From 863a4b80dee95828e8829593706ddb4ae06dfbd5 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Thu, 19 Mar 2015 02:52:38 +0100 Subject: [PATCH] Fix setting postgres role password Discussed in https://tickets.puppetlabs.com/browse/MODULES-1869 It seems env variables passed via `exec`'s `environment` parameter must not be single-quoted, otherwise the single-quotes are interpreted literally in the command strings in `command` and `unless`. For a postgres password of `foobar` this leads to the `unless` code trying to use literally `'foobar'` as password, and the `psql` line in `command` setting literally `'$$foobar$$'` as password. --- manifests/server/passwd.pp | 4 ++-- spec/unit/classes/server_spec.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/server/passwd.pp b/manifests/server/passwd.pp index 2b489af..358a044 100644 --- a/manifests/server/passwd.pp +++ b/manifests/server/passwd.pp @@ -21,8 +21,8 @@ class postgresql::server::passwd { logoutput => true, cwd => '/tmp', environment => [ - "PGPASSWORD='${postgres_password}'", - "NEWPASSWD_ESCAPED='${escaped}'", + "PGPASSWORD=${postgres_password}", + "NEWPASSWD_ESCAPED=${escaped}", ], # With this command we're passing -h to force TCP authentication, which # does require a password. We specify the password via the PGPASSWORD diff --git a/spec/unit/classes/server_spec.rb b/spec/unit/classes/server_spec.rb index 64df958..c29473a 100644 --- a/spec/unit/classes/server_spec.rb +++ b/spec/unit/classes/server_spec.rb @@ -43,8 +43,8 @@ describe 'postgresql::server', :type => :class do 'command' => '/usr/bin/psql -c "ALTER ROLE \"postgres\" PASSWORD ${NEWPASSWD_ESCAPED}"', 'user' => 'postgres', 'environment' => [ - "PGPASSWORD='new-p@s$word-to-set'", - "NEWPASSWD_ESCAPED='$$new-p@s$word-to-set$$'" + "PGPASSWORD=new-p@s$word-to-set", + "NEWPASSWD_ESCAPED=$$new-p@s$word-to-set$$" ], 'unless' => "/usr/bin/psql -h localhost -p 5432 -c 'select 1' > /dev/null", })