13 Commits (75c8d8bfc26928a9c8fe2a9563a3bbeda8a48288)

Author	SHA1	Message	Date
Strahinja Kustudic	32d6a354d7	postgresql_user: set encrypted as default and fix empty password reporting changed (#36931) ... * Set encrypted as default and fix empty password reporting changed * Starting with Postgres 10 `UNENCRYPTED` passwords are removed and because of that this module fails with the default `encrypted=no`. Also encrypted passwords are suported since version 7.2 (https://www.postgresql.org/docs/7.2/static/sql-createuser.html) which went EOL in 2007 and since 7.3 it is the default. Because of this it makes a lot more sense to make `encrypted=yes` the default. This won't break backward compatibility, the module would just update the user's password in the DB in the hashed format and everything else will work like before. It's also a security bad practice to store passwords in plain text. fixes #25823 * There was also a bug with `encrypted=yes` and an empty password always reported as changed. * Improved documentation for `encrypted`/`password` parameters, and removed some obsolete notes about passlib. * Fix clearing user's password to work with all versions of Postgres * Add tests for clearing the user password * Fix documentation atfer rebase * Add changelog fragment	7 years ago
Matt Martz	4fe08441be	Deprecate tests used as filters (#32361) ... * Warn on tests used as filters * Update docs, add aliases for tests that fit more gramatically with test syntax * Fix rst formatting * Add successful filter, alias of success * Remove renamed_deprecation, it was overkill * Make directory alias for is_dir * Update tests to use proper jinja test syntax * Update additional documentation, living outside of YAML files, to reflect proper jinja test syntax * Add conversion script, porting guide updates, and changelog updates * Update newly added uses of tests as filters * No underscore variable * Convert recent tests as filter changes to win_stat * Fix some changes related to rebasing a few integration tests * Make tests_as_filters_warning explicitly accept the name of the test, instead of inferring the name * Add test for tests_as_filters_warning * Update tests as filters in newly added/modified tests * Address recent changes to several integration tests * Address recent changes in cs_vpc	7 years ago
Josh Moore	d5ae6cc585	postgres_db: add dump and restore support (#20627) ... * Feature #2731: added postgres import and dump * Feature #2731: be more permissive of arguments ``` hacking/test-module -m ./ppostgresql_db.py -a "db=example state=dump target=/tmp/out"` ``` failed previously since host, user, and port were required as keywords in the pg_dump / pg_import methods. * Feature #2731: fixed doc string for validate-modules ``` $ ansible-validate-modules database/postgresql/ ``` now passes. * Feature #2731: disable 'password' for dump/restore * Feature #2731: bump added version to 2.3 * Feature #2731: replace db_import with db_restore * Feature #2731: add missing version description * Feature #2731: fix 'state' description * Feature #2731: fix pep8 issues * Feature #2731: put state documentation in a single string * Bump added version from 2.3 to 2.4 * Fix pep8 and pylint errors * Attempt yaml formatting of documentation string * Add integration tests for postgres_db:dump/restore * Update dump/restore logic to support new kw-args Also attempt to support password; integration tests are still failing. * Revert to postgres user for dump/restore Passing PGPASSWORD is not working for subprocesses. For the moment, reverting to the strategy of failing if login_password is set and using `postgres` for all testing of dump/restore. * Various cleanups to have tests passing * Working tests for {sql,tar} x {,bz2,gz,xz} * Use pg_user to support FreeBSD * Revert login_ prefixes and re-enable password support All `login_` keywords are mapped to their non-prefix versions so the previous changes were effectively using `postgres` for all actions. With the proper keywords, PGPASSWORD-passing to the subprocess is now working. * Optionally add password environ_update doesn't handle None values in the dictionary to be added to the environment. Adding check. * Quick fixes * Refactor login arguments after fixes from pchauncey The fixes introduced by pchaunchy pointed to further issues (like no --dbname on PG<=9.2) with the login parameters. This refactors them and adds further tests. Note: this will still not pass integration tests due to a further issue with pg_dump as a non-admin user: pg_restore: [archiver (db)] Error while PROCESSING TOC: pg_restore: [archiver (db)] Error from TOC entry 1925; 0 0 COMMENT EXTENSION plpgsql pg_restore: [archiver (db)] could not execute query: ERROR: must be owner of extension plpgsql * Introduce target_opts for passing limiting dumped/restored schemas The current integration tests (PG version and template DBs) don't permit a regular user (`{{ db_user1 }}`) access to plpgsql causing restores to fail. By adding an option for passing arbitrary args to pg_dump and pg_restore, testing is made easier. This also paves the way for `-j` usage, once the PG version is bumped.	7 years ago
Michael De La Rue	3c4db1e8dd	Mdd psql user aws fix (#23988) ... * postgresql_user module - transaction logic hacks to allow recovery from failed select * postgresql_user - PEP8 and style fixes to make debugging easier * postgresql_user - move password changing logic to separate function * postgresql_user - trap failure in case where there is no access to pg_authid * postgresql_user - further PEP8 fixes * postgresql_user - Simplify password change logic and improve imports according to suggestions from PR review * postgresql_user - Eliminate pep8/blank line errors introduced in merge * Check behaviour when pg_authid relation isn't readable TASK [postgresql : Normal user isn't allowed to access pg_authid relation: password comparison will fail, password will be updated] *** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: psycopg2.ProgrammingError: permission denied for relation pg_authid * Don't reintroduce passlib, remove useless query	7 years ago
Pilou	460d932aa8	postgresql_user: fix bugs related to 'expires' option (#23862) ... * Factorize tests related to no_password_change using an include task * Refactor: deduplicate tasks * postgresql_user: test 'expires' parameter * Change 'valid until' even it's the only updated field * value is changed when another value is provided * value isn't returned when unset * Remove unused variable * psycopg2.extras.DictRow is able to handle comparison * postgresql_user: simplify helper method * postgresql_user: define variable just before using it * Fix comparison between user input and applied configuration * new test: adding an invalid attribute * Refactor, add cleaning task * Check that using same attribute a 2nd time does nothing * Always try to remove created user * postgresql_user: fix pep8	8 years ago
Pierre-Louis Bonicoli	a4131197e0	PostgreSQL tests: enforce UTF8 ... By default, client encoding is determined either from the LANG_*/LC_* environment variables or using encoding of the database. Containers used in the CI don't define a default locale, then encoding of default databases was SQL_ASCII.	8 years ago
Pierre-Louis Bonicoli	ce856c2123	postgresql_user: add tests with hashed password	8 years ago
Reilly Herrewig-Pope	723c8f06ab	Allow setting/unsetting BYPASSRLS Postgres role attribute (#24625) ... * Allow setting/unsetting BYPASSRLS role attr * Build valid role attrs against version * Add integration tests	8 years ago
Adrian Likins	499d3a1b53	add a intg test for issue #19835 (#21487) ... (postgresql_user changing role_attr_flags with no_password_checks fails)	8 years ago
Matt Clay	31d6b6ef67	Run postgresql tests on FreeBSD. (#20676) ... * Use vars for user, group and locale suffix. * Switch tests from `es_MX` to `es_ES`. * Enable postgresql tests on freebsd. * Work-arounds for service restart on freebsd.	8 years ago
Carlos E. Garcia	0b8011436d	minor spelling changes	8 years ago
Adrien Vergé	0e834fc9e4	Fix cosmetic problems in YAML source ... This change corrects problems reported by the `yamllint` linter. Since key duplication problems were removed in 4d48711, this commit mainly fixes trailing spaces and extra empty lines at beginning/end of files.	8 years ago
Matt Clay	75e4645ee7	Migrate Linux CI roles to test targets. (#17997)	8 years ago