Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Support for PostgreSQL #725

Open
wants to merge 26 commits into
base: master
Choose a base branch
from
Open

Add Support for PostgreSQL #725

wants to merge 26 commits into from

Conversation

professormahi
Copy link

I'm working on adding PostgreSQL hardening role to this collection.

@rndmh3ro
Copy link
Member

rndmh3ro commented Dec 1, 2023

Wow, that's awesome! Thank you!

If you have any problems or questions, feel free to reach out!

This was referenced Dec 7, 2023
Closed
Closed
@professormahi
Feat: Add basis for postgres-hardening
9cceb77 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Fix a typo on geerlingguy.postgresql
bcdf88d 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Fix: Add galaxy dependecy
d53986a 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Fix: change test version to galaxyproject.postgresql
1b19d6f 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Feat: Add postgres-01 and postgres-02
6bce1f9 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Fix: user fqcn of builtin modules
f66e1ea 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Feat: Change molecule postgres collection to geerlingguy
1a33ca4 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Feat: Add postgres-10
2e8c638 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Add geerlingguy_postgresql to .gitignore
6ddf542 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Feat: Add configration for postgres user/group
9048b6c 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Feat: Add postgres-11/12
27997f3 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Feat: Add Postgres-16
5c3c04f 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Feat: Add Postgres-20
05f3c60 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Feat: Add Postgres-13/14/15
d87d37e 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Feat: Add support for Postgres-07 and Ubuntu2004
f171c9d 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Fix: geerlingguy_postgresql_vars.yml should be excluded from ansible-…
82fb017 
…lint

Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi
Fix: refactor all linting problems
ebb1d9d 
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
@professormahi professormahi marked this pull request as ready for review December 8, 2023 12:18
@professormahi
Copy link
Author

I think the base version is ready for review after merging dev-sec/postgres-baseline#54.

@professormahi
Copy link
Author

This PR is ready to review after the workflow approval. @rndmh3ro

@rndmh3ro
Copy link
Member

Thanks @professormahi, sounds awesome. I'll try to take a look next week!

rndmh3ro
rndmh3ro reviewed Apr 22, 2024
View reviewed changes
Copy link
Member

@rndmh3ro rndmh3ro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I took an initial look and have some remarks, but great work nonetheless!

roles/postgres_hardening/tasks/hardening.yml Outdated Show resolved Hide resolved
roles/postgres_hardening/tasks/hardening.yml Outdated Show resolved Hide resolved
roles/postgres_hardening/tasks/hardening.yml
#################################
# POSTGRES-02 ###################
#################################
- name: Get postgres version
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use the postgresql_info_module here? According to the docs, getting the version is supported by the module.

Or don't you want to do this because then we'd have to connect to the postgres?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@professormahi What do you think about this?

roles/postgres_hardening/tasks/hardening.yml Outdated Show resolved Hide resolved
roles/postgres_hardening/tasks/hardening.yml Outdated Show resolved Hide resolved
roles/postgres_hardening/tasks/hardening.yml Outdated Show resolved Hide resolved
roles/postgres_hardening/tasks/hardening.yml Outdated Show resolved Hide resolved
roles/postgres_hardening/tasks/hardening.yml
# POSTGRES-07/11/12/16 ##########
#################################
- name: Secure postgresql.conf Configuration
ansible.builtin.lineinfile:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not a fan of using lineinfile. I'd rather use template.
Now I guess templating the whole postgresql.conf-file would be inconvenient, can we use includes?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@professormahi What do you think about this?

@professormahi @rndmh3ro
Fix: Remove debug Tasks
c28749d 
Co-authored-by: Sebastian Gumprich <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rndmh3ro rndmh3ro rndmh3ro left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@professormahi @rndmh3ro