The postgresql::role defined type was not idempotent when passed cleartext
passwords. This is because we were comparing it with its md5 equivalent in
the db.
This patch converts any cleartext passwords to md5 before comparison, but
only if they are cleartext (ie. not starting with md5).
I also bumped the version of rspec-system-puppet to get use of the refresh
method, plus did some cleanup because the old tests were a bit dusty, again
taking advantage of refresh plus changing some matchers for clarity.
Signed-off-by: Ken Barber <ken@bob.sh>
Previously we only created a new user, any updates to the defined resource
would not update the role. This patch adds extra logic to modify a role
whenever a parameter is changed.
System tests have also been added to support this.
When the psql command runs from a directory it does not have permission to
access, it outputs an error. This error trips up the unless SQL command,
causing the other SQL commands to run even if not needed. Rather than ignore
stderr (which might hide something else), or use an arbitrary directory like
/tmp, this code sets the cwd to the data directory, which will exist and be
owned by the postgres user. If someone uses the postgres_psql type and
customises the psql_user parameter, they should also set an appropriate cwd.
This commit provides a working implementation of a ruby
type/provider (`postgresql_psql` for handling the PSQL
commands. This is a little more flexible than doing it
via Exec resources, which is what the `postgresql::psql`
type was doing.
The old type is still present but now includes a
deprecation notification, and all of the other types
that were using the `::psql` type have been ported over
to use the `postgresql_psql` type instead.
This will allow characters such as '-' in database role
names. Additionally, escaping of '"' characters now applies to all '"'
characters, not just the first in a sql command.
Renamed a few files and made some tweaks to try to get
database_grant, database_user, and database types into
a state where they work very similarly to the ones in
the mysql module. Also introduced a "postgresql_password"
function that can be used to generate an md5 password
hash for a postgres user.
