capistrano-postgresql 5.0.1 → 6.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 364a6abacd3ed6062160d63783197e096265e5e2c4bba1b2f313c6531425befa
4
- data.tar.gz: 90ecfedb1b53b252bbf04744fa24a508cc3337704497016f06a12cd11fdf9f1a
3
+ metadata.gz: 5c0f485e4bf0ea288af9b0afaad45e95efc68b817442c347db9e169aa5853128
4
+ data.tar.gz: 32a1785b99b1933d44a6a5d6da5b24c066e004915c9f80c7be2169070683d025
5
5
  SHA512:
6
- metadata.gz: c1a9e6735070c862d871928394c6c36599f8730ce61f9649a4d32192c529473d73ff5bb09bfef2869f0f25c03dd97a15bdbdfbef81bbbefee317c038e7817fef
7
- data.tar.gz: e5dd8a20ba9312352d8174e8d83b0e8ba361b336e5abfb4c11fe60bdf7c614ecfb42771a34ab9b9d78de31b595969b97a4d96088d51a9f247be918cb9a622a79
6
+ metadata.gz: 169cb53f9f4ca8b51ca400faad4500f1e6f7aab18388790cdb0f13092aff14b4a1422d0957b426bc49cbe65f9740bfe0c76aea90d34b7352c74e3291b350ec06
7
+ data.tar.gz: c64cd51211d920d55bbbd4e5955d401dd6ce013290d00ff2807e3e02cd6378af380bd3abb89fafbdc341cf03e81b47f30be4fd3c53720f3f9e6e61ae5ccd4bcb
data/CHANGELOG.md CHANGED
@@ -2,6 +2,12 @@
2
2
 
3
3
  ### master
4
4
 
5
+ ## v6.0.0, 2018-07-09
6
+ - Fix for pg_without_sudo; Wasn't adding -U to args
7
+ - New feature that will ALTER USER/Password with any change to pg_password. Random passwords will cause each cap setup to run the ALTER USER, but that's fine as a user should technically only be using setup initially. It's not that hard to obtain the new password if this happens.
8
+ - New redaction for logging of passwords & SSHKIT 1.17.0 in gemspec
9
+ - README updates
10
+
5
11
  ## v5.0.1, 2018-06-05
6
12
  - Quick fix for fetch(:pg_database) on extension adding
7
13
 
data/README.md CHANGED
@@ -27,7 +27,7 @@ Put the following in your application's `Gemfile`:
27
27
 
28
28
  group :development do
29
29
  gem 'capistrano', '~> 3.2.0'
30
- gem 'capistrano-postgresql', '~> 5.0.0'
30
+ gem 'capistrano-postgresql', '~> 6.0.0'
31
31
  end
32
32
 
33
33
  Then:
@@ -36,7 +36,7 @@ Then:
36
36
 
37
37
  ### Usage
38
38
 
39
- In a standard RAILS app, you need to do is put the following in `Capfile` file:
39
+ In a standard RAILS app, you need to put the following in `Capfile` file:
40
40
 
41
41
  ```
42
42
  require 'capistrano/postgresql'
@@ -45,26 +45,28 @@ require 'capistrano/postgresql'
45
45
  You need to include ONLY ONE of the following in your config/deploy/*.rb files:
46
46
 
47
47
  ```
48
- set :pg_password, ENV['DATABASE_USER_PASSWORD']
49
- set :pg_ask_for_password, true
50
- set :pg_generate_random_password, true
48
+ set :pg_password, ENV['DATABASE_USER_PASSWORD'] # Example is an ENV value, but you can use a string instead
49
+ set :pg_ask_for_password, true # Prompts user for password on execution of setup
50
+ set :pg_generate_random_password, true # Generates a random password on each setup
51
51
  ```
52
52
 
53
+ ##### Execution of `cap ENV setup` will run ALTER USER on pg_username if there is a different password. If you're using :pg_generate_random_password, you'll get a new random password on each run.
54
+
53
55
  Example config:
54
56
 
55
57
  ```
56
- server 'growtrader.dev', user: 'growtrader', roles: %w{app db}
58
+ server 'yoursite.net', user: 'growtrader', roles: %w{app db}
57
59
  set :stage, :development
58
60
  set :branch, 'development'
59
61
  # ==================
60
62
  # Postgresql setup
61
63
  set :pg_without_sudo, false
62
- set :pg_host, 'growtrader.dev'
63
- set :pg_database, 'growtrader'
64
- set :pg_username, 'growtrader'
64
+ set :pg_host, 'db.yoursite.net'
65
+ set :pg_database, 'pg_database_name_here'
66
+ set :pg_username, 'pg_username_here'
65
67
  #set :pg_generate_random_password, true
66
68
  #set :pg_ask_for_password, true
67
- set :pg_password, ENV['GROWTRADER_PGPASS']
69
+ set :pg_password, ENV['yoursite_PGPASS']
68
70
  set :pg_extensions, ['citext','hstore']
69
71
  set :pg_encoding, 'UTF-8'
70
72
  set :pg_pool, '100'
@@ -72,15 +74,15 @@ set :pg_pool, '100'
72
74
 
73
75
  Finally, to setup the server(s), run:
74
76
 
75
- $ bundle exec cap production setup
77
+ $ bundle exec cap development setup
76
78
 
77
79
  ### Requirements
78
-
79
80
  * Be sure to remove `config/database.yml` from your application's version control.
80
- * Your pg_hba.conf must include `local all all trust`
81
+ * Your pg_hba.conf must include `local all all trust`. We ssh into the servers to execute psql commands.
81
82
  * Make sure the `deploy_to` path exists and has the right privileges on your servers. The ~ symbol (i.e. `~/myapp`) is not supported.
82
- * Within your app/config/deploy/{env}.rb files, you need to specify at least one :app and one :db server.
83
+ * Within your app/config/deploy/{env}.rb files, you need to specify at least one :app and one :db server (they can be on the same host; `roles: %w{web app db}`)
83
84
  * If you have multiple :db role hosts, it's necessary to specify `:primary => true` on the end of your primary :db server.
85
+ * gem >= 6.0.0 requires SSHKIT >= 1.17.0 as passwords are redacted from logging.
84
86
 
85
87
  ### How it works
86
88
 
@@ -24,5 +24,6 @@ Gem::Specification.new do |gem|
24
24
  gem.require_paths = ['lib']
25
25
 
26
26
  gem.add_dependency 'capistrano', '>= 3.0'
27
+ gem.add_dependency 'sshkit', '>= 1.17.0' # 1.17.0 required for log/password redaction
27
28
  gem.add_development_dependency 'rake'
28
29
  end
@@ -20,7 +20,7 @@ module Capistrano
20
20
  end
21
21
  end
22
22
 
23
- def generate_database_yml_io(password=fetch(:pg_password))
23
+ def generate_database_yml_io
24
24
  StringIO.open do |s|
25
25
  s.puts "#{fetch(:pg_env)}:"
26
26
  {
@@ -29,7 +29,7 @@ module Capistrano
29
29
  database: fetch(:pg_database),
30
30
  pool: fetch(:pg_pool),
31
31
  username: fetch(:pg_username),
32
- password: password,
32
+ password: fetch(:pg_password),
33
33
  host: fetch(:pg_host),
34
34
  socket: fetch(:pg_socket),
35
35
  port: fetch(:pg_port),
@@ -45,12 +45,7 @@ module Capistrano
45
45
  raise('Regeneration of archetype database.yml need the original file to update from.') if archetype_file.nil?
46
46
  raise('Cannot update a custom postgresql.yml.erb file.') if File.exists?(config_file) # Skip custom postgresql.yml.erb if we're updating. It's not supported
47
47
  # Update yml file from settings
48
- if fetch(:pg_generate_random_password) || !fetch(:pg_password) # We need to prevent updating the archetype file if we've done a random or "ask"ed password
49
- current_password = archetype_file.split("\n").grep(/password/)[0].split('password:')[1].strip
50
- generate_database_yml_io(current_password)
51
- else
52
- generate_database_yml_io
53
- end
48
+ generate_database_yml_io
54
49
  else
55
50
  if File.exists?(config_file) # If there is a customized file in your rails app template directory, use it and convert any ERB
56
51
  StringIO.new ERB.new(File.read(config_file)).result(binding)
@@ -3,16 +3,19 @@ module Capistrano
3
3
  module PsqlHelpers
4
4
 
5
5
  def psql(type, database, *args)
6
- cmd = [ :psql, "-d #{database}", *args ]
7
6
  if fetch(:pg_without_sudo)
8
- args.unshift("-U #{fetch(:pg_system_user)}") # Add the :pg_system_user to psql command since we aren't using sudo anymore
7
+ # Add the :pg_system_user to psql command since we aren't using sudo anymore
8
+ cmd = [ :psql, "-d #{database}", *args.unshift("-U #{fetch(:pg_system_user)}") ]
9
9
  else
10
10
  cmd = [:sudo, "-i -u #{fetch(:pg_system_user)}", *cmd]
11
11
  end
12
+ # Allow us to execute the different sshkit commands
12
13
  if type == 'test'
13
- test *cmd.flatten
14
+ test *cmd
15
+ elsif type == 'capture'
16
+ capture *cmd
14
17
  else
15
- execute *cmd.flatten
18
+ execute *cmd
16
19
  end
17
20
  end
18
21
 
@@ -20,6 +23,12 @@ module Capistrano
20
23
  psql 'test', fetch(:pg_system_db),'-tAc', %Q{"SELECT 1 FROM pg_roles WHERE rolname='#{fetch(:pg_username)}';" | grep -q 1}
21
24
  end
22
25
 
26
+ def database_user_password_different?
27
+ current_password_md5 = psql 'capture', fetch(:pg_system_db),'-tAc', %Q{"select passwd from pg_shadow WHERE usename='#{fetch(:pg_username)}';"}
28
+ new_password_md5 = "md5#{Digest::MD5.hexdigest("#{fetch(:pg_password)}#{fetch(:pg_username)}")}"
29
+ current_password_md5 == new_password_md5 ? false : true
30
+ end
31
+
23
32
  def database_exists?
24
33
  psql 'test', fetch(:pg_system_db), '-tAc', %Q{"SELECT 1 FROM pg_database WHERE datname='#{fetch(:pg_database)}';" | grep -q 1}
25
34
  end
@@ -1,5 +1,5 @@
1
1
  module Capistrano
2
2
  module Postgresql
3
- VERSION = '5.0.1'
3
+ VERSION = '6.0.0'
4
4
  end
5
5
  end
@@ -82,12 +82,16 @@ namespace :postgresql do
82
82
  end
83
83
  end
84
84
 
85
- desc 'Create pg_username in database'
85
+ desc 'Create or update pg_username in database'
86
86
  task :create_database_user do
87
87
  on roles :db do
88
88
  unless database_user_exists?
89
89
  # If you use CREATE USER instead of CREATE ROLE the LOGIN right is granted automatically; otherwise you must specify it in the WITH clause of the CREATE statement.
90
- psql 'execute', fetch(:pg_system_db), '-c', %Q{"CREATE USER \\"#{fetch(:pg_username)}\\" PASSWORD '#{fetch(:pg_password)}';"}
90
+ psql 'execute', fetch(:pg_system_db), '-c', %Q{"CREATE USER \\"#{fetch(:pg_username)}\\" PASSWORD}, redact("'#{fetch(:pg_password)}'"), %Q{;"}
91
+ end
92
+ if database_user_password_different?
93
+ # Ensure updating the password in your deploy/ENV.rb files updates the user, server side
94
+ psql 'execute', fetch(:pg_system_db), '-c', %Q{"ALTER USER \\"#{fetch(:pg_username)}\\" WITH PASSWORD}, redact("'#{fetch(:pg_password)}'"), %Q{;"}
91
95
  end
92
96
  end
93
97
  end
@@ -140,7 +144,6 @@ namespace :postgresql do
140
144
  if release_roles(:app).empty?
141
145
  warn " WARNING: There are no servers in your app/config/deploy/#{fetch(:rails_env)}.rb with a :app role... Skipping Postgresql setup."
142
146
  else
143
- invoke 'postgresql:remove_app_database_yml_files' # Deletes old yml files from all servers. Allows you to avoid having to manually delete the files on your app servers to get a new pool size for example. Don't touch the archetype file to avoid deleting generated passwords.
144
147
  if release_roles(:db).empty? # Test to be sure we have a :db role host
145
148
  warn " WARNING: There is no server in your app/config/deploy/#{fetch(:rails_env)}.rb with a :db role... Skipping Postgresql setup."
146
149
  elsif !fetch(:pg_password) && !fetch(:pg_generate_random_password) && !fetch(:pg_ask_for_password)
@@ -148,6 +151,7 @@ namespace :postgresql do
148
151
  elsif fetch(:pg_generate_random_password) && fetch(:pg_ask_for_password)
149
152
  warn " WARNING: You cannot have both :pg_generate_random_password and :pg_ask_for_password enabled in app/config/deploy/#{fetch(:rails_env)}.rb."
150
153
  else
154
+ invoke 'postgresql:remove_app_database_yml_files' # Deletes old yml files from all servers. Allows you to avoid having to manually delete the files on your app servers to get a new pool size for example. Don't touch the archetype file to avoid deleting generated passwords.
151
155
  invoke 'postgresql:create_database_user'
152
156
  invoke 'postgresql:create_database'
153
157
  invoke 'postgresql:add_extensions'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capistrano-postgresql
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.1
4
+ version: 6.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Bruno Sutic
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2018-06-06 00:00:00.000000000 Z
12
+ date: 2018-07-09 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: capistrano
@@ -25,6 +25,20 @@ dependencies:
25
25
  - - ">="
26
26
  - !ruby/object:Gem::Version
27
27
  version: '3.0'
28
+ - !ruby/object:Gem::Dependency
29
+ name: sshkit
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ">="
33
+ - !ruby/object:Gem::Version
34
+ version: 1.17.0
35
+ type: :runtime
36
+ prerelease: false
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - ">="
40
+ - !ruby/object:Gem::Version
41
+ version: 1.17.0
28
42
  - !ruby/object:Gem::Dependency
29
43
  name: rake
30
44
  requirement: !ruby/object:Gem::Requirement