From 6fe57846d00795850c3b77fb859c35ac54af9773 Mon Sep 17 00:00:00 2001 From: Matt Clay Date: Thu, 25 Apr 2019 09:25:27 -0700 Subject: [PATCH] Revert "postgres modules: move params mapping from main to connect_to_db (#55549)" This reverts commit 2250257809baf77dd6d63d56e4eca10b2952250a. --- lib/ansible/module_utils/postgres.py | 76 ++++--------------- .../database/postgresql/postgresql_db.py | 2 +- .../database/postgresql/postgresql_ext.py | 58 +++++++++++--- .../database/postgresql/postgresql_idx.py | 57 +++++++++++--- .../database/postgresql/postgresql_info.py | 58 ++++++++++---- .../database/postgresql/postgresql_lang.py | 50 +++++++++++- .../postgresql/postgresql_membership.py | 54 +++++++++++-- .../database/postgresql/postgresql_owner.py | 62 +++++++++++---- .../database/postgresql/postgresql_ping.py | 58 +++++++++++--- .../database/postgresql/postgresql_query.py | 60 ++++++++++++--- .../database/postgresql/postgresql_schema.py | 53 +++++++++++-- .../database/postgresql/postgresql_set.py | 69 +++++++++++++---- .../database/postgresql/postgresql_slot.py | 59 +++++++++++--- .../database/postgresql/postgresql_table.py | 58 +++++++++++--- .../postgresql/postgresql_tablespace.py | 69 ++++++++++++----- .../database/postgresql/postgresql_user.py | 70 ++++++++++++++--- 16 files changed, 694 insertions(+), 219 deletions(-) diff --git a/lib/ansible/module_utils/postgres.py b/lib/ansible/module_utils/postgres.py index 713d0098d0..87ec25806c 100644 --- a/lib/ansible/module_utils/postgres.py +++ b/lib/ansible/module_utils/postgres.py @@ -29,26 +29,23 @@ try: import psycopg2 - from psycopg2.extras import DictCursor + import psycopg2.extras HAS_PSYCOPG2 = True except ImportError: HAS_PSYCOPG2 = False -from ansible.module_utils.basic import missing_required_lib from ansible.module_utils._text import to_native -from ansible.module_utils.six import iteritems class LibraryError(Exception): pass -def ensure_libs(module): +def ensure_libs(sslrootcert=None): if not HAS_PSYCOPG2: - module.fail_json(msg=missing_required_lib('psycopg2')) - - if module.params.get('ca_cert') and psycopg2.__version__ < '2.4.3': - module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter') + raise LibraryError('psycopg2 is not installed. we need psycopg2.') + if sslrootcert and psycopg2.__version__ < '2.4.3': + raise LibraryError('psycopg2 must be at least 2.4.3 in order to use the ca_cert parameter') # no problems return None @@ -66,42 +63,7 @@ def postgres_common_argument_spec(): ) -def connect_to_db(module, autocommit=False, fail_on_conn=True, warn_db_default=True): - - ensure_libs(module) - - # To use defaults values, keyword arguments must be absent, so - # check which values are empty and don't include in the **kw - # dictionary - params_map = { - "login_host": "host", - "login_user": "user", - "login_password": "password", - "port": "port", - "ssl_mode": "sslmode", - "ca_cert": "sslrootcert" - } - - # Might be different in the modules: - if module.params.get('db'): - params_map['db'] = 'database' - elif module.params.get('database'): - params_map['database'] = 'database' - elif module.params.get('login_db'): - params_map['login_db'] = 'database' - else: - if warn_db_default: - module.warn('Database name has not been passed, ' - 'used default database to connect to.') - - kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) - if k in params_map and v != '' and v is not None) - - # If a login_unix_socket is specified, incorporate it here. - is_localhost = "host" not in kw or kw["host"] is None or kw["host"] == "localhost" - if is_localhost and module.params["login_unix_socket"] != "": - kw["host"] = module.params["login_unix_socket"] - +def connect_to_db(module, kw, autocommit=False): try: db_connection = psycopg2.connect(**kw) if autocommit: @@ -110,31 +72,19 @@ def connect_to_db(module, autocommit=False, fail_on_conn=True, warn_db_default=T else: db_connection.set_isolation_level(psycopg2.extensions.ISOLATION_LEVEL_AUTOCOMMIT) - # Switch role, if specified: - cursor = db_connection.cursor(cursor_factory=DictCursor) - if module.params.get('session_role'): - try: - cursor.execute('SET ROLE %s' % module.params['session_role']) - except Exception as e: - module.fail_json(msg="Could not switch role: %s" % to_native(e)) - cursor.close() - except TypeError as e: if 'sslrootcert' in e.args[0]: module.fail_json(msg='Postgresql server must be at least ' 'version 8.4 to support sslrootcert') - if fail_on_conn: - module.fail_json(msg="unable to connect to database: %s" % to_native(e)) - else: - module.warn("PostgreSQL server is unavailable: %s" % to_native(e)) - db_connection = None + module.fail_json(msg="unable to connect to database: %s" % to_native(e)) except Exception as e: - if fail_on_conn: - module.fail_json(msg="unable to connect to database: %s" % to_native(e)) - else: - module.warn("PostgreSQL server is unavailable: %s" % to_native(e)) - db_connection = None + module.fail_json(msg="unable to connect to database: %s" % to_native(e)) return db_connection + + +def get_pg_version(cursor): + cursor.execute("select current_setting('server_version_num')") + return int(cursor.fetchone()[0]) diff --git a/lib/ansible/modules/database/postgresql/postgresql_db.py b/lib/ansible/modules/database/postgresql/postgresql_db.py index 2b64219ffb..d533b7e9cd 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_db.py +++ b/lib/ansible/modules/database/postgresql/postgresql_db.py @@ -486,7 +486,7 @@ def main(): if not raw_connection: try: - pgutils.ensure_libs(module) + pgutils.ensure_libs(sslrootcert=module.params.get('ca_cert')) db_connection = psycopg2.connect(database=maintenance_db, **kw) # Enable autocommit so we can create databases diff --git a/lib/ansible/modules/database/postgresql/postgresql_ext.py b/lib/ansible/modules/database/postgresql/postgresql_ext.py index a466b4c373..ca3dabe7cd 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_ext.py +++ b/lib/ansible/modules/database/postgresql/postgresql_ext.py @@ -135,15 +135,18 @@ query: import traceback +PSYCOPG2_IMP_ERR = None try: - from psycopg2.extras import DictCursor + import psycopg2 + import psycopg2.extras + HAS_PSYCOPG2 = True except ImportError: - # psycopg2 is checked by connect_to_db() - # from ansible.module_utils.postgres - pass + PSYCOPG2_IMP_ERR = traceback.format_exc() + HAS_PSYCOPG2 = False -from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec +from ansible.module_utils.six import iteritems from ansible.module_utils._text import to_native from ansible.module_utils.database import pg_quote_identifier @@ -210,14 +213,49 @@ def main(): supports_check_mode=True, ) + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib('psycopg2'), exception=PSYCOPG2_IMP_ERR) + + db = module.params["db"] ext = module.params["ext"] schema = module.params["schema"] state = module.params["state"] cascade = module.params["cascade"] + sslrootcert = module.params["ca_cert"] + session_role = module.params["session_role"] changed = False - db_connection = connect_to_db(module, autocommit=True) - cursor = db_connection.cursor(cursor_factory=DictCursor) + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "db": "database", + "ssl_mode": "sslmode", + "ca_cert": "sslrootcert" + } + kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) + if k in params_map and v != "" and v is not None) + + # If a login_unix_socket is specified, incorporate it here. + is_localhost = "host" not in kw or kw["host"] == "" or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: + module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter') + + db_connection = connect_to_db(module, kw, autocommit=True) + cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) + + if session_role: + try: + cursor.execute('SET ROLE %s' % pg_quote_identifier(session_role, 'role')) + except Exception as e: + module.fail_json(msg="Could not switch role: %s" % to_native(e), exception=traceback.format_exc()) try: if module.check_mode: @@ -231,12 +269,12 @@ def main(): elif state == "present": changed = ext_create(cursor, ext, schema, cascade) - + except NotSupportedError as e: + module.fail_json(msg=to_native(e), exception=traceback.format_exc()) except Exception as e: module.fail_json(msg="Database query failed: %s" % to_native(e), exception=traceback.format_exc()) - db_connection.close() - module.exit_json(changed=changed, db=module.params["db"], ext=ext, queries=executed_queries) + module.exit_json(changed=changed, db=db, ext=ext, queries=executed_queries) if __name__ == '__main__': diff --git a/lib/ansible/modules/database/postgresql/postgresql_idx.py b/lib/ansible/modules/database/postgresql/postgresql_idx.py index 7e7921afdc..75601e5087 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_idx.py +++ b/lib/ansible/modules/database/postgresql/postgresql_idx.py @@ -229,17 +229,21 @@ valid: sample: true ''' -try: - from psycopg2.extras import DictCursor -except ImportError: - # psycopg2 is checked by connect_to_db() - # from ansible.module_utils.postgres - pass +import traceback -from ansible.module_utils.basic import AnsibleModule +PSYCOPG2_IMP_ERR = None +try: + import psycopg2 + HAS_PSYCOPG2 = True +except ImportError: + HAS_PSYCOPG2 = False + PSYCOPG2_IMP_ERR = traceback.format_exc() + +from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.database import SQLParseError from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec from ansible.module_utils._text import to_native +from ansible.module_utils.six import iteritems VALID_IDX_TYPES = ('BTREE', 'HASH', 'GIST', 'SPGIST', 'GIN', 'BRIN') @@ -424,6 +428,9 @@ def main(): supports_check_mode=True, ) + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib('psycopg2'), exception=PSYCOPG2_IMP_ERR) + idxname = module.params["idxname"] state = module.params["state"] concurrent = module.params["concurrent"] @@ -431,6 +438,8 @@ def main(): idxtype = module.params["idxtype"] columns = module.params["columns"] cond = module.params["cond"] + sslrootcert = module.params["ca_cert"] + session_role = module.params["session_role"] tablespace = module.params["tablespace"] storage_params = module.params["storage_params"] cascade = module.params["cascade"] @@ -453,8 +462,37 @@ def main(): if cascade and state != 'absent': module.fail_json(msg="cascade parameter used only with state=absent") - db_connection = connect_to_db(module, autocommit=True) - cursor = db_connection.cursor(cursor_factory=DictCursor) + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "db": "database", + "ssl_mode": "sslmode", + "ca_cert": "sslrootcert" + } + kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) + if k in params_map and v != "" and v is not None) + + # If a login_unix_socket is specified, incorporate it here. + is_localhost = "host" not in kw or kw["host"] is None or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: + module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter') + + db_connection = connect_to_db(module, kw, autocommit=True) + cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) + + if session_role: + try: + cursor.execute('SET ROLE %s' % session_role) + except Exception as e: + module.fail_json(msg="Could not switch role: %s" % to_native(e)) # Set defaults: changed = False @@ -516,7 +554,6 @@ def main(): db_connection.commit() kw['changed'] = changed - db_connection.close() module.exit_json(**kw) diff --git a/lib/ansible/modules/database/postgresql/postgresql_info.py b/lib/ansible/modules/database/postgresql/postgresql_info.py index f08b3ab644..c35e25b8ef 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_info.py +++ b/lib/ansible/modules/database/postgresql/postgresql_info.py @@ -468,15 +468,14 @@ settings: from fnmatch import fnmatch try: - from psycopg2.extras import DictCursor + import psycopg2 + HAS_PSYCOPG2 = True except ImportError: - # psycopg2 is checked by connect_to_db() - # from ansible.module_utils.postgres - pass + HAS_PSYCOPG2 = False from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.database import SQLParseError -from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec +from ansible.module_utils.postgres import postgres_common_argument_spec from ansible.module_utils._text import to_native from ansible.module_utils.six import iteritems @@ -486,16 +485,17 @@ from ansible.module_utils.six