diff --git a/changelog/67720.added.md b/changelog/67720.added.md new file mode 100644 index 000000000000..d9c032a6cc26 --- /dev/null +++ b/changelog/67720.added.md @@ -0,0 +1 @@ +Added ssl options to postgres pillar. diff --git a/requirements/static/ci/common.txt b/requirements/static/ci/common.txt index 9a81ae470e8a..5946b16b0952 100644 --- a/requirements/static/ci/common.txt +++ b/requirements/static/ci/common.txt @@ -69,3 +69,4 @@ genshi>=0.7.3 cheetah3>=3.2.2 mako wempy +psycopg2-binary; sys_platform != 'win32' diff --git a/requirements/static/ci/py3.10/cloud.lock b/requirements/static/ci/py3.10/cloud.lock index 7a6c480fc56e..ba313253df4c 100644 --- a/requirements/static/ci/py3.10/cloud.lock +++ b/requirements/static/ci/py3.10/cloud.lock @@ -479,6 +479,10 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via + # -c requirements/static/ci/py3.10/linux.lock + # -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via # -c requirements/static/ci/py3.10/linux.lock diff --git a/requirements/static/ci/py3.10/darwin.lock b/requirements/static/ci/py3.10/darwin.lock index 5ce9352d1f84..7974a286b56f 100644 --- a/requirements/static/ci/py3.10/darwin.lock +++ b/requirements/static/ci/py3.10/darwin.lock @@ -357,6 +357,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.10/freebsd.lock b/requirements/static/ci/py3.10/freebsd.lock index c12aaaa6ff80..bad2aec7e05d 100644 --- a/requirements/static/ci/py3.10/freebsd.lock +++ b/requirements/static/ci/py3.10/freebsd.lock @@ -386,6 +386,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 ; sys_platform != 'win32' + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.10/lint.lock b/requirements/static/ci/py3.10/lint.lock index 5ee59b0b34d8..2728f546c16f 100644 --- a/requirements/static/ci/py3.10/lint.lock +++ b/requirements/static/ci/py3.10/lint.lock @@ -501,6 +501,10 @@ psutil==7.2.2 # -c requirements/static/ci/py3.10/linux.lock # -c requirements/static/pkg/py3.10/linux.lock # -r requirements/base.txt +psycopg2-binary==2.9.12 + # via + # -c requirements/static/ci/py3.10/linux.lock + # -r requirements/static/ci/common.txt pyasn1==0.6.3 # via # -c requirements/static/ci/py3.10/linux.lock diff --git a/requirements/static/ci/py3.10/linux.lock b/requirements/static/ci/py3.10/linux.lock index b3062de2eac0..25a2e12d62c4 100644 --- a/requirements/static/ci/py3.10/linux.lock +++ b/requirements/static/ci/py3.10/linux.lock @@ -386,6 +386,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.11/cloud.lock b/requirements/static/ci/py3.11/cloud.lock index c6f53a5ac118..a853b29bc875 100644 --- a/requirements/static/ci/py3.11/cloud.lock +++ b/requirements/static/ci/py3.11/cloud.lock @@ -470,6 +470,10 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via + # -c requirements/static/ci/py3.11/linux.lock + # -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via # -c requirements/static/ci/py3.11/linux.lock diff --git a/requirements/static/ci/py3.11/darwin.lock b/requirements/static/ci/py3.11/darwin.lock index 055f044aa92b..680694a1f318 100644 --- a/requirements/static/ci/py3.11/darwin.lock +++ b/requirements/static/ci/py3.11/darwin.lock @@ -351,6 +351,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.11/freebsd.lock b/requirements/static/ci/py3.11/freebsd.lock index 4db9f05d3800..862ea7509081 100644 --- a/requirements/static/ci/py3.11/freebsd.lock +++ b/requirements/static/ci/py3.11/freebsd.lock @@ -380,6 +380,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 ; sys_platform != 'win32' + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.11/lint.lock b/requirements/static/ci/py3.11/lint.lock index 32b1d937e3e6..d489d5aff440 100644 --- a/requirements/static/ci/py3.11/lint.lock +++ b/requirements/static/ci/py3.11/lint.lock @@ -496,6 +496,10 @@ psutil==7.2.2 # -c requirements/static/ci/py3.11/linux.lock # -c requirements/static/pkg/py3.11/linux.lock # -r requirements/base.txt +psycopg2-binary==2.9.12 + # via + # -c requirements/static/ci/py3.11/linux.lock + # -r requirements/static/ci/common.txt pyasn1==0.6.3 # via # -c requirements/static/ci/py3.11/linux.lock diff --git a/requirements/static/ci/py3.11/linux.lock b/requirements/static/ci/py3.11/linux.lock index 12a7c181ef63..a70fba8c2392 100644 --- a/requirements/static/ci/py3.11/linux.lock +++ b/requirements/static/ci/py3.11/linux.lock @@ -379,6 +379,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.12/cloud.lock b/requirements/static/ci/py3.12/cloud.lock index 7d3034c3eaea..c44d4f0f450c 100644 --- a/requirements/static/ci/py3.12/cloud.lock +++ b/requirements/static/ci/py3.12/cloud.lock @@ -465,6 +465,10 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via + # -c requirements/static/ci/py3.12/linux.lock + # -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via # -c requirements/static/ci/py3.12/linux.lock diff --git a/requirements/static/ci/py3.12/darwin.lock b/requirements/static/ci/py3.12/darwin.lock index 35b45efb28be..f741136e6b37 100644 --- a/requirements/static/ci/py3.12/darwin.lock +++ b/requirements/static/ci/py3.12/darwin.lock @@ -347,6 +347,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.12/freebsd.lock b/requirements/static/ci/py3.12/freebsd.lock index d672ae12e705..12a43bf79776 100644 --- a/requirements/static/ci/py3.12/freebsd.lock +++ b/requirements/static/ci/py3.12/freebsd.lock @@ -376,6 +376,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 ; sys_platform != 'win32' + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.12/lint.lock b/requirements/static/ci/py3.12/lint.lock index afb5a593bdff..56bfcf2c9447 100644 --- a/requirements/static/ci/py3.12/lint.lock +++ b/requirements/static/ci/py3.12/lint.lock @@ -487,6 +487,10 @@ psutil==7.2.2 # -c requirements/static/ci/py3.12/linux.lock # -c requirements/static/pkg/py3.12/linux.lock # -r requirements/base.txt +psycopg2-binary==2.9.12 + # via + # -c requirements/static/ci/py3.12/linux.lock + # -r requirements/static/ci/common.txt pyasn1==0.6.3 # via # -c requirements/static/ci/py3.12/linux.lock diff --git a/requirements/static/ci/py3.12/linux.lock b/requirements/static/ci/py3.12/linux.lock index b89bf7115d6e..1bdba26c06dc 100644 --- a/requirements/static/ci/py3.12/linux.lock +++ b/requirements/static/ci/py3.12/linux.lock @@ -373,6 +373,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.13/cloud.lock b/requirements/static/ci/py3.13/cloud.lock index 76bdca21f998..74aeaf8b882b 100644 --- a/requirements/static/ci/py3.13/cloud.lock +++ b/requirements/static/ci/py3.13/cloud.lock @@ -466,6 +466,10 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via + # -c requirements/static/ci/py3.13/linux.lock + # -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via # -c requirements/static/ci/py3.13/linux.lock diff --git a/requirements/static/ci/py3.13/darwin.lock b/requirements/static/ci/py3.13/darwin.lock index 41c25a0e9866..502e9b3427f1 100644 --- a/requirements/static/ci/py3.13/darwin.lock +++ b/requirements/static/ci/py3.13/darwin.lock @@ -348,6 +348,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.13/freebsd.lock b/requirements/static/ci/py3.13/freebsd.lock index 5fd1603997b6..1b1e833dfb46 100644 --- a/requirements/static/ci/py3.13/freebsd.lock +++ b/requirements/static/ci/py3.13/freebsd.lock @@ -377,6 +377,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 ; sys_platform != 'win32' + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.13/lint.lock b/requirements/static/ci/py3.13/lint.lock