Feat: Add support for Postgres-07 and Ubuntu2004

professormahi · professormahi · commit f171c9df0d62 · 2023-12-08T13:57:49.000+03:30
Signed-off-by: Mahdi Fooladgar (professormahi) &lt;professormahi_f@yahoo.com&gt;
diff --git a/.github/workflows/postgres_hardening.yml b/.github/workflows/postgres_hardening.yml
@@ -41,7 +41,7 @@ jobs:
           # - centosstream9
           # - rocky8
           # - rocky9
-          - ubuntu1804
+          # - ubuntu1804
           - ubuntu2004
           - ubuntu2204
           # - debian10
diff --git a/molecule/postgres_hardening/geerlingguy_postgresql_vars.yml b/molecule/postgres_hardening/geerlingguy_postgresql_vars.yml
@@ -2,4 +2,5 @@ postgresql_databases:
   - name: example_db
 postgresql_users:
   - name: postgres
-    password: iloverandompasswordsbutthiswilldo
+    password: iloverandompasswordsbutthiswilldo
+postgresql_auth_method: scram-sha-256
diff --git a/roles/postgres_hardening/defaults/main.yml b/roles/postgres_hardening/defaults/main.yml
@@ -10,6 +10,9 @@ postgres_hardening_restart_postgres: true
 postgres_user: postgres
 postgres_group: postgres
 
+# Password Authentication
+password_encryption: scram-sha-256
+
 # SSL
 ssl_enabled: "on"
 ssl_ciphers: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
diff --git a/roles/postgres_hardening/tasks/hardening.yml b/roles/postgres_hardening/tasks/hardening.yml
@@ -88,7 +88,7 @@
     mode: u=rw,g=r,o=
 
 #################################
-# POSTGRES-11/12/16 #############
+# POSTGRES-07/11/12/16 ##########
 #################################
 - name: Secure postgresql.conf Configuration
   ansible.builtin.lineinfile:
@@ -97,6 +97,8 @@
     regexp: "{{ item.regexp }}"
     state: present
   with_items:
+    - line: "password_encryption = {{ password_encryption }}"
+      regexp: "#?password_encryption\\s?="
     - line: "ssl = {{ ssl_enabled }}"
       regexp: "#?ssl\\s?="
     - line: "ssl_ciphers = '{{ ssl_ciphers }}'"
