The postgresql::role defined type was not idempotent when passed cleartext
passwords. This is because we were comparing it with its md5 equivalent in
the db.
This patch converts any cleartext passwords to md5 before comparison, but
only if they are cleartext (ie. not starting with md5).
I also bumped the version of rspec-system-puppet to get use of the refresh
method, plus did some cleanup because the old tests were a bit dusty, again
taking advantage of refresh plus changing some matchers for clarity.
Signed-off-by: Ken Barber <ken@bob.sh>
This allows non-standard users (pe-postgres) to change passwords. Also
added a function to do escaping of the password, added system tests
and rspec tests for the function.
The code to grant permissions databases and their objects has been
abstracted to `postgresql::grant` and is used by both
`postgresql::database_grant` and `postgresql::table_grant`
Previously we only created a new user, any updates to the defined resource
would not update the role. This patch adds extra logic to modify a role
whenever a parameter is changed.
System tests have also been added to support this.
This patch just adds some new tests for the unknown OS patch, and cleans up
some existing tests to look for the new warning message.
Also, change the warning message for $osfamily and manage_package_repo to
reflect the parameter at fault.
Signed-off-by: Ken Barber <ken@bob.sh>
Prior to this commit, if you attempted to use the module to
manage postgres on any OS other than Redhat/Debian, there
was an explicit check for that, and a call to `fail`.
In reality, the OS family is only used to build up defaults
for various path and package names, which are all exposed
as parameters. If the user is willing to explicitly pass
in all of those parameters, there's no reason we should
fail based on OS family.
This commit adds checks to the 'default' osfamily case
such that we now only fail if they're on a non-Redhat-or-Debian
system *and* they haven't explicitly passed in values for
all of the required parameters.
This patch ports all of the existing system tests to use rspec-system instead.
To assist with this conversion some patches were made to fix OS compatibility
where necessary. We also added an ensure parameter to the postgresql::server
class to assist with removing PostgreSQL configuration to aid with testing
cleanups.
The documentation has been updated to indicate test usage with rspec-system,
we've also renamed the 'tests' directory to 'examples'.
Signed-off-by: Ken Barber <ken@bob.sh>
This fixes some mistakes in the .travis.yml file:
* Corrects matches so the minor gem revisions get rounded, this means 2.6.0
for example is used.
* Adds Ruby 2.0.0 tests
* Allows 2.6.0 to fail for now, as it doesn't have create_resources.
* Removes trailing commas and arrays in functions for 2.6.0.
Signed-off-by: Ken Barber <ken@bob.sh>
This removes the 'include' parameter for PostgreSQL 8.1 as it was failing on
Centos 5.
Also added Centos 5 system tests using our new Vagrant boxes.
Signed-off-by: Ken Barber <ken@bob.sh>
While this worked fine in Ubuntu, it failed silently in Centos.
The script is really designed to be ran as root, so removing the user
property. This was failing our new pg_hba_rule tests without it.
Signed-off-by: Ken Barber <ken@bob.sh>
This patch provides a more advanced way of managing pg_hba rules, by providing a
defined resource to manage a pg_hba file, and a defined resource for managing
rules within such a file (pg_hba_rule).
These new resources are wrappers around ripinaar-concat, and utilise file
assemblies instead of a template to compose the pg_hba.conf file.
I've provided a function that interprets the old ip4|6acl arrays and converts
them to this new format for backwards compatibility as well.
I slightly reformatted our documentation to allow for better documentation of
defined resources in 'Usage' as well, and provided examples of how to use this
new resource.
This hopefully should go a long way to solving the PR's related to lack of full
functionality for pg_hba.conf.
Signed-off-by: Ken Barber <ken@bob.sh>
