Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Readd support for secure PostgreSQL password hashes (#1074) #1136

Merged
merged 5 commits into from
Dec 8, 2023
Merged

Readd support for secure PostgreSQL password hashes (#1074) #1136

merged 5 commits into from
Dec 8, 2023

Conversation

krauthosting
Copy link
Contributor

SUMMARY

Fixes #1074

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

zabbix_server & zabbix_proxy

ADDITIONAL INFORMATION

Roles fail on newer PostgreSQL defaults

@BGmot
Copy link
Collaborator

BGmot commented Nov 28, 2023
edited
Loading

Hi @krauthosting,
would you please take a look at why some tests are failing?
Also please add CHANGELOG fragment, otherwise we won't be able to merge.

@krauthosting
Copy link
Contributor Author

@BGmot Also readded the insecure defaults to md5 that fix the PostgreSQL test.
Left over failures with MySQL are unrelated and more dependencies related 502.

pyrodie18
pyrodie18 requested changes Dec 8, 2023
View reviewed changes
Copy link
Collaborator

@pyrodie18 pyrodie18 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, please add a change fragment in there, and also update the docs (proxy doesn't show it, didn't check server). After that I think we're good to go. Thanks for the work.

@pyrodie18 pyrodie18 merged commit 4784b89 into ansible-collections:main Dec 8, 2023
80 of 85 checks passed
@krauthosting
Copy link
Contributor Author

krauthosting commented Dec 8, 2023
edited
Loading

@pyrodie18 Readded also the fragments and the remove docs bit while the rest was still around.
Would be nice to avoid big squash commits as it would have saved quite some debugging time here.
BTW That we didn't notice in tests means the PostgreSQL roles still must configure insecure md5.

FYI will still take us around 20-30h to reupstream from the internal 1.9.3 fork we were forced to do.
Ever since we contributed the originally autoTLS logic here we quite care about secure by default.
The big squash commits for 2.0 heavily changed that, hence we're still busy upgrading from 1.9.3 😅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pyrodie18 pyrodie18 pyrodie18 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Zabbix server role: zabbix_server_dbpassword_hash_method is never used
3 participants
@krauthosting @BGmot @pyrodie18