[auth] Make it possible to use AuthConfig without superlogin (e.g., u…

…seful for export operations)
opengisch · Sep 30, 2024 · c0dc97a · c0dc97a
1 parent c43ea23
commit c0dc97a
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 12 deletions.
diff --git a/modelbaker/db_factory/pg_command_config_manager.py b/modelbaker/db_factory/pg_command_config_manager.py
@@ -79,18 +79,24 @@ def get_uri(self, su: bool = False, qgis: bool = False) -> str:
             uri += ["dbname='{}'".format(self.configuration.database)]
 
         # only provide authcfg to the uri when it's needed for QGIS specific things
-        if (
-            qgis
-            and self.configuration.dbauthid
-            and (
-                not service_config
-                or not (
-                    service_config.get("user", None)
-                    and service_config.get("password", None)
-                )
+        if self.configuration.dbauthid and (
+            not service_config
+            or not (
+                service_config.get("user", None)
+                and service_config.get("password", None)
             )
         ):
-            uri += ["authcfg={}".format(self.configuration.dbauthid)]
+            if qgis:
+                # only provide authcfg to the uri when it's needed for QGIS specific things
+                uri += ["authcfg={}".format(self.configuration.dbauthid)]
+            else:
+                # Operations like Export do not require superuser
+                # login and may be run with authconfig
+                from ..utils.db_utils import get_authconfig_map
+
+                authconfig_map = get_authconfig_map(self.configuration.dbauthid)
+                uri += ["user={}".format(authconfig_map.get("username"))]
+                uri += ["password={}".format(authconfig_map.get("password"))]
         else:
             if not service_config or not service_config.get("user", None):
                 uri += ["user={}".format(self.configuration.dbusr)]

diff --git a/modelbaker/iliwrapper/ili2dbargs.py b/modelbaker/iliwrapper/ili2dbargs.py
@@ -52,11 +52,18 @@ def _get_db_args(configuration, hide_password=False):
             db_args += ["--dbport", configuration.dbport]
         if su:
             db_args += ["--dbusr", configuration.base_configuration.super_pg_user]
+        elif configuration.dbauthid:
+            # Operations like Export can work with authconf
+            # and with no superuser login
+            from ..utils.db_utils import get_authconfig_map
+
+            authconfig_map = get_authconfig_map(configuration.dbauthid)
+            db_args += ["--dbusr", authconfig_map.get("username")]
         else:
             db_args += ["--dbusr", configuration.dbusr]
         if (
             not su
-            and configuration.dbpwd
+            and (configuration.dbpwd or configuration.dbauthid)
             or su
             and configuration.base_configuration.super_pg_password
         ):
@@ -68,8 +75,16 @@ def _get_db_args(configuration, hide_password=False):
                         "--dbpwd",
                         configuration.base_configuration.super_pg_password,
                     ]
-                else:
+                elif configuration.dbpwd:
                     db_args += ["--dbpwd", configuration.dbpwd]
+                elif configuration.dbauthid:
+                    # Operations like Export can work with authconf
+                    # and with no superuser login
+                    from ..utils.db_utils import get_authconfig_map
+
+                    authconfig_map = get_authconfig_map(configuration.dbauthid)
+                    db_args += ["--dbpwd", authconfig_map.get("password")]
+
         db_args += ["--dbdatabase", configuration.database]
         db_args += ["--dbschema", configuration.dbschema or configuration.database]