import iteritems # class PgDbConn(object): - def __init__(self, module): + def __init__(self, module, params_dict, session_role): + self.params_dict = params_dict self.module = module self.db_conn = None + self.session_role = session_role self.cursor = None - self.session_role = self.module.params.get('session_role') def connect(self): try: - self.db_conn = connect_to_db(self.module, warn_db_default=False) - self.cursor = self.db_conn.cursor(cursor_factory=DictCursor) + self.db_conn = psycopg2.connect(**self.params_dict) + self.cursor = self.db_conn.cursor(cursor_factory=psycopg2.extras.DictCursor) # Switch role, if specified: if self.session_role: @@ -518,7 +518,7 @@ class PgDbConn(object): def reconnect(self, dbname): self.db_conn.close() - self.module.params['database'] = dbname + self.params_dict['database'] = dbname return self.connect() @@ -905,7 +905,10 @@ class PgClusterInfo(object): res = self.cursor.fetchall() if res: return res - except Exception as e: + except SQLParseError as e: + self.module.fail_json(msg=to_native(e)) + self.cursor.close() + except psycopg2.ProgrammingError as e: self.module.fail_json(msg="Cannot execute SQL '%s': %s" % (query, to_native(e))) self.cursor.close() return False @@ -927,9 +930,38 @@ def main(): supports_check_mode=True, ) - filter_ = module.params["filter"] + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib('psycopg2')) - db_conn_obj = PgDbConn(module) + filter_ = module.params["filter"] + sslrootcert = module.params["ca_cert"] + session_role = module.params["session_role"] + + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "db": "database", + "ssl_mode": "sslmode", + "ca_cert": "sslrootcert" + } + kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) + if k in params_map and v != "" and v is not None) + + # If a login_unix_socket is specified, incorporate it here. + is_localhost = "host" not in kw or kw["host"] == "" or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and sslrootcert: + module.fail_json(msg='psycopg2 must be at least 2.4.3 in order ' + 'to user the ca_cert parameter') + + db_conn_obj = PgDbConn(module, kw, session_role) # Do job: pg_info = PgClusterInfo(module, db_conn_obj) diff --git a/lib/ansible/modules/database/postgresql/postgresql_lang.py b/lib/ansible/modules/database/postgresql/postgresql_lang.py index 17ef639d84..c56af11531 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_lang.py +++ b/lib/ansible/modules/database/postgresql/postgresql_lang.py @@ -169,8 +169,19 @@ queries: version_added: '2.8' ''' -from ansible.module_utils.basic import AnsibleModule +import traceback + +PSYCOPG2_IMP_ERR = None +try: + import psycopg2 + HAS_PSYCOPG2 = True +except ImportError: + PSYCOPG2_IMP_ERR = traceback.format_exc() + HAS_PSYCOPG2 = False + +from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec +from ansible.module_utils.six import iteritems from ansible.module_utils._text import to_native from ansible.module_utils.database import pg_quote_identifier @@ -253,10 +264,44 @@ def main(): force_trust = module.params["force_trust"] cascade = module.params["cascade"] fail_on_drop = module.params["fail_on_drop"] + sslrootcert = module.params["ca_cert"] + session_role = module.params["session_role"] - db_connection = connect_to_db(module, autocommit=False) + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib('psycopg2'), exception=PSYCOPG2_IMP_ERR) + + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "db": "database", + "ssl_mode": "sslmode", + "ca_cert": "sslrootcert" + } + kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) + if k in params_map and v != "" and v is not None) + + # If a login_unix_socket is specified, incorporate it here. + is_localhost = "host" not in kw or kw["host"] == "" or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: + module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter') + + db_connection = connect_to_db(module, kw, autocommit=False) cursor = db_connection.cursor() + if session_role: + try: + cursor.execute('SET ROLE %s' % pg_quote_identifier(session_role, 'role')) + except Exception as e: + module.fail_json(msg="Could not switch role: %s" % to_native(e), exception=traceback.format_exc()) + changed = False kw = {'db': db, 'lang': lang, 'trust': trust} @@ -296,7 +341,6 @@ def main(): kw['changed'] = changed kw['queries'] = executed_queries - db_connection.close() module.exit_json(**kw) diff --git a/lib/ansible/modules/database/postgresql/postgresql_membership.py b/lib/ansible/modules/database/postgresql/postgresql_membership.py index 0d42ce0f49..ce7f2292ea 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_membership.py +++ b/lib/ansible/modules/database/postgresql/postgresql_membership.py @@ -136,16 +136,16 @@ state: ''' try: - from psycopg2.extras import DictCursor + import psycopg2 + HAS_PSYCOPG2 = True except ImportError: - # psycopg2 is checked by connect_to_db() - # from ansible.module_utils.postgres - pass + HAS_PSYCOPG2 = False -from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.database import SQLParseError, pg_quote_identifier from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec from ansible.module_utils._text import to_native +from ansible.module_utils.six import iteritems class PgMembership(object): @@ -265,7 +265,9 @@ class PgMembership(object): res = self.cursor.fetchall() return res return True - except Exception as e: + except SQLParseError as e: + self.module.fail_json(msg=to_native(e)) + except psycopg2.ProgrammingError as e: self.module.fail_json(msg="Cannot execute SQL '%s': %s" % (query, to_native(e))) return False @@ -291,13 +293,49 @@ def main(): supports_check_mode=True, ) + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib('psycopg2')) + groups = module.params['groups'] target_roles = module.params['target_roles'] fail_on_role = module.params['fail_on_role'] state = module.params['state'] + sslrootcert = module.params['ca_cert'] + session_role = module.params['session_role'] - db_connection = connect_to_db(module, autocommit=False) - cursor = db_connection.cursor(cursor_factory=DictCursor) + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "db": "database", + "ssl_mode": "sslmode", + "ca_cert": "sslrootcert" + } + kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) + if k in params_map and v != '' and v is not None) + + # If a login_unix_socket is specified, incorporate it here. + is_localhost = "host" not in kw or kw["host"] is None or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and sslrootcert: + module.fail_json(msg='psycopg2 must be at least 2.4.3 ' + 'in order to user the ssl_rootcert parameter') + + db_connection = connect_to_db(module, kw, autocommit=False) + cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) + + # Switch role, if specified: + if session_role: + try: + cursor.execute('SET ROLE %s' % session_role) + except Exception as e: + module.fail_json(msg="Could not switch role: %s" % to_native(e)) ############## # Create the object and do main job: diff --git a/lib/ansible/modules/database/postgresql/postgresql_owner.py b/lib/ansible/modules/database/postgresql/postgresql_owner.py index c569c31f48..dea01e0895 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_owner.py +++ b/lib/ansible/modules/database/postgresql/postgresql_owner.py @@ -150,27 +150,19 @@ queries: ''' try: - from psycopg2.extras import DictCursor + import psycopg2 + HAS_PSYCOPG2 = True except ImportError: - # psycopg2 is checked by connect_to_db() - # from ansible.module_utils.postgres - pass + HAS_PSYCOPG2 = False -from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.database import SQLParseError, pg_quote_identifier from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec from ansible.module_utils._text import to_native +from ansible.module_utils.six import iteritems class PgOwnership(object): - """ - If you want to add handling of a new type of database objects: - 1. Add a specific method for this like self.__set_db_owner(), etc. - 2. Add a condition with a check of ownership for new type objects to self.__is_owner() - 3. Add a condition with invocation of the specific method to self.set_owner() - 4. Add the information to the module documentation - That's all. - """ def __init__(self, module, cursor, role): self.module = module self.cursor = cursor @@ -345,7 +337,9 @@ class PgOwnership(object): res = self.cursor.fetchall() return res return True - except Exception as e: + except SQLParseError as e: + self.module.fail_json(msg=to_native(e)) + except psycopg2.ProgrammingError as e: self.module.fail_json(msg="Cannot execute SQL '%s': %s" % (query, to_native(e))) return False @@ -378,14 +372,50 @@ def main(): supports_check_mode=True, ) + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib('psycopg2')) + new_owner = module.params['new_owner'] obj_name = module.params['obj_name'] obj_type = module.params['obj_type'] reassign_owned_by = module.params['reassign_owned_by'] fail_on_role = module.params['fail_on_role'] + sslrootcert = module.params['ca_cert'] + session_role = module.params['session_role'] - db_connection = connect_to_db(module, autocommit=False) - cursor = db_connection.cursor(cursor_factory=DictCursor) + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "db": "database", + "ssl_mode": "sslmode", + "ca_cert": "sslrootcert" + } + kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) + if k in params_map and v != '' and v is not None) + + # If a login_unix_socket is specified, incorporate it here. + is_localhost = "host" not in kw or kw["host"] is None or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and sslrootcert: + module.fail_json(msg='psycopg2 must be at least 2.4.3 ' + 'in order to user the ssl_rootcert parameter') + + db_connection = connect_to_db(module, kw, autocommit=False) + cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) + + # Switch role, if specified: + if session_role: + try: + cursor.execute('SET ROLE %s' % session_role) + except Exception as e: + module.fail_json(msg="Could not switch role: %s" % to_native(e)) ############## # Create the object and do main job: diff --git a/lib/ansible/modules/database/postgresql/postgresql_ping.py b/lib/ansible/modules/database/postgresql/postgresql_ping.py index 3c8142b8ac..f271684743 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_ping.py +++ b/lib/ansible/modules/database/postgresql/postgresql_ping.py @@ -71,16 +71,16 @@ server_version: sample: { major: 10, minor: 1 } ''' + try: - from psycopg2.extras import DictCursor + import psycopg2 + HAS_PSYCOPG2 = True except ImportError: - # psycopg2 is checked by connect_to_db() - # from ansible.module_utils.postgres - pass + HAS_PSYCOPG2 = False from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.database import SQLParseError -from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec +from ansible.module_utils.postgres import postgres_common_argument_spec from ansible.module_utils._text import to_native from ansible.module_utils.six import iteritems @@ -118,8 +118,11 @@ class PgPing(object): res = self.cursor.fetchall() if res: return res + except SQLParseError as e: + self.module.fail_json(msg=to_native(e)) + self.cursor.close() except Exception as e: - self.module.fail_json("Unable to execute '%s': %s" % (query, to_native(e))) + self.module.warn("PostgreSQL server is unavailable: %s" % to_native(e)) return False @@ -138,6 +141,35 @@ def main(): supports_check_mode=True, ) + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib('psycopg2')) + + sslrootcert = module.params["ca_cert"] + + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "db": "database", + "ssl_mode": "sslmode", + "ca_cert": "sslrootcert" + } + kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) + if k in params_map and v != "" and v is not None) + + # If a login_unix_socket is specified, incorporate it here. + is_localhost = "host" not in kw or kw["host"] is None or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: + module.fail_json(msg='psycopg2 must be at least 2.4.3 in order ' + 'to user the ca_cert parameter') + # Set some default values: cursor = False db_connection = False @@ -147,10 +179,16 @@ def main(): server_version=dict(), ) - db_connection = connect_to_db(module, fail_on_conn=False) - - if db_connection is not None: - cursor = db_connection.cursor(cursor_factory=DictCursor) + try: + db_connection = psycopg2.connect(**kw) + cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) + except TypeError as e: + if 'sslrootcert' in e.args[0]: + module.fail_json(msg='Postgresql server must be at least ' + 'version 8.4 to support sslrootcert') + module.fail_json(msg="unable to connect to database: %s" % to_native(e)) + except Exception as e: + module.warn("PostgreSQL server is unavailable: %s" % to_native(e)) # Do job: pg_ping = PgPing(module, cursor) diff --git a/lib/ansible/modules/database/postgresql/postgresql_query.py b/lib/ansible/modules/database/postgresql/postgresql_query.py index d539783998..88e6522b6f 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_query.py +++ b/lib/ansible/modules/database/postgresql/postgresql_query.py @@ -136,20 +136,20 @@ rowcount: sample: 5 ''' +import os + try: - from psycopg2 import ProgrammingError as Psycopg2ProgrammingError - from psycopg2.extras import DictCursor + import psycopg2 + HAS_PSYCOPG2 = True except ImportError: - # it is needed for checking 'no result to fetch' in main(), - # psycopg2 availability will be checked by connect_to_db() into - # ansible.module_utils.postgres - pass + HAS_PSYCOPG2 = False import ansible.module_utils.postgres as pgutils -from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.database import SQLParseError from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec from ansible.module_utils._text import to_native +from ansible.module_utils.six import iteritems # =========================================== @@ -174,9 +174,14 @@ def main(): supports_check_mode=True, ) + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib('psycopg2')) + query = module.params["query"] positional_args = module.params["positional_args"] named_args = module.params["named_args"] + sslrootcert = module.params["ca_cert"] + session_role = module.params["session_role"] path_to_script = module.params["path_to_script"] if positional_args and named_args: @@ -191,13 +196,44 @@ def main(): except Exception as e: module.fail_json(msg="Cannot read file '%s' : %s" % (path_to_script, to_native(e))) - db_connection = connect_to_db(module, autocommit=False) - cursor = db_connection.cursor(cursor_factory=DictCursor) + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "db": "database", + "ssl_mode": "sslmode", + "ca_cert": "sslrootcert" + } + kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) + if k in params_map and v != '' and v is not None) + + # If a login_unix_socket is specified, incorporate it here. + is_localhost = "host" not in kw or kw["host"] is None or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and sslrootcert: + module.fail_json(msg='psycopg2 must be at least 2.4.3 ' + 'in order to user the ca_cert parameter') + + db_connection = connect_to_db(module, kw) + cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) + + # Switch role, if specified: + if session_role: + try: + cursor.execute('SET ROLE %s' % session_role) + except Exception as e: + module.fail_json(msg="Could not switch role: %s" % to_native(e)) # Prepare args: - if module.params.get("positional_args"): + if module.params["positional_args"]: arguments = module.params["positional_args"] - elif module.params.get("named_args"): + elif module.params["named_args"]: arguments = module.params["named_args"] else: arguments = None @@ -218,7 +254,7 @@ def main(): try: query_result = [dict(row) for row in cursor.fetchall()] - except Psycopg2ProgrammingError as e: + except psycopg2.ProgrammingError as e: if to_native(e) == 'no results to fetch': query_result = {} diff --git a/lib/ansible/modules/database/postgresql/postgresql_schema.py b/lib/ansible/modules/database/postgresql/postgresql_schema.py index 18b071c47e..f670fd4f5d 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_schema.py +++ b/lib/ansible/modules/database/postgresql/postgresql_schema.py @@ -121,16 +121,19 @@ queries: import traceback +PSYCOPG2_IMP_ERR = None try: - from psycopg2.extras import DictCursor + import psycopg2 + import psycopg2.extras + HAS_PSYCOPG2 = True except ImportError: - # psycopg2 is checked by connect_to_db() - # from ansible.module_utils.postgres - pass + PSYCOPG2_IMP_ERR = traceback.format_exc() + HAS_PSYCOPG2 = False -from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec from ansible.module_utils.database import SQLParseError, pg_quote_identifier +from ansible.module_utils.six import iteritems from ansible.module_utils._text import to_native executed_queries = [] @@ -228,14 +231,49 @@ def main(): supports_check_mode=True, ) + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib('psycopg2'), exception=PSYCOPG2_IMP_ERR) + schema = module.params["schema"] owner = module.params["owner"] state = module.params["state"] + sslrootcert = module.params["ca_cert"] cascade_drop = module.params["cascade_drop"] + session_role = module.params["session_role"] changed = False - db_connection = connect_to_db(module, autocommit=True) - cursor = db_connection.cursor(cursor_factory=DictCursor) + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "database": "database", + "ssl_mode": "sslmode", + "ca_cert": "sslrootcert" + } + kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) + if k in params_map and v != "" and v is not None) + + # If a login_unix_socket is specified, incorporate it here. + is_localhost = "host" not in kw or kw["host"] == "" or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: + module.fail_json( + msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter') + + db_connection = connect_to_db(module, kw, autocommit=True) + cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) + + if session_role: + try: + cursor.execute('SET ROLE %s' % pg_quote_identifier(session_role, 'role')) + except Exception as e: + module.fail_json(msg="Could not switch role: %s" % to_native(e), exception=traceback.format_exc()) try: if module.check_mode: @@ -264,7 +302,6 @@ def main(): except Exception as e: module.fail_json(msg="Database query failed: %s" % to_native(e), exception=traceback.format_exc()) - db_connection.close() module.exit_json(changed=changed, schema=schema, queries=executed_queries) diff --git a/lib/ansible/modules/database/postgresql/postgresql_set.py b/lib/ansible/modules/database/postgresql/postgresql_set.py index a1e79724a6..b3cd4faed6 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_set.py +++ b/lib/ansible/modules/database/postgresql/postgresql_set.py @@ -155,21 +155,22 @@ context: sample: user ''' -try: - from psycopg2.extras import DictCursor -except Exception: - # psycopg2 is checked by connect_to_db() - # from ansible.module_utils.postgres - pass +PG_REQ_VER = 90400 from copy import deepcopy -from ansible.module_utils.basic import AnsibleModule +try: + import psycopg2 + HAS_PSYCOPG2 = True +except ImportError: + HAS_PSYCOPG2 = False + +from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.database import SQLParseError -from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec +from ansible.module_utils.postgres import connect_to_db, get_pg_version, postgres_common_argument_spec +from ansible.module_utils.six import iteritems from ansible.module_utils._text import to_native -PG_REQ_VER = 90400 # To allow to set value like 1mb instead of 1MB, etc: POSSIBLE_SIZE_UNITS = ("mb", "gb", "tb") @@ -289,9 +290,14 @@ def main(): supports_check_mode=True, ) + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib('psycopg2')) + name = module.params["name"] value = module.params["value"] reset = module.params["reset"] + sslrootcert = module.params["ca_cert"] + session_role = module.params["session_role"] # Allow to pass values like 1mb instead of 1MB, etc: if value: @@ -305,12 +311,38 @@ def main(): if not value and not reset: module.fail_json(msg="%s: at least one of value or reset param must be specified" % name) - db_connection = connect_to_db(module, autocommit=True, warn_db_default=False) - cursor = db_connection.cursor(cursor_factory=DictCursor) + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "db": "database", + "ssl_mode": "sslmode", + "ca_cert": "sslrootcert" + } + kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) + if k in params_map and v != '' and v is not None) + + # Store connection parameters for the final check: + con_params = deepcopy(kw) + + # If a login_unix_socket is specified, incorporate it here. + is_localhost = "host" not in kw or kw["host"] is None or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and sslrootcert: + module.fail_json(msg='psycopg2 must be at least 2.4.3 ' + 'in order to user the ca_cert parameter') + + db_connection = connect_to_db(module, kw, autocommit=True) + cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) - kw = {} # Check server version (needs 9.4 or later): - ver = db_connection.server_version + ver = get_pg_version(cursor) if ver < PG_REQ_VER: module.warn("PostgreSQL is %s version but %s or later is required" % (ver, PG_REQ_VER)) kw = dict( @@ -324,6 +356,13 @@ def main(): db_connection.close() module.exit_json(**kw) + # Switch role, if specified: + if session_role: + try: + cursor.execute('SET ROLE %s' % session_role) + except Exception as e: + module.fail_json(msg="Could not switch role: %s" % to_native(e)) + # Set default returned values: restart_required = False changed = False @@ -398,8 +437,8 @@ def main(): # Reconnect and recheck current value: if context in ('sighup', 'superuser-backend', 'backend', 'superuser', 'user'): - db_connection = connect_to_db(module, autocommit=True) - cursor = db_connection.cursor(cursor_factory=DictCursor) + db_connection = connect_to_db(module, con_params, autocommit=True) + cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) res = param_get(cursor, module, name) # f_ means 'final' diff --git a/lib/ansible/modules/database/postgresql/postgresql_slot.py b/lib/ansible/modules/database/postgresql/postgresql_slot.py index c0099b6d82..30b6c4cdf0 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_slot.py +++ b/lib/ansible/modules/database/postgresql/postgresql_slot.py @@ -142,15 +142,14 @@ queries: ''' try: - from psycopg2.extras import DictCursor + import psycopg2 + HAS_PSYCOPG2 = True except ImportError: - # psycopg2 is checked by connect_to_db() - # from ansible.module_utils.postgres - pass + HAS_PSYCOPG2 = False -from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.database import SQLParseError -from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec +from ansible.module_utils.postgres import connect_to_db, get_pg_version, postgres_common_argument_spec from ansible.module_utils._text import to_native @@ -183,7 +182,8 @@ class PgSlot(object): if kind == 'physical': # Check server version (needs for immedately_reserverd needs 9.6+): - if self.cursor.connection.server_version < 96000: + ver = get_pg_version(self.cursor) + if ver < 96000: query = "SELECT pg_create_physical_replication_slot('%s')" % self.name else: @@ -219,7 +219,9 @@ class PgSlot(object): res = self.cursor.fetchall() return res return True - except Exception as e: + except SQLParseError as e: + self.module.fail_json(msg=to_native(e)) + except psycopg2.ProgrammingError as e: self.module.fail_json(msg="Cannot execute SQL '%s': %s" % (query, to_native(e))) return False @@ -246,17 +248,53 @@ def main(): supports_check_mode=True, ) + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib('psycopg2')) + + db = module.params["db"] name = module.params["name"] slot_type = module.params["slot_type"] immediately_reserve = module.params["immediately_reserve"] state = module.params["state"] + ssl_rootcert = module.params["ca_cert"] output_plugin = module.params["output_plugin"] + session_role = module.params["session_role"] if immediately_reserve and slot_type == 'logical': module.fail_json(msg="Module parameters immediately_reserve and slot_type=logical are mutually exclusive") - db_connection = connect_to_db(module, autocommit=True) - cursor = db_connection.cursor(cursor_factory=DictCursor) + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "db": "database", + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "sslmode": "ssl_mode", + "ca_cert": "ssl_rootcert" + } + kw = dict((params_map[k], v) for (k, v) in module.params.items() + if k in params_map