saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Postgres modules now respects the pillar setting postgres.pass, as promised in the documentation

Browse source 
Needed to rename the password for newly created or changed roles to rolepassword.
This commit is contained in:
Grischa Meyer 2013-03-11 23:22:32 +11:00
parent aeff59426e
commit bf4aaae3db
4 changed files with 104 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
doc/man/salt.7
View file

@ -19152,7 +19152,7 @@ overwrite options passed into pillar
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.postgres.db_create(name, user=None, host=None, port=None, tablespace=None, encoding=None, locale=None, lc_collate=None, lc_ctype=None, owner=None, template=None, runas=None)
.B salt.modules.postgres.db_create(name, user=None, host=None, port=None, db=None, password=None, tablespace=None, encoding=None, locale=None, lc_collate=None, lc_ctype=None, owner=None, template=None, runas=None)
Adds a databases to the Postgres server.
.sp
CLI Example:
@ -19167,7 +19167,7 @@ salt \(aq*\(aq postgres.db_create \(aqdbname\(aq template=template_postgis
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.postgres.db_exists(name, user=None, host=None, port=None, runas=None)
.B salt.modules.postgres.db_exists(name, user=None, host=None, port=None, db=None, password=None, runas=None)
Checks if a database exists on the Postgres server.
.sp
CLI Example:
@ -19180,7 +19180,7 @@ salt \(aq*\(aq postgres.db_exists \(aqdbname\(aq
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.postgres.db_list(user=None, host=None, port=None, runas=None)
.B salt.modules.postgres.db_list(user=None, host=None, port=None, db=None, password=None, runas=None)
Return a list of databases of a Postgres server using the output
from the \fBpsql \-l\fP query.
.sp
@ -19194,7 +19194,7 @@ salt \(aq*\(aq postgres.db_list
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.postgres.db_remove(name, user=None, host=None, port=None, runas=None)
.B salt.modules.postgres.db_remove(name, user=None, host=None, port=None, db=None, password=None, runas=None)
Removes a databases from the Postgres server.
.sp
CLI Example:
@ -19207,7 +19207,7 @@ salt \(aq*\(aq postgres.db_remove \(aqdbname\(aq
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.postgres.group_create(groupname, user=None, host=None, port=None, createdb=False, createuser=False, encrypted=False, superuser=False, replication=False, password=None, groups=None, runas=None)
.B salt.modules.postgres.group_create(groupname, user=None, host=None, port=None, db=None, password=None, createdb=False, createuser=False, encrypted=False, superuser=False, replication=False, rolepassword=None, groups=None, runas=None)
Creates a Postgres group. A group is postgres is similar to a user, but
cannot login.
.sp
@ -19215,13 +19215,13 @@ CLI Example:
.sp
.nf
.ft C
salt \(aq*\(aq postgres.group_create \(aqgroupname\(aq user=\(aquser\(aq host=\(aqhostname\(aq port=\(aqport\(aq password=\(aqpassword\(aq
salt \(aq*\(aq postgres.group_create \(aqgroupname\(aq user=\(aquser\(aq host=\(aqhostname\(aq port=\(aqport\(aq rolepassword=\(aqpassword\(aq
.ft P
.fi
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.postgres.group_remove(groupname, user=None, host=None, port=None, runas=None)
.B salt.modules.postgres.group_remove(groupname, user=None, host=None, port=None, db=None, password=None, runas=None)
Removes a group from the Postgres server.
.sp
CLI Example:
@ -19234,33 +19234,33 @@ salt \(aq*\(aq postgres.group_remove \(aqgroupname\(aq
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.postgres.group_update(groupname, user=None, host=None, port=None, createdb=False, createuser=False, encrypted=False, replication=False, password=None, groups=None, runas=None)
.B salt.modules.postgres.group_update(groupname, user=None, host=None, port=None, db=None, password=None, createdb=False, createuser=False, encrypted=False, replication=False, rolepassword=None, groups=None, runas=None)
Updated a postgres group
.sp
CLI Examples:
.sp
.nf
.ft C
salt \(aq*\(aq postgres.group_update \(aqusername\(aq user=\(aquser\(aq host=\(aqhostname\(aq port=\(aqport\(aq password=\(aqpassword\(aq
salt \(aq*\(aq postgres.group_update \(aqusername\(aq user=\(aquser\(aq host=\(aqhostname\(aq port=\(aqport\(aq rolepassword=\(aqpassword\(aq
.ft P
.fi
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.postgres.user_create(username, user=None, host=None, port=None, createdb=False, createuser=False, encrypted=False, superuser=False, replication=False, password=None, groups=None, runas=None)
.B salt.modules.postgres.user_create(username, user=None, host=None, port=None, db=None, password=None, createdb=False, createuser=False, encrypted=False, superuser=False, replication=False, rolepassword=None, groups=None, runas=None)
Creates a Postgres user.
