feat: add libpq interface to change a password #818

dlax · 2024-05-14T10:05:06Z

Another addition in libpq 17.

See https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a7be2a6c262d5352756d909b29c419ea5e5fa1d9:

drivers built on top of libpq should expose this function and its
use should be generally encouraged over doing ALTER USER directly for
password changes.

dvarrazzo

This looks pretty ok, thank you for you this feature too. Just left some comments regards the tests.

psycopg/psycopg/pq/pq_ctypes.py

dvarrazzo · 2024-05-18T16:15:31Z

tests/pq/test_pgconn.py

+@pytest.fixture
+def role(pgconn: PGconn) -> Iterator[tuple[bytes, bytes]]:
+    user, passwd = "ashesh", "psycopg2"
+    r = pgconn.exec_(f"CREATE USER {user} LOGIN PASSWORD '{passwd}'".encode())


Maybe we want to drop the role in a transaction and ignore an error there?

You can even use the high level psycopg connection and exception for that (try: ... except UndefinedObject: ...) The reason why in the tests/pq tests they are not very use is mostly for historical evolution (most of those tests were written before the Connection object existed).

I don't understand what you suggest. It seems to me that we cannot really use a transaction here because we need the new role available in other connections in the actual test (the one from pgconn fixture and another one created).

dvarrazzo · 2024-05-18T20:42:13Z

tests/pq/test_pgconn.py

+
+    pgconn.change_password(user, b"psycopg")
+    conninfo[b"password"] = b"psycopg"
+    conn = pq.PGconn.connect(b" ".join(b"%s='%s'" % item for item in conninfo.items()))


This is pretty good as integration test, maybe it can happen that someone's pg_hba might make this connection fail. Maybe let's merge the test but then be prepared to fix it if it turns out to be not generic enough to run.

See https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a7be2a6c262d5352756d909b29c419ea5e5fa1d9: > drivers built on top of libpq should expose this function and its > use should be generally encouraged over doing ALTER USER directly for > password changes. The test case assumes that the role connected to postgres has CREATEROLE rights. If this is not true, the test is skipped.

dlax force-pushed the libpq-change-password branch 2 times, most recently from cef9667 to e25b7a1 Compare May 14, 2024 10:35

dlax marked this pull request as ready for review May 14, 2024 11:23

dvarrazzo requested changes May 18, 2024

View reviewed changes

dvarrazzo added this to the 3.2 milestone May 18, 2024

dlax force-pushed the libpq-change-password branch from e25b7a1 to 667d6ca Compare May 21, 2024 07:20

dlax requested a review from dvarrazzo May 21, 2024 07:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add libpq interface to change a password #818

feat: add libpq interface to change a password #818

dlax commented May 14, 2024

dvarrazzo left a comment

dvarrazzo May 18, 2024

dlax May 21, 2024

dvarrazzo May 18, 2024

feat: add libpq interface to change a password #818

Are you sure you want to change the base?

feat: add libpq interface to change a password #818

Conversation

dlax commented May 14, 2024

dvarrazzo left a comment

Choose a reason for hiding this comment

dvarrazzo May 18, 2024

Choose a reason for hiding this comment

dlax May 21, 2024

Choose a reason for hiding this comment

dvarrazzo May 18, 2024

Choose a reason for hiding this comment