Improve style of the role resource

hasegeli · hasegeli · commit 927a45593530 · 2018-04-06T19:24:45.000+02:00
diff --git a/manifests/server/role.pp b/manifests/server/role.pp
@@ -40,14 +40,13 @@
   }
 
   Postgresql_psql {
-    db         => $db,
-    port       => $port_override,
-    psql_user  => $psql_user,
-    psql_group => $psql_group,
-    psql_path  => $psql_path,
+    db               => $db,
+    port             => $port_override,
+    psql_user        => $psql_user,
+    psql_group       => $psql_group,
+    psql_path        => $psql_path,
     connect_settings => $connect_settings,
-    cwd        => $module_workdir,
-    require    => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],
+    cwd              => $module_workdir,
   }
 
   if $ensure == 'present' {
@@ -69,43 +68,50 @@
       command     => "CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}",
       unless      => "SELECT 1 FROM pg_roles WHERE rolname = '${username}'",
       environment => $environment,
-      require     => undef,
     }
 
-    postgresql_psql {"ALTER ROLE \"${username}\" ${superuser_sql}":
-      unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolsuper = ${superuser}",
+    postgresql_psql { "ALTER ROLE \"${username}\" ${superuser_sql}":
+      unless  => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolsuper = ${superuser}",
+      require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],
     }
 
-    postgresql_psql {"ALTER ROLE \"${username}\" ${createdb_sql}":
-      unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreatedb = ${createdb}",
+    postgresql_psql { "ALTER ROLE \"${username}\" ${createdb_sql}":
+      unless  => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreatedb = ${createdb}",
+      require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],
     }
 
-    postgresql_psql {"ALTER ROLE \"${username}\" ${createrole_sql}":
-      unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreaterole = ${createrole}",
+    postgresql_psql { "ALTER ROLE \"${username}\" ${createrole_sql}":
+      unless  => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreaterole = ${createrole}",
+      require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],
     }
 
-    postgresql_psql {"ALTER ROLE \"${username}\" ${login_sql}":
-      unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcanlogin = ${login}",
+    postgresql_psql { "ALTER ROLE \"${username}\" ${login_sql}":
+      unless  => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcanlogin = ${login}",
+      require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],
     }
 
-    postgresql_psql {"ALTER ROLE \"${username}\" ${inherit_sql}":
-      unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolinherit = ${inherit}",
+    postgresql_psql { "ALTER ROLE \"${username}\" ${inherit_sql}":
+      unless  => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolinherit = ${inherit}",
+      require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],
     }
 
     if(versioncmp($version, '9.1') >= 0) {
       if $replication_sql == '' {
-        postgresql_psql {"ALTER ROLE \"${username}\" NOREPLICATION":
-          unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}",
+        postgresql_psql { "ALTER ROLE \"${username}\" NOREPLICATION":
+          unless  => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}",
+          require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],
         }
       } else {
-        postgresql_psql {"ALTER ROLE \"${username}\" ${replication_sql}":
-          unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}",
+        postgresql_psql { "ALTER ROLE \"${username}\" ${replication_sql}":
+          unless  => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}",
+          require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],
         }
       }
     }
 
-    postgresql_psql {"ALTER ROLE \"${username}\" CONNECTION LIMIT ${connection_limit}":
-      unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolconnlimit = ${connection_limit}",
+    postgresql_psql { "ALTER ROLE \"${username}\" CONNECTION LIMIT ${connection_limit}":
+      unless  => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolconnlimit = ${connection_limit}",
+      require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],
     }
 
