From e82d032a28d94ddfb8b6af2830b47f8dcbd1bc34 Mon Sep 17 00:00:00 2001
From: Bouke Haarsma <bouke@haarsma.eu>
Date: Tue, 14 Jan 2020 09:41:37 +0100
Subject: [PATCH] Don't update scram hashed password if not changed

---
 manifests/server/role.pp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manifests/server/role.pp b/manifests/server/role.pp
index 98519ba990..7c37bb9458 100644
--- a/manifests/server/role.pp
+++ b/manifests/server/role.pp
@@ -130,6 +130,8 @@
     if $password_hash and $update_password {
       if($password_hash =~ /^md5.+/) {
         $pwd_hash_sql = $password_hash
+      } elsif($password_hash =~ /^SCRAM\-SHA\-256\$/) {
+        $pwd_hash_sql = $password_hash
       } else {
         $pwd_md5 = md5("${password_hash}${username}")
         $pwd_hash_sql = "md5${pwd_md5}"