Merge pull request #27791 from eguven/2015.5-postgres-user-groups-backport

2015.5 postgres_user groups backport
2024-11-08 01:18:58 +00:00 · 2015-10-08 17:59:08 -06:00 · 2015-10-08 17:59:08 -06:00 · d178315f93
commit d178315f93
parent b2937b6a16 2caf1d21d6
3 changed files with 43 additions and 1 deletions
--- a/salt/modules/postgres.py
+++ b/salt/modules/postgres.py
@ -33,7 +33,6 @@ import StringIO
 import hashlib
 import os
 import tempfile
-from salt.ext.six.moves import zip
 try:
    import pipes
    import csv
@ -43,7 +42,9 @@ except ImportError:

 # Import salt libs
 import salt.utils
+from salt.ext.six.moves import zip
 from salt.ext.six import string_types
+import salt.ext.six as six

 log = logging.getLogger(__name__)

@ -547,6 +548,36 @@ def user_list(user=None, host=None, port=None, maintenance_db=None,
            retrow['password'] = row['password']
        ret[row['name']] = retrow

+    # for each role, determine the inherited roles
+    for role in six.iterkeys(ret):
+        rdata = ret[role]
+        groups = rdata.setdefault('groups', [])
+        query = (
+            'select rolname'
+            ' from pg_user'
+            ' join pg_auth_members'
+            '      on (pg_user.usesysid=pg_auth_members.member)'
+            ' join pg_roles '
+            '      on (pg_roles.oid=pg_auth_members.roleid)'
+            ' where pg_user.usename=\'{0}\''
+        ).format(role)
+        try:
+            rows = psql_query(query,
+                              runas=runas,
+                              host=host,
+                              user=user,
+                              port=port,
+                              maintenance_db=maintenance_db,
+                              password=password)
+            for row in rows:
+                if row['rolname'] not in groups:
+                    groups.append(row['rolname'])
+        except Exception:
+            # do not fail here, it is just a bonus
+            # to try to determine groups, but the query
+            # is not portable amongst all pg versions
+            continue
+
    return ret


--- a/salt/states/postgres_user.py
+++ b/salt/states/postgres_user.py
@ -19,6 +19,7 @@ import logging

 # Salt imports
 from salt.modules import postgres
+import salt.ext.six as six


 log = logging.getLogger(__name__)
@ -159,6 +160,7 @@ def present(name,
    cret = None
    update = {}
    if mode == 'update':
+        user_groups = user_attr.get('groups', [])
        if (
            createdb is not None
            and user_attr['can create databases'] != createdb
@ -185,6 +187,14 @@ def present(name,
            update['superuser'] = superuser
        if password is not None and (refresh_password or user_attr['password'] != password):
            update['password'] = True
+        if groups is not None:
+            lgroups = groups
+            if isinstance(groups, (six.string_types, six.text_type)):
+                lgroups = lgroups.split(',')
+            if isinstance(lgroups, list):
+                missing_groups = [a for a in lgroups if a not in user_groups]
+                if missing_groups:
+                    update['groups'] = missing_groups

    if mode == 'create' or (mode == 'update' and update):
        if __opts__['test']:
--- a/tests/unit/modules/postgres_test.py
+++ b/tests/unit/modules/postgres_test.py
@ -341,6 +341,7 @@ class PostgresTestCase(TestCase):
                          'expiry time': None,
                          'can login': True,
                          'can update system catalogs': True,
+                          'groups': [],
                          'inherits privileges': True}})

    @patch('salt.modules.postgres._run_psql',