postgresql_user module: Gracefully handle ALTER ROLE on read-only postgres servers.

This commit is contained in:
Jinn Koriech 2013-12-31 18:23:45 +00:00
parent 99616d0c80
commit aebae13c9b

View file

@ -173,7 +173,7 @@ def user_add(cursor, user, password, role_attr_flags, encrypted, expires):
cursor.execute(query) cursor.execute(query)
return True return True
def user_alter(cursor, user, password, role_attr_flags, encrypted, expires): def user_alter(cursor, module, user, password, role_attr_flags, encrypted, expires):
"""Change user password and/or attributes. Return True if changed, False otherwise.""" """Change user password and/or attributes. Return True if changed, False otherwise."""
changed = False changed = False
@ -203,7 +203,17 @@ def user_alter(cursor, user, password, role_attr_flags, encrypted, expires):
if expires is not None: if expires is not None:
alter = alter + " VALID UNTIL '%(expires)s'" % { "exipres": expires } alter = alter + " VALID UNTIL '%(expires)s'" % { "exipres": expires }
cursor.execute(alter) try:
cursor.execute(alter)
except psycopg2.InternalError, e:
if e.pgcode == '25006':
# Handle errors due to read-only transactions indicated by pgcode 25006
# ERROR: cannot execute ALTER ROLE in a read-only transaction
changed = False
module.fail_json(msg=e.pgerror)
return changed
else:
raise psycopg2.InternalError, e
# Grab new role attributes. # Grab new role attributes.
cursor.execute(select, {"user": user}) cursor.execute(select, {"user": user})
@ -455,7 +465,7 @@ def main():
if state == "present": if state == "present":
if user_exists(cursor, user): if user_exists(cursor, user):
changed = user_alter(cursor, user, password, role_attr_flags, encrypted, expires) changed = user_alter(cursor, module, user, password, role_attr_flags, encrypted, expires)
else: else:
changed = user_add(cursor, user, password, role_attr_flags, encrypted, expires) changed = user_add(cursor, user, password, role_attr_flags, encrypted, expires)
changed = grant_privileges(cursor, user, privs) or changed changed = grant_privileges(cursor, user, privs) or changed