.sp
CLI Examples:
.sp
.nf
.ft C
salt \(aq*\(aq postgres.user_create \(aqusername\(aq user=\(aquser\(aq host=\(aqhostname\(aq port=\(aqport\(aq password=\(aqpassword\(aq
salt \(aq*\(aq postgres.user_create \(aqusername\(aq user=\(aquser\(aq host=\(aqhostname\(aq port=\(aqport\(aq rolepassword=\(aqpassword\(aq
.ft P
.fi
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.postgres.user_exists(name, user=None, host=None, port=None, runas=None)
.B salt.modules.postgres.user_exists(name, user=None, host=None, port=None, db=None, password=None, runas=None)
Checks if a user exists on the Postgres server.
.sp
CLI Example:
@ -19273,7 +19273,7 @@ salt \(aq*\(aq postgres.user_exists \(aqusername\(aq
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.postgres.user_list(user=None, host=None, port=None, runas=None)
.B salt.modules.postgres.user_list(user=None, host=None, port=None, db=None, password=password, runas=None)
Return a list of users of a Postgres server.
.sp
CLI Example:
@ -19286,7 +19286,7 @@ salt \(aq*\(aq postgres.user_list
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.postgres.user_remove(username, user=None, host=None, port=None, runas=None)
.B salt.modules.postgres.user_remove(username, user=None, host=None, port=None, db=None, password=None, runas=None)
Removes a user from the Postgres server.
.sp
CLI Example:
@ -19299,14 +19299,14 @@ salt \(aq*\(aq postgres.user_remove \(aqusername\(aq
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.postgres.user_update(username, user=None, host=None, port=None, createdb=False, createuser=False, encrypted=False, replication=False, password=None, groups=None, runas=None)
.B salt.modules.postgres.user_update(username, user=None, host=None, port=None, db=None, password=None, createdb=False, createuser=False, encrypted=False, replication=False, rolepassword=None, groups=None, runas=None)
Creates a Postgres user.
.sp
CLI Examples:
.sp
.nf
.ft C
salt \(aq*\(aq postgres.user_create \(aqusername\(aq user=\(aquser\(aq host=\(aqhostname\(aq port=\(aqport\(aq password=\(aqpassword\(aq
salt \(aq*\(aq postgres.user_create \(aqusername\(aq user=\(aquser\(aq host=\(aqhostname\(aq port=\(aqport\(aq rolepassword=\(aqpassword\(aq
.ft P
.fi
.UNINDENT

134
salt/modules/postgres.py
View file

@ -36,7 +36,8 @@ def __virtual__():
return False
def version(user=None, host=None, port=None, db=None, runas=None):
def version(user=None, host=None, port=None, db=None, password=None,
runas=None):
'''
Return the version of a Postgres server.
@ -47,14 +48,15 @@ def version(user=None, host=None, port=None, db=None, runas=None):
query = 'SELECT setting FROM pg_catalog.pg_settings ' \
'WHERE name = \'server_version\''
cmd = _psql_cmd('-c', query, '-t',
host=host, user=user, port=port, db=db)
host=host, user=user, port=port, db=db, password=password)
ret = __salt__['cmd.run_all'](cmd, runas=runas)
for line in ret['stdout'].splitlines():
return line
def _connection_defaults(user=None, host=None, port=None, db=None):
def _connection_defaults(user=None, host=None, port=None, db=None,
password=None):
'''
Returns a tuple of (user, host, port, db) with config, pillar, or default
values assigned to missing values.
@ -67,8 +69,10 @@ def _connection_defaults(user=None, host=None, port=None, db=None):
port = __salt__['config.option']('postgres.port')
if not db:
db = __salt__['config.option']('postgres.db')
if not password:
password = __salt__['config.option']('postgres.pass')
return (user, host, port, db)
return (user, host, port, db, password)
def _psql_cmd(*args, **kwargs):
@ -78,14 +82,20 @@ def _psql_cmd(*args, **kwargs):
Accept optional keyword arguments: user, host and port as well as any
number or positional arguments to be added to the end of command.