and v != '') + + # if a login_unix_socket is specified, incorporate it here + is_localhost = "host" not in kw or kw["host"] == "" or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and ssl_rootcert is not None: + module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to use the ssl_rootcert parameter') + + db_connection = connect_to_db(module, kw, autocommit=True) + cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) + + # Switch role, if specified: + if session_role: + try: + cursor.execute('SET ROLE %s' % session_role) + except Exception as e: + module.fail_json(msg="Could not switch role: %s" % to_native(e)) ################################## # Create an object and do main job @@ -283,7 +321,6 @@ def main(): changed = pg_slot.changed - db_connection.close() module.exit_json(changed=changed, name=name, queries=pg_slot.executed_queries) diff --git a/lib/ansible/modules/database/postgresql/postgresql_table.py b/lib/ansible/modules/database/postgresql/postgresql_table.py index cf8ee48c6e..dab7b16d3b 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_table.py +++ b/lib/ansible/modules/database/postgresql/postgresql_table.py @@ -209,17 +209,18 @@ storage_params: sample: [ "fillfactor=100", "autovacuum_analyze_threshold=1" ] ''' -try: - from psycopg2.extras import DictCursor -except ImportError: - # psycopg2 is checked by connect_to_db() - # from ansible.module_utils.postgres - pass -from ansible.module_utils.basic import AnsibleModule +try: + import psycopg2 + HAS_PSYCOPG2 = True +except ImportError: + HAS_PSYCOPG2 = False + +from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.database import SQLParseError, pg_quote_identifier from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec from ansible.module_utils._text import to_native +from ansible.module_utils.six import iteritems # =========================================== @@ -425,7 +426,9 @@ class Table(object): res = self.cursor.fetchall() return res return True - except Exception as e: + except SQLParseError as e: + self.module.fail_json(msg=to_native(e)) + except psycopg2.ProgrammingError as e: self.module.fail_json(msg="Cannot execute SQL '%s': %s" % (query, to_native(e))) return False @@ -468,6 +471,8 @@ def main(): storage_params = module.params["storage_params"] truncate = module.params["truncate"] columns = module.params["columns"] + sslrootcert = module.params["ca_cert"] + session_role = module.params["session_role"] # Check mutual exclusive parameters: if state == 'absent' and (truncate or newname or columns or tablespace or @@ -494,8 +499,40 @@ def main(): if including and not like: module.fail_json(msg="%s: including param needs like param specified" % table) - db_connection = connect_to_db(module, autocommit=False) - cursor = db_connection.cursor(cursor_factory=DictCursor) + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "db": "database", + "ssl_mode": "sslmode", + "ca_cert": "sslrootcert" + } + kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) + if k in params_map and v != "" and v is not None) + + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib("psycopg2")) + + # If a login_unix_socket is specified, incorporate it here. + is_localhost = "host" not in kw or kw["host"] is None or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: + module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter') + + db_connection = connect_to_db(module, kw, autocommit=False) + cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) + + if session_role: + try: + cursor.execute('SET ROLE %s' % session_role) + except Exception as e: + module.fail_json(msg="Could not switch role: %s" % to_native(e)) if storage_params: storage_params = ','.join(storage_params) @@ -509,7 +546,6 @@ def main(): # Set default returned values: changed = False - kw = {} kw['table'] = table kw['state'] = '' if table_obj.exists: diff --git a/lib/ansible/modules/database/postgresql/postgresql_tablespace.py b/lib/ansible/modules/database/postgresql/postgresql_tablespace.py index 84f76fd075..b771967bad 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_tablespace.py +++ b/lib/ansible/modules/database/postgresql/postgresql_tablespace.py @@ -170,19 +170,16 @@ state: ''' try: - from psycopg2 import __version__ as PSYCOPG2_VERSION - from psycopg2.extras import DictCursor - from psycopg2.extensions import ISOLATION_LEVEL_AUTOCOMMIT as AUTOCOMMIT - from psycopg2.extensions import ISOLATION_LEVEL_READ_COMMITTED as READ_COMMITTED + import psycopg2 + HAS_PSYCOPG2 = True except ImportError: - # psycopg2 is checked by connect_to_db() - # from ansible.module_utils.postgres - pass + HAS_PSYCOPG2 = False -from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.database import SQLParseError, pg_quote_identifier from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec from ansible.module_utils._text import to_native +from ansible.module_utils.six import iteritems class PgTablespace(object): @@ -306,7 +303,9 @@ class PgTablespace(object): res = self.cursor.fetchall() return res return True - except Exception as e: + except SQLParseError as e: + self.module.fail_json(msg=to_native(e)) + except psycopg2.ProgrammingError as e: self.module.fail_json(msg="Cannot execute SQL '%s': %s" % (query, to_native(e))) return False @@ -335,26 +334,62 @@ def main(): supports_check_mode=True, ) + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib('psycopg2')) + tablespace = module.params["tablespace"] state = module.params["state"] location = module.params["location"] owner = module.params["owner"] rename_to = module.params["rename_to"] settings = module.params["set"] + sslrootcert = module.params["ca_cert"] + session_role = module.params["session_role"] if state == 'absent' and (location or owner or rename_to or settings): module.fail_json(msg="state=absent is mutually exclusive location, " "owner, rename_to, and set") - db_connection = connect_to_db(module, autocommit=True) - cursor = db_connection.cursor(cursor_factory=DictCursor) + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "db": "database", + "ssl_mode": "sslmode", + "ca_cert": "sslrootcert" + } + kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) + if k in params_map and v != '' and v is not None) + + # If a login_unix_socket is specified, incorporate it here. + is_localhost = "host" not in kw or kw["host"] is None or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and sslrootcert: + module.fail_json(msg='psycopg2 must be at least 2.4.3 ' + 'in order to user the ca_cert parameter') + + db_connection = connect_to_db(module, kw, autocommit=True) + cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) + + # Switch role, if specified: + if session_role: + try: + cursor.execute('SET ROLE %s' % session_role) + except Exception as e: + module.fail_json(msg="Could not switch role: %s" % to_native(e)) # Change autocommit to False if check_mode: if module.check_mode: - if PSYCOPG2_VERSION >= '2.4.2': + if psycopg2.__version__ >= '2.4.2': db_connection.set_session(autocommit=False) else: - db_connection.set_isolation_level(READ_COMMITTED) + db_connection.set_isolation_level(psycopg2.extensions.ISOLATION_LEVEL_READ_COMMITTED) # Set defaults: autocommit = False @@ -379,10 +414,10 @@ def main(): # Because CREATE TABLESPACE can not be run inside the transaction block: autocommit = True - if PSYCOPG2_VERSION >= '2.4.2': + if psycopg2.__version__ >= '2.4.2': db_connection.set_session(autocommit=True) else: - db_connection.set_isolation_level(AUTOCOMMIT) + db_connection.set_isolation_level(psycopg2.extensions.ISOLATION_LEVEL_AUTOCOMMIT) changed = tblspace.create(location) @@ -395,10 +430,10 @@ def main(): elif tblspace.exists and state == 'absent': # Because DROP TABLESPACE can not be run inside the transaction block: autocommit = True - if PSYCOPG2_VERSION >= '2.4.2': + if psycopg2.__version__ >= '2.4.2': db_connection.set_session(autocommit=True) else: - db_connection.set_isolation_level(AUTOCOMMIT) + db_connection.set_isolation_level(psycopg2.extensions.ISOLATION_LEVEL_AUTOCOMMIT) changed = tblspace.drop() diff --git a/lib/ansible/modules/database/postgresql/postgresql_user.py b/lib/ansible/modules/database/postgresql/postgresql_user.py index 4242aac82b..ae63783387 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_user.py +++ b/lib/ansible/modules/database/postgresql/postgresql_user.py @@ -234,17 +234,18 @@ import re import traceback from hashlib import md5 +PSYCOPG2_IMP_ERR = None try: import psycopg2 - from psycopg2.extras import DictCursor + import psycopg2.extras + HAS_PSYCOPG2 = True except ImportError: - # psycopg2 is checked by connect_to_db() - # from ansible.module_utils.postgres - pass + PSYCOPG2_IMP_ERR = traceback.format_exc() + HAS_PSYCOPG2 = False -from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.database import pg_quote_identifier, SQLParseError -from ansible.module_utils.postgres import connect_to_db, postgres_common_argument_spec +from ansible.module_utils.postgres import postgres_common_argument_spec from ansible.module_utils._text import to_bytes, to_native from ansible.module_utils.six import iteritems @@ -347,7 +348,7 @@ def user_alter(db_connection, module, user, password, role_attr_flags, encrypted """Change user password and/or attributes. Return True if changed, False otherwise.""" changed = False - cursor = db_connection.cursor(cursor_factory=DictCursor) + cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) # Note: role_attr_flags escaped by parse_role_attrs and encrypted is a # literal if user == 'PUBLIC': @@ -789,20 +790,67 @@ def main(): password = module.params["password"] state = module.params["state"] fail_on_user = module.params["fail_on_user"] - if module.params['db'] == '' and module.params["priv"] is not None: + db = module.params["db"] + session_role = module.params["session_role"] + if db == '' and module.params["priv"] is not None: module.fail_json(msg="privileges require a database to be specified") - privs = parse_privs(module.params["priv"], module.params["db"]) + privs = parse_privs(module.params["priv"], db) no_password_changes = module.params["no_password_changes"] if module.params["encrypted"]: encrypted = "ENCRYPTED" else: encrypted = "UNENCRYPTED" expires = module.params["expires"] + sslrootcert = module.params["ca_cert"] conn_limit = module.params["conn_limit"] role_attr_flags = module.params["role_attr_flags"] - db_connection = connect_to_db(module, warn_db_default=False) - cursor = db_connection.cursor(cursor_factory=DictCursor) + if not HAS_PSYCOPG2: + module.fail_json(msg=missing_required_lib('psycopg2'), exception=PSYCOPG2_IMP_ERR) + + # To use defaults values, keyword arguments must be absent, so + # check which values are empty and don't include in the **kw + # dictionary + params_map = { + "login_host": "host", + "login_user": "user", + "login_password": "password", + "port": "port", + "db": "database", + "ssl_mode": "sslmode", + "ca_cert": "sslrootcert" + } + kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) + if k in params_map and v != "" and v is not None) + + # If a login_unix_socket is specified, incorporate it here. + is_localhost = "host" not in kw or kw["host"] == "" or kw["host"] == "localhost" + if is_localhost and module.params["login_unix_socket"] != "": + kw["host"] = module.params["login_unix_socket"] + + if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: + module.fail_json( + msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter') + + try: + db_connection = psycopg2.connect(**kw) + cursor = db_connection.cursor( + cursor_factory=psycopg2.extras.DictCursor) + + except TypeError as e: + if 'sslrootcert' in e.args[0]: + module.fail_json( + msg='Postgresql server must be at least version 8.4 to support sslrootcert') + module.fail_json(msg="Unable to connect to database: %s" % to_native(e), exception=traceback.format_exc()) + + except Exception as e: + module.fail_json(msg="Unable to connect to database: %s" % to_native(e), exception=traceback.format_exc()) + + if session_role: + try: + cursor.execute('SET ROLE %s' % pg_quote_identifier(session_role, 'role')) + except Exception as e: + module.fail_json(msg="Could not switch role: %s" % to_native(e), exception=traceback.format_exc()) try: role_attr_flags = parse_role_attrs(cursor, role_attr_flags)