diff options
| author | Andrey Klychkov <aaklychkov@mail.ru> | 2019-06-26 18:32:46 +0300 |
|---|---|---|
| committer | Toshio Kuratomi <a.badger@gmail.com> | 2019-06-26 08:32:46 -0700 |
| commit | a6ecc6c2436ddeb6f61ce4294a65c446f11320d2 (patch) | |
| tree | e5f7cab3121211e48a98f9bed5eb42296414f626 /lib/ansible/modules | |
| parent | 084283233a780732427f151cc230755df0ed0509 (diff) | |
| download | ansible-a6ecc6c2436ddeb6f61ce4294a65c446f11320d2.tar.gz | |
Backport 57507 postgresql_pg_hba bugfix (#58384)
* Merge authentication options back into a single field to prevent losing options beyond the first (#57507)
* Merge authentication options back into a single field to prevent losing options beyond the first
* Add integration test and changelog
* Fix multiple options for local type connections. Also fix sorting errors between local type connections that lack a src
* Build again because of github problems?
* Add spaces before comments
(cherry picked from commit 5cc6486a2ba05efa80b38bd5cadd5332d217a330)
Diffstat (limited to 'lib/ansible/modules')
| -rw-r--r-- | lib/ansible/modules/database/postgresql/postgresql_pg_hba.py | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/lib/ansible/modules/database/postgresql/postgresql_pg_hba.py b/lib/ansible/modules/database/postgresql/postgresql_pg_hba.py index 0ee007871b..6d13f373b7 100644 --- a/lib/ansible/modules/database/postgresql/postgresql_pg_hba.py +++ b/lib/ansible/modules/database/postgresql/postgresql_pg_hba.py @@ -484,20 +484,19 @@ class PgHbaRule(dict): msg = "Rule {0} has unknown type: {1}." raise PgHbaValueError(msg.format(line, cols[0])) if cols[0] == 'local': - if cols[3] not in PG_HBA_METHODS: - raise PgHbaValueError("Rule {0} of 'local' type has invalid auth-method {1}" - "on 4th column ".format(line, cols[3])) - cols.insert(3, None) - cols.insert(3, None) + cols.insert(3, None) # No address + cols.insert(3, None) # No IP-mask + if len(cols) < 6: + cols.insert(4, None) # No IP-mask + elif cols[5] not in PG_HBA_METHODS: + cols.insert(4, None) # No IP-mask + if cols[5] not in PG_HBA_METHODS: + raise PgHbaValueError("Rule {0} of '{1}' type has invalid auth-method '{2}'".format(line, cols[0], cols[5])) + + if len(cols) < 7: + cols.insert(6, None) # No auth-options else: - if len(cols) < 6: - cols.insert(4, None) - elif cols[5] not in PG_HBA_METHODS: - cols.insert(4, None) - if len(cols) < 7: - cols.insert(7, None) - if cols[5] not in PG_HBA_METHODS: - raise PgHbaValueError("Rule {0} has no valid method.".format(line)) + cols[6] = " ".join(cols[6:]) # combine all auth-options rule = dict(zip(PG_HBA_HDR, cols[:7])) for key, value in rule.items(): if value: @@ -580,7 +579,7 @@ class PgHbaRule(dict): try: return self['src'] < other['src'] - except TypeError: + except (TypeError, KeyError): return self.source_type_weight() < other.source_type_weight() errormessage = 'We have two rules ({1}, {2})'.format(self, other) @@ -631,6 +630,9 @@ class PgHbaRule(dict): Basically make sure that IPv6Networks are sorted higher than IPv4Networks. This is a 'when all else fails' solution in __lt__. """ + if self['type'] == 'local': + return 3 + sourceobj = self.source() if isinstance(sourceobj, ipaddress.IPv4Network): return 2 |