'''
(user, host, port, db) = _connection_defaults(kwargs.get('user'),
kwargs.get('host'),
kwargs.get('port'),
kwargs.get('db'))
(user, host, port, db, password) = _connection_defaults(
kwargs.get('user'),
kwargs.get('host'),
kwargs.get('port'),
kwargs.get('db'),
kwargs.get('password'))
cmd = [salt.utils.which('psql'),
'--no-align',
'--no-readline',
'--no-password']
'--no-readline']
if password:
cmd += ['--password', password]
else:
cmd += ['--no-password']
if user:
cmd += ['--username', user]
if host:
@ -101,7 +111,8 @@ def _psql_cmd(*args, **kwargs):
# Database related actions
def db_list(user=None, host=None, port=None, db=None, runas=None):
def db_list(user=None, host=None, port=None, db=None,
password=None, runas=None):
'''
Return dictionary with information about databases of a Postgres server.
@ -125,7 +136,7 @@ def db_list(user=None, host=None, port=None, db=None, runas=None):
'pg_authid pga WHERE pga.oid = pgd.datdba'
cmd = _psql_cmd('-c', query, '-t',
host=host, user=user, port=port, db=db)
host=host, user=user, port=port, db=db, password=password)
cmdret = __salt__['cmd.run_all'](cmd, runas=runas)
@ -142,7 +153,8 @@ def db_list(user=None, host=None, port=None, db=None, runas=None):
return ret
def db_exists(name, user=None, host=None, port=None, db=None, runas=None):
def db_exists(name, user=None, host=None, port=None, db=None, password=None,
runas=None):
'''
Checks if a database exists on the Postgres server.
@ -151,7 +163,8 @@ def db_exists(name, user=None, host=None, port=None, db=None, runas=None):
salt '*' postgres.db_exists 'dbname'
'''
databases = db_list(user=user, host=host, port=port, db=db, runas=runas)
databases = db_list(user=user, host=host, port=port, db=db,
password=password, runas=runas)
return name in databases
@ -160,6 +173,7 @@ def db_create(name,
host=None,
port=None,
db=None,
password=None,
tablespace=None,
encoding=None,
locale=None,
@ -203,13 +217,15 @@ def db_create(name,
query += ' '.join(with_chunks)
# Execute the command
cmd = _psql_cmd('-c', query, user=user, host=host, port=port, db=db)
cmd = _psql_cmd('-c', query, user=user, host=host, port=port, db=db,
password=password)
ret = __salt__['cmd.run_all'](cmd, runas=runas)
return ret['retcode'] == 0
def db_remove(name, user=None, host=None, port=None, db=None, runas=None):
def db_remove(name, user=None, host=None, port=None, db=None,
password=None, runas=None):
'''
Removes a databases from the Postgres server.
@ -220,14 +236,16 @@ def db_remove(name, user=None, host=None, port=None, db=None, runas=None):
# db doesnt exist, proceed
query = 'DROP DATABASE {0}'.format(name)
cmd = _psql_cmd('-c', query, user=user, host=host, port=port, db=db)
cmd = _psql_cmd('-c', query, user=user, host=host, port=port, db=db,
password=password)
ret = __salt__['cmd.run_all'](cmd, runas=runas)
return ret['retcode'] == 0
# User related actions
def user_list(user=None, host=None, port=None, db=None, runas=None):
def user_list(user=None, host=None, port=None, db=None,
password=None, runas=None):
'''
Return a dict with information about users of a Postgres server.
@ -253,6 +271,7 @@ def user_list(user=None, host=None, port=None, db=None, runas=None):
host=host,
port=port,
db=db,
password=password,
runas=runas).split('.')
if len(ver) >= 2 and ver[0] >= 9 and ver[1] >= 1:
query = (
@ -269,7 +288,7 @@ def user_list(user=None, host=None, port=None, db=None, runas=None):
'FROM pg_roles'
)
cmd = _psql_cmd('-c', query, '-t',
host=host, user=user, port=port, db=db)
host=host, user=user, port=port, db=db, password=password)
cmdret = __salt__['cmd.run_all'](cmd, runas=runas)
@ -300,7 +319,8 @@ def user_list(user=None, host=None, port=None, db=None, runas=None):
return ret
def user_exists(name, user=None, host=None, port=None, db=None, runas=None):
def user_exists(name, user=None, host=None, port=None, db=None,
password=None, runas=None):
'''
Checks if a user exists on the Postgres server.
