|
|
@ -1,20 +1,11 @@
|
|
|
|
#!/usr/bin/python
|
|
|
|
#!/usr/bin/python
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
|
|
# Copyright: Ansible Project
|
|
|
|
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
|
|
|
|
|
|
__metaclass__ = type
|
|
|
|
|
|
|
|
|
|
|
|
# This file is part of Ansible
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
|
|
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
|
|
|
# (at your option) any later version.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
|
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
|
|
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ANSIBLE_METADATA = {'metadata_version': '1.0',
|
|
|
|
ANSIBLE_METADATA = {'metadata_version': '1.0',
|
|
|
|
'status': ['stableinterface'],
|
|
|
|
'status': ['stableinterface'],
|
|
|
@ -209,13 +200,10 @@ EXAMPLES = '''
|
|
|
|
|
|
|
|
|
|
|
|
import itertools
|
|
|
|
import itertools
|
|
|
|
import re
|
|
|
|
import re
|
|
|
|
|
|
|
|
import traceback
|
|
|
|
from distutils.version import StrictVersion
|
|
|
|
from distutils.version import StrictVersion
|
|
|
|
from hashlib import md5
|
|
|
|
from hashlib import md5
|
|
|
|
|
|
|
|
|
|
|
|
from ansible.module_utils.basic import get_exception, AnsibleModule
|
|
|
|
|
|
|
|
from ansible.module_utils.database import pg_quote_identifier, SQLParseError
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
import psycopg2
|
|
|
|
import psycopg2
|
|
|
|
import psycopg2.extras
|
|
|
|
import psycopg2.extras
|
|
|
@ -224,9 +212,12 @@ except ImportError:
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
postgresqldb_found = True
|
|
|
|
postgresqldb_found = True
|
|
|
|
|
|
|
|
|
|
|
|
from ansible.module_utils._text import to_bytes
|
|
|
|
from ansible.module_utils.basic import AnsibleModule
|
|
|
|
|
|
|
|
from ansible.module_utils.database import pg_quote_identifier, SQLParseError
|
|
|
|
|
|
|
|
from ansible.module_utils._text import to_bytes, to_native
|
|
|
|
from ansible.module_utils.six import iteritems
|
|
|
|
from ansible.module_utils.six import iteritems
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
FLAGS = ('SUPERUSER', 'CREATEROLE', 'CREATEUSER', 'CREATEDB', 'INHERIT', 'LOGIN', 'REPLICATION')
|
|
|
|
FLAGS = ('SUPERUSER', 'CREATEROLE', 'CREATEUSER', 'CREATEDB', 'INHERIT', 'LOGIN', 'REPLICATION')
|
|
|
|
FLAGS_BY_VERSION = {'BYPASSRLS': '9.5.0'}
|
|
|
|
FLAGS_BY_VERSION = {'BYPASSRLS': '9.5.0'}
|
|
|
|
|
|
|
|
|
|
|
@ -378,13 +369,12 @@ def user_alter(db_connection, module, user, password, role_attr_flags, encrypted
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
cursor.execute(' '.join(alter), query_password_data)
|
|
|
|
cursor.execute(' '.join(alter), query_password_data)
|
|
|
|
changed = True
|
|
|
|
changed = True
|
|
|
|
except psycopg2.InternalError:
|
|
|
|
except psycopg2.InternalError as e:
|
|
|
|
e = get_exception()
|
|
|
|
|
|
|
|
if e.pgcode == '25006':
|
|
|
|
if e.pgcode == '25006':
|
|
|
|
# Handle errors due to read-only transactions indicated by pgcode 25006
|
|
|
|
# Handle errors due to read-only transactions indicated by pgcode 25006
|
|
|
|
# ERROR: cannot execute ALTER ROLE in a read-only transaction
|
|
|
|
# ERROR: cannot execute ALTER ROLE in a read-only transaction
|
|
|
|
changed = False
|
|
|
|
changed = False
|
|
|
|
module.fail_json(msg=e.pgerror)
|
|
|
|
module.fail_json(msg=e.pgerror, exception=traceback.format_exc())
|
|
|
|
return changed
|
|
|
|
return changed
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
raise psycopg2.InternalError(e)
|
|
|
|
raise psycopg2.InternalError(e)
|
|
|
@ -420,13 +410,12 @@ def user_alter(db_connection, module, user, password, role_attr_flags, encrypted
|
|
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
cursor.execute(' '.join(alter))
|
|
|
|
cursor.execute(' '.join(alter))
|
|
|
|
except psycopg2.InternalError:
|
|
|
|
except psycopg2.InternalError as e:
|
|
|
|
e = get_exception()
|
|
|
|
|
|
|
|
if e.pgcode == '25006':
|
|
|
|
if e.pgcode == '25006':
|
|
|
|
# Handle errors due to read-only transactions indicated by pgcode 25006
|
|
|
|
# Handle errors due to read-only transactions indicated by pgcode 25006
|
|
|
|
# ERROR: cannot execute ALTER ROLE in a read-only transaction
|
|
|
|
# ERROR: cannot execute ALTER ROLE in a read-only transaction
|
