diff options
| author | Brian Coca <bcoca@ansible.com> | 2015-03-30 18:53:11 -0400 |
|---|---|---|
| committer | Brian Coca <bcoca@ansible.com> | 2015-03-30 18:53:11 -0400 |
| commit | bbb0a38fa3b44bb5a4e15408e156b01ad47b5907 (patch) | |
| tree | 4a2868e43c1a415f6212a2e3c368ad65428ae4ae | |
| parent | 3738339b90b3e8d0b285feefe73948e485649b26 (diff) | |
| parent | bffd137edd8cd3a57de8d7fa8cd4de459087d8ff (diff) | |
| download | ansible-modules-core-bbb0a38fa3b44bb5a4e15408e156b01ad47b5907.tar.gz | |
Merge pull request #957 from stansonhealth/devel
postgres_user: skip password changes so pg_authid isn't needed
| -rw-r--r-- | database/postgresql/postgresql_user.py | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/database/postgresql/postgresql_user.py b/database/postgresql/postgresql_user.py index 020b3740..7558cb37 100644 --- a/database/postgresql/postgresql_user.py +++ b/database/postgresql/postgresql_user.py @@ -113,6 +113,13 @@ options: required: false default: null version_added: '1.4' + no_password_changes: + description: + - if C(yes), don't inspect database for password changes. Effective when C(pg_authid) is not accessible (such as AWS RDS). Otherwise, make password changes as necessary. + required: false + default: 'no' + choices: [ "yes", "no" ] + version_added: '2.0' notes: - The default authentication assumes that you are either logging in as or sudo'ing to the postgres account on the host. @@ -201,7 +208,7 @@ def user_add(cursor, user, password, role_attr_flags, encrypted, expires): cursor.execute(query, query_password_data) return True -def user_alter(cursor, module, user, password, role_attr_flags, encrypted, expires): +def user_alter(cursor, module, user, password, role_attr_flags, encrypted, expires, no_password_changes): """Change user password and/or attributes. Return True if changed, False otherwise.""" changed = False @@ -215,7 +222,7 @@ def user_alter(cursor, module, user, password, role_attr_flags, encrypted, expir return False # Handle passwords. - if password is not None or role_attr_flags is not None: + if not no_password_changes and (password is not None or role_attr_flags is not None): # Select password and all flag-like columns in order to verify changes. query_password_data = dict(password=password, expires=expires) select = "SELECT * FROM pg_authid where rolname=%(user)s" @@ -471,6 +478,7 @@ def main(): fail_on_user=dict(type='bool', default='yes'), role_attr_flags=dict(default=''), encrypted=dict(type='bool', default='no'), + no_password_changes=dict(type='bool', default='no'), expires=dict(default=None) ), supports_check_mode = True @@ -485,6 +493,7 @@ def main(): module.fail_json(msg="privileges require a database to be specified") privs = parse_privs(module.params["priv"], db) port = module.params["port"] + no_password_changes = module.params["no_password_changes"] try: role_attr_flags = parse_role_attrs(module.params["role_attr_flags"]) except InvalidFlagsError, e: @@ -529,7 +538,7 @@ def main(): if state == "present": if user_exists(cursor, user): try: - changed = user_alter(cursor, module, user, password, role_attr_flags, encrypted, expires) + changed = user_alter(cursor, module, user, password, role_attr_flags, encrypted, expires, no_password_changes) except SQLParseError, e: module.fail_json(msg=str(e)) else: |