Allow adding roles, config entires and hba rules via hiera

ekohl · ekohl · commit 4bba2461ff22 · 2018-01-31T18:36:25.000+01:00
diff --git a/manifests/server.pp b/manifests/server.pp
@@ -55,6 +55,11 @@
   $manage_pg_ident_conf       = $postgresql::params::manage_pg_ident_conf,
   $manage_recovery_conf       = $postgresql::params::manage_recovery_conf,
   $module_workdir             = $postgresql::params::module_workdir,
+
+  Hash[String, Hash] $roles         = {},
+  Hash[String, Any] $config_entries = {},
+  Hash[String, Hash] $pg_hba_rules  = {},
+
   #Deprecated
   $version                    = undef,
 ) inherits postgresql::params {
@@ -85,4 +90,22 @@
   -> Class['postgresql::server::config']
   -> Class['postgresql::server::service']
   -> Class['postgresql::server::passwd']
+
+  $roles.each |$rolename, $role| {
+    postgresql::server::role { $rolename:
+      * => $role,
+    }
+  }
+
+  $config_entries.each |$entry, $value| {
+    postgresql::server::config_entry { $entry:
+      value => $value,
+    }
+  }
+
+  $pg_hba_rules.each |$rule_name, $rule| {
+    postgresql::server::pg_hba_rule { $rule_name:
+      * => $rule,
+    }
+  }
 }
diff --git a/spec/acceptance/overridden_settings_spec.rb b/spec/acceptance/overridden_settings_spec.rb
@@ -0,0 +1,54 @@
+require 'spec_helper_acceptance'
+
+# These tests are designed to ensure that the module, when ran overrides,
+# sets up everything correctly and allows us to connect to Postgres.
+describe 'postgresql::server', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+  it 'with defaults' do
+    pp = <<-EOS
+      class { 'postgresql::server':
+        roles          => {
+          'testusername' => {
+            password_hash => postgresql_password('testusername', 'supersecret'),
+            createdb      => true,
+          },
+        },
+        config_entries => {
+          max_connections => 200,
+        },
+        pg_hba_rules   => {
+          'from_remote_host' => {
+            type        => 'host',
+            database    => 'mydb',
+            user        => 'myuser',
+            auth_method => 'md5',
+            address     => '192.0.2.100/32',
+          },
+        },
+      }
+
+      postgresql::server::database { 'testusername':
+        owner => 'testusername',
+      }
+    EOS
+
+    apply_manifest(pp, :catch_failures => true)
+    apply_manifest(pp, :catch_changes => true)
+  end
+
+  describe port(5432) do
+    it { is_expected.to be_listening }
+  end
+
+  it 'can connect with psql' do
+    psql('--command="\l" postgres', 'postgres') do |r|
+      expect(r.stdout).to match(/List of databases/)
+    end
+  end
+
+  it 'can connect with psql as testusername' do
+    shell('PGPASSWORD=supersecret psql -U testusername -h localhost --command="\l"') do |r|
+      expect(r.stdout).to match(/List of databases/)
+    end
+  end
+
+end
diff --git a/spec/unit/classes/server_spec.rb b/spec/unit/classes/server_spec.rb
@@ -165,4 +165,58 @@ class { 'postgresql::globals':
       is_expected.to contain_class('postgresql::repo').with_version('99.5')
     end
   end
+
+  describe 'additional roles' do
+    let(:params) do
+      {
+        :roles => {
+          :username => { :createdb => true }
+        }
+      }
+    end
+
+    it { is_expected.to compile.with_all_deps }
+    it { is_expected.to contain_postgresql__server__role('username').with_createdb(true) }
+  end
+
+  describe 'additional config_entries' do
+    let(:params) do
+      {
+        :config_entries => {
+          :fsync               => 'off',
+          :checkpoint_segments => '20'
+        }
+      }
+    end
+
+    it { is_expected.to compile.with_all_deps }
+    it { is_expected.to contain_postgresql__server__config_entry('fsync').with_value('off') }
+    it { is_expected.to contain_postgresql__server__config_entry('checkpoint_segments').with_value('20') }
+  end
+
+  describe 'additional pg_hba_rules' do
+    let(:params) do
+      {
+        :pg_hba_rules => {
+          :from_remote_host => {
+            :type        => 'host',
+            :database    => 'mydb',
+            :user        => 'myuser',
+            :auth_method => 'md5',
+            :address     => '192.0.2.100'
+          }
+        }
+      }
+    end
+
+    it { is_expected.to compile.with_all_deps }
+    it do
+      is_expected.to contain_postgresql__server__pg_hba_rule('from_remote_host'). \
+        with_type('host'). \
+        with_database('mydb'). \
+        with_user('myuser'). \
+        with_auth_method('md5'). \
+        with_address('192.0.2.100')
+    end
+  end
 end
