diff --git a/config/puppet-modules/openstack/puppet-openstacklib-17.4.0/debian/patches/0006-Update-Postgres-Auth-and-Password-Encryption.patch b/config/puppet-modules/openstack/puppet-openstacklib-17.4.0/debian/patches/0006-Update-Postgres-Auth-and-Password-Encryption.patch new file mode 100755 index 000000000..d2a9653f7 --- /dev/null +++ b/config/puppet-modules/openstack/puppet-openstacklib-17.4.0/debian/patches/0006-Update-Postgres-Auth-and-Password-Encryption.patch @@ -0,0 +1,30 @@ +From 7954a4416c5605803df8f570148f948195bac267 Mon Sep 17 00:00:00 2001 +From: Jorge Saffe +Date: Thu, 19 Sep 2024 22:18:43 +0200 +Subject: [PATCH 6/6] Update Postgres Auth and Password Encryption + +--- + manifests/db/postgresql.pp | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/manifests/db/postgresql.pp b/manifests/db/postgresql.pp +index a7ddedf..adadfb5 100644 +--- a/manifests/db/postgresql.pp ++++ b/manifests/db/postgresql.pp +@@ -45,7 +45,12 @@ define openstacklib::db::postgresql ( + in a future release. Use password instead') + $password_hash_real = $password_hash + } elsif $password != undef { +- $password_hash_real = postgresql::postgresql_password($user, $password) ++ $password_hash_real = postgresql::postgresql_password( ++ $user, ++ $password, ++ $password =~ Sensitive[String], ++ $postgresql::server::password_encryption, ++ ) + } else { + fail('password should be set') + } +-- +2.39.2 + diff --git a/config/puppet-modules/openstack/puppet-openstacklib-17.4.0/debian/patches/series b/config/puppet-modules/openstack/puppet-openstacklib-17.4.0/debian/patches/series index 804f96fd1..6a6bb6461 100644 --- a/config/puppet-modules/openstack/puppet-openstacklib-17.4.0/debian/patches/series +++ b/config/puppet-modules/openstack/puppet-openstacklib-17.4.0/debian/patches/series @@ -3,3 +3,4 @@ 0003-Adjust-puppetlabs-postgresql-version-requirement.patch 0004-Increase-timeout-from-40s-to-100s.patch 0005-Fix-hiera_lookup-function-to-unescape-characters.patch +0006-Update-Postgres-Auth-and-Password-Encryption.patch diff --git a/config/puppet-modules/puppetlabs-postgresql-8.0.0/debian/deb_folder/patches/0002-update-auth-encryption-method.patch b/config/puppet-modules/puppetlabs-postgresql-8.0.0/debian/deb_folder/patches/0002-update-auth-encryption-method.patch new file mode 100644 index 000000000..8baab49ea --- /dev/null +++ b/config/puppet-modules/puppetlabs-postgresql-8.0.0/debian/deb_folder/patches/0002-update-auth-encryption-method.patch @@ -0,0 +1,63 @@ +From 1e1e812c463132a354b74c611de464b3cdcb445a Mon Sep 17 00:00:00 2001 +From: Jorge Saffe +Date: Mon, 17 Jun 2024 19:15:28 +0300 +Subject: [PATCH 2/2] update-auth-encryption-method + +--- + manifests/server.pp | 1 + + manifests/server/config.pp | 7 ++++--- + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/manifests/server.pp b/manifests/server.pp +index 5b9af03..6a28736 100644 +--- a/manifests/server.pp ++++ b/manifests/server.pp +@@ -84,6 +84,7 @@ + # + class postgresql::server ( + Optional[Variant[String[1], Sensitive[String[1]], Integer]] $postgres_password = undef, ++ Optional[Variant[String[1], Sensitive[String[1]], Integer]] $pg_hba_auth_password_encryption = undef, + + $package_name = $postgresql::params::server_package_name, + $package_ensure = $postgresql::params::package_ensure, +diff --git a/manifests/server/config.pp b/manifests/server/config.pp +index c3ca6b5..a07c27a 100644 +--- a/manifests/server/config.pp ++++ b/manifests/server/config.pp +@@ -27,6 +27,7 @@ class postgresql::server::config { + $timezone = $postgresql::server::timezone + $password_encryption = $postgresql::server::password_encryption + $extra_systemd_config = $postgresql::server::extra_systemd_config ++ $pg_hba_auth_password_encryption = $postgresql::server::pg_hba_auth_password_encryption + + if ($manage_pg_hba_conf == true) { + # Prepare the main pg_hba file +@@ -70,7 +71,7 @@ class postgresql::server::config { + type => 'host', + user => $user, + address => '127.0.0.1/32', +- auth_method => 'md5', ++ auth_method => $pg_hba_auth_password_encryption, + order => 3, + ; + +@@ -85,14 +86,14 @@ class postgresql::server::config { + 'allow access to all users': + type => 'host', + address => $ip_mask_allow_all_users, +- auth_method => 'md5', ++ auth_method => $pg_hba_auth_password_encryption, + order => 100, + ; + + 'allow access to ipv6 localhost': + type => 'host', + address => '::1/128', +- auth_method => 'md5', ++ auth_method => $pg_hba_auth_password_encryption, + order => 101, + ; + } +-- +2.34.1 + diff --git a/config/puppet-modules/puppetlabs-postgresql-8.0.0/debian/deb_folder/patches/series b/config/puppet-modules/puppetlabs-postgresql-8.0.0/debian/deb_folder/patches/series index f1fff2f91..e5b394248 100644 --- a/config/puppet-modules/puppetlabs-postgresql-8.0.0/debian/deb_folder/patches/series +++ b/config/puppet-modules/puppetlabs-postgresql-8.0.0/debian/deb_folder/patches/series @@ -1 +1,2 @@ 0001-use-python3-psycopg2.patch +0002-update-auth-encryption-method.patch