Option to set database root password #38
Description
Lampsible currently (v2.1.1) has no option to set the database root password for the database which it installs. It takes the option --database-username, to create a "normal" database user - or implicitly asks for this value in actions that require it - and then asks the Lampsible user to set a password for that database user. The root password is never set.
The ability to set the database root password is an important improvement, that should be implemented soon.
In the "CLI application layer", we need to add the option --ask-database-root, and if the user passes this flag, the user should be asked to enter the database root password, which should subsequently be passed to the Ansible role. To be consistent with other passwords, it should also be possible to pass the --database-root-password directly, similar to other passwords, this should only work if --insecure-cli-password is also set.
In the "Python library layer", the Lampsible class should receive the new attribute database_root_password, and if this is set, it should be subsequently passed to the Ansible playbook.
To remain backwards compatible, if the CLI flag --ask-database-root or the class attribute Lampsible.database_root_password are not set, the behavior should be the same as before: don't set database root password. But in the next major version (v3), we can make the database root password required, or ask for it by default.
AC:
- CLI flag
--ask-database-root, a boolean value. If it is true, ask the user for database root password, similar to how we ask for other passwords - CLI flag
--database-root-password, which can be used to set the password directly via CLI, but only if--insecure-cli-passwordis set, similar to how other passwords are handled. - Add the attribute
database_root_passwordto classLampsible, so that something like this could work:
from lampsible.lampsible import Lampsible
lampsible = Lampsible(
web_user='someuser',
web_host='somehost.example.com',
action='lamp-stack',
database_name='mydb',
database_username='db-user',
database_password='topsecret',
database_root_password='supertopsecret',
)
result = lampsible.run()- There should be some comment in the code to remind us that we should change the default behavior in the next major version: Either ask for root password by default, or require it altogether.