Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

flexible value for auth_method in pg_hba.conf if passwords are used #1479

Closed
wants to merge 7 commits into from
Closed

flexible value for auth_method in pg_hba.conf if passwords are used #1479

wants to merge 7 commits into from

Conversation

SimonHoenscheid
Copy link
Collaborator

fixes #1465

@SimonHoenscheid SimonHoenscheid force-pushed the flexible_password_encryption_in_pg_hba_conf branch from ef78fdd to 83adcc6 Compare August 28, 2023 21:53
@SimonHoenscheid SimonHoenscheid marked this pull request as ready for review August 28, 2023 21:56
cruelsmith
cruelsmith approved these changes Aug 28, 2023
View reviewed changes
Copy link
Contributor

@cruelsmith cruelsmith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fine in my 👀
Maybe we also should add a spec test for that one? Currently we not really checking the hba rules in spec that comes out of the server config class.

bastelfreak
bastelfreak reviewed Aug 29, 2023
View reviewed changes
manifests/params.pp Outdated Show resolved Hide resolved
@SimonHoenscheid SimonHoenscheid force-pushed the flexible_password_encryption_in_pg_hba_conf branch 3 times, most recently from 18690f0 to 010aa0d Compare August 29, 2023 11:02
@SimonHoenscheid SimonHoenscheid force-pushed the flexible_password_encryption_in_pg_hba_conf branch 3 times, most recently from 8469570 to a12c7f3 Compare September 1, 2023 09:56
@SimonHoenscheid SimonHoenscheid force-pushed the flexible_password_encryption_in_pg_hba_conf branch from a12c7f3 to cc38002 Compare September 4, 2023 08:57
@SimonHoenscheid
Copy link
Collaborator Author

@cruelsmith I have problems getting this PR green, would you mind having a look?

@cruelsmith
Copy link
Contributor

Ah found it ... the issue is that the postgresql::postgresql_password() still defaults to md5 and we manual need to set it to scram-sha-256 in case of version >= 14.
Question is if it is possible to respect the $postgresql::server::password_encryption in the postgresql::postgresql_password() in some way. Else every code that uses that function needs to be updated to hand over that value.

When you want to review see here since it changes also some code: cd20e36 and https://github.com/cruelsmith/puppetlabs-postgresql/actions/runs/6100912336 (Yes the SLES and RHEL are failing since i test in my clone ENV but the important Ubuntu 22.04 is working)

@cruelsmith cruelsmith mentioned this pull request Sep 6, 2023
Merged
5 tasks
@bastelfreak bastelfreak closed this Sep 7, 2023
@SimonHoenscheid SimonHoenscheid deleted the flexible_password_encryption_in_pg_hba_conf branch September 8, 2023 11:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bastelfreak bastelfreak bastelfreak left review comments

@cruelsmith cruelsmith cruelsmith approved these changes

@deric deric deric approved these changes

@alexjfisher alexjfisher Awaiting requested review from alexjfisher alexjfisher is a code owner

@ekohl ekohl Awaiting requested review from ekohl ekohl is a code owner

@smortex smortex Awaiting requested review from smortex smortex is a code owner

Assignees
No one assigned
Labels
community maintenance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Default HBA does not take scram into account
5 participants
@SimonHoenscheid @cruelsmith @deric @bastelfreak @ia-content