diff --git a/.devcontainer/README.md b/.devcontainer/README.md index cc4675e5dd..a719361689 100644 --- a/.devcontainer/README.md +++ b/.devcontainer/README.md @@ -13,14 +13,18 @@ https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/pupp // Set *default* container specific settings.json values on container create. "settings": { - "terminal.integrated.shell.linux": "/bin/bash" + "terminal.integrated.profiles.linux": { + "bash": { + "path": "bash", + } + } }, // Add the IDs of extensions you want installed when the container is created. "extensions": [ "puppet.puppet-vscode", "rebornix.Ruby" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. "forwardPorts": [], diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index fe7a8b12b9..cdd65d220a 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -5,7 +5,7 @@ "settings": { "terminal.integrated.profiles.linux": { "bash": { - "path": "bash", + "path": "bash" } } }, diff --git a/.fixtures.yml b/.fixtures.yml index f87b7e1bd0..9846440fef 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,17 +1,15 @@ fixtures: repositories: apt: "https://github.com/puppetlabs/puppetlabs-apt.git" - augeas_core: - repo: "https://github.com/puppetlabs/puppetlabs-augeas_core.git" - puppet_version: ">= 6.0.0" + augeas_core: "https://github.com/puppetlabs/puppetlabs-augeas_core.git" concat: "https://github.com/puppetlabs/puppetlabs-concat.git" + cron_core: "https://github.com/puppetlabs/puppetlabs-cron_core.git" facts: 'https://github.com/puppetlabs/puppetlabs-facts.git' firewall: "https://github.com/puppetlabs/puppetlabs-firewall.git" provision: "https://github.com/puppetlabs/provision.git" - puppet_agent: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git' + puppet_agent: + repo: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git' + ref: v4.13.0 stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib.git" - yumrepo_core: - repo: "https://github.com/puppetlabs/puppetlabs-yumrepo_core.git" - puppet_version: ">= 6.0.0" - symlinks: - postgresql: "#{source_dir}" + yumrepo_core: "https://github.com/puppetlabs/puppetlabs-yumrepo_core.git" + systemd: "https://github.com/voxpupuli/puppet-systemd.git" diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000000..e3a97007e3 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,15 @@ +## Summary +Provide a detailed description of all the changes present in this pull request. + +## Additional Context +Add any additional context about the problem here. +- [ ] Root cause and the steps to reproduce. (If applicable) +- [ ] Thought process behind the implementation. + +## Related Issues (if any) +Mention any related issues or pull requests. + +## Checklist +- [ ] 🟢 Spec tests. +- [ ] 🟢 Acceptance tests. +- [ ] Manually verified. (For example `puppet apply`) \ No newline at end of file diff --git a/.github/workflows/auto_release.yml b/.github/workflows/auto_release.yml deleted file mode 100644 index f4aed440e5..0000000000 --- a/.github/workflows/auto_release.yml +++ /dev/null @@ -1,90 +0,0 @@ -name: "Auto release" - -on: - workflow_dispatch: - -env: - HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 - HONEYCOMB_DATASET: litmus tests - CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - -jobs: - auto_release: - name: "Automatic release prep" - runs-on: ubuntu-20.04 - - steps: - - - name: "Honeycomb: Start recording" - uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 - with: - apikey: ${{ env.HONEYCOMB_WRITEKEY }} - dataset: ${{ env.HONEYCOMB_DATASET }} - job-status: ${{ job.status }} - - - name: "Honeycomb: start first step" - run: | - echo STEP_ID="auto-release" >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: "Checkout Source" - if: ${{ github.repository_owner == 'puppetlabs' }} - uses: actions/checkout@v2 - with: - fetch-depth: 0 - persist-credentials: false - - - name: "PDK Release prep" - uses: docker://puppet/iac_release:ci - with: - args: 'release prep --force' - env: - CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: "Get Version" - if: ${{ github.repository_owner == 'puppetlabs' }} - id: gv - run: | - echo "::set-output name=ver::$(jq --raw-output .version metadata.json)" - - - name: "Check if a release is necessary" - if: ${{ github.repository_owner == 'puppetlabs' }} - id: check - run: | - git diff --quiet CHANGELOG.md && echo "::set-output name=release::false" || echo "::set-output name=release::true" - - - name: "Commit changes" - if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }} - run: | - git config --local user.email "${{ github.repository_owner }}@users.noreply.github.com" - git config --local user.name "GitHub Action" - git add . - git commit -m "Release prep v${{ steps.gv.outputs.ver }}" - - - name: Create Pull Request - id: cpr - uses: puppetlabs/peter-evans-create-pull-request@v3 - if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }} - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: "Release prep v${{ steps.gv.outputs.ver }}" - branch: "release-prep" - delete-branch: true - title: "Release prep v${{ steps.gv.outputs.ver }}" - body: | - Automated release-prep through [pdk-templates](https://github.com/puppetlabs/pdk-templates/blob/main/moduleroot/.github/workflows/auto_release.yml.erb) from commit ${{ github.sha }}. - Please verify before merging: - - [ ] last [nightly](https://github.com/${{ github.repository }}/actions/workflows/nightly.yml) run is green - - [ ] [Changelog](https://github.com/${{ github.repository }}/blob/release-prep/CHANGELOG.md) is readable and has no unlabeled pull requests - - [ ] Ensure the [changelog](https://github.com/${{ github.repository }}/blob/release-prep/CHANGELOG.md) version and [metadata](https://github.com/${{ github.repository }}/blob/release-prep/metadata.json) version match - labels: "maintenance" - - - name: PR outputs - if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }} - run: | - echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" - echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" - - - name: "Honeycomb: Record finish step" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Finished auto release workflow' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000000..e6dd8d7bc0 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,21 @@ +name: "ci" + +on: + pull_request: + branches: + - "main" + workflow_dispatch: + +jobs: + Spec: + uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" + with: + runs_on: "ubuntu-20.04" + secrets: "inherit" + + Acceptance: + needs: Spec + uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" + with: + runs_on: "ubuntu-20.04" + secrets: "inherit" diff --git a/.github/workflows/labeller.yml b/.github/workflows/labeller.yml new file mode 100644 index 0000000000..ee149bf525 --- /dev/null +++ b/.github/workflows/labeller.yml @@ -0,0 +1,27 @@ +name: Labeller + +on: + issues: + types: + - opened + - labeled + - unlabeled + pull_request_target: + types: + - opened + - labeled + - unlabeled + +jobs: + label: + runs-on: ubuntu-latest + steps: + + - uses: puppetlabs/community-labeller@v1.0.1 + name: Label issues or pull requests + with: + label_name: community + label_color: '5319e7' + org_membership: puppetlabs + fail_if_member: 'true' + token: ${{ secrets.IAC_COMMUNITY_LABELER }} diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml new file mode 100644 index 0000000000..b4100a5af0 --- /dev/null +++ b/.github/workflows/mend.yml @@ -0,0 +1,15 @@ +name: "mend" + +on: + pull_request: + branches: + - "main" + schedule: + - cron: "0 0 * * *" + workflow_dispatch: + +jobs: + + mend: + uses: "puppetlabs/cat-github-actions/.github/workflows/mend_ruby.yml@main" + secrets: "inherit" diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 5cfc376089..b8786059ec 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -2,202 +2,19 @@ name: "nightly" on: schedule: - - cron: '0 0 * * *' - - -env: - HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 - HONEYCOMB_DATASET: litmus tests + - cron: "0 0 * * *" + workflow_dispatch: jobs: - setup_matrix: - name: "Setup Test Matrix" - runs-on: ubuntu-20.04 - outputs: - matrix: ${{ steps.get-matrix.outputs.matrix }} - - steps: - - - name: "Honeycomb: Start recording" - uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 - with: - apikey: ${{ env.HONEYCOMB_WRITEKEY }} - dataset: ${{ env.HONEYCOMB_DATASET }} - job-status: ${{ job.status }} + Spec: + uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" + with: + runs_on: "ubuntu-20.04" + secrets: "inherit" - - name: "Honeycomb: Start first step" - run: | - echo STEP_ID=setup-environment >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Checkout Source - uses: actions/checkout@v2 - if: ${{ github.repository_owner == 'puppetlabs' }} - - - name: Activate Ruby 2.7 - uses: ruby/setup-ruby@v1 - if: ${{ github.repository_owner == 'puppetlabs' }} - with: - ruby-version: "2.7" - bundler-cache: true - - - name: Print bundle environment - if: ${{ github.repository_owner == 'puppetlabs' }} - run: | - echo ::group::bundler environment - buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env - echo ::endgroup:: - - - name: "Honeycomb: Record Setup Environment time" - if: ${{ github.repository_owner == 'puppetlabs' }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' - echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Setup Acceptance Test Matrix - id: get-matrix - if: ${{ github.repository_owner == 'puppetlabs' }} - run: | - if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then - buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 --exclude-platforms '["Scientific-6", "Scientific-7", "Debian-9", "Debian-10", "Debian-11", "SLES-12", "SLES-15", "Ubuntu-14.04", "Ubuntu-16.04", "Ubuntu-18.04", "Ubuntu-20.04"]' - else - echo "::set-output name=matrix::{}" - fi - - - name: "Honeycomb: Record Setup Test Matrix time" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' Acceptance: - name: "${{matrix.platforms.label}}, ${{matrix.collection}}" - needs: - - setup_matrix - - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} - - env: - BUILDEVENT_FILE: '../buildevents.txt' - - steps: - - run: | - echo 'platform=${{ matrix.platforms.image }}' >> $BUILDEVENT_FILE - echo 'collection=${{ matrix.collection }}' >> $BUILDEVENT_FILE - echo 'label=${{ matrix.platforms.label }}' >> $BUILDEVENT_FILE - - - - name: "Honeycomb: Start recording" - uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 - with: - apikey: ${{ env.HONEYCOMB_WRITEKEY }} - dataset: ${{ env.HONEYCOMB_DATASET }} - job-status: ${{ job.status }} - matrix-key: ${{ matrix.platforms.label }}-${{ matrix.collection }} - - - name: "Honeycomb: start first step" - run: | - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-1 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - - name: Checkout Source - uses: actions/checkout@v2 - - - name: Activate Ruby 2.7 - uses: ruby/setup-ruby@v1 - with: - ruby-version: "2.7" - bundler-cache: true - - - name: Print bundle environment - run: | - echo ::group::bundler environment - buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env - echo ::endgroup:: - - - name: "Honeycomb: Record Setup Environment time" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-2 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - - name: Provision test environment - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:provision ${{ matrix.platforms.image }}' -- bundle exec rake 'litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]' - echo ::group::=== REQUEST === - cat request.json || true - echo - echo ::endgroup:: - echo ::group::=== INVENTORY === - if [ -f 'spec/fixtures/litmus_inventory.yaml' ]; - then - FILE='spec/fixtures/litmus_inventory.yaml' - elif [ -f 'inventory.yaml' ]; - then - FILE='inventory.yaml' - fi - sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true - echo ::endgroup:: - - - name: Install agent - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_agent ${{ matrix.collection }}' -- bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' - - - name: Install module - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_module' -- bundle exec rake 'litmus:install_module' - - - name: "Honeycomb: Record deployment times" - if: ${{ always() }} - run: | - echo ::group::honeycomb step - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Deploy test system' - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-3 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - echo ::endgroup:: - - - name: Run acceptance tests - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:acceptance:parallel' -- bundle exec rake 'litmus:acceptance:parallel' - - - name: "Honeycomb: Record acceptance testing times" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Run acceptance tests' - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-4 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - - name: Remove test environment - if: ${{ always() }} - continue-on-error: true - run: | - if [[ -f inventory.yaml || -f spec/fixtures/litmus_inventory.yaml ]]; then - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:tear_down' -- bundle exec rake 'litmus:tear_down' - echo ::group::=== REQUEST === - cat request.json || true - echo - echo ::endgroup:: - fi - - - name: "Honeycomb: Record removal times" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Remove test environment' - - slack-workflow-status: - if: always() - name: Post Workflow Status To Slack - needs: - - Acceptance - runs-on: ubuntu-20.04 - steps: - - name: Slack Workflow Notification - uses: puppetlabs/Gamesight-slack-workflow-status@pdk-templates-v1 - with: - # Required Input - repo_token: ${{ secrets.GITHUB_TOKEN }} - slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }} - # Optional Input - channel: '#team-ia-bots' - name: 'GABot' + needs: Spec + uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" + with: + runs_on: "ubuntu-20.04" + secrets: "inherit" diff --git a/.github/workflows/nightly_non_rhel.yml b/.github/workflows/nightly_non_rhel.yml deleted file mode 100644 index dc21aa867d..0000000000 --- a/.github/workflows/nightly_non_rhel.yml +++ /dev/null @@ -1,203 +0,0 @@ -name: "nightly" - -on: - schedule: - - cron: '0 0 * * *' - - -env: - HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 - HONEYCOMB_DATASET: litmus tests - -jobs: - setup_matrix: - name: "Setup Test Matrix" - runs-on: ubuntu-20.04 - outputs: - matrix: ${{ steps.get-matrix.outputs.matrix }} - - steps: - - - name: "Honeycomb: Start recording" - uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 - with: - apikey: ${{ env.HONEYCOMB_WRITEKEY }} - dataset: ${{ env.HONEYCOMB_DATASET }} - job-status: ${{ job.status }} - - - name: "Honeycomb: Start first step" - run: | - echo STEP_ID=setup-environment >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Checkout Source - uses: actions/checkout@v2 - if: ${{ github.repository_owner == 'puppetlabs' }} - - - name: Activate Ruby 2.7 - uses: ruby/setup-ruby@v1 - if: ${{ github.repository_owner == 'puppetlabs' }} - with: - ruby-version: "2.7" - bundler-cache: true - - - name: Print bundle environment - if: ${{ github.repository_owner == 'puppetlabs' }} - run: | - echo ::group::bundler environment - buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env - echo ::endgroup:: - - - name: "Honeycomb: Record Setup Environment time" - if: ${{ github.repository_owner == 'puppetlabs' }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' - echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Setup Acceptance Test Matrix - id: get-matrix - if: ${{ github.repository_owner == 'puppetlabs' }} - run: | - if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then - buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 --exclude-platforms '["RedHat-6", "RedHat-7", "RedHat-8", "CentOS-6", "CentOS-7", "CentOS-8", "OracleLinux-6", "OracleLinux-7", "Rocky-8", "AlmaLinux-8"]' - else - echo "::set-output name=matrix::{}" - fi - - - name: "Honeycomb: Record Setup Test Matrix time" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' - Acceptance: - name: "${{matrix.platforms.label}}, ${{matrix.collection}}" - needs: - - setup_matrix - - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} - - env: - BUILDEVENT_FILE: '../buildevents.txt' - - steps: - - run: | - echo 'platform=${{ matrix.platforms.image }}' >> $BUILDEVENT_FILE - echo 'collection=${{ matrix.collection }}' >> $BUILDEVENT_FILE - echo 'label=${{ matrix.platforms.label }}' >> $BUILDEVENT_FILE - - - - name: "Honeycomb: Start recording" - uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 - with: - apikey: ${{ env.HONEYCOMB_WRITEKEY }} - dataset: ${{ env.HONEYCOMB_DATASET }} - job-status: ${{ job.status }} - matrix-key: ${{ matrix.platforms.label }}-${{ matrix.collection }} - - - name: "Honeycomb: start first step" - run: | - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-1 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - - name: Checkout Source - uses: actions/checkout@v2 - - - name: Activate Ruby 2.7 - uses: ruby/setup-ruby@v1 - with: - ruby-version: "2.7" - bundler-cache: true - - - name: Print bundle environment - run: | - echo ::group::bundler environment - buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env - echo ::endgroup:: - - - name: "Honeycomb: Record Setup Environment time" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-2 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - - name: Provision test environment - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:provision ${{ matrix.platforms.image }}' -- bundle exec rake 'litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]' - echo ::group::=== REQUEST === - cat request.json || true - echo - echo ::endgroup:: - echo ::group::=== INVENTORY === - if [ -f 'spec/fixtures/litmus_inventory.yaml' ]; - then - FILE='spec/fixtures/litmus_inventory.yaml' - elif [ -f 'inventory.yaml' ]; - then - FILE='inventory.yaml' - fi - sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true - echo ::endgroup:: - - - name: Install agent - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_agent ${{ matrix.collection }}' -- bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' - - - name: Install module - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_module' -- bundle exec rake 'litmus:install_module' - - - name: "Honeycomb: Record deployment times" - if: ${{ always() }} - run: | - echo ::group::honeycomb step - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Deploy test system' - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-3 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - echo ::endgroup:: - - - name: Run acceptance tests - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:acceptance:parallel' -- bundle exec rake 'litmus:acceptance:parallel' - - - name: "Honeycomb: Record acceptance testing times" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Run acceptance tests' - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-4 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - - name: Remove test environment - if: ${{ always() }} - continue-on-error: true - run: | - if [[ -f inventory.yaml || -f spec/fixtures/litmus_inventory.yaml ]]; then - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:tear_down' -- bundle exec rake 'litmus:tear_down' - echo ::group::=== REQUEST === - cat request.json || true - echo - echo ::endgroup:: - fi - - - name: "Honeycomb: Record removal times" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Remove test environment' - - slack-workflow-status: - if: always() - name: Post Workflow Status To Slack - needs: - - Acceptance - runs-on: ubuntu-20.04 - steps: - - name: Slack Workflow Notification - uses: puppetlabs/Gamesight-slack-workflow-status@pdk-templates-v1 - with: - # Required Input - repo_token: ${{ secrets.GITHUB_TOKEN }} - slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }} - # Optional Input - channel: '#team-ia-bots' - name: 'GABot' diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml deleted file mode 100644 index 46d47bd4e6..0000000000 --- a/.github/workflows/pr_test.yml +++ /dev/null @@ -1,185 +0,0 @@ -name: "PR Testing" - -on: [pull_request] - - -env: - - HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 - HONEYCOMB_DATASET: litmus tests - -jobs: - setup_matrix: - name: "Setup Test Matrix" - runs-on: ubuntu-20.04 - outputs: - matrix: ${{ steps.get-matrix.outputs.matrix }} - - steps: - - - name: "Honeycomb: Start recording" - uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 - with: - apikey: ${{ env.HONEYCOMB_WRITEKEY }} - dataset: ${{ env.HONEYCOMB_DATASET }} - job-status: ${{ job.status }} - - - name: "Honeycomb: Start first step" - run: | - echo STEP_ID=setup-environment >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Checkout Source - uses: actions/checkout@v2 - if: ${{ github.repository_owner == 'puppetlabs' }} - - - name: Activate Ruby 2.7 - uses: ruby/setup-ruby@v1 - if: ${{ github.repository_owner == 'puppetlabs' }} - with: - ruby-version: "2.7" - bundler-cache: true - - - name: Print bundle environment - if: ${{ github.repository_owner == 'puppetlabs' }} - run: | - echo ::group::bundler environment - buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env - echo ::endgroup:: - - - name: "Honeycomb: Record Setup Environment time" - if: ${{ github.repository_owner == 'puppetlabs' }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' - echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Run validation steps - run: | - bundle exec rake validate - if: ${{ github.repository_owner == 'puppetlabs' }} - - - name: Setup Acceptance Test Matrix - id: get-matrix - run: | - if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then - buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 --exclude-platforms '["Scientific-6", "Scientific-7", "Debian-9", "Debian-10", "Debian-11", "SLES-12", "SLES-15", "Ubuntu-14.04", "Ubuntu-16.04", "Ubuntu-18.04", "Ubuntu-20.04"]' - else - echo "::set-output name=matrix::{}" - fi - - - name: "Honeycomb: Record Setup Test Matrix time" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' - Acceptance: - name: "${{matrix.platforms.label}}, ${{matrix.collection}}" - needs: - - setup_matrix - if: ${{ needs.setup_matrix.outputs.matrix != '{}' }} - - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} - - env: - BUILDEVENT_FILE: '../buildevents.txt' - - steps: - - run: | - echo 'platform=${{ matrix.platforms.image }}' >> $BUILDEVENT_FILE - echo 'collection=${{ matrix.collection }}' >> $BUILDEVENT_FILE - echo 'label=${{ matrix.platforms.label }}' >> $BUILDEVENT_FILE - - - name: "Honeycomb: Start recording" - uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 - with: - apikey: ${{ env.HONEYCOMB_WRITEKEY }} - dataset: ${{ env.HONEYCOMB_DATASET }} - job-status: ${{ job.status }} - matrix-key: ${{ matrix.platforms.label }}-${{ matrix.collection }} - - - name: "Honeycomb: start first step" - run: | - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-1 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Checkout Source - uses: actions/checkout@v2 - - - name: Activate Ruby 2.7 - uses: ruby/setup-ruby@v1 - with: - ruby-version: "2.7" - bundler-cache: true - - - name: Print bundle environment - run: | - echo ::group::bundler environment - buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env - echo ::endgroup:: - - - name: "Honeycomb: Record Setup Environment time" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-2 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Provision test environment - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:provision ${{ matrix.platforms.image }}' -- bundle exec rake 'litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]' - echo ::group::=== REQUEST === - cat request.json || true - echo - echo ::endgroup:: - echo ::group::=== INVENTORY === - if [ -f 'spec/fixtures/litmus_inventory.yaml' ]; - then - FILE='spec/fixtures/litmus_inventory.yaml' - elif [ -f 'inventory.yaml' ]; - then - FILE='inventory.yaml' - fi - sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true - echo ::endgroup:: - - - name: Install agent - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_agent ${{ matrix.collection }}' -- bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' - - - name: Install module - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_module' -- bundle exec rake 'litmus:install_module' - - - name: "Honeycomb: Record deployment times" - if: ${{ always() }} - run: | - echo ::group::honeycomb step - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Deploy test system' - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-3 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - echo ::endgroup:: - - name: Run acceptance tests - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:acceptance:parallel' -- bundle exec rake 'litmus:acceptance:parallel' - - - name: "Honeycomb: Record acceptance testing times" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Run acceptance tests' - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-4 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Remove test environment - if: ${{ always() }} - continue-on-error: true - run: | - if [[ -f inventory.yaml || -f spec/fixtures/litmus_inventory.yaml ]]; then - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:tear_down' -- bundle exec rake 'litmus:tear_down' - echo ::group::=== REQUEST === - cat request.json || true - echo - echo ::endgroup:: - fi - - - name: "Honeycomb: Record removal times" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Remove test environment' diff --git a/.github/workflows/pr_test_non_rhel.yml b/.github/workflows/pr_test_non_rhel.yml deleted file mode 100644 index 31dc5b50fa..0000000000 --- a/.github/workflows/pr_test_non_rhel.yml +++ /dev/null @@ -1,185 +0,0 @@ -name: "PR Testing" - -on: [pull_request] - - -env: - - HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 - HONEYCOMB_DATASET: litmus tests - -jobs: - setup_matrix: - name: "Setup Test Matrix" - runs-on: ubuntu-20.04 - outputs: - matrix: ${{ steps.get-matrix.outputs.matrix }} - - steps: - - - name: "Honeycomb: Start recording" - uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 - with: - apikey: ${{ env.HONEYCOMB_WRITEKEY }} - dataset: ${{ env.HONEYCOMB_DATASET }} - job-status: ${{ job.status }} - - - name: "Honeycomb: Start first step" - run: | - echo STEP_ID=setup-environment >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Checkout Source - uses: actions/checkout@v2 - if: ${{ github.repository_owner == 'puppetlabs' }} - - - name: Activate Ruby 2.7 - uses: ruby/setup-ruby@v1 - if: ${{ github.repository_owner == 'puppetlabs' }} - with: - ruby-version: "2.7" - bundler-cache: true - - - name: Print bundle environment - if: ${{ github.repository_owner == 'puppetlabs' }} - run: | - echo ::group::bundler environment - buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env - echo ::endgroup:: - - - name: "Honeycomb: Record Setup Environment time" - if: ${{ github.repository_owner == 'puppetlabs' }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' - echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Run validation steps - run: | - bundle exec rake validate - if: ${{ github.repository_owner == 'puppetlabs' }} - - - name: Setup Acceptance Test Matrix - id: get-matrix - run: | - if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then - buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 --exclude-platforms '["RedHat-6", "RedHat-7", "RedHat-8", "CentOS-6", "CentOS-7", "CentOS-8", "OracleLinux-6", "OracleLinux-7", "Rocky-8", "AlmaLinux-8"]' - else - echo "::set-output name=matrix::{}" - fi - - - name: "Honeycomb: Record Setup Test Matrix time" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' - Acceptance: - name: "${{matrix.platforms.label}}, ${{matrix.collection}}" - needs: - - setup_matrix - if: ${{ needs.setup_matrix.outputs.matrix != '{}' }} - - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} - - env: - BUILDEVENT_FILE: '../buildevents.txt' - - steps: - - run: | - echo 'platform=${{ matrix.platforms.image }}' >> $BUILDEVENT_FILE - echo 'collection=${{ matrix.collection }}' >> $BUILDEVENT_FILE - echo 'label=${{ matrix.platforms.label }}' >> $BUILDEVENT_FILE - - - name: "Honeycomb: Start recording" - uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 - with: - apikey: ${{ env.HONEYCOMB_WRITEKEY }} - dataset: ${{ env.HONEYCOMB_DATASET }} - job-status: ${{ job.status }} - matrix-key: ${{ matrix.platforms.label }}-${{ matrix.collection }} - - - name: "Honeycomb: start first step" - run: | - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-1 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Checkout Source - uses: actions/checkout@v2 - - - name: Activate Ruby 2.7 - uses: ruby/setup-ruby@v1 - with: - ruby-version: "2.7" - bundler-cache: true - - - name: Print bundle environment - run: | - echo ::group::bundler environment - buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env - echo ::endgroup:: - - - name: "Honeycomb: Record Setup Environment time" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-2 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Provision test environment - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:provision ${{ matrix.platforms.image }}' -- bundle exec rake 'litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]' - echo ::group::=== REQUEST === - cat request.json || true - echo - echo ::endgroup:: - echo ::group::=== INVENTORY === - if [ -f 'spec/fixtures/litmus_inventory.yaml' ]; - then - FILE='spec/fixtures/litmus_inventory.yaml' - elif [ -f 'inventory.yaml' ]; - then - FILE='inventory.yaml' - fi - sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true - echo ::endgroup:: - - - name: Install agent - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_agent ${{ matrix.collection }}' -- bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' - - - name: Install module - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_module' -- bundle exec rake 'litmus:install_module' - - - name: "Honeycomb: Record deployment times" - if: ${{ always() }} - run: | - echo ::group::honeycomb step - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Deploy test system' - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-3 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - echo ::endgroup:: - - name: Run acceptance tests - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:acceptance:parallel' -- bundle exec rake 'litmus:acceptance:parallel' - - - name: "Honeycomb: Record acceptance testing times" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Run acceptance tests' - echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-4 >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Remove test environment - if: ${{ always() }} - continue-on-error: true - run: | - if [[ -f inventory.yaml || -f spec/fixtures/litmus_inventory.yaml ]]; then - buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:tear_down' -- bundle exec rake 'litmus:tear_down' - echo ::group::=== REQUEST === - cat request.json || true - echo - echo ::endgroup:: - fi - - - name: "Honeycomb: Record removal times" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Remove test environment' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1509f6e91f..0b7b8a05dd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,44 +4,6 @@ on: workflow_dispatch: jobs: - create-github-release: - name: Deploy GitHub Release - runs-on: ubuntu-20.04 - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - ref: ${{ github.ref }} - clean: true - fetch-depth: 0 - - name: Get Version - id: gv - run: | - echo "::set-output name=ver::$(jq --raw-output .version metadata.json)" - - name: Create Release - uses: actions/create-release@v1 - id: create_release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: "v${{ steps.gv.outputs.ver }}" - draft: false - prerelease: false - - deploy-forge: - name: Deploy to Forge - runs-on: ubuntu-20.04 - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - ref: ${{ github.ref }} - clean: true - - name: "PDK Build" - uses: docker://puppet/pdk:nightly - with: - args: 'build' - - name: "Push to Forge" - uses: docker://puppet/pdk:nightly - with: - args: 'release publish --forge-token ${{ secrets.FORGE_API_KEY }} --force' + release: + uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@main" + secrets: "inherit" diff --git a/.github/workflows/release_prep.yml b/.github/workflows/release_prep.yml new file mode 100644 index 0000000000..bb0b7acce1 --- /dev/null +++ b/.github/workflows/release_prep.yml @@ -0,0 +1,15 @@ +name: "Release Prep" + +on: + workflow_dispatch: + inputs: + version: + description: "Module version to be released. Must be a valid semver string. (1.2.3)" + required: true + +jobs: + release_prep: + uses: "puppetlabs/cat-github-actions/.github/workflows/module_release_prep.yml@main" + with: + version: "${{ github.event.inputs.version }}" + secrets: "inherit" diff --git a/.github/workflows/spec.yml b/.github/workflows/spec.yml deleted file mode 100644 index 723e42ff91..0000000000 --- a/.github/workflows/spec.yml +++ /dev/null @@ -1,125 +0,0 @@ -name: "Spec Tests" - -on: - schedule: - - cron: '0 0 * * *' - workflow_dispatch: - pull_request: - - -env: - HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 - HONEYCOMB_DATASET: litmus tests - -jobs: - setup_matrix: - name: "Setup Test Matrix" - runs-on: ubuntu-20.04 - outputs: - spec_matrix: ${{ steps.get-matrix.outputs.spec_matrix }} - - steps: - - - name: "Honeycomb: Start recording" - uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 - with: - apikey: ${{ env.HONEYCOMB_WRITEKEY }} - dataset: ${{ env.HONEYCOMB_DATASET }} - job-status: ${{ job.status }} - - - name: "Honeycomb: Start first step" - run: | - echo STEP_ID=setup-environment >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Checkout Source - uses: actions/checkout@v2 - if: ${{ github.repository_owner == 'puppetlabs' }} - - - name: Activate Ruby 2.7 - uses: ruby/setup-ruby@v1 - if: ${{ github.repository_owner == 'puppetlabs' }} - with: - ruby-version: "2.7" - bundler-cache: true - - - name: Print bundle environment - if: ${{ github.repository_owner == 'puppetlabs' }} - run: | - echo ::group::bundler environment - buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env - echo ::endgroup:: - - name: "Honeycomb: Record Setup Environment time" - if: ${{ github.repository_owner == 'puppetlabs' }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' - echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: Run Static & Syntax Tests - if: ${{ github.repository_owner == 'puppetlabs' }} - run: | - buildevents cmd $TRACE_ID $STEP_ID 'static_syntax_checks' -- bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop - - - name: Setup Spec Test Matrix - id: get-matrix - run: | - if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then - buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 - else - echo "::set-output name=spec_matrix::{}" - fi - - name: "Honeycomb: Record Setup Test Matrix time" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' - Spec: - name: "Spec Tests (Puppet: ${{matrix.puppet_version}}, Ruby Ver: ${{matrix.ruby_version}})" - needs: - - setup_matrix - if: ${{ needs.setup_matrix.outputs.spec_matrix != '{}' }} - - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: ${{fromJson(needs.setup_matrix.outputs.spec_matrix)}} - - env: - BUILDEVENT_FILE: '../buildevents.txt' - PUPPET_GEM_VERSION: ${{ matrix.puppet_version }} - FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' - - steps: - - run: | - echo "SANITIZED_PUPPET_VERSION=$(echo '${{ matrix.puppet_version }}' | sed 's/~> //g')" >> $GITHUB_ENV - - - run: | - echo 'puppet_version=${{ env.SANITIZED_PUPPET_VERSION }}' >> $BUILDEVENT_FILE - - name: "Honeycomb: Start first step" - run: | - echo "STEP_ID=${{ env.SANITIZED_PUPPET_VERSION }}-spec" >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - - name: "Honeycomb: Start recording" - uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 - with: - apikey: ${{ env.HONEYCOMB_WRITEKEY }} - dataset: ${{ env.HONEYCOMB_DATASET }} - job-status: ${{ job.status }} - matrix-key: ${{ env.SANITIZED_PUPPET_VERSION }} - - name: Checkout Source - uses: actions/checkout@v2 - - - name: "Activate Ruby ${{ matrix.ruby_version }}" - uses: ruby/setup-ruby@v1 - with: - ruby-version: ${{matrix.ruby_version}} - bundler-cache: true - - - name: Print bundle environment - run: | - echo ::group::bundler environment - buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env - echo ::endgroup:: - - - name: Run parallel_spec tests - run: | - buildevents cmd $TRACE_ID $STEP_ID 'rake parallel_spec Puppet ${{ matrix.puppet_version }}, Ruby ${{ matrix.ruby_version }}' -- bundle exec rake parallel_spec diff --git a/.gitignore b/.gitignore index 988dcbbe62..3f1551212b 100644 --- a/.gitignore +++ b/.gitignore @@ -16,7 +16,7 @@ /log/ /pkg/ /spec/fixtures/manifests/ -/spec/fixtures/modules/ +/spec/fixtures/modules/* /tmp/ /vendor/ /convert_report.txt diff --git a/.pdkignore b/.pdkignore index c538bea8bd..862847a72c 100644 --- a/.pdkignore +++ b/.pdkignore @@ -16,7 +16,7 @@ /log/ /pkg/ /spec/fixtures/manifests/ -/spec/fixtures/modules/ +/spec/fixtures/modules/* /tmp/ /vendor/ /convert_report.txt @@ -26,20 +26,17 @@ .envrc /inventory.yaml /spec/fixtures/litmus_inventory.yaml -/appveyor.yml -/.editorconfig /.fixtures.yml /Gemfile /.gitattributes +/.github/ /.gitignore -/.gitlab-ci.yml /.pdkignore /.puppet-lint.rc /Rakefile /rakelib/ /.rspec -/.rubocop.yml -/.travis.yml +/..yml /.yardopts /spec/ /.vscode/ diff --git a/.puppet-lint.rc b/.puppet-lint.rc index cc96ece051..f01626d456 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1 +1,3 @@ --relative +--no-anchor_resource-check +--no-params_empty_string_assignment-check diff --git a/.rubocop.yml b/.rubocop.yml index 8f782e7415..7a66e08331 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -3,8 +3,9 @@ require: - rubocop-performance - rubocop-rspec AllCops: + NewCops: enable DisplayCopNames: true - TargetRubyVersion: '2.4' + TargetRubyVersion: '2.7' Include: - "**/*.rb" Exclude: @@ -18,6 +19,7 @@ AllCops: - "**/Puppetfile" - "**/Vagrantfile" - "**/Guardfile" +inherit_from: ".rubocop_todo.yml" Layout/LineLength: Description: People have wide screens, use them. Max: 200 @@ -111,8 +113,14 @@ Style/MethodCalledOnDoEndBlock: Enabled: true Style/StringMethods: Enabled: true +Bundler/GemFilename: + Enabled: false Bundler/InsecureProtocolSource: Enabled: false +Capybara/CurrentPathExpectation: + Enabled: false +Capybara/VisibilityMatcher: + Enabled: false Gemspec/DuplicatedAssignment: Enabled: false Gemspec/OrderedDependencies: @@ -287,11 +295,9 @@ Performance/UriDefaultParser: Enabled: false RSpec/Be: Enabled: false -RSpec/Capybara/CurrentPathExpectation: - Enabled: false RSpec/Capybara/FeatureMethods: Enabled: false -RSpec/Capybara/VisibilityMatcher: +RSpec/ContainExactly: Enabled: false RSpec/ContextMethod: Enabled: false @@ -331,6 +337,8 @@ RSpec/LeakyConstantDeclaration: Enabled: false RSpec/LetBeforeExamples: Enabled: false +RSpec/MatchArray: + Enabled: false RSpec/MissingExampleGroupArgument: Enabled: false RSpec/MultipleExpectations: @@ -373,8 +381,6 @@ Style/AccessModifierDeclarations: Enabled: false Style/AccessorGrouping: Enabled: false -Style/AsciiComments: - Enabled: false Style/BisectedAttrAccessor: Enabled: false Style/CaseLikeIf: @@ -485,35 +491,235 @@ Style/TrailingMethodEndStatement: Enabled: false Style/UnpackFirst: Enabled: false +Capybara/MatchStyle: + Enabled: false +Capybara/NegationMatcher: + Enabled: false +Capybara/SpecificActions: + Enabled: false +Capybara/SpecificFinders: + Enabled: false +Capybara/SpecificMatcher: + Enabled: false +Gemspec/DeprecatedAttributeAssignment: + Enabled: false +Gemspec/DevelopmentDependencies: + Enabled: false +Gemspec/RequireMFA: + Enabled: false +Layout/LineContinuationLeadingSpace: + Enabled: false +Layout/LineContinuationSpacing: + Enabled: false +Layout/LineEndStringConcatenationIndentation: + Enabled: false +Layout/SpaceBeforeBrackets: + Enabled: false +Lint/AmbiguousAssignment: + Enabled: false +Lint/AmbiguousOperatorPrecedence: + Enabled: false +Lint/AmbiguousRange: + Enabled: false +Lint/ConstantOverwrittenInRescue: + Enabled: false +Lint/DeprecatedConstants: + Enabled: false Lint/DuplicateBranch: Enabled: false +Lint/DuplicateMagicComment: + Enabled: false Lint/DuplicateRegexpCharacterClassElement: Enabled: false Lint/EmptyBlock: Enabled: false Lint/EmptyClass: Enabled: false +Lint/EmptyInPattern: + Enabled: false +Lint/IncompatibleIoSelectWithFiberScheduler: + Enabled: false +Lint/LambdaWithoutLiteralBlock: + Enabled: false Lint/NoReturnInBeginEndBlocks: Enabled: false +Lint/NonAtomicFileOperation: + Enabled: false +Lint/NumberedParameterAssignment: + Enabled: false +Lint/OrAssignmentToConstant: + Enabled: false +Lint/RedundantDirGlobSort: + Enabled: false +Lint/RefinementImportMethods: + Enabled: false +Lint/RequireRangeParentheses: + Enabled: false +Lint/RequireRelativeSelfPath: + Enabled: false +Lint/SymbolConversion: + Enabled: false Lint/ToEnumArguments: Enabled: false +Lint/TripleQuotes: + Enabled: false Lint/UnexpectedBlockArity: Enabled: false Lint/UnmodifiedReduceAccumulator: Enabled: false +Lint/UselessRescue: + Enabled: false +Lint/UselessRuby2Keywords: + Enabled: false +Metrics/CollectionLiteralLength: + Enabled: false +Naming/BlockForwarding: + Enabled: false Performance/CollectionLiteralInLoop: Enabled: false +Performance/ConcurrentMonotonicTime: + Enabled: false +Performance/MapCompact: + Enabled: false +Performance/RedundantEqualityComparisonBlock: + Enabled: false +Performance/RedundantSplitRegexpArgument: + Enabled: false +Performance/StringIdentifierArgument: + Enabled: false +RSpec/BeEq: + Enabled: false +RSpec/BeNil: + Enabled: false +RSpec/ChangeByZero: + Enabled: false +RSpec/ClassCheck: + Enabled: false +RSpec/DuplicatedMetadata: + Enabled: false +RSpec/ExcessiveDocstringSpacing: + Enabled: false +RSpec/FactoryBot/ConsistentParenthesesStyle: + Enabled: false +RSpec/FactoryBot/FactoryNameStyle: + Enabled: false +RSpec/FactoryBot/SyntaxMethods: + Enabled: false +RSpec/IdenticalEqualityAssertion: + Enabled: false +RSpec/NoExpectationExample: + Enabled: false +RSpec/PendingWithoutReason: + Enabled: false +RSpec/Rails/AvoidSetupHook: + Enabled: false +RSpec/Rails/HaveHttpStatus: + Enabled: false +RSpec/Rails/InferredSpecType: + Enabled: false +RSpec/Rails/MinitestAssertions: + Enabled: false +RSpec/Rails/TravelAround: + Enabled: false +RSpec/RedundantAround: + Enabled: false +RSpec/SkipBlockInsideExample: + Enabled: false +RSpec/SortMetadata: + Enabled: false +RSpec/SubjectDeclaration: + Enabled: false +RSpec/VerifiedDoubleReference: + Enabled: false +Security/CompoundHash: + Enabled: false +Security/IoMethods: + Enabled: false Style/ArgumentsForwarding: Enabled: false +Style/ArrayIntersect: + Enabled: false Style/CollectionCompact: Enabled: false +Style/ComparableClamp: + Enabled: false +Style/ConcatArrayLiterals: + Enabled: false +Style/DirEmpty: + Enabled: false Style/DocumentDynamicEvalDefinition: Enabled: false +Style/EmptyHeredoc: + Enabled: false +Style/EndlessMethod: + Enabled: false +Style/EnvHome: + Enabled: false +Style/FetchEnvVar: + Enabled: false +Style/FileEmpty: + Enabled: false +Style/FileRead: + Enabled: false +Style/FileWrite: + Enabled: false +Style/HashConversion: + Enabled: false +Style/HashExcept: + Enabled: false +Style/IfWithBooleanLiteralBranches: + Enabled: false +Style/InPatternThen: + Enabled: false +Style/MagicCommentFormat: + Enabled: false +Style/MapCompactWithConditionalBlock: + Enabled: false +Style/MapToHash: + Enabled: false +Style/MapToSet: + Enabled: false +Style/MinMaxComparison: + Enabled: false +Style/MultilineInPatternThen: + Enabled: false Style/NegatedIfElseCondition: Enabled: false +Style/NestedFileDirname: + Enabled: false Style/NilLambda: Enabled: false +Style/NumberedParameters: + Enabled: false +Style/NumberedParametersLimit: + Enabled: false +Style/ObjectThen: + Enabled: false +Style/OpenStructUse: + Enabled: false +Style/OperatorMethodCall: + Enabled: false +Style/QuotedSymbols: + Enabled: false Style/RedundantArgument: Enabled: false +Style/RedundantConstantBase: + Enabled: false +Style/RedundantDoubleSplatHashBraces: + Enabled: false +Style/RedundantEach: + Enabled: false +Style/RedundantHeredocDelimiterQuotes: + Enabled: false +Style/RedundantInitialize: + Enabled: false +Style/RedundantSelfAssignmentBranch: + Enabled: false +Style/RedundantStringEscape: + Enabled: false +Style/SelectByRegexp: + Enabled: false +Style/StringChars: + Enabled: false Style/SwapValues: Enabled: false diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml new file mode 100644 index 0000000000..732977e113 --- /dev/null +++ b/.rubocop_todo.yml @@ -0,0 +1,34 @@ +# This configuration was generated by +# `rubocop --auto-gen-config` +# on 2023-11-29 05:29:46 UTC using RuboCop version 1.48.1. +# The point is for the user to remove these configuration records +# one by one as the offenses are removed from the code base. +# Note that changes in the inspected code, or installation of new +# versions of RuboCop, may require this file to be generated again. + +# Offense count: 7 +# Configuration parameters: Include, CustomTransform, IgnoreMethods, SpecSuffixOnly. +# Include: **/*_spec*rb*, **/spec/**/* +RSpec/FilePath: + Exclude: + - 'spec/defines/server/instance/config.rb' + - 'spec/defines/server/instance/initdb.rb' + - 'spec/defines/server/instance/late_initdb.rb' + - 'spec/defines/server/instance/passwd.rb' + - 'spec/defines/server/instance/reload.rb' + - 'spec/defines/server/instance/service.rb' + - 'spec/unit/puppet/type/postgresql_conn_validator.rb' + +# Offense count: 214 +# Configuration parameters: EnforcedStyle, IgnoreSharedExamples. +# SupportedStyles: always, named_only +RSpec/NamedSubject: + Enabled: false + +# Offense count: 1 +# This cop supports unsafe autocorrection (--autocorrect-all). +# Configuration parameters: EnforcedStyle. +# SupportedStyles: nested, compact +Style/ClassAndModuleChildren: + Exclude: + - 'lib/puppet/util/postgresql_validator.rb' diff --git a/.sync.yml b/.sync.yml index 5834868b73..2721daf03f 100644 --- a/.sync.yml +++ b/.sync.yml @@ -6,33 +6,22 @@ - 140chars-check appveyor.yml: delete: true - +.rubocop.yml: + include_todos: true Gemfile: optional: ":development": - gem: github_changelog_generator + version: '= 1.15.2' Rakefile: changelog_user: puppetlabs changelog_max_issues: 500 + extra_disabled_lint_checks: + - anchor_resource + - params_empty_string_assignment spec/spec_helper.rb: mock_with: ":rspec" coverage_report: true -.github/workflows/nightly.yml: - unmanaged: false - exclude_platforms: - - Scientific-6 - - Scientific-7 - - Debian-9 - - Debian-10 - - Debian-11 - - SLES-12 - - SLES-15 - - Ubuntu-14.04 - - Ubuntu-16.04 - - Ubuntu-18.04 - - Ubuntu-20.04 -.github/workflows/pr_test.yml: - unmanaged: false exclude_platforms: - Scientific-6 - Scientific-7 @@ -45,15 +34,17 @@ spec/spec_helper.rb: - Ubuntu-16.04 - Ubuntu-18.04 - Ubuntu-20.04 + - Ubuntu-22.04 .gitpod.Dockerfile: unmanaged: false .gitpod.yml: unmanaged: false .github/workflows/auto_release.yml: unmanaged: false -.github/workflows/spec.yml: - checks: 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop' - unmanaged: false +.github/workflows/ci.yml: + unmanaged: true +.github/workflows/nightly.yml: + unmanaged: true .github/workflows/release.yml: unmanaged: false .travis.yml: diff --git a/CHANGELOG.md b/CHANGELOG.md index 1e749dcc77..09a8743765 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,1401 +1,952 @@ -# Change log + +# Changelog -All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +All notable changes to this project will be documented in this file. -## [v8.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v8.0.0) (2022-03-02) +The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). -[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v7.5.0...v8.0.0) +## [v10.0.2](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v10.0.2) - 2023-11-08 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v10.0.1...v10.0.2) + +### Fixed + +- postgresql_conf: Fix regex for value param and add tests [#1544](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1544) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) + +## [v10.0.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v10.0.1) - 2023-10-12 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v10.0.0...v10.0.1) + +### Fixed + +- Fix `postgresql::default()` return value for unknown parameters [#1530](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1530) ([smortex](https://github.com/smortex)) +- Fix the `postgresql::postgresql_password()` function [#1529](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1529) ([smortex](https://github.com/smortex)) + +## [v10.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v10.0.0) - 2023-10-11 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v9.2.0...v10.0.0) ### Changed +- postgis: Drop EL5 leftovers and fix package name for Fedora [#1521](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1521) ([bastelfreak](https://github.com/bastelfreak)) +- Drop EoL SLES 11.4 code [#1520](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1520) ([bastelfreak](https://github.com/bastelfreak)) +- Drop code for Debian without systemd [#1514](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1514) ([bastelfreak](https://github.com/bastelfreak)) +- puppet/systemd: Allow 6.x [#1505](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1505) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- set datatype for directories to Stdlib::Absolutepath [#1499](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1499) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- Drop postgresql 8.4/RHEL6 specific code [#1489](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1489) ([bastelfreak](https://github.com/bastelfreak)) +- Drop postgresql 8.1/RHEL5 specific code [#1486](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1486) ([bastelfreak](https://github.com/bastelfreak)) +- Delete deprecated validate_db_connection() defined resource [#1484](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1484) ([bastelfreak](https://github.com/bastelfreak)) +- postgresql::server: Remove deprecated createdb_path parameter [#1483](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1483) ([bastelfreak](https://github.com/bastelfreak)) +- postgresql::server: Remove deprecated version parameter [#1482](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1482) ([bastelfreak](https://github.com/bastelfreak)) +- puppetlabs/stdlib: Require 9.x [#1481](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1481) ([bastelfreak](https://github.com/bastelfreak)) +- port: Enforce Stdlib::Port datatype [#1473](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1473) ([bastelfreak](https://github.com/bastelfreak)) +- Add Server Instance Feature [#1450](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1450) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) + +### Added + +- Drop EoL FreeBSD 9.4/9.5 specific code [#1519](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1519) ([bastelfreak](https://github.com/bastelfreak)) +- Drop code compatibility for non-systemd Red Hat [#1518](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1518) ([ekohl](https://github.com/ekohl)) +- add $manage_selinux as a parameter, keep default, simpler condition [#1516](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1516) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- add port and psql_path parameter to initdb define [#1510](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1510) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- PDK update 2.7.0->3.0.0 [#1508](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1508) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- variables to parameters for tablespace/schema/reassign_owned_by [#1507](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1507) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- server::schema: Drop unused $version variable [#1506](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1506) ([bastelfreak](https://github.com/bastelfreak)) +- Prefer $connect_settings over explicit parameters [#1498](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1498) ([bastelfreak](https://github.com/bastelfreak)) +- server::extension: make user/group/psql_path configureable [#1497](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1497) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- server::db: Make port/user/group configureable [#1494](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1494) ([bastelfreak](https://github.com/bastelfreak)) +- server::database_grant: Always set default user/group and expose port as parameter [#1493](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1493) ([bastelfreak](https://github.com/bastelfreak)) +- server::database: make user/group/psql_path/default_db configureable [#1492](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1492) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- Provide a default for config_entry's path and enforce absolute path [#1490](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1490) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) + +### Fixed + +- Fix password_encryption for DBVERSION in server::role [#1515](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1515) ([cruelsmith](https://github.com/cruelsmith)) +- Flexible password encryption in pg hba conf [#1512](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1512) ([cruelsmith](https://github.com/cruelsmith)) +- service name should be unique to allow instances [#1504](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1504) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- server::grant: make port optional/restore connect_settings feature [#1496](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1496) ([bastelfreak](https://github.com/bastelfreak)) + +## [v9.2.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v9.2.0) - 2023-08-30 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v9.1.0...v9.2.0) + +### Added + +- port parameter: Cleanup datatype [#1471](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1471) ([bastelfreak](https://github.com/bastelfreak)) +- puppet/systemd: Allow 5.x & puppetlabs/concat: Allow 9.x [#1448](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1448) ([bastelfreak](https://github.com/bastelfreak)) +- Add default version for Fedora 37, 38 [#1421](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1421) ([lweller](https://github.com/lweller)) +- Defaulting password encryption for version above 14 [#1406](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1406) ([cruelsmith](https://github.com/cruelsmith)) + +### Fixed + +- port parameter: log warning when its a string [#1474](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1474) ([bastelfreak](https://github.com/bastelfreak)) +- pg_hba.conf: Introduce a newline after each rule [#1472](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1472) ([bastelfreak](https://github.com/bastelfreak)) +- (CAT-1262)-updated legacy repo for SUSE [#1462](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1462) ([praj1001](https://github.com/praj1001)) +- Fix log directory config entry name [#1457](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1457) ([chillinger](https://github.com/chillinger)) +- Make anchors in defined resources unique [#1455](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1455) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- implement key parameter for config_entry defined resource [#1454](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1454) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- add missing parameters to initdb [#1451](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1451) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- Fix default value for $service_status on ArchLinux [#1410](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1410) ([smortex](https://github.com/smortex)) +- Fix wrong Sensitive handling for updating role passwords [#1404](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1404) ([cruelsmith](https://github.com/cruelsmith)) + +## [v9.1.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v9.1.0) - 2023-06-12 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v9.0.3...v9.1.0) + +### Added + +- pdksync - (MAINT) - Allow Stdlib 9.x [#1440](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1440) ([LukasAud](https://github.com/LukasAud)) + +## [v9.0.3](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v9.0.3) - 2023-05-09 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v9.0.2...v9.0.3) + +### Fixed + +- (GH-1426) - Update value to accept array [#1434](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1434) ([jordanbreen28](https://github.com/jordanbreen28)) +- (#1432) - Fix `Unable to mark 'unless' as sensitive` [#1433](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1433) ([kBite](https://github.com/kBite)) + +## [v9.0.2](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v9.0.2) - 2023-05-02 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v9.0.1...v9.0.2) + +### Fixed + +- (CONT-950) - Fix mismatched data types [#1430](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1430) ([jordanbreen28](https://github.com/jordanbreen28)) +- (CONT-904) - Removal of tech debt [#1429](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1429) ([jordanbreen28](https://github.com/jordanbreen28)) +- (CONT-949) - Bump stdlib dependency [#1428](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1428) ([jordanbreen28](https://github.com/jordanbreen28)) + +## [v9.0.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v9.0.1) - 2023-04-24 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v9.0.0...v9.0.1) + +### Fixed + +- Fix wrong data type for `data_checksums` parameter [#1420](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1420) ([smortex](https://github.com/smortex)) + +## [v9.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v9.0.0) - 2023-04-21 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v8.3.0...v9.0.0) + +### Changed +- (CONT-792) - Add Puppet 8/Drop Puppet 6 [#1414](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1414) ([jordanbreen28](https://github.com/jordanbreen28)) + +## [v8.3.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v8.3.0) - 2023-04-21 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v8.2.1...v8.3.0) + +### Added + +- convert ERB templates to EPP [#1399](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1399) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- (CONT-361) Syntax update [#1397](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1397) ([LukasAud](https://github.com/LukasAud)) +- Add multi instance support, refactoring reload.pp (6/x) [#1392](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1392) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- Add multi instance support, refactoring password.pp (5/x) [#1391](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1391) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- Add multi instance support, refactoring late_initdb.pp (3/x) [#1384](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1384) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- Add multi instance support, refactoring initdb.pp (2/x) [#1383](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1383) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- Add multi instance support, refactoring config.pp (1/x) [#1382](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1382) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- pg_hba_rule: Validate userinput in postgresql::server [#1376](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1376) ([bastelfreak](https://github.com/bastelfreak)) +- pg_hba_rule: Move `type` datatype to own type [#1375](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1375) ([bastelfreak](https://github.com/bastelfreak)) +- pg_hba_rule does not properly verify address parameter [#1372](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1372) ([tuxmea](https://github.com/tuxmea)) + +### Fixed + +- Ubuntu 14/16/17: Drop code leftovers [#1388](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1388) ([bastelfreak](https://github.com/bastelfreak)) +- remove debian 8 and 9 corpses [#1387](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1387) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- Archlinux client and server package names were swapped around [#1381](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1381) ([tobixen](https://github.com/tobixen)) +- apt::source: configure repo only for current architecture [#1380](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1380) ([bastelfreak](https://github.com/bastelfreak)) +- pdksync - (CONT-189) Remove support for RedHat6 / OracleLinux6 / Scientific6 [#1371](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1371) ([david22swan](https://github.com/david22swan)) +- pdksync - (CONT-130) - Dropping Support for Debian 9 [#1368](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1368) ([jordanbreen28](https://github.com/jordanbreen28)) +- (maint) Codebase Hardening [#1366](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1366) ([david22swan](https://github.com/david22swan)) +- Fix table grant with schema [#1315](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1315) ([vaol](https://github.com/vaol)) + +## [v8.2.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v8.2.1) - 2022-08-24 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v8.2.0...v8.2.1) + +### Fixed + +- Fix puppet-strings documentation [#1363](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1363) ([ekohl](https://github.com/ekohl)) +- (GH-1360) Reverting REFERENCE.md changes [#1361](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1361) ([pmcmaw](https://github.com/pmcmaw)) +- Only require password when used [#1356](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1356) ([arjenz](https://github.com/arjenz)) + +## [v8.2.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v8.2.0) - 2022-08-23 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v8.1.0...v8.2.0) + +### Added + +- pdksync - (GH-cat-11) Certify Support for Ubuntu 22.04 [#1355](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1355) ([david22swan](https://github.com/david22swan)) +- (MODULES-11251) Add support for backup provider "pg_dump" [#1319](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1319) ([fraenki](https://github.com/fraenki)) + +### Fixed + +- Ensure multiple postgresql::server::recovery resources can be defined [#1348](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1348) ([Deroin](https://github.com/Deroin)) + +## [v8.1.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v8.1.0) - 2022-07-21 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v8.0.0...v8.1.0) + +### Added + +- Fix service status detection on Debian-based OSes [#1349](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1349) ([arjenz](https://github.com/arjenz)) +- (FM-8971) allow deferred function for role pwd [#1347](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1347) ([tvpartytonight](https://github.com/tvpartytonight)) +- Set version for Fedora 36 [#1345](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1345) ([lweller](https://github.com/lweller)) +- Add Red Hat Enterprise Linux 9 support [#1303](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1303) ([ekohl](https://github.com/ekohl)) + +### Fixed + +- (GH-1352) - Updating postgresql service version on SLES [#1353](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1353) ([pmcmaw](https://github.com/pmcmaw)) +- Respect $service_status on Red Hat-based distros [#1351](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1351) ([ekohl](https://github.com/ekohl)) +- Add version for Ubuntu 22.04 [#1350](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1350) ([arjenz](https://github.com/arjenz)) +- README.md: correct postgresql_conn_validator example [#1332](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1332) ([bastelfreak](https://github.com/bastelfreak)) +- pdksync - (GH-iac-334) Remove Support for Ubuntu 14.04/16.04 [#1331](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1331) ([david22swan](https://github.com/david22swan)) +- Remove unused variable in reload.pp [#1327](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1327) ([ekohl](https://github.com/ekohl)) +- Use systemctl reload on EL 7 and higher [#1326](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1326) ([ekohl](https://github.com/ekohl)) + +## [v8.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v8.0.0) - 2022-03-03 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v7.5.0...v8.0.0) -- Support setting default\_privileges on all schemas [\#1298](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1298) ([fish-face](https://github.com/fish-face)) +### Changed +- Support setting default_privileges on all schemas [#1298](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1298) ([fish-face](https://github.com/fish-face)) ### Added -- add default version for Fedora 35 [\#1317](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1317) ([jflorian](https://github.com/jflorian)) -- add scram-sha-256 support [\#1313](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1313) ([fe80](https://github.com/fe80)) -- add support for Ubuntu Hirsute and Impish [\#1312](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1312) ([nicholascioli](https://github.com/nicholascioli)) -- Allow systemd to mask postgresql service file [\#1310](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1310) ([kim-sondrup](https://github.com/kim-sondrup)) -- Make ::contrib a noop on OSes without a contrib package [\#1309](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1309) ([carlosduelo](https://github.com/carlosduelo)) -- pdksync - \(IAC-1753\) - Add Support for AlmaLinux 8 [\#1308](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1308) ([david22swan](https://github.com/david22swan)) -- MODULES-11201: add service\_name for Ubuntu 18.04 and later [\#1306](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1306) ([moritz-makandra](https://github.com/moritz-makandra)) -- pdksync - \(IAC-1751\) - Add Support for Rocky 8 [\#1305](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1305) ([david22swan](https://github.com/david22swan)) -- Default privileges support schemas [\#1300](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1300) ([fish-face](https://github.com/fish-face)) -- Support target\_role in default\_privileges [\#1297](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1297) ([fish-face](https://github.com/fish-face)) +- add default version for Fedora 35 [#1317](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1317) ([jflorian](https://github.com/jflorian)) +- add scram-sha-256 support [#1313](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1313) ([fe80](https://github.com/fe80)) +- add support for Ubuntu Hirsute and Impish [#1312](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1312) ([nicholascioli](https://github.com/nicholascioli)) +- Allow systemd to mask postgresql service file [#1310](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1310) ([kim-sondrup](https://github.com/kim-sondrup)) +- Make ::contrib a noop on OSes without a contrib package [#1309](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1309) ([carlosduelo](https://github.com/carlosduelo)) +- pdksync - (IAC-1753) - Add Support for AlmaLinux 8 [#1308](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1308) ([david22swan](https://github.com/david22swan)) +- MODULES-11201: add service_name for Ubuntu 18.04 and later [#1306](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1306) ([moritz-makandra](https://github.com/moritz-makandra)) +- pdksync - (IAC-1751) - Add Support for Rocky 8 [#1305](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1305) ([david22swan](https://github.com/david22swan)) +- Default privileges support schemas [#1300](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1300) ([fish-face](https://github.com/fish-face)) +- Support target_role in default_privileges [#1297](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1297) ([fish-face](https://github.com/fish-face)) ### Fixed -- pdksync - \(IAC-1787\) Remove Support for CentOS 6 [\#1324](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1324) ([david22swan](https://github.com/david22swan)) -- Fix python package name in RHEL/CentOS 8 [\#1316](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1316) ([kajinamit](https://github.com/kajinamit)) -- Drop further code for Debian 6 and Ubuntu 10 [\#1307](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1307) ([ekohl](https://github.com/ekohl)) +- pdksync - (IAC-1787) Remove Support for CentOS 6 [#1324](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1324) ([david22swan](https://github.com/david22swan)) +- Fix python package name in RHEL/CentOS 8 [#1316](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1316) ([kajinamit](https://github.com/kajinamit)) +- Drop further code for Debian 6 and Ubuntu 10 [#1307](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1307) ([ekohl](https://github.com/ekohl)) -## [v7.5.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.5.0) (2021-09-28) +## [v7.5.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.5.0) - 2021-09-28 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v7.4.1...v7.5.0) ### Added -- Use Puppet-Datatype Sensitive for Passwords [\#1279](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1279) ([cocker-cc](https://github.com/cocker-cc)) +- Use Puppet-Datatype Sensitive for Passwords [#1279](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1279) ([cocker-cc](https://github.com/cocker-cc)) ### Fixed -- \(IAC-1598\) - Remove Support for Debian 8 [\#1302](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1302) ([david22swan](https://github.com/david22swan)) -- Inline file contents in the catalog [\#1299](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1299) ([ekohl](https://github.com/ekohl)) -- Fix changing default encoding [\#1296](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1296) ([smortex](https://github.com/smortex)) +- (IAC-1598) - Remove Support for Debian 8 [#1302](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1302) ([david22swan](https://github.com/david22swan)) +- Inline file contents in the catalog [#1299](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1299) ([ekohl](https://github.com/ekohl)) +- Fix changing default encoding [#1296](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1296) ([smortex](https://github.com/smortex)) -## [v7.4.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.4.1) (2021-08-25) +## [v7.4.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.4.1) - 2021-08-25 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v7.4.0...v7.4.1) ### Fixed -- \(maint\) Allow stdlib 8.0.0 [\#1293](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1293) ([smortex](https://github.com/smortex)) +- (maint) Allow stdlib 8.0.0 [#1293](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1293) ([smortex](https://github.com/smortex)) -## [v7.4.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.4.0) (2021-08-24) +## [v7.4.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.4.0) - 2021-08-24 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v7.3.0...v7.4.0) ### Added -- pdksync - \(IAC-1709\) - Add Support for Debian 11 [\#1288](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1288) ([david22swan](https://github.com/david22swan)) +- pdksync - (IAC-1709) - Add Support for Debian 11 [#1288](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1288) ([david22swan](https://github.com/david22swan)) ### Fixed -- drop code for Debian 6/7 and Ubuntu 10.04/12.04 [\#1290](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1290) ([evgeni](https://github.com/evgeni)) +- drop code for Debian 6/7 and Ubuntu 10.04/12.04 [#1290](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1290) ([evgeni](https://github.com/evgeni)) -## [v7.3.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.3.0) (2021-08-03) +## [v7.3.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.3.0) - 2021-08-03 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v7.2.0...v7.3.0) ### Added -- MODULES-11049 - Implement default privileges changes [\#1267](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1267) ([mtancoigne](https://github.com/mtancoigne)) +- MODULES-11049 - Implement default privileges changes [#1267](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1267) ([mtancoigne](https://github.com/mtancoigne)) ### Fixed -- Do not add version component to repo definition [\#1282](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1282) ([weastur](https://github.com/weastur)) -- \(MODULES-8700\) Autorequire the service in postgresql\_psql [\#1276](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1276) ([ekohl](https://github.com/ekohl)) +- Do not add version component to repo definition [#1282](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1282) ([weastur](https://github.com/weastur)) +- (MODULES-8700) Autorequire the service in postgresql_psql [#1276](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1276) ([ekohl](https://github.com/ekohl)) -## [v7.2.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.2.0) (2021-05-24) +## [v7.2.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.2.0) - 2021-05-24 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v7.1.0...v7.2.0) ### Added -- \(MODULES-11069\) add default version for fedora 34 [\#1272](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1272) ([lweller](https://github.com/lweller)) -- MODULES-11047 - Allow managing rights for PUBLIC role [\#1266](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1266) ([mtancoigne](https://github.com/mtancoigne)) +- (MODULES-11069) add default version for fedora 34 [#1272](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1272) ([lweller](https://github.com/lweller)) +- MODULES-11047 - Allow managing rights for PUBLIC role [#1266](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1266) ([mtancoigne](https://github.com/mtancoigne)) -## [v7.1.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.1.0) (2021-04-12) +## [v7.1.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.1.0) - 2021-04-12 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v7.0.3...v7.1.0) ### Added -- Add new common repo which contains add-ons [\#1190](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1190) ([jorhett](https://github.com/jorhett)) +- Add new common repo which contains add-ons [#1190](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1190) ([jorhett](https://github.com/jorhett)) -## [v7.0.3](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.0.3) (2021-04-12) +## [v7.0.3](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.0.3) - 2021-04-12 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v7.0.2...v7.0.3) -## [v7.0.2](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.0.2) (2021-03-15) +## [v7.0.2](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.0.2) - 2021-03-15 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v7.0.1...v7.0.2) ### Fixed -- \(MODULES-10957\) Override the set\_sensitive\_parameters method [\#1258](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1258) ([sheenaajay](https://github.com/sheenaajay)) +- (MODULES-10957) Override the set_sensitive_parameters method [#1258](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1258) ([sheenaajay](https://github.com/sheenaajay)) -## [v7.0.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.0.1) (2021-03-08) +## [v7.0.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.0.1) - 2021-03-08 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v7.0.0...v7.0.1) ### Fixed -- Ensure port is a string in psql command [\#1253](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1253) ([ekohl](https://github.com/ekohl)) +- Ensure port is a string in psql command [#1253](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1253) ([ekohl](https://github.com/ekohl)) -## [v7.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.0.0) (2021-03-04) +## [v7.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v7.0.0) - 2021-03-04 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.10.2...v7.0.0) ### Changed - -- pdksync - \(MAINT\) Remove SLES 11 support [\#1247](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1247) ([sanfrancrisko](https://github.com/sanfrancrisko)) -- pdksync - \(MAINT\) Remove RHEL 5 family support [\#1246](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1246) ([sanfrancrisko](https://github.com/sanfrancrisko)) -- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [\#1238](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1238) ([carabasdaniel](https://github.com/carabasdaniel)) +- pdksync - (MAINT) Remove SLES 11 support [#1247](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1247) ([sanfrancrisko](https://github.com/sanfrancrisko)) +- pdksync - (MAINT) Remove RHEL 5 family support [#1246](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1246) ([sanfrancrisko](https://github.com/sanfrancrisko)) +- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [#1238](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1238) ([carabasdaniel](https://github.com/carabasdaniel)) ### Added -- Add DNF module management [\#1239](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1239) ([ekohl](https://github.com/ekohl)) +- Add DNF module management [#1239](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1239) ([ekohl](https://github.com/ekohl)) -## [v6.10.2](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.10.2) (2021-02-22) +## [v6.10.2](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.10.2) - 2021-02-22 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.10.1...v6.10.2) ### Fixed -- Fix command shell escaping [\#1240](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1240) ([DavidS](https://github.com/DavidS)) +- Fix command shell escaping [#1240](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1240) ([DavidS](https://github.com/DavidS)) -## [v6.10.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.10.1) (2021-02-09) +## [v6.10.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.10.1) - 2021-02-09 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.10.0...v6.10.1) -### Fixed - -- Also perform systemd daemon-reload on Puppet 6.1+ [\#1233](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1233) ([ekohl](https://github.com/ekohl)) - -## [v6.10.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.10.0) (2021-02-08) +## [v6.10.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.10.0) - 2021-02-08 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.9.0...v6.10.0) ### Added -- Set default PostgreSQL version for FreeBSD [\#1227](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1227) ([olevole](https://github.com/olevole)) -- Clean up globals logic to support CentOS 8 stream [\#1225](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1225) ([ekohl](https://github.com/ekohl)) +- Set default PostgreSQL version for FreeBSD [#1227](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1227) ([olevole](https://github.com/olevole)) +- Clean up globals logic to support CentOS 8 stream [#1225](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1225) ([ekohl](https://github.com/ekohl)) ### Fixed -- \(bug\) fix systemd daemon-reload order when updating service files [\#1230](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1230) ([sheenaajay](https://github.com/sheenaajay)) -- Fix postgresql::sql task when password is not set [\#1226](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1226) ([smortex](https://github.com/smortex)) +- Also perform systemd daemon-reload on Puppet 6.1+ [#1233](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1233) ([ekohl](https://github.com/ekohl)) +- (bug) fix systemd daemon-reload order when updating service files [#1230](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1230) ([sheenaajay](https://github.com/sheenaajay)) +- Fix postgresql::sql task when password is not set [#1226](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1226) ([smortex](https://github.com/smortex)) -## [v6.9.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.9.0) (2021-01-18) +## [v6.9.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.9.0) - 2021-01-18 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.8.0...v6.9.0) ### Added -- pdksync - \(feat\) - Add support for puppet 7 [\#1215](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1215) ([daianamezdrea](https://github.com/daianamezdrea)) -- Manage postgresql\_conf\_path file permissions [\#1199](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1199) ([ekohl](https://github.com/ekohl)) +- pdksync - (feat) - Add support for puppet 7 [#1215](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1215) ([daianamezdrea](https://github.com/daianamezdrea)) +- Manage postgresql_conf_path file permissions [#1199](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1199) ([ekohl](https://github.com/ekohl)) ### Fixed -- \(maint\) updated defaults for rhel7 policycoreutils [\#1212](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1212) ([sheenaajay](https://github.com/sheenaajay)) -- \(IAC-1189\) - Fix for SLES 15 SP 1 and later [\#1209](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1209) ([david22swan](https://github.com/david22swan)) -- Change - Use systemd drop-in directory for unit overrides [\#1201](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1201) ([blackknight36](https://github.com/blackknight36)) +- (maint) updated defaults for rhel7 policycoreutils [#1212](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1212) ([sheenaajay](https://github.com/sheenaajay)) +- (IAC-1189) - Fix for SLES 15 SP 1 and later [#1209](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1209) ([david22swan](https://github.com/david22swan)) +- Change - Use systemd drop-in directory for unit overrides [#1201](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1201) ([blackknight36](https://github.com/blackknight36)) -## [v6.8.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.8.0) (2020-09-28) +## [v6.8.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.8.0) - 2020-09-29 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.7.0...v6.8.0) ### Added -- add hostgssenc type to pg\_hba rules [\#1195](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1195) ([osijan](https://github.com/osijan)) -- Allow removal of config\_entries via main class [\#1187](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1187) ([ekohl](https://github.com/ekohl)) +- add hostgssenc type to pg_hba rules [#1195](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1195) ([osijan](https://github.com/osijan)) +- Allow removal of config_entries via main class [#1187](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1187) ([ekohl](https://github.com/ekohl)) ### Fixed -- Fix contrib package name under debian 10 [\#1188](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1188) ([neomilium](https://github.com/neomilium)) +- Fix contrib package name under debian 10 [#1188](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1188) ([neomilium](https://github.com/neomilium)) -## [v6.7.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.7.0) (2020-08-28) +## [v6.7.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.7.0) - 2020-08-28 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.6.0...v6.7.0) ### Added -- pdksync - \(IAC-973\) - Update travis/appveyor to run on new default branch `main` [\#1182](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1182) ([david22swan](https://github.com/david22swan)) +- pdksync - (IAC-973) - Update travis/appveyor to run on new default branch `main` [#1182](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1182) ([david22swan](https://github.com/david22swan)) -### Fixed - -- Invert psql/package dependency logic [\#1179](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1179) ([raphink](https://github.com/raphink)) - -## [v6.6.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.6.0) (2020-06-02) +## [v6.6.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.6.0) - 2020-06-22 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.5.0...v6.6.0) ### Added -- \(IAC-746\) - Add ubuntu 20.04 support [\#1172](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1172) ([david22swan](https://github.com/david22swan)) +- (IAC-746) - Add ubuntu 20.04 support [#1172](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1172) ([david22swan](https://github.com/david22swan)) ### Fixed -- Fix custom port in extension [\#1165](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1165) ([Vampouille](https://github.com/Vampouille)) +- Invert psql/package dependency logic [#1179](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1179) ([raphink](https://github.com/raphink)) +- Fix custom port in extension [#1165](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1165) ([Vampouille](https://github.com/Vampouille)) -## [v6.5.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.5.0) (2020-05-13) +## [v6.5.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.5.0) - 2020-05-13 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.4.0...v6.5.0) ### Added -- service\_ensure =\> true is now an allowed value \(aliased to running\) [\#1167](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1167) ([binford2k](https://github.com/binford2k)) -- Finish conversion of `postgresql_acls_to_resources_hash` function [\#1163](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1163) ([alexjfisher](https://github.com/alexjfisher)) -- Finish conversion of `postgresql_escape` function [\#1162](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1162) ([alexjfisher](https://github.com/alexjfisher)) -- Finish conversion of `postgresql_password` function [\#1161](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1161) ([alexjfisher](https://github.com/alexjfisher)) -- Allow usage of grant and role when not managing postgresql::server [\#1159](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1159) ([tuxmea](https://github.com/tuxmea)) -- Add version configs for SLES 12 SP 3 to 5 [\#1158](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1158) ([XnS](https://github.com/XnS)) -- Add extra parameter "extra\_systemd\_config" [\#1156](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1156) ([veninga](https://github.com/veninga)) +- service_ensure => true is now an allowed value (aliased to running) [#1167](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1167) ([binford2k](https://github.com/binford2k)) +- Finish conversion of `postgresql_acls_to_resources_hash` function [#1163](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1163) ([alexjfisher](https://github.com/alexjfisher)) +- Finish conversion of `postgresql_escape` function [#1162](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1162) ([alexjfisher](https://github.com/alexjfisher)) +- Finish conversion of `postgresql_password` function [#1161](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1161) ([alexjfisher](https://github.com/alexjfisher)) +- Allow usage of grant and role when not managing postgresql::server [#1159](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1159) ([tuxmea](https://github.com/tuxmea)) +- Add version configs for SLES 12 SP 3 to 5 [#1158](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1158) ([XnS](https://github.com/XnS)) +- Add extra parameter "extra_systemd_config" [#1156](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1156) ([veninga](https://github.com/veninga)) ### Fixed -- \(MODULES-10610\) Use correct lower bound for concat version [\#1160](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1160) ([ghoneycutt](https://github.com/ghoneycutt)) +- (MODULES-10610) Use correct lower bound for concat version [#1160](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1160) ([ghoneycutt](https://github.com/ghoneycutt)) -## [v6.4.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.4.0) (2020-03-17) +## [v6.4.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.4.0) - 2020-03-17 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.3.0...v6.4.0) ### Added -- Add Fedora 31 compatibility [\#1141](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1141) ([blackknight36](https://github.com/blackknight36)) -- feat: enable different database resource name in extension [\#1136](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1136) ([jfroche](https://github.com/jfroche)) -- pdksync - \(FM-8581\) - Debian 10 added to travis and provision file refactored [\#1130](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1130) ([david22swan](https://github.com/david22swan)) -- Puppet 4 functions [\#1129](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1129) ([binford2k](https://github.com/binford2k)) +- Add Fedora 31 compatibility [#1141](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1141) ([blackknight36](https://github.com/blackknight36)) +- feat: enable different database resource name in extension [#1136](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1136) ([jfroche](https://github.com/jfroche)) +- pdksync - (FM-8581) - Debian 10 added to travis and provision file refactored [#1130](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1130) ([david22swan](https://github.com/david22swan)) +- Puppet 4 functions [#1129](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1129) ([binford2k](https://github.com/binford2k)) ### Fixed -- Fix incorrectly quoted GRANT cmd on functions [\#1150](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1150) ([olifre](https://github.com/olifre)) -- Correct versioncmp logic in config.pp [\#1137](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1137) ([boydtom](https://github.com/boydtom)) -- Treat $version as an integer for comparison, defaults to string [\#1135](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1135) ([boydtom](https://github.com/boydtom)) -- Allow usage of PUBLIC role [\#1134](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1134) ([Vampouille](https://github.com/Vampouille)) -- fix missing systemd override config for EL8 \(CentOS and RHEL\) [\#1131](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1131) ([david-barbion](https://github.com/david-barbion)) +- Fix incorrectly quoted GRANT cmd on functions [#1150](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1150) ([olifre](https://github.com/olifre)) +- Correct versioncmp logic in config.pp [#1137](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1137) ([boydtom](https://github.com/boydtom)) +- Treat $version as an integer for comparison, defaults to string [#1135](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1135) ([boydtom](https://github.com/boydtom)) +- Allow usage of PUBLIC role [#1134](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1134) ([Vampouille](https://github.com/Vampouille)) +- fix missing systemd override config for EL8 (CentOS and RHEL) [#1131](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1131) ([david-barbion](https://github.com/david-barbion)) -## [v6.3.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.3.0) (2019-12-18) +## [v6.3.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.3.0) - 2019-12-18 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.2.0...v6.3.0) ### Added -- Add support for granting privileges on functions [\#1118](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1118) ([crispygoth](https://github.com/crispygoth)) -- \(FM-8679\) - Support added for CentOS 8 [\#1117](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1117) ([david22swan](https://github.com/david22swan)) -- MODULES-10041 - allow define password\_encryption for version above 10 [\#1111](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1111) ([k2patel](https://github.com/k2patel)) +- Add support for granting privileges on functions [#1118](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1118) ([crispygoth](https://github.com/crispygoth)) +- (FM-8679) - Support added for CentOS 8 [#1117](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1117) ([david22swan](https://github.com/david22swan)) +- MODULES-10041 - allow define password_encryption for version above 10 [#1111](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1111) ([k2patel](https://github.com/k2patel)) ### Fixed -- Remove duplicate REFERENCE.md file with strange unicode character at end of filename [\#1108](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1108) ([nudgegoonies](https://github.com/nudgegoonies)) +- Remove duplicate REFERENCE.md file with strange unicode character at end of filename [#1108](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1108) ([nudgegoonies](https://github.com/nudgegoonies)) -## [v6.2.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.2.0) (2019-09-12) +## [v6.2.