@ -313,6 +333,7 @@ def user_exists(name, user=None, host=None, port=None, db=None, runas=None):
host=host,
port=port,
db=db,
password=password,
runas=runas)
@ -322,12 +343,13 @@ def _role_create(name,
host=None,
port=None,
db=None,
password=None,
createdb=False,
createuser=False,
encrypted=False,
superuser=False,
replication=False,
password=None,
rolepassword=None,
groups=None,
runas=None):
'''
@ -341,15 +363,15 @@ def _role_create(name,
create_type = 'ROLE'
# check if role exists
if user_exists(name, user, host, port, db, runas=runas):
if user_exists(name, user, host, port, db, password=password, runas=runas):
log.info('{0} \'{1}\' already exists'.format(create_type, name,))
return False
sub_cmd = 'CREATE {0} "{1}" WITH'.format(create_type, name, )
if password:
if rolepassword:
if encrypted:
sub_cmd = '{0} ENCRYPTED'.format(sub_cmd, )
escaped_password = password.replace('\'', '\'\'')
escaped_password = rolepassword.replace('\'', '\'\'')
sub_cmd = '{0} PASSWORD \'{1}\''.format(sub_cmd, escaped_password)
if createdb:
sub_cmd = '{0} CREATEDB'.format(sub_cmd, )
@ -365,7 +387,8 @@ def _role_create(name,
if sub_cmd.endswith('WITH'):
sub_cmd = sub_cmd.replace(' WITH', '')
cmd = _psql_cmd('-c', sub_cmd, host=host, user=user, port=port, db=db)
cmd = _psql_cmd('-c', sub_cmd, host=host, user=user, port=port, db=db,
password=password)
return __salt__['cmd.run'](cmd, runas=runas)
@ -374,12 +397,13 @@ def user_create(username,
host=None,
port=None,
db=None,
password=None,
createdb=False,
createuser=False,
encrypted=False,
superuser=False,
replication=False,
password=None,
rolepassword=None,
groups=None,
runas=None):
'''
@ -387,7 +411,7 @@ def user_create(username,
CLI Examples::
salt '*' postgres.user_create 'username' user='user' host='hostname' port='port' password='password'
salt '*' postgres.user_create 'username' user='user' host='hostname' port='port' password='password' rolepassword='rolepassword'
'''
return _role_create(username,
True,
@ -395,12 +419,13 @@ def user_create(username,
host,
port,
db,
password,
createdb,
createuser,
encrypted,
superuser,
replication,
password,
rolepassword,
groups,
runas)
@ -410,11 +435,12 @@ def _role_update(name,
host=None,
port=None,
db=None,
password=None,
createdb=False,
createuser=False,
encrypted=False,
replication=False,
password=None,
rolepassword=None,
groups=None,
runas=None):
'''
@ -422,13 +448,13 @@ def _role_update(name,
'''
# check if user exists
if not user_exists(name, user, host, port, db, runas=runas):
if not user_exists(name, user, host, port, db, password, runas=runas):
log.info('User \'{0}\' does not exist'.format(name,))
return False
sub_cmd = 'ALTER ROLE {0} WITH'.format(name, )
if password:
sub_cmd = '{0} PASSWORD \'{1}\''.format(sub_cmd, password)
if rolepassword:
sub_cmd = '{0} PASSWORD \'{1}\''.format(sub_cmd, rolepassword)
if createdb:
sub_cmd = '{0} CREATEDB'.format(sub_cmd, )
if createuser:
@ -445,7 +471,8 @@ def _role_update(name,
for group in groups.split(','):
sub_cmd = '{0}; GRANT {1} TO {2}'.format(sub_cmd, group, name)
cmd = _psql_cmd('-c', sub_cmd, host=host, user=user, port=port, db=db)
cmd = _psql_cmd('-c', sub_cmd, host=host, user=user, port=port, db=db,
password=password)
return __salt__['cmd.run'](cmd, runas=runas)
@ -454,11 +481,12 @@ def user_update(username,
host=None,
port=None,
db=None,
password=None,
createdb=False,
createuser=False,
encrypted=False,
replication=False,
password=None,
rolepassword=None,
groups=None,
runas=None):
'''
@ -466,37 +494,41 @@ def user_update(username,
CLI Examples::
salt '*' postgres.user_create 'username' user='user' host='hostname' port='port' password='password'
salt '*' postgres.user_create 'username' user='user' host='hostname' port='port' password='password' rolepassword='rolepassword'
'''
return _role_update(username,