     if $password_hash and $update_password {
@@ -119,13 +125,13 @@
         command     => "ALTER ROLE \"${username}\" ${password_sql}",
         unless      => "SELECT 1 FROM pg_shadow WHERE usename = '${username}' AND passwd = '${pwd_hash_sql}'",
         environment => $environment,
+        require     => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],
       }
     }
   } else {
     # ensure == absent
     postgresql_psql { "DROP ROLE \"${username}\"":
       onlyif  => "SELECT 1 FROM pg_roles WHERE rolname = '${username}'",
-      require => undef,
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -40,14 +40,13 @@`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`Postgresql_psql {`
`43`		`- db => $db,`
`44`		`- port => $port_override,`
`45`		`- psql_user => $psql_user,`
`46`		`- psql_group => $psql_group,`
`47`		`- psql_path => $psql_path,`
	`43`	`+ db => $db,`
	`44`	`+ port => $port_override,`
	`45`	`+ psql_user => $psql_user,`
	`46`	`+ psql_group => $psql_group,`
	`47`	`+ psql_path => $psql_path,`
`48`	`48`	`connect_settings => $connect_settings,`
`49`		`- cwd => $module_workdir,`
`50`		`- require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],`
	`49`	`+ cwd => $module_workdir,`
`51`	`50`	`}`
`52`	`51`
`53`	`52`	`if $ensure == 'present' {`
`@@ -69,43 +68,50 @@`
`69`	`68`	`command => "CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}",`
`70`	`69`	`unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}'",`
`71`	`70`	`environment => $environment,`
`72`		`- require => undef,`
`73`	`71`	`}`
`74`	`72`
`75`		`- postgresql_psql {"ALTER ROLE \"${username}\" ${superuser_sql}":`
`76`		`- unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolsuper = ${superuser}",`
	`73`	`+ postgresql_psql { "ALTER ROLE \"${username}\" ${superuser_sql}":`
	`74`	`+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolsuper = ${superuser}",`
	`75`	`+ require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],`
`77`	`76`	`}`
`78`	`77`
`79`		`- postgresql_psql {"ALTER ROLE \"${username}\" ${createdb_sql}":`
`80`		`- unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreatedb = ${createdb}",`
	`78`	`+ postgresql_psql { "ALTER ROLE \"${username}\" ${createdb_sql}":`
	`79`	`+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreatedb = ${createdb}",`
	`80`	`+ require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],`
`81`	`81`	`}`
`82`	`82`
`83`		`- postgresql_psql {"ALTER ROLE \"${username}\" ${createrole_sql}":`
`84`		`- unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreaterole = ${createrole}",`
	`83`	`+ postgresql_psql { "ALTER ROLE \"${username}\" ${createrole_sql}":`
	`84`	`+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreaterole = ${createrole}",`
	`85`	`+ require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],`
`85`	`86`	`}`
`86`	`87`
`87`		`- postgresql_psql {"ALTER ROLE \"${username}\" ${login_sql}":`
`88`		`- unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcanlogin = ${login}",`
	`88`	`+ postgresql_psql { "ALTER ROLE \"${username}\" ${login_sql}":`
	`89`	`+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcanlogin = ${login}",`
	`90`	`+ require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],`
`89`	`91`	`}`
`90`	`92`
`91`		`- postgresql_psql {"ALTER ROLE \"${username}\" ${inherit_sql}":`
`92`		`- unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolinherit = ${inherit}",`
	`93`	`+ postgresql_psql { "ALTER ROLE \"${username}\" ${inherit_sql}":`
	`94`	`+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolinherit = ${inherit}",`
	`95`	`+ require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],`
`93`	`96`	`}`
`94`	`97`
`95`	`98`	`if(versioncmp($version, '9.1') >= 0) {`
`96`	`99`	`if $replication_sql == '' {`
`97`		`- postgresql_psql {"ALTER ROLE \"${username}\" NOREPLICATION":`
`98`		`- unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}",`
	`100`	`+ postgresql_psql { "ALTER ROLE \"${username}\" NOREPLICATION":`
	`101`	`+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}",`
	`102`	`+ require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],`
`99`	`103`	`}`
`100`	`104`	`} else {`
`101`		`- postgresql_psql {"ALTER ROLE \"${username}\" ${replication_sql}":`
`102`		`- unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}",`
	`105`	`+ postgresql_psql { "ALTER ROLE \"${username}\" ${replication_sql}":`
	`106`	`+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}",`
	`107`	`+ require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],`
`103`	`108`	`}`
`104`	`109`	`}`
`105`	`110`	`}`
`106`	`111`
`107`		`- postgresql_psql {"ALTER ROLE \"${username}\" CONNECTION LIMIT ${connection_limit}":`
`108`		`- unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolconnlimit = ${connection_limit}",`
	`112`	`+ postgresql_psql { "ALTER ROLE \"${username}\" CONNECTION LIMIT ${connection_limit}":`
	`113`	`+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolconnlimit = ${connection_limit}",`
	`114`	`+ require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],`
`109`	`115`	`}`
`110`	`116`
`111`	`117`	`if $password_hash and $update_password {`
`@@ -119,13 +125,13 @@`
`119`	`125`	`command => "ALTER ROLE \"${username}\" ${password_sql}",`
`120`	`126`	`unless => "SELECT 1 FROM pg_shadow WHERE usename = '${username}' AND passwd = '${pwd_hash_sql}'",`
`121`	`127`	`environment => $environment,`
	`128`	`+ require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"],`
`122`	`129`	`}`
`123`	`130`	`}`
`124`	`131`	`} else {`
`125`	`132`	`# ensure == absent`
`126`	`133`	`postgresql_psql { "DROP ROLE \"${username}\"":`
`127`	`134`	`onlyif => "SELECT 1 FROM pg_roles WHERE rolname = '${username}'",`
`128`		`- require => undef,`
`129`	`135`	`}`
`130`	`136`	`}`
`131`	`137`	`}`