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.2.0) - 2019-09-13 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.1.0...v6.2.0) ### Added -- FM-8408 - add support on Debian10 [\#1103](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1103) ([lionce](https://github.com/lionce)) -- Fix/directory defined twice [\#1089](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1089) ([arcenik](https://github.com/arcenik)) -- Adding SLES 15 [\#1087](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1087) ([msurato](https://github.com/msurato)) -- \(FM-7500\) conversion to use litmus [\#1081](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1081) ([tphoney](https://github.com/tphoney)) +- FM-8408 - add support on Debian10 [#1103](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1103) ([lionce](https://github.com/lionce)) +- Fix/directory defined twice [#1089](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1089) ([arcenik](https://github.com/arcenik)) +- Adding SLES 15 [#1087](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1087) ([msurato](https://github.com/msurato)) +- (FM-7500) conversion to use litmus [#1081](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1081) ([tphoney](https://github.com/tphoney)) ### Fixed -- \(MODULES-9658\) - custom ports are not labeled correctly [\#1099](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1099) ([blackknight36](https://github.com/blackknight36)) -- Fix: When assigning a tablespace to a database, no equal sign is needed in the query [\#1098](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1098) ([biertie](https://github.com/biertie)) -- Grant all tables in schema fixup [\#1096](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1096) ([georgehansper](https://github.com/georgehansper)) -- \(MODULES-9219\) - puppetlabs-postgresql : catalog compilation fails when the service command is not installed [\#1093](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1093) ([blackknight36](https://github.com/blackknight36)) +- (MODULES-9658) - custom ports are not labeled correctly [#1099](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1099) ([blackknight36](https://github.com/blackknight36)) +- Fix: When assigning a tablespace to a database, no equal sign is needed in the query [#1098](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1098) ([biertie](https://github.com/biertie)) +- Grant all tables in schema fixup [#1096](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1096) ([georgehansper](https://github.com/georgehansper)) +- (MODULES-9219) - puppetlabs-postgresql : catalog compilation fails when the service command is not installed [#1093](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1093) ([blackknight36](https://github.com/blackknight36)) -## [v6.1.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.1.0) (2019-06-04) +## [v6.1.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.1.0) - 2019-06-04 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.0.0...v6.1.0) ### Added -- \(FM-8031\) Add RedHat 8 support [\#1083](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1083) ([eimlav](https://github.com/eimlav)) +- (FM-8031) Add RedHat 8 support [#1083](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1083) ([eimlav](https://github.com/eimlav)) -## [v6.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.0.0) (2019-05-14) +## [v6.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.0.0) - 2019-05-14 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.12.1...v6.0.0) ### Changed - -- pdksync - \(MODULES-8444\) - Raise lower Puppet bound [\#1070](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1070) ([david22swan](https://github.com/david22swan)) -- \(maint\) remove inconsistent extra variable [\#1044](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1044) ([binford2k](https://github.com/binford2k)) +- pdksync - (MODULES-8444) - Raise lower Puppet bound [#1070](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1070) ([david22swan](https://github.com/david22swan)) +- (maint) remove inconsistent extra variable [#1044](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1044) ([binford2k](https://github.com/binford2k)) ### Added -- Add Fedora 30 compatibility [\#1067](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1067) ([blackknight36](https://github.com/blackknight36)) -- Include EL8 version for config checks [\#1060](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1060) ([ehelms](https://github.com/ehelms)) +- Add Fedora 30 compatibility [#1067](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1067) ([blackknight36](https://github.com/blackknight36)) +- Include EL8 version for config checks [#1060](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1060) ([ehelms](https://github.com/ehelms)) ### Fixed -- Support current version of puppetlabs/apt. [\#1073](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1073) ([pillarsdotnet](https://github.com/pillarsdotnet)) -- change username/group/datadir defaults for FreeBSD [\#1063](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1063) ([olevole](https://github.com/olevole)) +- Support current version of puppetlabs/apt. [#1073](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1073) ([pillarsdotnet](https://github.com/pillarsdotnet)) +- change username/group/datadir defaults for FreeBSD [#1063](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1063) ([olevole](https://github.com/olevole)) -## [5.12.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.12.1) (2019-02-14) +## [5.12.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.12.1) - 2019-02-14 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.12.0...5.12.1) ### Fixed -- \(FM-7811\) - Use postgresql 9.4 for SLES 11 sp4 [\#1057](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1057) ([david22swan](https://github.com/david22swan)) -- \(MODULES-8553\) Further cleanup for package tag issues [\#1055](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1055) ([HelenCampbell](https://github.com/HelenCampbell)) +- (FM-7811) - Use postgresql 9.4 for SLES 11 sp4 [#1057](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1057) ([david22swan](https://github.com/david22swan)) +- (MODULES-8553) Further cleanup for package tag issues [#1055](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1055) ([HelenCampbell](https://github.com/HelenCampbell)) -## [5.12.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.12.0) (2019-02-01) +## [5.12.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.12.0) - 2019-02-01 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.11.0...5.12.0) ### Added -- \(MODULES-3804\) Fix sort order of pg\_hba\_rule entries [\#1040](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1040) ([olavmrk](https://github.com/olavmrk)) +- (MODULES-3804) Fix sort order of pg_hba_rule entries [#1040](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1040) ([olavmrk](https://github.com/olavmrk)) ### Fixed -- \(MODULES-8553\) Fix dependency on apt by explicitly using 'puppetlabs-postgresql' as tag [\#1052](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1052) ([HelenCampbell](https://github.com/HelenCampbell)) -- \(MODULES-8352\) Don't use empty encoding string on initdb [\#1043](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1043) ([binford2k](https://github.com/binford2k)) -- pdksync - \(FM-7655\) Fix rubygems-update for ruby \< 2.3 [\#1042](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1042) ([tphoney](https://github.com/tphoney)) +- (MODULES-8553) Fix dependency on apt by explicitly using 'puppetlabs-postgresql' as tag [#1052](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1052) ([HelenCampbell](https://github.com/HelenCampbell)) +- (MODULES-8352) Don't use empty encoding string on initdb [#1043](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1043) ([binford2k](https://github.com/binford2k)) +- pdksync - (FM-7655) Fix rubygems-update for ruby < 2.3 [#1042](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1042) ([tphoney](https://github.com/tphoney)) -## [5.11.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.11.0) (2018-11-21) +## [5.11.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.11.0) - 2018-11-21 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.10.0...5.11.0) ### Added -- Add postgis support for postgres 10 [\#1032](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1032) ([smussie](https://github.com/smussie)) +- Add postgis support for postgres 10 [#1032](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1032) ([smussie](https://github.com/smussie)) ### Fixed -- Strip quotes from role names [\#1034](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1034) ([jstuart](https://github.com/jstuart)) -- Ignore .psqlrc so output is clean and doesn't break Puppet [\#1021](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1021) ([flaviogurgel](https://github.com/flaviogurgel)) -- Change initdb option '--xlogdir' to '-X' for PG10 compatibility [\#976](https://github.com/puppetlabs/puppetlabs-postgresql/pull/976) ([fcanovai](https://github.com/fcanovai)) +- Strip quotes from role names [#1034](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1034) ([jstuart](https://github.com/jstuart)) +- Ignore .psqlrc so output is clean and doesn't break Puppet [#1021](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1021) ([flaviogurgel](https://github.com/flaviogurgel)) +- Change initdb option '--xlogdir' to '-X' for PG10 compatibility [#976](https://github.com/puppetlabs/puppetlabs-postgresql/pull/976) ([fcanovai](https://github.com/fcanovai)) -## [5.10.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.10.0) (2018-09-27) +## [5.10.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.10.0) - 2018-09-27 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.9.0...5.10.0) ### Added -- pdksync - \(MODULES-6805\) metadata.json shows support for puppet 6 [\#1026](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1026) ([tphoney](https://github.com/tphoney)) +- pdksync - (MODULES-6805) metadata.json shows support for puppet 6 [#1026](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1026) ([tphoney](https://github.com/tphoney)) -## [5.9.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.9.0) (2018-09-06) +## [5.9.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.9.0) - 2018-09-07 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.8.0...5.9.0) ### Added -- pdksync - \(MODULES-7705\) - Bumping stdlib dependency from \< 5.0.0 to \< 6.0.0 [\#1018](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1018) ([pmcmaw](https://github.com/pmcmaw)) +- pdksync - (MODULES-7705) - Bumping stdlib dependency from < 5.0.0 to < 6.0.0 [#1018](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1018) ([pmcmaw](https://github.com/pmcmaw)) -## [5.8.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.8.0) (2018-08-06) +## [5.8.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.8.0) - 2018-08-07 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.7.0...5.8.0) ### Added -- metadata.json: bump allowed version of puppetlabs-apt to 6.0.0 [\#1012](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1012) ([mateusz-gozdek-sociomantic](https://github.com/mateusz-gozdek-sociomantic)) +- metadata.json: bump allowed version of puppetlabs-apt to 6.0.0 [#1012](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1012) ([mateusz-gozdek-sociomantic](https://github.com/mateusz-gozdek-sociomantic)) -## [5.7.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.7.0) (2018-07-19) +## [5.7.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.7.0) - 2018-07-20 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.6.0...5.7.0) ### Added -- \(MODULES-7479\) Update postgresql to support Ubuntu 18.04 [\#1005](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1005) ([david22swan](https://github.com/david22swan)) -- \(MODULES-6542\) - Adding SLES 11 & 12 to metadata [\#1001](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1001) ([pmcmaw](https://github.com/pmcmaw)) +- (MODULES-7479) Update postgresql to support Ubuntu 18.04 [#1005](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1005) ([david22swan](https://github.com/david22swan)) +- (MODULES-6542) - Adding SLES 11 & 12 to metadata [#1001](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1001) ([pmcmaw](https://github.com/pmcmaw)) ### Fixed -- \(MODULES-7479\) Ensure net-tools is installed when testing on Ubuntu 18.04 [\#1006](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1006) ([david22swan](https://github.com/david22swan)) -- \(MODULES-7460\) - Updating grant table to include INSERT privileges [\#1004](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1004) ([pmcmaw](https://github.com/pmcmaw)) -- Fix packages choice for ubuntu 17.10 [\#1000](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1000) ([fflorens](https://github.com/fflorens)) +- (MODULES-7479) Ensure net-tools is installed when testing on Ubuntu 18.04 [#1006](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1006) ([david22swan](https://github.com/david22swan)) +- (MODULES-7460) - Updating grant table to include INSERT privileges [#1004](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1004) ([pmcmaw](https://github.com/pmcmaw)) +- Fix packages choice for ubuntu 17.10 [#1000](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1000) ([fflorens](https://github.com/fflorens)) -## [5.6.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.6.0) (2018-06-20) +## [5.6.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.6.0) - 2018-06-21 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.5.0...5.6.0) -### Changed +## [5.5.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.5.0) - 2018-06-19 -- Fix creation of recovery.conf file when recovery configuration is not specified [\#995](https://github.com/puppetlabs/puppetlabs-postgresql/pull/995) ([cdloh](https://github.com/cdloh)) +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.4.0...5.5.0) + +### Changed +- Fix creation of recovery.conf file when recovery configuration is not specified [#995](https://github.com/puppetlabs/puppetlabs-postgresql/pull/995) ([cdloh](https://github.com/cdloh)) ### Added -- Add compatibility for Fedora 28 [\#994](https://github.com/puppetlabs/puppetlabs-postgresql/pull/994) ([jflorian](https://github.com/jflorian)) -- \(MODULES-5994\) Add debian 9 [\#992](https://github.com/puppetlabs/puppetlabs-postgresql/pull/992) ([hunner](https://github.com/hunner)) -- Adding default Postgresql version for Ubuntu 18.04 [\#981](https://github.com/puppetlabs/puppetlabs-postgresql/pull/981) ([lutaylor](https://github.com/lutaylor)) +- Add compatibility for Fedora 28 [#994](https://github.com/puppetlabs/puppetlabs-postgresql/pull/994) ([jflorian](https://github.com/jflorian)) +- (MODULES-5994) Add debian 9 [#992](https://github.com/puppetlabs/puppetlabs-postgresql/pull/992) ([hunner](https://github.com/hunner)) +- Adding default Postgresql version for Ubuntu 18.04 [#981](https://github.com/puppetlabs/puppetlabs-postgresql/pull/981) ([lutaylor](https://github.com/lutaylor)) ### Fixed -- Fix quoting on schema owners [\#979](https://github.com/puppetlabs/puppetlabs-postgresql/pull/979) ([hasegeli](https://github.com/hasegeli)) - -## [5.5.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.5.0) (2018-04-06) - -[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.4.0...5.5.0) - -### Added +- Fix quoting on schema owners [#979](https://github.com/puppetlabs/puppetlabs-postgresql/pull/979) ([hasegeli](https://github.com/hasegeli)) -- Parameters `roles`, `config_entires`, and `pg_hba_rules` to `postgresql::server` for hiera [\#950](https://github.com/puppetlabs/puppetlabs-postgresql/pull/950) ([ekohl](https://github.com/ekohl)) - -## [5.4.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.4.0) (2018-03-22) +## [5.4.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.4.0) - 2018-03-27 [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.3.0...5.4.0) ### Added -- \(MODULES-6330\) PDK convert 1.4.1 [\#961](https://github.com/puppetlabs/puppetlabs-postgresql/pull/961) ([pmcmaw](https://github.com/pmcmaw)) -- Parameter `ensure` on `postgresql::server::grant` and `postgresql::server::database_grant` [\#891](https://github.com/puppetlabs/puppetlabs-postgresql/pull/891) ([georgehansper](https://github.com/georgehansper)) +- (MODULES-6330) PDK convert 1.4.1 [#961](https://github.com/puppetlabs/puppetlabs-postgresql/pull/961) ([pmcmaw](https://github.com/pmcmaw)) +- Parameter `ensure` on `postgresql::server::grant` and `postgresql::server::database_grant` [#891](https://github.com/puppetlabs/puppetlabs-postgresql/pull/891) ([georgehansper](https://github.com/georgehansper)) ### Fixed -- Documentation error, `reassign_owned_by` uses `*_role` not `*_owner`. [\#958](https://github.com/puppetlabs/puppetlabs-postgresql/pull/958) ([computermouth](https://github.com/computermouth)) - -## 5.3.0 -### Summary -Implements rubocop changes within the module, alongside other smaller changes. - -#### Added -- ensure=>absent added to postgresql::server:role. -- Support added for Fedora 27. -- scram-sha-256 added as a valid ph_hba_rule auth method. -- 9.6 settings inherited for later PgSQL versions on FreeBSD. -- A require has been added for puppet. - -#### Changed -- Changes made to avoid the useless loading of files by augeas. -- Modulesync changes. -- psql_path defaulted to postgresql::server::psql_path. -- Rubocop changes have been made. - -#### Removed -- Debian 9 support deprecated. - -## Supported Release 5.2.1 -### Summary -Bug fix for issue introduced in 5.2.0 - -#### Fixed -- issue where the module was attempting to install extensions before a database was available. ([SERVER-2003](https://tickets.puppetlabs.com/browse/SERVER-2003)) - -## Supported Release 5.2.0 -### Summary -Adds several new features including some work around OS support. Also includes a couple of fixes to tests and the removal of unsupported Ubuntu versions. - -#### Added -- Added default postgresql version of Ubuntu 17.4 version to the globals.pp file. -- Fedora 26 provides postgresql-server version 9.6 by default - Added support to manifests/globals.pp to avoid puppet failures on Fedora 26 nodes. -- Use postgresql 9.6 for the newest SLES and openSUSE releases. -- Enhanced --data-checksums on initdb. -- Added support for Debian version 9. -- Added a `version` parameter. - -#### Changed -- Replaced validate_re calls with puppet datatype `Pattern` and is_array calls with puppet datatype `Array`. -- Installation method for apt in the spec_helper_acceptance, this is a temporary workaround due to issues with module installation. - -#### Fixed -- Updated spec tests to remove deprecation warnings. -- Docs formatting. -- Pass default_connect_settings to validate service ([MODULES-4682](https://tickets.puppetlabs.com/browse/MODULES-4682)) -- Rocket Alignment for Lint. -- Fixed changes in error messages in tests ([MODULES-5378](https://tickets.puppetlabs.com/browse/MODULES-5378)) - -#### Removed -- Removed unsupported Ubuntu versions 10.04 and 12.04 ([MODULES-5501](https://tickets.puppetlabs.com/browse/MODULES-5501)) -- Removed unsupported Debian version 6. -- Removed numeric order override. - -## Supported Release 5.1.0 -### Summary -This release includes Japanese translations for internationalization, Puppet 5 support, implementation of defined type postgresql::server::reassign_owned_by. - -#### Features -- Updating translations for readmes/README_ja_JP.md -- add defined type postgresql::server::reassign_owned_by -- Allow order parameter to be string value -- prep for puppet 5 ([MODULES-5144](https://tickets.puppetlabs.com/browse/MODULES-5144)) -- add data_checksums option to initdb -- parameter ensure of custom resource postgresql_replication_slot is not documented ([MODULES-2989](https://tickets.puppetlabs.com/browse/MODULES-2989)) - -#### Bug Fixes -- Adding a space for header formatting -- use https for apt.postgresql.org repo -- msync puppet 5 and ruby 2.4 ([MODULES-5197](https://tickets.puppetlabs.com/browse/MODULES-5187)) -- Only run test on postgresql >= 9.0 ([FM-6240](https://tickets.puppetlabs.com/browse/FM-6240)) -- Fix Ruby 2.4 deprecation in postgresql_acls_to_resources_hash - -## Supported Release 5.0.0 -### Summary -This **major** release dropped support for Puppet 3 and PostgreSQL 8.x, added Puppet 4 data types, and deprecated the validate_db_connection type. - -#### Added -- `locales/` directory, .pot file, and i18n `config.yaml`. ([FM-6116](https://tickets.puppet.com/browse/FM-6116)) -- `update_password` parameter to toggle password management per role. -- **Puppet 4** type validation. -- new `postgresql_conn_validator` custom type and deprecated `validate_db_connection`. ([MODULES-1394](https://tickets.puppet.com/browse/MODULES-1394)) - -#### Changed -- default postgis versions in postgresql::globals to use newer versions. -- puppetlabs-concat and puppetlabs-apt dependencies to use latest versions. ([MODULES-4906](https://tickets.puppet.com/browse/MODULES-4906), [MODULES-4947](https://tickets.puppet.com/browse/MODULES-4947)) -- default value for `log_line_prefix` to `undef`. -- `listen_addresses` default value to 'localhost'. Allows for it to be set independently of a class declaration. -- use of stdlib validate_* functions. They have been removed in favor of Puppet 4 type validation. -- lower Puppet dependency in metadata to 4.7.0. ([MODULES-4826](https://tickets.puppet.com/browse/MODULES-4826)) - -#### Fixed -- deprecated apt::source parameters(`key`,`key_source`, & `include_src`). -- default SUSE parameters. ([MODULES-4598](https://tickets.puppet.com/browse/MODULES-4598)) -- use of force parameter on concat resources. - -## Supported Release 4.9.0 -### Summary -This release adds several types and, among other bugs, fixes an issue with the yum URL. - -#### Features -- Modifying ownership of databases and schemas now available (MODULES-3247) -- Use `module_workdir` to specify a custom directory in which to execute psql commands -- `grant_role` and `grant` types added! -- Support for parallel unit testing (parallel_tests) -- Override download/installation repo URL with `repo_baseurl` -- Set your timezone with `timezone` -- Grant privileges on LANGUAGEs -- Added support for Debian Stretch and Ubuntu Yakkety Yak - -#### Bugfixes -- Usernames and passwords are now converted to strings before password hash is created -- Specify default database name if it is not the username -- Update to yum repo -- Schema name conflicts fix - -## Supported Release 4.8.0 -### Summary -This release primarily fixes an issue with `postgresql_conf` values of ipaddresses being considered floats and not getting quoted. - -#### Features -- Add `default_connect_settings` parameter to `postgresql::server` -- Running under strict variables is now supported -- Add timestamps into logs by default - -#### Bugfixes -- Obscure password in postgresql\_psql type -- Fix ip address quoting in postgresql\_conf type -- Fix handling of systemd service on Ubuntu -- Mark log_min_duration_statement setting as requiring a service restart -- Add fixes for Fedora 23, Fedora 24, FreeBSD, OpenBSD -- Fix environment handling to avoid "Overriding environment setting" message -- Work around PUP-6385, using empty arrays instead of undef when specifying resource relationships -- README editorial pass -- Reduce whitespace in templates -- Update build/test infrastructure - -## Supported Release 4.7.1 -### Summary -This release contains some bugfixes and documentation updates. - -#### Bugfixes -- (MODULES-3024) Quote database objects when creating databases. -- Properly escape case where password ends with '$'. -- Fixes password change when postgres is configure to non-standard port. -- Unpins concat dependency to be able to use concat 2.x. -- Workaround to fix installing on Amazon Linux. -- Fixes proper defaulting of `$service_provider` parameter. -- Fixes postgres server init script naming on Amazon Linux. -- Fixes service reload parameter on Arch Linux. -- Adds missing onlyif_function to sequence grant code. -- Fixes to the markdown of the README. - -## Supported Release 4.7.0 -### Summary -A release with a considerable amount of new features, including remote db support and several platform support updates. Various bugfixes including several to address warnings and a sizable README update. - -#### Features -- Remote DB support - Connection-settings allows a hash of options that can be used when connecting to a remote DB. -- Debian 8 support. -- Updated systemd-override to support fedora and CentOS paths. -- Adds the ability to define the extension name separately from the title of the resource, which allows you to add the extension to more than one database. -- Added parameter to disable automatic service restarts on config changes. -- Ubuntu 15.10 compatibility. -- OpenBSD version is now 9.4. -- Added .gitattributes to maintain line endings for .sh and .rb files. -- Adds default postgis version for 9.5. -- Allows float postgresql_conf values. -- Schedule apt update after install of repo. - -#### Bugfixes -- Fixed systemd-override for RedHat systems with unmanaged Yum repos. -- Removed inherits postgresql::params. -- Multi-node tests are now not ran by default. -- Change apt::pin to apt_postgresql_org to prevent error message. -- Removed syntax error near UTF8. -- Removal of extra blanks and backslashes in README. -- Double quotes now used around database name to prevent syntax error. -- Removes ruby 1.8.7 and puppet 2.7 from travis-ci jobs. -- Fixed paths to work on Amazon Linux. -- Fixed quotes around locale options. -- Huge README update. -- Update to use current msync configs. -- Fixes postgresql::server acceptance test descriptions. - -## Supported Release 4.6.1 -###Summary - -Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. - -## 2015-09-01 - Supported Release 4.6.0 -### Summary -This release adds a proxy feature for yum, Postgis improvements, and decoupling pg_hba_rule from postgresql::server. - -#### Features -- Support setting a proxy for yum operations -- Allow for undefined PostGIS version -- Decouple pg_hba_rule from postgresql::server - -#### Bugfixes -- Fix postgis default package name on RedHat - -## 2015-07-27 - Supported Release 4.5.0 -### Summary -This release adds sequence grants, some postgresql 9.4 fixes, and `onlyif` to -the psql resource. - -### Features -- Add `onlyif` parameter to `postgresql_psql` -- Add unsupported compatibility with Ubuntu 15.04 -- Add unsupported compatibility with SLES 11/12 and OpenSuSE 13.2 -- Add `postgresql::server::grant::onlyif_exists` attribute -- Add `postgresql::server::table_grant::onlyif_exists` attribute -- Add granting permissions on sequences - -### Bugfixes -- Added docs for `postgresql::server::grant` -- Fix `pg_hba_conf_defaults => false` to not disable ipv4/ipv6 acls -- Fix 9.4 for `postgresql::server::pg_hba_rule` - -## 2015-07-07 - Supported Release 4.4.2 -### Summary -This release fixes a bug introduced in 4.4.0. - -#### Bugfixes -- Fixes `withenv` execution under Puppet 2.7. (MODULES-2185) - -## 2015-07-01 - Supported Release 4.4.1 -### Summary -This release fixes RHEL 7 & Fedora with manage_package_repo switched on. - -#### Bugfixes -- Ensure manage_package_repo variable is in scope for systemd-override file for RHEL7 - -## 2015-06-30 - Supported Release 4.4.0 -### Summary -This release has several new features, bugfixes, and test improvements. - -#### Features -- Adds a resource to manage recovery.conf. -- Adds a parameter that allows the specification of a validate connection script in `postgresql::client`. -- Adds support for plpython package management. -- Adds support for postgresql-docs management. -- Adds ability to make `postgresql::server::schema` titles unique. (MODULES-2049) -- Updates puppetlabs-apt module dependency to support version 2.1.0. - -#### Bugfixes -- Fix `postgresql_psql` parameter ordering to work on OpenBSD with Future Parser -- Fix setting postgres role password (MODULES-1869) -- Fix execution command with puppet <3.4 (MODULES-1923) -- Fix Puppet.newtype deprecation warning (MODULES-2007) -- Fix systemd override for manage_repo package versions -- Fix Copy snakeoil certificate and key instead of symlinking - -#### Test Improvements -- Allows setting BEAKER and BEAKER_RSPEC versions via environment variables. -- Enables Unit testing on Travis CI with Puppet 4. -- Cleans up spec_helper_acceptance.rb to use new puppet_install_helper gem. - -## 2015-03-24 - Supported Release 4.3.0 -### Summary -This release fixes compatibility with Puppet 4 and removes opportunities for local users to view the postgresql password. It also adds a new custom resource to aid in managing replication. - -#### Features -- Add `postgresql::server::logdir` parameter to manage the logdir -- Add `environment` parameter to `postgresql_psql` -- Add `postgresql_replication_slot` custom resource - -#### Bugfixes -- Fix for Puppet 4 -- Don't print postgresql\_psql password in command -- Allow `postgresql::validate_db_connection` for more than one host+port+database combo -- Fix service command on Debian 8 and up -- Fix `postgresql::server::extension` to work with custom user/group/port -- Fix `postgresql::server::initdb` to work with custom user/group/port -- Fix changing template1 encoding -- Fix default `postgresql::server::grant::object_name` value -- Fix idempotency of granting all tables in schema with `puppet::server::grant` -- Fix lint warnings -- Fix apt key to use 40 character key and bump puppetlabs-apt to >= 1.8.0 < 2.0.0 - - -##2015-03-10 - Supported Release 4.2.0 -###Summary - -This release has several new features including support for server extensions, improved grant support, and a number of bugfixes. - -####Features -- Changes to support OpenBSD -- Add `service_reload` parameter to `postgresql::server` -- Add `comment` parameter to `postgresql::server::database` (MODULES-1153) -- Add `postgresql::server::extension` defined type -- Add postgresql versions for utopic and jessie -- Update `postgresql::server::grant` to support 'GRANT SCHEMA' and 'ALL TABLES IN SCHEMA' - -####Bugfixes -- Lint cleanup -- Remove outdated upgrade info from README -- Use correct TCP port when checking password -- Create role before database -- Fix template1 encoding on Debian -- Require server package before user permissions -- Fix `service_status` default for FreeBSD to allow PostgreSQL to start the first run -- Fix invalid US-ASCII byte sequence in `postgresql::server::grant` comments -- Reverted to default behavior for Debian systems as `pg_config` should not be overwritten (MODULES-1485) - -##2014-11-04 - Supported Release 4.1.0 -###Summary - -This release adds the ability to change the PGDATA directory, and also includes documentation and test updates, future parser support, and a few other new features. - -####Features -- Future parser support -- Documentation updates -- Test updates -- Add a link from `/etc/sysconfig/pgsql/postgresql-${version}` to `/etc/sysconfig/pgsql/postgresql` to support init scripts from the postgresql.org repo -- Add support for changing the PGDATA directory -- Set default versions for Fedora 21 and FreeBSD - -##2014-09-03 - Supported Release 4.0.0 -###Summary - -This release removes the uninstall ability from the module, removes the firewall -management, overhauls all of the acceptance testing, as well as adds better -support for SuSE and Fedora. - -###Backwards Incompatible changes. - -- Uninstall code removal. -- Firewall management for Postgres. -- Set manage_pg_ident_conf to true. - -####Uninstallation removal - -We rely heavily on the ability to uninstall and reinstall postgres throughout -our testing code, testing features like "can I move from the distribution -packages to the upstream packages through the module" and over time we've -learnt that the uninstall code simply doesn't work a lot of the time. It -leaves traces of postgres behind or fails to remove certain packages on Ubuntu, -and generally causes bits to be left on your system that you didn't expect. - -When we then reinstall things fail because it's not a true clean slate, and -this causes us enormous problems during test. We've spent weeks and months -working on these tests and they simply don't hold up well across the full range -of PE platforms. - -Due to all these problems we've decided to take a stance on uninstalling in -general. We feel that in 2014 it's completely reasonable and normal to have a -good provisioning pipeline combined with your configuration management and the -"correct" way to uninstall a fully installed service like postgresql is to -simply reprovision the server without it in the first place. As a general rule -this is how I personally like to work and I think is a good practice. - -####I'm not OK with this! - -We understand that there are environments and situations in which it's not easy -to do that. What if you accidently deployed Postgres on 100,000 nodes? In the -future we're going to take a look at building some example 'profiles' to be -found under examples/ within this module that can uninstall postgres on popular -platforms. These can be modified and used in your specific case to uninstall -postgresql. They will be much more brute force and reliant on deleting entire -directories and require you to do more work up front in specifying where things -are installed but we think it'll prove to be a much cleaner mechanism for this -kind of thing rather than trying to weave it into the main module logic itself. - -####Features -- Removal of uninstall. -- Removal of firewall management. -- Tests ported to rspec3. -- Acceptance tests rewritten. -- Add a defined type for creating database schemas. -- Add a pg_ident_rule defined type. -- Set manage_pg_ident_conf to true. -- Manage pg_ident.conf by default. -- Improve selinux support for tablespace. -- Remove deprecation warnings. -- Support changing PGDATA on RedHat. -- Add SLES 11 support. - -####Bugfixes -- Link pg_config binary into /usr/bin. -- Fix fedora support by using systemd. -- Initdb should create xlogdir if set. -- Use a regular expression to match the major OS version on Ubuntu. - -##2014-07-31 - Supported Release 3.4.2 -###Summary - -This release fixes recent Fedora versions. - -####Features -####Bugfixes -- Fix Fedora. - -##2014-07-15 - Supported Release 3.4.1 -###Summary - -This release merely updates metadata.json so the module can be uninstalled and -upgraded via the puppet module command. - -##2014-04-14 - Supported Release 3.4.0 -###Summary - -This feature rolls up several important features, the biggest being PostGIS -handling and allowing `port` to be set on postgresql::server in order to -change the port that Postgres listens on. We've added support for RHEL7 -and Ubuntu 14.04, as well as allowing you to manage the service via -`service_ensure` finally. - -####Features -- Added `perl_package_name` for installing bindings. -- Added `service_ensure` for allowing control of services. -- Added `postgis_version` and postgis class for installing postgis. -- Added `port` for selecting the port Postgres runs on. -- Add support for RHEL7 and Ubuntu 14.04. -- Add `default_db` to postgresql::server::database. -- Widen the selection of unquoted parameters in postgresql_conf{} -- Require the service within postgresql::server::reload for RHEL7. -- Add `inherit` to postgresql::server::role. - -####Bugfixes - -##2014-03-04 - Supported Release 3.3.3 -###Summary - -This is a supported release. This release removes a testing symlink that can -cause trouble on systems where /var is on a seperate filesystem from the -modulepath. - -####Features -####Bugfixes -####Known Bugs -* SLES is not supported. - -##2014-03-04 - Supported Release 3.3.2 -###Summary -This is a supported release. It fixes a problem with updating passwords on postgresql.org distributed versions of PostgreSQL. - -####Bugfixes -- Correct psql path when setting password on custom versions. -- Documentation updates -- Test updates - -####Known Bugs -* SLES is not supported. - - -##2014-02-12 - Version 3.3.1 -####Bugfix: -- Allow dynamic rubygems host - - -##2014-01-28 - Version 3.3.0 - -###Summary - -This release rolls up a bunch of bugfixes our users have found and fixed for -us over the last few months. This improves things for 9.1 users, and makes -this module usable on FreeBSD. - -This release is dedicated to 'bma', who's suffering with Puppet 3.4.1 issues -thanks to Puppet::Util::SUIDManager.run_and_capture. - -####Features - - Add lc_ config entry settings - - Can pass template at database creation. - - Add FreeBSD support. - - Add support for customer `xlogdir` parameter. - - Switch tests from rspec-system to beaker. (This isn't really a feature) - -####Bugfixes - - Properly fix the deprecated Puppet::Util::SUIDManager.run_and_capture errors. - - Fix NOREPLICATION option for Postgres 9.1 - - Wrong parameter name: manage_pg_conf -> manage_pg_hba_conf - - Add $postgresql::server::client_package_name, referred to by install.pp - - Add missing service_provider/service_name descriptions in ::globals. - - Fix several smaller typos/issues throughout. - - Exec['postgresql_initdb'] needs to be done after $datadir exists - - Prevent defined resources from floating in the catalog. - - Fix granting all privileges on a table. - - Add some missing privileges. - - Remove deprecated and unused concat::fragment parameters. - - -##2013-11-05 - Version 3.2.0 - -###Summary - -Add's support for Ubuntu 13.10 (and 14.04) as well as x, y, z. - -####Features -- Add versions for Ubuntu 13.10 and 14.04. -- Use default_database in validate_db_connection instead of a hardcoded -'postgres' -- Add globals/params layering for default_database. -- Allow specification of default database name. +- Documentation error, `reassign_owned_by` uses `*_role` not `*_owner`. [#958](https://github.com/puppetlabs/puppetlabs-postgresql/pull/958) ([computermouth](https://github.com/computermouth)) -####Bugs -- Fixes to the README. +## [5.3.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.3.0) - 2018-02-26 +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.2.1...5.3.0) -##2013-10-25 - Version 3.1.0 - -###Summary - -This is a minor feature and bug fix release. - -Firstly, the postgresql_psql type now includes a new parameter `search_path` which is equivalent to using `set search_path` which allows you to change the default schema search path. - -The default version of Fedora 17 has now been added, so that Fedora 17 users can enjoy the module. - -And finally we've extended the capabilities of the defined type postgresql::validate_db_connection so that now it can handle retrying and sleeping between retries. This feature has been monopolized to fix a bug we were seeing with startup race conditions, but it can also be used by remote systems to 'wait' for PostgreSQL to start before their Puppet run continues. - -####Features -- Defined $default_version for Fedora 17 (Bret Comnes) -- add search_path attribute to postgresql_psql resource (Jeremy Kitchen) -- (GH-198) Add wait and retry capability to validate_db_connection (Ken Barber) - -####Bugs -- enabling defined postgres user password without resetting on every puppet run (jonoterc) -- periods are valid in configuration variables also (Jeremy Kitchen) -- Add zero length string to join() function (Jarl Stefansson) -- add require of install to reload class (cdenneen) -- (GH-198) Fix race condition on postgresql startup (Ken Barber) -- Remove concat::setup for include in preparation for the next concat release (Ken Barber) - - -##2013-10-14 - Version 3.0.0 +### Added -Final release of 3.0, enjoy! +- Support extension schemas [#948](https://github.com/puppetlabs/puppetlabs-postgresql/pull/948) ([hasegeli](https://github.com/hasegeli)) +- Inherit 9.6 settings for later PgSQL version on FreeBSD [#945](https://github.com/puppetlabs/puppetlabs-postgresql/pull/945) ([olevole](https://github.com/olevole)) +- MODULES-6194 - Add scram-sha-256 as a valid pg_hba_rule auth method [#941](https://github.com/puppetlabs/puppetlabs-postgresql/pull/941) ([f3nry](https://github.com/f3nry)) +- FM-6445 add a task [#930](https://github.com/puppetlabs/puppetlabs-postgresql/pull/930) ([tphoney](https://github.com/tphoney)) +- add ensure=>absent to postgresql::server::role [#897](https://github.com/puppetlabs/puppetlabs-postgresql/pull/897) ([georgehansper](https://github.com/georgehansper)) +### Fixed -##2013-10-14 - Version 3.0.0-rc3 +- (maint) - Skip run_puppet_access_login on LTS [#956](https://github.com/puppetlabs/puppetlabs-postgresql/pull/956) ([pmcmaw](https://github.com/pmcmaw)) +- (MODULES-6608) - Adding puppet requirement for tasks versioncmp in beaker-task_helper [#952](https://github.com/puppetlabs/puppetlabs-postgresql/pull/952) ([pmcmaw](https://github.com/pmcmaw)) +- defaulted psql_path to postgresql::server::psql_path [#947](https://github.com/puppetlabs/puppetlabs-postgresql/pull/947) ([crayfishx](https://github.com/crayfishx)) +- According to the puppet doc, Pattern should be a list of regex. [#942](https://github.com/puppetlabs/puppetlabs-postgresql/pull/942) ([PierreR](https://github.com/PierreR)) +- This pull request fixes an augeas warning [#935](https://github.com/puppetlabs/puppetlabs-postgresql/pull/935) ([iakovgan](https://github.com/iakovgan)) -###Summary +## [5.2.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.2.1) - 2017-11-14 -Add a parameter to unmanage pg_hba.conf to fix a regression from 2.5, as well -as allowing owner to be passed into x. +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.2.0...5.2.1) -####Features -- `manage_pg_hba_conf` parameter added to control pg_hba.conf management. -- `owner` parameter added to server::db. +### Fixed +- (MODULES-5956) fixes for postgresql release [#934](https://github.com/puppetlabs/puppetlabs-postgresql/pull/934) ([jbondpdx](https://github.com/jbondpdx)) +- add parameter "version" to postgresql::server::extension - fix dependency on database [#932](https://github.com/puppetlabs/puppetlabs-postgresql/pull/932) ([georgehansper](https://github.com/georgehansper)) -##2013-10-09 - Version 3.0.0-rc2 +## [5.2.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.2.0) - 2017-10-09 -###Summary +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.1.0...5.2.0) -A few bugfixes have been found since -rc1. +### Added -####Fixes -- Special case for $datadir on Amazon -- Fix documentation about username/password for the postgresql_hash function +- add parameter "version" to postgresql::server::extension to update the extension version [#896](https://github.com/puppetlabs/puppetlabs-postgresql/pull/896) ([georgehansper](https://github.com/georgehansper)) +### Fixed -##2013-10-01 - Version 3.0.0-rc1 +- (PUP-8008) monkey patch spec_helper_acceptance [#925](https://github.com/puppetlabs/puppetlabs-postgresql/pull/925) ([eputnam](https://github.com/eputnam)) +- (PUP-8008) monkey patch spec_helper_acceptance [#924](https://github.com/puppetlabs/puppetlabs-postgresql/pull/924) ([eputnam](https://github.com/eputnam)) +- enhance --data-checksums on initdb [#915](https://github.com/puppetlabs/puppetlabs-postgresql/pull/915) ([mmoll](https://github.com/mmoll)) +- MODULES-5378 fix the change in error message [#909](https://github.com/puppetlabs/puppetlabs-postgresql/pull/909) ([tphoney](https://github.com/tphoney)) +- MODULES-5378 fix error message checking in test [#908](https://github.com/puppetlabs/puppetlabs-postgresql/pull/908) ([tphoney](https://github.com/tphoney)) +- Default contcat order [#900](https://github.com/puppetlabs/puppetlabs-postgresql/pull/900) ([matonb](https://github.com/matonb)) -###Summary +## [5.1.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.1.0) - 2017-07-17 -Version 3 was a major rewrite to fix some internal dependency issues, and to -make the new Public API more clear. As a consequence a lot of things have -changed for version 3 and older revisions that we will try to outline here. +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.0.0...5.1.0) -(NOTE: The format of this CHANGELOG differs to normal in an attempt to -explain the scope of changes) +### Added -* Server specific objects now moved under `postgresql::server::` namespace: +- add defined type postgresql::server::reassign_owned_by [#894](https://github.com/puppetlabs/puppetlabs-postgresql/pull/894) ([georgehansper](https://github.com/georgehansper)) +- add data_checksums option to initdb [#878](https://github.com/puppetlabs/puppetlabs-postgresql/pull/878) ([tjikkun](https://github.com/tjikkun)) -To restructure server specific elements under the `postgresql::server::` -namespaces the following objects were renamed as such: +## [5.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.0.0) - 2017-06-21 -`postgresql::database` -> `postgresql::server::database` -`postgresql::database_grant` -> `postgresql::server::database_grant` -`postgresql::db` -> `postgresql::server::db` -`postgresql::grant` -> `postgresql::server::grant` -`postgresql::pg_hba_rule` -> `postgresql::server::pg_hba_rule` -`postgresql::plperl` -> `postgresql::server::plperl` -`postgresql::contrib` -> `postgresql::server::contrib` -`postgresql::role` -> `postgresql::server::role` -`postgresql::table_grant` -> `postgresql::server::table_grant` -`postgresql::tablespace` -> `postgresql::server::tablespace` +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.9.0...5.0.0) -* New `postgresql::server::config_entry` resource for managing configuration: +### Changed +- Unset default log_line_prefix [#870](https://github.com/puppetlabs/puppetlabs-postgresql/pull/870) ([hasegeli](https://github.com/hasegeli)) +- Let listen_addresses be defined independently [#865](https://github.com/puppetlabs/puppetlabs-postgresql/pull/865) ([hasegeli](https://github.com/hasegeli)) -Previously we used the `file_line` resource to modify `postgresql.conf`. This -new revision now adds a new resource named `postgresql::server::config_entry` -for managing this file. For example: +### Added -```puppet - postgresql::server::config_entry { 'check_function_bodies': - value => 'off', - } -``` +- (MODULES-1394) replace validate_db_connection type with custom type [#879](https://github.com/puppetlabs/puppetlabs-postgresql/pull/879) ([eputnam](https://github.com/eputnam)) +- [msync] 786266 Implement puppet-module-gems, a45803 Remove metadata.json from locales config [#860](https://github.com/puppetlabs/puppetlabs-postgresql/pull/860) ([wilson208](https://github.com/wilson208)) +- (FM-6116) - Adding POT file for metadata.json [#857](https://github.com/puppetlabs/puppetlabs-postgresql/pull/857) ([pmcmaw](https://github.com/pmcmaw)) +- Allowo to disable managing passwords for users [#846](https://github.com/puppetlabs/puppetlabs-postgresql/pull/846) ([bjoernhaeuser](https://github.com/bjoernhaeuser)) -If you were using `file_line` for this purpose, you should change to this new -methodology. +### Fixed -* `postgresql_puppet_extras.conf` has been removed: +- (maint) fix for connection validator [#882](https://github.com/puppetlabs/puppetlabs-postgresql/pull/882) ([eputnam](https://github.com/eputnam)) +- (MODULES-5050) Fix for grant_schema_spec [#881](https://github.com/puppetlabs/puppetlabs-postgresql/pull/881) ([eputnam](https://github.com/eputnam)) +- [MODULES-4598] Revert "Revert "fix default params for SUSE family OSes"" [#863](https://github.com/puppetlabs/puppetlabs-postgresql/pull/863) ([mmoll](https://github.com/mmoll)) +- [MODULES-4598] Revert "fix default params for SUSE family OSes" [#858](https://github.com/puppetlabs/puppetlabs-postgresql/pull/858) ([wilson208](https://github.com/wilson208)) -Now that we have a methodology for managing `postgresql.conf`, and due to -concerns over the file management methodology using an `exec { 'touch ...': }` -as a way to create an empty file the existing postgresql\_puppet\_extras.conf -file is no longer managed by this module. +## [4.9.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.9.0) - 2017-03-09 -If you wish to recreate this methodology yourself, use this pattern: +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.8.0...4.9.0) -```puppet - class { 'postgresql::server': } +### Added - $extras = "/tmp/include.conf" +- (MODULES-1508) add support for unix_socket_directories [#845](https://github.com/puppetlabs/puppetlabs-postgresql/pull/845) ([eputnam](https://github.com/eputnam)) +- (MODULES-1127) allow LANGUAGE as valid object_type [#838](https://github.com/puppetlabs/puppetlabs-postgresql/pull/838) ([eputnam](https://github.com/eputnam)) +- Support granting SELECT and UPDATE permission on sequences (MODULES-4158) [#823](https://github.com/puppetlabs/puppetlabs-postgresql/pull/823) ([chris-reeves](https://github.com/chris-reeves)) - file { $extras: - content => 'max_connections = 123', - notify => Class['postgresql::server::service'], - }-> - postgresql::server::config_entry { 'include': - value => $extras, - } -``` +### Fixed -* All uses of the parameter `charset` changed to `encoding`: +- (MODULES-1707) add logic to params.pp for jdbc driver package on Debian [#847](https://github.com/puppetlabs/puppetlabs-postgresql/pull/847) ([eputnam](https://github.com/eputnam)) +- (maint) Schemas for a db should come after db [#840](https://github.com/puppetlabs/puppetlabs-postgresql/pull/840) ([hunner](https://github.com/hunner)) +- Fix typo: hostnosssl [#837](https://github.com/puppetlabs/puppetlabs-postgresql/pull/837) ([df7cb](https://github.com/df7cb)) +- Fix SQL style on role.pp [#794](https://github.com/puppetlabs/puppetlabs-postgresql/pull/794) ([hasegeli](https://github.com/hasegeli)) +- (#3858) Fix unless check in grant_role to work with roles as well as users [#788](https://github.com/puppetlabs/puppetlabs-postgresql/pull/788) ([thunderkeys](https://github.com/thunderkeys)) -Since PostgreSQL uses the terminology `encoding` not `charset` the parameter -has been made consisent across all classes and resources. +## [4.8.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.8.0) - 2016-07-26 -* The `postgresql` base class is no longer how you set globals: +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.7.1...4.8.0) -The old global override pattern was less then optimal so it has been fixed, -however we decided to demark this properly by specifying these overrides in -the class `postgresql::global`. Consult the documentation for this class now -to see what options are available. +## [4.7.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.7.1) - 2016-02-18 -Also, some parameter elements have been moved between this and the -`postgresql::server` class where it made sense. +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.7.0...4.7.1) -* `config_hash` parameter collapsed for the `postgresql::server` class: +### Fixed -Because the `config_hash` was really passing data through to what was in -effect an internal class (`postgresql::config`). And since we don't want this -kind of internal exposure the parameters were collapsed up into the -`postgresql::server` class directly. +- Add missing onlyif_function to sequence grant code [#738](https://github.com/puppetlabs/puppetlabs-postgresql/pull/738) ([cfrantsen](https://github.com/cfrantsen)) +- Correctly set $service_provider [#735](https://github.com/puppetlabs/puppetlabs-postgresql/pull/735) ([antaflos](https://github.com/antaflos)) -* Lots of changes to 'private' or 'undocumented' classes: +## [4.7.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.7.0) - 2016-02-02 -If you were using these before, these have changed names. You should only use -what is documented in this README.md, and if you don't have what you need you -should raise a patch to add that feature to a public API. All internal classes -now have a comment at the top indicating them as private to make sure the -message is clear that they are not supported as Public API. +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.6.1...4.7.0) -* `pg_hba_conf_defaults` parameter included to turn off default pg\_hba rules: +### Added -The defaults should be good enough for most cases (if not raise a bug) but if -you simply need an escape hatch, this setting will turn off the defaults. If -you want to do this, it may affect the rest of the module so make sure you -replace the rules with something that continues operation. +- (MODULES-2960) Allow float postgresql_conf values [#721](https://github.com/puppetlabs/puppetlabs-postgresql/pull/721) ([hunner](https://github.com/hunner)) -* `postgresql::database_user` has now been removed: +## [4.6.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.6.1) - 2015-12-04 -Use `postgresql::server::role` instead. +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.6.0...4.6.1) -* `postgresql::psql` resource has now been removed: +## [4.6.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.6.0) - 2015-09-01 -Use `postgresql_psql` instead. In the future we may recreate this as a wrapper -to add extra capability, but it will not match the old behaviour. +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.5.0...4.6.0) -* `postgresql_default_version` fact has now been removed: +### Fixed -It didn't make sense to have this logic in a fact any more, the logic has been -moved into `postgresql::params`. +- Fix postgis default package name on RedHat [#674](https://github.com/puppetlabs/puppetlabs-postgresql/pull/674) ([ckaenzig](https://github.com/ckaenzig)) -* `ripienaar/concat` is no longer used, instead we use `puppetlabs/concat`: +## [4.5.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.5.0) - 2015-07-28 -The older concat module is now deprecated and moved into the -`puppetlabs/concat` namespace. Functionality is more or less identical, but -you may need to intervene during the installing of this package - as both use -the same `concat` namespace. +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.4.2...4.5.0) ---- -##2013-09-09 Release 2.5.0 +## [4.4.2](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.4.2) - 2015-07-08 -###Summary +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.4.1...4.4.2) -The focus of this release is primarily to capture the fixes done to the -types and providers to make sure refreshonly works properly and to set -the stage for the large scale refactoring work of 3.0.0. +### Added -####Features +- (#2056) Added 9.4, corrected past versions based on docs [#625](https://github.com/puppetlabs/puppetlabs-postgresql/pull/625) ([cjestel](https://github.com/cjestel)) +### Fixed -####Bugfixes -- Use boolean for refreshonly. -- Fix postgresql::plperl documentation. -- Add two missing parameters to config::beforeservice -- Style fixes +- (MODULES-2185) Fix `withenv` execution under Puppet 2.7 [#664](https://github.com/puppetlabs/puppetlabs-postgresql/pull/664) ([domcleal](https://github.com/domcleal)) +## [4.4.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.4.1) - 2015-07-01 -##2013-08-01 Release 2.4.1 +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.4.0...4.4.1) -###Summary +### Fixed -This minor bugfix release solves an idempotency issue when using plain text -passwords for the password_hash parameter for the postgresql::role defined -type. Without this, users would continually see resource changes everytime -your run Puppet. +- (MODULES-2181) Fix variable scope for systemd-override [#659](https://github.com/puppetlabs/puppetlabs-postgresql/pull/659) ([kbarber](https://github.com/kbarber)) -####Bugfixes -- Alter role call not idempotent with cleartext passwords (Ken Barber) +## [4.4.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.4.0) - 2015-06-30 +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.3.0...4.4.0) -##2013-07-19 Release 2.4.0 +### Added -###Summary +- (MODULES-1761) Provide defined resource for managing recovery.conf [#603](https://github.com/puppetlabs/puppetlabs-postgresql/pull/603) ([dacrome](https://github.com/dacrome)) -This updates adds the ability to change permissions on tables, create template -databases from normal databases, manage PL-Perl's postgres package, and -disable the management of `pg_hba.conf`. +### Fixed -####Features -- Add `postgresql::table_grant` defined resource -- Add `postgresql::plperl` class -- Add `manage_pg_hba_conf` parameter to the `postgresql::config` class -- Add `istemplate` parameter to the `postgresql::database` define +- (FM-2931) fixes logic problem with onlyif type param validation. [#654](https://github.com/puppetlabs/puppetlabs-postgresql/pull/654) ([bmjen](https://github.com/bmjen)) +- Fixed systemd override for manage_repo package versions [#639](https://github.com/puppetlabs/puppetlabs-postgresql/pull/639) ([cdenneen](https://github.com/cdenneen)) +- Apt fix [#618](https://github.com/puppetlabs/puppetlabs-postgresql/pull/618) ([tphoney](https://github.com/tphoney)) +- Fix URLs in metadata.json [#599](https://github.com/puppetlabs/puppetlabs-postgresql/pull/599) ([raphink](https://github.com/raphink)) -####Bugfixes -- Update `postgresql::role` class to be able to update roles when modified -instead of only on creation. -- Update tests -- Fix documentation of `postgresql::database_grant` +## [4.3.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.3.0) - 2015-03-25 +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.2.0...4.3.0) -##2.3.0 +## [4.2.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.2.0) - 2015-03-10 -This feature release includes the following changes: +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.1.0...4.2.0) -* Add a new parameter `owner` to the `database` type. This can be used to - grant ownership of a new database to a specific user. (Bruno Harbulot) -* Add support for operating systems other than Debian/RedHat, as long as the - user supplies custom values for all of the required paths, package names, etc. - (Chris Price) -* Improved integration testing (Ken Barber) +### Fixed +- Fix comment detection [#559](https://github.com/puppetlabs/puppetlabs-postgresql/pull/559) ([hunner](https://github.com/hunner)) +- Fix comment detection [#558](https://github.com/puppetlabs/puppetlabs-postgresql/pull/558) ([hunner](https://github.com/hunner)) -##2.2.1 +## [4.1.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.1.0) - 2014-11-04 -This release fixes a bug whereby one of our shell commands (psql) were not ran from a globally accessible directory. This was causing permission denied errors when the command attempted to change user without changing directory. +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/4.0.0...4.1.0) -Users of previous versions might have seen this error: +### Fixed - Error: Error executing SQL; psql returned 256: 'could not change directory to "/root" +- fix future parser error [#504](https://github.com/puppetlabs/puppetlabs-postgresql/pull/504) ([steeef](https://github.com/steeef)) -This patch should correct that. +## [4.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/4.0.0) - 2014-09-10 -#### Detail Changes +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/3.4.2...4.0.0) -* Set /tmp as default CWD for postgresql_psql +### Fixed +- Fixes the accidental erasing of pg_ident.conf [#464](https://github.com/puppetlabs/puppetlabs-postgresql/pull/464) ([txaj](https://github.com/txaj)) -##2.2.0 +## [3.4.2](https://github.com/puppetlabs/puppetlabs-postgresql/tree/3.4.2) - 2014-08-06 -This feature release introduces a number of new features and bug fixes. +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/3.4.1...3.4.2) -First of all it includes a new class named `postgresql::python` which provides you with a convenient way of install the python Postgresql client libraries. +## [3.4.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/3.4.1) - 2014-07-21 - class { 'postgresql::python': - } +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/3.4.0...3.4.1) -You are now able to use `postgresql::database_user` without having to specify a password_hash, useful for different authentication mechanisms that do not need passwords (ie. cert, local etc.). +## [3.4.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/3.4.0) - 2014-07-09 -We've also provided a lot more advanced custom parameters now for greater control of your Postgresql installation. Consult the class documentation for PuppetDB in the README. +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/3.3.3...3.4.0) -This release in particular has largely been contributed by the community members below, a big thanks to one and all. +### Added -#### Detailed Changes +- postgis support [#280](https://github.com/puppetlabs/puppetlabs-postgresql/pull/280) ([kitchen](https://github.com/kitchen)) -* Add support for psycopg installation (Flaper Fesp and Dan Prince) -* Added default PostgreSQL version for Ubuntu 13.04 (Kamil Szymanski) -* Add ability to create users without a password (Bruno Harbulot) -* Three Puppet 2.6 fixes (Dominic Cleal) -* Add explicit call to concat::setup when creating concat file (Dominic Cleal) -* Fix readme typo (Jordi Boggiano) -* Update postgres_default_version for Ubuntu (Kamil Szymanski) -* Allow to set connection for noew role (Kamil Szymanski) -* Fix pg_hba_rule for postgres local access (Kamil Szymanski) -* Fix versions for travis-ci (Ken Barber) -* Add replication support (Jordi Boggiano) -* Cleaned up and added unit tests (Ken Barber) -* Generalization to provide more flexability in postgresql configuration (Karel Brezina) -* Create dependent directory for sudoers so tests work on Centos 5 (Ken Barber) -* Allow SQL commands to be run against a specific DB (Carlos Villela) -* Drop trailing comma to support Puppet 2.6 (Michael Arnold) +### Fixed +- This corrects the location of the pg_hba config file on debian oses in tests [#440](https://github.com/puppetlabs/puppetlabs-postgresql/pull/440) ([justinstoller](https://github.com/justinstoller)) +- Fix trailing }. [#436](https://github.com/puppetlabs/puppetlabs-postgresql/pull/436) ([apenney](https://github.com/apenney)) +- Fix postgresql_conf quote logic [#297](https://github.com/puppetlabs/puppetlabs-postgresql/pull/297) ([reidmv](https://github.com/reidmv)) -##2.1.1 +## [3.3.3](https://github.com/puppetlabs/puppetlabs-postgresql/tree/3.3.3) - 2014-03-06 +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/3.3.2...3.3.3) -This release provides a bug fix for RHEL 5 and Centos 5 systems, or specifically systems using PostgreSQL 8.1 or older. On those systems one would have received the error: +## [3.3.2](https://github.com/puppetlabs/puppetlabs-postgresql/tree/3.3.2) - 2014-03-03 - Error: Could not start Service[postgresqld]: Execution of ‘/sbin/service postgresql start’ returned 1: +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/3.3.1...3.3.2) -And the postgresql log entry: +## [3.3.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/3.3.1) - 2014-02-12 - FATAL: unrecognized configuration parameter "include" +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/3.3.0...3.3.1) -This bug is due to a new feature we had added in 2.1.0, whereby the `include` directive in `postgresql.conf` was not compatible. As a work-around we have added checks in our code to make sure systems running PostgreSQL 8.1 or older do not have this directive added. +## [3.3.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/3.3.0) - 2014-01-28 -#### Detailed Changes +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/3.2.0...3.3.0) -2013-01-21 - Ken Barber -* Only install `include` directive and included file on PostgreSQL >= 8.2 -* Add system tests for Centos 5 +### Added +- Add support to custom xlogdir parameter [#256](https://github.com/puppetlabs/puppetlabs-postgresql/pull/256) ([mnencia](https://github.com/mnencia)) -##2.1.0 +### Fixed -This release is primarily a feature release, introducing some new helpful constructs to the module. +- Fix typo, clearly from a copy/paste mistake [#347](https://github.com/puppetlabs/puppetlabs-postgresql/pull/347) ([mhagander](https://github.com/mhagander)) +- fix for concat error [#343](https://github.com/puppetlabs/puppetlabs-postgresql/pull/343) ([flypenguin](https://github.com/flypenguin)) +- Fix NOREPLICATION option for Postgres 9.1 [#333](https://github.com/puppetlabs/puppetlabs-postgresql/pull/333) ([brandonwamboldt](https://github.com/brandonwamboldt)) +- Wrong parameter name: manage_pg_conf -> manage_pg_hba_conf [#324](https://github.com/puppetlabs/puppetlabs-postgresql/pull/324) ([aadamovich](https://github.com/aadamovich)) +- Fix table_grant_spec to show a bug [#310](https://github.com/puppetlabs/puppetlabs-postgresql/pull/310) ([mcanevet](https://github.com/mcanevet)) -For starters, we've added the line `include 'postgresql_conf_extras.conf'` by default so extra parameters not managed by the module can be added by other tooling or by Puppet itself. This provides a useful escape-hatch for managing settings that are not currently managed by the module today. +## [3.2.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/3.2.0) - 2013-11-05 -We've added a new defined resource for managing your tablespace, so you can now create new tablespaces using the syntax: +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/3.1.0...3.2.0) - postgresql::tablespace { 'dbspace': - location => '/srv/dbspace', - } +## [3.1.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/3.1.0) - 2013-10-25 -We've added a locale parameter to the `postgresql` class, to provide a default. Also the parameter has been added to the `postgresql::database` and `postgresql::db` defined resources for changing the locale per database: +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/3.0.0...3.1.0) - postgresql::db { 'mydatabase': - user => 'myuser', - password => 'mypassword', - encoding => 'UTF8', - locale => 'en_NG', - } +### Fixed -There is a new class for installing the necessary packages to provide the PostgreSQL JDBC client jars: +- (GH-198) Fix race condition on startup [#292](https://github.com/puppetlabs/puppetlabs-postgresql/pull/292) ([kbarber](https://github.com/kbarber)) - class { 'postgresql::java': } +## [3.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/3.0.0) - 2013-10-16 -And we have a brand new defined resource for managing fine-grained rule sets within your pg_hba.conf access lists: +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/3.0.0-rc3...3.0.0) - postgresql::pg_hba { 'Open up postgresql for access from 200.1.2.0/24': - type => 'host', - database => 'app', - user => 'app', - address => '200.1.2.0/24', - auth_method => 'md5', - } +## [3.0.0-rc3](https://github.com/puppetlabs/puppetlabs-postgresql/tree/3.0.0-rc3) - 2013-10-16 -Finally, we've also added Travis-CI support and unit tests to help us iterate faster with tests to reduce regression. The current URL for these tests is here: https://travis-ci.org/puppetlabs/puppet-postgresql. Instructions on how to run the unit tests available are provided in the README for the module. +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/3.0.0-rc2...3.0.0-rc3) -A big thanks to all those listed below who made this feature release possible :-). +## [3.0.0-rc2](https://github.com/puppetlabs/puppetlabs-postgresql/tree/3.0.0-rc2) - 2013-10-09 -#### Detailed Changes +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/3.0.0-rc1...3.0.0-rc2) -2013-01-18 - Simão Fontes & Flaper Fesp -* Remove trailing commas from params.pp property definition for Puppet 2.6.0 compatibility +## [3.0.0-rc1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/3.0.0-rc1) - 2013-10-02 -2013-01-18 - Lauren Rother -* Updated README.md to conform with best practices template +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/2.5.0...3.0.0-rc1) -2013-01-09 - Adrien Thebo -* Update postgresql_default_version to 9.1 for Debian 7.0 +### Fixed -2013-01-28 - Karel Brezina -* Add support for tablespaces +- Fixing small typos [#248](https://github.com/puppetlabs/puppetlabs-postgresql/pull/248) ([ggeldenhuis](https://github.com/ggeldenhuis)) -2013-01-16 - Chris Price & Karel Brezina -* Provide support for an 'include' config file 'postgresql_conf_extras.conf' that users can modify manually or outside of the module. +## [2.5.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/2.5.0) - 2013-09-09 -2013-01-31 - jv -* Fix typo in README.pp for postgresql::db example +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/2.4.1...2.5.0) -2013-02-03 - Ken Barber -* Add unit tests and travis-ci support +## [2.4.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/2.4.1) - 2013-08-01 -2013-02-02 - Ken Barber -* Add locale parameter support to the 'postgresql' class +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/2.4.0...2.4.1) -2013-01-21 - Michael Arnold -* Add a class for install the packages containing the PostgreSQL JDBC jar +### Fixed -2013-02-06 - fhrbek -* Coding style fixes to reduce warnings in puppet-lint and Geppetto +- (GH-216) Alter role call not idempotent with cleartext passwords [#225](https://github.com/puppetlabs/puppetlabs-postgresql/pull/225) ([kbarber](https://github.com/kbarber)) -2013-02-10 - Ken Barber -* Provide new defined resource for managing pg_hba.conf +## [2.4.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/2.4.0) - 2013-08-01 -2013-02-11 - Ken Barber -* Fix bug with reload of Postgresql on Redhat/Centos +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/2.3.0...2.4.0) -2013-02-15 - Erik Dalén -* Fix more style issues to reduce warnings in puppet-lint and Geppetto +## [2.3.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/2.3.0) - 2013-06-06 -2013-02-15 - Erik Dalén -* Fix case whereby we were modifying a hash after creation +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/2.2.1...2.3.0) +## [2.2.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/2.2.1) - 2013-04-29 -##2.0.1 +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/2.2.0...2.2.1) -Minor bugfix release. +## [2.2.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/2.2.0) - 2013-04-26 -2013-01-16 - Chris Price - * Fix revoke command in database.pp to support postgres 8.1 (43ded42) +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/2.1.1...2.2.0) -2013-01-15 - Jordi Boggiano - * Add support for ubuntu 12.10 status (3504405) +## [2.1.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/2.1.1) - 2013-02-22 -##2.0.0 +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/2.1.0...2.1.1) -Many thanks to the following people who contributed patches to this -release: +## [2.1.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/2.1.0) - 2013-02-20 -* Adrien Thebo -* Albert Koch -* Andreas Ntaflos -* Brett Porter -* Chris Price -* dharwood -* Etienne Pelletier -* Florin Broasca -* Henrik -* Hunter Haugen -* Jari Bakken -* Jordi Boggiano -* Ken Barber -* nzakaria -* Richard Arends -* Spenser Gilliland -* stormcrow -* William Van Hevelingen +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/2.0.1...2.1.0) -Notable features: +## [2.0.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/2.0.1) - 2013-01-30 - * Add support for versions of postgres other than the system default version - (which varies depending on OS distro). This includes optional support for - automatically managing the package repo for the "official" postgres yum/apt - repos. (Major thanks to Etienne Pelletier and - Ken Barber for their tireless efforts and patience on this - feature set!) For example usage see `tests/official-postgresql-repos.pp`. +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/2.0.0...2.0.1) - * Add some support for Debian Wheezy and Ubuntu Quantal +## [2.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/2.0.0) - 2013-01-15 - * Add new `postgres_psql` type with a Ruby provider, to replace the old - exec-based `psql` type. This gives us much more flexibility around - executing SQL statements and controlling their logging / reports output. +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/1.0.0...2.0.0) - * Major refactor of the "spec" tests--which are actually more like - acceptance tests. We now support testing against multiple OS distros - via vagrant, and the framework is in place to allow us to very easily add - more distros. Currently testing against Cent6 and Ubuntu 10.04. +### Added - * Fixed a bug that was preventing multiple databases from being owned by the - same user - (9adcd182f820101f5e4891b9f2ff6278dfad495c - Etienne Pelletier ) +- Defining ACLs in pg_hba.conf [#20](https://github.com/puppetlabs/puppetlabs-postgresql/pull/20) ([dharwood](https://github.com/dharwood)) - * Add support for ACLs for finer-grained control of user/interface access - (b8389d19ad78b4fb66024897097b4ed7db241930 - dharwood ) +### Fixed - * Many other bug fixes and improvements! +- Syntax Error [#55](https://github.com/puppetlabs/puppetlabs-postgresql/pull/55) ([Spenser309](https://github.com/Spenser309)) ---- -##1.0.0 +## [1.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/1.0.0) - 2012-10-24 -2012-09-17 - Version 0.3.0 released +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/release-0.3.0...1.0.0) -2012-09-14 - Chris Price - * Add a type for validating a postgres connection (ce4a049) +## [release-0.3.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/release-0.3.0) - 2012-09-17 -2012-08-25 - Jari Bakken - * Remove trailing commas. (e6af5e5) +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/release-0.2.0...release-0.3.0) -2012-08-16 - Version 0.2.0 released +## [release-0.2.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/release-0.2.0) - 2012-08-16 -[5.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/5.3.0...5.4.0 -[5.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/5.2.1...5.3.0 +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/release-0.0.1...release-0.2.0) +## [release-0.0.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/release-0.0.1) - 2012-05-02 -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/01c9cbeb7c3bd5c7bd067c5d7438df7d34027fbc...release-0.0.1) diff --git a/CODEOWNERS b/CODEOWNERS index a5d109e998..071e159c4e 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,2 +1,2 @@ # Setting ownership to the modules team -* @puppetlabs/modules +* @puppetlabs/modules @alexjfisher @bastelfreak @deric @ekohl @SimonHoenscheid @smortex diff --git a/Gemfile b/Gemfile index 135373d02b..86e337adbc 100644 --- a/Gemfile +++ b/Gemfile @@ -13,22 +13,36 @@ def location_for(place_or_version, fake_version = nil) end end -ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments -minor_version = ruby_version_segments[0..1].join('.') - group :development do - gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 2.8.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] - gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] - gem "puppet-module-win-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "github_changelog_generator", require: false + gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false + gem "facterdb", '~> 1.18', require: false + gem "metadata-json-lint", '~> 3.0', require: false + gem "rspec-puppet-facts", '~> 2.0', require: false + gem "codecov", '~> 0.2', require: false + gem "dependency_checker", '~> 1.0.0', require: false + gem "parallel_tests", '= 3.12.1', require: false + gem "pry", '~> 0.10', require: false + gem "simplecov-console", '~> 0.5', require: false + gem "puppet-debugger", '~> 1.0', require: false + gem "rubocop", '= 1.48.1', require: false + gem "rubocop-performance", '= 1.16.0', require: false + gem "rubocop-rspec", '= 2.19.0', require: false + gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "github_changelog_generator", '= 1.15.2', require: false end group :system_tests do - gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] - gem "puppet-module-win-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] + gem "serverspec", '~> 2.41', require: false +end +group :release_prep do + gem "puppet-strings", '~> 4.0', require: false + gem "puppetlabs_spec_helper", '~> 7.0', require: false end puppet_version = ENV['PUPPET_GEM_VERSION'] diff --git a/README.md b/README.md index 31f2681932..c7189eb025 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ * [Getting started with postgresql](#getting-started-with-postgresql) 3. [Usage - Configuration options and additional functionality](#usage) * [Configure a server](#configure-a-server) + * [Configure an instance](#configure-an-instance) * [Create a database](#create-a-database) * [Manage users, roles, and permissions](#manage-users-roles-and-permissions) * [Manage ownership of DB objects](#manage-ownership-of-db-objects) @@ -15,12 +16,14 @@ * [Create an access rule for pg_hba.conf](#create-an-access-rule-for-pg_hbaconf) * [Create user name maps for pg_ident.conf](#create-user-name-maps-for-pg_identconf) * [Validate connectivity](#validate-connectivity) + * [Backups](#backups) 4. [Reference - An under-the-hood peek at what the module is doing and how](#reference) 5. [Limitations - OS compatibility, etc.](#limitations) -6. [Development - Guide for contributing to the module](#development) +6. [License](#license) +7. [Development - Guide for contributing to the module](#development) * [Contributors - List of module contributors](#contributors) -7. [Tests](#tests) -8. [Contributors - List of module contributors](#contributors) +8. [Tests](#tests) +9. [Contributors - List of module contributors](#contributors) ## Module description @@ -71,6 +74,184 @@ If you get an error message from these commands, your permission settings restri For more details about server configuration parameters, consult the [PostgreSQL Runtime Configuration documentation](http://www.postgresql.org/docs/current/static/runtime-config.html). +### Configure an instance + +This module supports managing multiple instances (the default instance is referred to as 'main' and managed via including the server.pp class) + +**NOTE:** This feature is currently tested on Centos 8 Streams/RHEL8 with DNF Modules enabled. Different Linux plattforms and/or the Postgresql.org +packages distribute different Systemd service files or use wrapper scripts with Systemd to start Postgres. Additional adjustmentments are needed to get this working on these plattforms. + +#### Working Plattforms + +* Centos 8 Streams +* RHEL 8 + +#### Background and example + +creating a new instance has the following advantages: +* files are owned by the postgres user +* instance is running under a different user, if the instance is hacked, the hacker has no access to the file system +* the instance user can be an LDAP user, higher security because of central login monitoring, password policies, password rotation policies +* main instance can be disabled + + +Here is a profile which can be used to create instaces + +```puppet +class profiles::postgres ( + Hash $instances = {}, + String $postgresql_version = '13', +) { + class { 'postgresql::globals': + encoding => 'UTF-8', + locale => 'en_US.UTF-8', + manage_package_repo => false, + manage_dnf_module => true, + needs_initdb => true, + version => $postgresql_version, + } + include postgresql::server + + $instances.each |String $instance, Hash $instance_settings| { + postgresql::server_instance { $instance: + * => $instance_settings, + } + } +} +``` + +And here is data to create an instance called test1: + +```yaml +# stop default main instance +postgresql::server::service_ensure: "stopped" +postgresql::server::service_enable: false + +#define an instance +profiles::postgres::instances: + test1: + instance_user: "ins_test1" + instance_group: "ins_test1" + instance_directories: + "/opt/pgsql": + ensure: directory + "/opt/pgsql/backup": + ensure: directory + "/opt/pgsql/data": + ensure: directory + "/opt/pgsql/data/13": + ensure: directory + "/opt/pgsql/data/home": + ensure: directory + "/opt/pgsql/wal": + ensure: directory + "/opt/pgsql/log": + ensure: directory + "/opt/pgsql/log/13": + ensure: directory + "/opt/pgsql/log/13/test1": + ensure: directory + config_settings: + pg_hba_conf_path: "/opt/pgsql/data/13/test1/pg_hba.conf" + postgresql_conf_path: "/opt/pgsql/data/13/test1/postgresql.conf" + pg_ident_conf_path: "/opt/pgsql/data/13/test1/pg_ident.conf" + datadir: "/opt/pgsql/data/13/test1" + service_name: "postgresql@13-test1" + port: 5433 + pg_hba_conf_defaults: false + service_settings: + service_name: "postgresql@13-test1" + service_status: "systemctl status postgresql@13-test1.service" + service_ensure: "running" + service_enable: true + initdb_settings: + auth_local: "peer" + auth_host: "md5" + needs_initdb: true + datadir: "/opt/pgsql/data/13/test1" + encoding: "UTF-8" + lc_messages: "en_US.UTF8" + locale: "en_US.UTF8" + data_checksums: false + group: "postgres" + user: "postgres" + username: "ins_test1" + config_entries: + authentication_timeout: + value: "1min" + comment: "a test" + log_statement_stats: + value: "off" + autovacuum_vacuum_scale_factor: + value: 0.3 + databases: + testdb1: + encoding: "UTF8" + locale: "en_US.UTF8" + owner: "dba_test1" + testdb2: + encoding: "UTF8" + locale: "en_US.UTF8" + owner: "dba_test1" + roles: + "ins_test1": + superuser: true + login: true + "dba_test1": + createdb: true + login: true + "app_test1": + login: true + "rep_test1": + replication: true + login: true + "rou_test1": + login: true + pg_hba_rules: + "local all INSTANCE user": + type: "local" + database: "all" + user: "ins_test1" + auth_method: "peer" + order: 1 + "local all DB user": + type: "local" + database: "all" + user: "dba_test1" + auth_method: "peer" + order: 2 + "local all APP user": + type: "local" + database: "all" + user: "app_test1" + auth_method: "peer" + order: 3 + "local all READONLY user": + type: "local" + database: "all" + user: "rou_test1" + auth_method: "peer" + order: 4 + "remote all INSTANCE user PGADMIN server": + type: "host" + database: "all" + user: "ins_test1" + address: "192.168.22.131/32" + auth_method: "md5" + order: 5 + "local replication INSTANCE user": + type: "local" + database: "replication" + user: "ins_test1" + auth_method: "peer" + order: 6 + "local replication REPLICATION user": + type: "local" + database: "replication" + user: "rep_test1" + auth_method: "peer" + order: 7 +``` ### Create a database You can set up a variety of PostgreSQL databases with the `postgresql::server::db` defined type. For instance, to set up a database for PuppetDB: @@ -174,11 +355,15 @@ class { 'postgresql::server': ### Manage remote users, roles, and permissions -Remote SQL objects are managed using the same Puppet resources as local SQL objects, along with a [`connect_settings`](#connect_settings) hash. This provides control over how Puppet connects to the remote Postgres instances and which version is used for generating SQL commands. +Remote SQL objects are managed using the same Puppet resources as local SQL objects, along with a `$connect_settings` hash. This provides control over how Puppet connects to the remote Postgres instances and which version is used for generating SQL commands. -The `connect_settings` hash can contain environment variables to control Postgres client connections, such as 'PGHOST', 'PGPORT', 'PGPASSWORD', and 'PGSSLKEY'. See the [PostgreSQL Environment Variables](http://www.postgresql.org/docs/9.4/static/libpq-envars.html) documentation for a complete list of variables. +The `connect_settings` hash can contain environment variables to control Postgres client connections, such as 'PGHOST', 'PGPORT', 'PGPASSWORD', 'PGUSER' and 'PGSSLKEY'. See the [PostgreSQL Environment Variables](https://www.postgresql.org/docs/current/libpq-envars.html) documentation for a complete list of variables. -Additionally, you can specify the target database version with the special value of 'DBVERSION'. If the `connect_settings` hash is omitted or empty, then Puppet connects to the local PostgreSQL instance. +Additionally, you can specify the target database version with the special value of 'DBVERSION'. If the `$connect_settings` hash is omitted or empty, then Puppet connects to the local PostgreSQL instance. + +**The $connect_settings hash has priority over the explicit variables like $port and $user** + +When a user provides only the `$port` parameter to a resource and no `$connect_settings`, `$port` will be used. When `$connect_settings` contains `PGPORT` and `$port` is set, `$connect_settings['PGPORT']` will be used. You can provide a `connect_settings` hash for each of the Puppet resources, or you can set a default `connect_settings` hash in `postgresql::globals`. Configuring `connect_settings` per resource allows SQL objects to be created on multiple databases by multiple users. @@ -321,19 +506,40 @@ postgresql_conn_validator { 'validate my postgres connection': db_username => 'mydbuser', db_password => 'mydbpassword', db_name => 'mydbname', -}-> -exec { 'rake db:migrate': + psql_path => '/usr/bin/psql', +} +-> exec { 'rake db:migrate': cwd => '/opt/myrubyapp', } ``` +### Backups + +This example demonstrates how to configure PostgreSQL backups with "pg_dump". This sets up a daily cron job to perform a full backup. Each backup will create a new directory. A cleanup job will automatically remove backups that are older than 15 days. + +``` +class { 'postgresql::server': + backup_enable => true, + backup_provider => 'pg_dump', + backup_options => { + db_user => 'backupuser', + db_password => 'secret', + manage_user => true, + rotate => 15, + }, + ... +} +``` + +It is possible to set parameter `$ensure` to `absent` in order to remove the backup job, user/role, backup script and password file. However, the actual backup files and directories will remain untouched. + ## Reference For information on the classes and types, see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/REFERENCE.md) ## Limitations -Works with versions of PostgreSQL on supported OSes. +Works with versions of PostgreSQL on supported OSes. For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/metadata.json) @@ -354,6 +560,10 @@ If you have SELinux enabled and you are *not* using the selinux module to manage semanage port -a -t postgresql_port_t -p tcp $customport ``` +## License + +This codebase is licensed under the Apache2.0 licensing, however due to the nature of the codebase the open source dependencies may also use a combination of [AGPL](https://opensource.org/license/agpl-v3/), [BSD-2](https://opensource.org/license/bsd-2-clause/), [BSD-3](https://opensource.org/license/bsd-3-clause/), [GPL2.0](https://opensource.org/license/gpl-2-0/), [LGPL](https://opensource.org/license/lgpl-3-0/), [MIT](https://opensource.org/license/mit/) and [MPL](https://opensource.org/license/mpl-2-0/) Licensing. + ## Development Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. For more information, see our [module contribution guide](https://puppet.com/docs/puppet/latest/contributing.html). @@ -379,8 +589,6 @@ And then run the unit tests: bundle exec rake spec ``` -The unit tests are run in Travis-CI as well. If you want to see the results of your own tests, register the service hook through Travis-CI via the accounts section for your GitHub clone of this project. - To run the system tests, make sure you also have: * Vagrant > 1.2.x diff --git a/REFERENCE.md b/REFERENCE.md index 97ac48ec72..45c57daaa2 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -8,21 +8,22 @@ #### Public Classes -* [`postgresql::client`](#postgresqlclient): Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install. -* [`postgresql::globals`](#postgresqlglobals): Class for setting cross-class global overrides. -* [`postgresql::lib::devel`](#postgresqllibdevel): This class installs postgresql development libraries. -* [`postgresql::lib::docs`](#postgresqllibdocs): Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install. -* [`postgresql::lib::java`](#postgresqllibjava): This class installs the postgresql jdbc connector. -* [`postgresql::lib::perl`](#postgresqllibperl): This class installs the perl libs for postgresql. -* [`postgresql::lib::python`](#postgresqllibpython): This class installs the python libs for postgresql. -* [`postgresql::server`](#postgresqlserver): This installs a PostgreSQL server -* [`postgresql::server::contrib`](#postgresqlservercontrib): Install the contrib postgresql packaging. -* [`postgresql::server::plperl`](#postgresqlserverplperl): This class installs the PL/Perl procedural language for postgresql. -* [`postgresql::server::plpython`](#postgresqlserverplpython): This class installs the PL/Python procedural language for postgresql. -* [`postgresql::server::postgis`](#postgresqlserverpostgis): Install the postgis postgresql packaging. +* [`postgresql::client`](#postgresql--client): Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install. +* [`postgresql::globals`](#postgresql--globals): Class for setting cross-class global overrides. +* [`postgresql::lib::devel`](#postgresql--lib--devel): This class installs postgresql development libraries. +* [`postgresql::lib::docs`](#postgresql--lib--docs): Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install. +* [`postgresql::lib::java`](#postgresql--lib--java): This class installs the postgresql jdbc connector. +* [`postgresql::lib::perl`](#postgresql--lib--perl): This class installs the perl libs for postgresql. +* [`postgresql::lib::python`](#postgresql--lib--python): This class installs the python libs for postgresql. +* [`postgresql::server`](#postgresql--server): This installs a PostgreSQL server +* [`postgresql::server::contrib`](#postgresql--server--contrib): Install the contrib postgresql packaging. +* [`postgresql::server::plperl`](#postgresql--server--plperl): This class installs the PL/Perl procedural language for postgresql. +* [`postgresql::server::plpython`](#postgresql--server--plpython): This class installs the PL/Python procedural language for postgresql. +* [`postgresql::server::postgis`](#postgresql--server--postgis): Install the postgis postgresql packaging. #### Private Classes +* `postgresql::backup::pg_dump`: "Provider" for pg_dump backup * `postgresql::dnfmodule`: Manage the DNF module * `postgresql::params` * `postgresql::repo` @@ -38,23 +39,35 @@ ### Defined types -* [`postgresql::server::config_entry`](#postgresqlserverconfig_entry): Manage a postgresql.conf entry. -* [`postgresql::server::database`](#postgresqlserverdatabase): Define for creating a database. -* [`postgresql::server::database_grant`](#postgresqlserverdatabase_grant): Manage a database grant. -* [`postgresql::server::db`](#postgresqlserverdb): Define for conveniently creating a role, database and assigning the correctpermissions. -* [`postgresql::server::default_privileges`](#postgresqlserverdefault_privileges): Manage a database defaults privileges. Only works with PostgreSQL version 9.6 and above. -* [`postgresql::server::extension`](#postgresqlserverextension): Activate an extension on a postgresql database. -* [`postgresql::server::grant`](#postgresqlservergrant): Define for granting permissions to roles. -* [`postgresql::server::grant_role`](#postgresqlservergrant_role): Define for granting membership to a role. -* [`postgresql::server::pg_hba_rule`](#postgresqlserverpg_hba_rule): This resource manages an individual rule that applies to the file defined in target. -* [`postgresql::server::pg_ident_rule`](#postgresqlserverpg_ident_rule): This resource manages an individual rule that applies to the file defined in target. -* [`postgresql::server::reassign_owned_by`](#postgresqlserverreassign_owned_by): Define for reassigning the ownership of objects within a database. -* [`postgresql::server::recovery`](#postgresqlserverrecovery): This resource manages the parameters that applies to the recovery.conf template. -* [`postgresql::server::role`](#postgresqlserverrole): Define for creating a database role. -* [`postgresql::server::schema`](#postgresqlserverschema): Create a new schema. -* [`postgresql::server::table_grant`](#postgresqlservertable_grant): This resource wraps the grant resource to manage table grants specifically. -* [`postgresql::server::tablespace`](#postgresqlservertablespace): This module creates tablespace. -* [`postgresql::validate_db_connection`](#postgresqlvalidate_db_connection): This type validates that a successful postgres connection. +#### Public Defined types + +* [`postgresql::server::config_entry`](#postgresql--server--config_entry): Manage a postgresql.conf entry. +* [`postgresql::server::database`](#postgresql--server--database): Define for creating a database. +* [`postgresql::server::database_grant`](#postgresql--server--database_grant): Manage a database grant. +* [`postgresql::server::db`](#postgresql--server--db): Define for conveniently creating a role, database and assigning the correct permissions. +* [`postgresql::server::default_privileges`](#postgresql--server--default_privileges): Manage a database defaults privileges. Only works with PostgreSQL version 9.6 and above. +* [`postgresql::server::extension`](#postgresql--server--extension): Activate an extension on a postgresql database. +* [`postgresql::server::grant`](#postgresql--server--grant): Define for granting permissions to roles. +* [`postgresql::server::grant_role`](#postgresql--server--grant_role): Define for granting membership to a role. +* [`postgresql::server::instance::config`](#postgresql--server--instance--config): Manages the config for a postgresql::server