Add "change database password" parameter - JIRA >10.3

[diLLec]

Pull Request (PR) description

From JIRA 10.3 on the password in the dbconfig.xml gets replaced with {ATL_SECURED} after JIRA has read-in the password and encrypted it into it's local password store.

This Pull Request (PR) fixes the following issues

Add the change_dbpassword parameter. Unless it is set to true the password will not be written into dbconfig.xml

[ShadNex]

I have tested your PR in our environment and it fixed the issue for us as well. Can we get this merged?

[kenyon]

Can you take a look at the test failures?

[kenyon]

Do we consider this a breaking change, since a user now has to set $change_dbpassword to true to keep the same behavior as before?

[diLLec]

Do we consider this a breaking change, since a user now has to set $change_dbpassword to true to keep the same behavior as before?

We either do that, or we add a version condition to $change_dbpassword = $jira::change_dbpassword in the config.pp like this

  if versioncmp($jira::version, '10.3.0') > 0 {
    $change_dbpassword = $jira::change_dbpassword
  }

Which way do you like more?

[diLLec]

Tests are OK now. Please let me know about the breaking change issue

[SimonHoenscheid]

LGTM

[alexjfisher]

Is there anyway to read the password (or a hash of it) from the 'local password store'?

[h-haaks]

Hmm, there is no added tests on jira versions less then 10.3 and the default of false. All tests have been changed to have 'change_dbpassword = true'

I'm afraid this change breaks existing setups with older versions of jira ...
This is because the template is changed to always insert '{ATL_SECURED}' when change_dbpassword is false.
I have not tested this yet, and it might be stopped by password policy, but if not the password will actually be changed to {ATL_SECURED}

[diLLec]

Hmm, there is no added tests on jira versions less then 10.3 and the default of false. All tests have been changed to have 'change_dbpassword = true'

I'm afraid this change breaks existing setups with older versions of jira ... This is because the template is changed to always insert '{ATL_SECURED}' when change_dbpassword is false. I have not tested this yet, and it might be stopped by password policy, but if not the password will actually be changed to {ATL_SECURED}

Thats totally true - I've asked if we should add a versioncmp here #429 (comment) but did not get any answers.

[kenyon]

Hmm, there is no added tests on jira versions less then 10.3 and the default of false. All tests have been changed to have 'change_dbpassword = true'
I'm afraid this change breaks existing setups with older versions of jira ... This is because the template is changed to always insert '{ATL_SECURED}' when change_dbpassword is false. I have not tested this yet, and it might be stopped by password policy, but if not the password will actually be changed to {ATL_SECURED}

Thats totally true - I've asked if we should add a versioncmp here #429 (comment) but did not get any answers.

I think the versioncmp would have been a good idea, but this was merged and released a bit hastily. We could still add the versioncmp and make another release.