I am trying out ansible for the first time, and so far I am very impressed. One issue I’ve run into is that the postgresql_user module can’t create/alter users with empty passwords.
I have modified the built-in task to o so when the password argument is not provided. While this works, the module can no longer distinguish between a missing password and a NULL password, slightly changing its behavior.
In the built-in version, if a user exists and the module is ran with state=present and no password, the password would not be changed at all (if the user doesn’t exist it will just fail, so I am less concerned about this case). In my version, if the password is missing, the user is always altered to have a NULL password.
The core issue is that, as far as I can tell, there is no way to pass null/None as a value to an argument. You can either provide the argument, in which case the module will receive the argument as a string, or not provide it at all, in which case the module will receive None for the argument.
Is there any way I can get around this?
Thank you.
PS.
I am willing to contribute the changes back to ansible if there is any interest.
While this doesn’t affect me personally, it’s worth noting that the patch is backwards incompatible. Someone using postgresql_user to manage an existing user’s privileges without a password, will have this user’s password altered to NULL with the new version.
Τη Πέμπτη, 14 Νοεμβρίου 2013 7:19:18 μ.μ. UTC+2, ο χρήστης Brian Coca έγραψε:
It appears that I was too eager to post and my previous message was not accurate.
Ansible will create a passwordless user if a password is not specified, but it will not set an existing user’s password to NULL. While this means it is backwards compatible in this respect, it does not actually ensure that a user has no password, so perhaps it deserves a comment in the documentation.
I apologize for any inconvenience.
Stratos Moros.
Τη Δευτέρα, 18 Νοεμβρίου 2013 6:48:49 μ.μ. UTC+2, ο χρήστης stm...@gmail.com έγραψε:
I'll try to clarify the docs, I did try to make it backwards compatible
while letting it create new users w/o a password. I don't remember if I
tried or even tested removing the password from an existing user, I'll add
to my list.