instance +* [`postgresql::server::instance::initdb`](#postgresql--server--instance--initdb): Manages initdb feature for a postgresql::server instance +* [`postgresql::server::instance::late_initdb`](#postgresql--server--instance--late_initdb): Manage the default encoding when database initialization is managed by the package +* [`postgresql::server::instance::passwd`](#postgresql--server--instance--passwd): Overrides the default PostgreSQL superuser +* [`postgresql::server::instance::reload`](#postgresql--server--instance--reload): Overrides the default reload or status command for your PostgreSQL service +* [`postgresql::server::instance::service`](#postgresql--server--instance--service): Manages the service for the postgres main instance (default) or additional instances +* [`postgresql::server::pg_hba_rule`](#postgresql--server--pg_hba_rule): This resource manages an individual rule that applies to the file defined in target. +* [`postgresql::server::pg_ident_rule`](#postgresql--server--pg_ident_rule): This resource manages an individual rule that applies to the file defined in target. +* [`postgresql::server::reassign_owned_by`](#postgresql--server--reassign_owned_by): Define for reassigning the ownership of objects within a database. +* [`postgresql::server::recovery`](#postgresql--server--recovery): This resource manages the parameters that applies to the recovery.conf template. +* [`postgresql::server::role`](#postgresql--server--role): Define for creating a database role. +* [`postgresql::server::schema`](#postgresql--server--schema): Create a new schema. +* [`postgresql::server::table_grant`](#postgresql--server--table_grant): This resource wraps the grant resource to manage table grants specifically. +* [`postgresql::server::tablespace`](#postgresql--server--tablespace): This module creates tablespace. +* [`postgresql::server_instance`](#postgresql--server_instance): define to install and manage additional postgresql instances + +#### Private Defined types + +* `postgresql::server::instance::systemd`: This define handles systemd drop-in files for the postgres main instance (default) or additional instances ### Resource types @@ -67,9 +80,10 @@ #### Public Functions -* [`postgresql::default`](#postgresqldefault): This function pull default values from the `params` class or `globals` class if the value is not present in `params`. -* [`postgresql::postgresql_escape`](#postgresqlpostgresql_escape): This function escapes a string using [Dollar Quoting](https://www.postgresql.org/docs/12/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING) using a randomly generated tag if required. -* [`postgresql::postgresql_password`](#postgresqlpostgresql_password): This function returns the postgresql password hash from the clear text username / password +* [`postgresql::default`](#postgresql--default): This function pull default values from the `params` class or `globals` class if the value is not present in `params`. +* [`postgresql::postgresql_escape`](#postgresql--postgresql_escape): This function escapes a string using [Dollar Quoting](https://www.postgresql.org/docs/12/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING) using a randomly generated tag if required. +* [`postgresql::postgresql_password`](#postgresql--postgresql_password): This function returns the postgresql password hash from the clear text username / password +* [`postgresql::prepend_sql_password`](#postgresql--prepend_sql_password): This function exists for usage of a role password that is a deferred function * [`postgresql_escape`](#postgresql_escape): DEPRECATED. Use the namespaced function [`postgresql::postgresql_escape`](#postgresqlpostgresql_escape) instead. * [`postgresql_password`](#postgresql_password): DEPRECATED. Use the namespaced function [`postgresql::postgresql_password`](#postgresqlpostgresql_password) instead. @@ -77,13 +91,21 @@ * `postgresql::postgresql_acls_to_resources_hash`: This internal function translates the ipv(4|6)acls format into a resource suitable for create_resources. +### Data types + +* [`Postgresql::Pg_hba_rule`](#Postgresql--Pg_hba_rule): type for all parameters in the postgresql::server::hba_rule defined resource +* [`Postgresql::Pg_hba_rule_address`](#Postgresql--Pg_hba_rule_address): Supported address types +* [`Postgresql::Pg_hba_rule_type`](#Postgresql--Pg_hba_rule_type): enum for all different types for the pg_hba_conf +* [`Postgresql::Pg_hba_rules`](#Postgresql--Pg_hba_rules): validates a hash of entries for postgresql::server::pg_hab_conf +* [`Postgresql::Pg_password_encryption`](#Postgresql--Pg_password_encryption): the supported password_encryption + ### Tasks * [`sql`](#sql): Allows you to execute arbitary SQL ## Classes -### `postgresql::client` +### `postgresql::client` Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install. @@ -93,12 +115,12 @@ Installs PostgreSQL client software. Set the following parameters if you have a The following parameters are available in the `postgresql::client` class: -* [`file_ensure`](#file_ensure) -* [`validcon_script_path`](#validcon_script_path) -* [`package_name`](#package_name) -* [`package_ensure`](#package_ensure) +* [`file_ensure`](#-postgresql--client--file_ensure) +* [`validcon_script_path`](#-postgresql--client--validcon_script_path) +* [`package_name`](#-postgresql--client--package_name) +* [`package_ensure`](#-postgresql--client--package_ensure) -##### `file_ensure` +##### `file_ensure` Data type: `Enum['file', 'absent']` @@ -106,7 +128,7 @@ Ensure the connection validation script is present Default value: `'file'` -##### `validcon_script_path` +##### `validcon_script_path` Data type: `Stdlib::Absolutepath` @@ -114,7 +136,7 @@ Optional. Absolute path for the postgresql connection validation script. Default value: `$postgresql::params::validcon_script_path` -##### `package_name` +##### `package_name` Data type: `String[1]` @@ -122,534 +144,530 @@ Sets the name of the PostgreSQL client package. Default value: `$postgresql::params::client_package_name` -##### `package_ensure` +##### `package_ensure` -Data type: `String[1]` +Data type: `Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]` Ensure the client package is installed Default value: `'present'` -### `postgresql::globals` +### `postgresql::globals` Class for setting cross-class global overrides. * **Note** Most server-specific defaults should be overridden in the postgresql::server class. -This class should be used only if you are using a non-standard OS, or if you are changing elements that can only be changed here, such as version or manage_package_repo. +This class should be used only if you are using a non-standard OS, or if you are changing elements that can only be changed here, such +as version or manage_package_repo. #### Parameters The following parameters are available in the `postgresql::globals` class: -* [`client_package_name`](#client_package_name) -* [`server_package_name`](#server_package_name) -* [`contrib_package_name`](#contrib_package_name) -* [`devel_package_name`](#devel_package_name) -* [`java_package_name`](#java_package_name) -* [`docs_package_name`](#docs_package_name) -* [`perl_package_name`](#perl_package_name) -* [`plperl_package_name`](#plperl_package_name) -* [`plpython_package_name`](#plpython_package_name) -* [`python_package_name`](#python_package_name) -* [`postgis_package_name`](#postgis_package_name) -* [`service_name`](#service_name) -* [`service_provider`](#service_provider) -* [`service_status`](#service_status) -* [`default_database`](#default_database) -* [`validcon_script_path`](#validcon_script_path) -* [`initdb_path`](#initdb_path) -* [`createdb_path`](#createdb_path) -* [`psql_path`](#psql_path) -* [`pg_hba_conf_path`](#pg_hba_conf_path) -* [`pg_ident_conf_path`](#pg_ident_conf_path) -* [`postgresql_conf_path`](#postgresql_conf_path) -* [`postgresql_conf_mode`](#postgresql_conf_mode) -* [`recovery_conf_path`](#recovery_conf_path) -* [`default_connect_settings`](#default_connect_settings) -* [`pg_hba_conf_defaults`](#pg_hba_conf_defaults) -* [`datadir`](#datadir) -* [`confdir`](#confdir) -* [`bindir`](#bindir) -* [`xlogdir`](#xlogdir) -* [`logdir`](#logdir) -* [`log_line_prefix`](#log_line_prefix) -* [`user`](#user) -* [`group`](#group) -* [`version`](#version) -* [`postgis_version`](#postgis_version) -* [`repo_proxy`](#repo_proxy) -* [`repo_baseurl`](#repo_baseurl) -* [`yum_repo_commonurl`](#yum_repo_commonurl) -* [`needs_initdb`](#needs_initdb) -* [`encoding`](#encoding) -* [`locale`](#locale) -* [`data_checksums`](#data_checksums) -* [`timezone`](#timezone) -* [`manage_pg_hba_conf`](#manage_pg_hba_conf) -* [`manage_pg_ident_conf`](#manage_pg_ident_conf) -* [`manage_recovery_conf`](#manage_recovery_conf) -* [`manage_postgresql_conf_perms`](#manage_postgresql_conf_perms) -* [`manage_datadir`](#manage_datadir) -* [`manage_logdir`](#manage_logdir) -* [`manage_xlogdir`](#manage_xlogdir) -* [`manage_package_repo`](#manage_package_repo) -* [`manage_dnf_module`](#manage_dnf_module) -* [`module_workdir`](#module_workdir) -* [`manage_selinux`](#manage_selinux) - -##### `client_package_name` +* [`client_package_name`](#-postgresql--globals--client_package_name) +* [`server_package_name`](#-postgresql--globals--server_package_name) +* [`contrib_package_name`](#-postgresql--globals--contrib_package_name) +* [`devel_package_name`](#-postgresql--globals--devel_package_name) +* [`java_package_name`](#-postgresql--globals--java_package_name) +* [`docs_package_name`](#-postgresql--globals--docs_package_name) +* [`perl_package_name`](#-postgresql--globals--perl_package_name) +* [`plperl_package_name`](#-postgresql--globals--plperl_package_name) +* [`plpython_package_name`](#-postgresql--globals--plpython_package_name) +* [`python_package_name`](#-postgresql--globals--python_package_name) +* [`postgis_package_name`](#-postgresql--globals--postgis_package_name) +* [`service_name`](#-postgresql--globals--service_name) +* [`service_provider`](#-postgresql--globals--service_provider) +* [`service_status`](#-postgresql--globals--service_status) +* [`default_database`](#-postgresql--globals--default_database) +* [`validcon_script_path`](#-postgresql--globals--validcon_script_path) +* [`initdb_path`](#-postgresql--globals--initdb_path) +* [`psql_path`](#-postgresql--globals--psql_path) +* [`pg_hba_conf_path`](#-postgresql--globals--pg_hba_conf_path) +* [`pg_ident_conf_path`](#-postgresql--globals--pg_ident_conf_path) +* [`postgresql_conf_path`](#-postgresql--globals--postgresql_conf_path) +* [`postgresql_conf_mode`](#-postgresql--globals--postgresql_conf_mode) +* [`recovery_conf_path`](#-postgresql--globals--recovery_conf_path) +* [`default_connect_settings`](#-postgresql--globals--default_connect_settings) +* [`pg_hba_conf_defaults`](#-postgresql--globals--pg_hba_conf_defaults) +* [`datadir`](#-postgresql--globals--datadir) +* [`confdir`](#-postgresql--globals--confdir) +* [`bindir`](#-postgresql--globals--bindir) +* [`xlogdir`](#-postgresql--globals--xlogdir) +* [`logdir`](#-postgresql--globals--logdir) +* [`log_line_prefix`](#-postgresql--globals--log_line_prefix) +* [`user`](#-postgresql--globals--user) +* [`group`](#-postgresql--globals--group) +* [`version`](#-postgresql--globals--version) +* [`postgis_version`](#-postgresql--globals--postgis_version) +* [`repo_proxy`](#-postgresql--globals--repo_proxy) +* [`repo_baseurl`](#-postgresql--globals--repo_baseurl) +* [`yum_repo_commonurl`](#-postgresql--globals--yum_repo_commonurl) +* [`needs_initdb`](#-postgresql--globals--needs_initdb) +* [`encoding`](#-postgresql--globals--encoding) +* [`locale`](#-postgresql--globals--locale) +* [`data_checksums`](#-postgresql--globals--data_checksums) +* [`timezone`](#-postgresql--globals--timezone) +* [`manage_pg_hba_conf`](#-postgresql--globals--manage_pg_hba_conf) +* [`manage_pg_ident_conf`](#-postgresql--globals--manage_pg_ident_conf) +* [`manage_recovery_conf`](#-postgresql--globals--manage_recovery_conf) +* [`manage_postgresql_conf_perms`](#-postgresql--globals--manage_postgresql_conf_perms) +* [`manage_selinux`](#-postgresql--globals--manage_selinux) +* [`manage_datadir`](#-postgresql--globals--manage_datadir) +* [`manage_logdir`](#-postgresql--globals--manage_logdir) +* [`manage_xlogdir`](#-postgresql--globals--manage_xlogdir) +* [`manage_package_repo`](#-postgresql--globals--manage_package_repo) +* [`manage_dnf_module`](#-postgresql--globals--manage_dnf_module) +* [`module_workdir`](#-postgresql--globals--module_workdir) + +##### `client_package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL client package name. -Default value: ``undef`` +Default value: `undef` -##### `server_package_name` +##### `server_package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL server package name. -Default value: ``undef`` +Default value: `undef` -##### `contrib_package_name` +##### `contrib_package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL contrib package name. -Default value: ``undef`` +Default value: `undef` -##### `devel_package_name` +##### `devel_package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL devel package name. -Default value: ``undef`` +Default value: `undef` -##### `java_package_name` +##### `java_package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL java package name. -Default value: ``undef`` +Default value: `undef` -##### `docs_package_name` +##### `docs_package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL docs package name. -Default value: ``undef`` +Default value: `undef` -##### `perl_package_name` +##### `perl_package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL Perl package name. -Default value: ``undef`` +Default value: `undef` -##### `plperl_package_name` +##### `plperl_package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL PL/Perl package name. -Default value: ``undef`` +Default value: `undef` -##### `plpython_package_name` +##### `plpython_package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL PL/Python package name. -Default value: ``undef`` +Default value: `undef` -##### `python_package_name` +##### `python_package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL Python package name. -Default value: ``undef`` +Default value: `undef` -##### `postgis_package_name` +##### `postgis_package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL PostGIS package name. -Default value: ``undef`` +Default value: `undef` -##### `service_name` +##### `service_name` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL service name. -Default value: ``undef`` +Default value: `undef` -##### `service_provider` +##### `service_provider` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL service provider. -Default value: ``undef`` +Default value: `undef` -##### `service_status` +##### `service_status` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default status check command for your PostgreSQL service. -Default value: ``undef`` +Default value: `undef` -##### `default_database` +##### `default_database` -Data type: `Any` +Data type: `Optional[String[1]]` Specifies the name of the default database to connect with. -Default value: ``undef`` +Default value: `undef` -##### `validcon_script_path` +##### `validcon_script_path` -Data type: `Any` +Data type: `Optional[String[1]]` Scipt path for the connection validation check. -Default value: ``undef`` +Default value: `undef` -##### `initdb_path` +##### `initdb_path` -Data type: `Any` +Data type: `Optional[Stdlib::Absolutepath]` Path to the initdb command. -Default value: ``undef`` - -##### `createdb_path` - -Data type: `Any` - -Deprecated. Path to the createdb command. +Default value: `undef` -Default value: ``undef`` +##### `psql_path` -##### `psql_path` - -Data type: `Any` +Data type: `Optional[Stdlib::Absolutepath]` Sets the path to the psql command. -Default value: ``undef`` +Default value: `undef` -##### `pg_hba_conf_path` +##### `pg_hba_conf_path` -Data type: `Any` +Data type: `Optional[Stdlib::Absolutepath]` Specifies the path to your pg_hba.conf file. -Default value: ``undef`` +Default value: `undef` -##### `pg_ident_conf_path` +##### `pg_ident_conf_path` -Data type: `Any` +Data type: `Optional[Stdlib::Absolutepath]` Specifies the path to your pg_ident.conf file. -Default value: ``undef`` +Default value: `undef` -##### `postgresql_conf_path` +##### `postgresql_conf_path` -Data type: `Any` +Data type: `Optional[Stdlib::Absolutepath]` Sets the path to your postgresql.conf file. -Default value: ``undef`` +Default value: `undef` -##### `postgresql_conf_mode` +##### `postgresql_conf_mode` Data type: `Optional[Stdlib::Filemode]` Sets the mode of your postgresql.conf file. Only relevant if manage_postgresql_conf_perms is true. -Default value: ``undef`` +Default value: `undef` -##### `recovery_conf_path` +##### `recovery_conf_path` -Data type: `Any` +Data type: `Optional[Stdlib::Absolutepath]` Path to your recovery.conf file. -Default value: ``undef`` +Default value: `undef` -##### `default_connect_settings` +##### `default_connect_settings` -Data type: `Any` +Data type: `Hash` Default connection settings. Default value: `{}` -##### `pg_hba_conf_defaults` +##### `pg_hba_conf_defaults` -Data type: `Any` +Data type: `Optional[Boolean]` Disables the defaults supplied with the module for pg_hba.conf if set to false. -Default value: ``undef`` +Default value: `undef` -##### `datadir` +##### `datadir` -Data type: `Any` +Data type: `Optional[Stdlib::Absolutepath]` Overrides the default PostgreSQL data directory for the target platform. Changing the datadir after installation causes the server to come to a full stop before making the change. For Red Hat systems, the data directory must be labeled appropriately for SELinux. -On Ubuntu, you must explicitly set needs_initdb = true to allow Puppet to initialize the database in the new datadir (needs_initdb defaults to true on other systems). -Warning! If datadir is changed from the default, Puppet does not manage purging of the original data directory, which causes it to fail if the data directory is changed back to the original +On Ubuntu, you must explicitly set needs_initdb = true to allow Puppet to initialize the database in the new datadir (needs_initdb +defaults to true on other systems). +Warning! If datadir is changed from the default, Puppet does not manage purging of the original data directory, which causes it to fail +if the data directory is changed back to the original -Default value: ``undef`` +Default value: `undef` -##### `confdir` +##### `confdir` -Data type: `Any` +Data type: `Optional[Stdlib::Absolutepath]` Overrides the default PostgreSQL configuration directory for the target platform. -Default value: ``undef`` +Default value: `undef` -##### `bindir` +##### `bindir` -Data type: `Any` +Data type: `Optional[Stdlib::Absolutepath]` Overrides the default PostgreSQL binaries directory for the target platform. -Default value: ``undef`` +Default value: `undef` -##### `xlogdir` +##### `xlogdir` -Data type: `Any` +Data type: `Optional[Stdlib::Absolutepath]` Overrides the default PostgreSQL xlog directory. -Default value: ``undef`` +Default value: `undef` -##### `logdir` +##### `logdir` -Data type: `Any` +Data type: `Optional[Stdlib::Absolutepath]` Overrides the default PostgreSQL log directory. -Default value: ``undef`` +Default value: `undef` -##### `log_line_prefix` +##### `log_line_prefix` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL log prefix. -Default value: ``undef`` +Default value: `undef` -##### `user` +##### `user` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. -Default value: ``undef`` +Default value: `undef` -##### `group` +##### `group` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default postgres user group to be used for related files in the file system. -Default value: ``undef`` +Default value: `undef` -##### `version` +##### `version` -Data type: `Any` +Data type: `Optional[String[1]]` The version of PostgreSQL to install and manage. -Default value: ``undef`` +Default value: `undef` -##### `postgis_version` +##### `postgis_version` -Data type: `Any` +Data type: `Optional[String[1]]` Defines the version of PostGIS to install, if you install PostGIS. -Default value: ``undef`` +Default value: `undef` -##### `repo_proxy` +##### `repo_proxy` -Data type: `Any` +Data type: `Optional[String[1]]` Sets the proxy option for the official PostgreSQL yum-repositories only. -Default value: ``undef`` +Default value: `undef` -##### `repo_baseurl` +##### `repo_baseurl` -Data type: `Any` +Data type: `Optional[String[1]]` Sets the baseurl for the PostgreSQL repository. Useful if you host your own mirror of the repository. -Default value: ``undef`` +Default value: `undef` -##### `yum_repo_commonurl` +##### `yum_repo_commonurl` -Data type: `Any` +Data type: `Optional[String[1]]` Sets the url for the PostgreSQL common Yum repository. Useful if you host your own mirror of the YUM repository. -Default value: ``undef`` +Default value: `undef` -##### `needs_initdb` +##### `needs_initdb` -Data type: `Any` +Data type: `Optional[Boolean]` Explicitly calls the initdb operation after the server package is installed and before the PostgreSQL service is started. -Default value: ``undef`` +Default value: `undef` -##### `encoding` +##### `encoding` -Data type: `Any` +Data type: `Optional[String[1]]` Sets the default encoding for all databases created with this module. -On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well. +On certain operating systems, this is also used during the template1 initialization, +so it becomes a default outside of the module as well. -Default value: ``undef`` +Default value: `undef` -##### `locale` +##### `locale` -Data type: `Any` +Data type: `Optional[String[1]]` Sets the default database locale for all databases created with this module. -On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well. +On certain operating systems, this is also used during the template1 initialization, +so it becomes a default outside of the module as well. On Debian, you'll need to ensure that the 'locales-all' package is installed for full functionality of PostgreSQL. -Default value: ``undef`` +Default value: `undef` -##### `data_checksums` +##### `data_checksums` -Data type: `Any` +Data type: `Optional[Boolean]` Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. Warning: This option is used during initialization by initdb, and cannot be changed later. -Default value: ``undef`` +Default value: `undef` -##### `timezone` +##### `timezone` -Data type: `Any` +Data type: `Optional[String[1]]` Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information. -Default value: ``undef`` +Default value: `undef` -##### `manage_pg_hba_conf` +##### `manage_pg_hba_conf` -Data type: `Any` +Data type: `Optional[Boolean]` Allow Puppet to manage the pg_hba.conf file. -Default value: ``undef`` +Default value: `undef` -##### `manage_pg_ident_conf` +##### `manage_pg_ident_conf` -Data type: `Any` +Data type: `Optional[Boolean]` Allow Puppet to manage the pg_ident.conf file. -Default value: ``undef`` +Default value: `undef` -##### `manage_recovery_conf` +##### `manage_recovery_conf` -Data type: `Any` +Data type: `Optional[Boolean]` Allow Puppet to manage the recovery.conf file. -Default value: ``undef`` +Default value: `undef` -##### `manage_postgresql_conf_perms` +##### `manage_postgresql_conf_perms` -Data type: `Any` +Data type: `Optional[Boolean]` Whether to manage the postgresql conf file permissions. This means owner, group and mode. Contents are not managed but should be managed through postgresql::server::config_entry. -Default value: ``undef`` +Default value: `undef` -##### `manage_datadir` +##### `manage_selinux` -Data type: `Any` +Data type: `Optional[Boolean]` + +Allows Puppet to manage the appropriate configuration file for selinux. + +Default value: `undef` + +##### `manage_datadir` + +Data type: `Optional[Boolean]` Set to false if you have file{ $datadir: } already defined -Default value: ``undef`` +Default value: `undef` -##### `manage_logdir` +##### `manage_logdir` -Data type: `Any` +Data type: `Optional[Boolean]` Set to false if you have file{ $logdir: } already defined -Default value: ``undef`` +Default value: `undef` -##### `manage_xlogdir` +##### `manage_xlogdir` -Data type: `Any` +Data type: `Optional[Boolean]` Set to false if you have file{ $xlogdir: } already defined -Default value: ``undef`` +Default value: `undef` -##### `manage_package_repo` +##### `manage_package_repo` -Data type: `Any` +Data type: `Optional[Boolean]` Sets up official PostgreSQL repositories on your host if set to true. -Default value: ``undef`` +Default value: `undef` -##### `manage_dnf_module` +##### `manage_dnf_module` Data type: `Boolean` Manage the DNF module. This only makes sense on distributions that use DNF -package manager, such as EL8 or Fedora. It also requires Puppet 5.5.20+ or -Puppet 6.15.0+ since they ship the dnfmodule provider. - -Default value: ``false`` - -##### `module_workdir` +package manager, such as EL8, EL9 or Fedora. -Data type: `Any` - -Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option. - -Default value: ``undef`` - -##### `manage_selinux` +Default value: `false` -Data type: `Any` +##### `module_workdir` +Data type: `Optional[Stdlib::Absolutepath]` +Specifies working directory under which the psql command should be executed. +May need to specify if '/tmp' is on volume mounted with noexec option. -Default value: ``undef`` +Default value: `undef` -### `postgresql::lib::devel` +### `postgresql::lib::devel` This class installs postgresql development libraries. @@ -657,11 +675,11 @@ This class installs postgresql development libraries. The following parameters are available in the `postgresql::lib::devel` class: -* [`package_name`](#package_name) -* [`package_ensure`](#package_ensure) -* [`link_pg_config`](#link_pg_config) +* [`package_name`](#-postgresql--lib--devel--package_name) +* [`package_ensure`](#-postgresql--lib--devel--package_ensure) +* [`link_pg_config`](#-postgresql--lib--devel--link_pg_config) -##### `package_name` +##### `package_name` Data type: `String` @@ -669,23 +687,24 @@ Override devel package name Default value: `$postgresql::params::devel_package_name` -##### `package_ensure` +##### `package_ensure` -Data type: `String[1]` +Data type: `Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]` Ensure the development libraries are installed Default value: `'present'` -##### `link_pg_config` +##### `link_pg_config` Data type: `Boolean` -If the bin directory used by the PostgreSQL page is not /usr/bin or /usr/local/bin, symlinks pg_config from the package's bin dir into usr/bin (not applicable to Debian systems). Set to false to disable this behavior. +If the bin directory used by the PostgreSQL page is not /usr/bin or /usr/local/bin, symlinks pg_config from the package's bin dir +into usr/bin (not applicable to Debian systems). Set to false to disable this behavior. Default value: `$postgresql::params::link_pg_config` -### `postgresql::lib::docs` +### `postgresql::lib::docs` Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install. @@ -695,10 +714,10 @@ Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if The following parameters are available in the `postgresql::lib::docs` class: -* [`package_name`](#package_name) -* [`package_ensure`](#package_ensure) +* [`package_name`](#-postgresql--lib--docs--package_name) +* [`package_ensure`](#-postgresql--lib--docs--package_ensure) -##### `package_name` +##### `package_name` Data type: `String` @@ -706,15 +725,15 @@ Specifies the name of the PostgreSQL docs package. Default value: `$postgresql::params::docs_package_name` -##### `package_ensure` +##### `package_ensure` -Data type: `String[1]` +Data type: `Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]` Whether the PostgreSQL docs package resource should be present. Default value: `'present'` -### `postgresql::lib::java` +### `postgresql::lib::java` This class installs the postgresql jdbc connector. @@ -724,10 +743,10 @@ This class installs the postgresql jdbc connector. The following parameters are available in the `postgresql::lib::java` class: -* [`package_name`](#package_name) -* [`package_ensure`](#package_ensure) +* [`package_name`](#-postgresql--lib--java--package_name) +* [`package_ensure`](#-postgresql--lib--java--package_ensure) -##### `package_name` +##### `package_name` Data type: `String` @@ -735,15 +754,15 @@ Specifies the name of the PostgreSQL java package. Default value: `$postgresql::params::java_package_name` -##### `package_ensure` +##### `package_ensure` -Data type: `String[1]` +Data type: `Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]` Specifies whether the package is present. Default value: `'present'` -### `postgresql::lib::perl` +### `postgresql::lib::perl` This class installs the perl libs for postgresql. @@ -751,10 +770,10 @@ This class installs the perl libs for postgresql. The following parameters are available in the `postgresql::lib::perl` class: -* [`package_name`](#package_name) -* [`package_ensure`](#package_ensure) +* [`package_name`](#-postgresql--lib--perl--package_name) +* [`package_ensure`](#-postgresql--lib--perl--package_ensure) -##### `package_name` +##### `package_name` Data type: `String` @@ -762,15 +781,15 @@ Specifies the name of the PostgreSQL perl package to install. Default value: `$postgresql::params::perl_package_name` -##### `package_ensure` +##### `package_ensure` -Data type: `String[1]` +Data type: `Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]` Ensure the perl libs for postgresql are installed. Default value: `'present'` -### `postgresql::lib::python` +### `postgresql::lib::python` This class installs the python libs for postgresql. @@ -778,10 +797,10 @@ This class installs the python libs for postgresql. The following parameters are available in the `postgresql::lib::python` class: -* [`package_name`](#package_name) -* [`package_ensure`](#package_ensure) +* [`package_name`](#-postgresql--lib--python--package_name) +* [`package_ensure`](#-postgresql--lib--python--package_ensure) -##### `package_name` +##### `package_name` Data type: `String[1]` @@ -789,15 +808,15 @@ The name of the PostgreSQL Python package. Default value: `$postgresql::params::python_package_name` -##### `package_ensure` +##### `package_ensure` -Data type: `String[1]` +Data type: `Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]` Ensure the python libs for postgresql are installed. Default value: `'present'` -### `postgresql::server` +### `postgresql::server` This installs a PostgreSQL server @@ -805,220 +824,234 @@ This installs a PostgreSQL server The following parameters are available in the `postgresql::server` class: -* [`postgres_password`](#postgres_password) -* [`package_name`](#package_name) -* [`package_ensure`](#package_ensure) -* [`plperl_package_name`](#plperl_package_name) -* [`plpython_package_name`](#plpython_package_name) -* [`service_ensure`](#service_ensure) -* [`service_enable`](#service_enable) -* [`service_manage`](#service_manage) -* [`service_name`](#service_name) -* [`service_restart_on_change`](#service_restart_on_change) -* [`service_provider`](#service_provider) -* [`service_reload`](#service_reload) -* [`service_status`](#service_status) -* [`default_database`](#default_database) -* [`default_connect_settings`](#default_connect_settings) -* [`listen_addresses`](#listen_addresses) -* [`port`](#port) -* [`ip_mask_deny_postgres_user`](#ip_mask_deny_postgres_user) -* [`ip_mask_allow_all_users`](#ip_mask_allow_all_users) -* [`ipv4acls`](#ipv4acls) -* [`ipv6acls`](#ipv6acls) -* [`initdb_path`](#initdb_path) -* [`createdb_path`](#createdb_path) -* [`psql_path`](#psql_path) -* [`pg_hba_conf_path`](#pg_hba_conf_path) -* [`pg_ident_conf_path`](#pg_ident_conf_path) -* [`postgresql_conf_path`](#postgresql_conf_path) -* [`postgresql_conf_mode`](#postgresql_conf_mode) -* [`recovery_conf_path`](#recovery_conf_path) -* [`datadir`](#datadir) -* [`xlogdir`](#xlogdir) -* [`logdir`](#logdir) -* [`log_line_prefix`](#log_line_prefix) -* [`pg_hba_conf_defaults`](#pg_hba_conf_defaults) -* [`user`](#user) -* [`group`](#group) -* [`needs_initdb`](#needs_initdb) -* [`encoding`](#encoding) -* [`locale`](#locale) -* [`data_checksums`](#data_checksums) -* [`timezone`](#timezone) -* [`manage_pg_hba_conf`](#manage_pg_hba_conf) -* [`manage_pg_ident_conf`](#manage_pg_ident_conf) -* [`manage_recovery_conf`](#manage_recovery_conf) -* [`manage_postgresql_conf_perms`](#manage_postgresql_conf_perms) -* [`module_workdir`](#module_workdir) -* [`manage_datadir`](#manage_datadir) -* [`manage_logdir`](#manage_logdir) -* [`manage_xlogdir`](#manage_xlogdir) -* [`roles`](#roles) -* [`config_entries`](#config_entries) -* [`pg_hba_rules`](#pg_hba_rules) -* [`version`](#version) -* [`extra_systemd_config`](#extra_systemd_config) -* [`manage_selinux`](#manage_selinux) -* [`password_encryption`](#password_encryption) - -##### `postgres_password` +* [`postgres_password`](#-postgresql--server--postgres_password) +* [`package_name`](#-postgresql--server--package_name) +* [`package_ensure`](#-postgresql--server--package_ensure) +* [`plperl_package_name`](#-postgresql--server--plperl_package_name) +* [`plpython_package_name`](#-postgresql--server--plpython_package_name) +* [`service_ensure`](#-postgresql--server--service_ensure) +* [`service_enable`](#-postgresql--server--service_enable) +* [`service_manage`](#-postgresql--server--service_manage) +* [`service_name`](#-postgresql--server--service_name) +* [`service_restart_on_change`](#-postgresql--server--service_restart_on_change) +* [`service_provider`](#-postgresql--server--service_provider) +* [`service_reload`](#-postgresql--server--service_reload) +* [`service_status`](#-postgresql--server--service_status) +* [`default_database`](#-postgresql--server--default_database) +* [`default_connect_settings`](#-postgresql--server--default_connect_settings) +* [`listen_addresses`](#-postgresql--server--listen_addresses) +* [`port`](#-postgresql--server--port) +* [`ip_mask_deny_postgres_user`](#-postgresql--server--ip_mask_deny_postgres_user) +* [`ip_mask_allow_all_users`](#-postgresql--server--ip_mask_allow_all_users) +* [`ipv4acls`](#-postgresql--server--ipv4acls) +* [`ipv6acls`](#-postgresql--server--ipv6acls) +* [`initdb_path`](#-postgresql--server--initdb_path) +* [`psql_path`](#-postgresql--server--psql_path) +* [`pg_hba_conf_path`](#-postgresql--server--pg_hba_conf_path) +* [`pg_ident_conf_path`](#-postgresql--server--pg_ident_conf_path) +* [`postgresql_conf_path`](#-postgresql--server--postgresql_conf_path) +* [`postgresql_conf_mode`](#-postgresql--server--postgresql_conf_mode) +* [`recovery_conf_path`](#-postgresql--server--recovery_conf_path) +* [`datadir`](#-postgresql--server--datadir) +* [`xlogdir`](#-postgresql--server--xlogdir) +* [`logdir`](#-postgresql--server--logdir) +* [`log_line_prefix`](#-postgresql--server--log_line_prefix) +* [`pg_hba_conf_defaults`](#-postgresql--server--pg_hba_conf_defaults) +* [`user`](#-postgresql--server--user) +* [`group`](#-postgresql--server--group) +* [`needs_initdb`](#-postgresql--server--needs_initdb) +* [`encoding`](#-postgresql--server--encoding) +* [`locale`](#-postgresql--server--locale) +* [`data_checksums`](#-postgresql--server--data_checksums) +* [`timezone`](#-postgresql--server--timezone) +* [`manage_pg_hba_conf`](#-postgresql--server--manage_pg_hba_conf) +* [`manage_pg_ident_conf`](#-postgresql--server--manage_pg_ident_conf) +* [`manage_recovery_conf`](#-postgresql--server--manage_recovery_conf) +* [`manage_postgresql_conf_perms`](#-postgresql--server--manage_postgresql_conf_perms) +* [`manage_selinux`](#-postgresql--server--manage_selinux) +* [`module_workdir`](#-postgresql--server--module_workdir) +* [`manage_datadir`](#-postgresql--server--manage_datadir) +* [`manage_logdir`](#-postgresql--server--manage_logdir) +* [`manage_xlogdir`](#-postgresql--server--manage_xlogdir) +* [`password_encryption`](#-postgresql--server--password_encryption) +* [`pg_hba_auth_password_encryption`](#-postgresql--server--pg_hba_auth_password_encryption) +* [`roles`](#-postgresql--server--roles) +* [`config_entries`](#-postgresql--server--config_entries) +* [`pg_hba_rules`](#-postgresql--server--pg_hba_rules) +* [`backup_enable`](#-postgresql--server--backup_enable) +* [`backup_options`](#-postgresql--server--backup_options) +* [`backup_provider`](#-postgresql--server--backup_provider) +* [`extra_systemd_config`](#-postgresql--server--extra_systemd_config) +* [`auth_host`](#-postgresql--server--auth_host) +* [`auth_local`](#-postgresql--server--auth_local) +* [`lc_messages`](#-postgresql--server--lc_messages) +* [`username`](#-postgresql--server--username) + +##### `postgres_password` Data type: `Optional[Variant[String[1], Sensitive[String[1]], Integer]]` -Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres database, with a user called postgres and no password. +Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres +database, with a user called postgres and no password. -Default value: ``undef`` +Default value: `undef` -##### `package_name` +##### `package_name` -Data type: `Any` +Data type: `String[1]` Specifies the name of the package to use for installing the server software. Default value: `$postgresql::params::server_package_name` -##### `package_ensure` +##### `package_ensure` -Data type: `Any` +Data type: `Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]` Passes a value through to the package resource when creating the server instance. Default value: `$postgresql::params::package_ensure` -##### `plperl_package_name` +##### `plperl_package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Sets the default package name for the PL/Perl extension. Default value: `$postgresql::params::plperl_package_name` -##### `plpython_package_name` +##### `plpython_package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Sets the default package name for the PL/Python extension. Default value: `$postgresql::params::plpython_package_name` -##### `service_ensure` +##### `service_ensure` -Data type: `Any` +Data type: `Variant[Enum['running', 'stopped'], Boolean]` Ensure service is installed Default value: `$postgresql::params::service_ensure` -##### `service_enable` +##### `service_enable` -Data type: `Any` +Data type: `Boolean` Enable the PostgreSQL service Default value: `$postgresql::params::service_enable` -##### `service_manage` +##### `service_manage` -Data type: `Any` +Data type: `Boolean` Defines whether or not Puppet should manage the service. Default value: `$postgresql::params::service_manage` -##### `service_name` +##### `service_name` -Data type: `Any` +Data type: `String[1]` Overrides the default PostgreSQL service name. Default value: `$postgresql::params::service_name` -##### `service_restart_on_change` +##### `service_restart_on_change` -Data type: `Any` +Data type: `Boolean` -Overrides the default behavior to restart your PostgreSQL service when a config entry has been changed that requires a service restart to become active. +Overrides the default behavior to restart your PostgreSQL service when a config entry has been changed that requires a service restart +to become active. Default value: `$postgresql::params::service_restart_on_change` -##### `service_provider` +##### `service_provider` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default PostgreSQL service provider. Default value: `$postgresql::params::service_provider` -##### `service_reload` +##### `service_reload` -Data type: `Any` +Data type: `String[1]` Overrides the default reload command for your PostgreSQL service. Default value: `$postgresql::params::service_reload` -##### `service_status` +##### `service_status` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the default status check command for your PostgreSQL service. Default value: `$postgresql::params::service_status` -##### `default_database` +##### `default_database` -Data type: `Any` +Data type: `String[1]` Specifies the name of the default database to connect with. On most systems this is 'postgres'. Default value: `$postgresql::params::default_database` -##### `default_connect_settings` +##### `default_connect_settings` -Data type: `Any` +Data type: `Hash` -Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, such as postgresql::server::role. +Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, such as +postgresql::server::role. Default value: `$postgresql::globals::default_connect_settings` -##### `listen_addresses` +##### `listen_addresses` -Data type: `Any` +Data type: `Optional[Variant[String[1], Array[String[1]]]]` Address list on which the PostgreSQL service will listen Default value: `$postgresql::params::listen_addresses` -##### `port` +##### `port` -Data type: `Any` +Data type: `Stdlib::Port` -Specifies the port for the PostgreSQL server to listen on. Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change. +Specifies the port for the PostgreSQL server to listen on. +Note: The same port number is used for all IP addresses the server listens on. +Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make +the change. Default value: 5432. Meaning the Postgres server listens on TCP port 5432. Default value: `$postgresql::params::port` -##### `ip_mask_deny_postgres_user` +##### `ip_mask_deny_postgres_user` -Data type: `Any` +Data type: `String[1]` Specifies the IP mask from which remote connections should be denied for the postgres superuser. Default value: '0.0.0.0/0', which denies any remote connection. Default value: `$postgresql::params::ip_mask_deny_postgres_user` -##### `ip_mask_allow_all_users` +##### `ip_mask_allow_all_users` -Data type: `Any` +Data type: `String[1]` -Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP from remote machines. If you'd like to allow this, you can override this setting. -Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine on your local '192.168' subnet. +Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP +from remote machines. If you'd like to allow this, you can override this setting. +Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine +on your local '192.168' subnet. Default value: '127.0.0.1/32'. Default value: `$postgresql::params::ip_mask_allow_all_users` -##### `ipv4acls` +##### `ipv4acls` Data type: `Array[String[1]]` @@ -1026,7 +1059,7 @@ Lists strings for access control for connection method, users, databases, IPv4 a Default value: `$postgresql::params::ipv4acls` -##### `ipv6acls` +##### `ipv6acls` Data type: `Array[String[1]]` @@ -1034,55 +1067,47 @@ Lists strings for access control for connection method, users, databases, IPv6 a Default value: `$postgresql::params::ipv6acls` -##### `initdb_path` +##### `initdb_path` -Data type: `Any` +Data type: `Stdlib::Absolutepath` Specifies the path to the initdb command. Default value: `$postgresql::params::initdb_path` -##### `createdb_path` - -Data type: `Any` - -Deprecated. Specifies the path to the createdb command. - -Default value: `$postgresql::params::createdb_path` +##### `psql_path` -##### `psql_path` - -Data type: `Any` +Data type: `Stdlib::Absolutepath` Specifies the path to the psql command. Default value: `$postgresql::params::psql_path` -##### `pg_hba_conf_path` +##### `pg_hba_conf_path` -Data type: `Any` +Data type: `Stdlib::Absolutepath` Specifies the path to your pg_hba.conf file. Default value: `$postgresql::params::pg_hba_conf_path` -##### `pg_ident_conf_path` +##### `pg_ident_conf_path` -Data type: `Any` +Data type: `Stdlib::Absolutepath` Specifies the path to your pg_ident.conf file. Default value: `$postgresql::params::pg_ident_conf_path` -##### `postgresql_conf_path` +##### `postgresql_conf_path` -Data type: `Any` +Data type: `Stdlib::Absolutepath` Specifies the path to your postgresql.conf file. Default value: `$postgresql::params::postgresql_conf_path` -##### `postgresql_conf_mode` +##### `postgresql_conf_mode` Data type: `Optional[Stdlib::Filemode]` @@ -1090,136 +1115,141 @@ Sets the mode of your postgresql.conf file. Only relevant if manage_postgresql_c Default value: `$postgresql::params::postgresql_conf_mode` -##### `recovery_conf_path` +##### `recovery_conf_path` -Data type: `Any` +Data type: `Stdlib::Absolutepath` Specifies the path to your recovery.conf file. Default value: `$postgresql::params::recovery_conf_path` -##### `datadir` +##### `datadir` -Data type: `Any` +Data type: `Stdlib::Absolutepath` PostgreSQL data directory Default value: `$postgresql::params::datadir` -##### `xlogdir` +##### `xlogdir` -Data type: `Any` +Data type: `Optional[Stdlib::Absolutepath]` PostgreSQL xlog directory Default value: `$postgresql::params::xlogdir` -##### `logdir` +##### `logdir` -Data type: `Any` +Data type: `Optional[Stdlib::Absolutepath]` PostgreSQL log directory Default value: `$postgresql::params::logdir` -##### `log_line_prefix` +##### `log_line_prefix` -Data type: `Any` +Data type: `Optional[String[1]]` PostgreSQL log line prefix Default value: `$postgresql::params::log_line_prefix` -##### `pg_hba_conf_defaults` +##### `pg_hba_conf_defaults` -Data type: `Any` +Data type: `Boolean` -If false, disables the defaults supplied with the module for pg_hba.conf. This is useful if you disagree with the defaults and wish to override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform basic psql operations for example. +If false, disables the defaults supplied with the module for pg_hba.conf. This is useful if you disagree with the defaults and wish to +override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform +basic psql operations for example. Default value: `$postgresql::params::pg_hba_conf_defaults` -##### `user` +##### `user` -Data type: `Any` +Data type: `String[1]` Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. Default value: `$postgresql::params::user` -##### `group` +##### `group` -Data type: `Any` +Data type: `String[1]` Overrides the default postgres user group to be used for related files in the file system. Default value: `$postgresql::params::group` -##### `needs_initdb` +##### `needs_initdb` -Data type: `Any` +Data type: `Boolean` Explicitly calls the initdb operation after server package is installed, and before the PostgreSQL service is started. Default value: `$postgresql::params::needs_initdb` -##### `encoding` +##### `encoding` -Data type: `Any` +Data type: `Optional[String[1]]` -Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the template1 initialization, so it becomes a default outside of the module as well. +Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the +template1 initialization, so it becomes a default outside of the module as well. Default value: `$postgresql::params::encoding` -##### `locale` +##### `locale` -Data type: `Any` +Data type: `Optional[String[1]]` -Sets the default database locale for all databases created with this module. On certain operating systems this is used during the template1 initialization as well, so it becomes a default outside of the module. +Sets the default database locale for all databases created with this module. On certain operating systems this is used during the +template1 initialization as well, so it becomes a default outside of the module. Default value: `$postgresql::params::locale` -##### `data_checksums` +##### `data_checksums` -Data type: `Any` +Data type: `Optional[Boolean]` -Boolean. Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. -Warning: This option is used during initialization by initdb, and cannot be changed later. If set, checksums are calculated for all objects, in all databases. +Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. +Warning: This option is used during initialization by initdb, and cannot be changed later. +If set, checksums are calculated for all objects, in all databases. Default value: `$postgresql::params::data_checksums` -##### `timezone` +##### `timezone` -Data type: `Any` +Data type: `Optional[String[1]]` Set timezone for the PostgreSQL instance Default value: `$postgresql::params::timezone` -##### `manage_pg_hba_conf` +##### `manage_pg_hba_conf` -Data type: `Any` +Data type: `Boolean` Boolean. Whether to manage the pg_hba.conf. Default value: `$postgresql::params::manage_pg_hba_conf` -##### `manage_pg_ident_conf` +##### `manage_pg_ident_conf` -Data type: `Any` +Data type: `Boolean` Boolean. Overwrites the pg_ident.conf file. Default value: `$postgresql::params::manage_pg_ident_conf` -##### `manage_recovery_conf` +##### `manage_recovery_conf` -Data type: `Any` +Data type: `Boolean` Boolean. Specifies whether or not manage the recovery.conf. Default value: `$postgresql::params::manage_recovery_conf` -##### `manage_postgresql_conf_perms` +##### `manage_postgresql_conf_perms` Data type: `Boolean` @@ -1229,39 +1259,64 @@ postgresql::server::config_entry. Default value: `$postgresql::params::manage_postgresql_conf_perms` -##### `module_workdir` +##### `manage_selinux` -Data type: `Any` +Data type: `Boolean` + +Specifies whether or not manage the conf file for selinux. + +Default value: `$postgresql::params::manage_selinux` + +##### `module_workdir` + +Data type: `Stdlib::Absolutepath` Working directory for the PostgreSQL module Default value: `$postgresql::params::module_workdir` -##### `manage_datadir` +##### `manage_datadir` -Data type: `Any` +Data type: `Boolean` Set to false if you have file{ $datadir: } already defined Default value: `$postgresql::params::manage_datadir` -##### `manage_logdir` +##### `manage_logdir` -Data type: `Any` +Data type: `Boolean` Set to false if you have file{ $logdir: } already defined Default value: `$postgresql::params::manage_logdir` -##### `manage_xlogdir` +##### `manage_xlogdir` -Data type: `Any` +Data type: `Boolean` Set to false if you have file{ $xlogdir: } already defined Default value: `$postgresql::params::manage_xlogdir` -##### `roles` +##### `password_encryption` + +Data type: `Postgresql::Pg_password_encryption` + +Specify the type of encryption set for the password. + +Default value: `$postgresql::params::password_encryption` + +##### `pg_hba_auth_password_encryption` + +Data type: `Optional[Postgresql::Pg_password_encryption]` + +Specify the type of encryption set for the password in pg_hba_conf, +this value is usefull if you want to start enforcing scram-sha-256, but give users transition time. + +Default value: `undef` + +##### `roles` Data type: `Hash[String, Hash]` @@ -1269,7 +1324,7 @@ Specifies a hash from which to generate postgresql::server::role resources. Default value: `{}` -##### `config_entries` +##### `config_entries` Data type: `Hash[String, Any]` @@ -1277,47 +1332,79 @@ Specifies a hash from which to generate postgresql::server::config_entry resourc Default value: `{}` -##### `pg_hba_rules` +##### `pg_hba_rules` -Data type: `Hash[String, Hash]` +Data type: `Postgresql::Pg_hba_rules` Specifies a hash from which to generate postgresql::server::pg_hba_rule resources. Default value: `{}` -##### `version` +##### `backup_enable` -Data type: `Any` +Data type: `Boolean` -Deprecated. Use postgresql::globals instead. Sets PostgreSQL version +Whether a backup job should be enabled. -Default value: ``undef`` +Default value: `$postgresql::params::backup_enable` -##### `extra_systemd_config` +##### `backup_options` -Data type: `Any` +Data type: `Hash` + +A hash of options that should be passed through to the backup provider. + +Default value: `{}` + +##### `backup_provider` + +Data type: `Enum['pg_dump']` + +Specifies the backup provider to use. + +Default value: `$postgresql::params::backup_provider` + +##### `extra_systemd_config` + +Data type: `Optional[String]` Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string Default value: `$postgresql::params::extra_systemd_config` -##### `manage_selinux` +##### `auth_host` -Data type: `Boolean` +Data type: `Optional[String[1]]` +auth method used by default for host authorization +Default value: `undef` -Default value: `$postgresql::params::manage_selinux` +##### `auth_local` + +Data type: `Optional[String[1]]` -##### `password_encryption` +auth method used by default for local authorization -Data type: `Any` +Default value: `undef` +##### `lc_messages` +Data type: `Optional[String[1]]` -Default value: `$postgresql::params::password_encryption` +locale used for logging and system messages -### `postgresql::server::contrib` +Default value: `undef` + +##### `username` + +Data type: `Optional[String[1]]` + +username of user running the postgres instance + +Default value: `$user` + +### `postgresql::server::contrib` Install the contrib postgresql packaging. @@ -1325,10 +1412,10 @@ Install the contrib postgresql packaging. The following parameters are available in the `postgresql::server::contrib` class: -* [`package_name`](#package_name) -* [`package_ensure`](#package_ensure) +* [`package_name`](#-postgresql--server--contrib--package_name) +* [`package_ensure`](#-postgresql--server--contrib--package_ensure) -##### `package_name` +##### `package_name` Data type: `Optional[String[1]]` @@ -1336,15 +1423,15 @@ The name of the PostgreSQL contrib package. Default value: `$postgresql::params::contrib_package_name` -##### `package_ensure` +##### `package_ensure` -Data type: `String[1]` +Data type: `Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]` Ensure the contrib package is installed. Default value: `'present'` -### `postgresql::server::plperl` +### `postgresql::server::plperl` This class installs the PL/Perl procedural language for postgresql. @@ -1352,26 +1439,26 @@ This class installs the PL/Perl procedural language for postgresql. The following parameters are available in the `postgresql::server::plperl` class: -* [`package_ensure`](#package_ensure) -* [`package_name`](#package_name) +* [`package_ensure`](#-postgresql--server--plperl--package_ensure) +* [`package_name`](#-postgresql--server--plperl--package_name) -##### `package_ensure` +##### `package_ensure` -Data type: `Any` +Data type: `Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]` The ensure parameter passed on to PostgreSQL PL/Perl package resource. Default value: `'present'` -##### `package_name` +##### `package_name` -Data type: `Any` +Data type: `Optional[String[1]]` The name of the PostgreSQL PL/Perl package. Default value: `$postgresql::server::plperl_package_name` -### `postgresql::server::plpython` +### `postgresql::server::plpython` This class installs the PL/Python procedural language for postgresql. @@ -1379,26 +1466,26 @@ This class installs the PL/Python procedural language for postgresql. The following parameters are available in the `postgresql::server::plpython` class: -* [`package_ensure`](#package_ensure) -* [`package_name`](#package_name) +* [`package_ensure`](#-postgresql--server--plpython--package_ensure) +* [`package_name`](#-postgresql--server--plpython--package_name) -##### `package_ensure` +##### `package_ensure` -Data type: `Any` +Data type: `Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]` Specifies whether the package is present. Default value: `'present'` -##### `package_name` +##### `package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Specifies the name of the postgresql PL/Python package. Default value: `$postgresql::server::plpython_package_name` -### `postgresql::server::postgis` +### `postgresql::server::postgis` Install the postgis postgresql packaging. @@ -1406,10 +1493,10 @@ Install the postgis postgresql packaging. The following parameters are available in the `postgresql::server::postgis` class: -* [`package_name`](#package_name) -* [`package_ensure`](#package_ensure) +* [`package_name`](#-postgresql--server--postgis--package_name) +* [`package_ensure`](#-postgresql--server--postgis--package_ensure) -##### `package_name` +##### `package_name` Data type: `String` @@ -1417,9 +1504,9 @@ Sets the package name. Default value: `$postgresql::params::postgis_package_name` -##### `package_ensure` +##### `package_ensure` -Data type: `String[1]` +Data type: `Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]` Specifies if the package is present or not. @@ -1427,7 +1514,7 @@ Default value: `'present'` ## Defined types -### `postgresql::server::config_entry` +### `postgresql::server::config_entry` Manage a postgresql.conf entry. @@ -1435,11 +1522,13 @@ Manage a postgresql.conf entry. The following parameters are available in the `postgresql::server::config_entry` defined type: -* [`ensure`](#ensure) -* [`value`](#value) -* [`path`](#path) +* [`ensure`](#-postgresql--server--config_entry--ensure) +* [`key`](#-postgresql--server--config_entry--key) +* [`value`](#-postgresql--server--config_entry--value) +* [`path`](#-postgresql--server--config_entry--path) +* [`comment`](#-postgresql--server--config_entry--comment) -##### `ensure` +##### `ensure` Data type: `Enum['present', 'absent']` @@ -1447,23 +1536,39 @@ Removes an entry if set to 'absent'. Default value: `'present'` -##### `value` +##### `key` -Data type: `Any` +Data type: `String[1]` + +Defines the key/name for the setting. Defaults to $name + +Default value: `$name` + +##### `value` + +Data type: `Optional[Variant[String[1], Numeric, Array[String[1]]]]` Defines the value for the setting. -Default value: ``undef`` +Default value: `undef` -##### `path` +##### `path` -Data type: `Any` +Data type: `Stdlib::Absolutepath` Path for postgresql.conf -Default value: ``false`` +Default value: `$postgresql::server::postgresql_conf_path` + +##### `comment` -### `postgresql::server::database` +Data type: `Optional[String[1]]` + +Defines the comment for the setting. The # is added by default. + +Default value: `undef` + +### `postgresql::server::database` Define for creating a database. @@ -1471,89 +1576,143 @@ Define for creating a database. The following parameters are available in the `postgresql::server::database` defined type: -* [`comment`](#comment) -* [`dbname`](#dbname) -* [`owner`](#owner) -* [`tablespace`](#tablespace) -* [`template`](#template) -* [`encoding`](#encoding) -* [`locale`](#locale) -* [`istemplate`](#istemplate) -* [`connect_settings`](#connect_settings) +* [`comment`](#-postgresql--server--database--comment) +* [`dbname`](#-postgresql--server--database--dbname) +* [`owner`](#-postgresql--server--database--owner) +* [`tablespace`](#-postgresql--server--database--tablespace) +* [`template`](#-postgresql--server--database--template) +* [`encoding`](#-postgresql--server--database--encoding) +* [`locale`](#-postgresql--server--database--locale) +* [`istemplate`](#-postgresql--server--database--istemplate) +* [`instance`](#-postgresql--server--database--instance) +* [`connect_settings`](#-postgresql--server--database--connect_settings) +* [`psql_path`](#-postgresql--server--database--psql_path) +* [`default_db`](#-postgresql--server--database--default_db) +* [`user`](#-postgresql--server--database--user) +* [`group`](#-postgresql--server--database--group) +* [`port`](#-postgresql--server--database--port) + +##### `comment` -##### `comment` - -Data type: `Any` +Data type: `Optional[String[1]]` Sets a comment on the database. -Default value: ``undef`` +Default value: `undef` -##### `dbname` +##### `dbname` -Data type: `Any` +Data type: `String[1]` Sets the name of the database. Default value: `$title` -##### `owner` +##### `owner` -Data type: `Any` +Data type: `Optional[String[1]]` Sets name of the database owner. -Default value: ``undef`` +Default value: `undef` -##### `tablespace` +##### `tablespace` -Data type: `Any` +Data type: `Optional[String[1]]` Sets tablespace for where to create this database. -Default value: ``undef`` +Default value: `undef` -##### `template` +##### `template` -Data type: `Any` +Data type: `String[1]` Specifies the name of the template database from which to build this database. Default value: 'template0'. Default value: `'template0'` -##### `encoding` +##### `encoding` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the character set during creation of the database. Default value: `$postgresql::server::encoding` -##### `locale` +##### `locale` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the locale during creation of the database. Default value: `$postgresql::server::locale` -##### `istemplate` +##### `istemplate` -Data type: `Any` +Data type: `Boolean` Defines the database as a template if set to true. -Default value: ``false`` +Default value: `false` -##### `connect_settings` +##### `instance` -Data type: `Any` +Data type: `String[1]` + +The name of the Postgresql database instance. + +Default value: `'main'` + +##### `connect_settings` + +Data type: `Hash` Specifies a hash of environment variables used when connecting to a remote server. Default value: `$postgresql::server::default_connect_settings` -### `postgresql::server::database_grant` +##### `psql_path` + +Data type: `Stdlib::Absolutepath` + +Specifies the path to the psql command. + +Default value: `$postgresql::server::psql_path` + +##### `default_db` + +Data type: `String[1]` + +Specifies the name of the default database to connect with. On most systems this is 'postgres'. + +Default value: `$postgresql::server::default_database` + +##### `user` + +Data type: `String[1]` + +Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. + +Default value: `$postgresql::server::user` + +##### `group` + +Data type: `String[1]` + +Overrides the default postgres user group to be used for related files in the file system. + +Default value: `$postgresql::server::group` + +##### `port` + +Data type: `Stdlib::Port` + +Specifies the port for the PostgreSQL server to listen on. + +Default value: `$postgresql::server::port` + +### `postgresql::server::database_grant` Manage a database grant. @@ -1561,169 +1720,225 @@ Manage a database grant. The following parameters are available in the `postgresql::server::database_grant` defined type: -* [`privilege`](#privilege) -* [`db`](#db) -* [`role`](#role) -* [`ensure`](#ensure) -* [`psql_db`](#psql_db) -* [`psql_user`](#psql_user) -* [`connect_settings`](#connect_settings) +* [`privilege`](#-postgresql--server--database_grant--privilege) +* [`db`](#-postgresql--server--database_grant--db) +* [`role`](#-postgresql--server--database_grant--role) +* [`ensure`](#-postgresql--server--database_grant--ensure) +* [`psql_db`](#-postgresql--server--database_grant--psql_db) +* [`psql_user`](#-postgresql--server--database_grant--psql_user) +* [`psql_group`](#-postgresql--server--database_grant--psql_group) +* [`connect_settings`](#-postgresql--server--database_grant--connect_settings) +* [`port`](#-postgresql--server--database_grant--port) -##### `privilege` +##### `privilege` -Data type: `Any` +Data type: `Enum['ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP', 'all', 'create', 'connect', 'temporary', 'temp']` Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP'. -##### `db` +##### `db` -Data type: `Any` +Data type: `String[1]` Specifies the database to which you are granting access. -##### `role` +##### `role` -Data type: `Any` +Data type: `String[1]` Specifies the role or user whom you are granting access to. -##### `ensure` +##### `ensure` -Data type: `Any` +Data type: `Optional[Enum['present', 'absent']]` Specifies whether to grant or revoke the privilege. Revoke or 'absent' works only in PostgreSQL version 9.1.24 or later. -Default value: ``undef`` +Default value: `undef` -##### `psql_db` +##### `psql_db` -Data type: `Any` +Data type: `Optional[String[1]]` Defines the database to execute the grant against. This should not ordinarily be changed from the default -Default value: ``undef`` +Default value: `undef` -##### `psql_user` +##### `psql_user` -Data type: `Any` +Data type: `String[1]` Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'. -Default value: ``undef`` +Default value: `$postgresql::server::user` + +##### `psql_group` -##### `connect_settings` +Data type: `String[1]` -Data type: `Any` +Overrides the default postgres user group to be used for related files in the file system. + +Default value: `$postgresql::server::group` + +##### `connect_settings` + +Data type: `Hash` Specifies a hash of environment variables used when connecting to a remote server. -Default value: ``undef`` +Default value: `$postgresql::server::default_connect_settings` + +##### `port` + +Data type: `Stdlib::Port` + +Port to use when connecting. + +Default value: `$postgresql::server::port` -### `postgresql::server::db` +### `postgresql::server::db` -Define for conveniently creating a role, database and assigning the correctpermissions. +Define for conveniently creating a role, database and assigning the correct permissions. #### Parameters The following parameters are available in the `postgresql::server::db` defined type: -* [`user`](#user) -* [`password`](#password) -* [`comment`](#comment) -* [`dbname`](#dbname) -* [`encoding`](#encoding) -* [`locale`](#locale) -* [`grant`](#grant) -* [`tablespace`](#tablespace) -* [`template`](#template) -* [`istemplate`](#istemplate) -* [`owner`](#owner) +* [`user`](#-postgresql--server--db--user) +* [`password`](#-postgresql--server--db--password) +* [`comment`](#-postgresql--server--db--comment) +* [`dbname`](#-postgresql--server--db--dbname) +* [`encoding`](#-postgresql--server--db--encoding) +* [`locale`](#-postgresql--server--db--locale) +* [`grant`](#-postgresql--server--db--grant) +* [`tablespace`](#-postgresql--server--db--tablespace) +* [`template`](#-postgresql--server--db--template) +* [`istemplate`](#-postgresql--server--db--istemplate) +* [`owner`](#-postgresql--server--db--owner) +* [`port`](#-postgresql--server--db--port) +* [`psql_user`](#-postgresql--server--db--psql_user) +* [`psql_group`](#-postgresql--server--db--psql_group) +* [`instance`](#-postgresql--server--db--instance) + +##### `user` -##### `user` +Data type: `String[1]` -Data type: `Any` +User to assign access to the database upon creation (will be created if not defined elsewhere). Mandatory. -User to create and assign access to the database upon creation. Mandatory. +##### `password` -##### `password` +Data type: `Optional[Variant[String, Sensitive[String]]]` -Data type: `Variant[String, Sensitive[String]]` +Sets the password for the created user (if a user is created). -Required Sets the password for the created user. +Default value: `undef` -##### `comment` +##### `comment` -Data type: `Any` +Data type: `Optional[String[1]]` Defines a comment to be stored about the database using the PostgreSQL COMMENT command. -Default value: ``undef`` +Default value: `undef` -##### `dbname` +##### `dbname` -Data type: `Any` +Data type: `String[1]` Sets the name of the database to be created. Default value: `$title` -##### `encoding` +##### `encoding` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the character set during creation of the database. Default value: `$postgresql::server::encoding` -##### `locale` +##### `locale` -Data type: `Any` +Data type: `Optional[String[1]]` Overrides the locale during creation of the database. Default value: `$postgresql::server::locale` -##### `grant` +##### `grant` -Data type: `Any` +Data type: `Variant[String[1], Array[String[1]]]` Specifies the permissions to grant during creation. Default value: 'ALL'. Default value: `'ALL'` -##### `tablespace` +##### `tablespace` -Data type: `Any` +Data type: `Optional[String[1]]` Defines the name of the tablespace to allocate the created database to. -Default value: ``undef`` +Default value: `undef` -##### `template` +##### `template` -Data type: `Any` +Data type: `String[1]` Specifies the name of the template database from which to build this database. Defaults value: template0. Default value: `'template0'` -##### `istemplate` +##### `istemplate` -Data type: `Any` +Data type: `Boolean` Specifies that the database is a template, if set to true. -Default value: ``false`` +Default value: `false` -##### `owner` +##### `owner` -Data type: `Any` +Data type: `Optional[String[1]]` Sets a user as the owner of the database. -Default value: ``undef`` +Default value: `undef` + +##### `port` + +Data type: `Optional[Stdlib::Port]` + +Specifies the port where the PostgreSQL server is listening on. + +Default value: `undef` + +##### `psql_user` + +Data type: `String[1]` + +Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. + +Default value: `$postgresql::server::user` + +##### `psql_group` -### `postgresql::server::default_privileges` +Data type: `String[1]` + +Overrides the default PostgreSQL user group to be used for related files in the file system. + +Default value: `$postgresql::server::group` + +##### `instance` + +Data type: `String[1]` + +The name of the Postgresql database instance. + +Default value: `'main'` + +### `postgresql::server::default_privileges` Manage a database defaults privileges. Only works with PostgreSQL version 9.6 and above. @@ -1731,71 +1946,73 @@ Manage a database defaults privileges. Only works with PostgreSQL version 9.6 an The following parameters are available in the `postgresql::server::default_privileges` defined type: -* [`target_role`](#target_role) -* [`ensure`](#ensure) -* [`role`](#role) -* [`db`](#db) -* [`object_type`](#object_type) -* [`privilege`](#privilege) -* [`schema`](#schema) -* [`psql_db`](#psql_db) -* [`psql_user`](#psql_user) -* [`psql_path`](#psql_path) -* [`port`](#port) -* [`connect_settings`](#connect_settings) -* [`psql_path`](#psql_path) -* [`group`](#group) - -##### `target_role` +* [`target_role`](#-postgresql--server--default_privileges--target_role) +* [`ensure`](#-postgresql--server--default_privileges--ensure) +* [`role`](#-postgresql--server--default_privileges--role) +* [`db`](#-postgresql--server--default_privileges--db) +* [`object_type`](#-postgresql--server--default_privileges--object_type) +* [`privilege`](#-postgresql--server--default_privileges--privilege) +* [`schema`](#-postgresql--server--default_privileges--schema) +* [`psql_db`](#-postgresql--server--default_privileges--psql_db) +* [`psql_user`](#-postgresql--server--default_privileges--psql_user) +* [`psql_path`](#-postgresql--server--default_privileges--psql_path) +* [`port`](#-postgresql--server--default_privileges--port) +* [`connect_settings`](#-postgresql--server--default_privileges--connect_settings) +* [`instance`](#-postgresql--server--default_privileges--instance) +* [`group`](#-postgresql--server--default_privileges--group) + +##### `target_role` Data type: `Optional[String]` Target role whose created objects will receive the default privileges. Defaults to the current user. -Default value: ``undef`` +Default value: `undef` -##### `ensure` +##### `ensure` -Data type: `Enum['present', - 'absent' - ]` +Data type: `Enum['present', 'absent']` Specifies whether to grant or revoke the privilege. Default value: `'present'` -##### `role` +##### `role` Data type: `String` Specifies the role or user whom you are granting access to. -##### `db` +##### `db` Data type: `String` Specifies the database to which you are granting access. -##### `object_type` +##### `object_type` + +Data type: -Data type: `Pattern[ +```puppet +Pattern[ /(?i:^FUNCTIONS$)/, /(?i:^ROUTINES$)/, /(?i:^SEQUENCES$)/, /(?i:^TABLES$)/, /(?i:^TYPES$)/, /(?i:^SCHEMAS$)/ - ]` + ] +``` Specify target object type: 'FUNCTIONS', 'ROUTINES', 'SEQUENCES', 'TABLES', 'TYPES'. -##### `privilege` +##### `privilege` Data type: `String` Specifies comma-separated list of privileges to grant. Valid options: depends on object type. -##### `schema` +##### `schema` Data type: `String` @@ -1803,7 +2020,7 @@ Target schema. Defaults to 'public'. Can be set to '' to apply to all schemas. Default value: `'public'` -##### `psql_db` +##### `psql_db` Data type: `String` @@ -1811,7 +2028,7 @@ Defines the database to execute the grant against. This should not ordinarily be Default value: `$postgresql::server::default_database` -##### `psql_user` +##### `psql_user` Data type: `String` @@ -1819,23 +2036,23 @@ Specifies the OS user for running psql. Default value: The default user for the Default value: `$postgresql::server::user` -##### `psql_path` +##### `psql_path` -Data type: `String` +Data type: `Stdlib::Absolutepath` Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'. Default value: `$postgresql::server::psql_path` -##### `port` +##### `port` -Data type: `Integer` +Data type: `Stdlib::Port` Specifies the port to access the server. Default value: The default user for the module, usually '5432'. Default value: `$postgresql::server::port` -##### `connect_settings` +##### `connect_settings` Data type: `Hash` @@ -1843,21 +2060,23 @@ Specifies a hash of environment variables used when connecting to a remote serve Default value: `$postgresql::server::default_connect_settings` -##### `psql_path` +##### `instance` -Specifies the path to the psql command. +Data type: `String[1]` -Default value: `$postgresql::server::psql_path` +The name of the Postgresql database instance. -##### `group` +Default value: `'main'` -Data type: `String` +##### `group` +Data type: `String` +Specifies the user group to which the privileges will be granted. Default value: `$postgresql::server::group` -### `postgresql::server::extension` +### `postgresql::server::extension` Activate an extension on a postgresql database. @@ -1865,101 +2084,140 @@ Activate an extension on a postgresql database. The following parameters are available in the `postgresql::server::extension` defined type: -* [`database`](#database) -* [`extension`](#extension) -* [`schema`](#schema) -* [`version`](#version) -* [`ensure`](#ensure) -* [`package_name`](#package_name) -* [`package_ensure`](#package_ensure) -* [`port`](#port) -* [`connect_settings`](#connect_settings) -* [`database_resource_name`](#database_resource_name) - -##### `database` +* [`database`](#-postgresql--server--extension--database) +* [`extension`](#-postgresql--server--extension--extension) +* [`schema`](#-postgresql--server--extension--schema) +* [`version`](#-postgresql--server--extension--version) +* [`ensure`](#-postgresql--server--extension--ensure) +* [`package_name`](#-postgresql--server--extension--package_name) +* [`package_ensure`](#-postgresql--server--extension--package_ensure) +* [`port`](#-postgresql--server--extension--port) +* [`connect_settings`](#-postgresql--server--extension--connect_settings) +* [`database_resource_name`](#-postgresql--server--extension--database_resource_name) +* [`instance`](#-postgresql--server--extension--instance) +* [`psql_path`](#-postgresql--server--extension--psql_path) +* [`user`](#-postgresql--server--extension--user) +* [`group`](#-postgresql--server--extension--group) + +##### `database` -Data type: `Any` +Data type: `String[1]` Specifies the database on which to activate the extension. -##### `extension` +##### `extension` -Data type: `Any` +Data type: `String[1]` Specifies the extension to activate. If left blank, uses the name of the resource. Default value: `$name` -##### `schema` +##### `schema` Data type: `Optional[String[1]]` Specifies the schema on which to activate the extension. -Default value: ``undef`` +Default value: `undef` -##### `version` +##### `version` Data type: `Optional[String[1]]` -Specifies the version of the extension which the database uses. When an extension package is updated, this does not automatically change the effective version in each database. +Specifies the version of the extension which the database uses. When an extension package is updated, this does not automatically +change the effective version in each database. This needs be updated using the PostgreSQL-specific SQL ALTER EXTENSION... version may be set to latest, in which case the SQL ALTER EXTENSION "extension" UPDATE is applied to this database (only). version may be set to a specific version, in which case the extension is updated using ALTER EXTENSION "extension" UPDATE TO 'version' -eg. If extension is set to postgis and version is set to 2.3.3, this will apply the SQL ALTER EXTENSION "postgis" UPDATE TO '2.3.3' to this database only. +eg. If extension is set to postgis and version is set to 2.3.3, this will apply the SQL ALTER EXTENSION "postgis" UPDATE TO '2.3.3' to +this database only. version may be omitted, in which case no ALTER EXTENSION... SQL is applied, and the version will be left unchanged. -Default value: ``undef`` +Default value: `undef` -##### `ensure` +##### `ensure` -Data type: `String[1]` +Data type: `Enum['present', 'absent']` Specifies whether to activate or deactivate the extension. Valid options: 'present' or 'absent'. Default value: `'present'` -##### `package_name` +##### `package_name` -Data type: `Any` +Data type: `Optional[String[1]]` Specifies a package to install prior to activating the extension. -Default value: ``undef`` +Default value: `undef` -##### `package_ensure` +##### `package_ensure` -Data type: `Any` +Data type: `Optional[Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]]` -Overrides default package deletion behavior. By default, the package specified with package_name is installed when the extension is activated and removed when the extension is deactivated. To override this behavior, set the ensure value for the package. +Overrides default package deletion behavior. By default, the package specified with package_name is installed when the extension is +activated and removed when the extension is deactivated. To override this behavior, set the ensure value for the package. -Default value: ``undef`` +Default value: `undef` -##### `port` +##### `port` -Data type: `Optional[Integer]` +Data type: `Stdlib::Port` Port to use when connecting. -Default value: ``undef`` +Default value: `postgresql::default('port')` -##### `connect_settings` +##### `connect_settings` -Data type: `Any` +Data type: `Hash` Specifies a hash of environment variables used when connecting to a remote server. Default value: `postgresql::default('default_connect_settings')` -##### `database_resource_name` +##### `database_resource_name` -Data type: `Any` +Data type: `String[1]` Specifies the resource name of the DB being managed. Defaults to the parameter $database, if left blank. Default value: `$database` -### `postgresql::server::grant` +##### `instance` + +Data type: `String[1]` + +The name of the Postgresql database instance. + +Default value: `'main'` + +##### `psql_path` + +Data type: `Stdlib::Absolutepath` + +Specifies the path to the psql command. + +Default value: `postgresql::default('psql_path')` + +##### `user` + +Data type: `String[1]` + +Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. + +Default value: `postgresql::default('user')` + +##### `group` + +Data type: `String[1]` + +Overrides the default postgres user group to be used for related files in the file system. + +Default value: `postgresql::default('group')` + +### `postgresql::server::grant` Define for granting permissions to roles. @@ -1967,34 +2225,35 @@ Define for granting permissions to roles. The following parameters are available in the `postgresql::server::grant` defined type: -* [`role`](#role) -* [`db`](#db) -* [`privilege`](#privilege) -* [`object_type`](#object_type) -* [`object_name`](#object_name) -* [`psql_db`](#psql_db) -* [`psql_user`](#psql_user) -* [`port`](#port) -* [`onlyif_exists`](#onlyif_exists) -* [`connect_settings`](#connect_settings) -* [`ensure`](#ensure) -* [`group`](#group) -* [`psql_path`](#psql_path) -* [`object_arguments`](#object_arguments) - -##### `role` +* [`role`](#-postgresql--server--grant--role) +* [`db`](#-postgresql--server--grant--db) +* [`privilege`](#-postgresql--server--grant--privilege) +* [`object_type`](#-postgresql--server--grant--object_type) +* [`object_name`](#-postgresql--server--grant--object_name) +* [`object_arguments`](#-postgresql--server--grant--object_arguments) +* [`psql_db`](#-postgresql--server--grant--psql_db) +* [`psql_user`](#-postgresql--server--grant--psql_user) +* [`port`](#-postgresql--server--grant--port) +* [`onlyif_exists`](#-postgresql--server--grant--onlyif_exists) +* [`connect_settings`](#-postgresql--server--grant--connect_settings) +* [`ensure`](#-postgresql--server--grant--ensure) +* [`group`](#-postgresql--server--grant--group) +* [`psql_path`](#-postgresql--server--grant--psql_path) +* [`instance`](#-postgresql--server--grant--instance) + +##### `role` Data type: `String` Specifies the role or user whom you are granting access to. -##### `db` +##### `db` Data type: `String` Specifies the database to which you are granting access. -##### `privilege` +##### `privilege` Data type: `String` @@ -2002,9 +2261,12 @@ Specifies the privilege to grant. Valid options: 'ALL', 'ALL PRIVILEGES' or 'obj Default value: `''` -##### `object_type` +##### `object_type` + +Data type: -Data type: `Pattern[#/(?i:^COLUMN$)/, +```puppet +Pattern[#/(?i:^COLUMN$)/, /(?i:^ALL SEQUENCES IN SCHEMA$)/, /(?i:^ALL TABLES IN SCHEMA$)/, /(?i:^DATABASE$)/, @@ -2018,24 +2280,32 @@ Data type: `Pattern[#/(?i:^COLUMN$)/, /(?i:^SCHEMA$)/, /(?i:^SEQUENCE$)/ #/(?i:^VIEW$)/ - ]` + ] +``` -Specifies the type of object to which you are granting privileges. Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'. +Specifies the type of object to which you are granting privileges. +Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'. Default value: `'database'` -##### `object_name` +##### `object_name` + +Data type: `Optional[Variant[Array[String,2,2],String[1]]]` + +Specifies name of object_type to which to grant access, can be either a string or a two element array. +String: 'object_name' Array: ['schema_name', 'object_name'] -Data type: `Optional[Variant[ - Array[String,2,2], - String[1]] - ]` +Default value: `undef` -Specifies name of object_type to which to grant access, can be either a string or a two element array. String: 'object_name' Array: ['schema_name', 'object_name'] +##### `object_arguments` -Default value: ``undef`` +Data type: `Array[String[1],0]` + +Specifies any arguments to be passed alongisde the access grant. + +Default value: `[]` -##### `psql_db` +##### `psql_db` Data type: `String` @@ -2043,7 +2313,7 @@ Specifies the database to execute the grant against. This should not ordinarily Default value: `$postgresql::server::default_database` -##### `psql_user` +##### `psql_user` Data type: `String` @@ -2051,23 +2321,23 @@ Sets the OS user to run psql. Default value: `$postgresql::server::user` -##### `port` +##### `port` -Data type: `Integer` +Data type: `Stdlib::Port` Port to use when connecting. Default value: `$postgresql::server::port` -##### `onlyif_exists` +##### `onlyif_exists` Data type: `Boolean` Create grant only if doesn't exist -Default value: ``false`` +Default value: `false` -##### `connect_settings` +##### `connect_settings` Data type: `Hash` @@ -2075,17 +2345,15 @@ Specifies a hash of environment variables used when connecting to a remote serve Default value: `$postgresql::server::default_connect_settings` -##### `ensure` +##### `ensure` -Data type: `Enum['present', - 'absent' - ]` +Data type: `Enum['present', 'absent']` Specifies whether to grant or revoke the privilege. Default is to grant the privilege. Valid values: 'present', 'absent'. Default value: `'present'` -##### `group` +##### `group` Data type: `String` @@ -2093,23 +2361,23 @@ Sets the OS group to run psql Default value: `$postgresql::server::group` -##### `psql_path` +##### `psql_path` -Data type: `String` +Data type: `Stdlib::Absolutepath` Sets the path to psql command Default value: `$postgresql::server::psql_path` -##### `object_arguments` - -Data type: `Array[String[1],0]` +##### `instance` +Data type: `String[1]` +The name of the Postgresql database instance. -Default value: `[]` +Default value: `'main'` -### `postgresql::server::grant_role` +### `postgresql::server::grant_role` Define for granting membership to a role. @@ -2117,21 +2385,22 @@ Define for granting membership to a role. The following parameters are available in the `postgresql::server::grant_role` defined type: -* [`group`](#group) -* [`role`](#role) -* [`ensure`](#ensure) -* [`psql_db`](#psql_db) -* [`psql_user`](#psql_user) -* [`port`](#port) -* [`connect_settings`](#connect_settings) +* [`group`](#-postgresql--server--grant_role--group) +* [`role`](#-postgresql--server--grant_role--role) +* [`ensure`](#-postgresql--server--grant_role--ensure) +* [`psql_db`](#-postgresql--server--grant_role--psql_db) +* [`psql_user`](#-postgresql--server--grant_role--psql_user) +* [`port`](#-postgresql--server--grant_role--port) +* [`connect_settings`](#-postgresql--server--grant_role--connect_settings) +* [`instance`](#-postgresql--server--grant_role--instance) -##### `group` +##### `group` Data type: `String[1]` Specifies the group role to which you are assigning a role. -##### `role` +##### `role` Data type: `String[1]` @@ -2139,7 +2408,7 @@ Specifies the role you want to assign to a group. If left blank, uses the name o Default value: `$name` -##### `ensure` +##### `ensure` Data type: `Enum['present', 'absent']` @@ -2147,188 +2416,966 @@ Specifies whether to grant or revoke the membership. Valid options: 'present' or Default value: `'present'` -##### `psql_db` +##### `psql_db` -Data type: `Any` +Data type: `String[1]` Specifies the database to execute the grant against. This should not ordinarily be changed from the default Default value: `$postgresql::server::default_database` -##### `psql_user` +##### `psql_user` -Data type: `Any` +Data type: `String[1]` Sets the OS user to run psql. Default value: `$postgresql::server::user` -##### `port` +##### `port` -Data type: `Any` +Data type: `Stdlib::Port` Port to use when connecting. Default value: `$postgresql::server::port` -##### `connect_settings` +##### `connect_settings` -Data type: `Any` +Data type: `Hash` Specifies a hash of environment variables used when connecting to a remote server. Default value: `$postgresql::server::default_connect_settings` -### `postgresql::server::pg_hba_rule` - -This resource manages an individual rule that applies to the file defined in target. - -#### Parameters +##### `instance` -The following parameters are available in the `postgresql::server::pg_hba_rule` defined type: +Data type: `String[1]` -* [`type`](#type) -* [`database`](#database) -* [`user`](#user) -* [`auth_method`](#auth_method) -* [`address`](#address) -* [`description`](#description) -* [`auth_option`](#auth_option) -* [`order`](#order) -* [`target`](#target) -* [`postgresql_version`](#postgresql_version) +The name of the Postgresql database instance. -##### `type` +Default value: `'main'` -Data type: `Enum['local', 'host', 'hostssl', 'hostnossl', 'hostgssenc']` +### `postgresql::server::instance::config` -Sets the type of rule. -Enum['local','host','hostssl','hostnossl','hostgssenc']. +Manages the config for a postgresql::server instance -##### `database` +#### Parameters -Data type: `String` +The following parameters are available in the `postgresql::server::instance::config` defined type: + +* [`ip_mask_deny_postgres_user`](#-postgresql--server--instance--config--ip_mask_deny_postgres_user) +* [`ip_mask_allow_all_users`](#-postgresql--server--instance--config--ip_mask_allow_all_users) +* [`listen_addresses`](#-postgresql--server--instance--config--listen_addresses) +* [`port`](#-postgresql--server--instance--config--port) +* [`ipv4acls`](#-postgresql--server--instance--config--ipv4acls) +* [`ipv6acls`](#-postgresql--server--instance--config--ipv6acls) +* [`pg_hba_conf_path`](#-postgresql--server--instance--config--pg_hba_conf_path) +* [`pg_ident_conf_path`](#-postgresql--server--instance--config--pg_ident_conf_path) +* [`postgresql_conf_path`](#-postgresql--server--instance--config--postgresql_conf_path) +* [`postgresql_conf_mode`](#-postgresql--server--instance--config--postgresql_conf_mode) +* [`recovery_conf_path`](#-postgresql--server--instance--config--recovery_conf_path) +* [`pg_hba_conf_defaults`](#-postgresql--server--instance--config--pg_hba_conf_defaults) +* [`user`](#-postgresql--server--instance--config--user) +* [`group`](#-postgresql--server--instance--config--group) +* [`version`](#-postgresql--server--instance--config--version) +* [`manage_pg_hba_conf`](#-postgresql--server--instance--config--manage_pg_hba_conf) +* [`manage_pg_ident_conf`](#-postgresql--server--instance--config--manage_pg_ident_conf) +* [`manage_recovery_conf`](#-postgresql--server--instance--config--manage_recovery_conf) +* [`manage_postgresql_conf_perms`](#-postgresql--server--instance--config--manage_postgresql_conf_perms) +* [`datadir`](#-postgresql--server--instance--config--datadir) +* [`logdir`](#-postgresql--server--instance--config--logdir) +* [`service_name`](#-postgresql--server--instance--config--service_name) +* [`service_enable`](#-postgresql--server--instance--config--service_enable) +* [`log_line_prefix`](#-postgresql--server--instance--config--log_line_prefix) +* [`timezone`](#-postgresql--server--instance--config--timezone) +* [`password_encryption`](#-postgresql--server--instance--config--password_encryption) +* [`pg_hba_auth_password_encryption`](#-postgresql--server--instance--config--pg_hba_auth_password_encryption) +* [`extra_systemd_config`](#-postgresql--server--instance--config--extra_systemd_config) +* [`manage_selinux`](#-postgresql--server--instance--config--manage_selinux) + +##### `ip_mask_deny_postgres_user` -Sets a comma-separated list of databases that this rule matches. +Data type: `String[1]` -##### `user` +Specifies the IP mask from which remote connections should be denied for the postgres superuser. +Default value: '0.0.0.0/0', which denies any remote connection. -Data type: `String` +Default value: `$postgresql::server::ip_mask_deny_postgres_user` -Sets a comma-separated list of users that this rule matches. +##### `ip_mask_allow_all_users` -##### `auth_method` +Data type: `String[1]` -Data type: `String` +Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP +from remote machines. If you'd like to allow this, you can override this setting. +Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine +on your local '192.168' subnet. +Default value: '127.0.0.1/32'. -Provides the method that is used for authentication for the connection that this rule matches. Described further in the PostgreSQL pg_hba.conf documentation. +Default value: `$postgresql::server::ip_mask_allow_all_users` -##### `address` +##### `listen_addresses` -Data type: `Optional[String]` +Data type: `Optional[Variant[String[1], Array[String[1]]]]` -Sets a CIDR based address for this rule matching when the type is not 'local'. +Address list on which the PostgreSQL service will listen -Default value: ``undef`` +Default value: `$postgresql::server::listen_addresses` -##### `description` +##### `port` -Data type: `String` +Data type: `Stdlib::Port` -Defines a longer description for this rule, if required. This description is placed in the comments above the rule in pg_hba.conf. Default value: 'none'. +Specifies the port for the PostgreSQL server to listen on. +Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, +changing the port causes the server to come to a full stop before being able to make the change. +Default value: 5432. Meaning the Postgres server listens on TCP port 5432. -Default value: `'none'` +Default value: `$postgresql::server::port` -##### `auth_option` +##### `ipv4acls` -Data type: `Optional[String]` +Data type: `Array[String[1]]` -For certain auth_method settings there are extra options that can be passed. Consult the PostgreSQL pg_hba.conf documentation for further details. +Lists strings for access control for connection method, users, databases, IPv4 addresses. -Default value: ``undef`` +Default value: `$postgresql::server::ipv4acls` -##### `order` +##### `ipv6acls` -Data type: `Variant[String, Integer]` +Data type: `Array[String[1]]` -Sets an order for placing the rule in pg_hba.conf. This can be either a string or an integer. If it is an integer, it will be converted to a string by zero-padding it to three digits. E.g. 42 will be zero-padded to the string '042'. The pg_hba_rule fragments are sorted using the alpha sorting order. Default value: 150. +Lists strings for access control for connection method, users, databases, IPv6 addresses. -Default value: `150` +Default value: `$postgresql::server::ipv6acls` -##### `target` +##### `pg_hba_conf_path` Data type: `Stdlib::Absolutepath` -Provides the target for the rule, and is generally an internal only property. Use with caution. +Specifies the path to your pg_hba.conf file. Default value: `$postgresql::server::pg_hba_conf_path` -##### `postgresql_version` +##### `pg_ident_conf_path` -Data type: `String` +Data type: `Stdlib::Absolutepath` -Manages pg_hba.conf without managing the entire PostgreSQL instance. +Specifies the path to your pg_ident.conf file. -Default value: `$postgresql::server::_version` +Default value: `$postgresql::server::pg_ident_conf_path` -### `postgresql::server::pg_ident_rule` +##### `postgresql_conf_path` -This resource manages an individual rule that applies to the file defined in target. +Data type: `Stdlib::Absolutepath` -#### Parameters +Specifies the path to your postgresql.conf file. -The following parameters are available in the `postgresql::server::pg_ident_rule` defined type: +Default value: `$postgresql::server::postgresql_conf_path` -* [`map_name`](#map_name) -* [`system_username`](#system_username) -* [`database_username`](#database_username) -* [`description`](#description) -* [`order`](#order) -* [`target`](#target) +##### `postgresql_conf_mode` -##### `map_name` +Data type: `Optional[Stdlib::Filemode]` -Data type: `Any` +Sets the mode of your postgresql.conf file. Only relevant if manage_postgresql_conf_perms is true. + +Default value: `$postgresql::server::postgresql_conf_mode` + +##### `recovery_conf_path` + +Data type: `Stdlib::Absolutepath` + +Specifies the path to your recovery.conf file. + +Default value: `$postgresql::server::recovery_conf_path` + +##### `pg_hba_conf_defaults` + +Data type: `Boolean` + +If false, disables the defaults supplied with the module for pg_hba.conf. This is useful if you disagree with the defaults and wish to +override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform +basic psql operations for example. + +Default value: `$postgresql::server::pg_hba_conf_defaults` + +##### `user` + +Data type: `String[1]` + +Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. + +Default value: `$postgresql::server::user` + +##### `group` + +Data type: `String[1]` + +Overrides the default postgres user group to be used for related files in the file system. + +Default value: `$postgresql::server::group` + +##### `version` + +Data type: `Optional[String[1]]` + +Sets PostgreSQL version + +Default value: `$postgresql::server::_version` + +##### `manage_pg_hba_conf` + +Data type: `Boolean` + +Boolean. Whether to manage the pg_hba.conf. + +Default value: `$postgresql::server::manage_pg_hba_conf` + +##### `manage_pg_ident_conf` + +Data type: `Boolean` + +Boolean. Overwrites the pg_ident.conf file. + +Default value: `$postgresql::server::manage_pg_ident_conf` + +##### `manage_recovery_conf` + +Data type: `Boolean` + +Boolean. Specifies whether or not manage the recovery.conf. + +Default value: `$postgresql::server::manage_recovery_conf` + +##### `manage_postgresql_conf_perms` + +Data type: `Boolean` + +Whether to manage the postgresql conf file permissions. This means owner, +group and mode. Contents are not managed but should be managed through +postgresql::server::config_entry. + +Default value: `$postgresql::server::manage_postgresql_conf_perms` + +##### `datadir` + +Data type: `Stdlib::Absolutepath` + +PostgreSQL data directory + +Default value: `$postgresql::server::datadir` + +##### `logdir` + +Data type: `Optional[Stdlib::Absolutepath]` + +PostgreSQL log directory + +Default value: `$postgresql::server::logdir` + +##### `service_name` + +Data type: `String[1]` + +Overrides the default PostgreSQL service name. + +Default value: `$postgresql::server::service_name` + +##### `service_enable` + +Data type: `Boolean` + +Enable the PostgreSQL service + +Default value: `$postgresql::server::service_enable` + +##### `log_line_prefix` + +Data type: `Optional[String[1]]` + +PostgreSQL log line prefix + +Default value: `$postgresql::server::log_line_prefix` + +##### `timezone` + +Data type: `Optional[String[1]]` + +Set timezone for the PostgreSQL instance + +Default value: `$postgresql::server::timezone` + +##### `password_encryption` + +Data type: `Postgresql::Pg_password_encryption` + +Specify the type of encryption set for the password. + +Default value: `$postgresql::server::password_encryption` + +##### `pg_hba_auth_password_encryption` + +Data type: `Optional[Postgresql::Pg_password_encryption]` + +Specify the type of encryption set for the password in pg_hba_conf, +this value is usefull if you want to start enforcing scram-sha-256, but give users transition time. + +Default value: `$postgresql::server::pg_hba_auth_password_encryption` + +##### `extra_systemd_config` + +Data type: `Optional[String]` + +Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string + +Default value: `$postgresql::server::extra_systemd_config` + +##### `manage_selinux` + +Data type: `Boolean` + +Specifies whether or not manage the conf file for selinux. + +Default value: `$postgresql::server::manage_selinux` + +### `postgresql::server::instance::initdb` + +Manages initdb feature for a postgresql::server instance + +#### Parameters + +The following parameters are available in the `postgresql::server::instance::initdb` defined type: + +* [`auth_host`](#-postgresql--server--instance--initdb--auth_host) +* [`auth_local`](#-postgresql--server--instance--initdb--auth_local) +* [`data_checksums`](#-postgresql--server--instance--initdb--data_checksums) +* [`datadir`](#-postgresql--server--instance--initdb--datadir) +* [`encoding`](#-postgresql--server--instance--initdb--encoding) +* [`group`](#-postgresql--server--instance--initdb--group) +* [`initdb_path`](#-postgresql--server--instance--initdb--initdb_path) +* [`lc_messages`](#-postgresql--server--instance--initdb--lc_messages) +* [`locale`](#-postgresql--server--instance--initdb--locale) +* [`logdir`](#-postgresql--server--instance--initdb--logdir) +* [`manage_datadir`](#-postgresql--server--instance--initdb--manage_datadir) +* [`manage_logdir`](#-postgresql--server--instance--initdb--manage_logdir) +* [`manage_xlogdir`](#-postgresql--server--instance--initdb--manage_xlogdir) +* [`module_workdir`](#-postgresql--server--instance--initdb--module_workdir) +* [`needs_initdb`](#-postgresql--server--instance--initdb--needs_initdb) +* [`user`](#-postgresql--server--instance--initdb--user) +* [`username`](#-postgresql--server--instance--initdb--username) +* [`xlogdir`](#-postgresql--server--instance--initdb--xlogdir) +* [`port`](#-postgresql--server--instance--initdb--port) +* [`psql_path`](#-postgresql--server--instance--initdb--psql_path) + +##### `auth_host` + +Data type: `Optional[String[1]]` + +auth method used by default for host authorization + +Default value: `$postgresql::server::auth_host` + +##### `auth_local` + +Data type: `Optional[String[1]]` + +auth method used by default for local authorization + +Default value: `$postgresql::server::auth_local` + +##### `data_checksums` + +Data type: `Optional[Boolean]` + +Boolean. Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. + +Default value: `$postgresql::server::data_checksums` + +##### `datadir` + +Data type: `Stdlib::Absolutepath` + +PostgreSQL data directory + +Default value: `$postgresql::server::datadir` + +##### `encoding` + +Data type: `Optional[String[1]]` + +Sets the default encoding for all databases created with this module. +On certain operating systems this is also used during the template1 initialization, +so it becomes a default outside of the module as well. + +Default value: `$postgresql::server::encoding` + +##### `group` + +Data type: `String[1]` + +Overrides the default postgres user group to be used for related files in the file system. + +Default value: `$postgresql::server::group` + +##### `initdb_path` + +Data type: `Stdlib::Absolutepath` + +Specifies the path to the initdb command. + +Default value: `$postgresql::server::initdb_path` + +##### `lc_messages` + +Data type: `Optional[String[1]]` + +locale used for logging and system messages + +Default value: `$postgresql::server::lc_messages` + +##### `locale` + +Data type: `Optional[String[1]]` + +Sets the default database locale for all databases created with this module. +On certain operating systems this is used during the template1 initialization as well, so it becomes a default outside of the module. +Warning: This option is used during initialization by initdb, and cannot be changed later. +If set, checksums are calculated for all objects, in all databases. + +Default value: `$postgresql::server::locale` + +##### `logdir` + +Data type: `Optional[Stdlib::Absolutepath]` + +PostgreSQL log directory + +Default value: `$postgresql::server::logdir` + +##### `manage_datadir` + +Data type: `Boolean` + +Set to false if you have file{ $datadir: } already defined + +Default value: `$postgresql::server::manage_datadir` + +##### `manage_logdir` + +Data type: `Boolean` + +Set to false if you have file{ $logdir: } already defined + +Default value: `$postgresql::server::manage_logdir` + +##### `manage_xlogdir` + +Data type: `Boolean` + +Set to false if you have file{ $xlogdir: } already defined + +Default value: `$postgresql::server::manage_xlogdir` + +##### `module_workdir` + +Data type: `Stdlib::Absolutepath` + +Working directory for the PostgreSQL module + +Default value: `$postgresql::server::module_workdir` + +##### `needs_initdb` + +Data type: `Boolean` + +Explicitly calls the initdb operation after server package is installed +and before the PostgreSQL service is started. + +Default value: `$postgresql::server::needs_initdb` + +##### `user` + +Data type: `String[1]` + +Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. + +Default value: `$postgresql::server::user` + +##### `username` + +Data type: `Optional[String[1]]` + +username of user running the postgres instance + +Default value: `$postgresql::server::username` + +##### `xlogdir` + +Data type: `Optional[Stdlib::Absolutepath]` + +PostgreSQL xlog/WAL directory + +Default value: `$postgresql::server::xlogdir` + +##### `port` + +Data type: `Stdlib::Port` + +Specifies the port for the PostgreSQL server to listen on. +Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, +changing the port causes the server to come to a full stop before being able to make the change. + +Default value: `$postgresql::server::port` + +##### `psql_path` + +Data type: `Stdlib::Absolutepath` + +Specifies the path to the psql command. + +Default value: `$postgresql::server::psql_path` + +### `postgresql::server::instance::late_initdb` + +Manage the default encoding when database initialization is managed by the package + +#### Parameters + +The following parameters are available in the `postgresql::server::instance::late_initdb` defined type: + +* [`encoding`](#-postgresql--server--instance--late_initdb--encoding) +* [`user`](#-postgresql--server--instance--late_initdb--user) +* [`group`](#-postgresql--server--instance--late_initdb--group) +* [`psql_path`](#-postgresql--server--instance--late_initdb--psql_path) +* [`port`](#-postgresql--server--instance--late_initdb--port) +* [`module_workdir`](#-postgresql--server--instance--late_initdb--module_workdir) + +##### `encoding` + +Data type: `Optional[String[1]]` + +Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the +template1 initialization, so it becomes a default outside of the module as well. + +Default value: `$postgresql::server::encoding` + +##### `user` + +Data type: `String[1]` + +Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. + +Default value: `$postgresql::server::user` + +##### `group` + +Data type: `String[1]` + +Overrides the default postgres user group to be used for related files in the file system. + +Default value: `$postgresql::server::group` + +##### `psql_path` + +Data type: `Stdlib::Absolutepath` + +Specifies the path to the psql command. + +Default value: `$postgresql::server::psql_path` + +##### `port` + +Data type: `Stdlib::Port` + +Specifies the port for the PostgreSQL server to listen on. +Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, +changing the port causes the server to come to a full stop before being able to make the change. + +Default value: `$postgresql::server::port` + +##### `module_workdir` + +Data type: `Stdlib::Absolutepath` + +Working directory for the PostgreSQL module + +Default value: `$postgresql::server::module_workdir` + +### `postgresql::server::instance::passwd` + +Overrides the default PostgreSQL superuser + +#### Parameters + +The following parameters are available in the `postgresql::server::instance::passwd` defined type: + +* [`user`](#-postgresql--server--instance--passwd--user) +* [`group`](#-postgresql--server--instance--passwd--group) +* [`psql_path`](#-postgresql--server--instance--passwd--psql_path) +* [`port`](#-postgresql--server--instance--passwd--port) +* [`database`](#-postgresql--server--instance--passwd--database) +* [`module_workdir`](#-postgresql--server--instance--passwd--module_workdir) +* [`postgres_password`](#-postgresql--server--instance--passwd--postgres_password) + +##### `user` + +Data type: `String[1]` + +Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. + +Default value: `$postgresql::server::user` + +##### `group` + +Data type: `String[1]` + +Overrides the default postgres user group to be used for related files in the file system. +Default value: 5432. Meaning the Postgres server listens on TCP port 5432. + +Default value: `$postgresql::server::group` + +##### `psql_path` + +Data type: `Stdlib::Absolutepath` + +Specifies the path to the psql command. + +Default value: `$postgresql::server::psql_path` + +##### `port` + +Data type: `Stdlib::Port` + +Specifies the port for the PostgreSQL server to listen on. +Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, +changing the port causes the server to come to a full stop before being able to make the change. + +Default value: `$postgresql::server::port` + +##### `database` + +Data type: `String[1]` + +Specifies the name of the database to connect with. On most systems this is 'postgres'. + +Default value: `$postgresql::server::default_database` + +##### `module_workdir` + +Data type: `Stdlib::Absolutepath` + +Working directory for the PostgreSQL module + +Default value: `$postgresql::server::module_workdir` + +##### `postgres_password` + +Data type: `Optional[Variant[String[1], Sensitive[String[1]], Integer]]` + +Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres +database, with a user called postgres and no password. + +Default value: `$postgresql::server::postgres_password` + +### `postgresql::server::instance::reload` + +Overrides the default reload or status command for your PostgreSQL service + +#### Parameters + +The following parameters are available in the `postgresql::server::instance::reload` defined type: + +* [`service_reload`](#-postgresql--server--instance--reload--service_reload) +* [`service_status`](#-postgresql--server--instance--reload--service_status) + +##### `service_reload` + +Data type: `String[1]` + +Overrides the default reload command for your PostgreSQL service. + +Default value: `$postgresql::server::service_reload` + +##### `service_status` + +Data type: `String[1]` + +Overrides the default status check command for your PostgreSQL service. + +Default value: `$postgresql::server::service_status` + +### `postgresql::server::instance::service` + +Manages the service for the postgres main instance (default) or additional instances + +#### Parameters + +The following parameters are available in the `postgresql::server::instance::service` defined type: + +* [`service_ensure`](#-postgresql--server--instance--service--service_ensure) +* [`service_enable`](#-postgresql--server--instance--service--service_enable) +* [`service_manage`](#-postgresql--server--instance--service--service_manage) +* [`service_name`](#-postgresql--server--instance--service--service_name) +* [`service_provider`](#-postgresql--server--instance--service--service_provider) +* [`service_status`](#-postgresql--server--instance--service--service_status) +* [`user`](#-postgresql--server--instance--service--user) +* [`port`](#-postgresql--server--instance--service--port) +* [`default_database`](#-postgresql--server--instance--service--default_database) +* [`psql_path`](#-postgresql--server--instance--service--psql_path) +* [`connect_settings`](#-postgresql--server--instance--service--connect_settings) + +##### `service_ensure` + +Data type: `Variant[Enum['running', 'stopped'], Boolean]` + +Ensure service is installed + +Default value: `$postgresql::server::service_ensure` + +##### `service_enable` + +Data type: `Boolean` + +Enable the PostgreSQL service + +Default value: `$postgresql::server::service_enable` + +##### `service_manage` + +Data type: `Boolean` + +Defines whether or not Puppet should manage the service. + +Default value: `$postgresql::server::service_manage` + +##### `service_name` + +Data type: `String[1]` + +Overrides the default PostgreSQL service name. + +Default value: `$postgresql::server::service_name` + +##### `service_provider` + +Data type: `Optional[String[1]]` + +Overrides the default PostgreSQL service provider. + +Default value: `$postgresql::server::service_provider` + +##### `service_status` + +Data type: `String[1]` + +Overrides the default status check command for your PostgreSQL service. + +Default value: `$postgresql::server::service_status` + +##### `user` + +Data type: `String[1]` + +Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. + +Default value: `$postgresql::server::user` + +##### `port` + +Data type: `Stdlib::Port` + +Specifies the port for the PostgreSQL server to listen on. +Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, +changing the port causes the server to come to a full stop before being able to make the change. +Default value: 5432. Meaning the Postgres server listens on TCP port 5432. + +Default value: `$postgresql::server::port` + +##### `default_database` + +Data type: `String[1]` + +Specifies the name of the default database to connect with. On most systems this is 'postgres'. + +Default value: `$postgresql::server::default_database` + +##### `psql_path` + +Data type: `Stdlib::Absolutepath` + +Specifies the path to the psql command. + +Default value: `$postgresql::server::psql_path` + +##### `connect_settings` + +Data type: `Hash` + +Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, +such as postgresql::server::role. + +Default value: `$postgresql::server::default_connect_settings` + +### `postgresql::server::pg_hba_rule` + +This resource manages an individual rule that applies to the file defined in target. + +#### Parameters + +The following parameters are available in the `postgresql::server::pg_hba_rule` defined type: + +* [`type`](#-postgresql--server--pg_hba_rule--type) +* [`database`](#-postgresql--server--pg_hba_rule--database) +* [`user`](#-postgresql--server--pg_hba_rule--user) +* [`auth_method`](#-postgresql--server--pg_hba_rule--auth_method) +* [`address`](#-postgresql--server--pg_hba_rule--address) +* [`description`](#-postgresql--server--pg_hba_rule--description) +* [`auth_option`](#-postgresql--server--pg_hba_rule--auth_option) +* [`order`](#-postgresql--server--pg_hba_rule--order) +* [`target`](#-postgresql--server--pg_hba_rule--target) +* [`postgresql_version`](#-postgresql--server--pg_hba_rule--postgresql_version) + +##### `type` + +Data type: `Postgresql::Pg_hba_rule_type` + +Sets the type of rule. + +##### `database` + +Data type: `String[1]` + +Sets a comma-separated list of databases that this rule matches. + +##### `user` + +Data type: `String[1]` + +Sets a comma-separated list of users that this rule matches. + +##### `auth_method` + +Data type: `String[1]` + +Provides the method that is used for authentication for the connection that this rule matches. +Described further in the PostgreSQL pg_hba.conf documentation. + +##### `address` + +Data type: `Optional[Postgresql::Pg_hba_rule_address]` + +Sets a address for this rule matching when the type is not 'local'. +Value can either be IPv4 CIDR, IPv6 CIDR, a FQDN, the strings 'all', 'samehost' or 'samenet' or a domain either with or without starting +dot (.) https://www.postgresql.org/docs/current/auth-pg-hba-conf.html + +Default value: `undef` + +##### `description` + +Data type: `String[1]` + +Defines a longer description for this rule, if required. This description is placed in the comments above the rule in pg_hba.conf. +Default value: 'none'. + +Default value: `'none'` + +##### `auth_option` + +Data type: `Optional[String]` + +For certain auth_method settings there are extra options that can be passed. Consult the PostgreSQL pg_hba.conf documentation for +further details. + +Default value: `undef` + +##### `order` + +Data type: `Variant[String, Integer]` + +Sets an order for placing the rule in pg_hba.conf. This can be either a string or an integer. If it is an integer, it will be converted +to a string by zero-padding it to three digits. E.g. 42 will be zero-padded to the string '042'. The pg_hba_rule fragments are sorted +using the alpha sorting order. +Default value: 150. + +Default value: `150` + +##### `target` + +Data type: `Stdlib::Absolutepath` + +Provides the target for the rule, and is generally an internal only property. Use with caution. + +Default value: `$postgresql::server::pg_hba_conf_path` + +##### `postgresql_version` + +Data type: `String` + +Manages pg_hba.conf without managing the entire PostgreSQL instance. + +Default value: `$postgresql::server::_version` + +### `postgresql::server::pg_ident_rule` + +This resource manages an individual rule that applies to the file defined in target. + +#### Parameters + +The following parameters are available in the `postgresql::server::pg_ident_rule` defined type: + +* [`map_name`](#-postgresql--server--pg_ident_rule--map_name) +* [`system_username`](#-postgresql--server--pg_ident_rule--system_username) +* [`database_username`](#-postgresql--server--pg_ident_rule--database_username) +* [`description`](#-postgresql--server--pg_ident_rule--description) +* [`order`](#-postgresql--server--pg_ident_rule--order) +* [`target`](#-postgresql--server--pg_ident_rule--target) + +##### `map_name` + +Data type: `String[1]` Sets the name of the user map that is used to refer to this mapping in pg_hba.conf. -##### `system_username` +##### `system_username` -Data type: `Any` +Data type: `String[1]` Specifies the operating system user name (the user name used to connect to the database). -##### `database_username` +##### `database_username` -Data type: `Any` +Data type: `String[1]` -Specifies the user name of the database user. The system_username is mapped to this user name. +Specifies the user name of the database user. +The system_username is mapped to this user name. -##### `description` +##### `description` -Data type: `Any` +Data type: `String[1]` -Sets a longer description for this rule if required. This description is placed in the comments above the rule in pg_ident.conf. Default value: 'none'. +Sets a longer description for this rule if required. +This description is placed in the comments above the rule in pg_ident.conf. Default value: `'none'` -##### `order` +##### `order` -Data type: `Any` +Data type: `String[1]` Defines an order for placing the mapping in pg_ident.conf. Default value: 150. Default value: `'150'` -##### `target` +##### `target` -Data type: `Any` +Data type: `Stdlib::Absolutepath` Provides the target for the rule and is generally an internal only property. Use with caution. Default value: `$postgresql::server::pg_ident_conf_path` -### `postgresql::server::reassign_owned_by` +### `postgresql::server::reassign_owned_by` Define for reassigning the ownership of objects within a database. @@ -2338,32 +3385,35 @@ Define for reassigning the ownership of objects within a database. The following parameters are available in the `postgresql::server::reassign_owned_by` defined type: -* [`old_role`](#old_role) -* [`new_role`](#new_role) -* [`db`](#db) -* [`psql_user`](#psql_user) -* [`port`](#port) -* [`connect_settings`](#connect_settings) +* [`old_role`](#-postgresql--server--reassign_owned_by--old_role) +* [`new_role`](#-postgresql--server--reassign_owned_by--new_role) +* [`db`](#-postgresql--server--reassign_owned_by--db) +* [`psql_user`](#-postgresql--server--reassign_owned_by--psql_user) +* [`port`](#-postgresql--server--reassign_owned_by--port) +* [`connect_settings`](#-postgresql--server--reassign_owned_by--connect_settings) +* [`group`](#-postgresql--server--reassign_owned_by--group) +* [`psql_path`](#-postgresql--server--reassign_owned_by--psql_path) +* [`instance`](#-postgresql--server--reassign_owned_by--instance) -##### `old_role` +##### `old_role` Data type: `String` Specifies the role or user who is the current owner of the objects in the specified db -##### `new_role` +##### `new_role` Data type: `String` Specifies the role or user who will be the new owner of these objects -##### `db` +##### `db` Data type: `String` Specifies the database to which the 'REASSIGN OWNED' will be applied -##### `psql_user` +##### `psql_user` Data type: `String` @@ -2371,15 +3421,15 @@ Specifies the OS user for running psql. Default value: `$postgresql::server::user` -##### `port` +##### `port` -Data type: `Integer` +Data type: `Stdlib::Port` Port to use when connecting. Default value: `$postgresql::server::port` -##### `connect_settings` +##### `connect_settings` Data type: `Hash` @@ -2387,165 +3437,192 @@ Specifies a hash of environment variables used when connecting to a remote serve Default value: `$postgresql::server::default_connect_settings` -### `postgresql::server::recovery` +##### `group` + +Data type: `String[1]` + +Sets the OS group to run psql + +Default value: `$postgresql::server::group` + +##### `psql_path` + +Data type: `Stdlib::Absolutepath` + +Sets the path to psql command + +Default value: `$postgresql::server::psql_path` + +##### `instance` + +Data type: `String[1]` + +The name of the Postgresql database instance. + +Default value: `'main'` + +### `postgresql::server::recovery` This resource manages the parameters that applies to the recovery.conf template. * **Note** Allows you to create the content for recovery.conf. For more details see the usage example and the PostgreSQL documentation. -Every parameter value is a string set in the template except recovery_target_inclusive, pause_at_recovery_target, standby_mode and recovery_min_apply_delay. +Every parameter value is a string set in the template except recovery_target_inclusive, pause_at_recovery_target, standby_mode and +recovery_min_apply_delay. A detailed description of all listed parameters can be found in the PostgreSQL documentation. -Only the specified parameters are recognized in the template. The recovery.conf is only created if at least one parameter is set and manage_recovery_conf is set to true. +Only the specified parameters are recognized in the template. The recovery.conf is only created if at least one parameter is set and +manage_recovery_conf is set to true. #### Parameters The following parameters are available in the `postgresql::server::recovery` defined type: -* [`restore_command`](#restore_command) -* [`archive_cleanup_command`](#archive_cleanup_command) -* [`recovery_end_command`](#recovery_end_command) -* [`recovery_target_name`](#recovery_target_name) -* [`recovery_target_time`](#recovery_target_time) -* [`recovery_target_xid`](#recovery_target_xid) -* [`recovery_target_inclusive`](#recovery_target_inclusive) -* [`recovery_target`](#recovery_target) -* [`recovery_target_timeline`](#recovery_target_timeline) -* [`pause_at_recovery_target`](#pause_at_recovery_target) -* [`standby_mode`](#standby_mode) -* [`primary_conninfo`](#primary_conninfo) -* [`primary_slot_name`](#primary_slot_name) -* [`trigger_file`](#trigger_file) -* [`recovery_min_apply_delay`](#recovery_min_apply_delay) -* [`target`](#target) - -##### `restore_command` +* [`restore_command`](#-postgresql--server--recovery--restore_command) +* [`archive_cleanup_command`](#-postgresql--server--recovery--archive_cleanup_command) +* [`recovery_end_command`](#-postgresql--server--recovery--recovery_end_command) +* [`recovery_target_name`](#-postgresql--server--recovery--recovery_target_name) +* [`recovery_target_time`](#-postgresql--server--recovery--recovery_target_time) +* [`recovery_target_xid`](#-postgresql--server--recovery--recovery_target_xid) +* [`recovery_target_inclusive`](#-postgresql--server--recovery--recovery_target_inclusive) +* [`recovery_target`](#-postgresql--server--recovery--recovery_target) +* [`recovery_target_timeline`](#-postgresql--server--recovery--recovery_target_timeline) +* [`pause_at_recovery_target`](#-postgresql--server--recovery--pause_at_recovery_target) +* [`standby_mode`](#-postgresql--server--recovery--standby_mode) +* [`primary_conninfo`](#-postgresql--server--recovery--primary_conninfo) +* [`primary_slot_name`](#-postgresql--server--recovery--primary_slot_name) +* [`trigger_file`](#-postgresql--server--recovery--trigger_file) +* [`recovery_min_apply_delay`](#-postgresql--server--recovery--recovery_min_apply_delay) +* [`target`](#-postgresql--server--recovery--target) + +##### `restore_command` -Data type: `Any` +Data type: `Optional[String]` The shell command to execute to retrieve an archived segment of the WAL file series. -Default value: ``undef`` +Default value: `undef` -##### `archive_cleanup_command` +##### `archive_cleanup_command` -Data type: `Any` +Data type: `Optional[String[1]]` This optional parameter specifies a shell command that will be executed at every restartpoint. -Default value: ``undef`` +Default value: `undef` -##### `recovery_end_command` +##### `recovery_end_command` -Data type: `Any` +Data type: `Optional[String[1]]` This parameter specifies a shell command that will be executed once only at the end of recovery. -Default value: ``undef`` +Default value: `undef` -##### `recovery_target_name` +##### `recovery_target_name` -Data type: `Any` +Data type: `Optional[String[1]]` This parameter specifies the named restore point (created with pg_create_restore_point()) to which recovery will proceed. -Default value: ``undef`` +Default value: `undef` -##### `recovery_target_time` +##### `recovery_target_time` -Data type: `Any` +Data type: `Optional[String[1]]` This parameter specifies the time stamp up to which recovery will proceed. -Default value: ``undef`` +Default value: `undef` -##### `recovery_target_xid` +##### `recovery_target_xid` -Data type: `Any` +Data type: `Optional[String[1]]` This parameter specifies the transaction ID up to which recovery will proceed. -Default value: ``undef`` +Default value: `undef` -##### `recovery_target_inclusive` +##### `recovery_target_inclusive` -Data type: `Any` +Data type: `Optional[Boolean]` Specifies whether to stop just after the specified recovery target (true), or just before the recovery target (false). -Default value: ``undef`` +Default value: `undef` -##### `recovery_target` +##### `recovery_target` -Data type: `Any` +Data type: `Optional[String[1]]` This parameter specifies that recovery should end as soon as a consistent state is reached, i.e. as early as possible. -Default value: ``undef`` +Default value: `undef` -##### `recovery_target_timeline` +##### `recovery_target_timeline` -Data type: `Any` +Data type: `Optional[String[1]]` Specifies recovering into a particular timeline. -Default value: ``undef`` +Default value: `undef` -##### `pause_at_recovery_target` +##### `pause_at_recovery_target` -Data type: `Any` +Data type: `Optional[Boolean]` Specifies whether recovery should pause when the recovery target is reached. -Default value: ``undef`` +Default value: `undef` -##### `standby_mode` +##### `standby_mode` -Data type: `Any` +Data type: `Optional[String[1]]` Specifies whether to start the PostgreSQL server as a standby. -Default value: ``undef`` +Default value: `undef` -##### `primary_conninfo` +##### `primary_conninfo` -Data type: `Any` +Data type: `Optional[String[1]]` Specifies a connection string to be used for the standby server to connect with the primary. -Default value: ``undef`` +Default value: `undef` -##### `primary_slot_name` +##### `primary_slot_name` -Data type: `Any` +Data type: `Optional[String[1]]` -Optionally specifies an existing replication slot to be used when connecting to the primary via streaming replication to control resource removal on the upstream node. +Optionally specifies an existing replication slot to be used when connecting to the primary via streaming replication to control +resource removal on the upstream node. -Default value: ``undef`` +Default value: `undef` -##### `trigger_file` +##### `trigger_file` -Data type: `Any` +Data type: `Optional[String[1]]` Specifies a trigger file whose presence ends recovery in the standby. -Default value: ``undef`` +Default value: `undef` -##### `recovery_min_apply_delay` +##### `recovery_min_apply_delay` -Data type: `Any` +Data type: `Optional[Integer]` This parameter allows you to delay recovery by a fixed period of time, measured in milliseconds if no unit is specified. -Default value: ``undef`` +Default value: `undef` -##### `target` +##### `target` -Data type: `Any` +Data type: `Stdlib::Absolutepath` Provides the target for the rule, and is generally an internal only property. Use with caution. Default value: `$postgresql::server::recovery_conf_path` -### `postgresql::server::role` +### `postgresql::server::role` Define for creating a database role. @@ -2553,132 +3630,133 @@ Define for creating a database role. The following parameters are available in the `postgresql::server::role` defined type: -* [`update_password`](#update_password) -* [`password_hash`](#password_hash) -* [`createdb`](#createdb) -* [`createrole`](#createrole) -* [`db`](#db) -* [`port`](#port) -* [`login`](#login) -* [`inherit`](#inherit) -* [`superuser`](#superuser) -* [`replication`](#replication) -* [`connection_limit`](#connection_limit) -* [`username`](#username) -* [`connect_settings`](#connect_settings) -* [`ensure`](#ensure) -* [`psql_user`](#psql_user) -* [`psql_group`](#psql_group) -* [`psql_path`](#psql_path) -* [`module_workdir`](#module_workdir) -* [`hash`](#hash) -* [`salt`](#salt) - -##### `update_password` +* [`update_password`](#-postgresql--server--role--update_password) +* [`password_hash`](#-postgresql--server--role--password_hash) +* [`createdb`](#-postgresql--server--role--createdb) +* [`createrole`](#-postgresql--server--role--createrole) +* [`db`](#-postgresql--server--role--db) +* [`port`](#-postgresql--server--role--port) +* [`login`](#-postgresql--server--role--login) +* [`inherit`](#-postgresql--server--role--inherit) +* [`superuser`](#-postgresql--server--role--superuser) +* [`replication`](#-postgresql--server--role--replication) +* [`connection_limit`](#-postgresql--server--role--connection_limit) +* [`username`](#-postgresql--server--role--username) +* [`connect_settings`](#-postgresql--server--role--connect_settings) +* [`ensure`](#-postgresql--server--role--ensure) +* [`psql_user`](#-postgresql--server--role--psql_user) +* [`psql_group`](#-postgresql--server--role--psql_group) +* [`psql_path`](#-postgresql--server--role--psql_path) +* [`module_workdir`](#-postgresql--server--role--module_workdir) +* [`hash`](#-postgresql--server--role--hash) +* [`salt`](#-postgresql--server--role--salt) +* [`instance`](#-postgresql--server--role--instance) + +##### `update_password` -Data type: `Any` +Data type: `Boolean` If set to true, updates the password on changes. Set this to false to not modify the role's password after creation. -Default value: ``true`` +Default value: `true` -##### `password_hash` +##### `password_hash` Data type: `Variant[Boolean, String, Sensitive[String]]` Sets the hash to use during password creation. -Default value: ``false`` +Default value: `false` -##### `createdb` +##### `createdb` -Data type: `Any` +Data type: `Boolean` Specifies whether to grant the ability to create new databases with this role. -Default value: ``false`` +Default value: `false` -##### `createrole` +##### `createrole` -Data type: `Any` +Data type: `Boolean` Specifies whether to grant the ability to create new roles with this role. -Default value: ``false`` +Default value: `false` -##### `db` +##### `db` -Data type: `Any` +Data type: `String[1]` Database used to connect to. Default value: `$postgresql::server::default_database` -##### `port` +##### `port` -Data type: `Any` +Data type: `Stdlib::Port` Port to use when connecting. -Default value: ``undef`` +Default value: `postgresql::default('port')` -##### `login` +##### `login` -Data type: `Any` +Data type: `Boolean` Specifies whether to grant login capability for the new role. -Default value: ``true`` +Default value: `true` -##### `inherit` +##### `inherit` -Data type: `Any` +Data type: `Boolean` Specifies whether to grant inherit capability for the new role. -Default value: ``true`` +Default value: `true` -##### `superuser` +##### `superuser` -Data type: `Any` +Data type: `Boolean` Specifies whether to grant super user capability for the new role. -Default value: ``false`` +Default value: `false` -##### `replication` +##### `replication` -Data type: `Any` +Data type: `Boolean` Provides provides replication capabilities for this role if set to true. -Default value: ``false`` +Default value: `false` -##### `connection_limit` +##### `connection_limit` -Data type: `Any` +Data type: `String[1]` Specifies how many concurrent connections the role can make. Default value: '-1', meaning no limit. Default value: `'-1'` -##### `username` +##### `username` -Data type: `Any` +Data type: `String[1]` Defines the username of the role to create. Default value: `$title` -##### `connect_settings` +##### `connect_settings` -Data type: `Any` +Data type: `Hash` Specifies a hash of environment variables used when connecting to a remote server. Default value: `$postgresql::server::default_connect_settings` -##### `ensure` +##### `ensure` Data type: `Enum['present', 'absent']` @@ -2686,55 +3764,64 @@ Specify whether to create or drop the role. Specifying 'present' creates the rol Default value: `'present'` -##### `psql_user` +##### `psql_user` -Data type: `Any` +Data type: `String[1]` Sets the OS user to run psql Default value: `$postgresql::server::user` -##### `psql_group` +##### `psql_group` -Data type: `Any` +Data type: `String[1]` Sets the OS group to run psql Default value: `$postgresql::server::group` -##### `psql_path` +##### `psql_path` -Data type: `Any` +Data type: `Stdlib::Absolutepath` Sets path to psql command Default value: `$postgresql::server::psql_path` -##### `module_workdir` +##### `module_workdir` -Data type: `Any` +Data type: `String[1]` -Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option. +Specifies working directory under which the psql command should be executed. +May need to specify if '/tmp' is on volume mounted with noexec option. Default value: `$postgresql::server::module_workdir` -##### `hash` +##### `hash` -Data type: `Enum['md5', 'scram-sha-256']` +Data type: `Optional[Enum['md5', 'scram-sha-256']]` Specify the hash method for pg password -Default value: `'md5'` +Default value: `undef` -##### `salt` +##### `salt` Data type: `Optional[Variant[String[1], Integer]]` Specify the salt use for the scram-sha-256 encoding password (default username) -Default value: ``undef`` +Default value: `undef` -### `postgresql::server::schema` +##### `instance` + +Data type: `String[1]` + +The name of the Postgresql database instance. + +Default value: `'main'` + +### `postgresql::server::schema` Create a new schema. @@ -2754,44 +3841,99 @@ postgresql::server::schema {'private': The following parameters are available in the `postgresql::server::schema` defined type: -* [`db`](#db) -* [`owner`](#owner) -* [`schema`](#schema) -* [`connect_settings`](#connect_settings) +* [`db`](#-postgresql--server--schema--db) +* [`owner`](#-postgresql--server--schema--owner) +* [`schema`](#-postgresql--server--schema--schema) +* [`connect_settings`](#-postgresql--server--schema--connect_settings) +* [`port`](#-postgresql--server--schema--port) +* [`user`](#-postgresql--server--schema--user) +* [`group`](#-postgresql--server--schema--group) +* [`psql_path`](#-postgresql--server--schema--psql_path) +* [`module_workdir`](#-postgresql--server--schema--module_workdir) +* [`instance`](#-postgresql--server--schema--instance) -##### `db` +##### `db` -Data type: `Any` +Data type: `String[1]` Required. Sets the name of the database in which to create this schema. Default value: `$postgresql::server::default_database` -##### `owner` +##### `owner` -Data type: `Any` +Data type: `Optional[String[1]]` Sets the default owner of the schema. -Default value: ``undef`` +Default value: `undef` -##### `schema` +##### `schema` -Data type: `Any` +Data type: `String[1]` Sets the name of the schema. Default value: `$title` -##### `connect_settings` +##### `connect_settings` -Data type: `Any` +Data type: `Hash` Specifies a hash of environment variables used when connecting to a remote server. Default value: `$postgresql::server::default_connect_settings` -### `postgresql::server::table_grant` +##### `port` + +Data type: `Stdlib::Port` + +the post the postgresql instance is listening on. + +Default value: `$postgresql::server::port` + +##### `user` + +Data type: `String[1]` + +Sets the OS user to run psql + +Default value: `$postgresql::server::user` + +##### `group` + +Data type: `String[1]` + +Sets the OS group to run psql + +Default value: `$postgresql::server::group` + +##### `psql_path` + +Data type: `Stdlib::Absolutepath` + +Sets path to psql command + +Default value: `$postgresql::server::psql_path` + +##### `module_workdir` + +Data type: `Stdlib::Absolutepath` + +Specifies working directory under which the psql command should be executed. +May need to specify if '/tmp' is on volume mounted with noexec option. + +Default value: `$postgresql::server::module_workdir` + +##### `instance` + +Data type: `String[1]` + +The name of the Postgresql database instance. + +Default value: `'main'` + +### `postgresql::server::table_grant` This resource wraps the grant resource to manage table grants specifically. @@ -2799,90 +3941,96 @@ This resource wraps the grant resource to manage table grants specifically. The following parameters are available in the `postgresql::server::table_grant` defined type: -* [`privilege`](#privilege) -* [`table`](#table) -* [`db`](#db) -* [`role`](#role) -* [`ensure`](#ensure) -* [`port`](#port) -* [`psql_db`](#psql_db) -* [`psql_user`](#psql_user) -* [`connect_settings`](#connect_settings) -* [`onlyif_exists`](#onlyif_exists) +* [`privilege`](#-postgresql--server--table_grant--privilege) +* [`table`](#-postgresql--server--table_grant--table) +* [`db`](#-postgresql--server--table_grant--db) +* [`role`](#-postgresql--server--table_grant--role) +* [`ensure`](#-postgresql--server--table_grant--ensure) +* [`port`](#-postgresql--server--table_grant--port) +* [`psql_db`](#-postgresql--server--table_grant--psql_db) +* [`psql_user`](#-postgresql--server--table_grant--psql_user) +* [`connect_settings`](#-postgresql--server--table_grant--connect_settings) +* [`onlyif_exists`](#-postgresql--server--table_grant--onlyif_exists) -##### `privilege` +##### `privilege` -Data type: `Any` +Data type: + +```puppet +Enum['ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER', 'all', 'select', 'insert', 'update', 'delete', + 'truncate', 'references', 'trigger'] +``` -Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER'. +Specifies comma-separated list of privileges to grant. +Valid options: 'ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER'. -##### `table` +##### `table` -Data type: `Any` +Data type: `String[1]` Specifies the table to which you are granting access. -##### `db` +##### `db` -Data type: `Any` +Data type: `String[1]` Specifies which database the table is in. -##### `role` +##### `role` -Data type: `Any` +Data type: `String[1]` Specifies the role or user to whom you are granting access. -##### `ensure` +##### `ensure` -Data type: `Any` +Data type: `Optional[Enum['present', 'absent']]` Specifies whether to grant or revoke the privilege. Default is to grant the privilege. -Default value: ``undef`` +Default value: `undef` -##### `port` +##### `port` -Data type: `Any` +Data type: `Optional[Stdlib::Port]` Port to use when connecting. -Default value: ``undef`` +Default value: `undef` -##### `psql_db` +##### `psql_db` -Data type: `Any` +Data type: `Optional[String[1]]` Specifies the database to execute the grant against. This should not ordinarily be changed from the default. -Default value: ``undef`` +Default value: `undef` -##### `psql_user` +##### `psql_user` -Data type: `Any` +Data type: `Optional[String[1]]` Specifies the OS user for running psql. -Default value: ``undef`` +Default value: `undef` -##### `connect_settings` +##### `connect_settings` -Data type: `Any` +Data type: `Optional[Hash]` Specifies a hash of environment variables used when connecting to a remote server. -Default value: ``undef`` +Default value: `undef` -##### `onlyif_exists` +##### `onlyif_exists` -Data type: `Any` +Data type: `Boolean` Create grant only if it doesn't exist. -Default value: ``false`` +Default value: `false` -### `postgresql::server::tablespace` +### `postgresql::server::tablespace` This module creates tablespace. @@ -2890,150 +4038,266 @@ This module creates tablespace. The following parameters are available in the `postgresql::server::tablespace` defined type: -* [`location`](#location) -* [`manage_location`](#manage_location) -* [`owner`](#owner) -* [`spcname`](#spcname) -* [`connect_settings`](#connect_settings) +* [`location`](#-postgresql--server--tablespace--location) +* [`manage_location`](#-postgresql--server--tablespace--manage_location) +* [`owner`](#-postgresql--server--tablespace--owner) +* [`spcname`](#-postgresql--server--tablespace--spcname) +* [`connect_settings`](#-postgresql--server--tablespace--connect_settings) +* [`port`](#-postgresql--server--tablespace--port) +* [`user`](#-postgresql--server--tablespace--user) +* [`group`](#-postgresql--server--tablespace--group) +* [`psql_path`](#-postgresql--server--tablespace--psql_path) +* [`module_workdir`](#-postgresql--server--tablespace--module_workdir) +* [`instance`](#-postgresql--server--tablespace--instance) -##### `location` +##### `location` -Data type: `Any` +Data type: `String[1]` Specifies the path to locate this tablespace. -##### `manage_location` +##### `manage_location` -Data type: `Any` +Data type: `Boolean` Set to false if you have file{ $location: } already defined -Default value: ``true`` +Default value: `true` -##### `owner` +##### `owner` -Data type: `Any` +Data type: `Optional[String[1]]` Specifies the default owner of the tablespace. -Default value: ``undef`` +Default value: `undef` -##### `spcname` +##### `spcname` -Data type: `Any` +Data type: `String[1]` Specifies the name of the tablespace. Default value: `$title` -##### `connect_settings` +##### `connect_settings` -Data type: `Any` +Data type: `Hash` Specifies a hash of environment variables used when connecting to a remote server. Default value: `$postgresql::server::default_connect_settings` -### `postgresql::validate_db_connection` +##### `port` + +Data type: `Stdlib::Port` + +the port of the postgresql instance that sould be used. + +Default value: `$postgresql::server::port` + +##### `user` + +Data type: `String[1]` + +Sets the OS user to run psql + +Default value: `$postgresql::server::user` + +##### `group` + +Data type: `String[1]` + +Sets the OS group to run psql + +Default value: `$postgresql::server::group` + +##### `psql_path` + +Data type: `Stdlib::Absolutepath` + +Sets path to psql command + +Default value: `$postgresql::server::psql_path` + +##### `module_workdir` + +Data type: `String[1]` + +Specifies working directory under which the psql command should be executed. +May need to specify if '/tmp' is on volume mounted with noexec option. + +Default value: `$postgresql::server::module_workdir` + +##### `instance` + +Data type: `String[1]` + +The name of the Postgresql database instance. + +Default value: `'main'` + +### `postgresql::server_instance` -This validated if the postgres connection can be established -between the node on which this resource is run and a specified postgres -instance (host/port/user/password/database name). +define to install and manage additional postgresql instances #### Parameters -The following parameters are available in the `postgresql::validate_db_connection` defined type: +The following parameters are available in the `postgresql::server_instance` defined type: + +* [`instance_name`](#-postgresql--server_instance--instance_name) +* [`instance_user`](#-postgresql--server_instance--instance_user) +* [`instance_group`](#-postgresql--server_instance--instance_group) +* [`instance_user_homedirectory`](#-postgresql--server_instance--instance_user_homedirectory) +* [`manage_instance_user_and_group`](#-postgresql--server_instance--manage_instance_user_and_group) +* [`instance_directories`](#-postgresql--server_instance--instance_directories) +* [`initdb_settings`](#-postgresql--server_instance--initdb_settings) +* [`config_settings`](#-postgresql--server_instance--config_settings) +* [`service_settings`](#-postgresql--server_instance--service_settings) +* [`passwd_settings`](#-postgresql--server_instance--passwd_settings) +* [`roles`](#-postgresql--server_instance--roles) +* [`config_entries`](#-postgresql--server_instance--config_entries) +* [`pg_hba_rules`](#-postgresql--server_instance--pg_hba_rules) +* [`databases`](#-postgresql--server_instance--databases) +* [`databases_and_users`](#-postgresql--server_instance--databases_and_users) +* [`database_grants`](#-postgresql--server_instance--database_grants) +* [`table_grants`](#-postgresql--server_instance--table_grants) + +##### `instance_name` -* [`database_host`](#database_host) -* [`database_name`](#database_name) -* [`database_password`](#database_password) -* [`database_username`](#database_username) -* [`database_port`](#database_port) -* [`connect_settings`](#connect_settings) -* [`run_as`](#run_as) -* [`sleep`](#sleep) -* [`tries`](#tries) -* [`create_db_first`](#create_db_first) +Data type: `String[1]` -##### `database_host` +The name of the instance. -Data type: `Any` +Default value: `$name` -Database host address +##### `instance_user` -Default value: ``undef`` +Data type: `String[1]` -##### `database_name` +The user to run the instance as. -Data type: `Any` +Default value: `$instance_name` -Specifies the name of the database you wish to test. +##### `instance_group` -Default value: ``undef`` +Data type: `String[1]` -##### `database_password` +The group to run the instance as. -Data type: `Optional[Variant[String, Sensitive[String]]]` +Default value: `$instance_name` -Specifies the password to connect with. +##### `instance_user_homedirectory` -Default value: ``undef`` +Data type: `Stdlib::Absolutepath` -##### `database_username` +The home directory of the instance user. -Data type: `Any` +Default value: `"/opt/pgsql/data/home/${instance_user}"` -Specifies the username to connect with. +##### `manage_instance_user_and_group` -Default value: ``undef`` +Data type: `Boolean` -##### `database_port` +Should Puppet manage the instance user and it's primary group?. -Data type: `Any` +Default value: `true` -Defines the port to use when connecting. +##### `instance_directories` -Default value: ``undef`` +Data type: `Hash` -##### `connect_settings` +directories needed for the instance. Option to manage the directory properties for each directory. -Data type: `Any` +Default value: `{}` -Specifies a hash of environment variables used when connecting to a remote server. +##### `initdb_settings` -Default value: ``undef`` +Data type: `Hash` -##### `run_as` +Specifies a hash witn parameters for postgresql::server::instance::initdb -Data type: `Any` +Default value: `{}` -Specifies the user to run the psql command as. +##### `config_settings` -Default value: ``undef`` +Data type: `Hash` -##### `sleep` +Specifies a hash with parameters for postgresql::server::instance::config -Data type: `Any` +Default value: `{}` -Sets the number of seconds to sleep for before trying again after a failure. +##### `service_settings` -Default value: `2` +Data type: `Hash` -##### `tries` +Specifies a hash with parameters for postgresql::server:::instance::service -Data type: `Any` +Default value: `{}` -Sets the number of attempts after failure before giving up and failing the resource. +##### `passwd_settings` -Default value: `10` +Data type: `Hash` -##### `create_db_first` +Specifies a hash with parameters for postgresql::server::instance::passwd -Data type: `Any` +Default value: `{}` + +##### `roles` + +Data type: `Hash` + +Specifies a hash from which to generate postgresql::server::role resources. + +Default value: `{}` + +##### `config_entries` + +Data type: `Hash` + +Specifies a hash from which to generate postgresql::server::config_entry resources. + +Default value: `{}` + +##### `pg_hba_rules` + +Data type: `Hash` + +Specifies a hash from which to generate postgresql::server::pg_hba_rule resources. + +Default value: `{}` + +##### `databases` + +Data type: `Hash` + +Specifies a hash from which to generate postgresql::server::database resources. + +Default value: `{}` + +##### `databases_and_users` + +Data type: `Hash` + +Specifies a hash from which to generate postgresql::server::db resources. -Creates the database when obtaining a successful connection. +Default value: `{}` + +##### `database_grants` + +Data type: `Hash` + +Specifies a hash from which to generate postgresql::server::database_grant resources. + +Default value: `{}` + +##### `table_grants` -Default value: ``true`` +Data type: `Hash` + +Specifies a hash from which to generate postgresql::server::table_grant resources. + +Default value: `{}` ## Resource types @@ -3045,6 +4309,12 @@ This type allows puppet to manage postgresql.conf parameters. The following properties are available in the `postgresql_conf` type. +##### `comment` + +Valid values: `%r{^[\w\W]+$}` + +The comment to set for this parameter. + ##### `ensure` Valid values: `present`, `absent` @@ -3053,34 +4323,46 @@ The basic property that the resource should be in. Default value: `present` -##### `target` - -The path to postgresql.conf - ##### `value` +Valid values: `%r{^(\S.*)?$}` + The value to set for this parameter. #### Parameters The following parameters are available in the `postgresql_conf` type. -* [`name`](#name) -* [`provider`](#provider) +* [`key`](#-postgresql_conf--key) +* [`name`](#-postgresql_conf--name) +* [`provider`](#-postgresql_conf--provider) +* [`target`](#-postgresql_conf--target) + +##### `key` + +Valid values: `%r{^[\w.]+$}` -##### `name` +The Postgresql parameter to manage. -Valid values: `%r{^[\w\.]+$}` +##### `name` + +Valid values: `%r{^[\w.]+$}` namevar -The postgresql parameter name to manage. +A unique title for the resource. -##### `provider` +##### `provider` The specific backend to use for this `postgresql_conf` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform. +##### `target` + +Valid values: `%r{^/\S+[a-z0-9(/)-]*\w+.conf$}` + +The path to the postgresql config file + ### `postgresql_conn_validator` Verify that a connection can be successfully established between a node @@ -3105,76 +4387,76 @@ Default value: `present` The following parameters are available in the `postgresql_conn_validator` type. -* [`command`](#command) -* [`connect_settings`](#connect_settings) -* [`db_name`](#db_name) -* [`db_password`](#db_password) -* [`db_username`](#db_username) -* [`host`](#host) -* [`name`](#name) -* [`port`](#port) -* [`provider`](#provider) -* [`psql_path`](#psql_path) -* [`run_as`](#run_as) -* [`sleep`](#sleep) -* [`tries`](#tries) - -##### `command` +* [`command`](#-postgresql_conn_validator--command) +* [`connect_settings`](#-postgresql_conn_validator--connect_settings) +* [`db_name`](#-postgresql_conn_validator--db_name) +* [`db_password`](#-postgresql_conn_validator--db_password) +* [`db_username`](#-postgresql_conn_validator--db_username) +* [`host`](#-postgresql_conn_validator--host) +* [`name`](#-postgresql_conn_validator--name) +* [`port`](#-postgresql_conn_validator--port) +* [`provider`](#-postgresql_conn_validator--provider) +* [`psql_path`](#-postgresql_conn_validator--psql_path) +* [`run_as`](#-postgresql_conn_validator--run_as) +* [`sleep`](#-postgresql_conn_validator--sleep) +* [`tries`](#-postgresql_conn_validator--tries) + +##### `command` Command to run against target database. Default value: `SELECT 1` -##### `connect_settings` +##### `connect_settings` Hash of environment variables for connection to a db. -##### `db_name` +##### `db_name` The name of the database you are trying to validate a connection with. -##### `db_password` +##### `db_password` The password required to access the target PostgreSQL database. -##### `db_username` +##### `db_username` A user that has access to the target PostgreSQL database. -##### `host` +##### `host` The DNS name or IP address of the server where PostgreSQL should be running. -##### `name` +##### `name` namevar An arbitrary name used as the identity of the resource. -##### `port` +##### `port` The port that the PostgreSQL server should be listening on. -##### `provider` +##### `provider` The specific backend to use for this `postgresql_conn_validator` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform. -##### `psql_path` +##### `psql_path` Path to the psql command. -##### `run_as` +##### `run_as` System user that will run the psql command. -##### `sleep` +##### `sleep` The length of sleep time between connection tries. Default value: `2` -##### `tries` +##### `tries` The number of tries to validate the connection to the target PostgreSQL database. @@ -3196,104 +4478,111 @@ The SQL command to execute via psql. The following parameters are available in the `postgresql_psql` type. -* [`connect_settings`](#connect_settings) -* [`cwd`](#cwd) -* [`db`](#db) -* [`environment`](#environment) -* [`name`](#name) -* [`onlyif`](#onlyif) -* [`port`](#port) -* [`provider`](#provider) -* [`psql_group`](#psql_group) -* [`psql_path`](#psql_path) -* [`psql_user`](#psql_user) -* [`refreshonly`](#refreshonly) -* [`search_path`](#search_path) -* [`sensitive`](#sensitive) -* [`unless`](#unless) - -##### `connect_settings` +* [`connect_settings`](#-postgresql_psql--connect_settings) +* [`cwd`](#-postgresql_psql--cwd) +* [`db`](#-postgresql_psql--db) +* [`environment`](#-postgresql_psql--environment) +* [`instance`](#-postgresql_psql--instance) +* [`name`](#-postgresql_psql--name) +* [`onlyif`](#-postgresql_psql--onlyif) +* [`port`](#-postgresql_psql--port) +* [`provider`](#-postgresql_psql--provider) +* [`psql_group`](#-postgresql_psql--psql_group) +* [`psql_path`](#-postgresql_psql--psql_path) +* [`psql_user`](#-postgresql_psql--psql_user) +* [`refreshonly`](#-postgresql_psql--refreshonly) +* [`search_path`](#-postgresql_psql--search_path) +* [`sensitive`](#-postgresql_psql--sensitive) +* [`unless`](#-postgresql_psql--unless) + +##### `connect_settings` Connection settings that will be used when connecting to postgres -##### `cwd` +##### `cwd` The working directory under which the psql command should be executed. Default value: `/tmp` -##### `db` +##### `db` The name of the database to execute the SQL command against, this overrides any PGDATABASE value in connect_settings -##### `environment` +##### `environment` Any additional environment variables you want to set for a SQL command. Multiple environment variables should be specified as an array. -##### `name` +##### `instance` + +The postgresql instance under which the psql command should be executed. + +Default value: `main` + +##### `name` namevar An arbitrary tag for your own reference; the name of the message. -##### `onlyif` +##### `onlyif` An optional SQL command to execute prior to the main :command; this is generally intended to be used for idempotency, to check for the existence of an object in the database to determine whether or not the main SQL command needs to be executed at all. -##### `port` +##### `port` The port of the database server to execute the SQL command against, this overrides any PGPORT value in connect_settings. -##### `provider` +##### `provider` The specific backend to use for this `postgresql_psql` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform. -##### `psql_group` +##### `psql_group` The system user group account under which the psql command should be executed. Default value: `postgres` -##### `psql_path` +##### `psql_path` The path to psql executable. Default value: `psql` -##### `psql_user` +##### `psql_user` The system user account under which the psql command should be executed. Default value: `postgres` -##### `refreshonly` +##### `refreshonly` -Valid values: ``true``, ``false`` +Valid values: `true`, `false` If 'true', then the SQL will only be executed via a notify/subscribe event. -Default value: ``false`` +Default value: `false` -##### `search_path` +##### `search_path` The schema search path to use when executing the SQL command -##### `sensitive` +##### `sensitive` -Valid values: ``true``, ``false`` +Valid values: `true`, `false` If 'true', then the executed command will not be echoed into the log. Use this to protect sensitive information passing through. -Default value: ``false`` +Default value: `false` -##### `unless` +##### `unless` An optional SQL command to execute prior to the main :command; this is generally intended to be used for idempotency, to check @@ -3322,10 +4611,10 @@ Default value: `present` The following parameters are available in the `postgresql_replication_slot` type. -* [`name`](#name) -* [`provider`](#provider) +* [`name`](#-postgresql_replication_slot--name) +* [`provider`](#-postgresql_replication_slot--provider) -##### `name` +##### `name` Valid values: `%r{^[a-z0-9_]+$}` @@ -3333,14 +4622,14 @@ namevar The name of the slot to create. Must be a valid replication slot name. -##### `provider` +##### `provider` The specific backend to use for this `postgresql_replication_slot` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform. ## Functions -### `postgresql::default` +### `postgresql::default` Type: Puppet Language @@ -3374,7 +4663,7 @@ Data type: `String` -### `postgresql::postgresql_escape` +### `postgresql::postgresql_escape` Type: Ruby 4.x API @@ -3392,13 +4681,13 @@ Data type: `String[1]` The unescaped string you want to escape using `dollar quoting` -### `postgresql::postgresql_password` +### `postgresql::postgresql_password` Type: Ruby 4.x API This function returns the postgresql password hash from the clear text username / password -#### `postgresql::postgresql_password(Variant[String[1], Integer] $username, Variant[String[1], Sensitive[String[1]], Integer] $password, Optional[Boolean] $sensitive, Optional[Optional[Enum['md5', 'scram-sha-256']]] $hash, Optional[Optional[Variant[String[1], Integer]]] $salt)` +#### `postgresql::postgresql_password(Variant[String[1], Integer] $username, Variant[String[1], Sensitive[String[1]], Integer] $password, Optional[Boolean] $sensitive, Optional[Optional[Postgresql::Pg_password_encryption]] $hash, Optional[Optional[Variant[String[1], Integer]]] $salt)` The postgresql::postgresql_password function. @@ -3424,16 +4713,36 @@ If the Postgresql-Passwordhash should be of Datatype Sensitive[String] ##### `hash` -Data type: `Optional[Optional[Enum['md5', 'scram-sha-256']]]` +Data type: `Optional[Optional[Postgresql::Pg_password_encryption]]` Set type for password hash +Default value comes from `postgresql::params::password_encryption` and changes based on the `postgresql::globals::version`. + ##### `salt` Data type: `Optional[Optional[Variant[String[1], Integer]]]` Use a specific salt value for scram-sha-256, default is username +### `postgresql::prepend_sql_password` + +Type: Ruby 4.x API + +This function exists for usage of a role password that is a deferred function + +#### `postgresql::prepend_sql_password(String $password)` + +The postgresql::prepend_sql_password function. + +Returns: `String` + +##### `password` + +Data type: `String` + +The clear text `password` + ### `postgresql_escape` Type: Ruby 4.x API @@ -3470,6 +4779,65 @@ Data type: `Any` +## Data types + +### `Postgresql::Pg_hba_rule` + +type for all parameters in the postgresql::server::hba_rule defined resource + +* **See also** + * https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/manifests/server/pg_hba_rule.pp + +Alias of + +```puppet +Struct[{ + Optional[description] => String, + type => Postgresql::Pg_hba_rule_type, + database => String, + user => String, + Optional[address] => Optional[Postgresql::Pg_hba_rule_address], + auth_method => String, + Optional[auth_option] => Optional[String], + Optional[order] => Variant[String,Integer], + Optional[target] => Stdlib::Absolutepath, + Optional[postgresql_version] => String, +}] +``` + +### `Postgresql::Pg_hba_rule_address` + +Supported address types + +* **See also** + * https://www.postgresql.org/docs/current/auth-pg-hba-conf.html + +Alias of `Variant[Stdlib::IP::Address::V4::CIDR, Stdlib::IP::Address::V6::CIDR, Stdlib::Fqdn, Enum['all', 'samehost', 'samenet'], Pattern[/^\.(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]$/]]` + +### `Postgresql::Pg_hba_rule_type` + +enum for all different types for the pg_hba_conf + +* **See also** + * https://www.postgresql.org/docs/current/auth-pg-hba-conf.html + +Alias of `Enum['local', 'host', 'hostssl', 'hostnossl', 'hostgssenc', 'hostnogssenc']` + +### `Postgresql::Pg_hba_rules` + +validates a hash of entries for postgresql::server::pg_hab_conf + +* **See also** + * https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/manifests/server/pg_hba_rule.pp + +Alias of `Hash[String[1], Postgresql::Pg_hba_rule]` + +### `Postgresql::Pg_password_encryption` + +the supported password_encryption + +Alias of `Enum['md5', 'scram-sha-256']` + ## Tasks ### `sql` diff --git a/Rakefile b/Rakefile index d5e6ae716e..a40e488df7 100644 --- a/Rakefile +++ b/Rakefile @@ -1,12 +1,11 @@ # frozen_string_literal: true require 'bundler' -require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any? +require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus' require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-syntax/tasks/puppet-syntax' -require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? -require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any? -require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any? +require 'github_changelog_generator/task' if Gem.loaded_specs.key? 'github_changelog_generator' +require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings' def changelog_user return unless Rake.application.top_level_tasks.include? "changelog" @@ -42,9 +41,11 @@ def changelog_future_release end PuppetLint.configuration.send('disable_relative') +PuppetLint.configuration.send('disable_anchor_resource') +PuppetLint.configuration.send('disable_params_empty_string_assignment') -if Bundler.rubygems.find_name('github_changelog_generator').any? +if Gem.loaded_specs.key? 'github_changelog_generator' GitHubChangelogGenerator::RakeTask.new :changelog do |config| raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil? config.user = "#{changelog_user}" diff --git a/functions/default.pp b/functions/default.pp index 7852530791..41b500642b 100644 --- a/functions/default.pp +++ b/functions/default.pp @@ -8,8 +8,7 @@ function postgresql::default( ) { include postgresql::params - #search for the variable name in params first - #then fall back to globals if not found - pick( getvar("postgresql::params::${parameter_name}"), - "postgresql::globals::${parameter_name}") + # Search for the variable name in params. + # params inherits from globals, so it will also catch these variables. + pick(getvar("postgresql::params::${parameter_name}")) } diff --git a/lib/puppet/functions/postgresql/postgresql_acls_to_resources_hash.rb b/lib/puppet/functions/postgresql/postgresql_acls_to_resources_hash.rb index 0a208af6f4..5f18040c0d 100644 --- a/lib/puppet/functions/postgresql/postgresql_acls_to_resources_hash.rb +++ b/lib/puppet/functions/postgresql/postgresql_acls_to_resources_hash.rb @@ -27,22 +27,20 @@ def default_impl(acls, id, offset) unless parts.length >= 4 raise(Puppet::ParseError, "postgresql::postgresql_acls_to_resources_hash(): acl line #{index} does not " \ - 'have enough parts') + 'have enough parts') end resource = { - 'type' => parts[0], + 'type' => parts[0], 'database' => parts[1], - 'user' => parts[2], - 'order' => '%03d' % (offset + index), + 'user' => parts[2], + 'order' => '%03d' % (offset + index) } if parts[0] == 'local' resource['auth_method'] = parts[3] - if parts.length > 4 - resource['auth_option'] = parts.last(parts.length - 4).join(' ') - end + resource['auth_option'] = parts.last(parts.length - 4).join(' ') if parts.length > 4 elsif %r{^\d}.match?(parts[4]) - resource['address'] = parts[3] + ' ' + parts[4] + resource['address'] = "#{parts[3]} #{parts[4]}" resource['auth_method'] = parts[5] resource['auth_option'] = parts.last(parts.length - 6).join(' ') if parts.length > 6 diff --git a/lib/puppet/functions/postgresql/postgresql_password.rb b/lib/puppet/functions/postgresql/postgresql_password.rb index ed9265dea8..a444d5cd01 100644 --- a/lib/puppet/functions/postgresql/postgresql_password.rb +++ b/lib/puppet/functions/postgresql/postgresql_password.rb @@ -13,6 +13,8 @@ # If the Postgresql-Passwordhash should be of Datatype Sensitive[String] # @param hash # Set type for password hash + # + # Default value comes from `postgresql::params::password_encryption` and changes based on the `postgresql::globals::version`. # @param salt # Use a specific salt value for scram-sha-256, default is username # @@ -22,17 +24,26 @@ required_param 'Variant[String[1], Integer]', :username required_param 'Variant[String[1], Sensitive[String[1]], Integer]', :password optional_param 'Boolean', :sensitive - optional_param "Optional[Enum['md5', 'scram-sha-256']]", :hash + optional_param 'Optional[Postgresql::Pg_password_encryption]', :hash optional_param 'Optional[Variant[String[1], Integer]]', :salt return_type 'Variant[String, Sensitive[String]]' end - def default_impl(username, password, sensitive = false, hash = 'md5', salt = nil) + def default_impl(username, password, sensitive = false, hash = nil, salt = nil) + hash = call_function('postgresql::default', 'password_encryption') if hash.nil? password = password.unwrap if password.respond_to?(:unwrap) - pass = if hash == 'md5' - 'md5' + Digest::MD5.hexdigest(password.to_s + username.to_s) - else + if password.is_a?(String) && password.match?(%r{^(md5[0-9a-f]{32}$|SCRAM-SHA-256\$)}) + return Puppet::Pops::Types::PSensitiveType::Sensitive.new(password) if sensitive + + return password + end + pass = case hash + when 'md5', nil # ensure default value when definded with nil + "md5#{Digest::MD5.hexdigest(password.to_s + username.to_s)}" + when 'scram-sha-256' pg_sha256(password, (salt || username)) + else + raise(Puppet::ParseError, "postgresql::postgresql_password(): got unkown hash type '#{hash}'") end if sensitive Puppet::Pops::Types::PSensitiveType::Sensitive.new(pass) @@ -47,7 +58,7 @@ def pg_sha256(password, salt) iterations: '4096', salt: Base64.strict_encode64(salt), client_key: Base64.strict_encode64(client_key(digest)), - server_key: Base64.strict_encode64(server_key(digest)), + server_key: Base64.strict_encode64(server_key(digest)) } end @@ -57,19 +68,19 @@ def digest_key(password, salt) salt: salt, iterations: 4096, length: 32, - hash: OpenSSL::Digest::SHA256.new, + hash: OpenSSL::Digest.new('SHA256'), ) end def client_key(digest_key) - hmac = OpenSSL::HMAC.new(digest_key, OpenSSL::Digest::SHA256.new) + hmac = OpenSSL::HMAC.new(digest_key, OpenSSL::Digest.new('SHA256')) hmac << 'Client Key' hmac.digest OpenSSL::Digest.new('SHA256').digest hmac.digest end def server_key(digest_key) - hmac = OpenSSL::HMAC.new(digest_key, OpenSSL::Digest::SHA256.new) + hmac = OpenSSL::HMAC.new(digest_key, OpenSSL::Digest.new('SHA256')) hmac << 'Server Key' hmac.digest end diff --git a/lib/puppet/functions/postgresql/prepend_sql_password.rb b/lib/puppet/functions/postgresql/prepend_sql_password.rb new file mode 100644 index 0000000000..f90f65e11a --- /dev/null +++ b/lib/puppet/functions/postgresql/prepend_sql_password.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +# @summary This function exists for usage of a role password that is a deferred function +Puppet::Functions.create_function(:'postgresql::prepend_sql_password') do + # @param password + # The clear text `password` + dispatch :default_impl do + required_param 'String', :password + return_type 'String' + end + def default_impl(password) + "ENCRYPTED PASSWORD '#{password}'" + end +end diff --git a/lib/puppet/provider/postgresql_conf/parsed.rb b/lib/puppet/provider/postgresql_conf/parsed.rb deleted file mode 100644 index 99bdefeb96..0000000000 --- a/lib/puppet/provider/postgresql_conf/parsed.rb +++ /dev/null @@ -1,42 +0,0 @@ -# frozen_string_literal: true - -require 'puppet/provider/parsedfile' - -Puppet::Type.type(:postgresql_conf).provide( - :parsed, - parent: Puppet::Provider::ParsedFile, - default_target: '/etc/postgresql.conf', - filetype: :flat, -) do - desc 'Set key/values in postgresql.conf.' - - text_line :comment, match: %r{^\s*#} - text_line :blank, match: %r{^\s*$} - - record_line :parsed, - fields: ['name', 'value', 'comment'], - optional: ['comment'], - match: %r{^\s*([\w\.]+)\s*=?\s*(.*?)(?:\s*#\s*(.*))?\s*$}, - to_line: proc { |h| - # simple string and numeric values don't need to be enclosed in quotes - val = if h[:value].is_a?(Numeric) - h[:value].to_s - else - h[:value] - end - dontneedquote = val.match(%r{^(\d+.?\d+|\w+)$}) - dontneedequal = h[:name].match(%r{^(include|include_if_exists)$}i) - - str = h[:name].downcase # normalize case - str += dontneedequal ? ' ' : ' = ' - str += "'" unless dontneedquote && !dontneedequal - str += val - str += "'" unless dontneedquote && !dontneedequal - str += " # #{h[:comment]}" unless h[:comment].nil? || h[:comment] == :absent - str - }, - post_parse: proc { |h| - h[:name].downcase! # normalize case - h[:value].gsub!(%r{(^'|'$)}, '') # strip out quotes - } -end diff --git a/lib/puppet/provider/postgresql_conf/ruby.rb b/lib/puppet/provider/postgresql_conf/ruby.rb new file mode 100644 index 0000000000..ab89864d10 --- /dev/null +++ b/lib/puppet/provider/postgresql_conf/ruby.rb @@ -0,0 +1,166 @@ +# frozen_string_literal: true + +# This provider is used to manage postgresql.conf files +# It uses ruby to parse the config file and +# to add, remove or modify settings. +# +# The provider is able to parse postgresql.conf files with the following format: +# key = value # comment + +Puppet::Type.type(:postgresql_conf).provide(:ruby) do + desc 'Set keys, values and comments in a postgresql config file.' + + # The function pareses the postgresql.conf and figures out which active settings exist in a config file and returns an array of hashes + # + def parse_config + # open the config file + file = File.open(resource[:target]) + # regex to match active keys, values and comments + active_values_regex = %r{^\s*(?[\w.]+)\s*=?\s*(?.*?)(?:\s*#\s*(?.*))?\s*$} + # empty array to be filled with hashes + active_settings = [] + # iterate the file and construct a hash for every matching/active setting + # the hash is pushed to the array and the array is returned + File.foreach(file).with_index do |line, index| + line_number = index + 1 + matches = line.match(active_values_regex) + if matches + value = if matches[:value].to_i.to_s == matches[:value] + matches[:value].to_i + elsif matches[:value].to_f.to_s == matches[:value] + matches[:value].to_f + else + matches[:value].delete("'") + end + attributes_hash = { line_number: line_number, key: matches[:key], ensure: 'present', value: value, comment: matches[:comment] } + active_settings.push(attributes_hash) + end + end + Puppet.debug("DEBUG: parse_config Active Settings found in Postgreql config file: #{active_settings}") + active_settings + end + + # Deletes an existing header from a parsed postgresql.conf configuration file + # + # @param [Array] lines of the parsed postgresql configuration file + def delete_header(lines) + header_regex = %r{^# HEADER:.*} + lines.delete_if do |entry| + entry.match?(header_regex) + end + end + + # Adds a header to a parsed postgresql.conf configuration file, after all other changes are made + # + # @param [Array] lines of the parsed postgresql configuration file + def add_header(lines) + timestamp = Time.now.strftime('%F %T %z') + header = ["# HEADER: This file was autogenerated at #{timestamp}\n", + "# HEADER: by puppet. While it can still be managed manually, it\n", + "# HEADER: is definitely not recommended.\n"] + header + lines + end + + # This function writes the config file, it removes the old header, adds a new one and writes the file + # + # @param [File] the file object of the postgresql configuration file + # @param [Array] lines of the parsed postgresql configuration file + def write_config(file, lines) + lines = delete_header(lines) + lines = add_header(lines) + File.write(file, lines.join) + end + + # check, if resource exists in postgresql.conf file + def exists? + select = parse_config.select { |hash| hash[:key] == resource[:key] } + raise ParserError, "found multiple config items of #{resource[:key]} found, please fix this" if select.length > 1 + return false if select.empty? + + @result = select.first + Puppet.debug("DEBUG: exists? @result: #{@result}") + true + end + + # remove resource if exists and is set to absent + def destroy + entry_regex = %r{#{resource[:key]}.*=.*#{resource[:value]}} + file = File.open(resource[:target]) + lines = File.readlines(file) + + lines.delete_if do |entry| + entry.match?(entry_regex) + end + write_config(file, lines) + end + + # create resource if it does not exists + def create + file = File.open(resource[:target]) + lines = File.readlines(file) + new_line = line(key: resource[:key], value: resource[:value], comment: resource[:comment]) + + lines.push(new_line) + write_config(file, lines) + end + + # getter - get value of a resource + def value + @result[:value] + end + + # getter - get comment of a resource + def comment + @result[:comment] + end + + # setter - set value of a resource + def value=(_value) + file = File.open(resource[:target]) + lines = File.readlines(file) + active_values_regex = %r{^\s*(?[\w.]+)\s*=?\s*(?.*?)(?:\s*#\s*(?.*))?\s*$} + new_line = line(key: resource[:key], value: resource[:value], comment: resource[:comment]) + + lines.each_with_index do |line, index| + matches = line.to_s.match(active_values_regex) + lines[index] = new_line if matches && (matches[:key] == resource[:key] && matches[:value] != resource[:value]) + end + write_config(file, lines) + end + + # setter - set comment of a resource + def comment=(_comment) + file = File.open(resource[:target]) + lines = File.readlines(file) + active_values_regex = %r{^\s*(?[\w.]+)\s*=?\s*(?.*?)(?:\s*#\s*(?.*))?\s*$} + new_line = line(key: resource[:key], value: resource[:value], comment: resource[:comment]) + + lines.each_with_index do |line, index| + matches = line.to_s.match(active_values_regex) + lines[index] = new_line if matches && (matches[:key] == resource[:key] && matches[:comment] != resource[:comment]) + end + write_config(file, lines) + end + + private + + # Takes elements for a postgresql.conf configuration line and formats them properly + # + # @param [String] key postgresql.conf configuration option + # @param [String] value the value for the configuration option + # @param [String] comment optional comment that will be added at the end of the line + # @return [String] line the whole line for the config file, with \n + def line(key: '', value: '', comment: nil) + value = value.to_s if value.is_a?(Numeric) + dontneedquote = value.match(%r{^(\d+.?\d+|\w+)$}) + dontneedequal = key.match(%r{^(include|include_if_exists)$}i) + line = key.downcase # normalize case + line += dontneedequal ? ' ' : ' = ' + line += "'" unless dontneedquote && !dontneedequal + line += value + line += "'" unless dontneedquote && !dontneedequal + line += " # #{comment}" unless comment.nil? || comment == :absent + line += "\n" + line + end +end diff --git a/lib/puppet/provider/postgresql_psql/ruby.rb b/lib/puppet/provider/postgresql_psql/ruby.rb index 1cfbbca094..671d6679bc 100644 --- a/lib/puppet/provider/postgresql_psql/ruby.rb +++ b/lib/puppet/provider/postgresql_psql/ruby.rb @@ -5,13 +5,11 @@ def run_unless_sql_command(sql) # for the 'unless' queries, we wrap the user's query in a 'SELECT COUNT', # which makes it easier to parse and process the output. - run_sql_command('SELECT COUNT(*) FROM (' + sql + ') count') + run_sql_command("SELECT COUNT(*) FROM (#{sql}) count") end def run_sql_command(sql) - if resource[:search_path] - sql = "set search_path to #{Array(resource[:search_path]).join(',')}; #{sql}" - end + sql = "set search_path to #{Array(resource[:search_path]).join(',')}; #{sql}" if resource[:search_path] command = [resource[:psql_path]] command.push('-d', resource[:db]) if resource[:db] diff --git a/lib/puppet/provider/postgresql_replication_slot/ruby.rb b/lib/puppet/provider/postgresql_replication_slot/ruby.rb index 0c7adc74ce..31271cc51b 100644 --- a/lib/puppet/provider/postgresql_replication_slot/ruby.rb +++ b/lib/puppet/provider/postgresql_replication_slot/ruby.rb @@ -15,9 +15,7 @@ def self.instances def self.prefetch(resources) instances.each do |i| slot = resources[i.name] - if slot - slot.provider = i - end + slot.provider = i if slot end end @@ -28,12 +26,14 @@ def exists? def create output = self.class.run_sql_command("SELECT * FROM pg_create_physical_replication_slot('#{resource[:name]}');") raise Puppet::Error, "Failed to create replication slot #{resource[:name]}:\n#{output[0]}" unless output[1].success? + @property_hash[:ensure] = :present end def destroy output = self.class.run_sql_command("SELECT pg_drop_replication_slot('#{resource[:name]}');") raise Puppet::Error, "Failed to destroy replication slot #{resource[:name]}:\n#{output[0]}" unless output[1].success? + @property_hash[:ensure] = :absent end diff --git a/lib/puppet/type/postgresql_conf.rb b/lib/puppet/type/postgresql_conf.rb index b27862236b..5cd753e20f 100644 --- a/lib/puppet/type/postgresql_conf.rb +++ b/lib/puppet/type/postgresql_conf.rb @@ -2,28 +2,40 @@ Puppet::Type.newtype(:postgresql_conf) do @doc = 'This type allows puppet to manage postgresql.conf parameters.' - ensurable newparam(:name) do - desc 'The postgresql parameter name to manage.' - isnamevar + desc 'A unique title for the resource.' + newvalues(%r{^[\w.]+$}) + end - newvalues(%r{^[\w\.]+$}) + newparam(:key) do + desc 'The Postgresql parameter to manage.' + newvalues(%r{^[\w.]+$}) end newproperty(:value) do desc 'The value to set for this parameter.' - end + newvalues(%r{^(\S.*)?$}) - newproperty(:target) do - desc 'The path to postgresql.conf' - defaultto do - if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile) - @resource.class.defaultprovider.default_target + munge do |value| + if value.to_i.to_s == value + value.to_i + elsif value.to_f.to_s == value + value.to_f else - nil + value end end end + + newproperty(:comment) do + desc 'The comment to set for this parameter.' + newvalues(%r{^[\w\W]+$}) + end + + newparam(:target) do + desc 'The path to the postgresql config file' + newvalues(%r{^/\S+[a-z0-9(/)-]*\w+.conf$}) + end end diff --git a/lib/puppet/type/postgresql_psql.rb b/lib/puppet/type/postgresql_psql.rb index 8e04be47e8..021753e7ab 100644 --- a/lib/puppet/type/postgresql_psql.rb +++ b/lib/puppet/type/postgresql_psql.rb @@ -23,7 +23,7 @@ def retrieve def sync output, status = provider.run_sql_command(value) - raise("Error executing SQL; psql returned #{status}: '#{output}'") unless status == 0 + raise("Error executing SQL; psql returned #{status}: '#{output}'") unless status.to_i.zero? end end @@ -38,12 +38,11 @@ def sync # Return true if a matching row is found def matches(value) output, status = provider.run_unless_sql_command(value) - fail("Error evaluating 'unless' clause, returned #{status}: '#{output}'") unless status == 0 # rubocop:disable Style/SignalException - # rubocop:enable Style/NumericPredicate + fail("Error evaluating 'unless' clause, returned #{status}: '#{output}'") unless status.to_i.zero? # rubocop:disable Style/SignalException result_count = output.strip.to_i debug("Found #{result_count} row(s) executing 'unless' clause") - result_count > 0 + result_count.positive? end end @@ -60,10 +59,11 @@ def matches(value) output, status = provider.run_unless_sql_command(value) status = output.exitcode if status.nil? - raise("Error evaluating 'onlyif' clause, returned #{status}: '#{output}'") unless status == 0 + raise("Error evaluating 'onlyif' clause, returned #{status}: '#{output}'") unless status.to_i.zero? + result_count = output.strip.to_i debug("Found #{result_count} row(s) executing 'onlyif' clause") - result_count > 0 + result_count.positive? end end @@ -110,9 +110,7 @@ def matches(value) validate do |values| Array(values).each do |value| - unless %r{\w+=}.match?(value) - raise ArgumentError, "Invalid environment setting '#{value}'" - end + raise ArgumentError, "Invalid environment setting '#{value}'" unless %r{\w+=}.match?(value) end end end @@ -124,6 +122,11 @@ def matches(value) newvalues(:true, :false) end + newparam(:instance) do + desc 'The postgresql instance under which the psql command should be executed.' + defaultto('main') + end + newparam(:sensitive, boolean: true) do desc "If 'true', then the executed command will not be echoed into the log. Use this to protect sensitive information passing through." @@ -131,8 +134,13 @@ def matches(value) newvalues(:true, :false) end - autorequire(:anchor) { ['postgresql::server::service::begin'] } - autorequire(:service) { ['postgresqld'] } + autorequire(:anchor) do + ["postgresql::server::service::begin::#{self[:instance]}"] + end + + autorequire(:service) do + ["postgresqld_instance_#{self[:instance]}"] + end def should_run_sql(refreshing = false) onlyif_param = @parameters[:onlyif] @@ -140,6 +148,7 @@ def should_run_sql(refreshing = false) return false if !onlyif_param.nil? && !onlyif_param.value.nil? && !onlyif_param.matches(onlyif_param.value) return false if !unless_param.nil? && !unless_param.value.nil? && unless_param.matches(unless_param.value) return false if !refreshing && @parameters[:refreshonly].value == :true + true end diff --git a/lib/puppet/type/postgresql_replication_slot.rb b/lib/puppet/type/postgresql_replication_slot.rb index f54157d3a9..c60584f0d9 100644 --- a/lib/puppet/type/postgresql_replication_slot.rb +++ b/lib/puppet/type/postgresql_replication_slot.rb @@ -1,13 +1,13 @@ # frozen_string_literal: true Puppet::Type.newtype(:postgresql_replication_slot) do - @doc = <<-EOS -@summary Manages Postgresql replication slots. + @doc = <<~EOS + @summary Manages Postgresql replication slots. -This type allows to create and destroy replication slots -to register warm standby replication on a Postgresql -primary server. -EOS + This type allows to create and destroy replication slots + to register warm standby replication on a Postgresql + primary server. + EOS ensurable diff --git a/lib/puppet/util/postgresql_validator.rb b/lib/puppet/util/postgresql_validator.rb index 87ba7353c9..6a3152b64f 100644 --- a/lib/puppet/util/postgresql_validator.rb +++ b/lib/puppet/util/postgresql_validator.rb @@ -17,7 +17,7 @@ def build_psql_cmd port: '--port', db_username: '--username', db_name: '--dbname', - command: '--command', + command: '--command' } args.each do |k, v| diff --git a/manifests/backup/pg_dump.pp b/manifests/backup/pg_dump.pp new file mode 100644 index 0000000000..64ac5cfb4f --- /dev/null +++ b/manifests/backup/pg_dump.pp @@ -0,0 +1,153 @@ +# @summary +# "Provider" for pg_dump backup +# +# @api private +# +# @param compress +# Whether or not to compress the backup. Support for compression also depends on other backup parameters. +# @param databases +# Databases to backup. By default `[]` will back up all databases. +# @param db_user +# PostgreSQL user to create with superuser privileges. +# @param db_password +# Password to create for `$db_user`. +# @param dir +# Directory to store backup. +# @param dir_mode +# Permissions applied to the backup directory. This parameter is passed directly to the file resource. +# @param dir_owner +# Owner for the backup directory. This parameter is passed directly to the file resource. +# @param dir_group +# Group owner for the backup directory. This parameter is passed directly to the file resource. +# @param format +# Backup format to use, must be supported by pg_dump or pg_dumpall. The choice will affect other options, i.e. compression. +# @param install_cron +# Manage installation of cron package. +# @param manage_user +# Manage creation of the backup user. +# @param optional_args +# Specifies an array of optional arguments which should be passed through to the backup tool. These options are not validated, +# unsupported options may break the backup. +# @param post_script +# One or more scripts that are executed when the backup is finished. This could be used to sync the backup to a central store. +# @param pre_script +# One or more scripts that are executed before the backup begins. +# @param rotate +# Backup rotation interval in 24 hour periods. +# @param success_file_path +# Specify a path where upon successful backup a file should be created for checking purposes. +# @param time +# An array of two elements to set the backup time. Allows `['23', '5']` (i.e., 23:05) or `['3', '45']` (i.e., 03:45) for HH:MM times. +# @param weekday +# Weekdays on which the backup job should run. Defaults to `*`. This parameter is passed directly to the cron resource. +class postgresql::backup::pg_dump ( + String[1] $dir, + Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $ensure = 'present', + Boolean $compress = true, + Array $databases = [], + Boolean $delete_before_dump = false, + String[1] $dir_group = '0', + String[1] $dir_mode = '0700', + String[1] $dir_owner = 'root', + Enum['plain','custom','directory','tar'] $format = 'plain', + Boolean $install_cron = true, + Boolean $manage_user = false, + Array $optional_args = [], + Stdlib::Absolutepath $pgpass_path = '/root/.pgpass', + Integer $rotate = 30, + Stdlib::Absolutepath $script_path = '/usr/local/sbin/pg_dump.sh', + Stdlib::Absolutepath $success_file_path = '/tmp/pgbackup_success', + String[1] $template = 'postgresql/pg_dump.sh.epp', + Array $time = ['23', '5'], + String[1] $weekday = '*', + Optional[Variant[String, Sensitive[String]]] $db_password = undef, + Optional[String[1]] $db_user = undef, + Optional[String[1]] $package_name = undef, + Optional[String[1]] $post_script = undef, + Optional[String[1]] $pre_script = undef, +) { + # Install required packages + if $package_name { + stdlib::ensure_packages($package_name) + } + if $install_cron { + if $facts['os']['family'] == 'RedHat' { + stdlib::ensure_packages('cronie') + } elsif $facts['os']['family'] != 'FreeBSD' { + stdlib::ensure_packages('cron') + } + } + + # Setup db user with required permissions + if $manage_user and $db_user and $db_password { + # Create user with superuser privileges + postgresql::server::role { $db_user: + ensure => $ensure, + password_hash => postgresql::postgresql_password($db_user, $db_password, true, pick($postgresql::server::password_encryption, 'md5')), + superuser => true, + } + + # Allow authentication from localhost + postgresql::server::pg_hba_rule { 'local access as backup user': + type => 'local', + database => 'all', + user => $db_user, + auth_method => pick($postgresql::server::password_encryption, 'md5'), + order => 1, + } + } + + # Create backup directory + file { $dir: + ensure => 'directory', + mode => $dir_mode, + owner => $dir_owner, + group => $dir_group, + } + + # Create backup script + file { $script_path: + ensure => $ensure, + mode => '0700', + owner => 'root', + group => '0', # Use GID for compat with Linux and BSD. + content => epp($template, { + compress => $compress, + databases => $databases, + db_user => $db_user, + delete_before_dump => $delete_before_dump, + dir => $dir, + format => $format, + optional_args => $optional_args, + post_script => $post_script, + pre_script => $pre_script, + rotate => $rotate, + success_file_path => $success_file_path, + } + ), + } + + # Create password file for pg_dump + file { $pgpass_path: + ensure => $ensure, + mode => '0600', + owner => 'root', + group => '0', # Use GID for compat with Linux and BSD. + content => inline_epp ( '*:*:*:<%= $db_user %>:<%= $db_password %>', { + db_password => $db_password, + db_user => $db_user, + } + ), + show_diff => false, + } + + # Create cron job + cron { 'pg_dump backup job': + ensure => $ensure, + command => $script_path, + user => 'root', + hour => $time[0], + minute => $time[1], + weekday => $weekday, + } +} diff --git a/manifests/client.pp b/manifests/client.pp index 3cb26ce81a..0b15f91fb5 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -12,10 +12,10 @@ # @param package_ensure # Ensure the client package is installed class postgresql::client ( - Enum['file', 'absent'] $file_ensure = 'file', - Stdlib::Absolutepath $validcon_script_path = $postgresql::params::validcon_script_path, - String[1] $package_name = $postgresql::params::client_package_name, - String[1] $package_ensure = 'present' + Enum['file', 'absent'] $file_ensure = 'file', + Stdlib::Absolutepath $validcon_script_path = $postgresql::params::validcon_script_path, + String[1] $package_name = $postgresql::params::client_package_name, + Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $package_ensure = 'present', ) inherits postgresql::params { if $package_name != 'UNSET' { package { 'postgresql-client': diff --git a/manifests/dnfmodule.pp b/manifests/dnfmodule.pp index a1cb4b9a1f..ef9316c4d5 100644 --- a/manifests/dnfmodule.pp +++ b/manifests/dnfmodule.pp @@ -1,12 +1,12 @@ # @summary Manage the DNF module # -# On EL8 and Fedora DNF can manage modules. This is a method of providing +# On EL8 and newer and Fedora DNF can manage modules. This is a method of providing # multiple versions on the same OS. Only one DNF module can be active at the # same time. # # @api private class postgresql::dnfmodule ( - String[1] $ensure = 'installed', + Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $ensure = 'installed', String[1] $module = 'postgresql', ) { package { 'postgresql dnf module': diff --git a/manifests/globals.pp b/manifests/globals.pp index 4fd08b444d..381da29b26 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -2,7 +2,8 @@ # # @note # Most server-specific defaults should be overridden in the postgresql::server class. -# This class should be used only if you are using a non-standard OS, or if you are changing elements that can only be changed here, such as version or manage_package_repo. +# This class should be used only if you are using a non-standard OS, or if you are changing elements that can only be changed here, such +# as version or manage_package_repo. # # # @param client_package_name Overrides the default PostgreSQL client package name. @@ -25,7 +26,6 @@ # @param validcon_script_path Scipt path for the connection validation check. # # @param initdb_path Path to the initdb command. -# @param createdb_path Deprecated. Path to the createdb command. # @param psql_path Sets the path to the psql command. # @param pg_hba_conf_path Specifies the path to your pg_hba.conf file. # @param pg_ident_conf_path Specifies the path to your pg_ident.conf file. @@ -40,8 +40,10 @@ # Overrides the default PostgreSQL data directory for the target platform. # Changing the datadir after installation causes the server to come to a full stop before making the change. # For Red Hat systems, the data directory must be labeled appropriately for SELinux. -# On Ubuntu, you must explicitly set needs_initdb = true to allow Puppet to initialize the database in the new datadir (needs_initdb defaults to true on other systems). -# Warning! If datadir is changed from the default, Puppet does not manage purging of the original data directory, which causes it to fail if the data directory is changed back to the original +# On Ubuntu, you must explicitly set needs_initdb = true to allow Puppet to initialize the database in the new datadir (needs_initdb +# defaults to true on other systems). +# Warning! If datadir is changed from the default, Puppet does not manage purging of the original data directory, which causes it to fail +# if the data directory is changed back to the original # # @param confdir Overrides the default PostgreSQL configuration directory for the target platform. # @param bindir Overrides the default PostgreSQL binaries directory for the target platform. @@ -59,20 +61,24 @@ # @param repo_baseurl Sets the baseurl for the PostgreSQL repository. Useful if you host your own mirror of the repository. # @param yum_repo_commonurl Sets the url for the PostgreSQL common Yum repository. Useful if you host your own mirror of the YUM repository. # -# @param needs_initdb Explicitly calls the initdb operation after the server package is installed and before the PostgreSQL service is started. +# @param needs_initdb +# Explicitly calls the initdb operation after the server package is installed and before the PostgreSQL service is started. # # @param encoding # Sets the default encoding for all databases created with this module. -# On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well. +# On certain operating systems, this is also used during the template1 initialization, +# so it becomes a default outside of the module as well. # @param locale # Sets the default database locale for all databases created with this module. -# On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well. +# On certain operating systems, this is also used during the template1 initialization, +# so it becomes a default outside of the module as well. # On Debian, you'll need to ensure that the 'locales-all' package is installed for full functionality of PostgreSQL. # @param data_checksums # Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. # Warning: This option is used during initialization by initdb, and cannot be changed later. # -# @param timezone Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information. +# @param timezone +# Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information. # # @param manage_pg_hba_conf Allow Puppet to manage the pg_hba.conf file. # @param manage_pg_ident_conf Allow Puppet to manage the pg_ident.conf file. @@ -81,6 +87,7 @@ # Whether to manage the postgresql conf file permissions. This means owner, # group and mode. Contents are not managed but should be managed through # postgresql::server::config_entry. +# @param manage_selinux Allows Puppet to manage the appropriate configuration file for selinux. # # @param manage_datadir Set to false if you have file{ $datadir: } already defined # @param manage_logdir Set to false if you have file{ $logdir: } already defined @@ -89,84 +96,85 @@ # @param manage_package_repo Sets up official PostgreSQL repositories on your host if set to true. # @param manage_dnf_module # Manage the DNF module. This only makes sense on distributions that use DNF -# package manager, such as EL8 or Fedora. It also requires Puppet 5.5.20+ or -# Puppet 6.15.0+ since they ship the dnfmodule provider. -# @param module_workdir Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option. -# +# package manager, such as EL8, EL9 or Fedora. +# @param module_workdir +# Specifies working directory under which the psql command should be executed. +# May need to specify if '/tmp' is on volume mounted with noexec option. # class postgresql::globals ( - $client_package_name = undef, - $server_package_name = undef, - $contrib_package_name = undef, - $devel_package_name = undef, - $java_package_name = undef, - $docs_package_name = undef, - $perl_package_name = undef, - $plperl_package_name = undef, - $plpython_package_name = undef, - $python_package_name = undef, - $postgis_package_name = undef, + Optional[String[1]] $client_package_name = undef, + Optional[String[1]] $server_package_name = undef, + Optional[String[1]] $contrib_package_name = undef, + Optional[String[1]] $devel_package_name = undef, + Optional[String[1]] $java_package_name = undef, + Optional[String[1]] $docs_package_name = undef, + Optional[String[1]] $perl_package_name = undef, + Optional[String[1]] $plperl_package_name = undef, + Optional[String[1]] $plpython_package_name = undef, + Optional[String[1]] $python_package_name = undef, + Optional[String[1]] $postgis_package_name = undef, - $service_name = undef, - $service_provider = undef, - $service_status = undef, - $default_database = undef, + Optional[String[1]] $service_name = undef, + Optional[String[1]] $service_provider = undef, + Optional[String[1]] $service_status = undef, + Optional[String[1]] $default_database = undef, - $validcon_script_path = undef, + Optional[String[1]] $validcon_script_path = undef, - $initdb_path = undef, - $createdb_path = undef, - $psql_path = undef, - $pg_hba_conf_path = undef, - $pg_ident_conf_path = undef, - $postgresql_conf_path = undef, - Optional[Stdlib::Filemode] $postgresql_conf_mode = undef, - $recovery_conf_path = undef, - $default_connect_settings = {}, + Optional[Stdlib::Absolutepath] $initdb_path = undef, + Optional[Stdlib::Absolutepath] $psql_path = undef, + Optional[Stdlib::Absolutepath] $pg_hba_conf_path = undef, + Optional[Stdlib::Absolutepath] $pg_ident_conf_path = undef, + Optional[Stdlib::Absolutepath] $postgresql_conf_path = undef, + Optional[Stdlib::Filemode] $postgresql_conf_mode = undef, + Optional[Stdlib::Absolutepath] $recovery_conf_path = undef, + Hash $default_connect_settings = {}, - $pg_hba_conf_defaults = undef, + Optional[Boolean] $pg_hba_conf_defaults = undef, - $datadir = undef, - $confdir = undef, - $bindir = undef, - $xlogdir = undef, - $logdir = undef, - $log_line_prefix = undef, - $manage_datadir = undef, - $manage_logdir = undef, - $manage_xlogdir = undef, + Optional[Stdlib::Absolutepath] $datadir = undef, + Optional[Stdlib::Absolutepath] $confdir = undef, + Optional[Stdlib::Absolutepath] $bindir = undef, + Optional[Stdlib::Absolutepath] $xlogdir = undef, + Optional[Stdlib::Absolutepath] $logdir = undef, + Optional[String[1]] $log_line_prefix = undef, + Optional[Boolean] $manage_datadir = undef, + Optional[Boolean] $manage_logdir = undef, + Optional[Boolean] $manage_xlogdir = undef, - $user = undef, - $group = undef, + Optional[String[1]] $user = undef, + Optional[String[1]] $group = undef, - $version = undef, - $postgis_version = undef, - $repo_proxy = undef, - $repo_baseurl = undef, - $yum_repo_commonurl = undef, + Optional[String[1]] $version = undef, + Optional[String[1]] $postgis_version = undef, + Optional[String[1]] $repo_proxy = undef, + Optional[String[1]] $repo_baseurl = undef, + Optional[String[1]] $yum_repo_commonurl = undef, - $needs_initdb = undef, + Optional[Boolean] $needs_initdb = undef, - $encoding = undef, - $locale = undef, - $data_checksums = undef, - $timezone = undef, + Optional[String[1]] $encoding = undef, + Optional[String[1]] $locale = undef, + Optional[Boolean] $data_checksums = undef, + Optional[String[1]] $timezone = undef, - $manage_pg_hba_conf = undef, - $manage_pg_ident_conf = undef, - $manage_recovery_conf = undef, - $manage_postgresql_conf_perms = undef, - $manage_selinux = undef, + Optional[Boolean] $manage_pg_hba_conf = undef, + Optional[Boolean] $manage_pg_ident_conf = undef, + Optional[Boolean] $manage_recovery_conf = undef, + Optional[Boolean] $manage_postgresql_conf_perms = undef, + Optional[Boolean] $manage_selinux = undef, - $manage_package_repo = undef, + Optional[Boolean] $manage_package_repo = undef, Boolean $manage_dnf_module = false, - $module_workdir = undef, + Optional[Stdlib::Absolutepath] $module_workdir = undef, ) { # We are determining this here, because it is needed by the package repo # class. $default_version = $facts['os']['family'] ? { /^(RedHat|Linux)/ => $facts['os']['name'] ? { 'Fedora' => $facts['os']['release']['major'] ? { + /^(38)$/ => '15', + /^(36|37)$/ => '14', /^(34|35)$/ => '13', /^(32|33)$/ => '12', /^(31)$/ => '11.6', @@ -183,29 +191,24 @@ }, 'Amazon' => '9.2', default => $facts['os']['release']['major'] ? { + '9' => '13', '8' => '10', '7' => '9.2', - '6' => '8.4', - '5' => '8.1', default => undef, }, }, 'Debian' => $facts['os']['name'] ? { 'Debian' => $facts['os']['release']['major'] ? { - '8' => '9.4', - '9' => '9.6', '10' => '11', '11' => '13', + '12' => '15', default => undef, }, 'Ubuntu' => $facts['os']['release']['major'] ? { - /^(14.04)$/ => '9.3', - /^(14.10|15.04|15.10)$/ => '9.4', - /^(16.04|16.10)$/ => '9.5', - /^(17.04|17.10)$/ => '9.6', /^(18.04)$/ => '10', /^(20.04)$/ => '12', /^(21.04|21.10)$/ => '13', + /^(22.04)$/ => '14', default => undef, }, default => undef, @@ -224,8 +227,8 @@ /11\.4/ => '94', /12\.0/ => '93', /12\.[1-3]/ => '94', - /12\.[4-5]/ => '10', - /15\.[0-9]/ => '10', + /12\.[4-5]/ => '12', + /15\.[0-9]/ => '14', default => '96', }, 'OpenSuSE' => $facts['os']['release']['full'] ? { @@ -242,8 +245,6 @@ } $default_postgis_version = $globals_version ? { - '8.1' => '1.3.6', - '8.4' => '2.0', '9.0' => '2.1', '9.1' => '2.1', '91' => '2.1', diff --git a/manifests/lib/devel.pp b/manifests/lib/devel.pp index 0efa6f6d21..8b215b8b0f 100644 --- a/manifests/lib/devel.pp +++ b/manifests/lib/devel.pp @@ -1,17 +1,18 @@ -# @summary This class installs postgresql development libraries. +# @summary This class installs postgresql development libraries. # # @param package_name # Override devel package name # @param package_ensure # Ensure the development libraries are installed # @param link_pg_config -# If the bin directory used by the PostgreSQL page is not /usr/bin or /usr/local/bin, symlinks pg_config from the package's bin dir into usr/bin (not applicable to Debian systems). Set to false to disable this behavior. +# If the bin directory used by the PostgreSQL page is not /usr/bin or /usr/local/bin, symlinks pg_config from the package's bin dir +# into usr/bin (not applicable to Debian systems). Set to false to disable this behavior. # # class postgresql::lib::devel ( - String $package_name = $postgresql::params::devel_package_name, - String[1] $package_ensure = 'present', - Boolean $link_pg_config = $postgresql::params::link_pg_config + Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $package_ensure = 'present', + String $package_name = $postgresql::params::devel_package_name, + Boolean $link_pg_config = $postgresql::params::link_pg_config, ) inherits postgresql::params { if $facts['os']['family'] == 'Gentoo' { fail('osfamily Gentoo does not have a separate "devel" package, postgresql::lib::devel is not supported') diff --git a/manifests/lib/docs.pp b/manifests/lib/docs.pp index 0eba0607f4..354c7c1b0d 100644 --- a/manifests/lib/docs.pp +++ b/manifests/lib/docs.pp @@ -1,4 +1,5 @@ -# @summary Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install. +# @summary +# Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install. # # @note # Make sure to add any necessary yum or apt repositories if specifying a custom version. @@ -7,11 +8,11 @@ # Specifies the name of the PostgreSQL docs package. # @param package_ensure # Whether the PostgreSQL docs package resource should be present. -# +# # class postgresql::lib::docs ( - String $package_name = $postgresql::params::docs_package_name, - String[1] $package_ensure = 'present', + String $package_name = $postgresql::params::docs_package_name, + Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $package_ensure = 'present', ) inherits postgresql::params { package { 'postgresql-docs': ensure => $package_ensure, diff --git a/manifests/lib/java.pp b/manifests/lib/java.pp index ac1ff28095..aa273c6bad 100644 --- a/manifests/lib/java.pp +++ b/manifests/lib/java.pp @@ -9,8 +9,8 @@ # Specifies whether the package is present. # class postgresql::lib::java ( - String $package_name = $postgresql::params::java_package_name, - String[1] $package_ensure = 'present' + String $package_name = $postgresql::params::java_package_name, + Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $package_ensure = 'present', ) inherits postgresql::params { package { 'postgresql-jdbc': ensure => $package_ensure, diff --git a/manifests/lib/perl.pp b/manifests/lib/perl.pp index 2a9b714391..72ece8d15f 100644 --- a/manifests/lib/perl.pp +++ b/manifests/lib/perl.pp @@ -6,8 +6,8 @@ # Ensure the perl libs for postgresql are installed. # class postgresql::lib::perl ( - String $package_name = $postgresql::params::perl_package_name, - String[1] $package_ensure = 'present' + String $package_name = $postgresql::params::perl_package_name, + Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $package_ensure = 'present', ) inherits postgresql::params { package { 'perl-DBD-Pg': ensure => $package_ensure, diff --git a/manifests/lib/python.pp b/manifests/lib/python.pp index 3587e8cdeb..bbccdc3a50 100644 --- a/manifests/lib/python.pp +++ b/manifests/lib/python.pp @@ -6,8 +6,8 @@ # Ensure the python libs for postgresql are installed. # class postgresql::lib::python ( - String[1] $package_name = $postgresql::params::python_package_name, - String[1] $package_ensure = 'present' + String[1] $package_name = $postgresql::params::python_package_name, + Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $package_ensure = 'present', ) inherits postgresql::params { package { 'python-psycopg2': ensure => $package_ensure, diff --git a/manifests/params.pp b/manifests/params.pp index 0303d026a6..c777b0793c 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -25,12 +25,15 @@ $manage_selinux = pick($manage_selinux, false) $package_ensure = 'present' $module_workdir = pick($module_workdir,'/tmp') - $password_encryption = undef - $extra_systemd_config = '' + $password_encryption = versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' } + $extra_systemd_config = undef $manage_datadir = true $manage_logdir = true $manage_xlogdir = true + $backup_enable = false + $backup_provider = 'pg_dump' + # Amazon Linux's OS Family is 'Linux', operating system 'Amazon'. case $facts['os']['family'] { 'RedHat', 'Linux': { @@ -82,29 +85,8 @@ $postgresql_conf_mode = pick($postgresql_conf_mode, '0600') } - case $facts['os']['name'] { - 'Amazon': { - $service_reload = "service ${service_name} reload" - $service_status = "service ${service_name} status" - } - - # RHEL 5 uses SysV init, RHEL 6 uses upstart. RHEL 7 and 8 both use systemd. - 'RedHat', 'CentOS', 'Scientific', 'OracleLinux': { - if $facts['os']['release']['major'] in ['7', '8'] { - $service_reload = "systemctl reload ${service_name}" - $service_status = "systemctl status ${service_name}" - } else { - $service_reload = "service ${service_name} reload" - $service_status = "service ${service_name} status" - } - } - - # Default will catch Fedora which uses systemd - default: { - $service_reload = "systemctl reload ${service_name}" - $service_status = "systemctl status ${service_name}" - } - } + $service_reload = "systemctl reload ${service_name}" + $service_status = pick($service_status, "systemctl status ${service_name}") $psql_path = pick($psql_path, "${bindir}/psql") @@ -117,7 +99,7 @@ if $postgresql::globals::postgis_package_name { $postgis_package_name = $postgresql::globals::postgis_package_name - } elsif $facts['os']['release']['major'] == '5' { + } elsif $facts['os']['name'] == 'Fedora' { $postgis_package_name = 'postgis' } elsif $postgis_version and versioncmp($postgis_version, '2') < 0 { $postgis_package_name = "postgis${package_version}" @@ -134,8 +116,8 @@ # Archlinux doesn't have a client-package but has a libs package which # pulls in postgresql server - $client_package_name = pick($client_package_name, 'postgresql') - $server_package_name = pick($server_package_name, 'postgresql-libs') + $client_package_name = pick($client_package_name, 'postgresql-libs') + $server_package_name = pick($server_package_name, 'postgresql') $java_package_name = pick($java_package_name, 'postgresql-jdbc') # Archlinux doesn't have develop packages $devel_package_name = pick($devel_package_name, 'postgresql-devel') @@ -148,7 +130,7 @@ $confdir = pick($confdir, $datadir) $psql_path = pick($psql_path, "${bindir}/psql") - $service_status = $service_status + $service_status = pick($service_status, "systemctl status ${service_name}") $service_reload = "systemctl reload ${service_name}" $python_package_name = pick($python_package_name, 'python-psycopg2') # Archlinux does not have a perl::DBD::Pg package @@ -177,23 +159,21 @@ $perl_package_name = pick($perl_package_name, 'libdbd-pg-perl') $plperl_package_name = pick($plperl_package_name, "postgresql-plperl-${version}") $plpython_package_name = pick($plpython_package_name, "postgresql-plpython-${version}") - $python_package_name = pick($python_package_name, 'python-psycopg2') + + $_ubuntu_2204 = ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['full'], '22.04') >= 0) + $_debian_12 = ($facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['full'], '12') >= 0) + + if $_ubuntu_2204 or $_debian_12 { + $python_package_name = pick($python_package_name, 'python3-psycopg2') + } else { + $python_package_name = pick($python_package_name, 'python-psycopg2') + } $bindir = pick($bindir, "/usr/lib/postgresql/${version}/bin") $datadir = pick($datadir, "/var/lib/postgresql/${version}/main") $confdir = pick($confdir, "/etc/postgresql/${version}/main") - if $facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'], '8') >= 0 { - # Jessie uses systemd - $service_status = pick($service_status, "/usr/sbin/service ${service_name}@*-main status") - } elsif $facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '18.04') >= 0 { - $service_status = pick($service_status, "/usr/sbin/service ${service_name}@*-main status") - } elsif $facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '15.04') >= 0 { - # Ubuntu releases since vivid use systemd - $service_status = pick($service_status, "/usr/sbin/service ${service_name} status") - } else { - $service_status = pick($service_status, "/etc/init.d/${service_name} status | /bin/egrep -q 'Running clusters: .+|online'") - } - $service_reload = "service ${service_name} reload" + $service_reload = "systemctl reload ${service_name}" + $service_status = pick($service_status, "systemctl status ${service_name}") $psql_path = pick($psql_path, '/usr/bin/psql') $postgresql_conf_mode = pick($postgresql_conf_mode, '0644') } @@ -222,19 +202,9 @@ } 'FreeBSD': { - case $version { - '94', '95': { - $user = pick($user, 'pgsql') - $group = pick($group, 'pgsql') - $datadir = pick($datadir, '/usr/local/pgsql/data') - } - default: { - $user = pick($user, 'postgres') - $group = pick($group, 'postgres') - $datadir = pick($datadir, "/var/db/postgres/data${version}") - } - } - + $user = pick($user, 'postgres') + $group = pick($group, 'postgres') + $datadir = pick($datadir, "/var/db/postgres/data${version}") $link_pg_config = true $client_package_name = pick($client_package_name, "databases/postgresql${version}-client") $server_package_name = pick($server_package_name, "databases/postgresql${version}-server") @@ -297,13 +267,8 @@ $bindir = pick($bindir, "/usr/lib/postgresql${version}/bin") $datadir = pick($datadir, '/var/lib/pgsql/data') $confdir = pick($confdir, $datadir) - if $facts['os']['name'] == 'SLES' and versioncmp($facts['os']['release']['full'], '11.4') <= 0 { - $service_status = pick($service_status, "/etc/init.d/${service_name} status") - $service_reload = "/etc/init.d/${service_name} reload" - } else { - $service_status = pick($service_status, "systemctl status ${service_name}") - $service_reload = "systemctl reload ${service_name}" - } + $service_status = pick($service_status, "systemctl status ${service_name}") + $service_reload = "systemctl reload ${service_name}" $psql_path = pick($psql_path, "${bindir}/psql") $needs_initdb = pick($needs_initdb, true) @@ -316,7 +281,7 @@ # Since we can't determine defaults on our own, we rely on users setting # parameters with the postgresql::globals class. Here we are checking # that the mandatory minimum is set for the module to operate. - $err_prefix = "Module ${module_name} does not provide defaults for osfamily: ${facts['os']['family']} operatingsystem: ${facts['os']['name']}; please specify a value for ${module_name}::globals::" + $err_prefix = "Module ${module_name} does not provide defaults for osfamily: ${facts['os']['family']} operatingsystem: ${facts['os']['name']}; please specify a value for ${module_name}::globals::" # lint:ignore:140chars if ($needs_initdb == undef) { fail("${err_prefix}needs_initdb") } if ($service_name == undef) { fail("${err_prefix}service_name") } if ($client_package_name == undef) { fail("${err_prefix}client_package_name") } diff --git a/manifests/repo.pp b/manifests/repo.pp index a7803d9687..88c27b5e6f 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,9 +1,9 @@ # @api private class postgresql::repo ( - $version = undef, - $proxy = undef, - $baseurl = undef, - $commonurl = undef, + Optional[String[1]] $version = undef, + Optional[String[1]] $proxy = undef, + Optional[String[1]] $baseurl = undef, + Optional[String[1]] $commonurl = undef, ) { case $facts['os']['family'] { 'RedHat', 'Linux': { @@ -18,7 +18,7 @@ } default: { - fail("Unsupported managed repository for osfamily: ${facts['os']['family']}, operatingsystem: ${facts['os']['name']}, module ${module_name} currently only supports managing repos for osfamily RedHat and Debian") + fail("Unsupported managed repository for osfamily: ${facts['os']['family']}, operatingsystem: ${facts['os']['name']}, module ${module_name} currently only supports managing repos for osfamily RedHat and Debian") # lint:ignore:140chars } } } diff --git a/manifests/repo/apt_postgresql_org.pp b/manifests/repo/apt_postgresql_org.pp index 22b5bd0c24..31b591a0f0 100644 --- a/manifests/repo/apt_postgresql_org.pp +++ b/manifests/repo/apt_postgresql_org.pp @@ -15,18 +15,19 @@ priority => 500, } -> apt::source { 'apt.postgresql.org': - location => $_baseurl, - release => "${facts['os']['distro']['codename']}-pgdg", - repos => 'main', - key => { + location => $_baseurl, + release => "${facts['os']['distro']['codename']}-pgdg", + repos => 'main', + architecture => $facts['os']['architecture'], + key => { id => 'B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8', source => 'https://www.postgresql.org/media/keys/ACCC4CF8.asc', }, - include => { + include => { src => false, }, } - Apt::Source['apt.postgresql.org']->Package<|tag == 'puppetlabs-postgresql'|> + Apt::Source['apt.postgresql.org'] -> Package<|tag == 'puppetlabs-postgresql'|> Class['Apt::Update'] -> Package<|tag == 'puppetlabs-postgresql'|> } diff --git a/manifests/server.pp b/manifests/server.pp index 5b9af035cb..2516e43611 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,6 +1,8 @@ # @summary This installs a PostgreSQL server # -# @param postgres_password Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres database, with a user called postgres and no password. +# @param postgres_password +# Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres +# database, with a user called postgres and no password. # @param package_name Specifies the name of the package to use for installing the server software. # @param package_ensure Passes a value through to the package resource when creating the server instance. # @@ -11,29 +13,39 @@ # @param service_enable Enable the PostgreSQL service # @param service_manage Defines whether or not Puppet should manage the service. # @param service_name Overrides the default PostgreSQL service name. -# @param service_restart_on_change Overrides the default behavior to restart your PostgreSQL service when a config entry has been changed that requires a service restart to become active. +# @param service_restart_on_change +# Overrides the default behavior to restart your PostgreSQL service when a config entry has been changed that requires a service restart +# to become active. # @param service_provider Overrides the default PostgreSQL service provider. # @param service_reload Overrides the default reload command for your PostgreSQL service. # @param service_status Overrides the default status check command for your PostgreSQL service. # @param default_database Specifies the name of the default database to connect with. On most systems this is 'postgres'. -# @param default_connect_settings Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, such as postgresql::server::role. +# @param default_connect_settings +# Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, such as +# postgresql::server::role. # # @param listen_addresses Address list on which the PostgreSQL service will listen -# @param port Specifies the port for the PostgreSQL server to listen on. Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change. +# @param port +# Specifies the port for the PostgreSQL server to listen on. +# Note: The same port number is used for all IP addresses the server listens on. +# Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make +# the change. # Default value: 5432. Meaning the Postgres server listens on TCP port 5432. # # @param ip_mask_deny_postgres_user Specifies the IP mask from which remote connections should be denied for the postgres superuser. # Default value: '0.0.0.0/0', which denies any remote connection. # -# @param ip_mask_allow_all_users Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP from remote machines. If you'd like to allow this, you can override this setting. -# Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine on your local '192.168' subnet. +# @param ip_mask_allow_all_users +# Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP +# from remote machines. If you'd like to allow this, you can override this setting. +# Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine +# on your local '192.168' subnet. # Default value: '127.0.0.1/32'. # # @param ipv4acls Lists strings for access control for connection method, users, databases, IPv4 addresses; # @param ipv6acls Lists strings for access control for connection method, users, databases, IPv6 addresses. # # @param initdb_path Specifies the path to the initdb command. -# @param createdb_path Deprecated. Specifies the path to the createdb command. # @param psql_path Specifies the path to the psql command. # @param pg_hba_conf_path Specifies the path to your pg_hba.conf file. # @param pg_ident_conf_path Specifies the path to your pg_ident.conf file. @@ -47,17 +59,26 @@ # # @param log_line_prefix PostgreSQL log line prefix # -# @param pg_hba_conf_defaults If false, disables the defaults supplied with the module for pg_hba.conf. This is useful if you disagree with the defaults and wish to override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform basic psql operations for example. +# @param pg_hba_conf_defaults +# If false, disables the defaults supplied with the module for pg_hba.conf. This is useful if you disagree with the defaults and wish to +# override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform +# basic psql operations for example. # # @param user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. # @param group Overrides the default postgres user group to be used for related files in the file system. # # @param needs_initdb Explicitly calls the initdb operation after server package is installed, and before the PostgreSQL service is started. # -# @param encoding Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the template1 initialization, so it becomes a default outside of the module as well. -# @param locale Sets the default database locale for all databases created with this module. On certain operating systems this is used during the template1 initialization as well, so it becomes a default outside of the module. -# @param data_checksums Boolean. Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. -# Warning: This option is used during initialization by initdb, and cannot be changed later. If set, checksums are calculated for all objects, in all databases. +# @param encoding +# Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the +# template1 initialization, so it becomes a default outside of the module as well. +# @param locale +# Sets the default database locale for all databases created with this module. On certain operating systems this is used during the +# template1 initialization as well, so it becomes a default outside of the module. +# @param data_checksums +# Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. +# Warning: This option is used during initialization by initdb, and cannot be changed later. +# If set, checksums are calculated for all objects, in all databases. # # @param timezone Set timezone for the PostgreSQL instance # @@ -68,103 +89,110 @@ # Whether to manage the postgresql conf file permissions. This means owner, # group and mode. Contents are not managed but should be managed through # postgresql::server::config_entry. +# @param manage_selinux Specifies whether or not manage the conf file for selinux. # @param module_workdir Working directory for the PostgreSQL module # # @param manage_datadir Set to false if you have file{ $datadir: } already defined # @param manage_logdir Set to false if you have file{ $logdir: } already defined # @param manage_xlogdir Set to false if you have file{ $xlogdir: } already defined -# +# @param password_encryption Specify the type of encryption set for the password. +# @param pg_hba_auth_password_encryption +# Specify the type of encryption set for the password in pg_hba_conf, +# this value is usefull if you want to start enforcing scram-sha-256, but give users transition time. # @param roles Specifies a hash from which to generate postgresql::server::role resources. # @param config_entries Specifies a hash from which to generate postgresql::server::config_entry resources. # @param pg_hba_rules Specifies a hash from which to generate postgresql::server::pg_hba_rule resources. # -# @param version Deprecated. Use postgresql::globals instead. Sets PostgreSQL version +# @param backup_enable Whether a backup job should be enabled. +# @param backup_options A hash of options that should be passed through to the backup provider. +# @param backup_provider Specifies the backup provider to use. # -# @param extra_systemd_config Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string +# @param extra_systemd_config +# Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string +# @param auth_host auth method used by default for host authorization +# @param auth_local auth method used by default for local authorization +# @param lc_messages locale used for logging and system messages +# @param username username of user running the postgres instance # class postgresql::server ( Optional[Variant[String[1], Sensitive[String[1]], Integer]] $postgres_password = undef, - $package_name = $postgresql::params::server_package_name, - $package_ensure = $postgresql::params::package_ensure, - - $plperl_package_name = $postgresql::params::plperl_package_name, - $plpython_package_name = $postgresql::params::plpython_package_name, - - $service_ensure = $postgresql::params::service_ensure, - $service_enable = $postgresql::params::service_enable, - $service_manage = $postgresql::params::service_manage, - $service_name = $postgresql::params::service_name, - $service_restart_on_change = $postgresql::params::service_restart_on_change, - $service_provider = $postgresql::params::service_provider, - $service_reload = $postgresql::params::service_reload, - $service_status = $postgresql::params::service_status, - $default_database = $postgresql::params::default_database, - $default_connect_settings = $postgresql::globals::default_connect_settings, - $listen_addresses = $postgresql::params::listen_addresses, - $port = $postgresql::params::port, - $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user, - $ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users, - Array[String[1]] $ipv4acls = $postgresql::params::ipv4acls, - Array[String[1]] $ipv6acls = $postgresql::params::ipv6acls, - - $initdb_path = $postgresql::params::initdb_path, - $createdb_path = $postgresql::params::createdb_path, - $psql_path = $postgresql::params::psql_path, - $pg_hba_conf_path = $postgresql::params::pg_hba_conf_path, - $pg_ident_conf_path = $postgresql::params::pg_ident_conf_path, - $postgresql_conf_path = $postgresql::params::postgresql_conf_path, - Optional[Stdlib::Filemode] $postgresql_conf_mode = $postgresql::params::postgresql_conf_mode, - $recovery_conf_path = $postgresql::params::recovery_conf_path, - - $datadir = $postgresql::params::datadir, - $xlogdir = $postgresql::params::xlogdir, - $logdir = $postgresql::params::logdir, - - $log_line_prefix = $postgresql::params::log_line_prefix, - - $pg_hba_conf_defaults = $postgresql::params::pg_hba_conf_defaults, - - $user = $postgresql::params::user, - $group = $postgresql::params::group, - - $needs_initdb = $postgresql::params::needs_initdb, - - $encoding = $postgresql::params::encoding, - $locale = $postgresql::params::locale, - $data_checksums = $postgresql::params::data_checksums, - $timezone = $postgresql::params::timezone, - - $manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf, - $manage_pg_ident_conf = $postgresql::params::manage_pg_ident_conf, - $manage_recovery_conf = $postgresql::params::manage_recovery_conf, - Boolean $manage_postgresql_conf_perms = $postgresql::params::manage_postgresql_conf_perms, - Boolean $manage_selinux = $postgresql::params::manage_selinux, - $module_workdir = $postgresql::params::module_workdir, - - $manage_datadir = $postgresql::params::manage_datadir, - $manage_logdir = $postgresql::params::manage_logdir, - $manage_xlogdir = $postgresql::params::manage_xlogdir, - $password_encryption = $postgresql::params::password_encryption, - $extra_systemd_config = $postgresql::params::extra_systemd_config, - - Hash[String, Hash] $roles = {}, - Hash[String, Any] $config_entries = {}, - Hash[String, Hash] $pg_hba_rules = {}, - - #Deprecated - $version = undef, + Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $package_ensure = $postgresql::params::package_ensure, # lint:ignore:140chars + String[1] $package_name = $postgresql::params::server_package_name, + + Optional[String[1]] $plperl_package_name = $postgresql::params::plperl_package_name, + Optional[String[1]] $plpython_package_name = $postgresql::params::plpython_package_name, + + Variant[Enum['running', 'stopped'], Boolean] $service_ensure = $postgresql::params::service_ensure, + Boolean $service_enable = $postgresql::params::service_enable, + Boolean $service_manage = $postgresql::params::service_manage, + String[1] $service_name = $postgresql::params::service_name, + Boolean $service_restart_on_change = $postgresql::params::service_restart_on_change, + Optional[String[1]] $service_provider = $postgresql::params::service_provider, + String[1] $service_reload = $postgresql::params::service_reload, + Optional[String[1]] $service_status = $postgresql::params::service_status, + String[1] $default_database = $postgresql::params::default_database, + Hash $default_connect_settings = $postgresql::globals::default_connect_settings, + Optional[Variant[String[1], Array[String[1]]]] $listen_addresses = $postgresql::params::listen_addresses, + Stdlib::Port $port = $postgresql::params::port, + String[1] $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user, + String[1] $ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users, + Array[String[1]] $ipv4acls = $postgresql::params::ipv4acls, + Array[String[1]] $ipv6acls = $postgresql::params::ipv6acls, + + Stdlib::Absolutepath $initdb_path = $postgresql::params::initdb_path, + Stdlib::Absolutepath $psql_path = $postgresql::params::psql_path, + Stdlib::Absolutepath $pg_hba_conf_path = $postgresql::params::pg_hba_conf_path, + Stdlib::Absolutepath $pg_ident_conf_path = $postgresql::params::pg_ident_conf_path, + Stdlib::Absolutepath $postgresql_conf_path = $postgresql::params::postgresql_conf_path, + Optional[Stdlib::Filemode] $postgresql_conf_mode = $postgresql::params::postgresql_conf_mode, + Stdlib::Absolutepath $recovery_conf_path = $postgresql::params::recovery_conf_path, + + Stdlib::Absolutepath $datadir = $postgresql::params::datadir, + Optional[Stdlib::Absolutepath] $xlogdir = $postgresql::params::xlogdir, + Optional[Stdlib::Absolutepath] $logdir = $postgresql::params::logdir, + + Optional[String[1]] $log_line_prefix = $postgresql::params::log_line_prefix, + + Boolean $pg_hba_conf_defaults = $postgresql::params::pg_hba_conf_defaults, + + String[1] $user = $postgresql::params::user, + String[1] $group = $postgresql::params::group, + + Boolean $needs_initdb = $postgresql::params::needs_initdb, + + Optional[String[1]] $auth_host = undef, + Optional[String[1]] $auth_local = undef, + Optional[String[1]] $encoding = $postgresql::params::encoding, + Optional[String[1]] $locale = $postgresql::params::locale, + Optional[String[1]] $lc_messages = undef, + Optional[Boolean] $data_checksums = $postgresql::params::data_checksums, + Optional[String[1]] $username = $user, + Optional[String[1]] $timezone = $postgresql::params::timezone, + + Boolean $manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf, + Boolean $manage_pg_ident_conf = $postgresql::params::manage_pg_ident_conf, + Boolean $manage_recovery_conf = $postgresql::params::manage_recovery_conf, + Boolean $manage_postgresql_conf_perms = $postgresql::params::manage_postgresql_conf_perms, + Boolean $manage_selinux = $postgresql::params::manage_selinux, + Stdlib::Absolutepath $module_workdir = $postgresql::params::module_workdir, + + Boolean $manage_datadir = $postgresql::params::manage_datadir, + Boolean $manage_logdir = $postgresql::params::manage_logdir, + Boolean $manage_xlogdir = $postgresql::params::manage_xlogdir, + Postgresql::Pg_password_encryption $password_encryption = $postgresql::params::password_encryption, + Optional[Postgresql::Pg_password_encryption] $pg_hba_auth_password_encryption = undef, + Optional[String] $extra_systemd_config = $postgresql::params::extra_systemd_config, + + Hash[String, Hash] $roles = {}, + Hash[String, Any] $config_entries = {}, + Postgresql::Pg_hba_rules $pg_hba_rules = {}, + + Boolean $backup_enable = $postgresql::params::backup_enable, + Hash $backup_options = {}, + Enum['pg_dump'] $backup_provider = $postgresql::params::backup_provider, ) inherits postgresql::params { - if $version != undef { - warning('Passing "version" to postgresql::server is deprecated; please use postgresql::globals instead.') - $_version = $version - } else { - $_version = $postgresql::params::version - } - - if $createdb_path != undef { - warning('Passing "createdb_path" to postgresql::server is deprecated, it can be removed safely for the same behaviour') - } + $_version = $postgresql::params::version # Reload has its own ordering, specified by other defines class { 'postgresql::server::reload': @@ -196,9 +224,22 @@ } } - $pg_hba_rules.each |$rule_name, $rule| { + $pg_hba_rules.each |String[1] $rule_name, Postgresql::Pg_hba_rule $rule| { postgresql::server::pg_hba_rule { $rule_name: * => $rule, } } + + if $backup_enable { + case $backup_provider { + 'pg_dump': { + class { 'postgresql::backup::pg_dump': + * => $backup_options, + } + } + default: { + fail("Unsupported backup provider '${backup_provider}'.") + } + } + } } diff --git a/manifests/server/config.pp b/manifests/server/config.pp index c3ca6b5c40..bd232e1bac 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -1,272 +1,32 @@ # @api private class postgresql::server::config { - $ip_mask_deny_postgres_user = $postgresql::server::ip_mask_deny_postgres_user - $ip_mask_allow_all_users = $postgresql::server::ip_mask_allow_all_users - $listen_addresses = $postgresql::server::listen_addresses - $port = $postgresql::server::port - $ipv4acls = $postgresql::server::ipv4acls - $ipv6acls = $postgresql::server::ipv6acls - $pg_hba_conf_path = $postgresql::server::pg_hba_conf_path - $pg_ident_conf_path = $postgresql::server::pg_ident_conf_path - $postgresql_conf_path = $postgresql::server::postgresql_conf_path - $postgresql_conf_mode = $postgresql::server::postgresql_conf_mode - $recovery_conf_path = $postgresql::server::recovery_conf_path - $pg_hba_conf_defaults = $postgresql::server::pg_hba_conf_defaults - $user = $postgresql::server::user - $group = $postgresql::server::group - $version = $postgresql::server::_version - $manage_pg_hba_conf = $postgresql::server::manage_pg_hba_conf - $manage_pg_ident_conf = $postgresql::server::manage_pg_ident_conf - $manage_recovery_conf = $postgresql::server::manage_recovery_conf - $manage_postgresql_conf_perms = $postgresql::server::manage_postgresql_conf_perms - $datadir = $postgresql::server::datadir - $logdir = $postgresql::server::logdir - $service_name = $postgresql::server::service_name - $service_enable = $postgresql::server::service_enable - $log_line_prefix = $postgresql::server::log_line_prefix - $timezone = $postgresql::server::timezone - $password_encryption = $postgresql::server::password_encryption - $extra_systemd_config = $postgresql::server::extra_systemd_config - - if ($manage_pg_hba_conf == true) { - # Prepare the main pg_hba file - concat { $pg_hba_conf_path: - owner => $user, - group => $group, - mode => '0640', - warn => true, - notify => Class['postgresql::server::reload'], - } - - if $pg_hba_conf_defaults { - Postgresql::Server::Pg_hba_rule { - database => 'all', - user => 'all', - } - - # Lets setup the base rules - $local_auth_option = $version ? { - '8.1' => 'sameuser', - default => undef, - } - - postgresql::server::pg_hba_rule { - 'local access as postgres user': - type => 'local', - user => $user, - auth_method => 'ident', - auth_option => $local_auth_option, - order => 1, - ; - - 'local access to database with same name': - type => 'local', - auth_method => 'ident', - auth_option => $local_auth_option, - order => 2, - ; - - 'allow localhost TCP access to postgresql user': - type => 'host', - user => $user, - address => '127.0.0.1/32', - auth_method => 'md5', - order => 3, - ; - - 'deny access to postgresql user': - type => 'host', - user => $user, - address => $ip_mask_deny_postgres_user, - auth_method => 'reject', - order => 4, - ; - - 'allow access to all users': - type => 'host', - address => $ip_mask_allow_all_users, - auth_method => 'md5', - order => 100, - ; - - 'allow access to ipv6 localhost': - type => 'host', - address => '::1/128', - auth_method => 'md5', - order => 101, - ; - } - } - - # $ipv4acls and $ipv6acls are arrays of rule strings - # They are converted into hashes we can iterate over to create postgresql::server::pg_hba_rule resources. - ( - postgresql::postgresql_acls_to_resources_hash($ipv4acls, 'ipv4acls', 10) + - postgresql::postgresql_acls_to_resources_hash($ipv6acls, 'ipv6acls', 102) - ).each | String $key, Hash $attrs| { - postgresql::server::pg_hba_rule { $key: - * => $attrs, - } - } - } - - if $manage_postgresql_conf_perms { - file { $postgresql_conf_path: - ensure => file, - owner => $user, - group => $group, - mode => $postgresql_conf_mode, - } - } - - if $listen_addresses { - postgresql::server::config_entry { 'listen_addresses': - value => $listen_addresses, - } - } - - # ensure that SELinux has a proper label for the port defined - if $postgresql::server::manage_selinux == true and $facts['os']['selinux']['enabled'] == true { - case $facts['os']['family'] { - 'RedHat', 'Linux': { - if $facts['os']['name'] == 'Amazon' { - $package_name = 'policycoreutils' - } - else { - $package_name = $facts['os']['release']['major'] ? { - '5' => 'policycoreutils', - '6' => 'policycoreutils-python', - '7' => 'policycoreutils-python', - default => 'policycoreutils-python-utils', - } - } - } - default: { - $package_name = 'policycoreutils' - } - } - - ensure_packages([$package_name]) - - exec { "/usr/sbin/semanage port -a -t postgresql_port_t -p tcp ${port}": - unless => "/usr/sbin/semanage port -l | grep -qw ${port}", - before => Postgresql::Server::Config_entry['port'], - require => Package[$package_name], - } - } - - postgresql::server::config_entry { 'port': - value => $port, - } - - if ($password_encryption) and (versioncmp($version, '10') >= 0) { - postgresql::server::config_entry { 'password_encryption': - value => $password_encryption, - } - } - - postgresql::server::config_entry { 'data_directory': - value => $datadir, - } - if $timezone { - postgresql::server::config_entry { 'timezone': - value => $timezone, - } - } - if $logdir { - postgresql::server::config_entry { 'log_directory': - value => $logdir, - } - } - # Allow timestamps in log by default - if $log_line_prefix { - postgresql::server::config_entry { 'log_line_prefix': - value => $log_line_prefix, - } - } - - # RedHat-based systems hardcode some PG* variables in the init script, and need to be overriden - # in /etc/sysconfig/pgsql/postgresql. Create a blank file so we can manage it with augeas later. - if ($facts['os']['family'] == 'RedHat') and ($facts['os']['release']['major'] !~ /^(7|8)$/) and ($facts['os']['name'] != 'Fedora') { - file { '/etc/sysconfig/pgsql/postgresql': - ensure => file, - replace => false, - } - - # The init script from the packages of the postgresql.org repository - # sources an alternate sysconfig file. - # I. e. /etc/sysconfig/pgsql/postgresql-9.3 for PostgreSQL 9.3 - # Link to the sysconfig file set by this puppet module - file { "/etc/sysconfig/pgsql/postgresql-${version}": - ensure => link, - target => '/etc/sysconfig/pgsql/postgresql', - require => File['/etc/sysconfig/pgsql/postgresql'], - } - } - - if ($manage_pg_ident_conf == true) { - concat { $pg_ident_conf_path: - owner => $user, - group => $group, - mode => '0640', - warn => true, - notify => Class['postgresql::server::reload'], - } - } - - # RHEL 7 and 8 both support drop-in files for systemd units. The old include directive is deprecated and may be removed in future systemd releases. - # Gentoo also supports drop-in files. - if $facts['os']['family'] in ['RedHat', 'Gentoo'] and $facts['service_provider'] == 'systemd' { - # While Puppet 6.1 and newer can do a daemon-reload if needed, systemd - # doesn't appear to report that correctly in all cases. - # One such case seems to be when an overriding unit file is removed from /etc - # and the original one from /lib *should* be used again. - # - # This can be removed when Puppet < 6.1 support is dropped *and* the file - # old-systemd-override is removed. - exec { 'restart-systemd': - command => 'systemctl daemon-reload', - refreshonly => true, - path => '/bin:/usr/bin:/usr/local/bin', - before => Class['postgresql::server::service'], - } - - file { - default: - ensure => file, - owner => root, - group => root, - notify => [Exec['restart-systemd'], Class['postgresql::server::service']], - before => Class['postgresql::server::reload'], - ; - - 'systemd-conf-dir': - ensure => directory, - path => "/etc/systemd/system/${service_name}.service.d", - ; - - # Template uses: - # - $facts['os']['name'] - # - $facts['os']['release']['major'] - # - $service_name - # - $port - # - $datadir - # - $extra_systemd_config - 'systemd-override': - path => "/etc/systemd/system/${service_name}.service.d/${service_name}.conf", - content => template('postgresql/systemd-override.erb'), - require => File['systemd-conf-dir'], - ; - } - - if $service_enable != 'mask' { - # Remove old unit file to avoid conflicts - file { 'old-systemd-override': - ensure => absent, - path => "/etc/systemd/system/${service_name}.service", - notify => [Exec['restart-systemd'], Class['postgresql::server::service']], - before => Class['postgresql::server::reload'], - } - } + postgresql::server::instance::config { 'main': + ip_mask_deny_postgres_user => $postgresql::server::ip_mask_deny_postgres_user, + ip_mask_allow_all_users => $postgresql::server::ip_mask_allow_all_users, + listen_addresses => $postgresql::server::listen_addresses, + port => $postgresql::server::port, + ipv4acls => $postgresql::server::ipv4acls, + ipv6acls => $postgresql::server::ipv6acls, + pg_hba_conf_path => $postgresql::server::pg_hba_conf_path, + pg_ident_conf_path => $postgresql::server::pg_ident_conf_path, + postgresql_conf_path => $postgresql::server::postgresql_conf_path, + postgresql_conf_mode => $postgresql::server::postgresql_conf_mode, + recovery_conf_path => $postgresql::server::recovery_conf_path, + pg_hba_conf_defaults => $postgresql::server::pg_hba_conf_defaults, + user => $postgresql::server::user, + group => $postgresql::server::group, + version => $postgresql::server::_version, + manage_pg_hba_conf => $postgresql::server::manage_pg_hba_conf, + manage_pg_ident_conf => $postgresql::server::manage_pg_ident_conf, + manage_recovery_conf => $postgresql::server::manage_recovery_conf, + manage_postgresql_conf_perms => $postgresql::server::manage_postgresql_conf_perms, + datadir => $postgresql::server::datadir, + logdir => $postgresql::server::logdir, + service_name => $postgresql::server::service_name, + service_enable => $postgresql::server::service_enable, + log_line_prefix => $postgresql::server::log_line_prefix, + timezone => $postgresql::server::timezone, + password_encryption => $postgresql::server::password_encryption, + extra_systemd_config => $postgresql::server::extra_systemd_config, } } diff --git a/manifests/server/config_entry.pp b/manifests/server/config_entry.pp index 25f3528267..d17b844a18 100644 --- a/manifests/server/config_entry.pp +++ b/manifests/server/config_entry.pp @@ -1,21 +1,18 @@ # @summary Manage a postgresql.conf entry. # # @param ensure Removes an entry if set to 'absent'. +# @param key Defines the key/name for the setting. Defaults to $name # @param value Defines the value for the setting. -# @param path Path for postgresql.conf +# @param path Path for postgresql.conf +# @param comment Defines the comment for the setting. The # is added by default. # define postgresql::server::config_entry ( - Enum['present', 'absent'] $ensure = 'present', - $value = undef, - $path = false + Enum['present', 'absent'] $ensure = 'present', + String[1] $key = $name, + Optional[Variant[String[1], Numeric, Array[String[1]]]] $value = undef, + Stdlib::Absolutepath $path = $postgresql::server::postgresql_conf_path, + Optional[String[1]] $comment = undef, ) { - $postgresql_conf_path = $postgresql::server::postgresql_conf_path - - $target = $path ? { - false => $postgresql_conf_path, - default => $path, - } - # Those are the variables that are marked as "(change requires restart)" # on postgresql.conf. Items are ordered as on postgresql.conf. # @@ -70,13 +67,9 @@ 'max_pred_locks_per_transaction' => undef, } - Exec { - logoutput => 'on_failure', - } - - if ! ($name in $requires_restart_until and ( - ! $requires_restart_until[$name] or - versioncmp($postgresql::server::_version, $requires_restart_until[$name]) < 0 + if ! ($key in $requires_restart_until and ( + ! $requires_restart_until[$key] or + versioncmp($postgresql::server::_version, $requires_restart_until[$key]) < 0 )) { Postgresql_conf { notify => Class['postgresql::server::reload'], @@ -91,71 +84,12 @@ } } - # We have to handle ports and the data directory in a weird and - # special way. On early Debian and Ubuntu and RHEL we have to ensure - # we stop the service completely. On RHEL 7 we either have to create - # a systemd override for the port or update the sysconfig file, but this - # is managed for us in postgresql::server::config. - if $facts['os']['name'] == 'Debian' or $facts['os']['name'] == 'Ubuntu' { - if $name == 'data_directory' { - exec { "postgresql_stop_${name}": - command => "service ${postgresql::server::service_name} stop", - onlyif => "service ${postgresql::server::service_name} status", - unless => "grep \"data_directory = '${value}'\" ${postgresql::server::postgresql_conf_path}", - path => '/usr/sbin:/sbin:/bin:/usr/bin:/usr/local/bin', - before => Postgresql_conf[$name], - } - } - } - if $facts['os']['family'] == 'RedHat' { - if ! ($facts['os']['release']['major'] in ['7', '8'] or $facts['os']['name'] == 'Fedora') { - if $name == 'port' { - # We need to force postgresql to stop before updating the port - # because puppet becomes confused and is unable to manage the - # service appropriately. - exec { "postgresql_stop_${name}": - command => "service ${postgresql::server::service_name} stop", - onlyif => "service ${postgresql::server::service_name} status", - unless => "grep 'PGPORT=${value}' /etc/sysconfig/pgsql/postgresql", - path => '/sbin:/bin:/usr/bin:/usr/local/bin', - require => File['/etc/sysconfig/pgsql/postgresql'], - } - -> augeas { 'override PGPORT in /etc/sysconfig/pgsql/postgresql': - lens => 'Shellvars.lns', - incl => '/etc/sysconfig/pgsql/postgresql', - context => '/files/etc/sysconfig/pgsql/postgresql', - changes => "set PGPORT ${value}", - require => File['/etc/sysconfig/pgsql/postgresql'], - notify => Class['postgresql::server::service'], - before => Class['postgresql::server::reload'], - } - } elsif $name == 'data_directory' { - # We need to force postgresql to stop before updating the data directory - # otherwise init script breaks - exec { "postgresql_${name}": - command => "service ${postgresql::server::service_name} stop", - onlyif => "service ${postgresql::server::service_name} status", - unless => "grep 'PGDATA=${value}' /etc/sysconfig/pgsql/postgresql", - path => '/sbin:/bin:/usr/bin:/usr/local/bin', - require => File['/etc/sysconfig/pgsql/postgresql'], - } - -> augeas { 'override PGDATA in /etc/sysconfig/pgsql/postgresql': - lens => 'Shellvars.lns', - incl => '/etc/sysconfig/pgsql/postgresql', - context => '/files/etc/sysconfig/pgsql/postgresql', - changes => "set PGDATA ${value}", - require => File['/etc/sysconfig/pgsql/postgresql'], - notify => Class['postgresql::server::service'], - before => Class['postgresql::server::reload'], - } - } - } - } - postgresql_conf { $name: ensure => $ensure, - target => $target, + target => $path, + key => $key, value => $value, + comment => $comment, require => Class['postgresql::server::initdb'], } } diff --git a/manifests/server/contrib.pp b/manifests/server/contrib.pp index ef5c3e26b6..e35eb511b3 100644 --- a/manifests/server/contrib.pp +++ b/manifests/server/contrib.pp @@ -6,7 +6,7 @@ # Ensure the contrib package is installed. class postgresql::server::contrib ( Optional[String[1]] $package_name = $postgresql::params::contrib_package_name, - String[1] $package_ensure = 'present' + Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $package_ensure = 'present', ) inherits postgresql::params { if $package_name { package { 'postgresql-contrib': diff --git a/manifests/server/database.pp b/manifests/server/database.pp index 87d443f7e9..7d95e76056 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -8,38 +8,32 @@ # @param encoding Overrides the character set during creation of the database. # @param locale Overrides the locale during creation of the database. # @param istemplate Defines the database as a template if set to true. +# @param instance The name of the Postgresql database instance. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. +# @param psql_path Specifies the path to the psql command. +# @param default_db Specifies the name of the default database to connect with. On most systems this is 'postgres'. +# @param user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. +# @param group Overrides the default postgres user group to be used for related files in the file system. +# @param port Specifies the port for the PostgreSQL server to listen on. define postgresql::server::database ( - $comment = undef, - $dbname = $title, - $owner = undef, - $tablespace = undef, - $template = 'template0', - $encoding = $postgresql::server::encoding, - $locale = $postgresql::server::locale, - $istemplate = false, - $connect_settings = $postgresql::server::default_connect_settings, + Optional[String[1]] $comment = undef, + String[1] $dbname = $title, + Optional[String[1]] $owner = undef, + Optional[String[1]] $tablespace = undef, + String[1] $template = 'template0', + Optional[String[1]] $encoding = $postgresql::server::encoding, + Optional[String[1]] $locale = $postgresql::server::locale, + Boolean $istemplate = false, + String[1] $instance = 'main', + Hash $connect_settings = $postgresql::server::default_connect_settings, + String[1] $user = $postgresql::server::user, + String[1] $group = $postgresql::server::group, + Stdlib::Absolutepath $psql_path = $postgresql::server::psql_path, + String[1] $default_db = $postgresql::server::default_database, + Stdlib::Port $port = $postgresql::server::port ) { - $createdb_path = $postgresql::server::createdb_path - $user = $postgresql::server::user - $group = $postgresql::server::group - $psql_path = $postgresql::server::psql_path - $default_db = $postgresql::server::default_database - - # If possible use the version of the remote database, otherwise - # fallback to our local DB version - if $connect_settings != undef and has_key( $connect_settings, 'DBVERSION') { - $version = $connect_settings['DBVERSION'] - } else { - $version = $postgresql::server::_version - } - - # If the connection settings do not contain a port, then use the local server port - if $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { - $port = undef - } else { - $port = $postgresql::server::port - } + $version = pick($connect_settings['DBVERSION'], $postgresql::server::_version) + $port_override = pick($connect_settings['PGPORT'], $port) # Set the defaults for the postgresql_psql resource Postgresql_psql { @@ -47,22 +41,18 @@ psql_user => $user, psql_group => $group, psql_path => $psql_path, - port => $port, + port => $port_override, connect_settings => $connect_settings, + instance => $instance, } # Optionally set the locale switch. Older versions of createdb may not accept # --locale, so if the parameter is undefined its safer not to pass it. - if ($version != '8.1') { - $locale_option = $locale ? { - undef => '', - default => "LC_COLLATE = '${locale}' LC_CTYPE = '${locale}'", - } - $public_revoke_privilege = 'CONNECT' - } else { - $locale_option = '' - $public_revoke_privilege = 'ALL' + $locale_option = $locale ? { + undef => '', + default => "LC_COLLATE = '${locale}' LC_CTYPE = '${locale}'", } + $public_revoke_privilege = 'CONNECT' $template_option = $template ? { undef => '', @@ -79,10 +69,6 @@ default => "TABLESPACE \"${tablespace}\"", } - if $createdb_path != undef { - warning('Passing "createdb_path" to postgresql::database is deprecated, it can be removed safely for the same behaviour') - } - postgresql_psql { "CREATE DATABASE \"${dbname}\"": command => "CREATE DATABASE \"${dbname}\" WITH ${template_option} ${encoding_option} ${locale_option} ${tablespace_option}", unless => "SELECT 1 FROM pg_database WHERE datname = '${dbname}'", @@ -101,14 +87,9 @@ } if $comment { - # The shobj_description function was only introduced with 8.2 - $comment_information_function = $version ? { - '8.1' => 'obj_description', - default => 'shobj_description', - } Postgresql_psql["CREATE DATABASE \"${dbname}\""] -> postgresql_psql { "COMMENT ON DATABASE \"${dbname}\" IS '${comment}'": - unless => "SELECT 1 FROM pg_catalog.pg_database d WHERE datname = '${dbname}' AND pg_catalog.${comment_information_function}(d.oid, 'pg_database') = '${comment}'", + unless => "SELECT 1 FROM pg_catalog.pg_database d WHERE datname = '${dbname}' AND pg_catalog.shobj_description(d.oid, 'pg_database') = '${comment}'", # lint:ignore:140chars db => $dbname, } } @@ -120,19 +101,19 @@ } if defined(Postgresql::Server::Role[$owner]) { - Postgresql::Server::Role[$owner]->Postgresql_psql["ALTER DATABASE \"${dbname}\" OWNER TO \"${owner}\""] + Postgresql::Server::Role[$owner] -> Postgresql_psql["ALTER DATABASE \"${dbname}\" OWNER TO \"${owner}\""] } } if $tablespace { postgresql_psql { "ALTER DATABASE \"${dbname}\" SET ${tablespace_option}": - unless => "SELECT 1 FROM pg_database JOIN pg_tablespace spc ON dattablespace = spc.oid WHERE datname = '${dbname}' AND spcname = '${tablespace}'", + unless => "SELECT 1 FROM pg_database JOIN pg_tablespace spc ON dattablespace = spc.oid WHERE datname = '${dbname}' AND spcname = '${tablespace}'", # lint:ignore:140chars require => Postgresql_psql["CREATE DATABASE \"${dbname}\""], } if defined(Postgresql::Server::Tablespace[$tablespace]) { # The tablespace must be there, before we create the database. - Postgresql::Server::Tablespace[$tablespace]->Postgresql_psql["CREATE DATABASE \"${dbname}\""] + Postgresql::Server::Tablespace[$tablespace] -> Postgresql_psql["CREATE DATABASE \"${dbname}\""] } } } diff --git a/manifests/server/database_grant.pp b/manifests/server/database_grant.pp index 0c389a5378..3becf35975 100644 --- a/manifests/server/database_grant.pp +++ b/manifests/server/database_grant.pp @@ -6,15 +6,19 @@ # @param ensure Specifies whether to grant or revoke the privilege. Revoke or 'absent' works only in PostgreSQL version 9.1.24 or later. # @param psql_db Defines the database to execute the grant against. This should not ordinarily be changed from the default # @param psql_user Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'. +# @param psql_group Overrides the default postgres user group to be used for related files in the file system. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. +# @param port Port to use when connecting. define postgresql::server::database_grant ( - $privilege, - $db, - $role, - $ensure = undef, - $psql_db = undef, - $psql_user = undef, - $connect_settings = undef, + Enum['ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP', 'all', 'create', 'connect', 'temporary', 'temp'] $privilege, + String[1] $db, + String[1] $role, + Optional[Enum['present', 'absent']] $ensure = undef, + Optional[String[1]] $psql_db = undef, + String[1] $psql_user = $postgresql::server::user, + Hash $connect_settings = $postgresql::server::default_connect_settings, + String[1] $psql_group = $postgresql::server::group, + Stdlib::Port $port = $postgresql::server::port, ) { postgresql::server::grant { "database:${name}": ensure => $ensure, @@ -25,6 +29,8 @@ object_name => $db, psql_db => $psql_db, psql_user => $psql_user, + group => $psql_group, + port => $port, connect_settings => $connect_settings, } } diff --git a/manifests/server/db.pp b/manifests/server/db.pp index 3024c2909c..513e548ed7 100644 --- a/manifests/server/db.pp +++ b/manifests/server/db.pp @@ -1,7 +1,7 @@ -# @summary Define for conveniently creating a role, database and assigning the correctpermissions. +# @summary Define for conveniently creating a role, database and assigning the correct permissions. # -# @param user User to create and assign access to the database upon creation. Mandatory. -# @param password Required Sets the password for the created user. +# @param user User to assign access to the database upon creation (will be created if not defined elsewhere). Mandatory. +# @param password Sets the password for the created user (if a user is created). # @param comment Defines a comment to be stored about the database using the PostgreSQL COMMENT command. # @param dbname Sets the name of the database to be created. # @param encoding Overrides the character set during creation of the database. @@ -11,18 +11,26 @@ # @param template Specifies the name of the template database from which to build this database. Defaults value: template0. # @param istemplate Specifies that the database is a template, if set to true. # @param owner Sets a user as the owner of the database. +# @param port Specifies the port where the PostgreSQL server is listening on. +# @param psql_user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. +# @param psql_group Overrides the default PostgreSQL user group to be used for related files in the file system. +# @param instance The name of the Postgresql database instance. define postgresql::server::db ( - $user, - Variant[String, Sensitive[String]] $password, - $comment = undef, - $dbname = $title, - $encoding = $postgresql::server::encoding, - $locale = $postgresql::server::locale, - $grant = 'ALL', - $tablespace = undef, - $template = 'template0', - $istemplate = false, - $owner = undef + String[1] $user, + Optional[Variant[String, Sensitive[String]]] $password = undef, + Optional[String[1]] $comment = undef, + String[1] $dbname = $title, + Optional[String[1]] $encoding = $postgresql::server::encoding, + Optional[String[1]] $locale = $postgresql::server::locale, + Variant[String[1], Array[String[1]]] $grant = 'ALL', + Optional[String[1]] $tablespace = undef, + String[1] $template = 'template0', + Boolean $istemplate = false, + Optional[String[1]] $owner = undef, + Optional[Stdlib::Port] $port = undef, + String[1] $psql_user = $postgresql::server::user, + String[1] $psql_group = $postgresql::server::group, + String[1] $instance = 'main', ) { if ! defined(Postgresql::Server::Database[$dbname]) { postgresql::server::database { $dbname: @@ -33,25 +41,34 @@ locale => $locale, istemplate => $istemplate, owner => $owner, + port => $port, + user => $psql_user, + group => $psql_group, } } if ! defined(Postgresql::Server::Role[$user]) { postgresql::server::role { $user: password_hash => $password, + port => $port, + psql_user => $psql_user, + psql_group => $psql_group, before => Postgresql::Server::Database[$dbname], } } if ! defined(Postgresql::Server::Database_grant["GRANT ${user} - ${grant} - ${dbname}"]) { postgresql::server::database_grant { "GRANT ${user} - ${grant} - ${dbname}": - privilege => $grant, - db => $dbname, - role => $user, + privilege => $grant, + db => $dbname, + role => $user, + port => $port, + psql_user => $psql_user, + psql_group => $psql_group, } -> Postgresql_conn_validator<| db_name == $dbname |> } - if($tablespace != undef and defined(Postgresql::Server::Tablespace[$tablespace])) { - Postgresql::Server::Tablespace[$tablespace]->Postgresql::Server::Database[$name] + if ($tablespace != undef and defined(Postgresql::Server::Tablespace[$tablespace])) { + Postgresql::Server::Tablespace[$tablespace] -> Postgresql::Server::Database[$name] } } diff --git a/manifests/server/default_privileges.pp b/manifests/server/default_privileges.pp index 6a7dda9980..815abaebbd 100644 --- a/manifests/server/default_privileges.pp +++ b/manifests/server/default_privileges.pp @@ -12,7 +12,8 @@ # @param psql_path Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'. # @param port Specifies the port to access the server. Default value: The default user for the module, usually '5432'. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. -# @param psql_path Specifies the path to the psql command. +# @param instance The name of the Postgresql database instance. +# @param group Specifies the user group to which the privileges will be granted. define postgresql::server::default_privileges ( String $role, String $db, @@ -25,26 +26,19 @@ /(?i:^TYPES$)/, /(?i:^SCHEMAS$)/ ] $object_type, - String $schema = 'public', - String $psql_db = $postgresql::server::default_database, - String $psql_user = $postgresql::server::user, - Integer $port = $postgresql::server::port, - Hash $connect_settings = $postgresql::server::default_connect_settings, - Enum['present', - 'absent' - ] $ensure = 'present', - String $group = $postgresql::server::group, - String $psql_path = $postgresql::server::psql_path, - Optional[String] $target_role = undef, + String $schema = 'public', + String $psql_db = $postgresql::server::default_database, + String $psql_user = $postgresql::server::user, + Stdlib::Port $port = $postgresql::server::port, + Hash $connect_settings = $postgresql::server::default_connect_settings, + Enum['present', 'absent'] $ensure = 'present', + String $group = $postgresql::server::group, + Stdlib::Absolutepath $psql_path = $postgresql::server::psql_path, + Optional[String] $target_role = undef, + String[1] $instance = 'main', ) { - - # If possible use the version of the remote database, otherwise - # fallback to our local DB version - if $connect_settings != undef and has_key( $connect_settings, 'DBVERSION') { - $version = $connect_settings['DBVERSION'] - } else { - $version = $postgresql::server::_version - } + $version = pick($connect_settings['DBVERSION'],postgresql::default('version')) + $port_override = pick($connect_settings['PGPORT'], $port) if (versioncmp($version, '9.6') == -1) { fail 'Default_privileges is only useable with PostgreSQL >= 9.6' @@ -62,18 +56,7 @@ } } - # - # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port - # - if $port != undef { - $port_override = $port - } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { - $port_override = undef - } else { - $port_override = $postgresql::server::port - } - - if $target_role != undef { + if $target_role { $_target_role = " FOR ROLE ${target_role}" $_check_target_role = "/${target_role}" } else { @@ -113,9 +96,9 @@ 'SEQUENCES': { case $_privilege { /^(ALL)$/: { $_check_privilege = 'rwU' } - /^SELECT$/: { $_check_privilege = 'r'} - /^UPDATE$/: { $_check_privilege = 'w'} - /^USAGE$/: { $_check_privilege = 'U'} + /^SELECT$/: { $_check_privilege = 'r' } + /^UPDATE$/: { $_check_privilege = 'w' } + /^USAGE$/: { $_check_privilege = 'U' } default: { fail('Illegal value for $privilege parameter') } } $_check_type = 'S' @@ -136,7 +119,7 @@ } 'TYPES': { case $_privilege { - /^(ALL|USAGE)$/: { $_check_privilege = 'U'} + /^(ALL|USAGE)$/: { $_check_privilege = 'U' } default: { fail('Illegal value for $privilege parameter') } } $_check_type = 'T' @@ -162,8 +145,8 @@ } $_unless = $ensure ? { - 'absent' => "SELECT 1 WHERE NOT EXISTS (SELECT * FROM pg_default_acl AS da LEFT JOIN pg_namespace AS n ON da.defaclnamespace = n.oid WHERE '%s=%s%s' = ANY (defaclacl)%s and defaclobjtype = '%s')", - default => "SELECT 1 WHERE EXISTS (SELECT * FROM pg_default_acl AS da LEFT JOIN pg_namespace AS n ON da.defaclnamespace = n.oid WHERE '%s=%s%s' = ANY (defaclacl)%s and defaclobjtype = '%s')" + 'absent' => "SELECT 1 WHERE NOT EXISTS (SELECT * FROM pg_default_acl AS da LEFT JOIN pg_namespace AS n ON da.defaclnamespace = n.oid WHERE '%s=%s%s' = ANY (defaclacl)%s and defaclobjtype = '%s')", # lint:ignore:140chars + default => "SELECT 1 WHERE EXISTS (SELECT * FROM pg_default_acl AS da LEFT JOIN pg_namespace AS n ON da.defaclnamespace = n.oid WHERE '%s=%s%s' = ANY (defaclacl)%s and defaclobjtype = '%s')", # lint:ignore:140chars } $unless_cmd = sprintf($_unless, $role, $_check_privilege, $_check_target_role, $_check_schema, $_check_type) @@ -178,14 +161,15 @@ psql_group => $group, psql_path => $psql_path, unless => $unless_cmd, - environment => 'PGOPTIONS=--client-min-messages=error' + environment => 'PGOPTIONS=--client-min-messages=error', + instance => $instance, } - if($role != undef and defined(Postgresql::Server::Role[$role])) { - Postgresql::Server::Role[$role]->Postgresql_psql["default_privileges:${name}"] + if defined(Postgresql::Server::Role[$role]) { + Postgresql::Server::Role[$role] -> Postgresql_psql["default_privileges:${name}"] } - if($db != undef and defined(Postgresql::Server::Database[$db])) { - Postgresql::Server::Database[$db]->Postgresql_psql["default_privileges:${name}"] + if defined(Postgresql::Server::Database[$db]) { + Postgresql::Server::Database[$db] -> Postgresql_psql["default_privileges:${name}"] } } diff --git a/manifests/server/extension.pp b/manifests/server/extension.pp index 8417351430..196c077c0b 100644 --- a/manifests/server/extension.pp +++ b/manifests/server/extension.pp @@ -3,35 +3,44 @@ # @param database Specifies the database on which to activate the extension. # @param extension Specifies the extension to activate. If left blank, uses the name of the resource. # @param schema Specifies the schema on which to activate the extension. -# @param version Specifies the version of the extension which the database uses. When an extension package is updated, this does not automatically change the effective version in each database. +# @param version +# Specifies the version of the extension which the database uses. When an extension package is updated, this does not automatically +# change the effective version in each database. # This needs be updated using the PostgreSQL-specific SQL ALTER EXTENSION... # version may be set to latest, in which case the SQL ALTER EXTENSION "extension" UPDATE is applied to this database (only). # version may be set to a specific version, in which case the extension is updated using ALTER EXTENSION "extension" UPDATE TO 'version' -# eg. If extension is set to postgis and version is set to 2.3.3, this will apply the SQL ALTER EXTENSION "postgis" UPDATE TO '2.3.3' to this database only. +# eg. If extension is set to postgis and version is set to 2.3.3, this will apply the SQL ALTER EXTENSION "postgis" UPDATE TO '2.3.3' to +# this database only. # version may be omitted, in which case no ALTER EXTENSION... SQL is applied, and the version will be left unchanged. # # @param ensure Specifies whether to activate or deactivate the extension. Valid options: 'present' or 'absent'. # @param package_name Specifies a package to install prior to activating the extension. -# @param package_ensure Overrides default package deletion behavior. By default, the package specified with package_name is installed when the extension is activated and removed when the extension is deactivated. To override this behavior, set the ensure value for the package. +# @param package_ensure +# Overrides default package deletion behavior. By default, the package specified with package_name is installed when the extension is +# activated and removed when the extension is deactivated. To override this behavior, set the ensure value for the package. # @param port Port to use when connecting. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. # @param database_resource_name Specifies the resource name of the DB being managed. Defaults to the parameter $database, if left blank. +# @param instance The name of the Postgresql database instance. +# @param psql_path Specifies the path to the psql command. +# @param user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. +# @param group Overrides the default postgres user group to be used for related files in the file system. define postgresql::server::extension ( - $database, - $extension = $name, - Optional[String[1]] $schema = undef, - Optional[String[1]] $version = undef, - String[1] $ensure = 'present', - $package_name = undef, - $package_ensure = undef, - Optional[Integer] $port = undef, - $connect_settings = postgresql::default('default_connect_settings'), - $database_resource_name = $database, + String[1] $database, + Optional[Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]] $package_ensure = undef, + String[1] $extension = $name, + Optional[String[1]] $schema = undef, + Optional[String[1]] $version = undef, + Enum['present', 'absent'] $ensure = 'present', + Optional[String[1]] $package_name = undef, + Stdlib::Port $port = postgresql::default('port'), + Hash $connect_settings = postgresql::default('default_connect_settings'), + String[1] $database_resource_name = $database, + String[1] $instance = 'main', + String[1] $user = postgresql::default('user'), + String[1] $group = postgresql::default('group'), + Stdlib::Absolutepath $psql_path = postgresql::default('psql_path'), ) { - $user = postgresql::default('user') - $group = postgresql::default('group') - $psql_path = postgresql::default('psql_path') - if( $database != 'postgres' ) { # The database postgres cannot managed by this module, so it is exempt from this dependency $default_psql_require = Postgresql::Server::Database[$database_resource_name] @@ -69,27 +78,17 @@ } } - # - # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port - # - if $port != undef { - $port_override = $port - } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { - $port_override = undef - } else { - $port_override = $postgresql::server::port - } + $port_override = pick($connect_settings['PGPORT'], $port) postgresql_psql { "${database}: ${command}": - psql_user => $user, psql_group => $group, psql_path => $psql_path, connect_settings => $connect_settings, - db => $database, port => $port_override, command => $command, + instance => $instance, unless => "SELECT 1 WHERE ${unless_mod}EXISTS (SELECT 1 FROM pg_extension WHERE extname = '${extension}')", require => $psql_cmd_require, before => $psql_cmd_before, @@ -117,6 +116,7 @@ connect_settings => $connect_settings, db => $database, port => $port_override, + instance => $instance, require => Postgresql_psql["${database}: ${command}"], } @@ -129,7 +129,7 @@ default => $package_ensure, } - ensure_packages($package_name, { + stdlib::ensure_packages($package_name, { ensure => $_package_ensure, tag => 'puppetlabs-postgresql', }) @@ -150,6 +150,7 @@ psql_path => $psql_path, connect_settings => $connect_settings, command => $alter_extension_sql, + instance => $instance, unless => $update_unless, } } diff --git a/manifests/server/grant.pp b/manifests/server/grant.pp index 64be3ad617..e9c0894003 100644 --- a/manifests/server/grant.pp +++ b/manifests/server/grant.pp @@ -3,8 +3,13 @@ # @param role Specifies the role or user whom you are granting access to. # @param db Specifies the database to which you are granting access. # @param privilege Specifies the privilege to grant. Valid options: 'ALL', 'ALL PRIVILEGES' or 'object_type' dependent string. -# @param object_type Specifies the type of object to which you are granting privileges. Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'. -# @param object_name Specifies name of object_type to which to grant access, can be either a string or a two element array. String: 'object_name' Array: ['schema_name', 'object_name'] +# @param object_type +# Specifies the type of object to which you are granting privileges. +# Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'. +# @param object_name +# Specifies name of object_type to which to grant access, can be either a string or a two element array. +# String: 'object_name' Array: ['schema_name', 'object_name'] +# @param object_arguments Specifies any arguments to be passed alongisde the access grant. # @param psql_db Specifies the database to execute the grant against. This should not ordinarily be changed from the default # @param psql_user Sets the OS user to run psql. # @param port Port to use when connecting. @@ -13,10 +18,11 @@ # @param ensure Specifies whether to grant or revoke the privilege. Default is to grant the privilege. Valid values: 'present', 'absent'. # @param group Sets the OS group to run psql # @param psql_path Sets the path to psql command +# @param instance The name of the Postgresql database instance. define postgresql::server::grant ( String $role, String $db, - String $privilege = '', + String $privilege = '', # lint:ignore:params_empty_string_assignment Pattern[#/(?i:^COLUMN$)/, /(?i:^ALL SEQUENCES IN SCHEMA$)/, /(?i:^ALL TABLES IN SCHEMA$)/, @@ -31,23 +37,18 @@ /(?i:^SCHEMA$)/, /(?i:^SEQUENCE$)/ #/(?i:^VIEW$)/ - ] $object_type = 'database', - Optional[Variant[ - Array[String,2,2], - String[1]] - ] $object_name = undef, - Array[String[1],0] - $object_arguments = [], - String $psql_db = $postgresql::server::default_database, - String $psql_user = $postgresql::server::user, - Integer $port = $postgresql::server::port, - Boolean $onlyif_exists = false, - Hash $connect_settings = $postgresql::server::default_connect_settings, - Enum['present', - 'absent' - ] $ensure = 'present', - String $group = $postgresql::server::group, - String $psql_path = $postgresql::server::psql_path, + ] $object_type = 'database', + Optional[Variant[Array[String,2,2],String[1]]] $object_name = undef, + Array[String[1],0] $object_arguments = [], + String $psql_db = $postgresql::server::default_database, + String $psql_user = $postgresql::server::user, + Stdlib::Port $port = $postgresql::server::port, + Boolean $onlyif_exists = false, + Hash $connect_settings = $postgresql::server::default_connect_settings, + Enum['present', 'absent'] $ensure = 'present', + String $group = $postgresql::server::group, + Stdlib::Absolutepath $psql_path = $postgresql::server::psql_path, + String[1] $instance = 'main', ) { case $ensure { default: { @@ -75,16 +76,7 @@ $_object_name = $object_name } - # - # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port - # - if $port != undef { - $port_override = $port - } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { - $port_override = undef - } else { - $port_override = $postgresql::server::port - } + $port_override = pick($connect_settings['PGPORT'], $port) ## Munge the input values $_object_type = upcase($object_type) @@ -335,6 +327,7 @@ if $ensure == 'present' { if $_privilege == 'ALL' or $_privilege == 'ALL PRIVILEGES' { # GRANT ALL + # lint:ignore:140chars $custom_unless = "SELECT 1 WHERE NOT EXISTS ( SELECT 1 FROM ( SELECT t.tablename,count(privilege_type) AS priv_count FROM pg_catalog.pg_tables AS t @@ -344,13 +337,16 @@ GROUP BY t.tablename ) AS j WHERE j.priv_count < 7 )" + # lint:endignore:140chars } else { # GRANT $_privilege + # lint:ignore:140chars $custom_unless = "SELECT 1 WHERE NOT EXISTS ( SELECT 1 FROM pg_catalog.pg_tables AS t LEFT JOIN information_schema.role_table_grants AS g ON t.tablename = g.table_name AND g.grantee = '${role}' AND g.table_schema = '${schema}' AND g.privilege_type = '${_privilege}' WHERE t.schemaname = '${schema}' AND g.table_name IS NULL )" + # lint:endignore:140chars } } else { if $_privilege == 'ALL' or $_privilege == 'ALL PRIVILEGES' { @@ -431,10 +427,15 @@ } # Never put double quotes into has_*_privilege function $_granted_object = join($_object_name, '.') + # pg_* views does not contain schema name as part of the object name + $_togrant_object_only = $_object_name[1] } default: { $_granted_object = $_object_name $_togrant_object = $_object_name + # if $_togrant_object_only not set, set it to a default value $_togrant_object + # allows an Array or String to be passed as $_object_name i.e. [$schema, $table] or $table + $_togrant_object_only = $_togrant_object } } @@ -451,10 +452,10 @@ } $_onlyif = $onlyif_function ? { - 'table_exists' => "SELECT true FROM pg_tables WHERE tablename = '${_togrant_object}'", - 'language_exists' => "SELECT true from pg_language WHERE lanname = '${_togrant_object}'", + 'table_exists' => "SELECT true FROM pg_tables WHERE tablename = '${_togrant_object_only}'", + 'language_exists' => "SELECT true from pg_language WHERE lanname = '${_togrant_object_only}'", 'role_exists' => "SELECT 1 FROM pg_roles WHERE rolname = '${role}' or '${role}' = 'PUBLIC'", - 'function_exists' => "SELECT true FROM pg_proc WHERE (oid::regprocedure)::text = '${_togrant_object}${arguments}'", + 'function_exists' => "SELECT true FROM pg_proc WHERE (oid::regprocedure)::text = '${_togrant_object_only}${arguments}'", default => undef, } @@ -471,15 +472,16 @@ psql_user => $psql_user, psql_group => $group, psql_path => $psql_path, + instance => $instance, unless => $_unless, onlyif => $_onlyif, } - if($role != undef and defined(Postgresql::Server::Role[$role])) { - Postgresql::Server::Role[$role]->Postgresql_psql["grant:${name}"] + if defined(Postgresql::Server::Role[$role]) { + Postgresql::Server::Role[$role] -> Postgresql_psql["grant:${name}"] } - if($db != undef and defined(Postgresql::Server::Database[$db])) { - Postgresql::Server::Database[$db]->Postgresql_psql["grant:${name}"] + if defined(Postgresql::Server::Database[$db]) { + Postgresql::Server::Database[$db] -> Postgresql_psql["grant:${name}"] } } diff --git a/manifests/server/grant_role.pp b/manifests/server/grant_role.pp index f5d674e52b..11ef6a70de 100644 --- a/manifests/server/grant_role.pp +++ b/manifests/server/grant_role.pp @@ -7,14 +7,16 @@ # @param psql_user Sets the OS user to run psql. # @param port Port to use when connecting. