Skip to content

Add a global password_encryption parameter #1584

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 26, 2024
Merged

Add a global password_encryption parameter #1584

merged 1 commit into from
Mar 26, 2024

Conversation

ekohl
Copy link
Collaborator

@ekohl ekohl commented Mar 26, 2024

Summary

The function postgresql::password() looks at the default for encryption. If you want to use SCRAM on PostgreSQL < 14 then the default must be overridden, or specified for every use. This parameter allows it to be globally overridden.

Related Issues (if any)

Found in theforeman/foreman-installer#924 when testing out SCRAM support with PostgreSQL 13.

Checklist

  • 🟢 Spec tests.
  • 🟢 Acceptance tests.
  • Manually verified. (For example puppet apply)

@ekohl
Add a global password_encryption parameter
43c21af 
The function postgresql::password() looks at the default for encryption.
If you want to use SCRAM on PostgreSQL < 14 then the default must be
overridden, or specified for every use. This parameter allows it to be
globally overridden.
@ekohl ekohl mentioned this pull request Mar 26, 2024
Merged
bastelfreak
bastelfreak reviewed Mar 26, 2024
View reviewed changes
manifests/params.pp
@@ -25,7 +25,7 @@
$manage_selinux = pick($manage_selinux, false)
$package_ensure = 'present'
$module_workdir = pick($module_workdir,'/tmp')
$password_encryption = versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' }
$password_encryption = pick($password_encryption, versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' })
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does that work? pick() refrences the variable itself? And line 21-24 follow the same pattern 🤔

should it be:

Suggested change
$password_encryption = pick($password_encryption, versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' })
$password_encryption = pick($postgresql::globals::password_encryption, versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' })

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I was also surprised. I think it's (ab)using the parser a bit. I wanted to remain consistent.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay. so it's probably coming from globals. interesting. Not sure if that works on purpose or by accident :D

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"yes"

@bastelfreak bastelfreak merged commit 5eb1690 into puppetlabs:main Mar 26, 2024
@ekohl ekohl deleted the globally-configurable-password-encryption branch March 26, 2024 16:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bastelfreak bastelfreak bastelfreak approved these changes

@alexjfisher alexjfisher Awaiting requested review from alexjfisher alexjfisher is a code owner

@deric deric Awaiting requested review from deric deric is a code owner

@SimonHoenscheid SimonHoenscheid Awaiting requested review from SimonHoenscheid SimonHoenscheid is a code owner

@smortex smortex Awaiting requested review from smortex smortex is a code owner

Assignees
No one assigned
Labels
community feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ekohl @bastelfreak @ia-content