OpenUpgrade Server

Merge lp:~therp-nl/openupgrade-server/7.0_lp1265463_use_password into lp:openupgrade-server

  1. 7.0_lp1265463_use_password
  2. Merge into 7.0
Proposed by Ronald Portier (Therp)
Status: Merged
Merged at revision: 4644
Proposed branch: lp:~therp-nl/openupgrade-server/7.0_lp1265463_use_password
Merge into: lp:openupgrade-server
Diff against target: 74 lines (+38/-8)
1 file modified
scripts/migrate.py (+38/-8)
To merge this branch: bzr merge lp:~therp-nl/openupgrade-server/7.0_lp1265463_use_password
Reviewer Review Type Date Requested Status
Holger Brunn (Therp) code review Approve
Stefan Rijnhart (Opener) Needs Information
Ronald Portier (Therp) Needs Resubmitting
Review via email: mp+200301@code.launchpad.net

Description of the change

Migrate script will use all database connection info found in the config file that is already a required parameter.

To post a comment you must log in.
Revision history for this message
Holger Brunn (Therp) (hbrunn) wrote :

10ff: You need to check if this option exists (has_option) before accessing it, as also SafeConfigParser raises ConfigParser.NoOptionError on nonexisting options. Then you can remove 12f

Could you explain why you do the extra checks and unset PGPASSWORD? The environment you change will die with the script process, and the only other processes who see it are the openupgrade servers it starts, or am I mistaken?

review: Needs Fixing (code review)
lp:~therp-nl/openupgrade-server/7.0_lp1265463_use_password updated
4642. By Ronald Portier (Therp)

[FIX] Properly check for existance of option before use.

Revision history for this message
Ronald Portier (Therp) (rportier1962) wrote :

@Holger

I changed the code to properly test for the existance of a configuration key before use.

I took over the unsetting of PGPASSWORD from the database back-up code of standard OpenERP. I think it is not wrong to clear a plaintext password from memory as soon as possible. Although ofcourse there already is a certain security risk in having the password in a plain text config file in the first place.

review: Needs Resubmitting
Revision history for this message
Stefan Rijnhart (Opener) (stefan-opener) wrote :

By the looks of it, the whole environment manipulation is only done to copy a database. Would it be an idea to simply copy the database using the cursor, using

    CREATE DATABASE newdb WITH TEMPLATE originaldb OWNER dbuser;

?

review: Needs Information
Revision history for this message
Holger Brunn (Therp) (hbrunn) wrote :

That would be a splendid idea, if not this choked if originaldb is in use, whereas pg_dump can work on locked databases. Some people might be brave or careless enough to run the script on their production database...

Thanks for the other changes!

review: Approve (code review)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'scripts/migrate.py'
--- scripts/migrate.py 2013-05-09 13:49:52 +0000
+++ scripts/migrate.py 2014-01-20 21:57:21 +0000
@@ -94,13 +94,25 @@
9494
95config.read(options.config)95config.read(options.config)
9696
97db_user=config.get('options', 'db_user')97conn_parms = {}
98for parm in ('host', 'port', 'user', 'password'):
99 db_parm = 'db_' + parm
100 if config.has_option('options', db_parm):
101 conn_parms[parm] = config.get('options', db_parm)
102
103if not 'user' in conn_parms:
104 print 'No user found in configuration'
105 sys.exit()
106db_user = conn_parms['user']
107
98db_name=options.database or config.get('options', 'db_name')108db_name=options.database or config.get('options', 'db_name')
99109
100if not db_name or db_name=='' or db_name.isspace() or db_name.lower()=='false':110if not db_name or db_name=='' or db_name.isspace() or db_name.lower()=='false':
101 parser.print_help()111 parser.print_help()
102 sys.exit()112 sys.exit()
103113
114conn_parms['database'] = db_name
115
104if options.inplace:116if options.inplace:
105 db=db_name117 db=db_name
106else:118else:
@@ -185,18 +197,36 @@
185if not options.inplace:197if not options.inplace:
186 print('copying database %(db_name)s to %(db)s...' % {'db_name': db_name, 198 print('copying database %(db_name)s to %(db)s...' % {'db_name': db_name,
187 'db': db})199 'db': db})
188 conn=psycopg2.connect(database=db_name, user=db_user)200 conn = psycopg2.connect(**conn_parms)
189 conn.set_isolation_level(psycopg2.extensions.ISOLATION_LEVEL_AUTOCOMMIT)201 conn.set_isolation_level(psycopg2.extensions.ISOLATION_LEVEL_AUTOCOMMIT)
190 cur=conn.cursor()202 cur=conn.cursor()
191 cur.execute('drop database if exists "%(db)s"' % {'db': db})203 cur.execute('drop database if exists "%(db)s"' % {'db': db})
192 cur.execute('create database "%(db)s"' % {'db': db})204 cur.execute('create database "%(db)s"' % {'db': db})
193 cur.close()205 cur.close()
194 os.system(('pg_dump --format=custom --user=%(user)s %(db_name)s | pg_restore '+206
195 '--dbname=%(db)s') % {207 os.environ['PGUSER'] = db_user
196 'user': db_user, 208 if ('host' in conn_parms and conn_parms['host']
197 'db_name': db_name, 209 and not os.environ.get('PGHOST')):
198 'db': db,210 os.environ['PGHOST'] = conn_parms['host']
199 })211
212 if ('port' in conn_parms and conn_parms['port']
213 and not os.environ.get('PGPORT')):
214 os.environ['PGPORT'] = conn_parms['port']
215
216 password_set = False
217 if ('password' in conn_parms and conn_parms['password']
218 and not os.environ.get('PGPASSWORD')):
219 os.environ['PGPASSWORD'] = conn_parms['password']
220 password_set = True
221
222 os.system(
223 ('pg_dump --format=custom --no-password %(db_name)s ' +
224 '| pg_restore --no-password --dbname=%(db)s') %
225 {'db_name': db_name, 'db': db}
226 )
227
228 if password_set:
229 del os.environ['PGPASSWORD']
200230
201for version in options.migrations.split(','):231for version in options.migrations.split(','):
202 print 'running migration for '+version232 print 'running migration for '+version

Subscribers

People subscribed via source and target branches