|
So this only works if login is true - a quick test on Pg 9.1 shows that replacing the table we examine from pg_shadow to pg_authid with different column names: Does the trick. (Yes roles without login are of limited use, but Pg supports them.) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The postgresql::role defined type was not idempotent when passed cleartext
passwords. This is because we were comparing it with its md5 equivalent in
the db.
This patch converts any cleartext passwords to md5 before comparison, but
only if they are cleartext (ie. not starting with md5).
I also bumped the version of rspec-system-puppet to get use of the refresh
method, plus did some cleanup because the old tests were a bit dusty, again
taking advantage of refresh plus changing some matchers for clarity.
Signed-off-by: Ken Barber ken@bob.sh