-
-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add libpq interface to change a password #818
base: master
Are you sure you want to change the base?
Conversation
cef9667
to
e25b7a1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks pretty ok, thank you for you this feature too. Just left some comments regards the tests.
@pytest.fixture | ||
def role(pgconn: PGconn) -> Iterator[tuple[bytes, bytes]]: | ||
user, passwd = "ashesh", "psycopg2" | ||
r = pgconn.exec_(f"CREATE USER {user} LOGIN PASSWORD '{passwd}'".encode()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we want to drop the role in a transaction and ignore an error there?
You can even use the high level psycopg connection and exception for that (try: ... except UndefinedObject: ...
) The reason why in the tests/pq
tests they are not very use is mostly for historical evolution (most of those tests were written before the Connection
object existed).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand what you suggest. It seems to me that we cannot really use a transaction here because we need the new role available in other connections in the actual test (the one from pgconn
fixture and another one created).
|
||
pgconn.change_password(user, b"psycopg") | ||
conninfo[b"password"] = b"psycopg" | ||
conn = pq.PGconn.connect(b" ".join(b"%s='%s'" % item for item in conninfo.items())) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is pretty good as integration test, maybe it can happen that someone's pg_hba might make this connection fail. Maybe let's merge the test but then be prepared to fix it if it turns out to be not generic enough to run.
See https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a7be2a6c262d5352756d909b29c419ea5e5fa1d9: > drivers built on top of libpq should expose this function and its > use should be generally encouraged over doing ALTER USER directly for > password changes. The test case assumes that the role connected to postgres has CREATEROLE rights. If this is not true, the test is skipped.
e25b7a1
to
667d6ca
Compare
Another addition in libpq 17.
See https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a7be2a6c262d5352756d909b29c419ea5e5fa1d9: