From 5e3744ecfc8960ac86402ec3254e338856b65395 Mon Sep 17 00:00:00 2001
From: cruelsmith <92088441+cruelsmith@users.noreply.github.com>
Date: Fri, 24 Feb 2023 19:44:31 +0100
Subject: [PATCH] Fix wrong Sensitive handling for updating password

---
 manifests/server/role.pp         | 2 +-
 spec/defines/server/role_spec.rb | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/manifests/server/role.pp b/manifests/server/role.pp
index 0e3f117795..8656141356 100644
--- a/manifests/server/role.pp
+++ b/manifests/server/role.pp
@@ -166,7 +166,7 @@
         $pwd_hash_sql = postgresql::postgresql_password(
           $username,
           $password_hash,
-          $password_hash =~ Sensitive[String],
+          false,
           $hash,
           $salt,
         )
diff --git a/spec/defines/server/role_spec.rb b/spec/defines/server/role_spec.rb
index 7ad459f4d2..fc5fe501eb 100644
--- a/spec/defines/server/role_spec.rb
+++ b/spec/defines/server/role_spec.rb
@@ -58,11 +58,9 @@
 
     it 'has alter role for "test" user with password as ****' do
       expect(subject).to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****')
-        .with('command' => sensitive(%(ALTER ROLE "test" ENCRYPTED PASSWORD 'Sensitive [value redacted]')),
-              # FIXME: This is obviously wrong                               ^^^^^^^^^^^^^^^^^^^^^^^^^^
+        .with('command' => sensitive(%(ALTER ROLE "test" ENCRYPTED PASSWORD 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')),
               'sensitive' => 'true',
-              'unless' => sensitive(%(SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'Sensitive [value redacted]')),
-              # FIXME: This is obviously wrong                                                     ^^^^^^^^^^^^^^^^^^^^^^^^^^
+              'unless' => sensitive(%(SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')),
               'port' => '5432')
     end
   end