From dd052321778fe2d9563fac4f3baf4c7c52b84923 Mon Sep 17 00:00:00 2001 From: Bruno Harbulot Date: Sat, 16 Mar 2013 17:32:27 +0000 Subject: [PATCH] Adding the ability to create users without a password. --- manifests/database_user.pp | 2 +- manifests/role.pp | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/manifests/database_user.pp b/manifests/database_user.pp index 4ad3b2d..e69b106 100644 --- a/manifests/database_user.pp +++ b/manifests/database_user.pp @@ -38,7 +38,7 @@ # define postgresql::database_user( - $password_hash, + $password_hash = false, $createdb = false, $createrole = false, $db = $postgresql::params::user, diff --git a/manifests/role.pp b/manifests/role.pp index 8b0db5f..6a08369 100644 --- a/manifests/role.pp +++ b/manifests/role.pp @@ -17,7 +17,7 @@ # limitations under the License. define postgresql::role( - $password_hash, + $password_hash = false, $createdb = false, $createrole = false, $db = 'postgres', @@ -40,9 +40,14 @@ define postgresql::role( $createdb_sql = $createdb ? { true => 'CREATEDB' , default => 'NOCREATEDB' } $superuser_sql = $superuser ? { true => 'SUPERUSER' , default => 'NOSUPERUSER' } $replication_sql = $replication ? { true => 'REPLICATION' , default => '' } + if ($password_hash != false) { + $password_sql = "ENCRYPTED PASSWORD '${password_hash}'" + } else { + $password_sql = "" + } # TODO: FIXME: Will not correct the superuser / createdb / createrole / login / replication status nor the connection limit of a role that already exists - postgresql_psql {"CREATE ROLE \"${username}\" ENCRYPTED PASSWORD '${password_hash}' ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}": + postgresql_psql {"CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}": db => $db, psql_user => $postgresql::params::user, unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}'",