Allow adding roles, config entires and hba rules via hiera

Author: ekohl

manifests/server.pp

@@ -55,6 +55,11 @@
   $manage_pg_ident_conf       = $postgresql::params::manage_pg_ident_conf,
   $manage_recovery_conf       = $postgresql::params::manage_recovery_conf,
   $module_workdir             = $postgresql::params::module_workdir,
+
+  Hash[String, Hash] $roles         = {},
+  Hash[String, Any] $config_entries = {},
+  Hash[String, Hash] $pg_hba_rules  = {},
+
   #Deprecated
   $version                    = undef,
 ) inherits postgresql::params {
@@ -85,4 +90,22 @@
   -> Class['postgresql::server::config']
   -> Class['postgresql::server::service']
   -> Class['postgresql::server::passwd']
+
+  $roles.each |$rolename, $role| {
+    postgresql::server::role { $rolename:
+      * => $role,
+    }
+  }
+
+  $config_entries.each |$entry, $value| {
+    postgresql::server::config_entry { $entry:
+      value => $value,
+    }
+  }
+
+  $pg_hba_rules.each |$rule_name, $rule| {
+    postgresql::server::pg_hba_rule { $rule_name:
+      * => $rule,
+    }
+  }
 }

spec/acceptance/overridden_settings_spec.rb

@@ -0,0 +1,53 @@
+require 'spec_helper_acceptance'
+
+# These tests are designed to ensure that the module, when ran overrides,
+# sets up everything correctly and allows us to connect to Postgres.
+describe 'postgresql::server', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+  pp = <<-MANIFEST
+    class { 'postgresql::server':
+      roles          => {
+        'testusername' => {
+          password_hash => postgresql_password('testusername', 'supersecret'),
+          createdb      => true,
+        },
+      },
+      config_entries => {
+        max_connections => 200,
+      },
+      pg_hba_rules   => {
+        'from_remote_host' => {
+          type        => 'host',
+          database    => 'mydb',
+          user        => 'myuser',
+          auth_method => 'md5',
+          address     => '192.0.2.100/32',
+        },
+      },
+    }
+
+    postgresql::server::database { 'testusername':
+      owner => 'testusername',
+    }
+  MANIFEST
+
+  it 'with additional hiera entries' do
+    apply_manifest(pp, catch_failures: true)
+    apply_manifest(pp, catch_changes: true)
+  end
+
+  describe port(5432) do
+    it { is_expected.to be_listening }
+  end
+
+  it 'can connect with psql' do
+    psql('--command="\l" postgres', 'postgres') do |r|
+      expect(r.stdout).to match(%r{List of databases})
+    end
+  end
+
+  it 'can connect with psql as testusername' do
+    shell('PGPASSWORD=supersecret psql -U testusername -h localhost --command="\l"') do |r|
+      expect(r.stdout).to match(%r{List of databases})
+    end
+  end
+end

spec/unit/classes/server_spec.rb

@@ -163,4 +163,58 @@ class { 'postgresql::globals':
       is_expected.to contain_class('postgresql::repo').with_version('99.5')
     end
   end
+
+  describe 'additional roles' do
+    let(:params) do
+      {
+        roles: {
+          username: { createdb: true },
+        },
+      }
+    end
+
+    it { is_expected.to compile.with_all_deps }
+    it { is_expected.to contain_postgresql__server__role('username').with_createdb(true) }
+  end
+
+  describe 'additional config_entries' do
+    let(:params) do
+      {
+        config_entries: {
+          fsync: 'off',
+          checkpoint_segments: '20',
+        },
+      }
+    end
+
+    it { is_expected.to compile.with_all_deps }
+    it { is_expected.to contain_postgresql__server__config_entry('fsync').with_value('off') }
+    it { is_expected.to contain_postgresql__server__config_entry('checkpoint_segments').with_value('20') }
+  end
+
+  describe 'additional pg_hba_rules' do
+    let(:params) do
+      {
+        pg_hba_rules: {
+          from_remote_host: {
+            type: 'host',
+            database: 'mydb',
+            user: 'myuser',
+            auth_method: 'md5',
+            address: '192.0.2.100',
+          },
+        },
+      }
+    end
+
+    it { is_expected.to compile.with_all_deps }
+    it do # rubocop:disable RSpec/ExampleLength
+      is_expected.to contain_postgresql__server__pg_hba_rule('from_remote_host')
+        .with_type('host')
+        .with_database('mydb')
+        .with_user('myuser')
+        .with_auth_method('md5')
+        .with_address('192.0.2.100')
+    end
+  end
 end