From c0dc97a6647be68fd4729ba2854911e8b21974d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Germ=C3=A1n=20Carrillo?= Date: Mon, 30 Sep 2024 17:57:02 -0500 Subject: [PATCH 1/2] [auth] Make it possible to use AuthConfig without superlogin (e.g., useful for export operations) --- .../db_factory/pg_command_config_manager.py | 26 ++++++++++++------- modelbaker/iliwrapper/ili2dbargs.py | 19 ++++++++++++-- 2 files changed, 33 insertions(+), 12 deletions(-) diff --git a/modelbaker/db_factory/pg_command_config_manager.py b/modelbaker/db_factory/pg_command_config_manager.py index 99d61dc..760659d 100644 --- a/modelbaker/db_factory/pg_command_config_manager.py +++ b/modelbaker/db_factory/pg_command_config_manager.py @@ -79,18 +79,24 @@ def get_uri(self, su: bool = False, qgis: bool = False) -> str: uri += ["dbname='{}'".format(self.configuration.database)] # only provide authcfg to the uri when it's needed for QGIS specific things - if ( - qgis - and self.configuration.dbauthid - and ( - not service_config - or not ( - service_config.get("user", None) - and service_config.get("password", None) - ) + if self.configuration.dbauthid and ( + not service_config + or not ( + service_config.get("user", None) + and service_config.get("password", None) ) ): - uri += ["authcfg={}".format(self.configuration.dbauthid)] + if qgis: + # only provide authcfg to the uri when it's needed for QGIS specific things + uri += ["authcfg={}".format(self.configuration.dbauthid)] + else: + # Operations like Export do not require superuser + # login and may be run with authconfig + from ..utils.db_utils import get_authconfig_map + + authconfig_map = get_authconfig_map(self.configuration.dbauthid) + uri += ["user={}".format(authconfig_map.get("username"))] + uri += ["password={}".format(authconfig_map.get("password"))] else: if not service_config or not service_config.get("user", None): uri += ["user={}".format(self.configuration.dbusr)] diff --git a/modelbaker/iliwrapper/ili2dbargs.py b/modelbaker/iliwrapper/ili2dbargs.py index fb11b3a..84625e3 100644 --- a/modelbaker/iliwrapper/ili2dbargs.py +++ b/modelbaker/iliwrapper/ili2dbargs.py @@ -52,11 +52,18 @@ def _get_db_args(configuration, hide_password=False): db_args += ["--dbport", configuration.dbport] if su: db_args += ["--dbusr", configuration.base_configuration.super_pg_user] + elif configuration.dbauthid: + # Operations like Export can work with authconf + # and with no superuser login + from ..utils.db_utils import get_authconfig_map + + authconfig_map = get_authconfig_map(configuration.dbauthid) + db_args += ["--dbusr", authconfig_map.get("username")] else: db_args += ["--dbusr", configuration.dbusr] if ( not su - and configuration.dbpwd + and (configuration.dbpwd or configuration.dbauthid) or su and configuration.base_configuration.super_pg_password ): @@ -68,8 +75,16 @@ def _get_db_args(configuration, hide_password=False): "--dbpwd", configuration.base_configuration.super_pg_password, ] - else: + elif configuration.dbpwd: db_args += ["--dbpwd", configuration.dbpwd] + elif configuration.dbauthid: + # Operations like Export can work with authconf + # and with no superuser login + from ..utils.db_utils import get_authconfig_map + + authconfig_map = get_authconfig_map(configuration.dbauthid) + db_args += ["--dbpwd", authconfig_map.get("password")] + db_args += ["--dbdatabase", configuration.database] db_args += ["--dbschema", configuration.dbschema or configuration.database] From 7453239d9d4414ddda709edcab57e69e93589690 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Germ=C3=A1n=20Carrillo?= Date: Tue, 1 Oct 2024 12:32:56 -0500 Subject: [PATCH 2/2] Move imports to the top --- modelbaker/db_factory/pg_command_config_manager.py | 7 +++---- modelbaker/iliwrapper/ili2dbargs.py | 5 +---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/modelbaker/db_factory/pg_command_config_manager.py b/modelbaker/db_factory/pg_command_config_manager.py index 760659d..3fe0e0b 100644 --- a/modelbaker/db_factory/pg_command_config_manager.py +++ b/modelbaker/db_factory/pg_command_config_manager.py @@ -87,14 +87,13 @@ def get_uri(self, su: bool = False, qgis: bool = False) -> str: ) ): if qgis: - # only provide authcfg to the uri when it's needed for QGIS specific things uri += ["authcfg={}".format(self.configuration.dbauthid)] else: # Operations like Export do not require superuser # login and may be run with authconfig - from ..utils.db_utils import get_authconfig_map - - authconfig_map = get_authconfig_map(self.configuration.dbauthid) + authconfig_map = db_utils.get_authconfig_map( + self.configuration.dbauthid + ) uri += ["user={}".format(authconfig_map.get("username"))] uri += ["password={}".format(authconfig_map.get("password"))] else: diff --git a/modelbaker/iliwrapper/ili2dbargs.py b/modelbaker/iliwrapper/ili2dbargs.py index 84625e3..336d742 100644 --- a/modelbaker/iliwrapper/ili2dbargs.py +++ b/modelbaker/iliwrapper/ili2dbargs.py @@ -21,6 +21,7 @@ from qgis.PyQt.QtCore import QDir, QFile +from ..utils.db_utils import get_authconfig_map from .globals import DbIliMode from .ili2dbconfig import SchemaImportConfiguration @@ -55,8 +56,6 @@ def _get_db_args(configuration, hide_password=False): elif configuration.dbauthid: # Operations like Export can work with authconf # and with no superuser login - from ..utils.db_utils import get_authconfig_map - authconfig_map = get_authconfig_map(configuration.dbauthid) db_args += ["--dbusr", authconfig_map.get("username")] else: @@ -80,8 +79,6 @@ def _get_db_args(configuration, hide_password=False): elif configuration.dbauthid: # Operations like Export can work with authconf # and with no superuser login - from ..utils.db_utils import get_authconfig_map - authconfig_map = get_authconfig_map(configuration.dbauthid) db_args += ["--dbpwd", authconfig_map.get("password")]