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. +# @param instance The name of the Postgresql database instance. define postgresql::server::grant_role ( - String[1] $group, - String[1] $role = $name, - Enum['present', 'absent'] $ensure = 'present', - $psql_db = $postgresql::server::default_database, - $psql_user = $postgresql::server::user, - $port = $postgresql::server::port, - $connect_settings = $postgresql::server::default_connect_settings, + String[1] $group, + String[1] $role = $name, + Enum['present', 'absent'] $ensure = 'present', + String[1] $instance = 'main', + String[1] $psql_db = $postgresql::server::default_database, + String[1] $psql_user = $postgresql::server::user, + Stdlib::Port $port = $postgresql::server::port, + Hash $connect_settings = $postgresql::server::default_connect_settings, ) { case $ensure { 'present': { @@ -32,20 +34,21 @@ postgresql_psql { "grant_role:${name}": command => $command, - unless => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '${group}' AND r_role.rolname = '${role}') ${unless_comp} true", + unless => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '${group}' AND r_role.rolname = '${role}') ${unless_comp} true", # lint:ignore:140chars db => $psql_db, psql_user => $psql_user, port => $port, + instance => $instance, connect_settings => $connect_settings, } - if ! $connect_settings or empty($connect_settings) { - Class['postgresql::server']->Postgresql_psql["grant_role:${name}"] + if empty($connect_settings) { + Class['postgresql::server'] -> Postgresql_psql["grant_role:${name}"] } if defined(Postgresql::Server::Role[$role]) { - Postgresql::Server::Role[$role]->Postgresql_psql["grant_role:${name}"] + Postgresql::Server::Role[$role] -> Postgresql_psql["grant_role:${name}"] } if defined(Postgresql::Server::Role[$group]) { - Postgresql::Server::Role[$group]->Postgresql_psql["grant_role:${name}"] + Postgresql::Server::Role[$group] -> Postgresql_psql["grant_role:${name}"] } } diff --git a/manifests/server/initdb.pp b/manifests/server/initdb.pp index 5aabd0426d..605e9ea79e 100644 --- a/manifests/server/initdb.pp +++ b/manifests/server/initdb.pp @@ -1,141 +1,23 @@ # @api private class postgresql::server::initdb { - $needs_initdb = $postgresql::server::needs_initdb - $initdb_path = $postgresql::server::initdb_path - $datadir = $postgresql::server::datadir - $xlogdir = $postgresql::server::xlogdir - $logdir = $postgresql::server::logdir - $manage_datadir = $postgresql::server::manage_datadir - $manage_logdir = $postgresql::server::manage_logdir - $manage_xlogdir = $postgresql::server::manage_xlogdir - $encoding = $postgresql::server::encoding - $locale = $postgresql::server::locale - $data_checksums = $postgresql::server::data_checksums - $group = $postgresql::server::group - $user = $postgresql::server::user - $module_workdir = $postgresql::server::module_workdir - - if $facts['os']['family'] == 'RedHat' and $facts['os']['selinux']['enabled'] == true { - $seltype = 'postgresql_db_t' - $logdir_type = 'postgresql_log_t' - } - - else { - $seltype = undef - $logdir_type = undef - } - - if($manage_datadir) { - # Make sure the data directory exists, and has the correct permissions. - file { $datadir: - ensure => directory, - owner => $user, - group => $group, - mode => '0700', - seltype => $seltype, - } - } else { - # changes an already defined datadir - File <| title == $datadir |> { - ensure => directory, - owner => $user, - group => $group, - mode => '0700', - seltype => $seltype, - } - } - - if($xlogdir) { - if($manage_xlogdir) { - # Make sure the xlog directory exists, and has the correct permissions. - file { $xlogdir: - ensure => directory, - owner => $user, - group => $group, - mode => '0700', - seltype => $seltype, - } - } else { - # changes an already defined xlogdir - File <| title == $xlogdir |> { - ensure => directory, - owner => $user, - group => $group, - mode => '0700', - seltype => $seltype, - } - } - } - - if($logdir) { - if($manage_logdir) { - # Make sure the log directory exists, and has the correct permissions. - file { $logdir: - ensure => directory, - owner => $user, - group => $group, - seltype => $logdir_type, - } - } else { - # changes an already defined logdir - File <| title == $logdir |> { - ensure => directory, - owner => $user, - group => $group, - seltype => $logdir_type, - } - } - } - - if($needs_initdb) { - # Build up the initdb command. - # - # We optionally add the locale switch if specified. Older versions of the - # initdb command don't accept this switch. So if the user didn't pass the - # parameter, lets not pass the switch at all. - $ic_base = "${initdb_path} --pgdata '${datadir}'" - $ic_xlog = $xlogdir ? { - undef => $ic_base, - default => "${ic_base} -X '${xlogdir}'" - } - - # The xlogdir need to be present before initdb runs. - # If xlogdir is default it's created by package installer - if($xlogdir) { - $require_before_initdb = [$datadir, $xlogdir] - } else { - $require_before_initdb = [$datadir] - } - - # PostgreSQL 11 no longer allows empty encoding - $ic_encoding = $encoding ? { - undef => $ic_xlog, - default => "${ic_xlog} --encoding '${encoding}'" - } - - $ic_locale = $locale ? { - undef => $ic_encoding, - default => "${ic_encoding} --locale '${locale}'" - } - - $initdb_command = $data_checksums ? { - undef => $ic_locale, - false => $ic_locale, - default => "${ic_locale} --data-checksums" - } - - # This runs the initdb command, we use the existance of the PG_VERSION - # file to ensure we don't keep running this command. - exec { 'postgresql_initdb': - command => $initdb_command, - creates => "${datadir}/PG_VERSION", - user => $user, - group => $group, - logoutput => on_failure, - require => File[$require_before_initdb], - cwd => $module_workdir, - } - } elsif $encoding != undef { - include postgresql::server::late_initdb + postgresql::server::instance::initdb { 'main': + auth_host => $postgresql::server::auth_host, + auth_local => $postgresql::server::auth_local, + data_checksums => $postgresql::server::data_checksums, + datadir => $postgresql::server::datadir, + encoding => $postgresql::server::encoding, + group => $postgresql::server::group, + initdb_path => $postgresql::server::initdb_path, + lc_messages => $postgresql::server::lc_messages, + locale => $postgresql::server::locale, + logdir => $postgresql::server::logdir, + manage_datadir => $postgresql::server::manage_datadir, + manage_logdir => $postgresql::server::manage_logdir, + manage_xlogdir => $postgresql::server::manage_xlogdir, + module_workdir => $postgresql::server::module_workdir, + needs_initdb => $postgresql::server::needs_initdb, + user => $postgresql::server::user, + username => $postgresql::server::username, + xlogdir => $postgresql::server::xlogdir, } } diff --git a/manifests/server/instance/config.pp b/manifests/server/instance/config.pp new file mode 100644 index 0000000000..d596d0846b --- /dev/null +++ b/manifests/server/instance/config.pp @@ -0,0 +1,262 @@ +# @summary Manages the config for a postgresql::server instance +# +# @param ip_mask_deny_postgres_user Specifies the IP mask from which remote connections should be denied for the postgres superuser. +# Default value: '0.0.0.0/0', which denies any remote connection. +# @param ip_mask_allow_all_users +# Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP +# from remote machines. If you'd like to allow this, you can override this setting. +# Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine +# on your local '192.168' subnet. +# Default value: '127.0.0.1/32'. +# @param listen_addresses Address list on which the PostgreSQL service will listen +# @param port +# Specifies the port for the PostgreSQL server to listen on. +# Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, +# changing the port causes the server to come to a full stop before being able to make the change. +# Default value: 5432. Meaning the Postgres server listens on TCP port 5432. +# @param ipv4acls Lists strings for access control for connection method, users, databases, IPv4 addresses. +# @param ipv6acls Lists strings for access control for connection method, users, databases, IPv6 addresses. +# @param pg_hba_conf_path Specifies the path to your pg_hba.conf file. +# @param pg_ident_conf_path Specifies the path to your pg_ident.conf file. +# @param postgresql_conf_path Specifies the path to your postgresql.conf file. +# @param postgresql_conf_mode Sets the mode of your postgresql.conf file. Only relevant if manage_postgresql_conf_perms is true. +# @param recovery_conf_path Specifies the path to your recovery.conf file. +# @param pg_hba_conf_defaults +# If false, disables the defaults supplied with the module for pg_hba.conf. This is useful if you disagree with the defaults and wish to +# override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform +# basic psql operations for example. +# @param user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. +# @param group Overrides the default postgres user group to be used for related files in the file system. +# @param version Sets PostgreSQL version +# @param manage_pg_hba_conf Boolean. Whether to manage the pg_hba.conf. +# @param manage_pg_ident_conf Boolean. Overwrites the pg_ident.conf file. +# @param manage_recovery_conf Boolean. Specifies whether or not manage the recovery.conf. +# @param manage_postgresql_conf_perms +# Whether to manage the postgresql conf file permissions. This means owner, +# group and mode. Contents are not managed but should be managed through +# postgresql::server::config_entry. +# @param datadir PostgreSQL data directory +# @param logdir PostgreSQL log directory +# @param service_name Overrides the default PostgreSQL service name. +# @param service_enable Enable the PostgreSQL service +# @param log_line_prefix PostgreSQL log line prefix +# @param timezone Set timezone for the PostgreSQL instance +# @param password_encryption Specify the type of encryption set for the password. +# @param pg_hba_auth_password_encryption +# Specify the type of encryption set for the password in pg_hba_conf, +# this value is usefull if you want to start enforcing scram-sha-256, but give users transition time. +# @param extra_systemd_config +# Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string +# @param manage_selinux Specifies whether or not manage the conf file for selinux. +define postgresql::server::instance::config ( + String[1] $ip_mask_deny_postgres_user = $postgresql::server::ip_mask_deny_postgres_user, + String[1] $ip_mask_allow_all_users = $postgresql::server::ip_mask_allow_all_users, + Optional[Variant[String[1], Array[String[1]]]] $listen_addresses = $postgresql::server::listen_addresses, + Stdlib::Port $port = $postgresql::server::port, + Array[String[1]] $ipv4acls = $postgresql::server::ipv4acls, + Array[String[1]] $ipv6acls = $postgresql::server::ipv6acls, + Stdlib::Absolutepath $pg_hba_conf_path = $postgresql::server::pg_hba_conf_path, + Stdlib::Absolutepath $pg_ident_conf_path = $postgresql::server::pg_ident_conf_path, + Stdlib::Absolutepath $postgresql_conf_path = $postgresql::server::postgresql_conf_path, + Optional[Stdlib::Filemode] $postgresql_conf_mode = $postgresql::server::postgresql_conf_mode, + Stdlib::Absolutepath $recovery_conf_path = $postgresql::server::recovery_conf_path, + Boolean $pg_hba_conf_defaults = $postgresql::server::pg_hba_conf_defaults, + String[1] $user = $postgresql::server::user, + String[1] $group = $postgresql::server::group, + Optional[String[1]] $version = $postgresql::server::_version, + Boolean $manage_pg_hba_conf = $postgresql::server::manage_pg_hba_conf, + Boolean $manage_pg_ident_conf = $postgresql::server::manage_pg_ident_conf, + Boolean $manage_recovery_conf = $postgresql::server::manage_recovery_conf, + Boolean $manage_postgresql_conf_perms = $postgresql::server::manage_postgresql_conf_perms, + Stdlib::Absolutepath $datadir = $postgresql::server::datadir, + Optional[Stdlib::Absolutepath] $logdir = $postgresql::server::logdir, + String[1] $service_name = $postgresql::server::service_name, + Boolean $service_enable = $postgresql::server::service_enable, + Optional[String[1]] $log_line_prefix = $postgresql::server::log_line_prefix, + Optional[String[1]] $timezone = $postgresql::server::timezone, + Postgresql::Pg_password_encryption $password_encryption = $postgresql::server::password_encryption, + Optional[Postgresql::Pg_password_encryption] $pg_hba_auth_password_encryption = $postgresql::server::pg_hba_auth_password_encryption, + Optional[String] $extra_systemd_config = $postgresql::server::extra_systemd_config, + Boolean $manage_selinux = $postgresql::server::manage_selinux, +) { + $_pg_hba_auth_password_encryption = pick($pg_hba_auth_password_encryption,$password_encryption) + + if ($manage_pg_hba_conf == true) { + # Prepare the main pg_hba file + concat { $pg_hba_conf_path: + owner => $user, + group => $group, + mode => '0640', + warn => true, + notify => Class['postgresql::server::reload'], + } + + if $pg_hba_conf_defaults { + Postgresql::Server::Pg_hba_rule { + database => 'all', + target => $pg_hba_conf_path, + user => 'all', + } + + postgresql::server::pg_hba_rule { + "local access as postgres user for instance ${name}": + type => 'local', + user => $user, + auth_method => 'ident', + order => 1; + + "local access to database with same name for instance ${name}": + type => 'local', + auth_method => 'ident', + order => 2; + + "allow localhost TCP access to postgresql user for instance ${name}": + type => 'host', + user => $user, + address => '127.0.0.1/32', + auth_method => $_pg_hba_auth_password_encryption, + order => 3; + + "deny access to postgresql user for instance ${name}": + type => 'host', + user => $user, + address => $ip_mask_deny_postgres_user, + auth_method => 'reject', + order => 4; + + "allow access to all users for instance ${name}": + type => 'host', + address => $ip_mask_allow_all_users, + auth_method => $_pg_hba_auth_password_encryption, + order => 100; + + "allow access to ipv6 localhost for instance ${name}": + type => 'host', + address => '::1/128', + auth_method => $_pg_hba_auth_password_encryption, + order => 101; + } + } else { + Postgresql::Server::Pg_hba_rule { + target => $pg_hba_conf_path, + } + } + + # $ipv4acls and $ipv6acls are arrays of rule strings + # They are converted into hashes we can iterate over to create postgresql::server::pg_hba_rule resources. + ( + postgresql::postgresql_acls_to_resources_hash($ipv4acls, 'ipv4acls', 10) + + postgresql::postgresql_acls_to_resources_hash($ipv6acls, 'ipv6acls', 102) + ).each | String $key, Hash $attrs| { + postgresql::server::pg_hba_rule { $key: + * => $attrs, + } + } + } + # set default postgresql_conf_path here so the path is configurable in instances for + # default values like port or listen_address + Postgresql::Server::Config_entry { + path => $postgresql_conf_path, + } + + if $manage_postgresql_conf_perms { + file { $postgresql_conf_path: + ensure => file, + owner => $user, + group => $group, + mode => $postgresql_conf_mode, + } + } + + if $listen_addresses { + postgresql::server::config_entry { "listen_addresses_for_instance_${name}": + key => 'listen_addresses', + value => $listen_addresses, + } + } + + # ensure that SELinux has a proper label for the port defined + if $manage_selinux and $facts['os']['selinux']['enabled'] { + case $facts['os']['family'] { + 'RedHat', 'Linux': { + if $facts['os']['name'] == 'Amazon' { + $package_name = 'policycoreutils' + } + else { + $package_name = $facts['os']['release']['major'] ? { + '6' => 'policycoreutils-python', + '7' => 'policycoreutils-python', + default => 'policycoreutils-python-utils', + } + } + } + default: { + $package_name = 'policycoreutils' + } + } + + stdlib::ensure_packages([$package_name]) + + $exec_command = ['/usr/sbin/semanage', 'port', '-a', '-t', 'postgresql_port_t', '-p', 'tcp', $port] + $exec_unless = "/usr/sbin/semanage port -l | grep -qw ${port}" + exec { "/usr/sbin/semanage port -a -t postgresql_port_t -p tcp ${port}": + command => $exec_command, + unless => $exec_unless, + before => Postgresql::Server::Config_entry["port_for_instance_${name}"], + require => Package[$package_name], + } + } + + postgresql::server::config_entry { "port_for_instance_${name}": + key => 'port', + value => $port, + } + + if ($password_encryption) and (versioncmp($version, '10') >= 0) { + postgresql::server::config_entry { "password_encryption_for_instance_${name}": + key => 'password_encryption', + value => $password_encryption, + } + } + + postgresql::server::config_entry { "data_directory_for_instance_${name}": + key => 'data_directory', + value => $datadir, + } + if $timezone { + postgresql::server::config_entry { "timezone_for_instance_${name}": + key => 'timezone', + value => $timezone, + } + } + if $logdir { + postgresql::server::config_entry { "log_directory_for_instance_${name}": + key => 'log_directory', + value => $logdir, + } + } + # Allow timestamps in log by default + if $log_line_prefix { + postgresql::server::config_entry { "log_line_prefix_for_instance_${name}": + key => 'log_line_prefix', + value => $log_line_prefix, + } + } + + if ($manage_pg_ident_conf == true) { + concat { $pg_ident_conf_path: + owner => $user, + group => $group, + mode => '0640', + warn => true, + notify => Class['postgresql::server::reload'], + } + } + + postgresql::server::instance::systemd { $name: + port => $port, + datadir => $datadir, + extra_systemd_config => $extra_systemd_config, + service_name => $service_name, + } +} diff --git a/manifests/server/instance/initdb.pp b/manifests/server/instance/initdb.pp new file mode 100644 index 0000000000..0cfdc4382a --- /dev/null +++ b/manifests/server/instance/initdb.pp @@ -0,0 +1,204 @@ +# @summary Manages initdb feature for a postgresql::server instance +# +# @param auth_host auth method used by default for host authorization +# @param auth_local auth method used by default for local authorization +# @param data_checksums Boolean. Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. +# @param datadir PostgreSQL data directory +# @param encoding +# Sets the default encoding for all databases created with this module. +# On certain operating systems this is also used during the template1 initialization, +# so it becomes a default outside of the module as well. +# @param group Overrides the default postgres user group to be used for related files in the file system. +# @param initdb_path Specifies the path to the initdb command. +# @param lc_messages locale used for logging and system messages +# @param locale Sets the default database locale for all databases created with this module. +# On certain operating systems this is used during the template1 initialization as well, so it becomes a default outside of the module. +# Warning: This option is used during initialization by initdb, and cannot be changed later. +# If set, checksums are calculated for all objects, in all databases. +# @param logdir PostgreSQL log directory +# @param manage_datadir Set to false if you have file{ $datadir: } already defined +# @param manage_logdir Set to false if you have file{ $logdir: } already defined +# @param manage_xlogdir Set to false if you have file{ $xlogdir: } already defined +# @param module_workdir Working directory for the PostgreSQL module +# @param needs_initdb Explicitly calls the initdb operation after server package is installed +# and before the PostgreSQL service is started. +# @param user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. +# @param username username of user running the postgres instance +# @param xlogdir PostgreSQL xlog/WAL directory +# @param port +# Specifies the port for the PostgreSQL server to listen on. +# Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, +# changing the port causes the server to come to a full stop before being able to make the change. +# @param psql_path Specifies the path to the psql command. +define postgresql::server::instance::initdb ( + Optional[String[1]] $auth_host = $postgresql::server::auth_host, + Optional[String[1]] $auth_local = $postgresql::server::auth_local, + Optional[Boolean] $data_checksums = $postgresql::server::data_checksums, + Stdlib::Absolutepath $datadir = $postgresql::server::datadir, + Optional[String[1]] $encoding = $postgresql::server::encoding, + String[1] $group = $postgresql::server::group, + Stdlib::Absolutepath $initdb_path = $postgresql::server::initdb_path, + Optional[String[1]] $lc_messages = $postgresql::server::lc_messages, + Optional[String[1]] $locale = $postgresql::server::locale, + Optional[Stdlib::Absolutepath] $logdir = $postgresql::server::logdir, + Boolean $manage_datadir = $postgresql::server::manage_datadir, + Boolean $manage_logdir = $postgresql::server::manage_logdir, + Boolean $manage_xlogdir = $postgresql::server::manage_xlogdir, + Stdlib::Absolutepath $module_workdir = $postgresql::server::module_workdir, + Boolean $needs_initdb = $postgresql::server::needs_initdb, + String[1] $user = $postgresql::server::user, + Optional[String[1]] $username = $postgresql::server::username, + Optional[Stdlib::Absolutepath] $xlogdir = $postgresql::server::xlogdir, + Stdlib::Port $port = $postgresql::server::port, + Stdlib::Absolutepath $psql_path = $postgresql::server::psql_path, +) { + if $facts['os']['family'] == 'RedHat' and $facts['os']['selinux']['enabled'] == true { + $seltype = 'postgresql_db_t' + $logdir_type = 'postgresql_log_t' + } else { + $seltype = undef + $logdir_type = undef + } + + if $manage_datadir { + # Make sure the data directory exists, and has the correct permissions. + file { $datadir: + ensure => directory, + owner => $user, + group => $group, + mode => '0700', + seltype => $seltype, + } + } else { + # changes an already defined datadir + File <| title == $datadir |> { + ensure => directory, + owner => $user, + group => $group, + mode => '0700', + seltype => $seltype, + } + } + + if $xlogdir { + # The xlogdir need to be present before initdb runs. + # If xlogdir is default it's created by package installer + $require_before_initdb = [$datadir, $xlogdir] + if$manage_xlogdir { + # Make sure the xlog directory exists, and has the correct permissions. + file { $xlogdir: + ensure => directory, + owner => $user, + group => $group, + mode => '0700', + seltype => $seltype, + } + } else { + # changes an already defined xlogdir + File <| title == $xlogdir |> { + ensure => directory, + owner => $user, + group => $group, + mode => '0700', + seltype => $seltype, + } + } + } else { + $require_before_initdb = [$datadir] + } + + if $logdir { + if $manage_logdir { + # Make sure the log directory exists, and has the correct permissions. + file { $logdir: + ensure => directory, + owner => $user, + group => $group, + seltype => $logdir_type, + } + } else { + # changes an already defined logdir + File <| title == $logdir |> { + ensure => directory, + owner => $user, + group => $group, + seltype => $logdir_type, + } + } + } + + if $needs_initdb { + # Build up the initdb command. + # + # We optionally add the locale switch if specified. Older versions of the + # initdb command don't accept this switch. So if the user didn't pass the + # parameter, lets not pass the switch at all. + + $auth_host_parameter = $auth_host ? { + undef => undef, + default => "--auth-host '${auth_host}'" + } + + $auth_local_parameter = $auth_local ? { + undef => undef, + default => "--auth-local '${auth_local}'" + } + + $data_checksums_parameter = $data_checksums ? { + undef => undef, + false => undef, + default => '--data-checksums' + } + + $datadir_parameter = "--pgdata '${datadir}'" + + # PostgreSQL 11 no longer allows empty encoding + $encoding_parameter = $encoding ? { + undef => undef, + default => "--encoding '${encoding}'" + } + + $lc_messages_parameter = $locale ? { + undef => undef, + default => "--lc-messages '${lc_messages}'" + } + + $locale_parameter = $locale ? { + undef => undef, + default => "--locale '${locale}'" + } + + $username_parameter = $username ? { + undef => undef, + default => "--username '${username}'" + } + + $xlogdir_parameter = $xlogdir ? { + undef => undef, + default => "-X '${xlogdir}'" + } + + $initdb_command = squeeze("${initdb_path} ${auth_host_parameter} ${auth_local_parameter} ${data_checksums_parameter} ${datadir_parameter} ${encoding_parameter} ${lc_messages_parameter} ${locale_parameter} ${username_parameter} ${xlogdir_parameter}", ' ') # lint:ignore:140chars + + # This runs the initdb command, we use the existance of the PG_VERSION + # file to ensure we don't keep running this command. + exec { "postgresql_initdb_instance_${name}": + command => $initdb_command, + creates => "${datadir}/PG_VERSION", + user => $user, + group => $group, + logoutput => on_failure, + require => File[$require_before_initdb], + cwd => $module_workdir, + } + } elsif $encoding { + postgresql::server::instance::late_initdb { $name: + encoding => $encoding, + user => $user, + group => $group, + module_workdir => $module_workdir, + psql_path => $psql_path, + port => $port, + } + } +} diff --git a/manifests/server/instance/late_initdb.pp b/manifests/server/instance/late_initdb.pp new file mode 100644 index 0000000000..bc011b9a01 --- /dev/null +++ b/manifests/server/instance/late_initdb.pp @@ -0,0 +1,48 @@ +# @summary Manage the default encoding when database initialization is managed by the package +# +# @param encoding +# Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the +# template1 initialization, so it becomes a default outside of the module as well. +# @param user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. +# @param group Overrides the default postgres user group to be used for related files in the file system. +# @param psql_path Specifies the path to the psql command. +# @param port +# Specifies the port for the PostgreSQL server to listen on. +# Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, +# changing the port causes the server to come to a full stop before being able to make the change. +# @param module_workdir Working directory for the PostgreSQL module +define postgresql::server::instance::late_initdb ( + Optional[String[1]] $encoding = $postgresql::server::encoding, + String[1] $user = $postgresql::server::user, + String[1] $group = $postgresql::server::group, + Stdlib::Absolutepath $psql_path = $postgresql::server::psql_path, + Stdlib::Port $port = $postgresql::server::port, + Stdlib::Absolutepath $module_workdir = $postgresql::server::module_workdir, +) { + # Set the defaults for the postgresql_psql resource + Postgresql_psql { + psql_user => $user, + psql_group => $group, + psql_path => $psql_path, + port => $port, + instance => $name, + cwd => $module_workdir, + } + + # [workaround] + # by default pg_createcluster encoding derived from locale + # but it do does not work by installing postgresql via puppet because puppet + # always override LANG to 'C' + postgresql_psql { "Set template1 encoding to ${encoding}": + command => "UPDATE pg_database + SET datistemplate = FALSE + WHERE datname = 'template1' + ; + UPDATE pg_database + SET encoding = pg_char_to_encoding('${encoding}'), datistemplate = TRUE + WHERE datname = 'template1'", + unless => "SELECT datname FROM pg_database WHERE + datname = 'template1' AND encoding = pg_char_to_encoding('${encoding}')", + before => Anchor["postgresql::server::service::end::${name}"], + } +} diff --git a/manifests/server/instance/passwd.pp b/manifests/server/instance/passwd.pp new file mode 100644 index 0000000000..a4bc20f467 --- /dev/null +++ b/manifests/server/instance/passwd.pp @@ -0,0 +1,67 @@ +# @summary Overrides the default PostgreSQL superuser +# +# @param user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. +# @param group Overrides the default postgres user group to be used for related files in the file system. +# Default value: 5432. Meaning the Postgres server listens on TCP port 5432. +# @param psql_path Specifies the path to the psql command. +# @param port +# Specifies the port for the PostgreSQL server to listen on. +# Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, +# changing the port causes the server to come to a full stop before being able to make the change. +# @param database Specifies the name of the database to connect with. On most systems this is 'postgres'. +# @param module_workdir Working directory for the PostgreSQL module +# @param postgres_password +# Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres +# database, with a user called postgres and no password. +define postgresql::server::instance::passwd ( + String[1] $user = $postgresql::server::user, + String[1] $group = $postgresql::server::group, + Stdlib::Absolutepath $psql_path = $postgresql::server::psql_path, + Stdlib::Port $port = $postgresql::server::port, + String[1] $database = $postgresql::server::default_database, + Stdlib::Absolutepath $module_workdir = $postgresql::server::module_workdir, + Optional[Variant[String[1], Sensitive[String[1]], Integer]] $postgres_password = $postgresql::server::postgres_password, +) { + $real_postgres_password = if $postgres_password =~ Sensitive { + $postgres_password.unwrap + } else { + $postgres_password + } + + # psql will default to connecting as $user if you don't specify name + $_datbase_user_same = $database == $user + $_dboption = $_datbase_user_same ? { + false => " --dbname ${stdlib::shell_escape($database)}", + default => '' + } + + if $real_postgres_password { + # NOTE: this password-setting logic relies on the pg_hba.conf being + # configured to allow the postgres system user to connect via psql + # without specifying a password ('ident' or 'trust' security). This is + # the default for pg_hba.conf. + $escaped = postgresql::postgresql_escape($real_postgres_password) + $exec_command = "${stdlib::shell_escape($psql_path)}${_dboption} -c \"ALTER ROLE \\\"${stdlib::shell_escape($user)}\\\" PASSWORD \${NEWPASSWD_ESCAPED}\"" # lint:ignore:140chars + exec { "set_postgres_postgrespw_${name}": + # This command works w/no password because we run it as postgres system + # user + command => $exec_command, + user => $user, + group => $group, + logoutput => true, + cwd => $module_workdir, + environment => [ + "PGPASSWORD=${real_postgres_password}", + "PGPORT=${port}", + "NEWPASSWD_ESCAPED=${escaped}", + ], + # With this command we're passing -h to force TCP authentication, which + # does require a password. We specify the password via the PGPASSWORD + # environment variable. If the password is correct (current), this + # command will exit with an exit code of 0, which will prevent the main + # command from running. + unless => "${psql_path} -h localhost -p ${port} -c 'select 1' > /dev/null", + path => '/usr/bin:/usr/local/bin:/bin', + } + } +} diff --git a/manifests/server/instance/reload.pp b/manifests/server/instance/reload.pp new file mode 100644 index 0000000000..53eb5fad99 --- /dev/null +++ b/manifests/server/instance/reload.pp @@ -0,0 +1,16 @@ +# @summary Overrides the default reload or status command for your PostgreSQL service +# +# @param service_reload Overrides the default reload command for your PostgreSQL service. +# @param service_status Overrides the default status check command for your PostgreSQL service. +define postgresql::server::instance::reload ( + String[1] $service_status = $postgresql::server::service_status, + String[1] $service_reload = $postgresql::server::service_reload, +) { + exec { "postgresql_reload_${name}": + path => '/usr/bin:/usr/sbin:/bin:/sbin', + command => $service_reload, + onlyif => $service_status, + refreshonly => true, + require => Class['postgresql::server::service'], + } +} diff --git a/manifests/server/instance/service.pp b/manifests/server/instance/service.pp new file mode 100644 index 0000000000..f778518dc0 --- /dev/null +++ b/manifests/server/instance/service.pp @@ -0,0 +1,67 @@ +# @summary Manages the service for the postgres main instance (default) or additional instances +# +# @param service_ensure Ensure service is installed +# @param service_enable Enable the PostgreSQL service +# @param service_manage Defines whether or not Puppet should manage the service. +# @param service_name Overrides the default PostgreSQL service name. +# @param service_provider Overrides the default PostgreSQL service provider. +# @param service_status Overrides the default status check command for your PostgreSQL service. +# @param user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. +# @param port +# Specifies the port for the PostgreSQL server to listen on. +# Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, +# changing the port causes the server to come to a full stop before being able to make the change. +# Default value: 5432. Meaning the Postgres server listens on TCP port 5432. +# @param default_database Specifies the name of the default database to connect with. On most systems this is 'postgres'. +# @param psql_path Specifies the path to the psql command. +# @param connect_settings +# Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, +# such as postgresql::server::role. +define postgresql::server::instance::service ( + Variant[Enum['running', 'stopped'], Boolean] $service_ensure = $postgresql::server::service_ensure, + Boolean $service_enable = $postgresql::server::service_enable, + Boolean $service_manage = $postgresql::server::service_manage, + String[1] $service_name = $postgresql::server::service_name, + Optional[String[1]] $service_provider = $postgresql::server::service_provider, + String[1] $service_status = $postgresql::server::service_status, + String[1] $user = $postgresql::server::user, + Stdlib::Port $port = $postgresql::server::port, + String[1] $default_database = $postgresql::server::default_database, + Stdlib::Absolutepath $psql_path = $postgresql::server::psql_path, + Hash $connect_settings = $postgresql::server::default_connect_settings, +) { + anchor { "postgresql::server::service::begin::${name}": } + + if $service_manage { + service { "postgresqld_instance_${name}": + ensure => $service_ensure, + enable => $service_enable, + name => $service_name, + provider => $service_provider, + hasstatus => true, + status => $service_status, + } + + if $service_ensure in ['running', true] { + # This blocks the class before continuing if chained correctly, making + # sure the service really is 'up' before continuing. + # + # Without it, we may continue doing more work before the database is + # prepared leading to a nasty race condition. + postgresql_conn_validator { "validate_service_is_running_instance_${name}": + run_as => $user, + db_name => $default_database, + port => $port, + connect_settings => $connect_settings, + sleep => 1, + tries => 60, + psql_path => $psql_path, + require => Service["postgresqld_instance_${name}"], + before => Anchor["postgresql::server::service::end::${name}"], + } + Postgresql::Server::Database <| title == $default_database |> -> Postgresql_conn_validator["validate_service_is_running_instance_${name}"] + } + } + + anchor { "postgresql::server::service::end::${name}": } +} diff --git a/manifests/server/instance/systemd.pp b/manifests/server/instance/systemd.pp new file mode 100644 index 0000000000..b9a46a2336 --- /dev/null +++ b/manifests/server/instance/systemd.pp @@ -0,0 +1,40 @@ +# @summary This define handles systemd drop-in files for the postgres main instance (default) or additional instances +# @param service_name Overrides the default PostgreSQL service name. +# @param drop_in_ensure sets the Systemd drop-in file to present or absent +# @api private +define postgresql::server::instance::systemd ( + Stdlib::Port $port, + Stdlib::Absolutepath $datadir, + String[1] $instance_name = $name, + Optional[String[1]] $extra_systemd_config = undef, + String[1] $service_name = $name, + Enum[present, absent] $drop_in_ensure = 'present', +) { + if $facts['service_provider'] == 'systemd' { + if $facts['os']['family'] in ['RedHat', 'Gentoo'] { + # RHEL 7 and 8 both support drop-in files for systemd units. + # Gentoo also supports drop-in files. + # RHEL based Systems need Variables set for $PGPORT, $DATA_DIR or $PGDATA, thats what the drop-in file is for. + # For additional instances (!= 'main') we need a new systemd service anyhow and use one systemd-file. no dropin needed. + # + # Template uses: + # - $port + # - $datadir + # - $extra_systemd_config + systemd::dropin_file { "${service_name}.conf": + ensure => $drop_in_ensure, + unit => "${service_name}.service", + owner => 'root', + group => 'root', + content => epp('postgresql/systemd-override.conf.epp', { + port => $port, + datadir => $datadir, + extra_systemd_config => $extra_systemd_config, + } + ), + notify => Class['postgresql::server::service'], + before => Class['postgresql::server::reload'], + } + } + } +} diff --git a/manifests/server/late_initdb.pp b/manifests/server/late_initdb.pp index ea7b0a8624..d0fa68c0a7 100644 --- a/manifests/server/late_initdb.pp +++ b/manifests/server/late_initdb.pp @@ -4,36 +4,12 @@ class postgresql::server::late_initdb { assert_private() - $encoding = $postgresql::server::encoding - $user = $postgresql::server::user - $group = $postgresql::server::group - $psql_path = $postgresql::server::psql_path - $port = $postgresql::server::port - $module_workdir = $postgresql::server::module_workdir - - # Set the defaults for the postgresql_psql resource - Postgresql_psql { - psql_user => $user, - psql_group => $group, - psql_path => $psql_path, - port => $port, - cwd => $module_workdir, - } - - # [workaround] - # by default pg_createcluster encoding derived from locale - # but it do does not work by installing postgresql via puppet because puppet - # always override LANG to 'C' - postgresql_psql { "Set template1 encoding to ${encoding}": - command => "UPDATE pg_database - SET datistemplate = FALSE - WHERE datname = 'template1' - ; - UPDATE pg_database - SET encoding = pg_char_to_encoding('${encoding}'), datistemplate = TRUE - WHERE datname = 'template1'", - unless => "SELECT datname FROM pg_database WHERE - datname = 'template1' AND encoding = pg_char_to_encoding('${encoding}')", - before => Anchor['postgresql::server::service::end'] + postgresql::server::instance::late_initdb { 'main': + encoding => $postgresql::server::encoding, + user => $postgresql::server::user, + group => $postgresql::server::group, + psql_path => $postgresql::server::psql_path, + port => $postgresql::server::port, + module_workdir => $postgresql::server::module_workdir, } } diff --git a/manifests/server/passwd.pp b/manifests/server/passwd.pp index 93ceb96966..e30beef032 100644 --- a/manifests/server/passwd.pp +++ b/manifests/server/passwd.pp @@ -1,51 +1,12 @@ # @api private class postgresql::server::passwd { - $postgres_password = if $postgresql::server::postgres_password =~ Sensitive { - $postgresql::server::postgres_password.unwrap - } else { - $postgresql::server::postgres_password - } - - $user = $postgresql::server::user - $group = $postgresql::server::group - $psql_path = $postgresql::server::psql_path - $port = $postgresql::server::port - $database = $postgresql::server::default_database - $module_workdir = $postgresql::server::module_workdir - - # psql will default to connecting as $user if you don't specify name - $_datbase_user_same = $database == $user - $_dboption = $_datbase_user_same ? { - false => " --dbname ${database}", - default => '' - } - - if $postgres_password { - # NOTE: this password-setting logic relies on the pg_hba.conf being - # configured to allow the postgres system user to connect via psql - # without specifying a password ('ident' or 'trust' security). This is - # the default for pg_hba.conf. - $escaped = postgresql::postgresql_escape($postgres_password) - exec { 'set_postgres_postgrespw': - # This command works w/no password because we run it as postgres system - # user - command => "${psql_path}${_dboption} -c \"ALTER ROLE \\\"${user}\\\" PASSWORD \${NEWPASSWD_ESCAPED}\"", - user => $user, - group => $group, - logoutput => true, - cwd => $module_workdir, - environment => [ - "PGPASSWORD=${postgres_password}", - "PGPORT=${port}", - "NEWPASSWD_ESCAPED=${escaped}", - ], - # With this command we're passing -h to force TCP authentication, which - # does require a password. We specify the password via the PGPASSWORD - # environment variable. If the password is correct (current), this - # command will exit with an exit code of 0, which will prevent the main - # command from running. - unless => "${psql_path} -h localhost -p ${port} -c 'select 1' > /dev/null", - path => '/usr/bin:/usr/local/bin:/bin', - } + postgresql::server::instance::passwd { 'main': + user => $postgresql::server::user, + group => $postgresql::server::group, + psql_path => $postgresql::server::psql_path, + port => $postgresql::server::port, + database => $postgresql::server::default_database, + module_workdir => $postgresql::server::module_workdir, + postgres_password => $postgresql::server::postgres_password, } } diff --git a/manifests/server/pg_hba_rule.pp b/manifests/server/pg_hba_rule.pp index b4707751d5..e7945669e0 100644 --- a/manifests/server/pg_hba_rule.pp +++ b/manifests/server/pg_hba_rule.pp @@ -1,28 +1,37 @@ # @summary This resource manages an individual rule that applies to the file defined in target. # # @param type Sets the type of rule. -# Enum['local','host','hostssl','hostnossl','hostgssenc']. # @param database Sets a comma-separated list of databases that this rule matches. # @param user Sets a comma-separated list of users that this rule matches. -# @param auth_method Provides the method that is used for authentication for the connection that this rule matches. Described further in the PostgreSQL pg_hba.conf documentation. -# @param address Sets a CIDR based address for this rule matching when the type is not 'local'. -# @param description Defines a longer description for this rule, if required. This description is placed in the comments above the rule in pg_hba.conf. Default value: 'none'. -# @param auth_option For certain auth_method settings there are extra options that can be passed. Consult the PostgreSQL pg_hba.conf documentation for further details. -# @param order Sets an order for placing the rule in pg_hba.conf. This can be either a string or an integer. If it is an integer, it will be converted to a string by zero-padding it to three digits. E.g. 42 will be zero-padded to the string '042'. The pg_hba_rule fragments are sorted using the alpha sorting order. Default value: 150. +# @param auth_method +# Provides the method that is used for authentication for the connection that this rule matches. +# Described further in the PostgreSQL pg_hba.conf documentation. +# @param address +# Sets a address for this rule matching when the type is not 'local'. +# Value can either be IPv4 CIDR, IPv6 CIDR, a FQDN, the strings 'all', 'samehost' or 'samenet' or a domain either with or without starting +# dot (.) https://www.postgresql.org/docs/current/auth-pg-hba-conf.html +# @param description +# Defines a longer description for this rule, if required. This description is placed in the comments above the rule in pg_hba.conf. +# Default value: 'none'. +# @param auth_option +# For certain auth_method settings there are extra options that can be passed. Consult the PostgreSQL pg_hba.conf documentation for +# further details. +# @param order +# Sets an order for placing the rule in pg_hba.conf. This can be either a string or an integer. If it is an integer, it will be converted +# to a string by zero-padding it to three digits. E.g. 42 will be zero-padded to the string '042'. The pg_hba_rule fragments are sorted +# using the alpha sorting order. +# Default value: 150. # @param target Provides the target for the rule, and is generally an internal only property. Use with caution. # @param postgresql_version Manages pg_hba.conf without managing the entire PostgreSQL instance. define postgresql::server::pg_hba_rule ( - Enum['local', 'host', 'hostssl', 'hostnossl', 'hostgssenc'] $type, - String $database, - String $user, - String $auth_method, - Optional[String] $address = undef, - String $description = 'none', + Postgresql::Pg_hba_rule_type $type, + String[1] $database, + String[1] $user, + String[1] $auth_method, + Optional[Postgresql::Pg_hba_rule_address] $address = undef, + String[1] $description = 'none', Optional[String] $auth_option = undef, Variant[String, Integer] $order = 150, - - # Needed for testing primarily, support for multiple files is not really - # working. Stdlib::Absolutepath $target = $postgresql::server::pg_hba_conf_path, String $postgresql_version = $postgresql::server::_version ) { @@ -35,7 +44,7 @@ } if $manage_pg_hba_conf == false { - fail('postgresql::server::manage_pg_hba_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests') + fail('postgresql::server::manage_pg_hba_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests') # lint:ignore:140chars } else { if($type =~ /^host/ and $address == undef) { fail('You must specify an address property when type is host based') @@ -49,7 +58,7 @@ } $allowed_auth_methods = $postgresql_version ? { - '10' => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'], + '10' => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'], # lint:ignore:140chars '9.6' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'], '9.5' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'], '9.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'], @@ -57,11 +66,7 @@ '9.2' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'], '9.1' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'], '9.0' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'radius', 'cert', 'pam'], - '8.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'cert', 'pam'], - '8.3' => ['trust', 'reject', 'md5', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'], - '8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'], - '8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'], - default => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd'] + default => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd'] # lint:ignore:140chars } assert_type(Enum[$allowed_auth_methods], $auth_method) @@ -70,7 +75,18 @@ $fragname = "pg_hba_rule_${name}" concat::fragment { $fragname: target => $target, - content => template('postgresql/pg_hba_rule.conf'), + content => epp('postgresql/pg_hba_rule.conf.epp', { + name => $name, + description => $description, + order => $order, + type => $type, + database => $database, + user => $user, + address => $address, + auth_method => $auth_method, + auth_option => $auth_option, + } + ), order => $_order, } } diff --git a/manifests/server/pg_ident_rule.pp b/manifests/server/pg_ident_rule.pp index bf15047164..088bce6c98 100644 --- a/manifests/server/pg_ident_rule.pp +++ b/manifests/server/pg_ident_rule.pp @@ -2,29 +2,41 @@ # # @param map_name Sets the name of the user map that is used to refer to this mapping in pg_hba.conf. # @param system_username Specifies the operating system user name (the user name used to connect to the database). -# @param database_username Specifies the user name of the database user. The system_username is mapped to this user name. -# @param description Sets a longer description for this rule if required. This description is placed in the comments above the rule in pg_ident.conf. Default value: 'none'. +# @param database_username +# Specifies the user name of the database user. +# The system_username is mapped to this user name. +# @param description +# Sets a longer description for this rule if required. +# This description is placed in the comments above the rule in pg_ident.conf. # @param order Defines an order for placing the mapping in pg_ident.conf. Default value: 150. # @param target Provides the target for the rule and is generally an internal only property. Use with caution. define postgresql::server::pg_ident_rule ( - $map_name, - $system_username, - $database_username, - $description = 'none', - $order = '150', + String[1] $map_name, + String[1] $system_username, + String[1] $database_username, + String[1] $description = 'none', + String[1] $order = '150', # Needed for testing primarily, support for multiple files is not really # working. - $target = $postgresql::server::pg_ident_conf_path + Stdlib::Absolutepath $target = $postgresql::server::pg_ident_conf_path ) { if $postgresql::server::manage_pg_ident_conf == false { - fail('postgresql::server::manage_pg_ident_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests') + fail('postgresql::server::manage_pg_ident_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests') # lint:ignore:140chars } else { # Create a rule fragment $fragname = "pg_ident_rule_${name}" concat::fragment { $fragname: target => $target, - content => template('postgresql/pg_ident_rule.conf'), + content => epp('postgresql/pg_ident_rule.conf.epp', { + name => $name, + description => $description, + order => $order, + map_name => $map_name, + system_username => $system_username, + database_username => $database_username, + } + ), order => $order, } } diff --git a/manifests/server/plperl.pp b/manifests/server/plperl.pp index 842c7ad5ed..1db5d4aa8f 100644 --- a/manifests/server/plperl.pp +++ b/manifests/server/plperl.pp @@ -3,8 +3,8 @@ # @param package_ensure The ensure parameter passed on to PostgreSQL PL/Perl package resource. # @param package_name The name of the PostgreSQL PL/Perl package. class postgresql::server::plperl ( - $package_ensure = 'present', - $package_name = $postgresql::server::plperl_package_name + Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $package_ensure = 'present', + Optional[String[1]] $package_name = $postgresql::server::plperl_package_name, ) { package { 'postgresql-plperl': ensure => $package_ensure, diff --git a/manifests/server/plpython.pp b/manifests/server/plpython.pp index 55f6da448a..8577bd34e5 100644 --- a/manifests/server/plpython.pp +++ b/manifests/server/plpython.pp @@ -5,8 +5,8 @@ # @param package_name # Specifies the name of the postgresql PL/Python package. class postgresql::server::plpython ( - $package_ensure = 'present', - $package_name = $postgresql::server::plpython_package_name, + Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $package_ensure = 'present', + Optional[String[1]] $package_name = $postgresql::server::plpython_package_name, ) { package { 'postgresql-plpython': ensure => $package_ensure, diff --git a/manifests/server/postgis.pp b/manifests/server/postgis.pp index c35ef5ce6e..c259e030ff 100644 --- a/manifests/server/postgis.pp +++ b/manifests/server/postgis.pp @@ -3,8 +3,8 @@ # @param package_name Sets the package name. # @param package_ensure Specifies if the package is present or not. class postgresql::server::postgis ( - String $package_name = $postgresql::params::postgis_package_name, - String[1] $package_ensure = 'present' + String $package_name = $postgresql::params::postgis_package_name, + Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $package_ensure = 'present', ) inherits postgresql::params { package { 'postgresql-postgis': ensure => $package_ensure, diff --git a/manifests/server/reassign_owned_by.pp b/manifests/server/reassign_owned_by.pp index 8bcccb454f..ce98f2601b 100644 --- a/manifests/server/reassign_owned_by.pp +++ b/manifests/server/reassign_owned_by.pp @@ -1,36 +1,30 @@ # @summary Define for reassigning the ownership of objects within a database. -# @note -# This enables us to force the a particular ownership for objects within a database -# +# +# @note This enables us to force the a particular ownership for objects within a database +# # @param old_role Specifies the role or user who is the current owner of the objects in the specified db # @param new_role Specifies the role or user who will be the new owner of these objects # @param db Specifies the database to which the 'REASSIGN OWNED' will be applied # @param psql_user Specifies the OS user for running psql. # @param port Port to use when connecting. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. +# @param group Sets the OS group to run psql +# @param psql_path Sets the path to psql command +# @param instance The name of the Postgresql database instance. define postgresql::server::reassign_owned_by ( String $old_role, String $new_role, String $db, - String $psql_user = $postgresql::server::user, - Integer $port = $postgresql::server::port, - Hash $connect_settings = $postgresql::server::default_connect_settings, + String $psql_user = $postgresql::server::user, + Stdlib::Port $port = $postgresql::server::port, + Hash $connect_settings = $postgresql::server::default_connect_settings, + String[1] $group = $postgresql::server::group, + Stdlib::Absolutepath $psql_path = $postgresql::server::psql_path, + String[1] $instance = 'main', ) { $sql_command = "REASSIGN OWNED BY \"${old_role}\" TO \"${new_role}\"" - $group = $postgresql::server::group - $psql_path = $postgresql::server::psql_path - - # - # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port - # - if $port != undef { - $port_override = $port - } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { - $port_override = undef - } else { - $port_override = $postgresql::server::port - } + $port_override = pick($connect_settings['PGPORT'], $port) $onlyif = "SELECT tablename FROM pg_catalog.pg_tables WHERE schemaname NOT IN ('pg_catalog', 'information_schema') AND @@ -51,17 +45,18 @@ psql_user => $psql_user, psql_group => $group, psql_path => $psql_path, + instance => $instance, onlyif => $onlyif, } - if($old_role != undef and defined(Postgresql::Server::Role[$old_role])) { - Postgresql::Server::Role[$old_role]->Postgresql_psql["reassign_owned_by:${db}:${sql_command}"] + if defined(Postgresql::Server::Role[$old_role]) { + Postgresql::Server::Role[$old_role] -> Postgresql_psql["reassign_owned_by:${db}:${sql_command}"] } if($new_role != undef and defined(Postgresql::Server::Role[$new_role])) { - Postgresql::Server::Role[$new_role]->Postgresql_psql["reassign_owned_by:${db}:${sql_command}"] + Postgresql::Server::Role[$new_role] -> Postgresql_psql["reassign_owned_by:${db}:${sql_command}"] } - if($db != undef and defined(Postgresql::Server::Database[$db])) { - Postgresql::Server::Database[$db]->Postgresql_psql["reassign_owned_by:${db}:${sql_command}"] + if defined(Postgresql::Server::Database[$db]) { + Postgresql::Server::Database[$db] -> Postgresql_psql["reassign_owned_by:${db}:${sql_command}"] } } diff --git a/manifests/server/recovery.pp b/manifests/server/recovery.pp index 8c6a7c24d2..e28976e7f5 100644 --- a/manifests/server/recovery.pp +++ b/manifests/server/recovery.pp @@ -2,58 +2,66 @@ # # @note # Allows you to create the content for recovery.conf. For more details see the usage example and the PostgreSQL documentation. -# Every parameter value is a string set in the template except recovery_target_inclusive, pause_at_recovery_target, standby_mode and recovery_min_apply_delay. +# Every parameter value is a string set in the template except recovery_target_inclusive, pause_at_recovery_target, standby_mode and +# recovery_min_apply_delay. # A detailed description of all listed parameters can be found in the PostgreSQL documentation. -# Only the specified parameters are recognized in the template. The recovery.conf is only created if at least one parameter is set and manage_recovery_conf is set to true. +# Only the specified parameters are recognized in the template. The recovery.conf is only created if at least one parameter is set and +# manage_recovery_conf is set to true. # # @param restore_command The shell command to execute to retrieve an archived segment of the WAL file series. # @param archive_cleanup_command This optional parameter specifies a shell command that will be executed at every restartpoint. # @param recovery_end_command This parameter specifies a shell command that will be executed once only at the end of recovery. -# @param recovery_target_name This parameter specifies the named restore point (created with pg_create_restore_point()) to which recovery will proceed. +# @param recovery_target_name +# This parameter specifies the named restore point (created with pg_create_restore_point()) to which recovery will proceed. # @param recovery_target_time This parameter specifies the time stamp up to which recovery will proceed. # @param recovery_target_xid This parameter specifies the transaction ID up to which recovery will proceed. -# @param recovery_target_inclusive Specifies whether to stop just after the specified recovery target (true), or just before the recovery target (false). -# @param recovery_target This parameter specifies that recovery should end as soon as a consistent state is reached, i.e. as early as possible. +# @param recovery_target_inclusive +# Specifies whether to stop just after the specified recovery target (true), or just before the recovery target (false). +# @param recovery_target +# This parameter specifies that recovery should end as soon as a consistent state is reached, i.e. as early as possible. # @param recovery_target_timeline Specifies recovering into a particular timeline. # @param pause_at_recovery_target Specifies whether recovery should pause when the recovery target is reached. # @param standby_mode Specifies whether to start the PostgreSQL server as a standby. # @param primary_conninfo Specifies a connection string to be used for the standby server to connect with the primary. -# @param primary_slot_name Optionally specifies an existing replication slot to be used when connecting to the primary via streaming replication to control resource removal on the upstream node. +# @param primary_slot_name +# Optionally specifies an existing replication slot to be used when connecting to the primary via streaming replication to control +# resource removal on the upstream node. # @param trigger_file Specifies a trigger file whose presence ends recovery in the standby. -# @param recovery_min_apply_delay This parameter allows you to delay recovery by a fixed period of time, measured in milliseconds if no unit is specified. +# @param recovery_min_apply_delay +# This parameter allows you to delay recovery by a fixed period of time, measured in milliseconds if no unit is specified. # @param target Provides the target for the rule, and is generally an internal only property. Use with caution. define postgresql::server::recovery ( - $restore_command = undef, - $archive_cleanup_command = undef, - $recovery_end_command = undef, - $recovery_target_name = undef, - $recovery_target_time = undef, - $recovery_target_xid = undef, - $recovery_target_inclusive = undef, - $recovery_target = undef, - $recovery_target_timeline = undef, - $pause_at_recovery_target = undef, - $standby_mode = undef, - $primary_conninfo = undef, - $primary_slot_name = undef, - $trigger_file = undef, - $recovery_min_apply_delay = undef, - $target = $postgresql::server::recovery_conf_path + Optional[String] $restore_command = undef, + Optional[String[1]] $archive_cleanup_command = undef, + Optional[String[1]] $recovery_end_command = undef, + Optional[String[1]] $recovery_target_name = undef, + Optional[String[1]] $recovery_target_time = undef, + Optional[String[1]] $recovery_target_xid = undef, + Optional[Boolean] $recovery_target_inclusive = undef, + Optional[String[1]] $recovery_target = undef, + Optional[String[1]] $recovery_target_timeline = undef, + Optional[Boolean] $pause_at_recovery_target = undef, + Optional[String[1]] $standby_mode = undef, + Optional[String[1]] $primary_conninfo = undef, + Optional[String[1]] $primary_slot_name = undef, + Optional[String[1]] $trigger_file = undef, + Optional[Integer] $recovery_min_apply_delay = undef, + Stdlib::Absolutepath $target = $postgresql::server::recovery_conf_path ) { if $postgresql::server::manage_recovery_conf == false { - fail('postgresql::server::manage_recovery_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests') + fail('postgresql::server::manage_recovery_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests') # lint:ignore:140chars } else { if($restore_command == undef and $archive_cleanup_command == undef and $recovery_end_command == undef and $recovery_target_name == undef and $recovery_target_time == undef and $recovery_target_xid == undef and $recovery_target_inclusive == undef and $recovery_target == undef and $recovery_target_timeline == undef and $pause_at_recovery_target == undef and $standby_mode == undef and $primary_conninfo == undef and $primary_slot_name == undef and $trigger_file == undef and $recovery_min_apply_delay == undef) { - fail('postgresql::server::recovery use this resource but do not pass a parameter will avoid creating the recovery.conf, because it makes no sense.') + fail('postgresql::server::recovery use this resource but do not pass a parameter will avoid creating the recovery.conf, because it makes no sense.') # lint:ignore:140chars } concat { $target: - owner => $postgresql::server::config::user, - group => $postgresql::server::config::group, + owner => $postgresql::server::user, + group => $postgresql::server::group, force => true, # do not crash if there is no recovery conf file mode => '0640', warn => true, @@ -61,9 +69,26 @@ } # Create the recovery.conf content - concat::fragment { 'recovery.conf': + concat::fragment { "${name}-recovery.conf": target => $target, - content => template('postgresql/recovery.conf.erb'), + content => epp('postgresql/recovery.conf.epp', { + restore_command => $restore_command, + archive_cleanup_command => $archive_cleanup_command, + recovery_end_command => $recovery_end_command, + recovery_target_name => $recovery_target_name, + recovery_target_time => $recovery_target_time, + recovery_target_xid => $recovery_target_xid, + recovery_target_inclusive => $recovery_target_inclusive, + recovery_target => $recovery_target, + recovery_target_timeline => $recovery_target_timeline, + pause_at_recovery_target => $pause_at_recovery_target, + standby_mode => $standby_mode, + primary_conninfo => $primary_conninfo, + primary_slot_name => $primary_slot_name, + trigger_file => $trigger_file, + recovery_min_apply_delay => $recovery_min_apply_delay, + } + ), } } } diff --git a/manifests/server/reload.pp b/manifests/server/reload.pp index 0b17272c62..be5e7576d3 100644 --- a/manifests/server/reload.pp +++ b/manifests/server/reload.pp @@ -1,14 +1,7 @@ # @api private class postgresql::server::reload { - $service_name = $postgresql::server::service_name - $service_status = $postgresql::server::service_status - $service_reload = $postgresql::server::service_reload - - exec { 'postgresql_reload': - path => '/usr/bin:/usr/sbin:/bin:/sbin', - command => $service_reload, - onlyif => $service_status, - refreshonly => true, - require => Class['postgresql::server::service'], + postgresql::server::instance::reload { 'main': + service_status => $postgresql::server::service_status, + service_reload => $postgresql::server::service_reload, } } diff --git a/manifests/server/role.pp b/manifests/server/role.pp index 00edc75bd5..1b37ce282c 100644 --- a/manifests/server/role.pp +++ b/manifests/server/role.pp @@ -1,6 +1,7 @@ # @summary Define for creating a database role. # -# @param update_password If set to true, updates the password on changes. Set this to false to not modify the role's password after creation. +# @param update_password +# If set to true, updates the password on changes. Set this to false to not modify the role's password after creation. # @param password_hash Sets the hash to use during password creation. # @param createdb Specifies whether to grant the ability to create new databases with this role. # @param createrole Specifies whether to grant the ability to create new roles with this role. @@ -17,64 +18,53 @@ # @param psql_user Sets the OS user to run psql # @param psql_group Sets the OS group to run psql # @param psql_path Sets path to psql command -# @param module_workdir Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option. +# @param module_workdir +# Specifies working directory under which the psql command should be executed. +# May need to specify if '/tmp' is on volume mounted with noexec option. # @param hash Specify the hash method for pg password # @param salt Specify the salt use for the scram-sha-256 encoding password (default username) +# @param instance The name of the Postgresql database instance. define postgresql::server::role ( - $update_password = true, - Variant[Boolean, String, Sensitive[String]] $password_hash = false, - $createdb = false, - $createrole = false, - $db = $postgresql::server::default_database, - $port = undef, - $login = true, - $inherit = true, - $superuser = false, - $replication = false, - $connection_limit = '-1', - $username = $title, - $connect_settings = $postgresql::server::default_connect_settings, - $psql_user = $postgresql::server::user, - $psql_group = $postgresql::server::group, - $psql_path = $postgresql::server::psql_path, - $module_workdir = $postgresql::server::module_workdir, - Enum['present', 'absent'] $ensure = 'present', - Enum['md5', 'scram-sha-256'] $hash = 'md5', - Optional[Variant[String[1], Integer]] $salt = undef, + Boolean $update_password = true, + Variant[Boolean, String, Sensitive[String]] $password_hash = false, + Boolean $createdb = false, + Boolean $createrole = false, + String[1] $db = $postgresql::server::default_database, + Stdlib::Port $port = postgresql::default('port'), + Boolean $login = true, + Boolean $inherit = true, + Boolean $superuser = false, + Boolean $replication = false, + String[1] $connection_limit = '-1', + String[1] $username = $title, + Hash $connect_settings = $postgresql::server::default_connect_settings, + String[1] $psql_user = $postgresql::server::user, + String[1] $psql_group = $postgresql::server::group, + Stdlib::Absolutepath $psql_path = $postgresql::server::psql_path, + String[1] $module_workdir = $postgresql::server::module_workdir, + Enum['present', 'absent'] $ensure = 'present', + Optional[Enum['md5', 'scram-sha-256']] $hash = undef, + Optional[Variant[String[1], Integer]] $salt = undef, + String[1] $instance = 'main', ) { $password_hash_unsensitive = if $password_hash =~ Sensitive[String] { $password_hash.unwrap } else { $password_hash } - # - # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port - # - if $port != undef { - $port_override = $port - } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { - $port_override = undef - } else { - $port_override = $postgresql::server::port - } - - # If possible use the version of the remote database, otherwise - # fallback to our local DB version - if $connect_settings != undef and has_key( $connect_settings, 'DBVERSION') { - $version = $connect_settings['DBVERSION'] - } else { - $version = $postgresql::server::_version - } + $port_override = pick($connect_settings['PGPORT'], $port) + $version = pick($connect_settings['DBVERSION'], postgresql::default('version')) Postgresql_psql { - db => $db, - port => $port_override, - psql_user => $psql_user, - psql_group => $psql_group, - psql_path => $psql_path, + db => $db, + port => $port_override, + psql_user => $psql_user, + psql_group => $psql_group, + psql_path => $psql_path, connect_settings => $connect_settings, - cwd => $module_workdir, - require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"], + instance => $instance, + cwd => $module_workdir, + require => Postgresql_psql["CREATE ROLE ${username} ENCRYPTED PASSWORD ****"], } if $ensure == 'present' { @@ -84,14 +74,33 @@ $createdb_sql = $createdb ? { true => 'CREATEDB', default => 'NOCREATEDB' } $superuser_sql = $superuser ? { true => 'SUPERUSER', default => 'NOSUPERUSER' } $replication_sql = $replication ? { true => 'REPLICATION', default => '' } - if ($password_hash_unsensitive != false) { - $password_sql = "ENCRYPTED PASSWORD '${password_hash_unsensitive}'" + + if $password_hash_unsensitive =~ Deferred { + $password_sql = Deferred('postgresql::prepend_sql_password', [$password_hash_unsensitive]) + } elsif ($password_hash_unsensitive != false) { + $password_sql = postgresql::prepend_sql_password($password_hash_unsensitive) } else { $password_sql = '' } + if $password_sql =~ Deferred { + $create_role_command = Deferred('sprintf', ["CREATE ROLE \"%s\" %s %s %s %s %s %s CONNECTION LIMIT %s", + $username, + $password_sql, + $login_sql, + $createrole_sql, + $createdb_sql, + $superuser_sql, + $replication_sql, + $connection_limit, + ] + ) + } else { + $create_role_command = "CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}" # lint:ignore:140chars + } + postgresql_psql { "CREATE ROLE ${username} ENCRYPTED PASSWORD ****": - command => Sensitive("CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}"), + command => Sensitive($create_role_command), unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}'", require => undef, sensitive => true, @@ -133,21 +142,46 @@ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolconnlimit = ${connection_limit}", } + $_hash = if $hash { + $hash + } elsif $connect_settings != undef and 'DBVERSION' in $connect_settings { + versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' } + } else { + $postgresql::server::password_encryption + } if $password_hash_unsensitive and $update_password { - if($password_hash_unsensitive =~ /^(md5|SCRAM-SHA-256).+/) { - $pwd_hash_sql = $password_hash_unsensitive + if $password_hash_unsensitive =~ Deferred { + $pwd_hash_sql = Deferred ( 'postgresql::postgresql_password', [ + $username, + $password_hash_unsensitive, + false, + $_hash, + $salt, + ] + ) } else { $pwd_hash_sql = postgresql::postgresql_password( $username, - $password_hash, - $password_hash =~ Sensitive[String], - $hash, + $password_hash_unsensitive, + false, + $_hash, $salt, ) } + if $pwd_hash_sql =~ Deferred { + $pw_command = Deferred('sprintf', ["ALTER ROLE \"%s\" ENCRYPTED PASSWORD '%s'", $username, $pwd_hash_sql]) + $unless_pw_command = Deferred('sprintf', ["SELECT 1 FROM pg_shadow WHERE usename = '%s' AND passwd = '%s'", + $username, + $pwd_hash_sql, + ] + ) + } else { + $pw_command = "ALTER ROLE \"${username}\" ENCRYPTED PASSWORD '${pwd_hash_sql}'" + $unless_pw_command = "SELECT 1 FROM pg_shadow WHERE usename = '${username}' AND passwd = '${pwd_hash_sql}'" + } postgresql_psql { "ALTER ROLE ${username} ENCRYPTED PASSWORD ****": - command => Sensitive("ALTER ROLE \"${username}\" ENCRYPTED PASSWORD '${pwd_hash_sql}'"), - unless => Sensitive("SELECT 1 FROM pg_shadow WHERE usename = '${username}' AND passwd = '${pwd_hash_sql}'"), + command => Sensitive($pw_command), + unless => Sensitive($unless_pw_command), sensitive => true, } } diff --git a/manifests/server/schema.pp b/manifests/server/schema.pp index 0fbda4c07c..e8405792f7 100644 --- a/manifests/server/schema.pp +++ b/manifests/server/schema.pp @@ -8,39 +8,44 @@ # @param owner Sets the default owner of the schema. # @param schema Sets the name of the schema. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. +# @param port the post the postgresql instance is listening on. +# @param user Sets the OS user to run psql +# @param group Sets the OS group to run psql +# @param psql_path Sets path to psql command +# @param module_workdir +# Specifies working directory under which the psql command should be executed. +# May need to specify if '/tmp' is on volume mounted with noexec option. +# @param instance The name of the Postgresql database instance. # @example # postgresql::server::schema {'private': # db => 'template1', # } define postgresql::server::schema ( - $db = $postgresql::server::default_database, - $owner = undef, - $schema = $title, - $connect_settings = $postgresql::server::default_connect_settings, + String[1] $db = $postgresql::server::default_database, + Optional[String[1]] $owner = undef, + String[1] $schema = $title, + Hash $connect_settings = $postgresql::server::default_connect_settings, + Stdlib::Port $port = $postgresql::server::port, + String[1] $user = $postgresql::server::user, + String[1] $group = $postgresql::server::group, + Stdlib::Absolutepath $psql_path = $postgresql::server::psql_path, + Stdlib::Absolutepath $module_workdir = $postgresql::server::module_workdir, + String[1] $instance = 'main', ) { - $user = $postgresql::server::user - $group = $postgresql::server::group - $psql_path = $postgresql::server::psql_path - $version = $postgresql::server::_version - $module_workdir = $postgresql::server::module_workdir - Postgresql::Server::Db <| dbname == $db |> -> Postgresql::Server::Schema[$name] # If the connection settings do not contain a port, then use the local server port - if $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { - $port = undef - } else { - $port = $postgresql::server::port - } + $port_override = pick($connect_settings['PGPORT'], $port) Postgresql_psql { - db => $db, - psql_user => $user, - psql_group => $group, - psql_path => $psql_path, - port => $port, - cwd => $module_workdir, + db => $db, + psql_user => $user, + psql_group => $group, + psql_path => $psql_path, + port => $port_override, + cwd => $module_workdir, connect_settings => $connect_settings, + instance => $instance, } postgresql_psql { "${db}: CREATE SCHEMA \"${schema}\"": @@ -57,7 +62,7 @@ } if defined(Postgresql::Server::Role[$owner]) { - Postgresql::Server::Role[$owner]->Postgresql_psql["${db}: ALTER SCHEMA \"${schema}\" OWNER TO \"${owner}\""] + Postgresql::Server::Role[$owner] -> Postgresql_psql["${db}: ALTER SCHEMA \"${schema}\" OWNER TO \"${owner}\""] } } } diff --git a/manifests/server/service.pp b/manifests/server/service.pp index 87a228f56e..174e550790 100644 --- a/manifests/server/service.pp +++ b/manifests/server/service.pp @@ -1,49 +1,16 @@ # @api private class postgresql::server::service { - $service_ensure = $postgresql::server::service_ensure - $service_enable = $postgresql::server::service_enable - $service_manage = $postgresql::server::service_manage - $service_name = $postgresql::server::service_name - $service_provider = $postgresql::server::service_provider - $service_status = $postgresql::server::service_status - $user = $postgresql::server::user - $port = $postgresql::server::port - $default_database = $postgresql::server::default_database - $psql_path = $postgresql::server::psql_path - $connect_settings = $postgresql::server::default_connect_settings - - anchor { 'postgresql::server::service::begin': } - - if $service_manage { - service { 'postgresqld': - ensure => $service_ensure, - enable => $service_enable, - name => $service_name, - provider => $service_provider, - hasstatus => true, - status => $service_status, - } - - if $service_ensure in ['running', true] { - # This blocks the class before continuing if chained correctly, making - # sure the service really is 'up' before continuing. - # - # Without it, we may continue doing more work before the database is - # prepared leading to a nasty race condition. - postgresql_conn_validator { 'validate_service_is_running': - run_as => $user, - db_name => $default_database, - port => $port, - connect_settings => $connect_settings, - sleep => 1, - tries => 60, - psql_path => $psql_path, - require => Service['postgresqld'], - before => Anchor['postgresql::server::service::end'], - } - Postgresql::Server::Database <| title == $default_database |> -> Postgresql_conn_validator['validate_service_is_running'] - } + postgresql::server::instance::service { 'main': + service_ensure => $postgresql::server::service_ensure, + service_enable => $postgresql::server::service_enable, + service_manage => $postgresql::server::service_manage, + service_name => $postgresql::server::service_name, + service_provider => $postgresql::server::service_provider, + service_status => $postgresql::server::service_status, + user => $postgresql::server::user, + port => $postgresql::server::port, + default_database => $postgresql::server::default_database, + psql_path => $postgresql::server::psql_path, + connect_settings => $postgresql::server::default_connect_settings, } - - anchor { 'postgresql::server::service::end': } } diff --git a/manifests/server/table_grant.pp b/manifests/server/table_grant.pp index a198fbd7b9..9168dd9ce0 100644 --- a/manifests/server/table_grant.pp +++ b/manifests/server/table_grant.pp @@ -1,6 +1,8 @@ # @summary This resource wraps the grant resource to manage table grants specifically. # -# @param privilege Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER'. +# @param privilege +# Specifies comma-separated list of privileges to grant. +# Valid options: 'ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER'. # @param table Specifies the table to which you are granting access. # @param db Specifies which database the table is in. # @param role Specifies the role or user to whom you are granting access. @@ -11,16 +13,17 @@ # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. # @param onlyif_exists Create grant only if it doesn't exist. define postgresql::server::table_grant ( - $privilege, - $table, - $db, - $role, - $ensure = undef, - $port = undef, - $psql_db = undef, - $psql_user = undef, - $connect_settings = undef, - $onlyif_exists = false, + Enum['ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER', 'all', 'select', 'insert', 'update', 'delete', + 'truncate', 'references', 'trigger'] $privilege, + String[1] $table, + String[1] $db, + String[1] $role, + Optional[Enum['present', 'absent']] $ensure = undef, + Optional[Stdlib::Port] $port = undef, + Optional[String[1]] $psql_db = undef, + Optional[String[1]] $psql_user = undef, + Optional[Hash] $connect_settings = undef, + Boolean $onlyif_exists = false, ) { postgresql::server::grant { "table:${name}": ensure => $ensure, diff --git a/manifests/server/tablespace.pp b/manifests/server/tablespace.pp index 5d1f4282ca..2774732780 100644 --- a/manifests/server/tablespace.pp +++ b/manifests/server/tablespace.pp @@ -5,32 +5,38 @@ # @param owner Specifies the default owner of the tablespace. # @param spcname Specifies the name of the tablespace. # @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. +# @param port the port of the postgresql instance that sould be used. +# @param user Sets the OS user to run psql +# @param group Sets the OS group to run psql +# @param psql_path Sets path to psql command +# @param module_workdir +# Specifies working directory under which the psql command should be executed. +# May need to specify if '/tmp' is on volume mounted with noexec option. +# @param instance The name of the Postgresql database instance. define postgresql::server::tablespace ( - $location, - $manage_location = true, - $owner = undef, - $spcname = $title, - $connect_settings = $postgresql::server::default_connect_settings, + String[1] $location, + Boolean $manage_location = true, + Optional[String[1]] $owner = undef, + String[1] $spcname = $title, + Hash $connect_settings = $postgresql::server::default_connect_settings, + Stdlib::Port $port = $postgresql::server::port, + String[1] $user = $postgresql::server::user, + String[1] $group = $postgresql::server::group, + Stdlib::Absolutepath $psql_path = $postgresql::server::psql_path, + String[1] $module_workdir = $postgresql::server::module_workdir, + String[1] $instance = 'main', ) { - $user = $postgresql::server::user - $group = $postgresql::server::group - $psql_path = $postgresql::server::psql_path - $module_workdir = $postgresql::server::module_workdir - # If the connection settings do not contain a port, then use the local server port - if $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { - $port = undef - } else { - $port = $postgresql::server::port - } + $port_override = pick($connect_settings['PGPORT'], $port) Postgresql_psql { psql_user => $user, psql_group => $group, psql_path => $psql_path, - port => $port, + port => $port_override, connect_settings => $connect_settings, cwd => $module_workdir, + instance => $instance, } if($manage_location) { @@ -65,12 +71,12 @@ if $owner { postgresql_psql { "ALTER TABLESPACE \"${spcname}\" OWNER TO \"${owner}\"": - unless => "SELECT 1 FROM pg_tablespace JOIN pg_roles rol ON spcowner = rol.oid WHERE spcname = '${spcname}' AND rolname = '${owner}'", + unless => "SELECT 1 FROM pg_tablespace JOIN pg_roles rol ON spcowner = rol.oid WHERE spcname = '${spcname}' AND rolname = '${owner}'", # lint:ignore:140chars require => Postgresql_psql["CREATE TABLESPACE \"${spcname}\""], } if defined(Postgresql::Server::Role[$owner]) { - Postgresql::Server::Role[$owner]->Postgresql_psql["ALTER TABLESPACE \"${spcname}\" OWNER TO \"${owner}\""] + Postgresql::Server::Role[$owner] -> Postgresql_psql["ALTER TABLESPACE \"${spcname}\" OWNER TO \"${owner}\""] } } } diff --git a/manifests/server_instance.pp b/manifests/server_instance.pp new file mode 100644 index 0000000000..49d2bbb8f7 --- /dev/null +++ b/manifests/server_instance.pp @@ -0,0 +1,132 @@ +# @summary define to install and manage additional postgresql instances +# @param instance_name The name of the instance. +# @param instance_user The user to run the instance as. +# @param instance_group The group to run the instance as. +# @param instance_user_homedirectory The home directory of the instance user. +# @param manage_instance_user_and_group Should Puppet manage the instance user and it's primary group?. +# @param instance_directories directories needed for the instance. Option to manage the directory properties for each directory. +# @param initdb_settings Specifies a hash witn parameters for postgresql::server::instance::initdb +# @param config_settings Specifies a hash with parameters for postgresql::server::instance::config +# @param service_settings Specifies a hash with parameters for postgresql::server:::instance::service +# @param passwd_settings Specifies a hash with parameters for postgresql::server::instance::passwd +# @param roles Specifies a hash from which to generate postgresql::server::role resources. +# @param config_entries Specifies a hash from which to generate postgresql::server::config_entry resources. +# @param pg_hba_rules Specifies a hash from which to generate postgresql::server::pg_hba_rule resources. +# @param databases Specifies a hash from which to generate postgresql::server::database resources. +# @param databases_and_users Specifies a hash from which to generate postgresql::server::db resources. +# @param database_grants Specifies a hash from which to generate postgresql::server::database_grant resources. +# @param table_grants Specifies a hash from which to generate postgresql::server::table_grant resources. +define postgresql::server_instance ( + String[1] $instance_name = $name, + Boolean $manage_instance_user_and_group = true, + Hash $instance_directories = {}, + String[1] $instance_user = $instance_name, + String[1] $instance_group = $instance_name, + Stdlib::Absolutepath $instance_user_homedirectory = "/opt/pgsql/data/home/${instance_user}", + Hash $initdb_settings = {}, + Hash $config_settings = {}, + Hash $service_settings = {}, + Hash $passwd_settings = {}, + Hash $roles = {}, + Hash $config_entries = {}, + Hash $pg_hba_rules = {}, + Hash $databases_and_users = {}, + Hash $databases = {}, + Hash $database_grants = {}, + Hash $table_grants = {}, +) { + unless($facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8') { + warning('This define postgresql::server_instance is only tested on RHEL8') + } + $instance_directories.each |Stdlib::Absolutepath $directory, Hash $directory_settings| { + file { $directory: + * => $directory_settings, + } + } + + if $manage_instance_user_and_group { + user { $instance_user: + managehome => true, + system => true, + home => $instance_user_homedirectory, + gid => $instance_group, + } + group { $instance_group: + system => true, + } + } + postgresql::server::instance::initdb { $instance_name: + * => $initdb_settings, + } + postgresql::server::instance::config { $instance_name: + * => $config_settings, + } + postgresql::server::instance::service { $instance_name: + * => $service_settings, + port => $config_settings['port'], + user => $instance_user, + } + postgresql::server::instance::passwd { $instance_name: + * => $passwd_settings, + } + + $roles.each |$rolename, $role| { + postgresql::server::role { $rolename: + * => $role, + psql_user => $instance_user, + psql_group => $instance_group, + port => $config_settings['port'], + instance => $instance_name, + } + } + + $config_entries.each |$entry, $settings| { + $value = $settings['value'] + $comment = $settings['comment'] + postgresql::server::config_entry { "${entry}_${$instance_name}": + ensure => bool2str($value =~ Undef, 'absent', 'present'), + key => $entry, + value => $value, + comment => $comment, + path => $config_settings['postgresql_conf_path'], + } + } + $pg_hba_rules.each |String[1] $rule_name, Postgresql::Pg_hba_rule $rule| { + $rule_title = "${rule_name} for instance ${name}" + postgresql::server::pg_hba_rule { $rule_title: + * => $rule, + target => $config_settings['pg_hba_conf_path'], # TODO: breaks if removed + } + } + $databases_and_users.each |$database, $database_details| { + postgresql::server::db { $database: + * => $database_details, + psql_user => $instance_user, + psql_group => $instance_group, + port => $config_settings['port'], + } + } + $databases.each |$database, $database_details| { + postgresql::server::database { $database: + * => $database_details, + user => $instance_user, + group => $instance_group, + port => $config_settings['port'], + } + } + $database_grants.each |$db_grant_title, $dbgrants| { + postgresql::server::database_grant { $db_grant_title: + * => $dbgrants, + psql_user => $instance_user, + psql_group => $instance_group, + port => $config_settings['port'], + } + } + $table_grants.each |$table_grant_title, $tgrants| { + postgresql::server::table_grant { $table_grant_title: + * => $tgrants, + psql_user => $instance_user, + port => $config_settings['port'], + } + } +} diff --git a/manifests/validate_db_connection.pp b/manifests/validate_db_connection.pp deleted file mode 100644 index 7478fd4397..0000000000 --- a/manifests/validate_db_connection.pp +++ /dev/null @@ -1,114 +0,0 @@ -# @summary This type validates that a successful postgres connection. -# -# @note -# This validated if the postgres connection can be established -# between the node on which this resource is run and a specified postgres -# instance (host/port/user/password/database name). -# -# -# @param database_host Database host address -# @param database_name Specifies the name of the database you wish to test. -# @param database_password Specifies the password to connect with. -# @param database_username Specifies the username to connect with. -# @param database_port Defines the port to use when connecting. -# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. -# @param run_as Specifies the user to run the psql command as. -# @param sleep Sets the number of seconds to sleep for before trying again after a failure. -# @param tries Sets the number of attempts after failure before giving up and failing the resource. -# @param create_db_first Creates the database when obtaining a successful connection. -# -define postgresql::validate_db_connection ( - $database_host = undef, - $database_name = undef, - Optional[Variant[String, Sensitive[String]]] $database_password = undef, - $database_username = undef, - $database_port = undef, - $connect_settings = undef, - $run_as = undef, - $sleep = 2, - $tries = 10, - $create_db_first = true -) { - include postgresql::client - include postgresql::params - - warning('postgresql::validate_db_connection is deprecated, please use postgresql_conn_validator.') - - $database_password_unsensitive = if $database_password =~ Sensitive[String] { - $database_password.unwrap - } else { - $database_password - } - - $psql_path = $postgresql::params::psql_path - $module_workdir = $postgresql::params::module_workdir - $validcon_script_path = $postgresql::client::validcon_script_path - - $cmd_init = "${psql_path} --tuples-only --quiet " - $cmd_host = $database_host ? { - undef => '', - default => "-h ${database_host} ", - } - $cmd_user = $database_username ? { - undef => '', - default => "-U ${database_username} ", - } - $cmd_port = $database_port ? { - undef => '', - default => "-p ${database_port} ", - } - $cmd_dbname = $database_name ? { - undef => "--dbname ${postgresql::params::default_database} ", - default => "--dbname ${database_name} ", - } - $pass_env = $database_password_unsensitive ? { - undef => undef, - default => "PGPASSWORD=${database_password_unsensitive}", - } - $cmd = join([$cmd_init, $cmd_host, $cmd_user, $cmd_port, $cmd_dbname], ' ') - $validate_cmd = "${validcon_script_path} ${sleep} ${tries} '${cmd}'" - - # This is more of a safety valve, we add a little extra to compensate for the - # time it takes to run each psql command. - $timeout = (($sleep + 2) * $tries) - - # Combine $database_password_unsensitive and $connect_settings into an array of environment - # variables, ensure $database_password_unsensitive is last, allowing it to override a password - # from the $connect_settings hash - if $connect_settings != undef { - if $pass_env != undef { - $env = concat(join_keys_to_values( $connect_settings, '='), $pass_env) - } else { - $env = join_keys_to_values( $connect_settings, '=') - } - } else { - $env = $pass_env - } - - $exec_name = "validate postgres connection for ${database_username}@${database_host}:${database_port}/${database_name}" - - exec { $exec_name: - command => "echo 'Unable to connect to defined database using: ${cmd}' && false", - unless => $validate_cmd, - cwd => $module_workdir, - environment => $env, - logoutput => 'on_failure', - user => $run_as, - path => '/bin:/usr/bin:/usr/local/bin', - timeout => $timeout, - require => Class['postgresql::client'], - } - - # This is a little bit of puppet magic. What we want to do here is make - # sure that if the validation and the database instance creation are being - # applied on the same machine, then the database resource is applied *before* - # the validation resource. Otherwise, the validation is guaranteed to fail - # on the first run. - # - # We accomplish this by using Puppet's resource collection syntax to search - # for the Database resource in our current catalog; if it exists, the - # appropriate relationship is created here. - if($create_db_first) { - Postgresql::Server::Database<|title == $database_name|> -> Exec[$exec_name] - } -} diff --git a/metadata.json b/metadata.json index 8fd98543e0..8f8e381b9d 100644 --- a/metadata.json +++ b/metadata.json @@ -1,33 +1,37 @@ { "name": "puppetlabs-postgresql", - "version": "8.0.0", + "version": "10.0.2", "author": "puppetlabs", "summary": "Offers support for basic management of PostgreSQL databases.", "license": "Apache-2.0", "source": "https://github.com/puppetlabs/puppetlabs-postgresql", "project_page": "https://github.com/puppetlabs/puppetlabs-postgresql", - "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", + "issues_url": "https://github.com/puppetlabs/puppetlabs-postgresql/issues", "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">= 4.13.1 < 9.0.0" + "version_requirement": ">= 9.0.0 < 10.0.0" }, { "name": "puppetlabs/apt", - "version_requirement": ">= 2.0.0 < 9.0.0" + "version_requirement": ">= 2.0.0 < 10.0.0" + }, + { + "name": "puppet/systemd", + "version_requirement": ">= 4.0.1 < 7.0.0" }, { "name": "puppetlabs/concat", - "version_requirement": ">= 4.1.0 < 8.0.0" + "version_requirement": ">= 4.1.0 < 10.0.0" } ], "operatingsystem_support": [ { "operatingsystem": "RedHat", "operatingsystemrelease": [ - "6", "7", - "8" + "8", + "9" ] }, { @@ -40,21 +44,18 @@ { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ - "6", "7" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ - "6", "7" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ - "9", "10", "11" ] @@ -69,10 +70,9 @@ { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ - "14.04", - "16.04", "18.04", - "20.04" + "20.04", + "22.04" ] }, { @@ -91,10 +91,10 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 6.0.0 < 8.0.0" + "version_requirement": ">= 7.0.0 < 9.0.0" } ], - "pdk-version": "2.2.0", + "pdk-version": "3.0.0", "template-url": "https://github.com/puppetlabs/pdk-templates#main", - "template-ref": "2.3.0-0-g8aaceff" + "template-ref": "heads/main-0-g01c6a19" } diff --git a/provision.yaml b/provision.yaml index 8f49cafadb..51e4abc91d 100644 --- a/provision.yaml +++ b/provision.yaml @@ -8,26 +8,26 @@ vagrant: images: - centos/7 - generic/ubuntu1804 -travis_deb: +docker_deb: provisioner: docker images: - litmusimage/debian:8 - litmusimage/debian:9 - litmusimage/debian:10 -travis_ub_6: +docker_ub_6: provisioner: docker images: - litmusimage/ubuntu:14.04 - litmusimage/ubuntu:16.04 - litmusimage/ubuntu:18.04 - litmusimage/ubuntu:20.04 -travis_el7: +docker_el7: provisioner: docker images: - litmusimage/centos:7 - litmusimage/oraclelinux:7 - litmusimage/scientificlinux:7 -travis_el8: +docker_el8: provisioner: docker images: - litmusimage/centos:8 @@ -37,6 +37,7 @@ release_checks_6: - redhat-6-x86_64 - redhat-7-x86_64 - redhat-8-x86_64 + - redhat-9-x86_64 - centos-6-x86_64 - centos-7-x86_64 - centos-8-x86_64 @@ -58,6 +59,7 @@ release_checks_7: images: - redhat-7-x86_64 - redhat-8-x86_64 + - redhat-9-x86_64 - centos-7-x86_64 - centos-8-x86_64 - oracle-7-x86_64 diff --git a/readmes/README_ja_JP.md b/readmes/README_ja_JP.md deleted file mode 100644 index 242ba1f38a..0000000000 --- a/readmes/README_ja_JP.md +++ /dev/null @@ -1,1978 +0,0 @@ -# postgresql - -#### 目次 - -1. [モジュールの概要 - モジュールの機能](#module-description) -2. [セットアップ - postgresqlモジュール導入の基本](#setup) - * [postgresqlの影響](#what-postgresql-affects) - * [postgresqlの導入](#getting-started-with-postgresql) -3. [使用方法 - 設定オプションと追加機能](#usage) - * [サーバーの設定](#configure-a-server) - * [データベースの作成](#create-a-database) - * [ユーザ、ロール、パーミッションの管理](#manage-users-roles-and-permissions) - * [DBオブジェクトの所有権の管理](#manage-ownership-of-db-objects) - * [デフォルトのオーバーライド](#override-defaults) - * [pg_hba.confのアクセスルールの作成](#create-an-access-rule-for-pg_hbaconf) - * [pg_ident.confのユーザ名マップの作成](#create-user-name-maps-for-pg_identconf) - * [接続の検証](#validate-connectivity) -4. [参考 - モジュールの機能と動作について](#reference) - * [クラス](#classes) - * [定義できるタイプ](#defined-types) - * [タイプ](#types) - * [関数](#functions) - * [タスク](#tasks) -5. [制約事項 - OSの互換性など](#limitations) -6. [開発 - モジュール貢献についてのガイド](#development) - * [コントリビュータ - モジュール貢献者の一覧](#contributors) -7. [テスト](#tests) -8. [コントリビュータ - モジュール貢献者の一覧](#contributors) - -## モジュールの概要 - -postgresqlモジュールを使用すると、PuppetでPostgreSQLを管理できます。 - -PostgreSQLは、高性能な無償のオープンソースリレーショナルデータベースサーバーです。postgresqlモジュールを使用すると、PostgreSQLのパッケージ、サービス、データベース、ユーザ、一般的なセキュリティ設定を管理できるようになります。 - -## セットアップ - -### postgresqlの影響 - -* PostgreSQLのパッケージ、サービス、設定ファイル -* リッスンするポート -* IPおよびマスク(オプション) - -### postgresqlの導入 - -基本的なデフォルトのPostgreSQLサーバーを設定するには、`postgresql::server`クラスを宣言します。 - -```puppet -class { 'postgresql::server': -} -``` - -## 使用方法 - -### サーバーの設定 - -デフォルト設定を使用する場合は、上記のように`postgresql::server`クラスを宣言します。PostgreSQLサーバーの設定をカスタマイズするには、次のように、変更する[パラメータ](#postgresqlserver)を指定します。 - -```puppet -class { 'postgresql::server': - ip_mask_deny_postgres_user => '0.0.0.0/32', - ip_mask_allow_all_users => '0.0.0.0/0', - ipv4acls => ['hostssl all johndoe 192.168.0.0/24 cert'], - postgres_password => 'TPSrep0rt!', -} -``` - -設定後、コマンドラインで設定をテストします。 - -```shell -psql -h localhost -U postgres -psql -h my.postgres.server -U -``` - -上記のコマンドでエラーメッセージが返ってくる場合は、パーミッションの設定によって現在の接続元からのアクセスが制限されています。その場所からの接続を許可するかどうかに応じて、パーミッション設定の変更が必要な場合があります。 - -サーバー設定パラメータの詳細については、[PostgreSQLランタイム設定マニュアル](http://www.postgresql.org/docs/current/static/runtime-config.html)を参照してください。 - -### データベースの作成 - -さまざまなPostgreSQLデータベースを定義タイプ`postgresql::server::db`を使用してセットアップできます。例えば、PuppetDBのデータベースをセットアップするには、次のように記述します。 - -```puppet -class { 'postgresql::server': -} - -postgresql::server::db { 'mydatabasename': - user => 'mydatabaseuser', - password => postgresql_password('mydatabaseuser', 'mypassword'), -} -``` - -### ユーザ、ロール、パーミッションの管理 - -ユーザ、ロール、パーミッションを管理するには、次のようにします。 - -```puppet -class { 'postgresql::server': -} - -postgresql::server::role { 'marmot': - password_hash => postgresql_password('marmot', 'mypasswd'), -} - -postgresql::server::database_grant { 'test1': - privilege => 'ALL', - db => 'test1', - role => 'marmot', -} - -postgresql::server::table_grant { 'my_table of test2': - privilege => 'ALL', - table => 'my_table', - db => 'test2', - role => 'marmot', -} -``` - -この例では、test1データベース上とtest2データベースの`my_table`テーブル上の**すべての**権限を、指定したユーザまたはグループに付与します。値がPuppetDB設定ファイルに追加されると、このデータベースは使用可能になります。 - -### DBオブジェクトの所有権の管理 - -REASSIGN OWNEDを使用して、データベース内にあるすべてのオブジェクトの所有権を変更するには、次のようにします。 - -```puppet -postgresql::server::reassign_owned_by { 'new owner is meerkat': - db => 'test_db', - old_role => 'marmot', - new_role => 'meerkat', -} -``` - -この例では、PostgreSQLの'REASSIGN OWNED'ステートメントを実行して所有権を更新し、現在、ロール'marmot'が所有しているすべてのテーブル、シーケンス、関数、ビューが、ロール'meerkat'に所有されるようにします。 - -これは、指定された'test_db'内のオブジェクトに対してのみ適用されます。 - -バージョン9.3以上のPostgresqlでは、データベースの所有権も更新されます。 - -### デフォルトのオーバーライド - -`postgresql::globals`クラスを使用すると、このモジュールの主な設定をグローバルに構成できます。この設定は、他のクラスや定義済みリソースから使用できます。単独では機能しません。 - -例えば、すべてのクラスのデフォルトの`locale`と`encoding`をオーバーライドするには、次のように記述します。 - -```puppet -class { 'postgresql::globals': - encoding => 'UTF-8', - locale => 'en_US.UTF-8', -} - -class { 'postgresql::server': -} -``` - -特定のバージョンのPostgreSQLパッケージを使用するには、次のように記述します。 - -```puppet -class { 'postgresql::globals': - manage_package_repo => true, - version => '9.2', -} - -class { 'postgresql::server': -} -``` - -### リモートのユーザ、ロール、パーミッションの管理 - -リモートのSQLオブジェクトは、ローカルのSQLオブジェクトと同じPuppetリソースと、[`connect_settings`](#connect_settings)ハッシュを使用して管理します。これは、PuppetがリモートのPostgresインスタンスに接続する方法と、SQLコマンドの生成に使用されるバージョンを制御します。 - -`connect_settings`ハッシュには、'PGHOST'、'PGPORT'、'PGPASSWORD'、'PGSSLKEY'など、Postgresクライアント接続を制御する環境変数を含めることができます。変数の全リストについては、[PostgreSQL環境変数](http://www.postgresql.org/docs/9.4/static/libpq-envars.html)マニュアルを参照してください。 - -さらに、特殊値の'DBVERSION'により、ターゲットデータベースのバージョンを指定できます。`connect_settings`ハッシュが省略されているか空の場合、PuppetはローカルのPostgreSQLインスタンスに接続します。 - -Puppetリソースごとに`connect_settings`ハッシュを設定するか、`postgresql::globals`にデフォルトの`connect_settings`ハッシュを設定できます。リソースごとに`connect_settings`を設定すると、SQLオブジェクトが複数のユーザによって複数のデータベース上に作成できるようになります。 - -```puppet -$connection_settings_super2 = { - 'PGUSER' => 'super2', - 'PGPASSWORD' => 'foobar2', - 'PGHOST' => '127.0.0.1', - 'PGPORT' => '5432', - 'PGDATABASE' => 'postgres', -} - -include postgresql::server - -# Connect with no special settings, i.e domain sockets, user postgres -postgresql::server::role { 'super2': - password_hash => 'foobar2', - superuser => true, - - connect_settings => {}, -} - -# Now using this new user connect via TCP -postgresql::server::database { 'db1': - connect_settings => $connection_settings_super2, - require => Postgresql::Server::Role['super2'], -} -``` - -### pg_hba.confのアクセスルールの作成 - -`pg_hba.conf`のアクセスルールを作成するには、次のように記述します。 - -```puppet -postgresql::server::pg_hba_rule { 'allow application network to access app database': - description => 'Open up PostgreSQL for access from 200.1.2.0/24', - type => 'host', - database => 'app', - user => 'app', - address => '200.1.2.0/24', - auth_method => 'md5', -} -``` - -これにより、以下のようなルールセットが`pg_hba.conf`内に作成されます。 - -``` -# Rule Name: allow application network to access app database -# Description: Open up PostgreSQL for access from 200.1.2.0/24 -# Order: 150 -host app app 200.1.2.0/24 md5 -``` - -デフォルトでは、`pg_hba_rule`に`postgresql::server`を含める必要がありますが、ルールを宣言する際にtargetおよびpostgresql_versionを設定することで、その動作をオーバーライドできます。例えば次のようになります。 - -```puppet -postgresql::server::pg_hba_rule { 'allow application network to access app database': - description => 'Open up postgresql for access from 200.1.2.0/24', - type => 'host', - database => 'app', - user => 'app', - address => '200.1.2.0/24', - auth_method => 'md5', - target => '/path/to/pg_hba.conf', - postgresql_version => '9.4', -} -``` - -### pg_ident.confのユーザ名マップの作成 - -pg_ident.confのユーザ名マップを作成するには、次のように記述します。 - -```puppet -postgresql::server::pg_ident_rule { 'Map the SSL certificate of the backup server as a replication user': - map_name => 'sslrepli', - system_username => 'repli1.example.com', - database_username => 'replication', -} -``` - -これにより、次のようなユーザ名マップが`pg_ident.conf`に作成されます。 - -``` -#Rule Name: Map the SSL certificate of the backup server as a replication user -#Description: none -#Order: 150 -sslrepli repli1.example.com replication -``` - -### リカバリ設定の作成 - -リカバリ設定ファイル(`recovery.conf`)を作成するには、次のように記述します。 - -```puppet -postgresql::server::recovery { 'Create a recovery.conf file with the following defined parameters': - restore_command => 'cp /mnt/server/archivedir/%f %p', - archive_cleanup_command => undef, - recovery_end_command => undef, - recovery_target_name => 'daily backup 2015-01-26', - recovery_target_time => '2015-02-08 22:39:00 EST', - recovery_target_xid => undef, - recovery_target_inclusive => true, - recovery_target => 'immediate', - recovery_target_timeline => 'latest', - pause_at_recovery_target => true, - standby_mode => 'on', - primary_conninfo => 'host=localhost port=5432', - primary_slot_name => undef, - trigger_file => undef, - recovery_min_apply_delay => 0, -} -``` - -これにより、次の`recovery.conf`設定ファイルが作成されます。 - -``` -restore_command = 'cp /mnt/server/archivedir/%f %p' -recovery_target_name = 'daily backup 2015-01-26' -recovery_target_time = '2015-02-08 22:39:00 EST' -recovery_target_inclusive = true -recovery_target = 'immediate' -recovery_target_timeline = 'latest' -pause_at_recovery_target = true -standby_mode = 'on' -primary_conninfo = 'host=localhost port=5432' -recovery_min_apply_delay = 0 -``` - -テンプレートでは、指定されたパラメータのみが認識されます。