index fd35520fb118..8ea9abc9ab1d 100644 --- a/requirements/static/ci/py3.13/lint.lock +++ b/requirements/static/ci/py3.13/lint.lock @@ -487,6 +487,10 @@ psutil==7.2.2 # -c requirements/static/ci/py3.13/linux.lock # -c requirements/static/pkg/py3.13/linux.lock # -r requirements/base.txt +psycopg2-binary==2.9.12 + # via + # -c requirements/static/ci/py3.13/linux.lock + # -r requirements/static/ci/common.txt pyasn1==0.6.3 # via # -c requirements/static/ci/py3.13/linux.lock diff --git a/requirements/static/ci/py3.13/linux.lock b/requirements/static/ci/py3.13/linux.lock index f9253540fa51..55ed9752df4c 100644 --- a/requirements/static/ci/py3.13/linux.lock +++ b/requirements/static/ci/py3.13/linux.lock @@ -374,6 +374,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.14/cloud.lock b/requirements/static/ci/py3.14/cloud.lock index e79b8295c35a..a944f3313d84 100644 --- a/requirements/static/ci/py3.14/cloud.lock +++ b/requirements/static/ci/py3.14/cloud.lock @@ -466,6 +466,10 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via + # -c requirements/static/ci/py3.14/linux.lock + # -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via # -c requirements/static/ci/py3.14/linux.lock diff --git a/requirements/static/ci/py3.14/darwin.lock b/requirements/static/ci/py3.14/darwin.lock index e6fad192a843..5480b2f54cba 100644 --- a/requirements/static/ci/py3.14/darwin.lock +++ b/requirements/static/ci/py3.14/darwin.lock @@ -348,6 +348,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.14/freebsd.lock b/requirements/static/ci/py3.14/freebsd.lock index 3e01406691ec..548f57015e97 100644 --- a/requirements/static/ci/py3.14/freebsd.lock +++ b/requirements/static/ci/py3.14/freebsd.lock @@ -365,6 +365,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 ; sys_platform != 'win32' + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.14/lint.lock b/requirements/static/ci/py3.14/lint.lock index 99fe4dd16314..4528d877972a 100644 --- a/requirements/static/ci/py3.14/lint.lock +++ b/requirements/static/ci/py3.14/lint.lock @@ -487,6 +487,10 @@ psutil==7.2.2 # -c requirements/static/ci/py3.14/linux.lock # -c requirements/static/pkg/py3.14/linux.lock # -r requirements/base.txt +psycopg2-binary==2.9.12 + # via + # -c requirements/static/ci/py3.14/linux.lock + # -r requirements/static/ci/common.txt pyasn1==0.6.3 # via # -c requirements/static/ci/py3.14/linux.lock diff --git a/requirements/static/ci/py3.14/linux.lock b/requirements/static/ci/py3.14/linux.lock index 6dae867aee75..4a5c478b8169 100644 --- a/requirements/static/ci/py3.14/linux.lock +++ b/requirements/static/ci/py3.14/linux.lock @@ -374,6 +374,8 @@ psutil==7.2.2 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.9/cloud.lock b/requirements/static/ci/py3.9/cloud.lock index f45f671626bc..910a90764207 100644 --- a/requirements/static/ci/py3.9/cloud.lock +++ b/requirements/static/ci/py3.9/cloud.lock @@ -525,6 +525,10 @@ psutil==5.9.8 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via + # -c requirements/static/ci/py3.9/linux.lock + # -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via # -c requirements/static/ci/py3.9/linux.lock diff --git a/requirements/static/ci/py3.9/darwin.lock b/requirements/static/ci/py3.9/darwin.lock index 8dcb9549a9be..31d1f776cf18 100644 --- a/requirements/static/ci/py3.9/darwin.lock +++ b/requirements/static/ci/py3.9/darwin.lock @@ -389,6 +389,8 @@ psutil==5.9.8 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.9/freebsd.lock b/requirements/static/ci/py3.9/freebsd.lock index 33a1424ed535..2ca21ffe669f 100644 --- a/requirements/static/ci/py3.9/freebsd.lock +++ b/requirements/static/ci/py3.9/freebsd.lock @@ -469,6 +469,8 @@ psutil==7.2.2 ; python_full_version >= '3.10' # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 ; sys_platform != 'win32' + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/requirements/static/ci/py3.9/lint.lock b/requirements/static/ci/py3.9/lint.lock index 7f6c47dd477c..559042dd57e2 100644 --- a/requirements/static/ci/py3.9/lint.lock +++ b/requirements/static/ci/py3.9/lint.lock @@ -551,6 +551,10 @@ psutil==5.9.8 # -c requirements/static/ci/py3.9/linux.lock # -c requirements/static/pkg/py3.9/linux.lock # -r requirements/base.txt +psycopg2-binary==2.9.12 + # via + # -c requirements/static/ci/py3.9/linux.lock + # -r requirements/static/ci/common.txt pyasn1==0.6.3 # via # -c requirements/static/ci/py3.9/linux.lock diff --git a/requirements/static/ci/py3.9/linux.lock b/requirements/static/ci/py3.9/linux.lock index fa7227fcf003..189c4b1f4576 100644 --- a/requirements/static/ci/py3.9/linux.lock +++ b/requirements/static/ci/py3.9/linux.lock @@ -419,6 +419,8 @@ psutil==5.9.8 # pytest-salt-factories # pytest-shell-utilities # pytest-system-statistics +psycopg2-binary==2.9.12 + # via -r requirements/static/ci/common.txt py-cpuinfo==9.0.0 # via pytest-benchmark pyasn1==0.6.3 diff --git a/salt/pillar/postgres.py b/salt/pillar/postgres.py index 41ac3da03b1e..8f46d4989325 100644 --- a/salt/pillar/postgres.py +++ b/salt/pillar/postgres.py @@ -69,6 +69,12 @@ def _get_options(self): "pass": "salt", "db": "salt", "port": 5432, + "sslmode": "prefer", + "sslcert": None, + "sslkey": None, + "sslrootcert": None, + "sslcrl": None, + "kwargs": {}, } _options = {} _opts = __opts__.get("postgres", {}) @@ -92,6 +98,12 @@ def _get_cursor(self): password=_options["pass"], dbname=_options["db"], port=_options["port"], + sslmode=_options["sslmode"], + sslcert=_options["sslcert"], + sslkey=_options["sslkey"], + sslrootcert=_options["sslrootcert"], + sslcrl=_options["sslcrl"], + **_options["kwargs"], ) cursor = conn.cursor() try: diff --git a/tests/pytests/unit/pillar/test_postgres.py b/tests/pytests/unit/pillar/test_postgres.py new file mode 100644 index 000000000000..42cabfd30715 --- /dev/null +++ b/tests/pytests/unit/pillar/test_postgres.py @@ -0,0 +1,67 @@ +import pytest + +import salt.pillar.postgres as postgres +from tests.support.mock import MagicMock, patch + +try: + import psycopg2 # pylint: disable=unused-import + + HAS_POSTGRES = True +except ImportError: + HAS_POSTGRES = False +pytestmark = [ + pytest.mark.skipif(not HAS_POSTGRES, reason="Package psycopg2 is not installed."), +] + + +def test_should_pass_ssl_args(): + postgres_opts = { + "postgres": { + "host": "postgres", + "sslmode": "verify-ca", + "sslcert": "/path/to/sslcert", + "sslkey": "/path/to/sslkey", + "sslrootcert": "/path/to/sslrootcert", + "sslcrl": "/path/to/sslcrl", + "kwargs": {"application_name": "salt"}, + } + } + with ( + patch("salt.pillar.postgres.__opts__", postgres_opts, create=True), + patch("psycopg2.connect", MagicMock()) as connect_mock, + ): + postgres.ext_pillar("test", {}) + connect_mock.assert_called_with( + host="postgres", + user="salt", + password="salt", + dbname="salt", + port=5432, + sslmode="verify-ca", + sslcert="/path/to/sslcert", + sslkey="/path/to/sslkey", + sslrootcert="/path/to/sslrootcert", + sslcrl="/path/to/sslcrl", + application_name="salt", + ) + + +def test_should_pass_default_args(): + postgres_opts = {} + with ( + patch("salt.pillar.postgres.__opts__", postgres_opts, create=True), + patch("psycopg2.connect", MagicMock()) as connect_mock, + ): + postgres.ext_pillar("test", {}) + connect_mock.assert_called_with( + host="localhost", + user="salt", + password="salt", + dbname="salt", + port=5432, + sslmode="prefer", + sslcert=None, + sslkey=None, + sslrootcert=None, + sslcrl=None, + )