Fix/260 complex db passwords (#398)

Fix quoting of passwords in schema imports

Fixes #260

Author: Donien

.github/workflows/build.yml

@@ -63,7 +63,7 @@ jobs:
         env:
           MOLECULE_DISTRO: ${{ matrix.distro }}
 
-  icinga-default-scenario-ansible-2.18:
+  icinga-default-scenario-ansible-2-18:
     runs-on: ubuntu-latest
 
     env:

changelogs/fragments/fix-260-complex-db-passwords.yml

@@ -0,0 +1,6 @@
+bugfixes:
+  - |
+    More complex database passwords have been an issue when importing database schemas. The passwords are now properly quoted using the :code:`quote` filter.
+    This means that passwords containing characters such as :code:`#` and :code:`\` should now work correctly.
+
+    The change affects Icinga 2 (IDO), Icinga for Kubernetes, Icinga DB and Icinga Web 2.

roles/icinga2/tasks/features/idomysql.yml

@@ -34,7 +34,7 @@
           {% if icinga2_dict_features.idomysql.ssl_cipher is defined %} --ssl-cipher "{{ icinga2_dict_features.idomysql.ssl_cipher }}" {%- endif %}
           {% if icinga2_dict_features.idomysql.extra_options is defined %} {{ icinga2_dict_features.idomysql.extra_options }} {%- endif %}
           -u "{{ icinga2_dict_features.idomysql.user | default('icinga2') }}"
-          -p"{{ icinga2_dict_features.idomysql.password }}"
+          -p{{ icinga2_dict_features.idomysql.password | quote }}"
           "{{ icinga2_dict_features.idomysql.database | default('icinga2') }}"
 
     - name: MySQL check for IDO schema

roles/icinga2/tasks/features/idopgsql.yml

@@ -23,7 +23,7 @@
     - name: build psql command
       set_fact:
         psqlcmd: >-
-          PGPASSWORD="{{ icinga2_dict_features.idopgsql.password }}"
+          PGPASSWORD={{ icinga2_dict_features.idopgsql.password | quote }}
           psql
           "host={{ icinga2_dict_features.idopgsql.host| default('localhost') }}
           port={{ icinga2_dict_features.idopgsql.port| default('5432') }}

roles/icinga_kubernetes/tasks/manage_schema_mysql.yml

@@ -10,7 +10,7 @@
           {% if icinga_kubernetes_database_cert is defined %} --ssl-cert "{{ icinga_kubernetes_database_cert }}" {%- endif %}
           {% if icinga_kubernetes_database_key is defined %} --ssl-key "{{ icinga_kubernetes_database_key }}" {%- endif %}
           -u "{{ icinga_kubernetes_database_user | default('kubernetes') }}"
-          -p"{{ icinga_kubernetes_database_password }}"
+          -p{{ icinga_kubernetes_database_password | quote }}
           "{{ icinga_kubernetes_database_name | default('kubernetes') }}"
 
     - name: MySQL check for Kubernetes schema

roles/icinga_kubernetes/tasks/manage_schema_pgsql.yml

@@ -6,7 +6,7 @@
 #     - name: Build pgsql command
 #       ansible.builtin.set_fact:
 #         _tmp_pgsqlcmd: >-
-#           PGPASSWORD="{{ icinga_kubernetes_database_password }}"
+#           PGPASSWORD={{ icinga_kubernetes_database_password | quote }}
 #           psql
 #           "{% if icinga_kubernetes_database_host %} host="{{ icinga_kubernetes_database_host }}" {%- endif %}
 #           {% if icinga_kubernetes_database_port is defined %} port={{ icinga_kubernetes_database_port }} {%- endif %}

roles/icingadb/tasks/manage_schema_mysql.yml

@@ -10,7 +10,7 @@
           {% if icingadb_database_cert is defined %} --ssl-cert "{{ icingadb_database_cert }}" {%- endif %}
           {% if icingadb_database_key is defined %} --ssl-key "{{ icingadb_database_key }}" {%- endif %}
           -u "{{ icingadb_database_user | default('icingadb') }}"
-          -p"{{ icingadb_database_password }}"
+          -p{{ icingadb_database_password | quote }}
           "{{ icingadb_database_name | default('icingadb') }}"
 
     - name: MySQL check for IcingaDB schema

roles/icingadb/tasks/manage_schema_pgsql.yml

@@ -4,7 +4,7 @@
     - name: Build pgsql command
       ansible.builtin.set_fact:
         _tmp_pgsqlcmd: >-
-          PGPASSWORD="{{ icingadb_database_password }}"
+          PGPASSWORD={{ icingadb_database_password | quote }}
           psql
           "{% if icingadb_database_host %} host="{{ icingadb_database_host }}" {%- endif %}
           {% if icingadb_database_port is defined %} port={{ icingadb_database_port }} {%- endif %}

roles/icingaweb2/tasks/modules/manage_mysql_imports.yml

@@ -18,7 +18,7 @@
       {% if _db['ssl_cipher'] is defined %} --ssl-cipher "{{ _db['ssl_cipher'] }}" {%- endif %}
       {% if _db['ssl_extra_options'] is defined %} {{ _db['ssl_extra_options'] }} {%- endif %}
       -u "{{ _db['user'] }}"
-      -p"{{ _db['password'] }}"
+      -p{{ _db['password'] | quote }}
       "{{ _db['name'] }}"
 
 - name: MySQL check for db schema

roles/icingaweb2/tasks/modules/manage_pgsql_imports.yml

@@ -9,7 +9,7 @@
 - name: Build pgsql command
   ansible.builtin.set_fact:
     _tmp_pgsqlcmd: >-
-      PGPASSWORD="{{ _db['password'] }}"
+      PGPASSWORD={{ _db['password'] | quote }}
       psql
       "{% if _db['host'] | default('localhost') != 'localhost' %} host={{ _db['host'] }}{%- endif %}
       {% if _db['port'] is defined %} port={{ _db['port'] }}{%- endif %}