user,
host,
port,
db,
password,
createdb,
createuser,
encrypted,
replication,
password,
rolepassword,
groups,
runas)
def _role_remove(name, user=None, host=None, port=None, db=None, runas=None):
def _role_remove(name, user=None, host=None, port=None, db=None,
password=None, runas=None):
'''
Removes a role from the Postgres Server
'''
# check if user exists
if not user_exists(name, user, host, port, db, runas=runas):
if not user_exists(name, user, host, port, db, password=password,
runas=runas):
log.info('User \'{0}\' does not exist'.format(name,))
return False
# user exists, proceed
sub_cmd = 'DROP ROLE {0}'.format(name)
cmd = _psql_cmd('-c', sub_cmd, host=host, user=user, port=port, db=db)
cmd = _psql_cmd('-c', sub_cmd, host=host, user=user, port=port, db=db,
password=password)
__salt__['cmd.run'](cmd, runas=runas)
if not user_exists(name, user, host, port, db, runas=runas):
if not user_exists(name, user, host, port, db, password=password, runas=runas):
return True
else:
log.info('Failed to delete user \'{0}\'.'.format(name, ))
@ -507,6 +539,7 @@ def user_remove(username,
host=None,
port=None,
db=None,
password=None,
runas=None):
'''
Removes a user from the Postgres server.
@ -515,7 +548,7 @@ def user_remove(username,
salt '*' postgres.user_remove 'username'
'''
return _role_remove(username, user, host, port, db, runas)
return _role_remove(username, user, host, port, db, password, runas)
# Group related actions
@ -525,12 +558,13 @@ def group_create(groupname,
host=None,
port=None,
db=None,
password=None,
createdb=False,
createuser=False,
encrypted=False,
superuser=False,
replication=False,
password=None,
rolepassword=None,
groups=None,
runas=None):
'''
@ -539,7 +573,7 @@ def group_create(groupname,
CLI Example::
salt '*' postgres.group_create 'groupname' user='user' host='hostname' port='port' password='password'
salt '*' postgres.group_create 'groupname' user='user' host='hostname' port='port' password='password' rolepassword='rolepassword'
'''
return _role_create(groupname,
False,
@ -547,12 +581,13 @@ def group_create(groupname,
host,
port,
db,
password,
createdb,
createuser,
encrypted,
superuser,
replication,
password,
rolepassword,
groups,
runas)
@ -562,11 +597,12 @@ def group_update(groupname,
host=None,
port=None,
db=None,
password=None,
createdb=False,
createuser=False,
encrypted=False,
replication=False,
password=None,
rolepassword=None,
groups=None,
runas=None):
'''
@ -574,18 +610,19 @@ def group_update(groupname,
CLI Examples::
salt '*' postgres.group_update 'username' user='user' host='hostname' port='port' password='password'
salt '*' postgres.group_update 'username' user='user' host='hostname' port='port' password='password' rolepassword='rolepassword'
'''
return _role_update(groupname,
user,
host,
port,
db,
password,
createdb,
createuser,
encrypted,
replication,
password,
rolepassword,
groups,
runas)
@ -595,6 +632,7 @@ def group_remove(groupname,
host=None,
port=None,
db=None,
password=None,
runas=None):
'''
Removes a group from the Postgres server.
@ -603,4 +641,4 @@ def group_remove(groupname,
salt '*' postgres.group_remove 'groupname'
'''
return _role_remove(groupname, user, host, port, db, runas)
return _role_remove(groupname, user, host, port, db, password, runas)

2
salt/states/postgres_group.py
View file

@ -70,7 +70,7 @@ def present(name,
encrypted=encrypted,
superuser=superuser,
replication=replication,
password=password,
rolepassword=password,
groups=groups,
runas=runas):
ret['comment'] = 'The group {0} has been created'.format(name)

2
salt/states/postgres_user.py
View file

@ -70,7 +70,7 @@ def present(name,
encrypted=encrypted,
superuser=superuser,
replication=replication,
password=password,
rolepassword=password,
groups=groups,
runas=runas):
ret['comment'] = 'The user {0} has been created'.format(name)