Add multi instance support, refactoring password.pp (5/x)

SimonHoenscheid · SimonHoenscheid · commit 80c79bb2f6e2 · 2023-01-27T17:15:14.000+01:00
This commit adds changes a class to add multi instance support to this module. The general idea is to first copy all classes which are used and create defines from them. These classes will use the defines as is. Necessary changes for the instances itself will be added to the classes and defined types at a later point. This ensures, the module will work as it does right now and there are no breaking changes.
diff --git a/manifests/server/instance_passwd.pp b/manifests/server/instance_passwd.pp
@@ -0,0 +1,53 @@
+define postgresql::server::instance_passwd (
+  $user                                           = $postgresql::server::user,
+  $group                                          = $postgresql::server::group,
+  $psql_path                                      = $postgresql::server::psql_path,
+  $port                                           = $postgresql::server::port,
+  $database                                       = $postgresql::server::default_database,
+  $module_workdir                                 = $postgresql::server::module_workdir,
+  Enum[String[1], Sensitive[1]]$postgres_password = $postgresql::server::postgres_password,
+
+) {
+  $real_postgres_password = if $postgres_password =~ Sensitive {
+    $postgres_password.unwrap
+  } else {
+    $postgres_password
+  }
+
+  # psql will default to connecting as $user if you don't specify name
+  $_datbase_user_same = $database == $user
+  $_dboption = $_datbase_user_same ? {
+    false => " --dbname ${shell_escape($database)}",
+    default => ''
+  }
+
+  if $real_postgres_password {
+    # NOTE: this password-setting logic relies on the pg_hba.conf being
+    #  configured to allow the postgres system user to connect via psql
+    #  without specifying a password ('ident' or 'trust' security). This is
+    #  the default for pg_hba.conf.
+    $escaped = postgresql::postgresql_escape($real_postgres_password)
+    $exec_command = "${shell_escape($psql_path)}${_dboption} -c \"ALTER ROLE \\\"${shell_escape($user)}\\\" PASSWORD \${NEWPASSWD_ESCAPED}\""
+    exec { 'set_postgres_postgrespw':
+      # This command works w/no password because we run it as postgres system
+      # user
+      command     => $exec_command,
+      user        => $user,
+      group       => $group,
+      logoutput   => true,
+      cwd         => $module_workdir,
+      environment => [
+        "PGPASSWORD=${real_postgres_password}",
+        "PGPORT=${port}",
+        "NEWPASSWD_ESCAPED=${escaped}",
+      ],
+      # With this command we're passing -h to force TCP authentication, which
+      # does require a password.  We specify the password via the PGPASSWORD
+      # environment variable. If the password is correct (current), this
+      # command will exit with an exit code of 0, which will prevent the main
+      # command from running.
+      unless      => "${psql_path} -h localhost -p ${port} -c 'select 1' > /dev/null",
+      path        => '/usr/bin:/usr/local/bin:/bin',
+    }
+  }
+}
diff --git a/manifests/server/passwd.pp b/manifests/server/passwd.pp
@@ -1,52 +1,12 @@
 # @api private
 class postgresql::server::passwd {
-  $postgres_password = if $postgresql::server::postgres_password =~ Sensitive {
-    $postgresql::server::postgres_password.unwrap
-  } else {
-    $postgresql::server::postgres_password
-  }
-
-  $user              = $postgresql::server::user
-  $group             = $postgresql::server::group
-  $psql_path         = $postgresql::server::psql_path
-  $port              = $postgresql::server::port
-  $database          = $postgresql::server::default_database
-  $module_workdir    = $postgresql::server::module_workdir
-
-  # psql will default to connecting as $user if you don't specify name
-  $_datbase_user_same = $database == $user
-  $_dboption = $_datbase_user_same ? {
-    false => " --dbname ${shell_escape($database)}",
-    default => ''
-  }
-
-  if $postgres_password {
-    # NOTE: this password-setting logic relies on the pg_hba.conf being
-    #  configured to allow the postgres system user to connect via psql
-    #  without specifying a password ('ident' or 'trust' security). This is
-    #  the default for pg_hba.conf.
-    $escaped = postgresql::postgresql_escape($postgres_password)
-    $exec_command = "${shell_escape($psql_path)}${_dboption} -c \"ALTER ROLE \\\"${shell_escape($user)}\\\" PASSWORD \${NEWPASSWD_ESCAPED}\""
-    exec { 'set_postgres_postgrespw':
-      # This command works w/no password because we run it as postgres system
-      # user
-      command     => $exec_command,
-      user        => $user,
-      group       => $group,
-      logoutput   => true,
-      cwd         => $module_workdir,
-      environment => [
-        "PGPASSWORD=${postgres_password}",
-        "PGPORT=${port}",
-        "NEWPASSWD_ESCAPED=${escaped}",
-      ],
-      # With this command we're passing -h to force TCP authentication, which
-      # does require a password.  We specify the password via the PGPASSWORD
-      # environment variable. If the password is correct (current), this
-      # command will exit with an exit code of 0, which will prevent the main
-      # command from running.
-      unless      => "${psql_path} -h localhost -p ${port} -c 'select 1' > /dev/null",
-      path        => '/usr/bin:/usr/local/bin:/bin',
-    }
+  postgresql::server::instance_passwd { 'main':
+    user              => $postgresql::server::user,
+    group             => $postgresql::server::group,
+    psql_path         => $postgresql::server::psql_path,
+    port              => $postgresql::server::port,
+    database          => $postgresql::server::default_database,
+    module_workdir    => $postgresql::server::module_workdir,
+    postgres_password => $postgresql::server::postgres_password,
   }
 }
diff --git a/spec/defines/server/instance_passwd.rb b/spec/defines/server/instance_passwd.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'postgresql::server::instance_passwd' do
+  let(:title) { 'main' }
+
+  on_supported_os.each do |os, os_facts|
+    context "on #{os}" do
+      let :facts do
+        os_facts
+      end
+
+      let :pre_condition do
+        "class {'postgresql::server':}"
+      end
+
+      context 'with defaults from passwd class' do
+        it { is_expected.to compile.with_all_deps }
+      end
+    end
+  end
+end