|
|
|
changed = False
|
|
|
|
changed = False
|
|
|
|
module.fail_json(msg=e.pgerror)
|
|
|
|
module.fail_json(msg=e.pgerror, exception=traceback.format_exc())
|
|
|
|
return changed
|
|
|
|
return changed
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
raise psycopg2.InternalError(e)
|
|
|
|
raise psycopg2.InternalError(e)
|
|
|
@ -794,22 +783,19 @@ def main():
|
|
|
|
cursor = db_connection.cursor(
|
|
|
|
cursor = db_connection.cursor(
|
|
|
|
cursor_factory=psycopg2.extras.DictCursor)
|
|
|
|
cursor_factory=psycopg2.extras.DictCursor)
|
|
|
|
|
|
|
|
|
|
|
|
except TypeError:
|
|
|
|
except TypeError as e:
|
|
|
|
e = get_exception()
|
|
|
|
|
|
|
|
if 'sslrootcert' in e.args[0]:
|
|
|
|
if 'sslrootcert' in e.args[0]:
|
|
|
|
module.fail_json(
|
|
|
|
module.fail_json(
|
|
|
|
msg='Postgresql server must be at least version 8.4 to support sslrootcert')
|
|
|
|
msg='Postgresql server must be at least version 8.4 to support sslrootcert')
|
|
|
|
module.fail_json(msg="unable to connect to database: %s" % e)
|
|
|
|
module.fail_json(msg="unable to connect to database: %s" % to_native(e), exception=traceback.format_exc())
|
|
|
|
|
|
|
|
|
|
|
|
except Exception:
|
|
|
|
except Exception as e:
|
|
|
|
e = get_exception()
|
|
|
|
module.fail_json(msg="unable to connect to database: %s" % to_native(e), exception=traceback.format_exc())
|
|
|
|
module.fail_json(msg="unable to connect to database: %s" % e)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
role_attr_flags = parse_role_attrs(cursor, module.params["role_attr_flags"])
|
|
|
|
role_attr_flags = parse_role_attrs(cursor, module.params["role_attr_flags"])
|
|
|
|
except InvalidFlagsError:
|
|
|
|
except InvalidFlagsError as e:
|
|
|
|
e = get_exception()
|
|
|
|
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
|
|
|
|
module.fail_json(msg=str(e))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
kw = dict(user=user)
|
|
|
|
kw = dict(user=user)
|
|
|
|
changed = False
|
|
|
|
changed = False
|
|
|
@ -820,21 +806,18 @@ def main():
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
changed = user_alter(db_connection, module, user, password,
|
|
|
|
changed = user_alter(db_connection, module, user, password,
|
|
|
|
role_attr_flags, encrypted, expires, no_password_changes)
|
|
|
|
role_attr_flags, encrypted, expires, no_password_changes)
|
|
|
|
except SQLParseError:
|
|
|
|
except SQLParseError as e:
|
|
|
|
e = get_exception()
|
|
|
|
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
|
|
|
|
module.fail_json(msg=str(e))
|
|
|
|
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
changed = user_add(cursor, user, password,
|
|
|
|
changed = user_add(cursor, user, password,
|
|
|
|
role_attr_flags, encrypted, expires)
|
|
|
|
role_attr_flags, encrypted, expires)
|
|
|
|
except SQLParseError:
|
|
|
|
except SQLParseError as e:
|
|
|
|
e = get_exception()
|
|
|
|
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
|
|
|
|
module.fail_json(msg=str(e))
|
|
|
|
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
changed = grant_privileges(cursor, user, privs) or changed
|
|
|
|
changed = grant_privileges(cursor, user, privs) or changed
|
|
|
|
except SQLParseError:
|
|
|
|
except SQLParseError as e:
|
|
|
|
e = get_exception()
|
|
|
|
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
|
|
|
|
module.fail_json(msg=str(e))
|
|
|
|
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
if user_exists(cursor, user):
|
|
|
|
if user_exists(cursor, user):
|
|
|
|
if module.check_mode:
|
|
|
|
if module.check_mode:
|
|
|
@ -844,9 +827,8 @@ def main():
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
changed = revoke_privileges(cursor, user, privs)
|
|
|
|
changed = revoke_privileges(cursor, user, privs)
|
|
|
|
user_removed = user_delete(cursor, user)
|
|
|
|
user_removed = user_delete(cursor, user)
|
|
|
|
except SQLParseError:
|
|
|
|
except SQLParseError as e:
|
|
|
|
e = get_exception()
|
|
|
|
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
|
|
|
|
module.fail_json(msg=str(e))
|
|
|
|
|
|
|
|
changed = changed or user_removed
|
|
|
|
changed = changed or user_removed
|
|
|
|
if fail_on_user and not user_removed:
|
|
|
|
if fail_on_user and not user_removed:
|
|
|
|
msg = "unable to remove user"
|
|
|
|
msg = "unable to remove user"
|
|
|
|