Allow custom params for keyword "Connect To Database"

[amochin]

The entire connection logic and implementation was refactored

• There is only one mandatory parameter left - dbapiModuleName, it must be set - either as keyword argument or in config file.
• All other parameters are optional now. So if some connection data was missing, the error would come not from the Database Library, but from the Python DB module.
• If some params are not provided, they are not set to None - they are just not passed to the Python DB module at all.
• Other custom params from keyword arguments and config file are passed to the Python DB module as provided
• All parameters can be now set in a config file - including any custom params
• If same custom parameter is provided both as a keyword argument and in config file, the keyword argument value takes precedence.

Other changes

• Deprecate the Connect To Database Using Custom Params Keyword - it's not needed anymore, the updated Connect To Database keyword replaces it fully
• Stop using localhost as fallback value for DB host
• Stop using {SQL Server} as fallback value for pyodbc driver
• Update docs for the Connect To Database keyword, move docs for using the config file in a separate section

The PR contains also new and updated tests

[amochin]

@markus-leben could you please have a look?

[markus-leben]

Could there ever be non-password parameters a person may want to hide?

[amochin]

Emm, like what?

[markus-leben]

This currently doesn't use params_separator. I think it may break password hiding as-is for connection string based params.

Also, I think using string replacement may not be ideal for dbPassword, as a short password string might get replaced in the string. Like:

Connect *** DB using : pymysql.connect(dbPort=3306, dbCharset='utf8mb4', dbUsername='InsecurePWWriter', dbPassword='***')

(I'm not sure that's the exact result, just a proof of concept)

I think you could do param name spreading as:

params_separator = ", "
if connection_string:
msg += f'"{connection_string}"'
params_separator = "; "
sanitized_params = copy.copy(connection_params)
if dbPassword:
sanitized_params['dbPassword'] = "***"
msg += params_separator.join([f"{param_name}='{param_value}'" if isinstance(param_value, str)
else f"{param_name}={param_value}"
for param_name, param_value in sanitized_params.items()])

[amochin]

The params_separator is not used directly here, it's passed to the function _hide_password_values(). The separator is just different when using connection params as arguments or a connection string.

The replacement could indeed go wrong, if the password value is identical with some other parameter value - like username or host. I don't think it's really critical - but it might be a fix for future releases.

[markus-leben]

I do still think that having some sort of connection function that passes extra info into the exception on failure may be a good idea.

[amochin]

Could you please elaborate a bit on this? Currently, if the connect() call failed, the exception would not be caught, but fully printed in the RF log.