postgresql_pg_hba: bulk rule editing

[betanummeric]

feature PR, fixes #297

add new arguments to postgresql_pg_hba to edit multiple rules at once

argument rules

A list of objects, specifying a rule for the pg_hba.conf. Each object can have the following keys (the "rule-specific arguments"), which are treated the same as if they were arguments of this module:

• address
• comment
• contype
• databases
• method
• netmask
• options
• state
• users
  See rules_behavior for what happens when one of these keys missing in a rules item.

argument rules_behavior

String, choices: conflict (default), combine.

When conflict, and rules is specified along with at least one normal rule-specific argument, the module fails. This should prevent accidental ambiguous operations. If a rules item is lacking some rule-specific argument, the respective module default is taken.

When combine, the normal rule-specific arguments are treated as fallback values for the content of rules. (They will not add or remove a role on their own.) When a value is neither specified in a rules item nor in the normal rule-specific argument, the module default is taken.

example:

- name: rules with custom defaults
  community.postgresql.postgresql_pg_hba:
    dest: /tmp/pg_hba.conf
    rules_behavior: combine
    databases: db1
    address: 2001:db8::a/64
    rules:
      - users: user1    
      - users: user2
        address: 2001:db8::b/64

# is equivalent to
- name: rules with custom defaults
  community.postgresql.postgresql_pg_hba:
    dest: /tmp/pg_hba.conf
    rules_behavior: combine
    rules:
      - users: user1    
        databases: db1
        address: 2001:db8::a/64
      - users: user2
        databases: db1
        address: 2001:db8::b/64

argument overwrite

Boolean, default: false. When true, all pre-existing rules will be removed from the pg_hba.conf as if they where specified with state: absent.

[betanummeric]

CI error https://dev.azure.com/ansible/community.postgresql/_build/results?buildId=46440&view=logs&j=3afb8e66-d9f7-51e9-da18-79a477157904&t=4d67c62b-b0be-5cd8-f96d-9a6e13c4a51a&l=226

00:11 ERROR: Found 1 compile issue(s) on python 2.6 which need to be resolved:
00:11 ERROR: plugins/modules/postgresql_pg_hba.py:814:18: SyntaxError: 'address', (100%)

Python 2.6 is EOL for 8 years now, does it still need to be supported by this module?

[hunleyd]

Python 2.6 is EOL for 8 years now, does it still need to be supported by this module?

I would say 'no' but I defer to @Andersson007

[Andersson007]

I would say 'no' but I defer to @Andersson007

The collection requirements require at least 2.7 support but if there's no good reason to introduce Python 2.6 incompatible changes, i wouldn't do it (though it's only my opinion and we can vote on it if needed).

[hunleyd]

@betanummeric any updates on the remaining failures ?

[betanummeric]

The remaining error message occurs here and says:

The conditional check 'result.results|selectattr('msg', 'in', 'conflict')|length == 0' failed. The error was: no test named 'in'

The test runs in docker image quay.io/ansible/centos7-test-container:2.0.2 with python 2.7.5 and jinja 2.7.2, but the in-test was added in jinja 2.10. Even

result.results|map(attribute='msg')|map('truncate',8,True,'')|select('equalto','conflict')|length == 0

would not work because equalto was added in jina 2.8. I tried some ways but I see no way to perform this check with jinja in that version.
I would like to ignore or skip that check with that version. In the end, it's only testing that the error messages look sensible.

[Andersson007]

@betanummeric

I would like to ignore or skip that check with that version. In the end, it's only testing that the error messages look sensible.

Skipping or ignoring it with that version sounds OK to me

[betanummeric]

The tests are green, this is ready for review.

[Andersson007]

@betanummeric thanks for working on this!

I left several general things.
I'm not a user of the module, so would be nice to hear users' / other maintainers' opinions.

@hunleyd @jchancojr do you use the module or do you know someone who uses it and can take a look?

[hunleyd]

@hunleyd @jchancojr do you use the module or do you know someone who uses it and can take a look?

myself @pgguru and @keithf4 use the module at $dayjob. we can take a look

[Andersson007]

@hunleyd @jchancojr do you use the module or do you know someone who uses it and can take a look?

myself @pgguru and @keithf4 use the module at $dayjob. we can take a look

Great, thanks! We'll be waiting for you feedback

[hunleyd]

does this need backported once merged @Andersson007 ?

[sebasmannem]

Awesome work guys.
Thanks.

[Andersson007]

does this need backported once merged @Andersson007 ?

@hunleyd no, it doesn't, thanks for reviewing and merging!

[Andersson007]

@betanummeric thanks for the contribution!