Skip to content

A
ansible
Commit 2267503c by jctanner
Options

Merge pull request #5868 from matburt/devel 

Allow quoted strings as passwords in postgres_user
parents d355d3c6 31ac3e71
Showing with 11 additions and 6 deletions
library/database/postgresql_user
...@@ -164,13 +164,16 @@ def user_exists(cursor, user): ...@@ -164,13 +164,16 @@ def user_exists(cursor, user):
def user_add(cursor, user, password, role_attr_flags, encrypted, expires): def user_add(cursor, user, password, role_attr_flags, encrypted, expires):
"""Create a new database user (role).""" """Create a new database user (role)."""
query_password_data = dict()
query = 'CREATE USER "%(user)s"' % { "user": user} query = 'CREATE USER "%(user)s"' % { "user": user}
if password is not None: if password is not None:
query = query + " WITH %(crypt)s PASSWORD '%(password)s'" % { "crypt": encrypted, "password": password } query = query + " WITH %(crypt)s" % { "crypt": encrypted }
query = query + " PASSWORD %(password)s"
query_password_data.update(password=password)
if expires is not None: if expires is not None:
query = query + " VALID UNTIL '%(expires)s'" % { "exipres": expires } query = query + " VALID UNTIL '%(expires)s'" % { "exipres": expires }
query = query + " " + role_attr_flags query = query + " " + role_attr_flags
cursor.execute(query) cursor.execute(query, query_password_data)
return True return True
def user_alter(cursor, user, password, role_attr_flags, encrypted, expires): def user_alter(cursor, user, password, role_attr_flags, encrypted, expires):
...@@ -188,6 +191,7 @@ def user_alter(cursor, user, password, role_attr_flags, encrypted, expires): ...@@ -188,6 +191,7 @@ def user_alter(cursor, user, password, role_attr_flags, encrypted, expires):
# Handle passwords. # Handle passwords.
if password is not None or role_attr_flags is not None: if password is not None or role_attr_flags is not None:
# Select password and all flag-like columns in order to verify changes. # Select password and all flag-like columns in order to verify changes.
query_password_data = dict()
select = "SELECT * FROM pg_authid where rolname=%(user)s" select = "SELECT * FROM pg_authid where rolname=%(user)s"
cursor.execute(select, {"user": user}) cursor.execute(select, {"user": user})
# Grab current role attributes. # Grab current role attributes.
...@@ -195,15 +199,16 @@ def user_alter(cursor, user, password, role_attr_flags, encrypted, expires): ...@@ -195,15 +199,16 @@ def user_alter(cursor, user, password, role_attr_flags, encrypted, expires):
alter = 'ALTER USER "%(user)s"' % {"user": user} alter = 'ALTER USER "%(user)s"' % {"user": user}
if password is not None: if password is not None:
alter = alter + " WITH %(crypt)s PASSWORD '%(password)s' %(flags)s" % { query_password_data.update(password=password)
"crypt": encrypted, "password": password, "flags": role_attr_flags alter = alter + " WITH %(crypt)s" % {"crypt": encrypted}
} alter = alter + " PASSWORD %(password)s"
alter = alter + " %(flags)s" % {'flags': role_attr_flags}
elif role_attr_flags: elif role_attr_flags:
alter = alter + ' WITH ' + role_attr_flags alter = alter + ' WITH ' + role_attr_flags
if expires is not None: if expires is not None:
alter = alter + " VALID UNTIL '%(expires)s'" % { "exipres": expires } alter = alter + " VALID UNTIL '%(expires)s'" % { "exipres": expires }
cursor.execute(alter) cursor.execute(alter, query_password_data)
# Grab new role attributes. # Grab new role attributes.
cursor.execute(select, {"user": user}) cursor.execute(select, {"user": user})
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment