-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pass PGPASSWORD via env directly, not via shell #939
base: master
Are you sure you want to change the base?
Conversation
with this, nothing uses and one more thing: technically |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed on cleaning up hidden_patterns if it's not used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall I think this is OK, but the whole module looks rather inconsistent.
" -p #{config['port'] || '5432'} -U #{config['username']}" | ||
return cmd, env |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think RuboCop would prefer
return cmd, env | |
cmd, env |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and yet it didn't complain :D
(I think it only complains on singular returns, not lists)
cmd, env = psql_command(config) | ||
cmd += ' -c "SHOW server_version" -t -A' | ||
version_string = execute!(cmd, :env => env) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It feels like this should use psql('SHOW server_version')
, but you probably also saw that and considered it out of scope.
And as always, I think it should have used --no-align
instead of -A
to make the comment above it redundant.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we just drop the file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we could, yeah. I pondered writing actual new tests, but didn't so far.
I've just realized that while this fixes one issue with the passwords, it doesn't fix the one in the report. 🤦♀️ |
I wonder if it could wrap django's dbshell command to run queries somehow |
Don't give me ideas |
PYTHONDONTWRITEBYTECODE=1 PYTHONPATH=/etc/pulp python -c 'import yaml; import settings; print(yaml.safe_dump(settings.DATABASES["default"]))' |
My biggest issue is that the Rails equivalent needs to load the entire Rails env, which is slow. And there is none (that I know of) for Candlepin. Not that we need queries on that after we merge #940, but there's still the backup/restore part. |
Nit: I'd prefer JSON and you can use |
sure, why not: # PULP_SETTINGS=/etc/pulp/settings.py pulpcore-manager shell --command 'from django.conf import settings; import json; print(json.dumps(settings.DATABASES["default"]))'
{"ENGINE": "django.db.backends.postgresql", "NAME": "pulpcore", "USER": "pulp", "PASSWORD": "sdfsfds\"dssdfdsf", "HOST": "remotedb", "PORT": "5432", "ATOMIC_REQUESTS": false, "AUTOCOMMIT": true, "CONN_MAX_AGE": 0, "CONN_HEALTH_CHECKS": false, "OPTIONS": {}, "TIME_ZONE": null, "TEST": {"CHARSET": null, "COLLATION": null, "MIGRATE": true, "MIRROR": null, "NAME": null}} |
The reason I bring it up is that it's probably easier to reuse this once we start using containers. If we start using env vars or secrets, that'll work at runtime but it'll be complex to parse all the options. |
No description provided.