`recovery.conf`は、少なくとも1つのパラメータが設定済みで、**かつ**、[manage_recovery_conf](#manage_recovery_conf)がtrueの場合のみ作成されます。 - -### 接続の検証 - -従属タスクを開始する前に、リモートのPostgreSQLデータベースへのクライアント接続を検証するには、`postgresql_conn_validator`リソースを使用します。このリソースは、PostgreSQLクライアントソフトウェアがインストールされている任意のノード上で使用できます。アプリケーションサーバーの起動や、データベース移行の実行など、他のタスクと結合されることがよくあります。 - -使用例: - -```puppet -postgresql_conn_validator { 'validate my postgres connection': - host => 'my.postgres.host', - db_username => 'mydbuser', - db_password => 'mydbpassword', - db_name => 'mydbname', -}-> -exec { 'rake db:migrate': - cwd => '/opt/myrubyapp', -} -``` - -## リファレンス - -postgresqlモジュールには、サーバー設定用に多数のオプションがあります。以下の設定をすべて使うことはないかもしれませんが、これらを使用することで、セキュリティ設定をかなり制御することができます。 - -**クラス:** - -* [postgresql::client](#postgresqlclient) -* [postgresql::globals](#postgresqlglobals) -* [postgresql::lib::devel](#postgresqllibdevel) -* [postgresql::lib::java](#postgresqllibjava) -* [postgresql::lib::perl](#postgresqllibperl) -* [postgresql::lib::python](#postgresqllibpython) -* [postgresql::server](#postgresqlserver) -* [postgresql::server::plperl](#postgresqlserverplperl) -* [postgresql::server::contrib](#postgresqlservercontrib) -* [postgresql::server::postgis](#postgresqlserverpostgis) - -**定義できるタイプ:** - -* [postgresql::server::config_entry](#postgresqlserverconfig_entry) -* [postgresql::server::database](#postgresqlserverdatabase) -* [postgresql::server::database_grant](#postgresqlserverdatabase_grant) -* [postgresql::server::db](#postgresqlserverdb) -* [postgresql::server::extension](#postgresqlserverextension) -* [postgresql::server::grant](#postgresqlservergrant) -* [postgresql::server::grant_role](#postgresqlservergrant_role) -* [postgresql::server::pg_hba_rule](#postgresqlserverpg_hba_rule) -* [postgresql::server::pg_ident_rule](#postgresqlserverpg_ident_rule) -* [postgresql::server::reassign_owned_by](#postgresqlserverreassign_owned_by) -* [postgresql::server::recovery](#postgresqlserverrecovery) -* [postgresql::server::role](#postgresqlserverrole) -* [postgresql::server::schema](#postgresqlserverschema) -* [postgresql::server::table_grant](#postgresqlservertable_grant) -* [postgresql::server::tablespace](#postgresqlservertablespace) - -**タイプ:** - -* [postgresql_psql](#custom-resource-postgresql_psql) -* [postgresql_replication_slot](#custom-resource-postgresql_replication_slot) -* [postgresql_conf](#custom-resource-postgresql_conf) -* [postgresql_conn_validator](#custom-resource-postgresql_conn_validator) - -**関数:** - -* [postgresql_password](#function-postgresql_password) -* [postgresql_acls_to_resources_hash](#function-postgresql_acls_to_resources_hashacl_array-id-order_offset) - -**タスク:** - -* [`sql`](#tasks) - -### クラス - -#### postgresql::client - -PostgreSQLクライアントソフトウェアをインストールします。カスタムのバージョンをインストールするには、次のパラメータを設定します。 - ->**注意:** カスタムのバージョンを指定する場合、必要なyumまたはaptリポジトリを忘れずに追加してください。 - -##### `package_ensure` - -PostgreSQLクライアントパッケージリソースが存在する必要があるかどうかを指定します。 - -有効な値: 'present'、'absent'。 - -デフォルト値: 'present'。 - -##### `package_name` - -PostgreSQLクライアントパッケージの名前を設定します。 - -デフォルト値: 'file'。 - -#### postgresql::lib::docs - -Postgres-Docs向けのPostgreSQLバインディングをインストールします。カスタムのバージョンをインストールするには、次のパラメータを設定します。 - -**注意:** カスタムのバージョンを指定する場合、必要なyumまたはaptリポジトリを忘れずに追加してください。 - -##### `package_name` - -PostgreSQL docsパッケージの名前を指定します。 - -##### `package_ensure` - -PostgreSQL docsパッケージリソースが存在する必要があるかどうかを指定します。 - -有効な値: 'present'、'absent'。 - -デフォルト値: 'present'。 - -#### postgresql::globals - -**注意:** ほとんどのサーバー固有のデフォルト値は、`postgresql::server`クラスでオーバーライドする必要があります。このクラスは、標準以外のOSを使用している場合か、ここでしか変更できない要素(`version`や`manage_package_repo`)を変更する場合のみ使用します。 - -##### `bindir` - -ターゲットプラットフォームのデフォルトのPostgreSQLバイナリディレクトリをオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `client_package_name` - -デフォルトのPostgreSQLクライアントパッケージ名をオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `confdir`  - -ターゲットプラットフォームのデフォルトのPostgreSQL設定ディレクトリをオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `contrib_package_name` - -デフォルトのPostgreSQL contribパッケージ名をオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `createdb_path` - -**非推奨** `createdb`コマンドへのパス。 - -デフォルト値: '${bindir}/createdb'。 - -##### `datadir` - -ターゲットプラットフォームのデフォルトのPostgreSQLデータディレクトリをオーバーライドします。 - -デフォルト値: OSによって異なります。 - -**注意:** インストール後にdatadirを変更すると、変更が実行される前にサーバーが完全に停止します。Red Hatシステムでは、データディレクトリはSELinuxに適切にラベル付けする必要があります。Ubuntuでは、明示的に`needs_initdb = true`に設定して、Puppetが新しいdatadir内のデータベースを初期化できるようにする必要があります(他のシステムでは、`needs_initdb`はデフォルトでtrueになっています)。 - -**警告:** datadirがデフォルトから変更された場合、Puppetは元のデータディレクトリのパージを管理しません。そのため、データディレクトリが元のディレクトリに戻ったときにエラーが発生します。 - -##### `data_checksums` - -オプションです。 - -データタイプ: 真偽値(boolean) - -データページに対してチェックサムを使用すると、その他の方法では発見の難しいI/Oシステムによる破損を検出するのに役立ちます。 - -有効な値: `true`、`false`。 - -デフォルト値: initdbのデフォルト値(`false`)。 - -**警告:** このオプションは、initdbによって初期化中に使用され、後から変更することはできません。設定された時点で、すべてのデータベース内のすべてのオブジェクトに対してチェックサムが計算されます。 - -##### `default_database` - -接続するデフォルトのデータベースの名前を指定します。 - -デフォルト値: (ほとんどのシステムにおいて) 'postgres'。 - -##### `devel_package_name` - -デフォルトのPostgreSQL develパッケージ名をオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `docs_package_name` - -オプションです。 - -デフォルトのPostgreSQL docsパッケージ名をオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `encoding` - -このモジュールで作成されるすべてのデータベースのデフォルトエンコーディングを設定します。オペレーティングシステムによっては、`template1` の初期化にも使用されます。その場合、モジュール外部のデフォルトにもなります。 - -デフォルト値: オペレーティングシステムのデフォルトエンコーディングによって決まります。 - -##### `group` - -ファイルシステムの関連ファイルに使用されるデフォルトのpostgresユーザグループをオーバーライドします。 - -デフォルト値: 'postgres'。 - -##### `initdb_path` - -`initdb`コマンドへのパス。 - -##### `java_package_name` - -デフォルトのPostgreSQL javaパッケージ名をオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `locale` - -このモジュールで作成されるすべてのデータベースのデフォルトのデータベースロケールを設定します。オペレーティングシステムによっては、`template1` の初期化にも使用されます。その場合、モジュール外部のデフォルトにもなります。 - -デフォルト値: `undef`、実質的には'C'。 - -**Debianでは、PostgreSQLのフル機能が使用できるように'locales-all'パッケージがインストールされていることを確認する必要があります。** - -##### `timezone` - -postgresqlサーバーのデフォルトタイムゾーンを設定します。postgresqlのビルトインのデフォルト値は、システムのタイムゾーン情報を取得しています。 - -##### `logdir` - -デフォルトのPostgreSQL logディレクトリをオーバーライドします。 - -デフォルト値: initdbのデフォルトパス。 - -##### `manage_package_repo` - -`true`に設定されている場合、お使いのホスト上に公式なPostgreSQLリポジトリをセットアップします。 - -デフォルト値: `false`。 - -##### `module_workdir` - -psqlコマンドを実行する作業ディレクトリを指定します。'/tmp'がnoexecオプションでマウントされたボリューム上にあるときに、指定が必要になる場合があります。 - -デフォルト値: '/tmp'。 - -##### `needs_initdb` - -サーバーパッケージをインストール後、PostgreSQLサービスを開始する前に、initdb動作を明示的に呼び出します。 - -デフォルト値: OSによって異なります。 - -##### `perl_package_name` - -デフォルトのPostgreSQL Perlパッケージ名をオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `pg_hba_conf_defaults` - -`false`に設定すると、`pg_hba.conf`についてモジュールに設定されたデフォルト値を無効にします。デフォルト値をオーバーライドするときに役立ちます。ただし、基本的な`psql`動作など、一定の動作を行うためには一定のアクセスが要求されるので、ここでの変更内容がその他のモジュールと矛盾しないように注意してください。 - -デフォルト値: `postgresql::globals::manage_pg_hba_conf`に設定されたグローバル値。デフォルトは`true`。 - -##### `pg_hba_conf_path` - -`pg_hba.conf`ファイルへのパスを指定します。 - -デフォルト値: '${confdir}/pg_hba.conf'。 - -##### `pg_ident_conf_path` - -`pg_ident.conf`ファイルへのパスを指定します。 - -デフォルト値: '${confdir}/pg_ident.conf'。 - -##### `plperl_package_name` - -デフォルトのPostgreSQL PL/Perlパッケージ名をオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `plpython_package_name` - -デフォルトのPostgreSQL PL/Pythonパッケージ名をオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `postgis_version` - -PostGISをインストールする場合に、インストールするPostGISのバージョンを定義します。 - -デフォルト値: インストールするPostgreSQLで利用可能な最下位のバージョン。 - -##### `postgresql_conf_path` - -`postgresql.conf`ファイルへのパスを設定します。 - -デフォルト値: '${confdir}/postgresql.conf'。 - -##### `psql_path` - -`psql`コマンドへのパスを設定します。 - -##### `python_package_name` - -デフォルトのPostgreSQL Pythonパッケージ名をオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `recovery_conf_path` - -`recovery.conf`ファイルへのパス。 - -##### `repo_proxy` - -公式のPostgreSQL yumリポジトリのみのプロキシオプションを設定します。これは、サーバーが企業のファイアウォール内にあり、外部への接続にプロキシを使用する必要がある場合に役立ちます。 - -Debianは現在サポートされていません。 - -##### `repo_baseurl` - -PostgreSQLリポジトリのbaseurlを設定します。リポジトリのミラーを所有している場合に便利です。 - -デフォルト値: 公式なPostgreSQLリポジトリ。 - -##### `server_package_name` - -デフォルトのPostgreSQLサーバーパッケージ名をオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `service_name` - -デフォルトのPostgreSQLサービス名をオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `service_provider` - -デフォルトのPostgreSQLサービスプロバイダをオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `service_status` - -PostgreSQLサービスのデフォルトのステータスチェックコマンドをオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `user` - -ファイルシステム内のPostgreSQL関連ファイルのデフォルトのPostgreSQLスーパーユーザおよび所有者をオーバーライドします。 - -デフォルト値: 'postgres'。 - -##### `version` - -インストールおよび管理するPostgreSQLのバージョン。 - -デフォルト値: OSシステムのデフォルト値。 - -##### `xlogdir` - -デフォルトのPostgreSQL xlogディレクトリをオーバーライドします。 - -デフォルト値: initdbのデフォルトパス。 - -#### postgresql::lib::devel - -PostgreSQLの開発ライブラリとシンボリックリンク`pg_config`を含むパッケージを`/usr/bin`にインストールします(`/usr/bin`または`/usr/local/bin`に存在しない場合)。 - -##### `link_pg_config` - -PostgreSQLページが使用するbinディレクトリが`/usr/bin`でも`/usr/local/bin`でもない場合、パッケージのbinディレクトリから`usr/bin`に`pg_config`をシンボリックリンクします(Debianシステムには適用されません)。この動作を無効にするには、`false`に設定します。 - -有効な値: `true`、`false`。 - -デフォルト値: `true`。 - -##### `package_ensure` - -パッケージのインストール中に'ensure'パラメータをオーバーライドします。 - -デフォルト値: 'present'。 - -##### `package_name` - -インストール先のディストリビューションのデフォルトパッケージ名をオーバーライドします。 - -デフォルト値: ディストリビューションに応じて、'postgresql-devel'または'postgresql-devel'。 - -#### postgresql::lib::java - -Java (JDBC)向けのPostgreSQLバインディングをインストールします。カスタムのバージョンをインストールするには、次のパラメータを設定します。 - -**注意:** カスタムのバージョンを指定する場合、必要なyumまたはaptリポジトリを忘れずに追加してください。 - -##### `package_ensure` - -パッケージが存在するかどうかを指定します。 - -有効な値: 'present'、'absent'。 - -デフォルト値: 'present'。 - -##### `package_name` - -PostgreSQL javaパッケージの名前を指定します。 - -#### postgresql::lib::perl - -PostgreSQL Perlライブラリをインストールします。 - -##### `package_ensure` - -パッケージが存在するかどうかを指定します。 - -有効な値: 'present'、'absent'。 - -デフォルト値: 'present'。 - -##### `package_name` - -インストールするPostgreSQL perlパッケージの名前を指定します。 - -#### postgresql::server::plpython - -PostgreSQLのPL/Python手続き型言語をインストールします。 - -##### `package_name` - -postgresql PL/Pythonパッケージの名前を指定します。 - -##### `package_ensure` - -パッケージが存在するかどうかを指定します。 - -有効な値: 'present'、'absent'。 - -デフォルト値: 'present'。 - -#### postgresql::lib::python - -PostgreSQL Pythonライブラリをインストールします。 - -##### `package_ensure` - -パッケージが存在するかどうかを指定します。 - -有効な値: 'present'、'absent'。 - -デフォルト値: 'present'。 - -##### `package_name` - -PostgreSQL Pythonパッケージの名前。 - -#### postgresql::server - -##### `config_entries` - -`postgresql::server::config_entry` のリソースを構築するハッシュを指定します。 - -デフォルト値: `{}` - -##### `createdb_path` - -**非推奨** `createdb`コマンドへのパスを指定します。 - -デフォルト値: '${bindir}/createdb'。 - -##### `data_checksums` - -オプションです。 - -データタイプ: 真偽値(boolean) - -データページに対してチェックサムを使用すると、その他の方法では発見の難しいI/Oシステムによる破損を検出するのに役立ちます。 - -有効な値: `true`、`false`。 - -デフォルト値: initdbのデフォルト値(`false`)。 - -**警告:** このオプションは、initdbによって初期化中に使用され、後から変更することはできません。設定された時点で、すべてのデータベース内のすべてのオブジェクトに対してチェックサムが計算されます。 - -##### `default_database` - -接続するデフォルトのデータベースの名前を指定します。ほとんどのシステムで、'postgres'になります。 - -##### `default_connect_settings` - -リモートサーバーに接続する際に使用される環境変数のハッシュを指定します。他の定義タイプのデフォルトとして使用されます(`postgresql::server::role`など)。 - -##### `encoding` - -このモジュールで作成されるすべてのデータベースのデフォルトエンコーディングを設定します。オペレーティングシステムによっては、`template1` の初期化にも使用されます。その場合、モジュール外部のデフォルトにもなります。 - -デフォルト値: `undef`。 - -##### `group` - -ファイルシステムの関連ファイルに使用されるデフォルトのpostgresユーザグループをオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `initdb_path` - -`initdb`コマンドへのパスを指定します。 - -デフォルト値: '${bindir}/initdb'。 - -##### `ipv4acls` - -接続方法、ユーザ、データベース、IPv4アドレスのアクセス制御のための文字列を一覧表示します。 - -詳細については、[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html)の`pg_hba.conf`の項を参照してください。 - -##### `ipv6acls` - -接続方法、ユーザ、データベース、IPv6アドレスのアクセス制御のための文字列を一覧表示します。 - -詳細については、[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html)の`pg_hba.conf`の項を参照してください。 - -##### `ip_mask_allow_all_users` - -リモート接続に関するPostgreSQLのデフォルト動作をオーバーライドします。デフォルトでは、PostgreSQLは、データベースユーザアカウントがリモートマシンからTCP経由で接続することを許可しません。許可するには、この設定をオーバーライドします。 - -データベースユーザによる任意のリモートマシンからの接続を許可するには、'0.0.0.0/0'に設定します。ローカルの'192.168'サブネット内の任意のマシンからの接続を許可するには、'192.168.0.0/1'に設定します。 - -デフォルト値: '127.0.0.1/32'。 - -##### `ip_mask_deny_postgres_user` - -postgresスーパーユーザについて、リモート接続を拒否するためのIPマスクを指定します。 - -デフォルト値: '0.0.0.0/0'。デフォルト値ではリモート接続はすべて拒否されます。 - -##### `locale` - -このモジュールで作成されるすべてのデータベースのデフォルトのデータベースロケールを設定します。オペレーティングシステムによっては、`template1` の初期化にも使用されます。その場合、モジュール外部のデフォルトになります。 - -デフォルト値: `undef`、実質的には'C'。 - -**Debianでは、PostgreSQLの全機能を使用できるよう、'locales-all'パッケージがインストールされていることを確認してください。** - -##### `manage_pg_hba_conf` - -`pg_hba.conf`を管理するかどうかを指定します。 - -`true`に設定すると、Puppetはこのファイルを上書きします。 - -`false`に設定すると、Puppetはこのファイルに変更を加えません。 - -有効な値: `true`、`false`。 - -デフォルト値: `true` - -##### `manage_pg_ident_conf` - -pg_ident.confファイルを上書きします。 - -`true`に設定すると、Puppetはこのファイルを上書きします。 - -`false`に設定すると、Puppetはこのファイルに変更を加えません。 - -有効な値: `true`、`false`。 - -デフォルト値: `true`。 - -##### `manage_recovery_conf` - -`recovery.conf`を管理するかどうかを指定します。 - -`true`に設定すると、Puppetはこのファイルを上書きします。 - -有効な値: `true`、`false`。 - -デフォルト値: `false`。 - -##### `needs_initdb` - -サーバーパッケージをインストール後、PostgreSQLサービスを開始する前に、`initdb`動作を明示的に呼び出します。 - -デフォルト値: OSによって異なります。 - -##### `package_ensure` - -サーバーインスタンスを作成するときに、`package`リソースに値を受け渡します。 - -デフォルト値: `undef`。 - -##### `package_name` - -サーバーソフトウェアをインストールするときに使用するパッケージの名前を指定します。 - -デフォルト値: OSによって異なります。 - -##### `pg_hba_conf_defaults` - -`false`に設定すると、`pg_hba.conf`についてモジュールに設定されたデフォルト値を無効にします。これは、デフォルト値を使用せずにオーバーライドするときに役立ちます。だし、基本的な`psql`動作などを実行するには一定のアクセスが要求されるので、ここでの変更内容がその他のモジュールと矛盾しないように注意してください。 - -##### `pg_hba_conf_path` - -`pg_hba.conf`ファイルへのパスを指定します。 - -##### `pg_hba_rules` - -`postgresql::server::pg_hba_rule` のリソースを構築するハッシュを指定します。 - -デフォルト値: `{}` - -##### `pg_ident_conf_path` - -`pg_ident.conf`ファイルへのパスを指定します。 - -デフォルト値: '${confdir}/pg_ident.conf'。 - -##### `plperl_package_name` - -PL/Perl拡張のデフォルトパッケージ名を設定します。 - -デフォルト値: OSによって異なります。 - -##### `plpython_package_name` - -PL/Python拡張のデフォルトパッケージ名を設定します。 - -デフォルト値: OSによって異なります。 - -##### `port` - -PostgreSQLサーバーがリッスンするポートを指定します。**注意:** サーバーがリッスンする全IPアドレスで、同一のポート番号が使用されます。また、Red Hatシステムと初期のDebianシステムでは、ポート番号を変更するとき、変更実行前にサーバーが完全停止します。 - -デフォルト値: 5432。これは、PostgresサーバーがTCPポート5432をリッスンすることを意味します。 - -##### `postgres_password` - -postgresユーザのパスワードを特定の値に設定します。デフォルトでは、この設定はPostgresデータベース内のスーパーユーザアカウント(ユーザ名`postgres`、パスワードなし)を使用します。 - -デフォルト値: `undef`。 - -##### `postgresql_conf_path` - -`postgresql.conf`ファイルへのパスを指定します。 - -デフォルト値: '${confdir}/postgresql.conf'。 - -##### `psql_path` - -`psql`コマンドへのパスを指定します。 - -デフォルト値: OSによって異なります。 - -##### `roles` - -`postgresql::server::role` のリソースを構築するハッシュを指定します。 - -デフォルト値: `{}` - -##### `service_manage` - -Puppetがサービスを管理するかどうかを定義します。 - -デフォルト値: `true`。 - -##### `service_name` - -デフォルトのPostgreSQLサービス名をオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `service_provider` - -デフォルトのPostgreSQLサービスプロバイダをオーバーライドします。 - -デフォルト値: `undef`。 - -##### `service_reload` - -PostgreSQLサービスのデフォルトのリロードコマンドをオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `service_restart_on_change` - -設定変更をアクティブにするためにサービスの再起動が必要な設定エントリが変更された場合に、PostgreSQLサービスを再起動する際のデフォルト動作をオーバーライドします。 - -デフォルト値: `true`。 - -##### `service_status` - -PostgreSQLサービスのデフォルトのステータスチェックコマンドをオーバーライドします。 - -デフォルト値: OSによって異なります。 - -##### `user` - -ファイルシステム内のPostgreSQL関連ファイルのデフォルトのPostgreSQLスーパーユーザおよび所有者をオーバーライドします。 - -デフォルト値: 'postgres'。 - -#### postgresql::server::contrib - -PostgreSQL contribパッケージをインストールします。 - -##### `package_ensure` - -PostgreSQL contribパッケージリソースに受け渡されたensureパラメータを設定します。 - -##### `package_name` - -PostgreSQL contribパッケージの名前。 - -#### postgresql::server::plperl - -postgresqlのPL/Perl手続き型言語をインストールします。 - -##### `package_ensure` - -PostgreSQL PL/Perlパッケージリソースに受け渡されたensureパラメータ。 - -##### `package_name` - -PostgreSQL PL/Perlパッケージの名前。 - -#### postgresql::server::postgis - -PostgreSQL postgisパッケージをインストールします。 - -### 定義できるタイプ - -#### postgresql::server::config_entry - -`postgresql.conf`設定ファイルを変更します。 - -各リソースは、次の例のようにファイル内の各行にマッピングされています。 - -```puppet -postgresql::server::config_entry { 'check_function_bodies': - value => 'off', -} -``` - -##### `ensure` - -'absent'に設定した場合、エントリを削除します。 - -有効な値: 'present'、'absent'。 - -デフォルト値: 'present'。 - -##### `value` - -設定の値を定義します。 - -#### postgresql::server::db - -ローカルのデータベース、ユーザを作成し、必要なパーミッションを割り当てます。 - -##### `comment` - -PostgreSQLのCOMMENTコマンドを使用して、データベースについて保存するコメントを定義します。 - -##### `connect_settings` - -リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 - -デフォルト値: ローカルのPostgresインスタンスに接続します。 - -##### `dbname` - -作成するデータベースの名前を設定します。 - -デフォルト値: namevar。 - -##### `encoding` - -データベースの作成中の文字セットをオーバーライドします。 - -デフォルト値: インストール時に定義されたデフォルト値。 - -##### `grant` - -作成中に付与するパーミッションを指定します。 - -デフォルト値: 'ALL'。 - -##### `istemplate` - -`true`に設定すると、そのデータベースをテンプレートとして指定します。 - -デフォルト値: `false`。 - -##### `locale` - -データベース作成中にロケールをオーバーライドします。 - -デフォルト値: インストール時に定義されたデフォルト値。 - -##### `owner` - -ユーザをデータベースの所有者として設定します。 - -デフォルト値: `postgresql::server`または`postgresql::globals`で設定された'$user'変数。 - -##### `password` - -**必須** 作成されたユーザのパスワードを設定します。 - -##### `tablespace` - -作成したデータベースを割り当てるテーブル空間の名前を定義します。 - -デフォルト値: PostgreSQLのデフォルト値。 - -##### `template` - -このデータベースを構築する際にテンプレートとして使用するデータベースの名前を指定します。 - -デフォルト値: `template0`。 - -##### `user` - -データベースを作成し、作成後にデータベースへのアクセスを割り当てるユーザ。必須指定です。 - -#### postgresql::server::database - -ユーザなし、パーミッションなしのデータベースを作成します。 - -##### `dbname` - -データベースの名前を設定します。 - -デフォルト値: namevar。 - -##### `encoding` - -データベースの作成中の文字セットをオーバーライドします。 - -デフォルト値: インストール時に定義されたデフォルト値。 - -##### `istemplate` - -`true`に設定すると、そのデータベースをテンプレートとして定義します。 - -デフォルト値: `false`。 - -##### `locale` - -データベース作成中にロケールをオーバーライドします。 - -デフォルト値: インストール時に定義されたデフォルト値。 - -##### `owner` - -データベース所有者の名前を設定します。 - -デフォルト値: `postgresql::server`または`postgresql::globals`で設定された'$user'変数。 - -##### `tablespace` - -このデータベースを作成するテーブル空間を設定します。 - -デフォルト値: インストール時に定義されたデフォルト値。 - -##### `template` - -このデータベースを構築する際にテンプレートとして使用するデータベースの名前を指定します。 - -デフォルト値: 'template0'。 - -#### postgresql::server::database_grant - -データベース固有のパーミッションについて`postgresql::server::database_grant`をラッピングして、grantベースのユーザアクセス権を管理します。詳細については、[PostgreSQLマニュアルの`grant`](http://www.postgresql.org/docs/current/static/sql-grant.html)を参照してください。 - -##### `ensure` - -権限を付与するか、無効化するかを指定します。無効化する'absent'はPostgreSQLバージョン9.1.24以降でのみ機能します。 - -有効な値: 'present'、'absent'。 -* 権限を付与するには'present'を指定します。 -* 権限を無効化するには'absent'を指定します。 - -デフォルト値: 'present'。 - -#### `connect_settings` - -リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 - -デフォルト値: ローカルのPostgresインスタンスに接続します。 - -##### `db` - -アクセス権を付与するデータベースを指定します。 - -##### `privilege` - -付与する権限のコンマ区切りリストを指定します。 - -有効なオプション: 'ALL'、'CREATE'、'CONNECT'、'TEMPORARY'、'TEMP'。 - -##### `psql_db` - -権限付与を実行するデータベースを定義します。 - -**通常、デフォルトを変更しないでください。** - -デフォルト値: 'postgres'。 - -##### `psql_user` - -`psql`を実行するOSユーザを指定します。 - -デフォルト値: モジュールのデフォルトユーザ。通常、'postgres'。 - -##### `role` - -アクセスを付与するロールまたはユーザを指定します。 - -#### postgresql::server::extension - -PostgreSQL拡張を管理します。 - -##### `database` - -拡張を有効化するデータベースを指定します。 - -##### `schema` - -拡張を有効化するスキーマを指定します。 - -##### `ensure` - -拡張を有効化するか無効化するかを指定します。 - -有効なオプション: 'present'または'absent'。 - -#### `extension` - -有効化する拡張を指定します。空欄にした場合、リソースの名前が使用されます。 - -#### `version` - -データベースが使用するエクステンションのバージョンを指定します。 -拡張パッケージが更新された場合、各データベースで有効なバージョンを自動的に変更することはありません。 - -そのためには、PostgreSQLに固有のSQL `ALTER EXTENSION...`を使用して更新する必要があります - -`version`は`latest`に設定できます。この場合、SQL `ALTER EXTENSION "extension" UPDATE`がこのデータベースのみに適用されます。 - -`version`は特定のバージョンに設定できます。この場合、拡張は`ALTER EXTENSION "extension" UPDATE TO 'version'`を使用して更新されます - -例えば、拡張を`postgis`、バージョンを`2.3.3`に設定した場合、SQL `ALTER EXTENSION "postgis" UPDATE TO '2.3.3'`がこのデータベースのみに適用されます。 - -`version`は省略される場合もあります。この場合、SQL `ALTER EXTENSION...`は適用されません。バージョンは変更されず、そのままになります。 - -##### `package_name` - -拡張を有効化する前にインストールするパッケージを指定します。 - -##### `package_ensure` - -デフォルトのパッケージ削除動作をオーバーライドします。 - -デフォルトでは、`package_name`で指定されたパッケージが、拡張が有効のときインストールされ、拡張が無効のとき削除されます。この動作をオーバーライドするには、そのパッケージに`ensure`の値を設定してください。 - -#### postgresql::server::grant - -ロールのgrantベースのアクセス権を管理します。詳細については、[PostgreSQLマニュアルの`grant`](http://www.postgresql.org/docs/current/static/sql-grant.html)を参照してください。 - -##### `ensure` - -権限を付与するか、無効化するかを指定します。デフォルトでは権限を付与します。 - -有効な値: 'present'、'absent'。 -* 権限を付与するには'present'を指定します。 -* 権限を無効化するには'absent'を指定します。 - -デフォルト値: 'present'。 - -##### `db` - -アクセス権を付与するデータベースを指定します。 - -##### `object_type` - -権限を付与するオブジェクトのタイプを指定します。 - -有効なオプション: 'DATABASE'、'SCHEMA'、'SEQUENCE'、'ALL SEQUENCES IN SCHEMA'、'TABLE'、または'ALL TABLES IN SCHEMA'。 - -##### `object_name` - -アクセス権を付与する`object_type`の名前を、文字列または2要素の配列で指定します。 - -String: 'object_name' -Array: ['schema_name', 'object_name'] - -##### `port` - -接続に使用するポート。 - -デフォルト値: `undef`。PostgreSQLのパッケージングに応じて、通常、デフォルトでポート5432になります。 - -##### `privilege` - -付与する権限を指定します。 - -有効なオプション: 'ALL'、'ALL PRIVILEGES'、または'object_type'依存の文字列。 - -##### `psql_db` - -権限付与を実行するデータベースを指定します。 - -**通常、デフォルトを変更しないでください。** - -デフォルト値: 'postgres'。 - -##### `psql_user` - -`psql`を実行するOSユーザを設定します。 - -デフォルト値: モジュールのデフォルトユーザ。通常、'postgres'。 - -##### `role` - -アクセスを付与するロールまたはユーザを指定します。 - -#### postgresql::server::grant_role - -ロールを(グループ)ロールに割り当てられるようにします。詳細については、[PostgreSQLマニュアルの`Role Membership`](http://www.postgresql.org/docs/current/static/role-membership.html)を参照してください。 - -##### `group` - -ロールを割り当てるグループロールを指定します。 - -##### `role` - -グループに割り当てるロールを指定します。空欄にした場合、リソースの名前が使用されます。 - -##### `ensure` - -メンバーシップを付与するか、無効化するかを指定します。 - -有効なオプション: 'present'または'absent'。 - -デフォルト値: 'present'。 - -##### `port` - -接続に使用するポート。 - -デフォルト値: `undef`。PostgreSQLのパッケージングに応じて、通常、デフォルトでポート5432になります。 - -##### `psql_db` - -権限付与を実行するデータベースを指定します。 - -**通常、デフォルトを変更しないでください。** - -デフォルト値: 'postgres'。 - -##### `psql_user` - -`psql`を実行するOSユーザを設定します。 - -デフォルト値: モジュールのデフォルトユーザ。通常、`postgres`。 - -##### `connect_settings` - -リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 - -デフォルト値: ローカルのPostgresインスタンスに接続します。 - -#### postgresql::server::pg_hba_rule - -`pg_hba.conf`のアクセスルールを作成できるようにします。詳細については、[使用例](#create-an-access-rule-for-pghba.conf)および[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html)を参照してください。 - -##### `address` - -タイプが'local'ではないとき、このルール一致に対するCIDRベースのアドレスを設定します。 - -##### `auth_method` - -このルールが一致する接続の認証に使用される方法を提供します。詳細な説明は、PostgreSQL `pg_hba.conf`のマニュアルに記載されています。 - -##### `auth_option` - -特定の`auth_method`設定については、受け渡し可能な追加オプションがあります。詳細については、PostgreSQL `pg_hba.conf`マニュアルを参照してください。 - -##### `database` - -このルールが一致するデータベースのコンマ区切りリストを設定します。 - -##### `description` - -必要に応じて、このルールの長めの説明を定義します。この説明は、`pg_hba.conf`のルール上部のコメント内に挿入されます。 - -デフォルト値: 'none'。 - -そのリソースを一意に識別するための方法を指定しますが、機能的には何も実行しません。 - -##### `order` - -`pg_hba.conf`にルールを配置する順序を設定します。 - -文字列または整数を使用できます。 -整数の場合、ゼロパディングで3桁にして文字列に変換します。 -例えば`42`はゼロパディングされて文字列`'042'`になります。 - -`pg_hba_rule`フラグメントのソートでは、[順序]を`alpha`に設定します(https://forge.puppet.com/puppetlabs/concat/reference#order)。 - -デフォルト値: 150。 - -#### `postgresql_version` - -PostgreSQLインスタンス全体を管理することなく、`pg_hba.conf`を管理します。 - -デフォルト値: `postgresql::server`に設定されたバージョン。 - -##### `target` - -ルールのターゲットを提供します。通常、内部使用のみのプロパティです。 - -**注意して使用してください。** - -##### `type` - -ルールのタイプを設定します。 - -有効なオプション: 'local'、'host'、'hostssl'、または'hostnossl'。 - -##### `user` - -このルールが一致するユーザのコンマ区切りリストを設定します。 - - -#### postgresql::server::pg_ident_rule - -`pg_ident.conf`のユーザ名マップを作成可能にします。詳細については、上述の[使用例](#create-user-name-maps-for-pgidentconf)および[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/auth-username-maps.html)を参照してください。 - -##### `database_username` - -データベースユーザのユーザ名を指定します。このユーザ名には`system_username`がマッピングされています。 - -##### `description` - -必要に応じて、このルールの長めの説明を設定します。この説明は、`pg_ident.conf`のルール上部のコメント内に挿入されます。 - -デフォルト値: 'none'。 - -##### `map_name` - -`pg_hba.conf`でこのマッピングを参照するために使用されるユーザマップの名前を設定します。 - -##### `order` - -`pg_ident.conf`にマッピングを配置する際の順序を定義します。 - -デフォルト値: 150。 - -##### `system_username` - -オペレーティングシステムのユーザ名(データベースへの接続に使用するユーザ名)を指定します。 - -##### `target` - -ルールのターゲットを提供します。通常、内部使用のみのプロパティです。 - -**注意して使用してください。** - -#### postgresql::server::reassign_owned_by - -PostgreSQLコマンド'REASSIGN OWNED'をデータベースに対して実行し、既存オブジェクトの所有権を別のデータベースロールに移します。 - -##### `db` - - 'REASSIGN OWNED'コマンドを適用するデータベースを指定します。 - -##### `old_role` - -指定したデータベース内のオブジェクトを現在所有しているロールまたはユーザを指定します。 - -##### `new_role` - -対象オブジェクトの新しい所有者となるロールまたはユーザを指定します。 - -##### `psql_user` - -`psql`を実行するOSユーザを指定します。 - -デフォルト値: モジュールのデフォルトユーザ。通常、'postgres'。 - -##### `port` - -接続に使用するポート。 - -デフォルト値: `undef`。PostgreSQLのパッケージングに応じて、通常、デフォルトでポート5432になります。 - -##### `connect_settings` - -リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 - -デフォルト値: ローカルのPostgresインスタンスに接続します。 - -#### postgresql::server::recovery - -`recovery.conf`の内容を作成可能にします。詳細については、[使用例](#create-recovery-configuration)および[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/recovery-config.html)を参照してください。 - -`recovery_target_inclusive`、 `pause_at_recovery_target`、`standby_mode`、`recovery_min_apply_delay`を除くすべてのパラメータ値は、テンプレートに含まれる文字列セットです。 - -全パラメータリストの詳細な説明は、[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/recovery-config.html)にあります。 - -テンプレートでは、指定されたパラメータのみが認識されます。`recovery.conf`は、少なくとも1つのパラメータが設定済みで、**かつ**、[manage_recovery_conf](#manage_recovery_conf)がtrueの場合のみ作成されます。 - -パラメータは、次の3つのセクションにグループ分けされています。 - -##### [アーカイブリカバリパラメータ](http://www.postgresql.org/docs/current/static/archive-recovery-settings.html) - -* `restore_command` -* `archive_cleanup_command` -* `recovery_end_command` - -##### [Recovery Target Settings](http://www.postgresql.org/docs/current/static/recovery-target-settings.html) -* `recovery_target_name` -* `recovery_target_time` -* `recovery_target_xid` -* `recovery_target_inclusive` -* `recovery_target` -* `recovery_target_timeline` -* `pause_at_recovery_target` - -##### [Standby Server Settings](http://www.postgresql.org/docs/current/static/standby-settings.html) -* `standby_mode`: 文字列('on'/'off')またはブール値(`true`/`false`)で指定できます。 -* `primary_conninfo` -* `primary_slot_name` -* `trigger_file` -* `recovery_min_apply_delay` - -##### `target` -ルールのターゲットを提供します。通常、内部使用のみのプロパティです。 - -**注意して使用してください。** - -#### postgresql::server::role -PostgreSQLのロールまたはユーザを作成もしくは削除します。 - -##### `ensure` - -ロールを作成するか削除するかを指定します。 - -'present'を指定するとロールが作成され、'absent'を指定するとロールが削除されます。 - -デフォルト値: 'present'。 - -##### `connection_limit` -ロールが同時に接続可能な数を指定します。 - -デフォルト値: '-1'。これは、無制限を意味します。 - -##### `connect_settings` -リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 - -デフォルト値: ローカルのPostgresインスタンスに接続します。 - -##### `createdb` -このロールに新しいデータベースを作成する能力を付与するかどうかを指定します。 - -デフォルト値: `false`。 - -##### `createrole` -このロールに新しいロールを作成する権限を付与するかどうかを指定します。 - -デフォルト値: `false`。 - -##### `inherit` -新しいロールに継承権限を付与するかどうかを指定します。 - -デフォルト値: `true`。 - -##### `login` -新しいロールにログイン権限を付与するかどうかを指定します。 - -デフォルト値: `true`。 - -##### `password_hash` -パスワード作成中に使用するハッシュを設定します。PostgreSQLがサポートする形式でパスワードが暗号化されていない場合、ここで、`postgresql_password`関数を使用して、MD5ハッシュを提供します。例は次のとおりです。 - -##### `update_password` -trueに設定すると、変更時にパスワードが更新されます。作成後にロールのパスワードを変更しない場合は、falseに設定してください。 - -```puppet -postgresql::server::role { 'myusername': - password_hash => postgresql_password('myusername', 'mypassword'), -} -``` - -##### `replication` - -`true`に設定すると、このロールにレプリケーション機能が提供されます。 - -デフォルト値: `false`。 - -##### `superuser` - -新しいロールにスーパーユーザ権限を付与するかどうかを指定します。 - -デフォルト値: `false`。 - -##### `username` - -作成するロールのユーザ名を定義します。 - -デフォルト値: namevar。 - -#### postgresql::server::schema - -スキーマを作成します。 - -##### `connect_settings` - -リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 - -デフォルト値: ローカルのPostgresインスタンスに接続します。 - -##### `db` - -必須。 - -このスキーマを作成するデータベースの名前を設定します。 - -##### `owner` - -スキーマのデフォルト所有者を設定します。 - -##### `schema` - -スキーマの名前を設定します。 - -デフォルト値: namevar。 - -#### postgresql::server::table_grant - -ユーザのgrantベースのアクセス権を管理します。詳細については、PostgreSQLマニュアルの`grant`の項を参照してください。 - -##### `ensure` - -権限を付与するか、無効化するかを指定します。デフォルトでは権限を付与します。 - -有効な値: 'present'、'absent'。 -* 権限を付与するには'present'を指定します。 -* 権限を無効化するには'absent'を指定します。 - -デフォルト値: 'present'。 - -##### `connect_settings` - -リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 - -デフォルト値: ローカルのPostgresインスタンスに接続します。 - -##### `db` - -そのテーブルが存在するデータベースを指定します。 - -##### `privilege` - -付与する権限のコンマ区切りリストを指定します。有効なオプション: 'ALL'、'SELECT'、'INSERT'、'UPDATE'、'DELETE'、'TRUNCATE'、'REFERENCES'、'TRIGGER'。 - -##### `psql_db` - -権限付与を実行するデータベースを指定します。 - -通常、デフォルトを変更しないでください。 - -デフォルト値: 'postgres'。 - -##### `psql_user` - -`psql`を実行するOSユーザを指定します。 - -デフォルト値: モジュールのデフォルトユーザ。通常、'postgres'。 - -##### `role` - -アクセスを付与するロールまたはユーザを指定します。 - -##### `table` - -アクセス権を付与するテーブルを指定します。 - -#### postgresql::server::tablespace - -テーブル空間を作成します。必要な場合、場所も作成し、PostgreSQLサーバーと同じパーミッションを割り当てます。 - -##### `connect_settings` - -リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 - -デフォルト値: ローカルのPostgresインスタンスに接続します。 - -##### `location` - -このテーブル空間へのパスを指定します。 - -##### `owner` - -そのテーブル空間のデフォルト所有者を指定します。 - -##### `spcname` - -テーブル空間の名前を指定します。 - -デフォルト値: namevar。 - -### タイプ - -#### postgresql_psql - -Puppetがpsqlステートメントを実行できるようにします。 - -##### `command` - -必須。 - -psqlを介して実行するSQLコマンドを指定します。 - -##### `cwd` - -psqlコマンドが実行される作業ディレクトリを指定します。 - -デフォルト値: '/tmp'。 - -##### `db` - -SQLコマンドを実行するデータベースの名前を指定します。 - -##### `environment` - -SQLコマンドに対して追加の環境変数を設定する場合に指定します。複数の環境変数を使用する場合は、配列として指定します。 - -##### `name` - -自身の参考用の任意のタグ、すなわちメッセージの名前を設定します。これはnamevarです。 - -##### `onlyif` - -メインのコマンドの前に実行するオプションのSQLコマンドを設定します。通常、これはべき等性に基づいて、データベース内のオブジェクトの存在を確認し、メインのSQLコマンドを実行する必要があるかどうかを判断するため使用されます。 - -##### `port` - -SQLコマンドを実行するデータベースサーバーのポートを指定します。 - -##### `psql_group` - -psqlコマンドを実行するシステムユーザグループアカウントを指定します。 - -デフォルト値: 'postgres'。 - -##### `psql_path` - -psql実行ファイルへのパスを指定します。 - -デフォルト値: 'psql'。 - -##### `psql_user` - -psqlコマンドを実行するシステムユーザアカウントを指定します。 - -デフォルト値: 'postgres'。 - -##### `refreshonly` - -notifyイベントまたはsubscribeイベントが発生したときのみSQLを実行するかどうかを指定します。 - -有効な値: `true`、`false`。 - -デフォルト値: `false`。 - -##### `search_path` - -SQLコマンドを実行するときに使用するスキーマ検索パスを定義します。 - -##### `unless` - -`onlyif`の逆です。 - -#### postgresql_conf - -Puppetが`postgresql.conf`パラメータを管理できるようにします。 - -##### `name` - -管理するPostgreSQLパラメータ名を指定します。 - -これはnamevarです。 - -##### `target` - -`postgresql.conf`へのパスを指定します。 - -デフォルト値: '/etc/postgresql.conf'。 - -##### `value` - -このパラメータに設定する値を指定します。 - -#### postgresql_replication_slot - -PostgreSQLマスターサーバー上でウォームスタンバイレプリケーションを登録するためのレプリケーションスロットを作成および消去できるようにします。 - -##### `name` - -作成するスロットの名前を指定します。有効なレプリケーションスロット名である必要があります。 - -これはnamevarです。 - -##### `ensure` - -必須。 - -指定されたスロットに対して、作成または消去のいずれかのアクションを指定します。 - -有効な値: 'present'、'absent'。 - -デフォルト値: 'present'。 - -#### postgresql_conn_validator - -このタイプを使用するローカルまたはリモートのPostgreSQLデータベースへの接続を検証します。 - -##### `connect_settings` - -リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。個々のパラメータ(`host`など)を設定する代わりに使用されますが、個々のパラメータが設定されている場合は個々のパラメータが優先されます。 - -デフォルト値: {} - -##### `db_name` - -テストするデータベースの名前を指定します。Specifies the name of the database you wish to test. - -デフォルト値: '' - -##### `db_password` - -接続するパスワードを指定します。`.pgpass`が使用されている場合は空欄にできます。それ以外の場合、空欄にすることは推奨されません。 - -デフォルト値: '' - -##### `db_username` - -接続するユーザ名を指定します。 - -デフォルト値: '' - -Unixソケットとident認証を使用するとき、このユーザとして実行されます。 - -##### `command` - -接続性を検証するためにターゲットデータベースで実行されるコマンドです。 - -デフォルト値: 'SELECT 1' - -##### `host` - -テストするデータベースのホスト名を設定します。 - -デフォルト値: ''。これは、通常指定されたローカルUnixソケットを使用します。 - -**ホストがリモートの場合、ユーザ名を指定する必要があります。** - -##### `port` - -接続するときに使用するポートを定義します。 - -デフォルト値: '' - -##### `run_as` - -`psql`コマンドの実行ユーザを指定します。これは、Unixソケットと`ident`認証を使用してローカルにデータベースに接続するときに重要です。リモートテストには必要ありません。 - -##### `sleep` - -失敗した後、再試行する前にスリープする時間を秒単位で設定します。 - -##### `tries` - -失敗した後、リソースを失敗とみなすまで再試行する回数を設定します。 - -### 関数 - -#### postgresql_password - -PostgreSQL暗号化パスワードを生成します。次のように、`postgresql_password`をコマンドラインから呼び出し、暗号化されたパスワードをマニフェストにコピーペーストします。 - -```shell -puppet apply --execute 'notify { 'test': message => postgresql_password('username', 'password') }' -``` - -本番マニフェストからこの関数を呼び出すことも可能ですが、その場合、マニフェストには暗号化していない平文のパスワードを含める必要があります。 - -#### postgresql_acls_to_resources_hash(acl_array, id, order_offset) - -この内部関数は、`pg_hba.conf`ベースのACLのリスト(文字列の配列として受け渡されたもの)を`postgresql::pg_hba_rule`リソースと互換性のある形式に変換します。 - -**この関数は、モジュールによる内部的な使用のみ可能です。** - -### タスク - -Postgresqlモジュールにはサンプルタスクがあり、ユーザはデータベースに対して任意のSQLを実行できます。[PEマニュアル](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html)または[Boltマニュアル](https://puppet.com/docs/bolt/latest/bolt.html) で、タスクを実行する方法に関する情報を参照してください。 - - -## 制約事項 - -PostgreSQLのバージョン8.1~9.5で動作します。 - -サポートされているオペレーティングシステムの一覧については、[metadata.json](https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/metadata.json)を参照してください。 - -### Aptモジュールのサポート - -このモジュールは1.xと2.x両方のバージョンの'puppetlabs-apt'モジュールをサポートしていますが、'puppetlabs-apt'の2.0.0と2.0.1はサポートしていません。 - - -### PostGISのサポート - -PostGISは、現時点ではすべてのプラットフォームで正常に動作するわけではないため、サポート対象外の機能とみなします。 - -### すべてのバージョンのRHEL/CentOS - -SELinuxが有効化されている場合、次の方法で`postgresql_port_t`コンテキストに使用中のカスタムポートを追加する必要があります。 - -```shell -semanage port -a -t postgresql_port_t -p tcp $customport -``` - -## 開発 - -Puppet Forgeに公開されているPuppet Labsモジュールはオープンプロジェクトのため、維持するにはコミュニティの貢献が不可欠です。Puppetは、現在私たちがアクセスできない無数のプラットフォームやハードウェア、ソフトウェア、デプロイ構成にも利用されることを目的としています。私たちの目標は、できる限り簡単に変更に貢献し、みなさまの環境で私たちのモジュールが機能できるようにすることです。最高の状態を維持するため、コントリビュータにはいくつかのガイドラインを守っていただく必要があります。詳細については、[モジュールコントリビューションガイド](https://docs.puppetlabs.com/forge/contributing.html)を参照してください。 - -### テスト - -このモジュールには、2種類のテストが配布されています。`rspec-puppet`のユニットテストと、`rspec-system`を使用したシステムテストです。 - -ユニットテストを実行するには、以下がインストールされていることを確認してください。 - -* rake -* bundler - -次のように、必要なgemをインストールします。 - -```shell -bundle install --path=vendor -``` - -そして、次のように記述して、ユニットテストを実行します。 - -```shell -bundle exec rake spec -``` - -ユニットテストは、Travis-CIでも実行されます。自身のテスト結果を確認するには、このプロジェクトのご自身のGitHubクローンのアカウントセクションから、Travis-CIを介してサービスフックを登録してください。 - -システムテストを実行するには、以下のツールもインストールされていることを確認してください。 - -* Vagrant > 1.2.x -* VirtualBox > 4.2.10 - -次の記述を使用してテストを実行します。 - -```shell -bundle exec rspec spec/acceptance -``` - -異なるオペレーティングシステムでテストを実行するには、`.nodeset.yml`で利用可能なセットを確認して、次の構文で特定のセットを実行します。 - -```shell -RSPEC_SET=debian-607-x64 bundle exec rspec spec/acceptance -``` - -### コントリビュータ - -貢献してくださった方々の一覧を[Github](https://github.com/puppetlabs/puppetlabs-postgresql/graphs/contributors)でご覧いただけます。 diff --git a/spec/acceptance/alternative_port_spec.rb b/spec/acceptance/alternative_port_spec.rb index 1441a010df..57ac64cf70 100644 --- a/spec/acceptance/alternative_port_spec.rb +++ b/spec/acceptance/alternative_port_spec.rb @@ -7,8 +7,8 @@ describe 'postgresql::server' do it 'on an alternative port' do pp = <<-MANIFEST - class { 'postgresql::server': port => '55433', manage_selinux => true } - MANIFEST + class { 'postgresql::server': port => 55433, manage_selinux => true } + MANIFEST if os[:family] == 'redhat' && os[:release].start_with?('8') apply_manifest(pp, expect_failures: false) # GCP failures on redhat8 IAC-1286 - idempotency failing diff --git a/spec/acceptance/db_spec.rb b/spec/acceptance/db_spec.rb index 1980816f5b..2564aaedf5 100644 --- a/spec/acceptance/db_spec.rb +++ b/spec/acceptance/db_spec.rb @@ -3,46 +3,44 @@ require 'spec_helper_acceptance' describe 'postgresql::server::db' do + before(:all) do + LitmusHelper.instance.run_shell("cd /tmp; su 'postgres' -c 'pg_ctl stop -D /var/lib/pgsql/data/ -m fast'", acceptable_exit_codes: [0, 1]) unless os[:family].match?(%r{debian|ubuntu}) + end + it 'creates a database' do - begin - tmpdir = run_shell('mktemp').stdout - pp = <<-MANIFEST - class { 'postgresql::server': - postgres_password => 'space password', - } - postgresql::server::tablespace { 'postgresql-test-db': - location => '#{tmpdir}', - } -> - postgresql::server::db { 'postgresql-test-db': - comment => 'testcomment', - user => 'test-user', - password => 'test1', - tablespace => 'postgresql-test-db', - } - MANIFEST - - idempotent_apply(pp) - - # Verify that the postgres password works - run_shell("echo 'localhost:*:*:postgres:\'space password\'' > /root/.pgpass") - run_shell('chmod 600 /root/.pgpass') - run_shell("psql -U postgres -h localhost --command='\\l'") - - result = psql('--command="select datname from pg_database" "postgresql-test-db"') - expect(result.stdout).to match(%r{postgresql-test-db}) - expect(result.stderr).to eq('') - - result = psql('--command="SELECT 1 FROM pg_roles WHERE rolname=\'test-user\'"') - expect(result.stdout).to match(%r{\(1 row\)}) - comment_information_function = if Gem::Version.new(postgresql_version) > Gem::Version.new('8.1') - 'shobj_description' - else - 'obj_description' - end - result = psql("--dbname postgresql-test-db --command=\"SELECT pg_catalog.#{comment_information_function}(d.oid, 'pg_database') FROM pg_catalog.pg_database d WHERE datname = 'postgresql-test-db' AND pg_catalog.#{comment_information_function}(d.oid, 'pg_database') = 'testcomment'\"") # rubocop:disable Layout/LineLength - expect(result.stdout).to match(%r{\(1 row\)}) - ensure - psql('--command=\'drop database "postgresql-test-db"\'') - end + tmpdir = run_shell('mktemp').stdout + pp = <<-MANIFEST + class { 'postgresql::server': + postgres_password => 'space password', + } + postgresql::server::tablespace { 'postgresql-test-db': + location => '#{tmpdir}', + } -> + postgresql::server::db { 'postgresql-test-db': + comment => 'testcomment', + user => 'test-user', + password => 'test1', + tablespace => 'postgresql-test-db', + } + MANIFEST + + idempotent_apply(pp) + + # Verify that the postgres password works + run_shell("echo 'localhost:*:*:postgres:'space password'' > /root/.pgpass") + run_shell('chmod 600 /root/.pgpass') + run_shell("psql -U postgres -h localhost --command='\\l'") + + result = psql('--command="select datname from pg_database" "postgresql-test-db"') + expect(result.stdout).to match(%r{postgresql-test-db}) + expect(result.stderr).to eq('') + + result = psql('--command="SELECT 1 FROM pg_roles WHERE rolname=\'test-user\'"') + expect(result.stdout).to match(%r{\(1 row\)}) + + result = psql("--dbname postgresql-test-db --command=\"SELECT pg_catalog.shobj_description(d.oid, 'pg_database') FROM pg_catalog.pg_database d WHERE datname = 'postgresql-test-db' AND pg_catalog.shobj_description(d.oid, 'pg_database') = 'testcomment'\"") # rubocop:disable Layout/LineLength + expect(result.stdout).to match(%r{\(1 row\)}) + ensure + psql('--command=\'drop database "postgresql-test-db"\'') end end diff --git a/spec/acceptance/default_parameters_spec.rb b/spec/acceptance/default_parameters_spec.rb index c69a3c6dd2..41eb6c9774 100644 --- a/spec/acceptance/default_parameters_spec.rb +++ b/spec/acceptance/default_parameters_spec.rb @@ -5,6 +5,10 @@ # These tests are designed to ensure that the module, when ran with defaults, # sets up everything correctly and allows us to connect to Postgres. describe 'postgresql::server' do + before(:all) do + LitmusHelper.instance.run_shell("cd /tmp; su 'postgres' -c 'pg_ctl stop -D /var/lib/pgsql/data/ -m fast'", acceptable_exit_codes: [0, 1]) unless os[:family].match?(%r{debian|ubuntu}) + end + it 'with defaults' do pp = <<-MANIFEST class { 'postgresql::server': } diff --git a/spec/acceptance/overridden_settings_spec.rb b/spec/acceptance/overridden_settings_spec.rb index 1127a6c2c5..225f5c7a78 100644 --- a/spec/acceptance/overridden_settings_spec.rb +++ b/spec/acceptance/overridden_settings_spec.rb @@ -5,6 +5,10 @@ # These tests are designed to ensure that the module, when ran overrides, # sets up everything correctly and allows us to connect to Postgres. describe 'postgresql::server' do + before(:all) do + LitmusHelper.instance.run_shell("cd /tmp; su 'postgres' -c 'pg_ctl stop -D /var/lib/pgsql/data/ -m fast'", acceptable_exit_codes: [0, 1]) unless os[:family].match?(%r{debian|ubuntu}) + end + let(:pp) do <<-MANIFEST class { 'postgresql::server': @@ -22,7 +26,7 @@ class { 'postgresql::server': type => 'host', database => 'mydb', user => 'myuser', - auth_method => 'md5', + auth_method => postgresql::default('password_encryption'), address => '192.0.2.100/32', }, }, @@ -31,7 +35,7 @@ class { 'postgresql::server': postgresql::server::database { 'testusername': owner => 'testusername', } - MANIFEST + MANIFEST end it 'with additional hiera entries' do diff --git a/spec/acceptance/server/config_entry_spec.rb b/spec/acceptance/server/config_entry_spec.rb index 20c14ef627..de034c01a2 100644 --- a/spec/acceptance/server/config_entry_spec.rb +++ b/spec/acceptance/server/config_entry_spec.rb @@ -3,6 +3,10 @@ require 'spec_helper_acceptance' describe 'postgresql::server::config_entry' do + before(:all) do + LitmusHelper.instance.run_shell("cd /tmp; su 'postgres' -c 'pg_ctl stop -D /var/lib/pgsql/data/ -m fast'", acceptable_exit_codes: [0, 1]) unless os[:family].match?(%r{debian|ubuntu}) + end + context 'unix_socket_directories' do let(:pp_test) do <<-MANIFEST diff --git a/spec/acceptance/server/deferred_pw_role_spec.rb b/spec/acceptance/server/deferred_pw_role_spec.rb new file mode 100644 index 0000000000..70cd6d031c --- /dev/null +++ b/spec/acceptance/server/deferred_pw_role_spec.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +require 'spec_helper_acceptance' + +describe 'postgresql::server::role:' do + let(:user) { 'deferred_user_test' } + let(:password) { 'test_password' } + + let(:pp_one) do + <<-MANIFEST.unindent + $user = #{user} + $password = #{password} + + class { 'postgresql::server': } + $deferred_func = Deferred('new', [String, $password]) + + postgresql::server::role { $user: + password_hash => $deferred_func, + } + MANIFEST + end + + it 'creates a role with the password in the deferred function' do + if run_shell('puppet --version').stdout[0].to_i < 7 + skip # Deferred function fixes only in puppet 7, see https://tickets.puppetlabs.com/browse/PUP-11518 + end + apply_manifest(pp_one) + psql_cmd = "PGPASSWORD=#{password} PGUSER=#{user} psql -h 127.0.0.1 -d postgres -c '\\q'" + run_shell("cd /tmp; su #{shellescape('postgres')} -c #{shellescape(psql_cmd)}", + acceptable_exit_codes: [0]) + end +end diff --git a/spec/acceptance/server/grant_role_spec.rb b/spec/acceptance/server/grant_role_spec.rb index c9935f0c16..246328e23f 100644 --- a/spec/acceptance/server/grant_role_spec.rb +++ b/spec/acceptance/server/grant_role_spec.rb @@ -7,18 +7,12 @@ let(:user) { 'psql_grant_role_tester' } let(:group) { 'test_group' } let(:password) { 'psql_grant_role_pw' } - let(:version) do - if os[:family] == 'redhat' && os[:release].start_with?('5') - '8.1' - end - end let(:pp_one) do <<-MANIFEST.unindent $db = #{db} $user = #{user} $group = #{group} $password = #{password} - $version = '#{version}' class { 'postgresql::server': } @@ -36,19 +30,12 @@ class { 'postgresql::server': } require => Postgresql::Server::Role[$user], } - # Lets setup the base rules - $local_auth_option = $version ? { - '8.1' => 'sameuser', - default => undef, - } - # Create a rule for the user postgresql::server::pg_hba_rule { "allow ${user}": type => 'local', database => $db, user => $user, auth_method => 'ident', - auth_option => $local_auth_option, order => 1, } @@ -72,7 +59,6 @@ class { 'postgresql::server': } $user = "#{user}" $group = "#{group}" $password = #{password} - $version = '#{version}' class { 'postgresql::server': } @@ -90,19 +76,12 @@ class { 'postgresql::server': } require => Postgresql::Server::Role[$user], } - # Lets setup the base rules - $local_auth_option = $version ? { - '8.1' => 'sameuser', - default => undef, - } - # Create a rule for the user postgresql::server::pg_hba_rule { "allow ${user}": type => 'local', database => $db, user => $user, auth_method => 'ident', - auth_option => $local_auth_option, order => 1, } diff --git a/spec/acceptance/server/grant_spec.rb b/spec/acceptance/server/grant_spec.rb index 6ac18f97d8..51a4ac1416 100644 --- a/spec/acceptance/server/grant_spec.rb +++ b/spec/acceptance/server/grant_spec.rb @@ -79,18 +79,14 @@ class { 'postgresql::server': } end it 'is expected to run idempotently' do - if Gem::Version.new(postgresql_version) >= Gem::Version.new('8.4.0') - idempotent_apply(pp) - end + idempotent_apply(pp) end it 'is expected to GRANT USAGE ON LANGUAGE plpgsql to ROLE' do - if Gem::Version.new(postgresql_version) >= Gem::Version.new('8.4.0') - ## Check that the privilege was granted to the user - psql("-d #{db} --command=\"SELECT 1 WHERE has_language_privilege('#{user}', 'plpgsql', 'USAGE')\"", superuser) do |r| - expect(r.stdout).to match(%r{\(1 row\)}) - expect(r.stderr).to eq('') - end + ## Check that the privilege was granted to the user + psql("-d #{db} --command=\"SELECT 1 WHERE has_language_privilege('#{user}', 'plpgsql', 'USAGE')\"", superuser) do |r| + expect(r.stdout).to match(%r{\(1 row\)}) + expect(r.stderr).to eq('') end end end @@ -201,6 +197,7 @@ class { 'postgresql::server': } end end end + ### FUNCTION grants context 'sequence' do let(:pp) do @@ -255,6 +252,7 @@ class { 'postgresql::server': } end end end + it 'grants execute on a function with argument to a user' do if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.0') idempotent_apply(pp) @@ -267,6 +265,7 @@ class { 'postgresql::server': } end end end + ### TABLE grants context 'table' do describe 'GRANT ... ON TABLE' do @@ -315,7 +314,7 @@ class { 'postgresql::server': } role => $user, require => [ Postgresql::Server::Role[$user] ], } - EOS + EOS pp_revoke = pp_setup + <<-EOS.unindent @@ -337,7 +336,7 @@ class { 'postgresql::server': } role => $user, require => [ Postgresql::Server::Role[$user] ], } - EOS + EOS if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.0') idempotent_apply(pp_create_table) @@ -376,7 +375,7 @@ class { 'postgresql::server': } role => $user, require => [ Postgresql::Server::Role[$user] ], } - EOS + EOS pp_revoke = pp_setup + <<-EOS.unindent @@ -389,7 +388,7 @@ class { 'postgresql::server': } role => $user, require => [ Postgresql::Server::Role[$user] ], } - EOS + EOS if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.0') ## pp_create_table sets up the permissions that pp_grant 'fixes', so these to steps cannot be rolled into one @@ -428,7 +427,7 @@ class { 'postgresql::server': } role => $user, require => [ Postgresql::Server::Role[$user] ], } - EOS + EOS pp_revoke = pp_setup + <<-EOS.unindent @@ -441,7 +440,7 @@ class { 'postgresql::server': } role => $user, require => [ Postgresql::Server::Role[$user] ], } - EOS + EOS if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.0') ## pp_create_table sets up the permissions that pp_grant 'fixes', so these to steps cannot be rolled into one @@ -471,6 +470,7 @@ class { 'postgresql::server': } end end end + context 'database' do describe 'REVOKE ... ON DATABASE...' do it 'do not fail on revoke connect from non-existant user' do @@ -484,7 +484,7 @@ class { 'postgresql::server': } db => '#{db}', role => '#{user}_does_not_exist', } - EOS + EOS idempotent_apply(pp) end end diff --git a/spec/acceptance/server/reassign_owned_by_spec.rb b/spec/acceptance/server/reassign_owned_by_spec.rb index 80a4807f21..4cbd3a49c1 100644 --- a/spec/acceptance/server/reassign_owned_by_spec.rb +++ b/spec/acceptance/server/reassign_owned_by_spec.rb @@ -126,7 +126,7 @@ class { 'postgresql::server': } end end end - end # it should reassign all objects + end end end ##################### diff --git a/spec/acceptance/server/recovery_spec.rb b/spec/acceptance/server/recovery_spec.rb index 5c789b7db0..1c68332a5a 100644 --- a/spec/acceptance/server/recovery_spec.rb +++ b/spec/acceptance/server/recovery_spec.rb @@ -7,6 +7,7 @@ before(:all) do pre_run end + after(:all) do pp = <<-MANIFEST.unindent file { '/tmp/recovery.conf': diff --git a/spec/acceptance/server/role_spec.rb b/spec/acceptance/server/role_spec.rb new file mode 100644 index 0000000000..8050653951 --- /dev/null +++ b/spec/acceptance/server/role_spec.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: true + +require 'spec_helper_acceptance' + +describe 'postgresql::server::role' do + let(:user) { 'foo' } + let(:password) { 'bar' } + + it 'with different DBVERSION in connect_settings' do + pp_role = <<-MANIFEST + $user = '#{user}' + $password = '#{password}' + + class { 'postgresql::server': } + + postgresql::server::role { $user: + password_hash => $password, + connect_settings => { + 'DBVERSION' => '13', + }, + } + MANIFEST + + if Gem::Version.new(postgresql_version) >= Gem::Version.new('14') + idempotent_apply(pp_role) + + # verify that password_encryption selectio is based on 'DBVERSION' and not on postgresql::serverglobals::version + psql("--command=\"SELECT 1 FROM pg_shadow WHERE usename = '#{user}' AND passwd = 'md596948aad3fcae80c08a35c9b5958cd89'\"") do |r| + expect(r.stdout).to match(%r{\(1 row\)}) + expect(r.stderr).to eq('') + end + end + end +end diff --git a/spec/acceptance/server/schema_spec.rb b/spec/acceptance/server/schema_spec.rb index 368337ac72..250ffeca81 100644 --- a/spec/acceptance/server/schema_spec.rb +++ b/spec/acceptance/server/schema_spec.rb @@ -3,17 +3,11 @@ require 'spec_helper_acceptance' describe 'postgresql::server::schema:' do - let(:version) do - if os[:family] == 'redhat' && os[:release].start_with?('5') - '8.1' - end - end let(:pp) do <<-MANIFEST.unindent $db = 'schema_test' $user = 'psql_schema_tester' $password = 'psql_schema_pw' - $version = '#{version}' class { 'postgresql::server': } @@ -31,19 +25,12 @@ class { 'postgresql::server': } require => Postgresql::Server::Role[$user], } - # Lets setup the base rules - $local_auth_option = $version ? { - '8.1' => 'sameuser', - default => undef, - } - # Create a rule for the user postgresql::server::pg_hba_rule { "allow ${user}": type => 'local', database => $db, user => $user, auth_method => 'ident', - auth_option => $local_auth_option, order => 1, } @@ -56,16 +43,14 @@ class { 'postgresql::server': } end it 'creates a schema for a user' do - begin - idempotent_apply(pp) + idempotent_apply(pp) - ## Check that the user can create a table in the database - psql('--command="create table psql_schema_tester.foo (foo int)" schema_test', 'psql_schema_tester') do |r| - expect(r.stdout).to match(%r{CREATE TABLE}) - expect(r.stderr).to eq('') - end - ensure - psql('--command="drop table psql_schema_tester.foo" schema_test', 'psql_schema_tester') + ## Check that the user can create a table in the database + psql('--command="create table psql_schema_tester.foo (foo int)" schema_test', 'psql_schema_tester') do |r| + expect(r.stdout).to match(%r{CREATE TABLE}) + expect(r.stderr).to eq('') end + ensure + psql('--command="drop table psql_schema_tester.foo" schema_test', 'psql_schema_tester') end end diff --git a/spec/acceptance/server_instance_spec.rb b/spec/acceptance/server_instance_spec.rb new file mode 100644 index 0000000000..93192bafb3 --- /dev/null +++ b/spec/acceptance/server_instance_spec.rb @@ -0,0 +1,161 @@ +# frozen_string_literal: true + +# run a test task +require 'spec_helper_acceptance' + +describe 'postgresql instance test1', if: os[:family] == 'redhat' && os[:release].start_with?('8') do + pp = <<-MANIFEST + # set global defaults + class { 'postgresql::globals': + encoding => 'UTF-8', + locale => 'en_US.UTF-8', + manage_package_repo => false, + manage_dnf_module => true, + needs_initdb => true, + version => '13', + } + # stop default main instance + class { 'postgresql::server': + service_ensure => 'stopped', + service_enable => false, + } + # define instance test1 + postgresql::server_instance { 'test1': + instance_user => 'ins_test1', + instance_group => 'ins_test1', + instance_directories => { + '/opt/pgsql' => { 'ensure' => 'directory' }, + '/opt/pgsql/backup' => { 'ensure' => 'directory' }, + '/opt/pgsql/data' => { 'ensure' => 'directory' }, + '/opt/pgsql/data/13' => { 'ensure' => 'directory' }, + '/opt/pgsql/data/home' => { 'ensure' => 'directory' }, + '/opt/pgsql/wal' => { 'ensure' => 'directory' }, + '/opt/pgsql/log' => { 'ensure' => 'directory' }, + '/opt/pgsql/log/13' => { 'ensure' => 'directory' }, + '/opt/pgsql/log/13/test1' => { 'ensure' => 'directory' }, + }, + config_settings => { + 'pg_hba_conf_path' => '/opt/pgsql/data/13/test1/pg_hba.conf', + 'postgresql_conf_path' => '/opt/pgsql/data/13/test1/postgresql.conf', + 'pg_ident_conf_path' => '/opt/pgsql/data/13/test1/pg_ident.conf', + 'datadir' => '/opt/pgsql/data/13/test1', + 'service_name' => 'postgresql@13-test1', + 'port' => 5433, + 'pg_hba_conf_defaults' => false, + 'manage_selinux' => true, + }, + service_settings => { + 'service_name' => 'postgresql@13-test1', + 'service_status' => 'systemctl status postgresql@13-test1.service', + 'service_ensure' => 'running', + 'service_enable' => true, + }, + initdb_settings => { + 'auth_local' => 'peer', + 'auth_host' => 'md5', + 'needs_initdb' => true, + 'datadir' => '/opt/pgsql/data/13/test1', + 'encoding' => 'UTF-8', + 'lc_messages' => 'en_US.UTF8', + 'locale' => 'en_US.UTF8', + 'data_checksums' => false, + 'group' => 'postgres', + 'user' => 'postgres', + 'username' => 'ins_test1', + }, + config_entries => { + 'authentication_timeout' => { + 'value' => '1min', + 'comment' => 'a test', + }, + 'log_statement_stats' => { 'value' => 'off' }, + 'autovacuum_vacuum_scale_factor' => { 'value' => 0.3 }, + }, + databases => { + 'testdb1' => { + 'encoding' => 'UTF8', + 'locale' => 'en_US.UTF8', + 'owner' => 'dba_test1', + }, + 'testdb2' => { + 'encoding' => 'UTF8', + 'locale' => 'en_US.UTF8', + 'owner' => 'dba_test1', + }, + }, + roles => { + 'ins_test1' => { + 'superuser' => true, + 'login' => true, + }, + 'dba_test1' => { + 'createdb' => true, + 'login' => true, + }, + 'app_test1' => { 'login' => true }, + 'rep_test1' => { + 'replication' => true, + 'login' => true, + }, + 'rou_test1' => { 'login' => true }, + }, + pg_hba_rules => { + 'local all INSTANCE user' => { + 'type' => 'local', + 'database' => 'all', + 'user' => 'ins_test1', + 'auth_method' => 'peer', + 'order' => 1, + }, + 'local all DB user' => { + 'type' => 'local', + 'database' => 'all', + 'user' => 'dba_test1', + 'auth_method' => 'peer', + 'order' => 2, + }, + 'local all APP user' => { + 'type' => 'local', + 'database' => 'all', + 'user' => 'app_test1', + 'auth_method' => 'peer', + 'order' => 3, + }, + 'local all READONLY user' => { + 'type' => 'local', + 'database' => 'all', + 'user' => 'rou_test1', + 'auth_method' => 'peer', + 'order' => 4, + }, + 'remote all INSTANCE user PGADMIN server' => { + 'type' => 'host', + 'database' => 'all', + 'user' => 'ins_test1', + 'address' => '192.168.22.131/32', + 'auth_method' => 'md5', + 'order' => 5, + }, + 'local replication INSTANCE user' => { + 'type' => 'local', + 'database' => 'replication', + 'user' => 'ins_test1', + 'auth_method' => 'peer', + 'order' => 6, + }, + 'local replication REPLICATION user' => { + 'type' => 'local', + 'database' => 'replication', + 'user' => 'rep_test1', + 'auth_method' => 'peer', + 'order' => 7, + }, + }, + } + MANIFEST + + it 'installs postgres instance test1' do + export_locales('en_US.UTF-8 ') + apply_manifest(pp, catch_failures: true) + end +end diff --git a/spec/acceptance/utf8_encoding_spec.rb b/spec/acceptance/utf8_encoding_spec.rb index 886d1e9fcf..b816842138 100644 --- a/spec/acceptance/utf8_encoding_spec.rb +++ b/spec/acceptance/utf8_encoding_spec.rb @@ -10,7 +10,7 @@ class { 'postgresql::globals': locale => 'en_NG', } -> class { 'postgresql::server': } - MANIFEST + MANIFEST end it 'with defaults' do diff --git a/spec/acceptance/z_alternative_pgdata_spec.rb b/spec/acceptance/z_alternative_pgdata_spec.rb index c3b581f02f..7c717c4344 100644 --- a/spec/acceptance/z_alternative_pgdata_spec.rb +++ b/spec/acceptance/z_alternative_pgdata_spec.rb @@ -7,9 +7,7 @@ describe 'postgresql::server', skip: 'IAC-1286' do before(:each) do - if os[:family] == 'sles' - skip "These test's currently do not work on SLES/Suse modules" - end + skip "These test's currently do not work on SLES/Suse modules" if os[:family] == 'sles' end it 'on an alternative pgdata location' do diff --git a/spec/classes/client_spec.rb b/spec/classes/client_spec.rb index 87f5f34604..55fee3ed54 100644 --- a/spec/classes/client_spec.rb +++ b/spec/classes/client_spec.rb @@ -11,27 +11,27 @@ validcon_script_path: '/opt/bin/my-validate-con.sh', package_ensure: 'absent', package_name: 'mypackage', - file_ensure: 'file', + file_ensure: 'file' } end it 'modifies package' do - is_expected.to contain_package('postgresql-client').with(ensure: 'absent', - name: 'mypackage', - tag: 'puppetlabs-postgresql') + expect(subject).to contain_package('postgresql-client').with(ensure: 'absent', + name: 'mypackage', + tag: 'puppetlabs-postgresql') end it 'has specified validate connexion' do - is_expected.to contain_file('/opt/bin/my-validate-con.sh').with(ensure: 'file', - owner: 0, - group: 0, - mode: '0755') + expect(subject).to contain_file('/opt/bin/my-validate-con.sh').with(ensure: 'file', + owner: 0, + group: 0, + mode: '0755') end end describe 'with no parameters' do it 'creates package with postgresql tag' do - is_expected.to contain_package('postgresql-client').with(tag: 'puppetlabs-postgresql') + expect(subject).to contain_package('postgresql-client').with(tag: 'puppetlabs-postgresql') end end @@ -50,12 +50,12 @@ class { 'postgresql::globals': describe 'with client package name explicitly set undef' do let :params do { - package_name: 'UNSET', + package_name: 'UNSET' } end it 'does not manage postgresql-client package' do - is_expected.not_to contain_package('postgresql-client') + expect(subject).not_to contain_package('postgresql-client') end end end diff --git a/spec/classes/globals_spec.rb b/spec/classes/globals_spec.rb index 4e994d91cb..3a6f021ba3 100644 --- a/spec/classes/globals_spec.rb +++ b/spec/classes/globals_spec.rb @@ -7,20 +7,20 @@ include_examples 'Debian 11' describe 'with no parameters' do - it 'works' do - is_expected.to contain_class('postgresql::globals') + it 'executes successfully' do + expect(subject).to contain_class('postgresql::globals') end end describe 'manage_package_repo => true' do let(:params) do { - manage_package_repo: true, + manage_package_repo: true } end it 'pulls in class postgresql::repo' do - is_expected.to contain_class('postgresql::repo') + expect(subject).to contain_class('postgresql::repo') end end end @@ -29,8 +29,8 @@ include_examples 'RedHat 7' describe 'with no parameters' do - it 'works' do - is_expected.to contain_class('postgresql::globals') + it 'executes successfully' do + expect(subject).to contain_class('postgresql::globals') end end @@ -38,22 +38,22 @@ let(:params) do { manage_package_repo: true, - repo_proxy: 'http://proxy-server:8080', + repo_proxy: 'http://proxy-server:8080' } end it 'pulls in class postgresql::repo' do - is_expected.to contain_class('postgresql::repo') + expect(subject).to contain_class('postgresql::repo') end it do - is_expected.to contain_yumrepo('yum.postgresql.org').with( + expect(subject).to contain_yumrepo('yum.postgresql.org').with( 'enabled' => '1', - 'proxy' => 'http://proxy-server:8080', + 'proxy' => 'http://proxy-server:8080', ) - is_expected.to contain_yumrepo('pgdg-common').with( + expect(subject).to contain_yumrepo('pgdg-common').with( 'enabled' => '1', - 'proxy' => 'http://proxy-server:8080', + 'proxy' => 'http://proxy-server:8080', ) end end @@ -63,20 +63,20 @@ { manage_package_repo: true, repo_baseurl: 'http://mirror.localrepo.com/pgdg-postgresql', - yum_repo_commonurl: 'http://mirror.localrepo.com/pgdg-common', + yum_repo_commonurl: 'http://mirror.localrepo.com/pgdg-common' } end it 'pulls in class postgresql::repo' do - is_expected.to contain_class('postgresql::repo') + expect(subject).to contain_class('postgresql::repo') end it do - is_expected.to contain_yumrepo('yum.postgresql.org').with( + expect(subject).to contain_yumrepo('yum.postgresql.org').with( 'enabled' => '1', 'baseurl' => 'http://mirror.localrepo.com/pgdg-postgresql', ) - is_expected.to contain_yumrepo('pgdg-common').with( + expect(subject).to contain_yumrepo('pgdg-common').with( 'enabled' => '1', 'baseurl' => 'http://mirror.localrepo.com/pgdg-common', ) diff --git a/spec/classes/lib/devel_spec.rb b/spec/classes/lib/devel_spec.rb index 7e5e3fa9f4..bbc4098dac 100644 --- a/spec/classes/lib/devel_spec.rb +++ b/spec/classes/lib/devel_spec.rb @@ -9,7 +9,7 @@ describe 'link pg_config to /usr/bin' do it { - is_expected.not_to contain_file('/usr/bin/pg_config') \ + expect(subject).not_to contain_file('/usr/bin/pg_config') \ .with_ensure('link') \ .with_target('/usr/lib/postgresql/13/bin/pg_config') } @@ -18,7 +18,7 @@ describe 'disable link_pg_config' do let(:params) do { - link_pg_config: false, + link_pg_config: false } end @@ -26,19 +26,19 @@ end describe 'should not link pg_config on RedHat with default version' do - include_examples 'RedHat 6' + include_examples 'RedHat 8' it { is_expected.not_to contain_file('/usr/bin/pg_config') } end describe 'link pg_config on RedHat with non-default version' do - include_examples 'RedHat 6' + include_examples 'RedHat 8' let :pre_condition do "class { '::postgresql::globals': version => '9.3' }" end it { - is_expected.to contain_file('/usr/bin/pg_config') \ + expect(subject).to contain_file('/usr/bin/pg_config') \ .with_ensure('link') \ .with_target('/usr/pgsql-9.3/bin/pg_config') } @@ -48,12 +48,12 @@ include_examples 'Gentoo' let :params do { - link_pg_config: false, + link_pg_config: false } end it 'fails to compile' do - is_expected.to compile.and_raise_error(%r{is not supported}) + expect(subject).to compile.and_raise_error(%r{is not supported}) end end end diff --git a/spec/classes/lib/java_spec.rb b/spec/classes/lib/java_spec.rb index 0e0797d4e1..dff666d4ad 100644 --- a/spec/classes/lib/java_spec.rb +++ b/spec/classes/lib/java_spec.rb @@ -7,7 +7,7 @@ include_examples 'Debian 11' it { - is_expected.to contain_package('postgresql-jdbc').with( + expect(subject).to contain_package('postgresql-jdbc').with( name: 'libpostgresql-jdbc-java', ensure: 'present', tag: 'puppetlabs-postgresql', @@ -19,19 +19,20 @@ include_examples 'RedHat 8' it { - is_expected.to contain_package('postgresql-jdbc').with( + expect(subject).to contain_package('postgresql-jdbc').with( name: 'postgresql-jdbc', ensure: 'present', tag: 'puppetlabs-postgresql', ) } + describe 'when parameters are supplied' do let :params do { package_ensure: 'latest', package_name: 'somepackage' } end it { - is_expected.to contain_package('postgresql-jdbc').with( + expect(subject).to contain_package('postgresql-jdbc').with( name: 'somepackage', ensure: 'latest', tag: 'puppetlabs-postgresql', diff --git a/spec/classes/lib/perl_spec.rb b/spec/classes/lib/perl_spec.rb index 3acd014da0..1dab09759f 100644 --- a/spec/classes/lib/perl_spec.rb +++ b/spec/classes/lib/perl_spec.rb @@ -7,7 +7,7 @@ include_examples 'RedHat 8' it { - is_expected.to contain_package('perl-DBD-Pg').with( + expect(subject).to contain_package('perl-DBD-Pg').with( name: 'perl-DBD-Pg', ensure: 'present', ) @@ -18,7 +18,7 @@ include_examples 'Debian 11' it { - is_expected.to contain_package('perl-DBD-Pg').with( + expect(subject).to contain_package('perl-DBD-Pg').with( name: 'libdbd-pg-perl', ensure: 'present', ) diff --git a/spec/classes/lib/pgdocs_spec.rb b/spec/classes/lib/pgdocs_spec.rb index febce3b57e..733322d0e9 100644 --- a/spec/classes/lib/pgdocs_spec.rb +++ b/spec/classes/lib/pgdocs_spec.rb @@ -7,19 +7,20 @@ include_examples 'RedHat 8' it { - is_expected.to contain_package('postgresql-docs').with( + expect(subject).to contain_package('postgresql-docs').with( name: 'postgresql-docs', ensure: 'present', tag: 'puppetlabs-postgresql', ) } + describe 'when parameters are supplied' do let :params do { package_ensure: 'latest', package_name: 'somepackage' } end it { - is_expected.to contain_package('postgresql-docs').with( + expect(subject).to contain_package('postgresql-docs').with( name: 'somepackage', ensure: 'latest', tag: 'puppetlabs-postgresql', diff --git a/spec/classes/lib/python_spec.rb b/spec/classes/lib/python_spec.rb index 87af71b71c..86093bc7e0 100644 --- a/spec/classes/lib/python_spec.rb +++ b/spec/classes/lib/python_spec.rb @@ -7,7 +7,7 @@ include_examples 'RedHat 7' it { - is_expected.to contain_package('python-psycopg2').with( + expect(subject).to contain_package('python-psycopg2').with( name: 'python-psycopg2', ensure: 'present', ) @@ -18,7 +18,7 @@ include_examples 'RedHat 8' it { - is_expected.to contain_package('python-psycopg2').with( + expect(subject).to contain_package('python-psycopg2').with( name: 'python3-psycopg2', ensure: 'present', ) @@ -29,7 +29,7 @@ include_examples 'Debian 11' it { - is_expected.to contain_package('python-psycopg2').with( + expect(subject).to contain_package('python-psycopg2').with( name: 'python-psycopg2', ensure: 'present', ) diff --git a/spec/classes/repo_spec.rb b/spec/classes/repo_spec.rb index 23f97a6db5..3399203f3a 100644 --- a/spec/classes/repo_spec.rb +++ b/spec/classes/repo_spec.rb @@ -7,7 +7,7 @@ describe 'with no parameters' do it 'instantiates apt_postgresql_org class' do - is_expected.to contain_class('postgresql::repo::apt_postgresql_org') + expect(subject).to contain_class('postgresql::repo::apt_postgresql_org') end end end diff --git a/spec/classes/server/config_spec.rb b/spec/classes/server/config_spec.rb index 25a724814e..a44e4f107e 100644 --- a/spec/classes/server/config_spec.rb +++ b/spec/classes/server/config_spec.rb @@ -11,41 +11,22 @@ include_examples 'RedHat 7' it 'has SELinux port defined' do - is_expected.to contain_package('policycoreutils-python').with(ensure: 'installed') + expect(subject).to contain_package('policycoreutils-python').with(ensure: 'installed') - is_expected.to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') + expect(subject).to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') .with(unless: '/usr/sbin/semanage port -l | grep -qw 5432') - .that_comes_before('Postgresql::Server::Config_entry[port]') + .that_comes_before('Postgresql::Server::Config_entry[port_for_instance_main]') .that_requires('Package[policycoreutils-python]') end - it 'removes the old systemd-override file' do - is_expected.to contain_file('old-systemd-override') - .with(ensure: 'absent', path: '/etc/systemd/system/postgresql.service') - end - it 'has the correct systemd-override drop file' do - is_expected.to contain_file('systemd-override').with( - ensure: 'file', path: '/etc/systemd/system/postgresql.service.d/postgresql.conf', - owner: 'root', group: 'root' - ) .that_requires('File[systemd-conf-dir]') + expect(subject).to contain_file('/etc/systemd/system/postgresql.service.d/postgresql.conf').with( + ensure: 'file', owner: 'root', group: 'root', + ).that_requires('File[/etc/systemd/system/postgresql.service.d]') end it 'has the correct systemd-override file #regex' do - is_expected.to contain_file('systemd-override') \ - .with_content(%r{(?!^.include)}) - end - - context 'RHEL 7 host with Puppet 5' do - include_examples 'RedHat 7' - - it 'has systemctl restart command' do - is_expected.to contain_exec('restart-systemd').with( - command: 'systemctl daemon-reload', - refreshonly: true, - path: '/bin:/usr/bin:/usr/local/bin', - ) - end + expect(subject).to contain_file('/etc/systemd/system/postgresql.service.d/postgresql.conf') end describe 'with manage_package_repo => true and a version' do @@ -53,21 +34,20 @@ <<-EOS class { 'postgresql::globals': manage_package_repo => true, - version => '9.4', + version => '10', }-> class { 'postgresql::server': } EOS end it 'has the correct systemd-override file' do - is_expected.to contain_file('systemd-override').with( - ensure: 'file', path: '/etc/systemd/system/postgresql-9.4.service.d/postgresql-9.4.conf', - owner: 'root', group: 'root' + expect(subject).to contain_file('/etc/systemd/system/postgresql-10.service.d/postgresql-10.conf').with( + ensure: 'file', owner: 'root', group: 'root', ) end it 'has the correct systemd-override file #regex' do - is_expected.to contain_file('systemd-override') .without_content(%r{\.include}) + expect(subject).to contain_file('/etc/systemd/system/postgresql-10.service.d/postgresql-10.conf').without_content(%r{\.include}) end end end @@ -76,28 +56,22 @@ class { 'postgresql::server': } include_examples 'RedHat 8' it 'has SELinux port defined' do - is_expected.to contain_package('policycoreutils-python-utils').with(ensure: 'installed') + expect(subject).to contain_package('policycoreutils-python-utils').with(ensure: 'installed') - is_expected.to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') + expect(subject).to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') .with(unless: '/usr/sbin/semanage port -l | grep -qw 5432') - .that_comes_before('Postgresql::Server::Config_entry[port]') + .that_comes_before('Postgresql::Server::Config_entry[port_for_instance_main]') .that_requires('Package[policycoreutils-python-utils]') end - it 'removes the old systemd-override file' do - is_expected.to contain_file('old-systemd-override') - .with(ensure: 'absent', path: '/etc/systemd/system/postgresql.service') - end - it 'has the correct systemd-override drop file' do - is_expected.to contain_file('systemd-override').with( - ensure: 'file', path: '/etc/systemd/system/postgresql.service.d/postgresql.conf', - owner: 'root', group: 'root' - ) .that_requires('File[systemd-conf-dir]') + expect(subject).to contain_file('/etc/systemd/system/postgresql.service.d/postgresql.conf').with( + ensure: 'file', owner: 'root', group: 'root', + ).that_requires('File[/etc/systemd/system/postgresql.service.d]') end it 'has the correct systemd-override file #regex' do - is_expected.to contain_file('systemd-override') .without_content(%r{\.include}) + expect(subject).to contain_file('/etc/systemd/system/postgresql.service.d/postgresql.conf').without_content(%r{\.include}) end describe 'with manage_package_repo => true and a version' do @@ -105,20 +79,20 @@ class { 'postgresql::server': } <<-EOS class { 'postgresql::globals': manage_package_repo => true, - version => '9.4', + version => '14', }-> class { 'postgresql::server': } EOS end it 'has the correct systemd-override file' do - is_expected.to contain_file('systemd-override').with( - ensure: 'file', path: '/etc/systemd/system/postgresql-9.4.service.d/postgresql-9.4.conf', - owner: 'root', group: 'root' + expect(subject).to contain_file('/etc/systemd/system/postgresql-14.service.d/postgresql-14.conf').with( + ensure: 'file', owner: 'root', group: 'root', ) end + it 'has the correct systemd-override file #regex' do - is_expected.to contain_file('systemd-override') .without_content(%r{\.include}) + expect(subject).to contain_file('/etc/systemd/system/postgresql-14.service.d/postgresql-14.conf').without_content(%r{\.include}) end end end @@ -127,28 +101,22 @@ class { 'postgresql::server': } include_examples 'Fedora 33' it 'has SELinux port defined' do - is_expected.to contain_package('policycoreutils-python-utils').with(ensure: 'installed') + expect(subject).to contain_package('policycoreutils-python-utils').with(ensure: 'installed') - is_expected.to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') + expect(subject).to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') .with(unless: '/usr/sbin/semanage port -l | grep -qw 5432') - .that_comes_before('Postgresql::Server::Config_entry[port]') + .that_comes_before('Postgresql::Server::Config_entry[port_for_instance_main]') .that_requires('Package[policycoreutils-python-utils]') end - it 'removes the old systemd-override file' do - is_expected.to contain_file('old-systemd-override') - .with(ensure: 'absent', path: '/etc/systemd/system/postgresql.service') - end - it 'has the correct systemd-override drop file' do - is_expected.to contain_file('systemd-override').with( - ensure: 'file', path: '/etc/systemd/system/postgresql.service.d/postgresql.conf', - owner: 'root', group: 'root' - ) .that_requires('File[systemd-conf-dir]') + expect(subject).to contain_file('/etc/systemd/system/postgresql.service.d/postgresql.conf').with( + ensure: 'file', owner: 'root', group: 'root', + ).that_requires('File[/etc/systemd/system/postgresql.service.d]') end it 'has the correct systemd-override file #regex' do - is_expected.to contain_file('systemd-override') .without_content(%r{\.include}) + expect(subject).to contain_file('/etc/systemd/system/postgresql.service.d/postgresql.conf').without_content(%r{\.include}) end describe 'with manage_package_repo => true and a version' do @@ -163,14 +131,13 @@ class { 'postgresql::server': } end it 'has the correct systemd-override file' do - is_expected.to contain_file('systemd-override').with( - ensure: 'file', path: '/etc/systemd/system/postgresql-13.service.d/postgresql-13.conf', - owner: 'root', group: 'root' + expect(subject).to contain_file('/etc/systemd/system/postgresql-13.service.d/postgresql-13.conf').with( + ensure: 'file', owner: 'root', group: 'root', ) end it 'has the correct systemd-override file #regex' do - is_expected.to contain_file('systemd-override') .without_content(%r{\.include}) + expect(subject).to contain_file('/etc/systemd/system/postgresql-13.service.d/postgresql-13.conf').without_content(%r{\.include}) end end end @@ -179,11 +146,11 @@ class { 'postgresql::server': } include_examples 'Amazon 1' it 'has SELinux port defined' do - is_expected.to contain_package('policycoreutils').with(ensure: 'installed') + expect(subject).to contain_package('policycoreutils').with(ensure: 'installed') - is_expected.to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') + expect(subject).to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') .with(unless: '/usr/sbin/semanage port -l | grep -qw 5432') - .that_comes_before('Postgresql::Server::Config_entry[port]') + .that_comes_before('Postgresql::Server::Config_entry[port_for_instance_main]') .that_requires('Package[policycoreutils]') end end @@ -193,7 +160,7 @@ class { 'postgresql::server': } let(:pre_condition) do <<-EOS class { 'postgresql::globals': - version => '9.5', + version => '14', }-> class { 'postgresql::server': manage_pg_hba_conf => true, @@ -206,10 +173,11 @@ class { 'postgresql::server': end it 'has hba rule default' do - is_expected.to contain_postgresql__server__pg_hba_rule('local access as postgres user') + expect(subject).to contain_postgresql__server__pg_hba_rule('local access as postgres user for instance main') end + it 'has hba rule ipv4acls' do - is_expected.to contain_postgresql__server__pg_hba_rule('postgresql class generated rule ipv4acls 0') + expect(subject).to contain_postgresql__server__pg_hba_rule('postgresql class generated rule ipv4acls 0') end end @@ -221,32 +189,21 @@ class { 'postgresql::server': let(:pre_condition) do <<-EOS class { 'postgresql::globals': - version => '9.5', + version => '14', }-> class { 'postgresql::server': } EOS end it 'does not have SELinux port defined' do - is_expected.not_to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') - end - - it 'removes the old systemd-override file' do - is_expected.to contain_file('old-systemd-override') - .with(ensure: 'absent', path: '/etc/systemd/system/postgresql-9.5.service') + expect(subject).not_to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') end it 'has the correct systemd-override drop file' do - is_expected.to contain_file('systemd-override').with( - ensure: 'file', path: '/etc/systemd/system/postgresql-9.5.service.d/postgresql-9.5.conf', - owner: 'root', group: 'root' + expect(subject).to contain_file('/etc/systemd/system/postgresql-14.service.d/postgresql-14.conf').with( + ensure: 'file', owner: 'root', group: 'root', ) end - - it 'has the correct systemd-override file #regex' do - is_expected.to contain_file('systemd-override') \ - .with_content(%r{(?!^.include)}) - end end end end diff --git a/spec/classes/server/contrib_spec.rb b/spec/classes/server/contrib_spec.rb index dcbda7b5bf..16e3139aa2 100644 --- a/spec/classes/server/contrib_spec.rb +++ b/spec/classes/server/contrib_spec.rb @@ -13,20 +13,20 @@ let(:params) do { package_name: 'mypackage', - package_ensure: 'absent', + package_ensure: 'absent' } end it 'creates package with correct params' do - is_expected.to contain_package('postgresql-contrib').with(ensure: 'absent', - name: 'mypackage', - tag: 'puppetlabs-postgresql') + expect(subject).to contain_package('postgresql-contrib').with(ensure: 'absent', + name: 'mypackage', + tag: 'puppetlabs-postgresql') end end describe 'with no parameters' do it 'creates package with postgresql tag' do - is_expected.to contain_package('postgresql-contrib').with(tag: 'puppetlabs-postgresql') + expect(subject).to contain_package('postgresql-contrib').with(tag: 'puppetlabs-postgresql') end end @@ -34,8 +34,8 @@ include_examples 'Gentoo' it 'postgresql-contrib should not be installed' do - is_expected.to compile - is_expected.not_to contain_package('postgresql-contrib') + expect(subject).to compile + expect(subject).not_to contain_package('postgresql-contrib') end end @@ -43,8 +43,8 @@ include_examples 'Debian 11' it 'postgresql-contrib should not be installed' do - is_expected.to compile - is_expected.not_to contain_package('postgresql-contrib') + expect(subject).to compile + expect(subject).not_to contain_package('postgresql-contrib') end end end diff --git a/spec/classes/server/initdb_spec.rb b/spec/classes/server/initdb_spec.rb index 50ba8c853b..c18c7f92f8 100644 --- a/spec/classes/server/initdb_spec.rb +++ b/spec/classes/server/initdb_spec.rb @@ -65,7 +65,7 @@ class { 'postgresql::server': } end it 'contains exec with specified working directory' do - is_expected.to contain_exec('postgresql_initdb').with( + expect(subject).to contain_exec('postgresql_initdb_instance_main').with( cwd: '/var/tmp', ) end @@ -82,7 +82,7 @@ class { 'postgresql::server': } end it 'contains exec with default working directory' do - is_expected.to contain_exec('postgresql_initdb').with( + expect(subject).to contain_exec('postgresql_initdb_instance_main').with( cwd: '/tmp', ) end @@ -102,7 +102,7 @@ class { 'postgresql::server': } end it 'contains postgresql_psql with specified working directory' do - is_expected.to contain_postgresql_psql('Set template1 encoding to test').with(cwd: '/var/tmp') + expect(subject).to contain_postgresql_psql('Set template1 encoding to test').with(cwd: '/var/tmp') end end end diff --git a/spec/classes/server/plperl_spec.rb b/spec/classes/server/plperl_spec.rb index 6df41c2cd8..a749d758eb 100644 --- a/spec/classes/server/plperl_spec.rb +++ b/spec/classes/server/plperl_spec.rb @@ -11,9 +11,10 @@ describe 'with no parameters' do it { is_expected.to contain_class('postgresql::server::plperl') } + it 'creates package' do - is_expected.to contain_package('postgresql-plperl').with(ensure: 'present', - tag: 'puppetlabs-postgresql') + expect(subject).to contain_package('postgresql-plperl').with(ensure: 'present', + tag: 'puppetlabs-postgresql') end end @@ -21,15 +22,16 @@ let :params do { package_ensure: 'absent', - package_name: 'mypackage', + package_name: 'mypackage' } end it { is_expected.to contain_class('postgresql::server::plperl') } + it 'creates package with correct params' do - is_expected.to contain_package('postgresql-plperl').with(ensure: 'absent', - name: 'mypackage', - tag: 'puppetlabs-postgresql') + expect(subject).to contain_package('postgresql-plperl').with(ensure: 'absent', + name: 'mypackage', + tag: 'puppetlabs-postgresql') end end end diff --git a/spec/classes/server/plpython_spec.rb b/spec/classes/server/plpython_spec.rb index defb4bb31e..d657b67e36 100644 --- a/spec/classes/server/plpython_spec.rb +++ b/spec/classes/server/plpython_spec.rb @@ -11,9 +11,10 @@ describe 'on RedHat with no parameters' do it { is_expected.to contain_class('postgresql::server::plpython') } + it 'creates package' do - is_expected.to contain_package('postgresql-plpython').with(ensure: 'present', - tag: 'puppetlabs-postgresql') + expect(subject).to contain_package('postgresql-plpython').with(ensure: 'present', + tag: 'puppetlabs-postgresql') end end @@ -21,15 +22,16 @@ let :params do { package_ensure: 'absent', - package_name: 'mypackage', + package_name: 'mypackage' } end it { is_expected.to contain_class('postgresql::server::plpython') } + it 'creates package with correct params' do - is_expected.to contain_package('postgresql-plpython').with(ensure: 'absent', - name: 'mypackage', - tag: 'puppetlabs-postgresql') + expect(subject).to contain_package('postgresql-plpython').with(ensure: 'absent', + name: 'mypackage', + tag: 'puppetlabs-postgresql') end end end diff --git a/spec/classes/server/postgis_spec.rb b/spec/classes/server/postgis_spec.rb index 69c8d95f8d..eb149e7073 100644 --- a/spec/classes/server/postgis_spec.rb +++ b/spec/classes/server/postgis_spec.rb @@ -12,20 +12,20 @@ let(:params) do { package_name: 'mypackage', - package_ensure: 'absent', + package_ensure: 'absent' } end it 'creates package with correct params' do - is_expected.to contain_package('postgresql-postgis').with(ensure: 'absent', - name: 'mypackage', - tag: 'puppetlabs-postgresql') + expect(subject).to contain_package('postgresql-postgis').with(ensure: 'absent', + name: 'mypackage', + tag: 'puppetlabs-postgresql') end end describe 'with no parameters' do it 'creates package with postgresql tag' do - is_expected.to contain_package('postgresql-postgis').with(tag: 'puppetlabs-postgresql') + expect(subject).to contain_package('postgresql-postgis').with(tag: 'puppetlabs-postgresql') end end end diff --git a/spec/classes/server/service_spec.rb b/spec/classes/server/service_spec.rb index 1fa6f5ab8d..1018fbc688 100644 --- a/spec/classes/server/service_spec.rb +++ b/spec/classes/server/service_spec.rb @@ -10,5 +10,5 @@ end it { is_expected.to contain_class('postgresql::server::service') } - it { is_expected.to contain_service('postgresqld').with_name('postgresql').with_status('/usr/sbin/service postgresql@*-main status') } + it { is_expected.to contain_service('postgresqld_instance_main').with_name('postgresql').with_status('systemctl status postgresql') } end diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb index 7ebe246998..caf592d611 100644 --- a/spec/classes/server_spec.rb +++ b/spec/classes/server_spec.rb @@ -9,11 +9,13 @@ it { is_expected.to contain_class('postgresql::params') } it { is_expected.to contain_class('postgresql::server') } it { is_expected.to contain_file('/var/lib/postgresql/13/main') } + it { - is_expected.to contain_exec('postgresql_reload').with('command' => 'service postgresql reload') + expect(subject).to contain_exec('postgresql_reload_main').with('command' => 'systemctl reload postgresql') } + it 'validates connection' do - is_expected.to contain_postgresql_conn_validator('validate_service_is_running') + expect(subject).to contain_postgresql_conn_validator('validate_service_is_running_instance_main') end end @@ -50,21 +52,23 @@ class { 'postgresql::globals': let(:params) do { service_ensure: 'running', - postgres_password: 'new-p@s$word-to-set', + postgres_password: 'new-p@s$word-to-set' } end it { is_expected.to contain_class('postgresql::params') } it { is_expected.to contain_class('postgresql::server') } it { is_expected.to contain_class('postgresql::server::passwd') } + it 'validates connection' do - is_expected.to contain_postgresql_conn_validator('validate_service_is_running') + expect(subject).to contain_postgresql_conn_validator('validate_service_is_running_instance_main') end + it 'sets postgres password' do - is_expected.to contain_exec('set_postgres_postgrespw').with('command' => '/usr/bin/psql -c "ALTER ROLE \"postgres\" PASSWORD ${NEWPASSWD_ESCAPED}"', - 'user' => 'postgres', - 'environment' => ['PGPASSWORD=new-p@s$word-to-set', 'PGPORT=5432', 'NEWPASSWD_ESCAPED=$$new-p@s$word-to-set$$'], - 'unless' => "/usr/bin/psql -h localhost -p 5432 -c 'select 1' > /dev/null") + expect(subject).to contain_exec('set_postgres_postgrespw_main').with('command' => '/usr/bin/psql -c "ALTER ROLE \"postgres\" PASSWORD ${NEWPASSWD_ESCAPED}"', + 'user' => 'postgres', + 'environment' => ['PGPASSWORD=new-p@s$word-to-set', 'PGPORT=5432', 'NEWPASSWD_ESCAPED=$$new-p@s$word-to-set$$'], + 'unless' => "/usr/bin/psql -h localhost -p 5432 -c 'select 1' > /dev/null") end end @@ -72,21 +76,23 @@ class { 'postgresql::globals': let(:params) do { service_ensure: true, - postgres_password: 'new-p@s$word-to-set', + postgres_password: 'new-p@s$word-to-set' } end it { is_expected.to contain_class('postgresql::params') } it { is_expected.to contain_class('postgresql::server') } it { is_expected.to contain_class('postgresql::server::passwd') } + it 'validates connection' do - is_expected.to contain_postgresql_conn_validator('validate_service_is_running') + expect(subject).to contain_postgresql_conn_validator('validate_service_is_running_instance_main') end + it 'sets postgres password' do - is_expected.to contain_exec('set_postgres_postgrespw').with('command' => '/usr/bin/psql -c "ALTER ROLE \"postgres\" PASSWORD ${NEWPASSWD_ESCAPED}"', - 'user' => 'postgres', - 'environment' => ['PGPASSWORD=new-p@s$word-to-set', 'PGPORT=5432', 'NEWPASSWD_ESCAPED=$$new-p@s$word-to-set$$'], - 'unless' => "/usr/bin/psql -h localhost -p 5432 -c 'select 1' > /dev/null") + expect(subject).to contain_exec('set_postgres_postgrespw_main').with('command' => ['/usr/bin/psql -c "ALTER ROLE \"postgres\" PASSWORD ${NEWPASSWD_ESCAPED}"'], + 'user' => 'postgres', + 'environment' => ['PGPASSWORD=new-p@s$word-to-set', 'PGPORT=5432', 'NEWPASSWD_ESCAPED=$$new-p@s$word-to-set$$'], + 'unless' => "/usr/bin/psql -h localhost -p 5432 -c 'select 1' > /dev/null") end end @@ -95,8 +101,9 @@ class { 'postgresql::globals': it { is_expected.to contain_class('postgresql::params') } it { is_expected.to contain_class('postgresql::server') } + it 'shouldnt validate connection' do - is_expected.not_to contain_postgresql_conn_validator('validate_service_is_running') + expect(subject).not_to contain_postgresql_conn_validator('validate_service_is_running_instance_main') end end @@ -105,11 +112,13 @@ class { 'postgresql::globals': it { is_expected.to contain_class('postgresql::params') } it { is_expected.to contain_class('postgresql::server') } + it { - is_expected.not_to contain_Postgresql_conf('data_directory').that_notifies('Class[postgresql::server::service]') + expect(subject).not_to contain_Postgresql_conf('data_directory_for_instance_main').that_notifies('Class[postgresql::server::service]') } + it 'validates connection' do - is_expected.to contain_postgresql_conn_validator('validate_service_is_running') + expect(subject).to contain_postgresql_conn_validator('validate_service_is_running_instance_main') end end @@ -118,11 +127,15 @@ class { 'postgresql::globals': it { is_expected.to contain_class('postgresql::params') } it { is_expected.to contain_class('postgresql::server') } + it { - is_expected.to contain_Postgresql_conf('data_directory').that_notifies('Class[postgresql::server::service]') + expect(subject).to contain_Postgresql_conf('data_directory_for_instance_main').that_notifies('Class[postgresql::server::service]') } + + it { is_expected.to contain_postgresql__server__config_entry('data_directory_for_instance_main') } + it 'validates connection' do - is_expected.to contain_postgresql_conn_validator('validate_service_is_running') + expect(subject).to contain_postgresql_conn_validator('validate_service_is_running_instance_main') end end @@ -131,54 +144,57 @@ class { 'postgresql::globals': it { is_expected.to contain_class('postgresql::params') } it { is_expected.to contain_class('postgresql::server') } + it { - is_expected.to contain_exec('postgresql_reload').with('command' => '/bin/true') + expect(subject).to contain_exec('postgresql_reload_main').with('command' => '/bin/true') } + it 'validates connection' do - is_expected.to contain_postgresql_conn_validator('validate_service_is_running') + expect(subject).to contain_postgresql_conn_validator('validate_service_is_running_instance_main') end end describe 'service_manage => true' do let(:params) { { service_manage: true } } - it { is_expected.to contain_service('postgresqld') } + it { is_expected.to contain_service('postgresqld_instance_main') } end describe 'service_manage => false' do let(:params) { { service_manage: false } } - it { is_expected.not_to contain_service('postgresqld') } + it { is_expected.not_to contain_service('postgresqld_instance_main') } + it 'shouldnt validate connection' do - is_expected.not_to contain_postgresql_conn_validator('validate_service_is_running') + expect(subject).not_to contain_postgresql_conn_validator('validate_service_is_running_instance_main') end end describe 'package_ensure => absent' do let(:params) do { - package_ensure: 'absent', + package_ensure: 'absent' } end it 'removes the package' do - is_expected.to contain_package('postgresql-server').with(ensure: 'purged') + expect(subject).to contain_package('postgresql-server').with(ensure: 'purged') end it 'stills enable the service' do - is_expected.to contain_service('postgresqld').with(ensure: 'running') + expect(subject).to contain_service('postgresqld_instance_main').with(ensure: 'running') end end describe 'needs_initdb => true' do let(:params) do { - needs_initdb: true, + needs_initdb: true } end it 'contains proper initdb exec' do - is_expected.to contain_exec('postgresql_initdb') + expect(subject).to contain_exec('postgresql_initdb_instance_main') end end @@ -187,17 +203,17 @@ class { 'postgresql::globals': <<-EOS class { 'postgresql::globals': manage_package_repo => true, - version => '99.5', + version => '14', before => Class['postgresql::server'], } EOS end it 'contains the correct package version' do - is_expected.to contain_class('postgresql::repo').with_version('99.5') - is_expected.to contain_file('/var/lib/postgresql/99.5/main') # FIXME: be more precise - is_expected.to contain_concat('/etc/postgresql/99.5/main/pg_hba.conf') # FIXME: be more precise - is_expected.to contain_concat('/etc/postgresql/99.5/main/pg_ident.conf') # FIXME: be more precise + expect(subject).to contain_class('postgresql::repo').with_version('14') + expect(subject).to contain_file('/var/lib/postgresql/14/main') # FIXME: be more precise + expect(subject).to contain_concat('/etc/postgresql/14/main/pg_hba.conf') # FIXME: be more precise + expect(subject).to contain_concat('/etc/postgresql/14/main/pg_ident.conf') # FIXME: be more precise end end @@ -205,8 +221,8 @@ class { 'postgresql::globals': let(:params) do { roles: { - username: { createdb: true }, - }, + username: { createdb: true } + } } end @@ -220,8 +236,8 @@ class { 'postgresql::globals': config_entries: { fsync: 'off', checkpoint_segments: '20', - remove_me: :undef, - }, + remove_me: :undef + } } end @@ -240,15 +256,16 @@ class { 'postgresql::globals': database: 'mydb', user: 'myuser', auth_method: 'md5', - address: '192.0.2.100', - }, - }, + address: '192.0.2.100' + } + } } end it { is_expected.to compile.with_all_deps } + it do - is_expected.to contain_postgresql__server__pg_hba_rule('from_remote_host') + expect(subject).to contain_postgresql__server__pg_hba_rule('from_remote_host') .with_type('host') .with_database('mydb') .with_user('myuser') @@ -256,4 +273,67 @@ class { 'postgresql::globals': .with_address('192.0.2.100') end end + + describe 'backup_enable => false' do + let(:params) { { backup_enable: false } } + + it { is_expected.to contain_class('postgresql::server') } + it { is_expected.not_to contain_class('postgresql::backup::pg_dump') } + it { is_expected.not_to contain_file('/root/.pgpass') } + it { is_expected.not_to contain_file('/usr/local/sbin/pg_dump.sh') } + it { is_expected.not_to contain_cron('pg_dump backup job') } + end + + describe 'backup_enable => true' do + let(:params) do + { + backup_enable: true, + backup_provider: 'pg_dump', + backup_options: { + db_user: 'backupuser', + db_password: 'backuppass', + dir: '/tmp/backuptest', + manage_user: true + } + } + end + + it { is_expected.to contain_class('postgresql::server') } + it { is_expected.to contain_class('postgresql::backup::pg_dump') } + + it { + expect(subject).to contain_postgresql__server__role('backupuser') + .with_superuser(true) + } + + it { + expect(subject).to contain_postgresql__server__pg_hba_rule('local access as backup user') + .with_type('local') + .with_database('all') + .with_user('backupuser') + .with_auth_method('md5') + } + + it { + expect(subject).to contain_file('/root/.pgpass') + .with_content(%r{.*:backupuser:.*}) + } + + it { + expect(subject).to contain_file('/usr/local/sbin/pg_dump.sh') + .with_content(%r{.*pg_dumpall \$_pg_args --file=\$\{FILE\} \$@.