Add support for pgpass #666
Conversation
Co-authored-by: Aimilios Tsouvelekakis <[email protected]>
|
@wangxiaoying Adding a bunch of new code to support specific postgres functionality into the
|
| @@ -247,6 +247,66 @@ def read_sql( | |||
| ) -> pl.DataFrame: ... | |||
|
|
|||
|
|
|||
| def get_passfile_content(path: pathlib.Path) -> dict: | |||
| # host:port:db_name:user_name:password | |||
| with open(path) as f: | |||
There was a problem hiding this comment.
How about we do something different? the content we need from pgpass is the password only the restof the elements are used for retrieving it. So:
for line in f:
contents = line.read().split(':')
if len(contents) != 5:
raise Exception('Pgpass content should follow: host:port:db_name:user_name:password')
else:
if ((contents['host'] == host or contents['host'] == '*') and
(contents['port'] == port or contents['port'] == '*') and
(contents['database'] == database or contents['database'] == '*') and
(contents['user'] == user or contents['user'] == '*')):
return contents['password']So in this way we do also multiple lines and we return the first line matched.
| def get_pgpass(conn) -> dict: | ||
| # check param or (PGPASS env or DEFAULT) | ||
| # DEFAULT = linux or windows | ||
| passfile = '%APPDATA%\postgresql\pgpass.conf' if sys.platform == 'windows' else os.path.expanduser( |
There was a problem hiding this comment.
Instead of sys.platform maybe we can use os.name == 'nt'
|
|
||
| passfile_path = pathlib.Path(passfile) | ||
|
|
||
| if sys.platform != 'windows': |
There was a problem hiding this comment.
Same here: os.name != 'nt'
| # We rewrite the netloc from scratch here e.g. | ||
| # netloc = contents['username'] or o.username + ':' + contents['password'] or o.password + ... | ||
| parsed_conn = urllib.parse.urlparse(conn) | ||
| return str(parsed_conn._replace(**contents)) |
There was a problem hiding this comment.
We can do the following:
database = parsed_conn.path[1:] or os.environ.get('PGDATABASE', os.getenv('USER'))
host = parsed_conn.hostname or os.environ.get('PGHOST', 'localhost')
port = parsed_conn.port or os.environ.get('PGPORT', '5432')
user = parsed_conn.username or os.environ.get('PGUSER', os.getenv('USER'))
password = parsed_conn.password
We parse 2 times the URI so maybe we need to rethink that maybe we call pgpass from inside reconstruct? That would allow something like that also:
query_params = parse_qs(parsed_con.query)
passfile = query_params.get('passfile', [None])[0] or os.environ.get('PGPASSFILE')
default_pgpass_path = os.path.expanduser('~/.pgpass') if os.name != 'nt' else os.path.join(os.getenv('APPDATA', ''), 'postgresql', 'pgpass.conf')
# Determine the password precedence
if not password:
if 'PGPASSWORD' in os.environ:
password = os.environ['PGPASSWORD']
else:
pgpass_path = passfile or default_pgpass_path
password = get_passfile_content(pgpass_path, host or '*', str(port or '*'), database or '*', user or '*')
And with all these information we can get the new connection string.
|
|
||
| def run_per_database(conn): | ||
| # Todo rename to something better. | ||
| if 'postgresql' in conn: |
There was a problem hiding this comment.
Or postgres is also valid: https://www.postgresql.org/docs/current/libpq-connect.html
There was a problem hiding this comment.
Then we ought to change it to postgres
|
Thanks for the PR and review @surister @aimtsou !
I think moving the logic into an independent file would be great! |
|
I just pushed a commit to fix the error that cause the fail of the CI. Please feel free to rebase on that one. |
We follow the spec in https://www.postgresql.org/docs/current/libpq-pgpass.html,
Order of passfile path is:
postgresql://localhost:5432?passfile=/home/someuser/secret/.pgpass~/.pgpassin *nix,%APPDATA%\postgresql\pgpass.confin windows.0600or we raise an exception.host:port:db_name:user_name:password, so*:*:*:*:passwordis valid, justpasswordis not.pgpassfile has precedence over the given connection string.
Fixes: #567