Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

postgresql_user: move the deprecated privs argument removal to 4.0.0 #494

Merged
merged 1 commit into from
Jun 9, 2023
Merged

postgresql_user: move the deprecated privs argument removal to 4.0.0 #494

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions changelogs/fragments/4-postgresql_user.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
major_changes:
- postgresql_user - move the deprecated ``privs`` argument removal to community.postgresql 4.0.0 (https://github.com/ansible-collections/community.postgresql/issues/493).
40 changes: 20 additions & 20 deletions plugins/modules/postgresql_user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
- Set I(fail_on_user) to C(false) to make the module ignore failures when trying to remove a user.
In this case, the module reports if changes happened as usual and separately reports
whether the user has been removed or not.
- B(WARNING) The I(priv) option has been B(deprecated) and will be removed in community.postgresql 3.0.0. Please use the
- B(WARNING) The I(priv) option has been B(deprecated) and will be removed in community.postgresql 4.0.0. Please use the
M(community.postgresql.postgresql_privs) module instead.
options:
name:
Expand Down Expand Up @@ -62,7 +62,7 @@
priv:
description:
- This option has been B(deprecated) and will be removed in
community.postgresql 3.0.0. Please use the M(community.postgresql.postgresql_privs) module to
community.postgresql 4.0.0. Please use the M(community.postgresql.postgresql_privs) module to
GRANT/REVOKE permissions instead.
- "Slash-separated PostgreSQL privileges string: C(priv1/priv2), where
you can define the user's privileges for the database ( allowed options - 'CREATE',
Expand Down Expand Up @@ -328,7 +328,7 @@

SCRAM_SHA256_REGEX = r'^SCRAM-SHA-256\$(\d+):([A-Za-z0-9+\/=]+)\$([A-Za-z0-9+\/=]+):([A-Za-z0-9+\/=]+)$'

# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
VALID_PRIVS = dict(table=frozenset(('SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER', 'ALL')),
database=frozenset(
('CREATE', 'CONNECT', 'TEMPORARY', 'TEMP', 'ALL')),
Expand Down Expand Up @@ -633,7 +633,7 @@ def user_delete(cursor, user):
return True


# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
def has_table_privileges(cursor, user, table, privs):
"""
Return the difference between the privileges that a user already has and
Expand All @@ -651,7 +651,7 @@ def has_table_privileges(cursor, user, table, privs):
return (have_currently, other_current, desired)


# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
def get_table_privileges(cursor, user, table):
if '.' in table:
schema, table = table.split('.', 1)
Expand All @@ -663,7 +663,7 @@ def get_table_privileges(cursor, user, table):
return frozenset([x[0] for x in cursor.fetchall()])


# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
def grant_table_privileges(cursor, user, table, privs):
# Note: priv escaped by parse_privs
privs = ', '.join(privs)
Expand All @@ -673,7 +673,7 @@ def grant_table_privileges(cursor, user, table, privs):
cursor.execute(query)


# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
def revoke_table_privileges(cursor, user, table, privs):
# Note: priv escaped by parse_privs
privs = ', '.join(privs)
Expand All @@ -683,7 +683,7 @@ def revoke_table_privileges(cursor, user, table, privs):
cursor.execute(query)


# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
def get_database_privileges(cursor, user, db):
priv_map = {
'C': 'CREATE',
Expand All @@ -704,7 +704,7 @@ def get_database_privileges(cursor, user, db):
return normalize_privileges(o, 'database')


# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
def has_database_privileges(cursor, user, db, privs):
"""
Return the difference between the privileges that a user already has and
Expand All @@ -722,7 +722,7 @@ def has_database_privileges(cursor, user, db, privs):
return (have_currently, other_current, desired)


# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
def grant_database_privileges(cursor, user, db, privs):
# Note: priv escaped by parse_privs
privs = ', '.join(privs)
Expand All @@ -737,7 +737,7 @@ def grant_database_privileges(cursor, user, db, privs):
cursor.execute(query)


# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
def revoke_database_privileges(cursor, user, db, privs):
# Note: priv escaped by parse_privs
privs = ', '.join(privs)
Expand All @@ -752,7 +752,7 @@ def revoke_database_privileges(cursor, user, db, privs):
cursor.execute(query)


# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
def revoke_privileges(cursor, user, privs):
if privs is None:
return False
Expand All @@ -774,7 +774,7 @@ def revoke_privileges(cursor, user, privs):
return changed


# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
def grant_privileges(cursor, user, privs):
if privs is None:
return False
Expand Down Expand Up @@ -826,7 +826,7 @@ def parse_role_attrs(role_attr_flags, srv_version):
return ' '.join(flags)


# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
def normalize_privileges(privs, type_):
new_privs = set(privs)
if 'ALL' in new_privs:
Expand All @@ -839,7 +839,7 @@ def normalize_privileges(privs, type_):
return new_privs


# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
def parse_privs(privs, db):
"""
Parse privilege string to determine permissions for database db.
Expand Down Expand Up @@ -923,7 +923,7 @@ def main():
user=dict(type='str', required=True, aliases=['name']),
password=dict(type='str', default=None, no_log=True),
state=dict(type='str', default='present', choices=['absent', 'present']),
priv=dict(type='str', default=None, removed_in_version='3.0.0', removed_from_collection='community.postgreql'),
priv=dict(type='str', default=None, removed_in_version='4.0.0', removed_from_collection='community.postgreql'),
db=dict(type='str', default='', aliases=['login_db']),
fail_on_user=dict(type='bool', default=True, aliases=['fail_on_role']),
role_attr_flags=dict(type='str', default=''),
Expand All @@ -944,10 +944,10 @@ def main():
password = module.params["password"]
state = module.params["state"]
fail_on_user = module.params["fail_on_user"]
# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
if module.params['db'] == '' and module.params["priv"] is not None:
module.fail_json(msg="privileges require a database to be specified")
# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
privs = parse_privs(module.params["priv"], module.params["db"])
no_password_changes = module.params["no_password_changes"]
if module.params["encrypted"]:
Expand Down Expand Up @@ -1000,7 +1000,7 @@ def main():
exception=traceback.format_exc())
except SQLParseError as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
try:
changed = grant_privileges(cursor, user, privs) or changed
except SQLParseError as e:
Expand All @@ -1019,7 +1019,7 @@ def main():
changed = True
kw['user_removed'] = True
else:
# WARNING: privs are deprecated and will be removed in community.postgresql 3.0.0
# WARNING: privs are deprecated and will be removed in community.postgresql 4.0.0
try:
changed = revoke_privileges(cursor, user, privs)
user_removed = user_delete(cursor, user)
Expand Down