*}) + } + + it { + expect(subject).to contain_cron('pg_dump backup job') + .with( + ensure: 'present', + command: '/usr/local/sbin/pg_dump.sh', + user: 'root', + hour: '23', + minute: '5', + weekday: '*', + ) + } + end end diff --git a/spec/default_facts.yml b/spec/default_facts.yml index f777abfc99..3346c394df 100644 --- a/spec/default_facts.yml +++ b/spec/default_facts.yml @@ -2,7 +2,8 @@ # # Facts specified here will override the values provided by rspec-puppet-facts. --- -ipaddress: "172.16.254.254" -ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" +networking: + ip: "172.16.254.254" + ip6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" + mac: "AA:AA:AA:AA:AA:AA" is_pe: false -macaddress: "AA:AA:AA:AA:AA:AA" diff --git a/spec/defines/server/config_entry_spec.rb b/spec/defines/server/config_entry_spec.rb index b4a2cebac4..8b13e020bd 100644 --- a/spec/defines/server/config_entry_spec.rb +++ b/spec/defines/server/config_entry_spec.rb @@ -24,43 +24,48 @@ context 'ports' do let(:params) { { ensure: 'present', name: 'port_spec', value: '5432' } } - context 'redhat 6' do - include_examples 'RedHat 6' - - it 'stops postgresql and changes the port #exec' do - is_expected.to contain_exec('postgresql_stop_port') - end - it 'stops postgresql and changes the port #augeas' do - is_expected.to contain_augeas('override PGPORT in /etc/sysconfig/pgsql/postgresql') - end - end context 'redhat 7' do include_examples 'RedHat 7' it 'stops postgresql and changes the port #file' do - is_expected.to contain_file('systemd-override') + expect(subject).to contain_file('/etc/systemd/system/postgresql.service.d/postgresql.conf') end end end - context 'data_directory' do - include_examples 'RedHat 6' - let(:params) { { ensure: 'present', name: 'data_directory_spec', value: '/var/pgsql' } } + context 'passes values through appropriately' do + let(:params) { { ensure: 'present', name: 'check_function_bodies', value: 'off' } } - it 'stops postgresql and changes the data directory #exec' do - is_expected.to contain_exec('postgresql_data_directory') + it 'with no quotes' do + expect(subject).to contain_postgresql_conf('check_function_bodies').with(name: 'check_function_bodies', + value: 'off') end - it 'stops postgresql and changes the data directory #augeas' do - is_expected.to contain_augeas('override PGDATA in /etc/sysconfig/pgsql/postgresql') + end + + context 'passes a string value through appropriately' do + let(:params) { { ensure: 'present', name: 'string_value', value: 'entry_test' } } + + it 'and adds string value to config' do + expect(subject).to contain_postgresql_conf('string_value').with(name: 'string_value', + value: 'entry_test') end end - context 'passes values through appropriately' do - let(:params) { { ensure: 'present', name: 'check_function_bodies', value: 'off' } } + context 'passes an integer value through appropriately' do + let(:params) { { ensure: 'present', name: 'integer_value', value: 40 } } - it 'with no quotes' do - is_expected.to contain_postgresql_conf('check_function_bodies').with(name: 'check_function_bodies', - value: 'off') + it 'and adds integer value to config' do + expect(subject).to contain_postgresql_conf('integer_value').with(name: 'integer_value', + value: 40) + end + end + + context 'passes a float value through appropriately' do + let(:params) { { ensure: 'present', name: 'floating_point_value', value: 4.0 } } + + it 'and adds float value to config' do + expect(subject).to contain_postgresql_conf('floating_point_value').with(name: 'floating_point_value', + value: 4.0) end end @@ -68,7 +73,7 @@ let(:params) { { ensure: 'present', name: 'unix_socket_directories', value: '/var/pgsql, /opt/postgresql, /root/' } } it 'restarts the server and change unix_socket_directories to the provided list' do - is_expected.to contain_postgresql_conf('unix_socket_directories') + expect(subject).to contain_postgresql_conf('unix_socket_directories') .with(name: 'unix_socket_directories', value: '/var/pgsql, /opt/postgresql, /root/') .that_notifies('Class[postgresql::server::service]') diff --git a/spec/defines/server/database_grant_spec.rb b/spec/defines/server/database_grant_spec.rb index 3951fa2b27..61fe77ded8 100644 --- a/spec/defines/server/database_grant_spec.rb +++ b/spec/defines/server/database_grant_spec.rb @@ -9,18 +9,37 @@ 'test' end - let :params do - { - privilege: 'ALL', - db: 'test', - role: 'test', - } - end - let :pre_condition do "class {'postgresql::server':}" end - it { is_expected.to contain_postgresql__server__database_grant('test') } - it { is_expected.to contain_postgresql__server__grant('database:test') } + context 'with minimal settings' do + let :params do + { + privilege: 'ALL', + db: 'test', + role: 'test' + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_postgresql__server__database_grant('test') } + it { is_expected.to contain_postgresql__server__grant('database:test').with_psql_user('postgres').with_port(5432).with_group('postgres') } + end + + context 'with different user/group/port' do + let :params do + { + privilege: 'ALL', + db: 'test', + role: 'test', + psql_user: 'foo', + psql_group: 'bar', + port: 1337 + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_postgresql__server__grant('database:test').with_psql_user('foo').with_port(1337).with_group('bar') } + end end diff --git a/spec/defines/server/database_spec.rb b/spec/defines/server/database_spec.rb index 158706001a..d9df85e40a 100644 --- a/spec/defines/server/database_spec.rb +++ b/spec/defines/server/database_spec.rb @@ -13,7 +13,7 @@ end it { is_expected.to contain_postgresql__server__database('test') } - it { is_expected.to contain_postgresql_psql('CREATE DATABASE "test"').that_requires('Service[postgresqld]') } + it { is_expected.to contain_postgresql_psql('CREATE DATABASE "test"').that_requires('Service[postgresqld_instance_main]') } context "with comment set to 'test comment'" do let(:params) { { comment: 'test comment' } } @@ -44,10 +44,10 @@ class {'postgresql::server':}" let(:params) do { connect_settings: { 'PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', - 'PGPORT' => '1234' } } + 'PGPORT' => '1234' } } end - it { is_expected.to contain_postgresql_psql('CREATE DATABASE "test"').with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', 'PGPORT' => '1234').with_port(nil) } + it { is_expected.to contain_postgresql_psql('CREATE DATABASE "test"').with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', 'PGPORT' => '1234').with_port(1234) } end context 'with global db connection settings - including port' do @@ -61,7 +61,7 @@ class {'postgresql::server':}" class {'postgresql::server':}" end - it { is_expected.to contain_postgresql_psql('CREATE DATABASE "test"').with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.2', 'PGPORT' => '1234').with_port(nil) } + it { is_expected.to contain_postgresql_psql('CREATE DATABASE "test"').with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.2', 'PGPORT' => '1234').with_port(1234) } end context 'with different owner' do diff --git a/spec/defines/server/db_spec.rb b/spec/defines/server/db_spec.rb index 65677d9aa1..4056f0f4ce 100644 --- a/spec/defines/server/db_spec.rb +++ b/spec/defines/server/db_spec.rb @@ -6,7 +6,24 @@ include_examples 'Debian 11' let :title do - 'test' + 'testdb' + end + let :pre_condition do + "class {'postgresql::server':}" + end + + context 'with minimal params' do + let :params do + { + user: 'foo' + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_postgresql__server__db('testdb').without_port.with_user('foo').with_psql_user('postgres').with_psql_group('postgres') } + it { is_expected.to contain_postgresql__server__database('testdb').without_owner.with_user('postgres').with_group('postgres') } + it { is_expected.to contain_postgresql__server__role('foo').that_comes_before('Postgresql::Server::Database[testdb]').with_port(5432).with_psql_user('postgres').with_psql_group('postgres') } + it { is_expected.to contain_postgresql__server__database_grant('GRANT foo - ALL - testdb').with_port(5432).with_psql_user('postgres').with_psql_group('postgres') } end context 'without dbname param' do @@ -14,18 +31,14 @@ { user: 'test', password: 'test', - owner: 'tester', + owner: 'tester' } end - let :pre_condition do - "class {'postgresql::server':}" - end - - it { is_expected.to contain_postgresql__server__db('test') } - it { is_expected.to contain_postgresql__server__database('test').with_owner('tester') } - it { is_expected.to contain_postgresql__server__role('test').that_comes_before('Postgresql::Server::Database[test]') } - it { is_expected.to contain_postgresql__server__database_grant('GRANT test - ALL - test') } + it { is_expected.to contain_postgresql__server__db('testdb') } + it { is_expected.to contain_postgresql__server__database('testdb').with_owner('tester') } + it { is_expected.to contain_postgresql__server__role('test').that_comes_before('Postgresql::Server::Database[testdb]') } + it { is_expected.to contain_postgresql__server__database_grant('GRANT test - ALL - testdb') } end context 'dbname' do @@ -34,7 +47,7 @@ dbname: 'testtest', user: 'test', password: 'test', - owner: 'tester', + owner: 'tester' } end diff --git a/spec/defines/server/default_privileges_spec.rb b/spec/defines/server/default_privileges_spec.rb index 0c08cfdef4..c5917b08fc 100644 --- a/spec/defines/server/default_privileges_spec.rb +++ b/spec/defines/server/default_privileges_spec.rb @@ -17,7 +17,7 @@ db: 'test', role: 'test', privilege: 'all', - object_type: 'tables', + object_type: 'tables' } end @@ -34,7 +34,7 @@ db: 'test', role: 'test', privilege: 'aLl', - object_type: 'TaBlEs', + object_type: 'TaBlEs' } end @@ -44,8 +44,9 @@ it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__default_privileges('test') } + it do - is_expected.to contain_postgresql_psql('default_privileges:test') + expect(subject).to contain_postgresql_psql('default_privileges:test') .with_command('ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO "test"') end end @@ -57,7 +58,7 @@ db: 'test', role: 'test', privilege: 'all', - object_type: 'wrong_type', + object_type: 'wrong_type' } end @@ -76,7 +77,7 @@ db: 'test', role: 'test', privilege: 'all', - object_type: 'tables', + object_type: 'tables' } end @@ -86,9 +87,10 @@ it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__default_privileges('test') } + it do # rubocop:disable Layout/LineLength - is_expected.to contain_postgresql_psql('default_privileges:test') + expect(subject).to contain_postgresql_psql('default_privileges:test') .with_command('ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO "test"') .with_unless("SELECT 1 WHERE EXISTS (SELECT * FROM pg_default_acl AS da LEFT JOIN pg_namespace AS n ON da.defaclnamespace = n.oid WHERE 'test=arwdDxt' = ANY (defaclacl) AND nspname = 'public' and defaclobjtype = 'r')") # rubocop:enable Layout/LineLength @@ -101,7 +103,7 @@ db: 'test', role: 'test', privilege: 'wrong_privilege', - object_type: 'tables', + object_type: 'tables' } end @@ -112,8 +114,8 @@ it { is_expected.to compile.and_raise_error(%r{Illegal value for \$privilege parameter}) } end - context 'schemas on postgres < 10.0' do - include_examples 'Debian 9' + context 'schemas on postgres < 9.6' do + include_examples 'RedHat 7' let :params do { @@ -121,7 +123,7 @@ role: 'test', privilege: 'all', object_type: 'schemas', - schema: '', + schema: '' } end @@ -129,7 +131,7 @@ "class {'postgresql::server':}" end - it { is_expected.to compile.and_raise_error(%r{Default_privileges on schemas is only supported on PostgreSQL >= 10.0}m) } + it { is_expected.to compile.and_raise_error(%r{Default_privileges is only useable with PostgreSQL >= 9.6}m) } end context 'schemas on postgres >= 10.0' do @@ -141,7 +143,7 @@ role: 'test', privilege: 'all', object_type: 'schemas', - schema: '', + schema: '' } end @@ -156,9 +158,10 @@ class { 'postgresql::server': } it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__default_privileges('test') } + it do # rubocop:disable Layout/LineLength - is_expected.to contain_postgresql_psql('default_privileges:test') + expect(subject).to contain_postgresql_psql('default_privileges:test') .with_command('ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO "test"') .with_unless("SELECT 1 WHERE EXISTS (SELECT * FROM pg_default_acl AS da LEFT JOIN pg_namespace AS n ON da.defaclnamespace = n.oid WHERE 'test=UC' = ANY (defaclacl) AND nspname IS NULL and defaclobjtype = 'n')") # rubocop:enable Layout/LineLength @@ -174,7 +177,7 @@ class { 'postgresql::server': } role: 'test', privilege: 'all', object_type: 'schemas', - schema: 'public', + schema: 'public' } end @@ -199,7 +202,7 @@ class { 'postgresql::server': } privilege: 'all', object_type: 'tables', connect_settings: { 'PGHOST' => 'postgres-db-server', - 'DBVERSION' => '9.6' }, + 'DBVERSION' => '9.6' } } end @@ -221,7 +224,7 @@ class { 'postgresql::server': } object_type: 'tables', connect_settings: { 'PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.6', - 'PGPORT' => '1234' }, + 'PGPORT' => '1234' } } end @@ -244,7 +247,7 @@ class { 'postgresql::server': } connect_settings: { 'PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.6', 'PGPORT' => '1234' }, - port: 5678, + port: 5678 } end @@ -254,7 +257,7 @@ class { 'postgresql::server': } it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__default_privileges('test') } - it { is_expected.to contain_postgresql_psql('default_privileges:test').with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.6', 'PGPORT' => '1234').with_port('5678') } + it { is_expected.to contain_postgresql_psql('default_privileges:test').with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.6', 'PGPORT' => '1234').with_port('1234') } end context 'with specific schema name' do @@ -274,9 +277,10 @@ class { 'postgresql::server': } it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__default_privileges('test') } + it do # rubocop:disable Layout/LineLength - is_expected.to contain_postgresql_psql('default_privileges:test') + expect(subject).to contain_postgresql_psql('default_privileges:test') .with_command('ALTER DEFAULT PRIVILEGES IN SCHEMA my_schema GRANT ALL ON TABLES TO "test"') .with_unless("SELECT 1 WHERE EXISTS (SELECT * FROM pg_default_acl AS da LEFT JOIN pg_namespace AS n ON da.defaclnamespace = n.oid WHERE 'test=arwdDxt' = ANY (defaclacl) AND nspname = 'my_schema' and defaclobjtype = 'r')") # rubocop:enable Layout/LineLength @@ -300,9 +304,10 @@ class { 'postgresql::server': } it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__default_privileges('test') } + it do # rubocop:disable Layout/LineLength - is_expected.to contain_postgresql_psql('default_privileges:test') + expect(subject).to contain_postgresql_psql('default_privileges:test') .with_command('ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO "test"') .with_unless("SELECT 1 WHERE EXISTS (SELECT * FROM pg_default_acl AS da LEFT JOIN pg_namespace AS n ON da.defaclnamespace = n.oid WHERE 'test=arwdDxt' = ANY (defaclacl) AND nspname IS NULL and defaclobjtype = 'r')") # rubocop:enable Layout/LineLength @@ -315,7 +320,7 @@ class { 'postgresql::server': } db: 'test', role: 'test', privilege: 'all', - object_type: 'tables', + object_type: 'tables' } end @@ -329,9 +334,10 @@ class {'postgresql::server':} it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__default_privileges('test') } it { is_expected.to contain_postgresql__server__role('test') } + it do - is_expected.to contain_postgresql_psql('default_privileges:test') \ - .that_requires(['Service[postgresqld]', 'Postgresql::Server::Role[test]']) + expect(subject).to contain_postgresql_psql('default_privileges:test') \ + .that_requires(['Service[postgresqld_instance_main]', 'Postgresql::Server::Role[test]']) end end @@ -342,7 +348,7 @@ class {'postgresql::server':} db: 'test', role: 'test', privilege: 'all', - object_type: 'tables', + object_type: 'tables' } end @@ -356,9 +362,10 @@ class {'postgresql::server':} it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__default_privileges('test') } it { is_expected.to contain_postgresql__server__role('target') } + it do # rubocop:disable Layout/LineLength - is_expected.to contain_postgresql_psql('default_privileges:test') + expect(subject).to contain_postgresql_psql('default_privileges:test') .with_command('ALTER DEFAULT PRIVILEGES FOR ROLE target IN SCHEMA public GRANT ALL ON TABLES TO "test"') .with_unless("SELECT 1 WHERE EXISTS (SELECT * FROM pg_default_acl AS da LEFT JOIN pg_namespace AS n ON da.defaclnamespace = n.oid WHERE 'test=arwdDxt/target' = ANY (defaclacl) AND nspname = 'public' and defaclobjtype = 'r')") # rubocop:enable Layout/LineLength @@ -377,7 +384,7 @@ class {'postgresql::server':} psql_user: 'postgres', psql_db: 'db', port: 1542, - connect_settings: { 'DBVERSION' => '9.6' }, + connect_settings: { 'DBVERSION' => '9.6' } } end diff --git a/spec/defines/server/extension_spec.rb b/spec/defines/server/extension_spec.rb index 268933716d..fd2f6ffa8f 100644 --- a/spec/defines/server/extension_spec.rb +++ b/spec/defines/server/extension_spec.rb @@ -14,13 +14,13 @@ let(:title) { 'postgis' } let(:params) do { - database: 'template_postgis', + database: 'template_postgis' } end context 'with mandatory arguments only' do it { - is_expected.to contain_postgresql_psql('template_postgis: CREATE EXTENSION "postgis"') + expect(subject).to contain_postgresql_psql('template_postgis: CREATE EXTENSION "postgis"') .with(db: 'template_postgis', command: 'CREATE EXTENSION "postgis"').that_requires('Postgresql::Server::Database[template_postgis]') } end @@ -31,7 +31,7 @@ end it { - is_expected.to contain_postgresql_psql('template_postgis: ALTER EXTENSION "postgis" SET SCHEMA "pg_catalog"') + expect(subject).to contain_postgresql_psql('template_postgis: ALTER EXTENSION "postgis" SET SCHEMA "pg_catalog"') } end @@ -41,7 +41,7 @@ end it { - is_expected.to contain_package('postgis') + expect(subject).to contain_package('postgis') .with(ensure: 'installed', name: 'postgis').that_comes_before('Postgresql_psql[template_postgis: CREATE EXTENSION "postgis"]') } end @@ -53,13 +53,13 @@ end it { - is_expected.to contain_postgresql_psql('template_postgis: DROP EXTENSION "postgis"') + expect(subject).to contain_postgresql_psql('template_postgis: DROP EXTENSION "postgis"') .with(db: 'template_postgis', command: 'DROP EXTENSION "postgis"').that_requires('Postgresql::Server::Database[template_postgis]') } it { - is_expected.to contain_package('postgis').with(ensure: 'absent', - name: 'postgis') + expect(subject).to contain_package('postgis').with(ensure: 'absent', + name: 'postgis') } context 'when keeping package installed' do @@ -68,12 +68,12 @@ end it { - is_expected.to contain_postgresql_psql('template_postgis: DROP EXTENSION "postgis"') + expect(subject).to contain_postgresql_psql('template_postgis: DROP EXTENSION "postgis"') .with(db: 'template_postgis', command: 'DROP EXTENSION "postgis"').that_requires('Postgresql::Server::Database[template_postgis]') } it { - is_expected.to contain_package('postgis') + expect(subject).to contain_package('postgis') .with(ensure: 'installed', name: 'postgis').that_requires('Postgresql_psql[template_postgis: DROP EXTENSION "postgis"]') } end @@ -87,7 +87,7 @@ end it { - is_expected.to contain_postgresql_psql('template_postgis: ALTER EXTENSION "postgis" UPDATE TO \'99.99.99\'') + expect(subject).to contain_postgresql_psql('template_postgis: ALTER EXTENSION "postgis" UPDATE TO \'99.99.99\'') .with(db: 'template_postgis', unless: "SELECT 1 FROM pg_extension WHERE extname='postgis' AND extversion='99.99.99'").that_requires('Postgresql::Server::Database[template_postgis]') } end @@ -100,7 +100,7 @@ end it { - is_expected.to contain_postgresql_psql('template_postgis: ALTER EXTENSION "postgis" UPDATE') + expect(subject).to contain_postgresql_psql('template_postgis: ALTER EXTENSION "postgis" UPDATE') .with(db: 'template_postgis', unless: "SELECT 1 FROM pg_available_extensions WHERE name = 'postgis' AND default_version = installed_version").that_requires('Postgresql::Server::Database[template_postgis]') } @@ -120,7 +120,7 @@ let(:params) do { database: 'template_postgis2', - extension: 'postgis', + extension: 'postgis' } end @@ -130,7 +130,7 @@ context 'with mandatory arguments only' do it { - is_expected.to contain_postgresql_psql('template_postgis2: CREATE EXTENSION "postgis"') + expect(subject).to contain_postgresql_psql('template_postgis2: CREATE EXTENSION "postgis"') .with(db: 'template_postgis2', command: 'CREATE EXTENSION "postgis"').that_requires('Postgresql::Server::Database[template_postgis2]') } end @@ -143,7 +143,7 @@ let(:params) do { database: 'postgres', - extension: 'pg_repack', + extension: 'pg_repack' } end @@ -153,7 +153,7 @@ end it { - is_expected.to contain_postgresql_psql('postgres: CREATE EXTENSION "pg_repack"') + expect(subject).to contain_postgresql_psql('postgres: CREATE EXTENSION "pg_repack"') .with(db: 'postgres', command: 'CREATE EXTENSION "pg_repack"') } end @@ -162,7 +162,7 @@ let :params do { database: 'postgres', - extension: 'pg_repack', + extension: 'pg_repack' } end @@ -179,7 +179,7 @@ { database: 'postgres', extension: 'pg_repack', - port: 1234, + port: 1234 } end @@ -198,7 +198,7 @@ extension: 'pg_repack', connect_settings: { 'PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', - 'PGPORT' => '1234' }, + 'PGPORT' => 1234 } } end @@ -207,10 +207,11 @@ end it { is_expected.to compile.with_all_deps } + it { - is_expected.to contain_postgresql_psql('postgres: CREATE EXTENSION "pg_repack"') + expect(subject).to contain_postgresql_psql('postgres: CREATE EXTENSION "pg_repack"') .with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', 'PGPORT' => '1234') - .with_port(nil) + .with_port(1234) } end @@ -221,8 +222,8 @@ extension: 'pg_repack', connect_settings: { 'PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', - 'PGPORT' => '1234' }, - port: 5678, + 'PGPORT' => 1234 }, + port: 5678 } end @@ -231,10 +232,11 @@ end it { is_expected.to compile.with_all_deps } + it { - is_expected.to contain_postgresql_psql('postgres: CREATE EXTENSION "pg_repack"') + expect(subject).to contain_postgresql_psql('postgres: CREATE EXTENSION "pg_repack"') .with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', 'PGPORT' => '1234') - .with_port('5678') + .with_port('1234') } end end diff --git a/spec/defines/server/grant_role_spec.rb b/spec/defines/server/grant_role_spec.rb index 359d13cfec..016255aa70 100644 --- a/spec/defines/server/grant_role_spec.rb +++ b/spec/defines/server/grant_role_spec.rb @@ -14,13 +14,13 @@ let(:params) do { group: 'my_group', - role: 'my_role', + role: 'my_role' } end context 'with mandatory arguments only' do it { - is_expected.to contain_postgresql_psql("grant_role:#{title}") + expect(subject).to contain_postgresql_psql("grant_role:#{title}") .with(command: "GRANT \"#{params[:group]}\" TO \"#{params[:role]}\"", unless: "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '#{params[:group]}' AND r_role.rolname = '#{params[:role]}') = true") # rubocop:disable Layout/LineLength .that_requires('Class[postgresql::server]') @@ -31,11 +31,11 @@ let(:params) do super().merge(psql_db: 'postgres', psql_user: 'postgres', - port: '5432') + port: 5432) end it { - is_expected.to contain_postgresql_psql("grant_role:#{title}") + expect(subject).to contain_postgresql_psql("grant_role:#{title}") .with(command: "GRANT \"#{params[:group]}\" TO \"#{params[:role]}\"", unless: "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '#{params[:group]}' AND r_role.rolname = '#{params[:role]}') = true", # rubocop:disable Layout/LineLength db: params[:psql_db], psql_user: params[:psql_user], @@ -49,7 +49,7 @@ end it { - is_expected.to contain_postgresql_psql("grant_role:#{title}") + expect(subject).to contain_postgresql_psql("grant_role:#{title}") .with(command: "REVOKE \"#{params[:group]}\" FROM \"#{params[:role]}\"", unless: "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '#{params[:group]}' AND r_role.rolname = '#{params[:role]}') != true") # rubocop:disable Layout/LineLength .that_requires('Class[postgresql::server]') @@ -63,10 +63,11 @@ end it { - is_expected.to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:role]}]") + expect(subject).to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:role]}]") } + it { - is_expected.not_to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:group]}]") + expect(subject).not_to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:group]}]") } end @@ -77,10 +78,11 @@ end it { - is_expected.to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:group]}]") + expect(subject).to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:group]}]") } + it { - is_expected.not_to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:role]}]") + expect(subject).not_to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:role]}]") } end @@ -90,10 +92,11 @@ end it { - is_expected.to contain_postgresql_psql("grant_role:#{title}").with_connect_settings('PGHOST' => 'postgres-db-server') + expect(subject).to contain_postgresql_psql("grant_role:#{title}").with_connect_settings('PGHOST' => 'postgres-db-server') } + it { - is_expected.not_to contain_postgresql_psql("grant_role:#{title}").that_requires('Class[postgresql::server]') + expect(subject).not_to contain_postgresql_psql("grant_role:#{title}").that_requires('Class[postgresql::server]') } end end diff --git a/spec/defines/server/grant_spec.rb b/spec/defines/server/grant_spec.rb index 508a24747e..1b730174dc 100644 --- a/spec/defines/server/grant_spec.rb +++ b/spec/defines/server/grant_spec.rb @@ -13,7 +13,7 @@ let :params do { db: 'test', - role: 'test', + role: 'test' } end @@ -31,7 +31,7 @@ db: 'test', role: 'test', privilege: 'usage', - object_type: 'sequence', + object_type: 'sequence' } end @@ -41,8 +41,9 @@ it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__grant('test') } + it do - is_expected.to contain_postgresql_psql('grant:test') + expect(subject).to contain_postgresql_psql('grant:test') .with_command(%r{GRANT USAGE ON SEQUENCE "test" TO\s* "test"}m) .with_unless(%r{SELECT 1 WHERE has_sequence_privilege\('test',\s* 'test', 'USAGE'\)}m) end @@ -54,7 +55,7 @@ db: 'test', role: 'test', privilege: 'usage', - object_type: 'SeQuEnCe', + object_type: 'SeQuEnCe' } end @@ -64,8 +65,9 @@ it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__grant('test') } + it do - is_expected.to contain_postgresql_psql('grant:test') + expect(subject).to contain_postgresql_psql('grant:test') .with_command(%r{GRANT USAGE ON SEQUENCE "test" TO\s* "test"}m) .with_unless(%r{SELECT 1 WHERE has_sequence_privilege\('test',\s* 'test', 'USAGE'\)}m) end @@ -78,7 +80,7 @@ role: 'test', privilege: 'usage', object_type: 'all sequences in schema', - object_name: 'public', + object_name: 'public' } end @@ -88,8 +90,9 @@ it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__grant('test') } + it do - is_expected.to contain_postgresql_psql('grant:test') + expect(subject).to contain_postgresql_psql('grant:test') .with_command(%r{GRANT USAGE ON ALL SEQUENCES IN SCHEMA "public" TO\s* "test"}m) .with_unless(%r{SELECT 1 WHERE NOT EXISTS \(\s*SELECT sequence_name\s* FROM information_schema\.sequences\s* WHERE sequence_schema='public'\s* EXCEPT DISTINCT\s* SELECT object_name as sequence_name\s* FROM .* WHERE .*grantee='test'\s* AND object_schema='public'\s* AND privilege_type='USAGE'\s*\)}m) # rubocop:disable Layout/LineLength end @@ -101,7 +104,7 @@ db: 'test', role: 'test', connect_settings: { 'PGHOST' => 'postgres-db-server', - 'DBVERSION' => '9.1' }, + 'DBVERSION' => '9.1' } } end @@ -121,7 +124,7 @@ role: 'test', connect_settings: { 'PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', - 'PGPORT' => '1234' }, + 'PGPORT' => '1234' } } end @@ -142,7 +145,7 @@ connect_settings: { 'PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', 'PGPORT' => '1234' }, - port: 5678, + port: 5678 } end @@ -152,7 +155,7 @@ it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__grant('test') } - it { is_expected.to contain_postgresql_psql('grant:test').with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', 'PGPORT' => '1234').with_port('5678') } + it { is_expected.to contain_postgresql_psql('grant:test').with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', 'PGPORT' => '1234').with_port('1234') } end context 'with specific schema name' do @@ -162,7 +165,7 @@ role: 'test', privilege: 'all', object_name: ['myschema', 'mytable'], - object_type: 'table', + object_type: 'table' } end @@ -172,8 +175,9 @@ it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__grant('test') } + it do - is_expected.to contain_postgresql_psql('grant:test') + expect(subject).to contain_postgresql_psql('grant:test') .with_command(%r{GRANT ALL ON TABLE "myschema"."mytable" TO\s* "test"}m) .with_unless(%r{SELECT 1 WHERE has_table_privilege\('test',\s*'myschema.mytable', 'INSERT'\)}m) end @@ -186,7 +190,7 @@ role: 'test', privilege: 'all', object_name: ['myschema', 'mytable'], - object_type: 'table', + object_type: 'table' } end @@ -200,9 +204,10 @@ class {'postgresql::server':} it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__grant('test') } it { is_expected.to contain_postgresql__server__role('test') } + it do - is_expected.to contain_postgresql_psql('grant:test') \ - .that_requires(['Service[postgresqld]', 'Postgresql::Server::Role[test]']) + expect(subject).to contain_postgresql_psql('grant:test') \ + .that_requires(['Service[postgresqld_instance_main]', 'Postgresql::Server::Role[test]']) end end @@ -213,7 +218,7 @@ class {'postgresql::server':} role: 'PUBLIC', privilege: 'all', object_name: ['myschema', 'mytable'], - object_type: 'table', + object_type: 'table' } end @@ -227,8 +232,9 @@ class {'postgresql::server':} it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__grant('test') } it { is_expected.to contain_postgresql__server__role('test') } + it do - is_expected.to contain_postgresql_psql('grant:test') + expect(subject).to contain_postgresql_psql('grant:test') .with_command(%r{GRANT ALL ON TABLE "myschema"."mytable" TO\s* PUBLIC}m) .with_unless(%r{SELECT 1 WHERE has_table_privilege\('public',\s*'myschema.mytable', 'INSERT'\)}m) end @@ -242,7 +248,7 @@ class {'postgresql::server':} privilege: 'execute', object_name: 'test', object_arguments: ['text', 'boolean'], - object_type: 'function', + object_type: 'function' } end @@ -252,8 +258,9 @@ class {'postgresql::server':} it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__grant('test') } + it do - is_expected.to contain_postgresql_psql('grant:test') + expect(subject).to contain_postgresql_psql('grant:test') .with_command(%r{GRANT EXECUTE ON FUNCTION test\(text,boolean\) TO\s* "test"}m) .with_unless(%r{SELECT 1 WHERE has_function_privilege\('test',\s* 'test\(text,boolean\)', 'EXECUTE'\)}m) end @@ -267,7 +274,7 @@ class {'postgresql::server':} privilege: 'execute', object_name: ['myschema', 'test'], object_arguments: ['text', 'boolean'], - object_type: 'function', + object_type: 'function' } end @@ -277,8 +284,9 @@ class {'postgresql::server':} it { is_expected.to compile.with_all_deps } it { is_expected.to contain_postgresql__server__grant('test') } + it do - is_expected.to contain_postgresql_psql('grant:test') + expect(subject).to contain_postgresql_psql('grant:test') .with_command(%r{GRANT EXECUTE ON FUNCTION myschema.test\(text,boolean\) TO\s* "test"}m) .with_unless(%r{SELECT 1 WHERE has_function_privilege\('test',\s* 'myschema.test\(text,boolean\)', 'EXECUTE'\)}m) end @@ -298,7 +306,7 @@ class {'postgresql::server':} psql_user: 'postgres', psql_db: 'db', port: 1542, - connect_settings: {}, + connect_settings: {} } end @@ -312,7 +320,7 @@ class {'postgresql::server':} db: 'test', role: 'test', privilege: 'usage', - object_type: 'invalid', + object_type: 'invalid' } end @@ -330,7 +338,7 @@ class {'postgresql::server':} role: 'test', privilege: 'all', object_name: 1, - object_type: 'table', + object_type: 'table' } end @@ -348,7 +356,7 @@ class {'postgresql::server':} role: 'test', privilege: 'all', object_name: ['oops'], - object_type: 'table', + object_type: 'table' } end @@ -370,7 +378,7 @@ class {'postgresql::server':} role: 'test', privilege: 'all', object_name: ['myschema', 'mytable', 'oops'], - object_type: 'table', + object_type: 'table' } end @@ -384,4 +392,31 @@ class {'postgresql::server':} it { is_expected.to compile.and_raise_error(%r{parameter 'object_name' variant 0 expects size to be 2, got 3}) } end end + + context 'with specific schema name only if object exists' do + let :params do + { + db: 'test', + role: 'test', + privilege: 'all', + object_name: ['myschema', 'mytable'], + object_type: 'table', + onlyif_exists: true + } + end + + let :pre_condition do + "class {'postgresql::server':}" + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_postgresql__server__grant('test') } + + it do + expect(subject).to contain_postgresql_psql('grant:test') + .with_command(%r{GRANT ALL ON TABLE "myschema"."mytable" TO\s* "test"}m) + .with_unless(%r{SELECT 1 WHERE has_table_privilege\('test',\s*'myschema.mytable', 'INSERT'\)}m) + .with_onlyif(%r{SELECT true FROM pg_tables WHERE tablename = 'mytable'}m) + end + end end diff --git a/spec/defines/server/instance/config.rb b/spec/defines/server/instance/config.rb new file mode 100644 index 0000000000..aeab03dee2 --- /dev/null +++ b/spec/defines/server/instance/config.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'postgresql::server::instance::config' do + let(:title) { 'main' } + + on_supported_os.each do |os, os_facts| + context "on #{os}" do + let :facts do + os_facts + end + + let :pre_condition do + "class {'postgresql::server':}" + end + + context 'with defaults from config_class' do + it { is_expected.to compile.with_all_deps } + end + end + end +end diff --git a/spec/defines/server/instance/initdb.rb b/spec/defines/server/instance/initdb.rb new file mode 100644 index 0000000000..7b94bba521 --- /dev/null +++ b/spec/defines/server/instance/initdb.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'postgresql::server::instance::initdb' do + let(:title) { 'main' } + + on_supported_os.each do |os, os_facts| + context "on #{os}" do + let :facts do + os_facts + end + + let :pre_condition do + "class {'postgresql::server':}" + end + + context 'with defaults from initdb class' do + it { is_expected.to compile.with_all_deps } + end + end + end +end diff --git a/spec/defines/server/instance/late_initdb.rb b/spec/defines/server/instance/late_initdb.rb new file mode 100644 index 0000000000..354a410f6f --- /dev/null +++ b/spec/defines/server/instance/late_initdb.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'postgresql::server::instance::late_initdb' do + let(:title) { 'main' } + + on_supported_os.each do |os, os_facts| + context "on #{os}" do + let :facts do + os_facts + end + + let :pre_condition do + "class {'postgresql::initdb':}" + end + + context 'with defaults from initdb class' do + it { is_expected.to compile.with_all_deps } + end + end + end +end diff --git a/spec/defines/server/instance/passwd.rb b/spec/defines/server/instance/passwd.rb new file mode 100644 index 0000000000..74ad978be2 --- /dev/null +++ b/spec/defines/server/instance/passwd.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'postgresql::server::instance::passwd' do + let(:title) { 'main' } + + on_supported_os.each do |os, os_facts| + context "on #{os}" do + let :facts do + os_facts + end + + let :pre_condition do + "class {'postgresql::server':}" + end + + context 'with defaults from passwd class' do + it { is_expected.to compile.with_all_deps } + end + end + end +end diff --git a/spec/defines/server/instance/reload.rb b/spec/defines/server/instance/reload.rb new file mode 100644 index 0000000000..2b37638401 --- /dev/null +++ b/spec/defines/server/instance/reload.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'postgresql::server::instance::reload' do + let(:title) { 'main' } + + on_supported_os.each do |os, os_facts| + context "on #{os}" do + let :facts do + os_facts + end + + let :pre_condition do + "class {'postgresql::server':}" + end + + context 'with defaults from server class' do + it { is_expected.to compile.with_all_deps } + end + end + end +end diff --git a/spec/defines/server/instance/service.rb b/spec/defines/server/instance/service.rb new file mode 100644 index 0000000000..ef5ad5f1e9 --- /dev/null +++ b/spec/defines/server/instance/service.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'postgresql::server::instance::service' do + let(:title) { 'main' } + + on_supported_os.each do |os, os_facts| + context "on #{os}" do + let :facts do + os_facts + end + + let :pre_condition do + "class {'postgresql::server':}" + end + + context 'with defaults from service class' do + it { is_expected.to compile.with_all_deps } + end + end + end +end diff --git a/spec/defines/server/pg_hba_rule_spec.rb b/spec/defines/server/pg_hba_rule_spec.rb index 28b985a001..7d1187001c 100644 --- a/spec/defines/server/pg_hba_rule_spec.rb +++ b/spec/defines/server/pg_hba_rule_spec.rb @@ -25,12 +25,12 @@ class { 'postgresql::server': } user: 'all', address: '1.1.1.1/24', auth_method: 'md5', - target: target, + target: target } end it do - is_expected.to contain_concat__fragment('pg_hba_rule_test').with(content: %r{host\s+all\s+all\s+1\.1\.1\.1\/24\s+md5}) + expect(subject).to contain_concat__fragment('pg_hba_rule_test').with(content: %r{host\s+all\s+all\s+1\.1\.1\.1/24\s+md5}) end end @@ -47,12 +47,12 @@ class { 'postgresql::server': } database: 'all', user: 'all', auth_method: 'ident', - target: target, + target: target } end it do - is_expected.to contain_concat__fragment('pg_hba_rule_test').with(content: %r{local\s+all\s+all\s+ident}) + expect(subject).to contain_concat__fragment('pg_hba_rule_test').with(content: %r{local\s+all\s+all\s+ident}) end end @@ -71,12 +71,12 @@ class { 'postgresql::server': } address: '0.0.0.0/0', auth_method: 'ldap', auth_option: 'foo=bar', - target: target, + target: target } end it do - is_expected.to contain_concat__fragment('pg_hba_rule_test').with(content: %r{host\s+all\s+all\s+0\.0\.0\.0\/0\s+ldap\s+foo=bar}) + expect(subject).to contain_concat__fragment('pg_hba_rule_test').with(content: %r{host\s+all\s+all\s+0\.0\.0\.0/0\s+ldap\s+foo=bar}) end end @@ -98,13 +98,13 @@ class { 'postgresql::server': } user: 'all', address: '0.0.0.0/0', auth_method: 'peer', - target: target, + target: target } end it do - is_expected.to contain_concat__fragment('pg_hba_rule_test').with( - content: %r{local\s+all\s+all\s+0\.0\.0\.0\/0\s+peer}, + expect(subject).to contain_concat__fragment('pg_hba_rule_test').with( + content: %r{local\s+all\s+all\s+0\.0\.0\.0/0\s+peer}, ) end end @@ -126,13 +126,13 @@ class { 'postgresql::server': } user: 'all', address: '0.0.0.0/0', auth_method: 'scram-sha-256', - target: target, + target: target } end it do - is_expected.to contain_concat__fragment('pg_hba_rule_test').with( - content: %r{local\s+all\s+all\s+0\.0\.0\.0\/0\s+scram-sha-256}, + expect(subject).to contain_concat__fragment('pg_hba_rule_test').with( + content: %r{local\s+all\s+all\s+0\.0\.0\.0/0\s+scram-sha-256}, ) end end @@ -151,12 +151,12 @@ class { 'postgresql::server': } type: 'local', database: 'all', user: 'all', - auth_method: 'ident', + auth_method: 'ident' } end it do - is_expected.to contain_concat__fragment('pg_hba_rule_test').with(order: '150') + expect(subject).to contain_concat__fragment('pg_hba_rule_test').with(order: '150') end end @@ -173,12 +173,12 @@ class { 'postgresql::server': } database: 'all', user: 'all', auth_method: 'ident', - order: '12', + order: '12' } end it do - is_expected.to contain_concat__fragment('pg_hba_rule_test').with(order: '12') + expect(subject).to contain_concat__fragment('pg_hba_rule_test').with(order: '12') end end @@ -195,12 +195,12 @@ class { 'postgresql::server': } database: 'all', user: 'all', auth_method: 'ident', - order: 12, + order: 12 } end it do - is_expected.to contain_concat__fragment('pg_hba_rule_test').with(order: '012') + expect(subject).to contain_concat__fragment('pg_hba_rule_test').with(order: '012') end end @@ -217,13 +217,57 @@ class { 'postgresql::server': } database: 'all', user: 'all', auth_method: 'ident', - order: 1234, + order: 1234 } end it do - is_expected.to contain_concat__fragment('pg_hba_rule_test').with(order: '1234') + expect(subject).to contain_concat__fragment('pg_hba_rule_test').with(order: '1234') end end + + context 'pg_hba_rule with dot domain' do + let :pre_condition do + <<-MANIFEST + class { 'postgresql::server': } + MANIFEST + end + + let :params do + { + type: 'host', + database: 'all', + user: 'all', + address: '.domain.tld', + auth_method: 'md5', + target: target + } + end + + it do + expect(subject).to contain_concat__fragment('pg_hba_rule_test').with(content: %r{host\s+all\s+all\s+\.domain\.tld\s+md5}) + end + end + + context 'pg_hba_rule with illegal address' do + let :pre_condition do + <<-MANIFEST + class { 'postgresql::server': } + MANIFEST + end + + let :params do + { + type: 'host', + database: 'all', + user: 'all', + address: '/45', + auth_method: 'md5', + target: target + } + end + + it { is_expected.to compile.and_raise_error(%r{parameter 'address' expects a Postgresql::Pg_hba_rule_address}) } + end end end diff --git a/spec/defines/server/pg_ident_rule_spec.rb b/spec/defines/server/pg_ident_rule_spec.rb index 107e7e6191..77ebb61c84 100644 --- a/spec/defines/server/pg_ident_rule_spec.rb +++ b/spec/defines/server/pg_ident_rule_spec.rb @@ -25,14 +25,15 @@ class { 'postgresql::server': } { map_name: 'thatsmymap', system_username: 'systemuser', - database_username: 'dbuser', + database_username: 'dbuser' } end it do - is_expected.to contain_concat__fragment('pg_ident_rule_test').with(content: %r{thatsmymap\s+systemuser\s+dbuser}) + expect(subject).to contain_concat__fragment('pg_ident_rule_test').with(content: %r{thatsmymap\s+systemuser\s+dbuser}) end end + context 'not managing pg_ident' do let :pre_condition do <<-MANIFEST @@ -46,7 +47,7 @@ class { 'postgresql::server': } { map_name: 'thatsmymap', system_username: 'systemuser', - database_username: 'dbuser', + database_username: 'dbuser' } end diff --git a/spec/defines/server/reassign_owned_by_spec.rb b/spec/defines/server/reassign_owned_by_spec.rb index db6e68a114..40ca579aaa 100644 --- a/spec/defines/server/reassign_owned_by_spec.rb +++ b/spec/defines/server/reassign_owned_by_spec.rb @@ -13,7 +13,7 @@ { db: 'test', old_role: 'test_old_role', - new_role: 'test_new_role', + new_role: 'test_new_role' } end @@ -28,9 +28,9 @@ class {'postgresql::server':} it { is_expected.to contain_postgresql__server__reassign_owned_by('test') } it { - is_expected.to contain_postgresql_psql('reassign_owned_by:test:REASSIGN OWNED BY "test_old_role" TO "test_new_role"') + expect(subject).to contain_postgresql_psql('reassign_owned_by:test:REASSIGN OWNED BY "test_old_role" TO "test_new_role"') .with_command('REASSIGN OWNED BY "test_old_role" TO "test_new_role"') .with_onlyif(%r{SELECT tablename FROM pg_catalog.pg_tables WHERE\s*schemaname NOT IN \('pg_catalog', 'information_schema'\) AND\s*tableowner = 'test_old_role'.*}m) - .that_requires('Service[postgresqld]') + .that_requires('Service[postgresqld_instance_main]') } end diff --git a/spec/defines/server/recovery_spec.rb b/spec/defines/server/recovery_spec.rb index e8ab5c9b08..0fc24f233f 100644 --- a/spec/defines/server/recovery_spec.rb +++ b/spec/defines/server/recovery_spec.rb @@ -24,15 +24,16 @@ class { 'postgresql::server': } let(:params) do { restore_command: 'restore_command', - recovery_target_timeline: 'recovery_target_timeline', + recovery_target_timeline: 'recovery_target_timeline' } end it do - is_expected.to contain_concat__fragment('recovery.conf') - .with(content: %r{restore_command = 'restore_command'[\n]+recovery_target_timeline = 'recovery_target_timeline'}) + expect(subject).to contain_concat__fragment('test-recovery.conf') + .with(content: %r{restore_command = 'restore_command'\n+recovery_target_timeline = 'recovery_target_timeline'}) end end + context 'not managing recovery' do let(:pre_condition) do <<-MANIFEST @@ -44,7 +45,7 @@ class { 'postgresql::server': } end let(:params) do { - restore_command: '', + restore_command: '' } end @@ -53,6 +54,7 @@ class { 'postgresql::server': } %r{postgresql::server::manage_recovery_conf has been disabled}) end end + context 'not managing recovery, missing param' do let(:pre_condition) do <<-MANIFEST @@ -95,13 +97,13 @@ class { 'postgresql::server': } primary_conninfo: 'primary_conninfo', primary_slot_name: 'primary_slot_name', trigger_file: 'trigger_file', - recovery_min_apply_delay: 0, + recovery_min_apply_delay: 0 } end it do - is_expected.to contain_concat__fragment('recovery.conf') - .with(content: %r{restore_command = 'restore_command'[\n]+archive_cleanup_command = 'archive_cleanup_command'[\n]+recovery_end_command = 'recovery_end_command'[\n]+recovery_target_name = 'recovery_target_name'[\n]+recovery_target_time = 'recovery_target_time'[\n]+recovery_target_xid = 'recovery_target_xid'[\n]+recovery_target_inclusive = true[\n]+recovery_target = 'recovery_target'[\n]+recovery_target_timeline = 'recovery_target_timeline'[\n]+pause_at_recovery_target = true[\n]+standby_mode = on[\n]+primary_conninfo = 'primary_conninfo'[\n]+primary_slot_name = 'primary_slot_name'[\n]+trigger_file = 'trigger_file'[\n]+recovery_min_apply_delay = 0[\n]+}) # rubocop:disable Layout/LineLength + expect(subject).to contain_concat__fragment('test-recovery.conf') + .with(content: %r{restore_command = 'restore_command'\n+archive_cleanup_command = 'archive_cleanup_command'\n+recovery_end_command = 'recovery_end_command'\n+recovery_target_name = 'recovery_target_name'\n+recovery_target_time = 'recovery_target_time'\n+recovery_target_xid = 'recovery_target_xid'\n+recovery_target_inclusive = true\n+recovery_target = 'recovery_target'\n+recovery_target_timeline = 'recovery_target_timeline'\n+pause_at_recovery_target = true\n+standby_mode = on\n+primary_conninfo = 'primary_conninfo'\n+primary_slot_name = 'primary_slot_name'\n+trigger_file = 'trigger_file'\n+recovery_min_apply_delay = 0\n+}) # rubocop:disable Layout/LineLength end end end diff --git a/spec/defines/server/role_spec.rb b/spec/defines/server/role_spec.rb index 19c649ee22..0d924a345e 100644 --- a/spec/defines/server/role_spec.rb +++ b/spec/defines/server/role_spec.rb @@ -16,48 +16,60 @@ context 'with Password Datatype String' do let :params do { - password_hash: 'new-pa$s', + password_hash: 'new-pa$s' } end it { is_expected.to contain_postgresql__server__role('test') } + it 'has create role for "test" user with password as ****' do - is_expected.to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****') - .with('command' => 'Sensitive [value redacted]', - 'sensitive' => 'true', - 'unless' => "SELECT 1 FROM pg_roles WHERE rolname = 'test'", - 'port' => '5432') + expect(subject).to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****') + .with( + 'command' => sensitive(%(CREATE ROLE "test" ENCRYPTED PASSWORD 'new-pa$s' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER CONNECTION LIMIT -1)), + 'sensitive' => 'true', + 'unless' => "SELECT 1 FROM pg_roles WHERE rolname = 'test'", + 'port' => '5432', + ) end + it 'has alter role for "test" user with password as ****' do - is_expected.to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') - .with('command' => 'Sensitive [value redacted]', - 'sensitive' => 'true', - 'unless' => 'Sensitive [value redacted]', - 'port' => '5432') + expect(subject).to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') + .with( + 'command' => sensitive(%(ALTER ROLE "test" ENCRYPTED PASSWORD 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'sensitive' => 'true', + 'unless' => sensitive(%(SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'port' => '5432', + ) end end context 'with Password Datatype Sensitive[String]' do let :params do { - password_hash: sensitive('new-pa$s'), + password_hash: sensitive('new-pa$s') } end it { is_expected.to contain_postgresql__server__role('test') } + it 'has create role for "test" user with password as ****' do - is_expected.to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****') - .with('command' => 'Sensitive [value redacted]', - 'sensitive' => 'true', - 'unless' => "SELECT 1 FROM pg_roles WHERE rolname = 'test'", - 'port' => '5432') + expect(subject).to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****') + .with( + 'command' => sensitive(%(CREATE ROLE "test" ENCRYPTED PASSWORD 'new-pa$s' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER CONNECTION LIMIT -1)), + 'sensitive' => 'true', + 'unless' => "SELECT 1 FROM pg_roles WHERE rolname = 'test'", + 'port' => '5432', + ) end + it 'has alter role for "test" user with password as ****' do - is_expected.to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') - .with('command' => 'Sensitive [value redacted]', - 'sensitive' => 'true', - 'unless' => 'Sensitive [value redacted]', - 'port' => '5432') + expect(subject).to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') + .with( + 'command' => sensitive(%(ALTER ROLE "test" ENCRYPTED PASSWORD 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'sensitive' => 'true', + 'unless' => sensitive(%(SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'port' => '5432', + ) end end @@ -65,10 +77,12 @@ let :params do { password_hash: 'new-pa$s', - connect_settings: { 'PGHOST' => 'postgres-db-server', - 'DBVERSION' => '9.1', - 'PGUSER' => 'login-user', - 'PGPASSWORD' => 'login-pass' }, + connect_settings: { + 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGUSER' => 'login-user', + 'PGPASSWORD' => 'login-pass' + } } end @@ -77,21 +91,37 @@ end it { is_expected.to contain_postgresql__server__role('test') } + it 'has create role for "test" user with password as ****' do - is_expected.to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****') - .with_command('Sensitive [value redacted]') - .with_sensitive('true') - .with_unless("SELECT 1 FROM pg_roles WHERE rolname = 'test'") - .with_port(5432) - .with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', 'PGUSER' => 'login-user', 'PGPASSWORD' => 'login-pass') - .that_requires('Service[postgresqld]') + expect(subject).to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****') + .with( + 'command' => sensitive(%(CREATE ROLE "test" ENCRYPTED PASSWORD 'new-pa$s' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER CONNECTION LIMIT -1)), + 'sensitive' => 'true', + 'unless' => "SELECT 1 FROM pg_roles WHERE rolname = 'test'", + 'port' => 5432, + 'connect_settings' => { + 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGUSER' => 'login-user', + 'PGPASSWORD' => 'login-pass' + }, + ).that_requires('Service[postgresqld_instance_main]') end + it 'has alter role for "test" user with password as ****' do - is_expected.to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') - .with('command' => 'Sensitive [value redacted]', 'sensitive' => 'true', - 'unless' => 'Sensitive [value redacted]', 'port' => '5432', - 'connect_settings' => { 'PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', - 'PGUSER' => 'login-user', 'PGPASSWORD' => 'login-pass' }) + expect(subject).to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') + .with( + 'command' => sensitive(%(ALTER ROLE "test" ENCRYPTED PASSWORD 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'sensitive' => 'true', + 'unless' => sensitive(%(SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'port' => '5432', + 'connect_settings' => { + 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGUSER' => 'login-user', + 'PGPASSWORD' => 'login-pass' + }, + ) end end @@ -99,11 +129,13 @@ let :params do { password_hash: 'new-pa$s', - connect_settings: { 'PGHOST' => 'postgres-db-server', - 'DBVERSION' => '9.1', - 'PGPORT' => '1234', - 'PGUSER' => 'login-user', - 'PGPASSWORD' => 'login-pass' }, + connect_settings: { + 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGPORT' => '1234', + 'PGUSER' => 'login-user', + 'PGPASSWORD' => 'login-pass' + } } end @@ -112,19 +144,37 @@ end it { is_expected.to contain_postgresql__server__role('test') } + it 'has create role for "test" user with password as ****' do - is_expected.to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****') - .with('command' => 'Sensitive [value redacted]', - 'sensitive' => 'true', 'unless' => "SELECT 1 FROM pg_roles WHERE rolname = 'test'", - 'connect_settings' => { 'PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', - 'PGPORT' => '1234', 'PGUSER' => 'login-user', 'PGPASSWORD' => 'login-pass' }) + expect(subject).to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****') + .with( + 'command' => sensitive(%(CREATE ROLE "test" ENCRYPTED PASSWORD 'new-pa$s' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER CONNECTION LIMIT -1)), + 'sensitive' => 'true', + 'unless' => "SELECT 1 FROM pg_roles WHERE rolname = 'test'", + 'connect_settings' => { + 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGPORT' => '1234', + 'PGUSER' => 'login-user', + 'PGPASSWORD' => 'login-pass' + }, + ) end + it 'has alter role for "test" user with password as ****' do - is_expected.to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') - .with('command' => 'Sensitive [value redacted]', 'sensitive' => 'true', - 'unless' => 'Sensitive [value redacted]', - 'connect_settings' => { 'PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', - 'PGPORT' => '1234', 'PGUSER' => 'login-user', 'PGPASSWORD' => 'login-pass' }) + expect(subject).to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') + .with( + 'command' => sensitive(%(ALTER ROLE "test" ENCRYPTED PASSWORD 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'sensitive' => 'true', + 'unless' => sensitive(%(SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'connect_settings' => { + 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGPORT' => '1234', + 'PGUSER' => 'login-user', + 'PGPASSWORD' => 'login-pass' + }, + ) end end @@ -132,7 +182,7 @@ let :params do { password_hash: 'new-pa$s', - update_password: false, + update_password: false } end @@ -141,14 +191,171 @@ end it 'does not have alter role for "test" user with password as **** if update_password is false' do - is_expected.not_to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') + expect(subject).not_to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') + end + end + + context 'with version >= 14' do + let :pre_condition do + <<-CONDITION + class { 'postgresql::globals': + version => '14', + } + -> class { 'postgresql::server': } + CONDITION + end + + let :params do + { + password_hash: 'new-pa$s' + } + end + + it 'use "scram-sha-256" passwords' do + expect(subject).to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') + .with( + 'command' => sensitive(%(ALTER ROLE "test" ENCRYPTED PASSWORD 'SCRAM-SHA-256$4096:dGVzdA==$ouY1SZtT3yAonoIzvLCooZPtHkO7WigotDMNWL/xSms=:wEl4ewQJMRO2W5lHfiDvtlbmPcHnF0J1iBe6l82YnrQ=')), + 'sensitive' => 'true', + 'unless' => sensitive( + %(SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'SCRAM-SHA-256$4096:dGVzdA==$ouY1SZtT3yAonoIzvLCooZPtHkO7WigotDMNWL/xSms=:wEl4ewQJMRO2W5lHfiDvtlbmPcHnF0J1iBe6l82YnrQ='), + ), + ) + end + end + + context 'with password_encryption "scram-sha-256"' do + let :pre_condition do + <<-CONDITION + class { 'postgresql::server': + password_encryption => 'scram-sha-256', + } + CONDITION + end + + let :params do + { + password_hash: 'new-pa$s', + connect_settings: { + 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGPORT' => '1234', + 'PGUSER' => 'login-user', + 'PGPASSWORD' => 'login-pass' + } + } + end + + it 'is expect to use "scram-sha-256" hashed password' do + expect(subject).to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') + .with( + 'command' => sensitive(%(ALTER ROLE "test" ENCRYPTED PASSWORD 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'sensitive' => 'true', + 'unless' => sensitive(%(SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'connect_settings' => { + 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGPORT' => '1234', + 'PGUSER' => 'login-user', + 'PGPASSWORD' => 'login-pass' + }, + ) + end + end + + context 'with password_encryption "scram-sha-256" and older DBVERSION in connect_settings' do + let :pre_condition do + <<-CONDITION + class { 'postgresql::server': + password_encryption => 'scram-sha-256', + } + CONDITION + end + + let :params do + { + password_hash: 'new-pa$s', + connect_settings: { + 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGPORT' => '1234', + 'PGUSER' => 'login-user', + 'PGPASSWORD' => 'login-pass' + } + } + end + + it 'is expect to use "md5" hashed password' do + expect(subject).to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') + .with( + 'command' => sensitive(%(ALTER ROLE "test" ENCRYPTED PASSWORD 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'sensitive' => 'true', + 'unless' => sensitive(%(SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'connect_settings' => { + 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGPORT' => '1234', + 'PGUSER' => 'login-user', + 'PGPASSWORD' => 'login-pass' + }, + ) + end + end + + context 'with password_encryption "scram-sha-256" and set hash type "md5"' do + let :pre_condition do + <<-CONDITION + class { 'postgresql::server': + password_encryption => 'scram-sha-256', + } + CONDITION + end + + let :params do + { + password_hash: 'new-pa$s', + hash: 'md5' + } + end + + it 'is expect to use "md5" hashed password' do + expect(subject).to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') + .with( + 'command' => sensitive(%(ALTER ROLE "test" ENCRYPTED PASSWORD 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'sensitive' => 'true', + 'unless' => sensitive(%(SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + ) + end + end + + context 'with password_encryption "scram-sha-256" and "md5" hashed password' do + let :pre_condition do + <<-CONDITION + class { 'postgresql::server': + password_encryption => 'scram-sha-256', + } + CONDITION + end + + let :params do + { + password_hash: 'md5b6f7fcbbabb4befde4588a26c1cfd2fa' + } + end + + it 'is expect to use definded "md5" password_hash' do + expect(subject).to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****') + .with( + 'command' => sensitive(%(ALTER ROLE "test" ENCRYPTED PASSWORD 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + 'sensitive' => 'true', + 'unless' => sensitive(%(SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa')), + ) end end context 'with ensure set to absent' do let :params do { - ensure: 'absent', + ensure: 'absent' } end @@ -157,7 +364,7 @@ end it 'has drop role for "test" user if ensure absent' do - is_expected.to contain_postgresql_psql('DROP ROLE "test"').that_requires('Service[postgresqld]') + expect(subject).to contain_postgresql_psql('DROP ROLE "test"').that_requires('Service[postgresqld_instance_main]') end end @@ -170,16 +377,18 @@ let :params do { password_hash: 'new-pa$s', - connect_settings: { 'PGHOST' => 'postgres-db-server', - 'DBVERSION' => '9.1', - 'PGPORT' => '1234', - 'PGUSER' => 'login-user', - 'PGPASSWORD' => 'login-pass' }, + connect_settings: { + 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGPORT' => '1234', + 'PGUSER' => 'login-user', + 'PGPASSWORD' => 'login-pass' + }, psql_user: 'postgresql', psql_group: 'postgresql', psql_path: '/usr/bin', module_workdir: '/tmp', - db: 'db', + db: 'db' } end diff --git a/spec/defines/server/schema_spec.rb b/spec/defines/server/schema_spec.rb index 8da588d67c..a7bbf28412 100644 --- a/spec/defines/server/schema_spec.rb +++ b/spec/defines/server/schema_spec.rb @@ -12,7 +12,7 @@ let :params do { owner: 'jane', - db: 'janedb', + db: 'janedb' } end @@ -26,7 +26,7 @@ let :params do { owner: 'nate', - db: 'natedb', + db: 'natedb' } end diff --git a/spec/defines/server/table_grant_spec.rb b/spec/defines/server/table_grant_spec.rb index 0fb0b86983..66c3624451 100644 --- a/spec/defines/server/table_grant_spec.rb +++ b/spec/defines/server/table_grant_spec.rb @@ -14,7 +14,7 @@ privilege: 'ALL', db: 'test', role: 'test', - table: 'foo', + table: 'foo' } end diff --git a/spec/defines/server/tablespace_spec.rb b/spec/defines/server/tablespace_spec.rb index f2dbfff732..4322961307 100644 --- a/spec/defines/server/tablespace_spec.rb +++ b/spec/defines/server/tablespace_spec.rb @@ -11,7 +11,7 @@ let :params do { - location: '/srv/data/foo', + location: '/srv/data/foo' } end @@ -21,13 +21,13 @@ it { is_expected.to contain_file('/srv/data/foo').with_ensure('directory') } it { is_expected.to contain_postgresql__server__tablespace('test') } - it { is_expected.to contain_postgresql_psql('CREATE TABLESPACE "test"').that_requires('Service[postgresqld]') } + it { is_expected.to contain_postgresql_psql('CREATE TABLESPACE "test"').that_requires('Service[postgresqld_instance_main]') } context 'with different owner' do let :params do { location: '/srv/data/foo', - owner: 'test_owner', + owner: 'test_owner' } end @@ -38,7 +38,7 @@ let :params do { location: '/srv/data/foo', - manage_location: false, + manage_location: false } end diff --git a/spec/defines/server_instance_spec.rb b/spec/defines/server_instance_spec.rb new file mode 100644 index 0000000000..89eadb06c8 --- /dev/null +++ b/spec/defines/server_instance_spec.rb @@ -0,0 +1,223 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'postgresql::server_instance' do + include_examples 'RedHat 8' + + let :pre_condition do + "class { 'postgresql::globals': + encoding => 'UTF-8', + locale => 'en_US.UTF-8', + manage_package_repo => false, + manage_dnf_module => true, + needs_initdb => true, + version => '13', + } + # stop default main instance + class { 'postgresql::server': + service_ensure => 'stopped', + service_enable => false, + }" + end + let(:title) { 'test1' } + let(:params) do + { + 'instance_user': 'ins_test1', + 'instance_group': 'ins_test1', + 'instance_directories': { '/opt/pgsql': { 'ensure' => 'directory' }, + '/opt/pgsql/backup': { 'ensure' => 'directory' }, + '/opt/pgsql/data': { 'ensure' => 'directory' }, + '/opt/pgsql/data/13': { 'ensure' => 'directory' }, + '/opt/pgsql/data/home': { 'ensure' => 'directory' }, + '/opt/pgsql/wal': { 'ensure' => 'directory' }, + '/opt/pgsql/log': { 'ensure' => 'directory' }, + '/opt/pgsql/log/13': { 'ensure' => 'directory' }, + '/opt/pgsql/log/13/test1': { 'ensure' => 'directory' }, }, + 'config_settings': { 'pg_hba_conf_path' => '/opt/pgsql/data/13/test1/pg_hba.conf', + 'postgresql_conf_path' => '/opt/pgsql/data/13/test1/postgresql.conf', + 'pg_ident_conf_path' => '/opt/pgsql/data/13/test1/pg_ident.conf', + 'datadir' => '/opt/pgsql/data/13/test1', + 'service_name' => 'postgresql@13-test1', + 'port' => 5433, + 'pg_hba_conf_defaults' => false }, + 'service_settings': { 'service_name' => 'postgresql@13-test1', + 'service_status' => 'systemctl status postgresql@13-test1.service', + 'service_ensure' => 'running', + 'service_enable' => true }, + 'initdb_settings': { 'auth_local' => 'peer', + 'auth_host' => 'md5', + 'needs_initdb' => true, + 'datadir' => '/opt/pgsql/data/13/test1', + 'encoding' => 'UTF-8', + 'lc_messages' => 'en_US.UTF8', + 'locale' => 'en_US.UTF8', + 'data_checksums' => false, + 'group' => 'postgres', + 'user' => 'postgres', + 'username' => 'ins_test1' }, + 'config_entries': { 'authentication_timeout': { 'value' => '1min', + 'comment' => 'a test' }, + 'log_statement_stats': { 'value' => 'off' }, + 'autovacuum_vacuum_scale_factor': { 'value' => 0.3 }, }, + 'databases': { 'testdb1': { 'encoding' => 'UTF8', + 'locale' => 'en_US.UTF8', + 'owner' => 'dba_test1' }, + 'testdb2': { 'encoding' => 'UTF8', + 'locale' => 'en_US.UTF8', + 'owner' => 'dba_test1' }, }, + 'roles': { 'ins_test1': { 'superuser' => true, + 'login' => true, }, + 'dba_test1': { 'createdb' => true, + 'login' => true, }, + 'app_test1': { 'login' => true }, + 'rep_test1': { 'replication' => true, + 'login' => true }, + 'rou_test1': { 'login' => true }, }, + 'pg_hba_rules': { 'local all INSTANCE user': { 'type' => 'local', + 'database' => 'all', + 'user' => 'ins_test1', + 'auth_method' => 'peer', + 'order' => 1 }, + 'local all DB user': { 'type' => 'local', + 'database' => 'all', + 'user' => 'dba_test1', + 'auth_method' => 'peer', + 'order' => 2 }, + 'local all APP user': { 'type' => 'local', + 'database' => 'all', + 'user' => 'app_test1', + 'auth_method' => 'peer', + 'order' => 3 }, + 'local all READONLY user': { 'type' => 'local', + 'database' => 'all', + 'user' => 'rou_test1', + 'auth_method' => 'peer', + 'order' => 4 }, + 'remote all INSTANCE user PGADMIN server': { 'type' => 'host', + 'database' => 'all', + 'user' => 'ins_test1', + 'address' => '192.168.22.131/32', + 'auth_method' => 'md5', + 'order' => 5 }, + 'local replication INSTANCE user': { 'type' => 'local', + 'database' => 'replication', + 'user' => 'ins_test1', + 'auth_method' => 'peer', + 'order' => 6 }, + 'local replication REPLICATION user': { 'type' => 'local', + 'database' => 'replication', + 'user' => 'rep_test1', + 'auth_method' => 'peer', + 'order' => 7 }, }, + } + end + + context 'with postgresql instance test1' do + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_postgresql__server_instance('test1') } + it { is_expected.to contain_user('ins_test1') } + it { is_expected.to contain_group('ins_test1') } + it { is_expected.to contain_service('postgresqld_instance_test1').with_name('postgresql@13-test1').with_status('systemctl status postgresql@13-test1.service') } + it { is_expected.to contain_systemd__dropin_file('postgresql@13-test1.conf') } + it { is_expected.to contain_postgresql_conn_validator('validate_service_is_running_instance_test1') } + it { is_expected.to contain_postgresql_conf('port_for_instance_test1') } + it { is_expected.to contain_postgresql_conf('log_statement_stats_test1') } + it { is_expected.to contain_postgresql_conf('data_directory_for_instance_test1') } + it { is_expected.to contain_postgresql_conf('autovacuum_vacuum_scale_factor_test1') } + it { is_expected.to contain_postgresql_conf('authentication_timeout_test1') } + it { is_expected.to contain_postgresql__server__role('app_test1') } + it { is_expected.to contain_postgresql__server__role('dba_test1') } + it { is_expected.to contain_postgresql__server__role('ins_test1') } + it { is_expected.to contain_postgresql__server__role('rep_test1') } + it { is_expected.to contain_postgresql__server__role('rou_test1') } + it { is_expected.to contain_anchor('postgresql::server::service::begin::test1') } + it { is_expected.to contain_anchor('postgresql::server::service::end::test1') } + it { is_expected.to contain_class('Postgresql::Dnfmodule') } + it { is_expected.to contain_class('Postgresql::Server::Install') } + it { is_expected.to contain_class('Postgresql::Server::Reload') } + it { is_expected.to contain_concat__fragment('pg_hba_rule_local all APP user for instance test1') } + it { is_expected.to contain_concat__fragment('pg_hba_rule_local all DB user for instance test1') } + it { is_expected.to contain_concat__fragment('pg_hba_rule_local all INSTANCE user for instance test1') } + it { is_expected.to contain_concat__fragment('pg_hba_rule_local all READONLY user for instance test1') } + it { is_expected.to contain_concat__fragment('pg_hba_rule_local replication INSTANCE user for instance test1') } + it { is_expected.to contain_concat__fragment('pg_hba_rule_local replication REPLICATION user for instance test1') } + it { is_expected.to contain_concat__fragment('pg_hba_rule_remote all INSTANCE user PGADMIN server for instance test1') } + it { is_expected.to contain_concat('/opt/pgsql/data/13/test1/pg_hba.conf') } + it { is_expected.to contain_concat('/opt/pgsql/data/13/test1/pg_ident.conf') } + it { is_expected.to contain_exec('postgresql_initdb_instance_test1') } + it { is_expected.to contain_file('/opt/pgsql/backup') } + it { is_expected.to contain_file('/opt/pgsql/data/13/test1/postgresql.conf') } + it { is_expected.to contain_file('/opt/pgsql/data/13/test1') } + it { is_expected.to contain_file('/opt/pgsql/data/13') } + it { is_expected.to contain_file('/opt/pgsql/data/home') } + it { is_expected.to contain_file('/opt/pgsql/data') } + it { is_expected.to contain_file('/opt/pgsql/log/13/test1') } + it { is_expected.to contain_file('/opt/pgsql/log/13') } + it { is_expected.to contain_file('/opt/pgsql/log') } + it { is_expected.to contain_file('/opt/pgsql/wal') } + it { is_expected.to contain_file('/opt/pgsql') } + it { is_expected.to contain_postgresql__server__config_entry('authentication_timeout_test1') } + it { is_expected.to contain_postgresql__server__config_entry('autovacuum_vacuum_scale_factor_test1') } + it { is_expected.to contain_postgresql__server__config_entry('data_directory_for_instance_test1') } + it { is_expected.to contain_postgresql__server__config_entry('log_statement_stats_test1') } + it { is_expected.to contain_postgresql__server__config_entry('password_encryption_for_instance_test1') } + it { is_expected.to contain_postgresql__server__config_entry('port_for_instance_test1') } + it { is_expected.to contain_postgresql__server__database('testdb1') } + it { is_expected.to contain_postgresql__server__database('testdb2') } + it { is_expected.to contain_postgresql__server__instance__config('test1') } + it { is_expected.to contain_postgresql__server__instance__initdb('test1') } + it { is_expected.to contain_postgresql__server__instance__passwd('test1') } + it { is_expected.to contain_postgresql__server__instance__service('test1') } + it { is_expected.to contain_postgresql__server__instance__systemd('test1') } + it { is_expected.to contain_postgresql__server__pg_hba_rule('local all APP user for instance test1') } + it { is_expected.to contain_postgresql__server__pg_hba_rule('local all DB user for instance test1') } + it { is_expected.to contain_postgresql__server__pg_hba_rule('local all INSTANCE user for instance test1') } + it { is_expected.to contain_postgresql__server__pg_hba_rule('local all READONLY user for instance test1') } + it { is_expected.to contain_postgresql__server__pg_hba_rule('local replication INSTANCE user for instance test1') } + it { is_expected.to contain_postgresql__server__pg_hba_rule('local replication REPLICATION user for instance test1') } + it { is_expected.to contain_postgresql__server__pg_hba_rule('remote all INSTANCE user PGADMIN server for instance test1') } + it { is_expected.to contain_postgresql_psql('ALTER DATABASE "testdb1" OWNER TO "dba_test1"') } + it { is_expected.to contain_postgresql_psql('ALTER DATABASE "testdb2" OWNER TO "dba_test1"') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "app_test1" CONNECTION LIMIT -1') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "app_test1" INHERIT') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "app_test1" LOGIN') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "app_test1" NOCREATEDB') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "app_test1" NOCREATEROLE') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "app_test1" NOREPLICATION') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "app_test1" NOSUPERUSER') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "dba_test1" CONNECTION LIMIT -1') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "dba_test1" CREATEDB') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "dba_test1" INHERIT') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "dba_test1" LOGIN') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "dba_test1" NOCREATEROLE') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "dba_test1" NOREPLICATION') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "dba_test1" NOSUPERUSER') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "ins_test1" CONNECTION LIMIT -1') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "ins_test1" INHERIT') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "ins_test1" LOGIN') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "ins_test1" NOCREATEDB') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "ins_test1" NOCREATEROLE') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "ins_test1" NOREPLICATION') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "ins_test1" SUPERUSER') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rep_test1" CONNECTION LIMIT -1') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rep_test1" INHERIT') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rep_test1" LOGIN') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rep_test1" NOCREATEDB') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rep_test1" NOCREATEROLE') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rep_test1" NOSUPERUSER') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rep_test1" REPLICATION') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rou_test1" CONNECTION LIMIT -1') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rou_test1" INHERIT') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rou_test1" LOGIN') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rou_test1" NOCREATEDB') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rou_test1" NOCREATEROLE') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rou_test1" NOREPLICATION') } + it { is_expected.to contain_postgresql_psql('ALTER ROLE "rou_test1" NOSUPERUSER') } + it { is_expected.to contain_postgresql_psql('CREATE ROLE app_test1 ENCRYPTED PASSWORD ****') } + it { is_expected.to contain_postgresql_psql('CREATE ROLE dba_test1 ENCRYPTED PASSWORD ****') } + it { is_expected.to contain_postgresql_psql('CREATE ROLE ins_test1 ENCRYPTED PASSWORD ****') } + it { is_expected.to contain_postgresql_psql('CREATE ROLE rep_test1 ENCRYPTED PASSWORD ****') } + it { is_expected.to contain_postgresql_psql('CREATE ROLE rou_test1 ENCRYPTED PASSWORD ****') } + end +end diff --git a/spec/defines/validate_db_connection_spec.rb b/spec/defines/validate_db_connection_spec.rb deleted file mode 100644 index 757b41b040..0000000000 --- a/spec/defines/validate_db_connection_spec.rb +++ /dev/null @@ -1,62 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe 'postgresql::validate_db_connection' do - include_examples 'Debian 11' - - let :title do - 'test' - end - - describe 'should work with only default parameters' do - it { is_expected.to contain_postgresql__validate_db_connection('test') } - end - - describe 'should work with all parameters' do - let :params do - { - database_host: 'test', - database_name: 'test', - database_password: 'test', - database_username: 'test', - database_port: 5432, - run_as: 'postgresq', - sleep: 4, - tries: 30, - } - end - - it { is_expected.to contain_postgresql__validate_db_connection('test') } - - it 'has proper path for validate command' do - is_expected.to contain_exec('validate postgres connection for test@test:5432/test').with(unless: %r{^/usr/local/bin/validate_postgresql_connection.sh\s+\d+}) - end - end - - describe 'should work while specifying validate_connection in postgresql::client' do - let :params do - { - database_host: 'test', - database_name: 'test', - database_password: 'test', - database_username: 'test', - database_port: 5432, - } - end - - let :pre_condition do - <<-MANIFEST - class { 'postgresql::globals': - module_workdir => '/var/tmp', - } -> - class { 'postgresql::client': validcon_script_path => '/opt/something/validate.sh' } - MANIFEST - end - - it 'has proper path for validate command and correct cwd' do - is_expected.to contain_exec('validate postgres connection for test@test:5432/test').with(unless: %r{^/opt/something/validate.sh\s+\d+}, - cwd: '/var/tmp') - end - end -end diff --git a/spec/functions/postgresql_default_spec.rb b/spec/functions/postgresql_default_spec.rb new file mode 100644 index 0000000000..12ecde207e --- /dev/null +++ b/spec/functions/postgresql_default_spec.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'postgresql::default' do + let(:facts) do + { + 'os' => { + 'family' => 'Debian', + 'name' => 'Debian', + 'release' => { + 'full' => '11.7', + 'major' => '11', + 'minor' => '7', + } + } + } + end + + let(:pre_condition) do + <<~PP + class { 'postgresql::server': + } + PP + end + + # parameter in params.pp only + it { is_expected.to run.with_params('port').and_return(5432) } + + # parameter in globals.pp only + it { is_expected.to run.with_params('default_connect_settings').and_return({}) } + + it { is_expected.to run.with_params('a_parameter_that_does_not_exist').and_raise_error(Puppet::ParseError, %r{pick\(\): must receive at least one non empty value}) } +end diff --git a/spec/functions/postgresql_password_spec.rb b/spec/functions/postgresql_password_spec.rb index 0cd765d6b8..1c75c9b6f8 100644 --- a/spec/functions/postgresql_password_spec.rb +++ b/spec/functions/postgresql_password_spec.rb @@ -3,5 +3,7 @@ require 'spec_helper' describe 'postgresql_password' do + include_examples 'Ubuntu 18.04' + it_behaves_like 'postgresql_password function' end diff --git a/spec/functions/postgresql_postgresql_acls_to_resources_hash_spec.rb b/spec/functions/postgresql_postgresql_acls_to_resources_hash_spec.rb index 726bbdbbbd..386f01d3e4 100644 --- a/spec/functions/postgresql_postgresql_acls_to_resources_hash_spec.rb +++ b/spec/functions/postgresql_postgresql_acls_to_resources_hash_spec.rb @@ -3,109 +3,110 @@ require 'spec_helper' describe 'postgresql::postgresql_acls_to_resources_hash' do - it { is_expected.not_to eq(nil) } + it { is_expected.not_to be_nil } + context 'individual transform tests' do it do input = 'local all postgres ident' result = { 'postgresql class generated rule test 0' => { - 'type' => 'local', - 'database' => 'all', - 'user' => 'postgres', + 'type' => 'local', + 'database' => 'all', + 'user' => 'postgres', 'auth_method' => 'ident', - 'order' => '100', - }, + 'order' => '100' + } } - is_expected.to run.with_params([input], 'test', 100).and_return(result) + expect(subject).to run.with_params([input], 'test', 100).and_return(result) end it do input = 'local all root ident' result = { 'postgresql class generated rule test 0' => { - 'type' => 'local', - 'database' => 'all', - 'user' => 'root', + 'type' => 'local', + 'database' => 'all', + 'user' => 'root', 'auth_method' => 'ident', - 'order' => '100', - }, + 'order' => '100' + } } - is_expected.to run.with_params([input], 'test', 100).and_return(result) + expect(subject).to run.with_params([input], 'test', 100).and_return(result) end it do input_array = ['local all all ident'] result = { 'postgresql class generated rule test 0' => { - 'type' => 'local', - 'database' => 'all', - 'user' => 'all', + 'type' => 'local', + 'database' => 'all', + 'user' => 'all', 'auth_method' => 'ident', - 'order' => '100', - }, + 'order' => '100' + } } - is_expected.to run.with_params(input_array, 'test', 100).and_return(result) + expect(subject).to run.with_params(input_array, 'test', 100).and_return(result) end it do input = 'host all all 127.0.0.1/32 md5' result = { 'postgresql class generated rule test 0' => { - 'type' => 'host', - 'database' => 'all', - 'user' => 'all', - 'address' => '127.0.0.1/32', + 'type' => 'host', + 'database' => 'all', + 'user' => 'all', + 'address' => '127.0.0.1/32', 'auth_method' => 'md5', - 'order' => '100', - }, + 'order' => '100' + } } - is_expected.to run.with_params([input], 'test', 100).and_return(result) + expect(subject).to run.with_params([input], 'test', 100).and_return(result) end it do input = 'host all all 0.0.0.0/0 md5' result = { 'postgresql class generated rule test 0' => { - 'type' => 'host', - 'database' => 'all', - 'user' => 'all', - 'address' => '0.0.0.0/0', + 'type' => 'host', + 'database' => 'all', + 'user' => 'all', + 'address' => '0.0.0.0/0', 'auth_method' => 'md5', - 'order' => '100', - }, + 'order' => '100' + } } - is_expected.to run.with_params([input], 'test', 100).and_return(result) + expect(subject).to run.with_params([input], 'test', 100).and_return(result) end it do input = 'host all all ::1/128 md5' result = { 'postgresql class generated rule test 0' => { - 'type' => 'host', - 'database' => 'all', - 'user' => 'all', - 'address' => '::1/128', + 'type' => 'host', + 'database' => 'all', + 'user' => 'all', + 'address' => '::1/128', 'auth_method' => 'md5', - 'order' => '100', - }, + 'order' => '100' + } } - is_expected.to run.with_params([input], 'test', 100).and_return(result) + expect(subject).to run.with_params([input], 'test', 100).and_return(result) end it do input = 'host all all 1.1.1.1 255.255.255.0 md5' result = { 'postgresql class generated rule test 0' => { - 'type' => 'host', - 'database' => 'all', - 'user' => 'all', - 'address' => '1.1.1.1 255.255.255.0', + 'type' => 'host', + 'database' => 'all', + 'user' => 'all', + 'address' => '1.1.1.1 255.255.255.0', 'auth_method' => 'md5', - 'order' => '100', - }, + 'order' => '100' + } } - is_expected.to run.with_params([input], 'test', 100).and_return(result) + expect(subject).to run.with_params([input], 'test', 100).and_return(result) end it do @@ -114,37 +115,37 @@ 'postgresql class generated rule test 0' => { 'type' => 'host', 'database' => 'all', - 'user' => 'all', - 'address' => '1.1.1.1 255.255.255.0', + 'user' => 'all', + 'address' => '1.1.1.1 255.255.255.0', 'auth_method' => 'ldap', 'auth_option' => 'ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=example, dc=net"', - 'order' => '100', - }, + 'order' => '100' + } } - is_expected.to run.with_params([input], 'test', 100).and_return(result) + expect(subject).to run.with_params([input], 'test', 100).and_return(result) end end context 'error catching tests' do it do - is_expected.to run.with_params(['test'], 'test').and_raise_error(%r{expects 3 arguments, got 2}) + expect(subject).to run.with_params(['test'], 'test').and_raise_error(%r{expects 3 arguments, got 2}) end it do - is_expected.to run.with_params('test', 'test', 100).and_raise_error(%r{parameter 'acls' expects an Array value, got String}) + expect(subject).to run.with_params('test', 'test', 100).and_raise_error(%r{parameter 'acls' expects an Array value, got String}) end it do - is_expected.to run.with_params(['test'], 100, 'test').and_raise_error(%r{parameter 'id' expects a String value, got Integer}) + expect(subject).to run.with_params(['test'], 100, 'test').and_raise_error(%r{parameter 'id' expects a String value, got Integer}) end it do - is_expected.to run.with_params(['test'], 'test', 1).and_raise_error(%r{does not have enough parts}) + expect(subject).to run.with_params(['test'], 'test', 1).and_raise_error(%r{does not have enough parts}) end end it 'returns an empty hash when input is empty array' do - is_expected.to run.with_params([], 'test', 100).and_return({}) + expect(subject).to run.with_params([], 'test', 100).and_return({}) end end diff --git a/spec/functions/postgresql_postgresql_password_spec.rb b/spec/functions/postgresql_postgresql_password_spec.rb index d70feaf15b..d66e5afea9 100644 --- a/spec/functions/postgresql_postgresql_password_spec.rb +++ b/spec/functions/postgresql_postgresql_password_spec.rb @@ -3,5 +3,7 @@ require 'spec_helper' describe 'postgresql::postgresql_password' do + include_examples 'Ubuntu 18.04' + it_behaves_like 'postgresql_password function' end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 07db73426e..6820cebee7 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -25,8 +25,8 @@ next unless File.exist?(f) && File.readable?(f) && File.size?(f) begin - default_facts.merge!(YAML.safe_load(File.read(f), [], [], true)) - rescue => e + default_facts.merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true)) + rescue StandardError => e RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" end end diff --git a/spec/spec_helper_acceptance_local.rb b/spec/spec_helper_acceptance_local.rb index b0e8f5062f..4af007d09c 100644 --- a/spec/spec_helper_acceptance_local.rb +++ b/spec/spec_helper_acceptance_local.rb @@ -9,16 +9,12 @@ class LitmusHelper class String def unindent - gsub(%r{^#{scan(%r{^\s*}).min_by { |l| l.length }}}, '') + gsub(%r{^#{scan(%r{^\s*}).min_by(&:length)}}, '') end end RSpec.configure do |c| c.before :suite do - # Install iproute on AlmaLinux - # Package is used to check if ports are listening - LitmusHelper.instance.run_shell('sudo dnf install iproute -y') if %r{redhat}.match?(os[:family]) && os[:release].to_f >= 8 - install_dependencies end end @@ -41,32 +37,37 @@ def pre_run end def install_dependencies - iproute2 = <<-MANIFEST - package { 'iproute2': ensure => installed } - MANIFEST - LitmusHelper.instance.apply_manifest(iproute2) if os[:family] == 'ubuntu' && os[:release].start_with?('18.04') - - netstat = <<-MANIFEST - # needed for netstat, for serverspec checks - if $::osfamily == 'SLES' or $::osfamily == 'SUSE' { - package { 'net-tools-deprecated': - ensure => 'latest', + LitmusHelper.instance.apply_manifest <<~MANIFEST + if $facts['os']['name'] == 'Ubuntu' and $facts['os']['release']['major'] == '18.04' { + package { 'iproute2': + ensure => installed, + } } - } - MANIFEST - - LitmusHelper.instance.apply_manifest(netstat) - return unless os[:family] == 'redhat' && os[:release].start_with?('6', '7', '8') - - policycoreutils_pkg = 'policycoreutils-python' if os[:release].start_with?('6', '7') - policycoreutils_pkg = 'policycoreutils-python-utils' if os[:release].start_with?('8') + # needed for netstat, for serverspec checks + if $facts['os']['family'] in ['SLES', 'SUSE'] { + exec { 'Enable legacy repos': + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + command => 'SUSEConnect --product sle-module-legacy/15.5/x86_64', + unless => 'SUSEConnect --status-text | grep sle-module-legacy/15.5/x86_64', + } + + package { 'net-tools-deprecated': + ensure => 'latest', + } + } - selinux = <<-MANIFEST - package { '#{policycoreutils_pkg}': ensure => installed } + if $facts['os']['family'] == 'RedHat' { + if versioncmp($facts['os']['release']['major'], '8') >= 0 { + $package = ['iproute', 'policycoreutils-python-utils'] + } else { + $package = 'policycoreutils-python' + } + package { $package: + ensure => installed, + } + } MANIFEST - - LitmusHelper.instance.apply_manifest(selinux) end def postgresql_version @@ -90,7 +91,7 @@ def shellescape(str) # Treat multibyte characters as is. It is caller's responsibility # to encode the string in the right encoding for the shell # environment. - str.gsub!(%r{([^A-Za-z0-9_\-.,:\/@\n])}, '\\\\\\1') + str.gsub!(%r{([^A-Za-z0-9_\-.,:/@\n])}, '\\\\\\1') # A LF cannot be escaped with a backslash because a backslash + LF # combo is regarded as line continuation and simply ignored. diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb index abae652f9c..c9603be72a 100644 --- a/spec/spec_helper_local.rb +++ b/spec/spec_helper_local.rb @@ -45,79 +45,155 @@ def param(type, title, param) end shared_examples 'postgresql_password function' do - it { is_expected.not_to eq(nil) } + it { is_expected.not_to be_nil } it { - is_expected.to run.with_params('foo', 'bar').and_return( + expect(subject).to run.with_params('foo', 'bar').and_return( 'md596948aad3fcae80c08a35c9b5958cd89', ) } + it { - is_expected.to run.with_params('foo', 1234).and_return( + expect(subject).to run.with_params('foo', 1234).and_return( 'md539a0e1b308278a8de5e007cd1f795920', ) } + + it { + expect(subject).to run.with_params('foo', 'bar', true).and_return( + sensitive(%(md596948aad3fcae80c08a35c9b5958cd89)), + ) + } + it { - is_expected.to run.with_params('foo', 'bar', false, 'scram-sha-256').and_return( + expect(subject).to run.with_params('foo', 'bar', false, 'scram-sha-256').and_return( 'SCRAM-SHA-256$4096:Zm9v$ea66ynZ8cS9Ty4ZkEYicwC72StsKLSwjcXIXKMgepTk=:dJYmOU6BMCaWkQOB3lrXH9OAF3lW2n3NJ26NO7Srq7U=', ) } + + it { + expect(subject).to run.with_params('foo', 'bar', true, 'scram-sha-256').and_return( + sensitive(%(SCRAM-SHA-256$4096:Zm9v$ea66ynZ8cS9Ty4ZkEYicwC72StsKLSwjcXIXKMgepTk=:dJYmOU6BMCaWkQOB3lrXH9OAF3lW2n3NJ26NO7Srq7U=)), + ) + } + it { - is_expected.to run.with_params('foo', 'bar', false, 'scram-sha-256', 'salt').and_return( + expect(subject).to run.with_params('foo', 'bar', false, 'scram-sha-256', 'salt').and_return( 'SCRAM-SHA-256$4096:c2FsdA==$hl63wu9L6vKIjd/UGPfpRl/hIQRBnlkoCiJ9KgxzbX0=:3Q39uiwDZ51m3iPpV8rSgISgRiYqkbnpc+wScL2lSAU=', ) } + + it { + expect(subject).to run.with_params('foo', 'bar', true, 'scram-sha-256', 'salt').and_return( + sensitive(%(SCRAM-SHA-256$4096:c2FsdA==$hl63wu9L6vKIjd/UGPfpRl/hIQRBnlkoCiJ9KgxzbX0=:3Q39uiwDZ51m3iPpV8rSgISgRiYqkbnpc+wScL2lSAU=)), + ) + } + + it { + expect(subject).to run.with_params('foo', 'bar', false, nil, 'salt').and_return( + 'md596948aad3fcae80c08a35c9b5958cd89', + ) + } + + it { + expect(subject).to run.with_params('foo', 'bar', true, nil, 'salt').and_return( + sensitive(%(md596948aad3fcae80c08a35c9b5958cd89)), + ) + } + + it { + expect(subject).to run.with_params('foo', 'md596948aad3fcae80c08a35c9b5958cd89', false).and_return( + 'md596948aad3fcae80c08a35c9b5958cd89', + ) + } + + it { + expect(subject).to run.with_params('foo', sensitive(%(SCRAM-SHA-256$4096:c2FsdA==$hl63wu9L6vKIjd/UGPfpRl/hIQRBnlkoCiJ9KgxzbX0=:3Q39uiwDZ51m3iPpV8rSgISgRiYqkbnpc+wScL2lSAU=)), true).and_return( + sensitive(%(SCRAM-SHA-256$4096:c2FsdA==$hl63wu9L6vKIjd/UGPfpRl/hIQRBnlkoCiJ9KgxzbX0=:3Q39uiwDZ51m3iPpV8rSgISgRiYqkbnpc+wScL2lSAU=)), + ) + } + + it { + expect(subject).to run.with_params('foo', sensitive('md596948aad3fcae80c08a35c9b5958cd89'), false).and_return( + 'md596948aad3fcae80c08a35c9b5958cd89', + ) + } + it 'raises an error if there is only 1 argument' do - is_expected.to run.with_params('foo').and_raise_error(StandardError) + expect(subject).to run.with_params('foo').and_raise_error(StandardError) end end shared_examples 'postgresql_escape function' do - it { is_expected.not_to eq(nil) } + it { is_expected.not_to be_nil } + it { - is_expected.to run.with_params('foo') - .and_return('$$foo$$') + expect(subject).to run.with_params('foo') + .and_return('$$foo$$') } + it { - is_expected.to run.with_params('fo$$o') - .and_return('$ed$fo$$o$ed$') + expect(subject).to run.with_params('fo$$o') + .and_return('$ed$fo$$o$ed$') } + it { - is_expected.to run.with_params('foo$') - .and_return('$a$foo$$a$') + expect(subject).to run.with_params('foo$') + .and_return('$a$foo$$a$') } + it 'raises an error if there is more than 1 argument' do - is_expected.to run.with_params(['foo'], ['foo']) - .and_raise_error(StandardError) + expect(subject).to run.with_params(['foo'], ['foo']) + .and_raise_error(StandardError) end end -shared_context 'Debian 9' do - let(:facts) { on_supported_os['debian-9-x86_64'].merge(service_provider: 'systemd') } +# This duplicates spec_helper but we need it for add_custom_fact +include RspecPuppetFacts +# Rough conversion of grepping in the puppet source: +# grep defaultfor lib/puppet/provider/service/*.rb +# See https://github.com/voxpupuli/voxpupuli-test/blob/master/lib/voxpupuli/test/facts.rb +add_custom_fact :service_provider, ->(_os, facts) do + case facts[:osfamily].downcase + when 'archlinux', 'debian' + 'systemd' + when 'darwin' + 'launchd' + when 'freebsd' + 'freebsd' + when 'gentoo' + 'openrc' + when 'openbsd' + 'openbsd' + when 'redhat' + (facts[:operatingsystemrelease].to_i >= 7) ? 'systemd' : 'redhat' + when 'suse' + (facts[:operatingsystemmajrelease].to_i >= 12) ? 'systemd' : 'redhat' + when 'windows' + 'windows' + else + 'init' + end end shared_context 'Debian 10' do - let(:facts) { on_supported_os['debian-10-x86_64'].merge(service_provider: 'systemd') } + let(:facts) { on_supported_os['debian-10-x86_64'] } end shared_context 'Debian 11' do - let(:facts) { on_supported_os['debian-11-x86_64'].merge(service_provider: 'systemd') } + let(:facts) { on_supported_os['debian-11-x86_64'] } end shared_context 'Ubuntu 18.04' do - let(:facts) { on_supported_os['ubuntu-18.04-x86_64'].merge(service_provider: 'systemd') } -end - -shared_context 'RedHat 6' do - let(:facts) { on_supported_os['redhat-6-x86_64'].merge(service_provider: 'redhat') } + let(:facts) { on_supported_os['ubuntu-18.04-x86_64'] } end shared_context 'RedHat 7' do - let(:facts) { on_supported_os['redhat-7-x86_64'].merge(service_provider: 'systemd') } + let(:facts) { on_supported_os['redhat-7-x86_64'] } end shared_context 'RedHat 8' do - let(:facts) { on_supported_os['redhat-8-x86_64'].merge(service_provider: 'systemd') } + let(:facts) { on_supported_os['redhat-8-x86_64'] } end shared_context 'Fedora 33' do @@ -129,19 +205,19 @@ def param(type, title, param) selinux: true, os: { 'architecture' => 'x86_64', - 'family' => 'RedHat', - 'hardware' => 'x86_64', - 'name' => 'Fedora', - 'release' => { - 'full' => '33', + 'family' => 'RedHat', + 'hardware' => 'x86_64', + 'name' => 'Fedora', + 'release' => { + 'full' => '33', 'major' => '33', - 'minor' => '33', + 'minor' => '33' }, - selinux: { 'enabled' => true }, + selinux: { 'enabled' => true } }, operatingsystem: 'Fedora', operatingsystemrelease: '33', - service_provider: 'systemd', + service_provider: 'systemd' } end end @@ -153,16 +229,16 @@ def param(type, title, param) family: 'RedHat', name: 'Amazon', release: { - 'full' => '1.0', - 'major' => '1', + 'full' => '1.0', + 'major' => '1' }, - selinux: { 'enabled' => true }, + selinux: { 'enabled' => true } }, kernel: 'Linux', id: 'root', path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', selinux: true, - service_provider: 'redhat', + service_provider: 'redhat' } end end @@ -174,16 +250,16 @@ def param(type, title, param) family: 'Gentoo', name: 'Gentoo', release: { - 'full' => 'unused', - 'major' => 'unused', + 'full' => 'unused', + 'major' => 'unused' }, - selinux: { 'enabled' => false }, + selinux: { 'enabled' => false } }, kernel: 'Linux', id: 'root', path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', selinux: false, - service_provider: 'openrc', + service_provider: 'openrc' } end end diff --git a/spec/type_aliases/pg_hba_rule_spec.rb b/spec/type_aliases/pg_hba_rule_spec.rb new file mode 100644 index 0000000000..e4d0fe007b --- /dev/null +++ b/spec/type_aliases/pg_hba_rule_spec.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'Postgresql::Pg_hba_rule' do + context 'base valid required data' do + let :data do + { + description: 'pc', + type: 'host', + database: 'all', + user: 'all', + address: '127.0.0.1/32', + auth_method: 'md5', + target: '/foo.conf', + postgresql_version: '14', + order: 3 + } + end + + it { is_expected.to allow_value(data) } + end + + context 'invalid data' do + let :data do + { + description: 'pc', + type: 'host', + database: 'all', + user: 'all', + address: '/32', + auth_method: 'md5', + target: '/foo.conf', + postgres_version: '14' + } + end + + it { is_expected.not_to allow_value(data) } + end + + context 'empty data' do + let :data do + {} + end + + it { is_expected.not_to allow_value(data) } + end +end diff --git a/spec/type_aliases/pg_hba_rule_type_spec.rb b/spec/type_aliases/pg_hba_rule_type_spec.rb new file mode 100644 index 0000000000..431db29a07 --- /dev/null +++ b/spec/type_aliases/pg_hba_rule_type_spec.rb @@ -0,0 +1,42 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'Postgresql::Pg_hba_rule_type' do + describe 'valid values' do + [ + 'local', + 'host', + 'hostssl', + 'hostnossl', + 'hostgssenc', + 'hostnogssenc', + ].each do |value| + describe value.inspect do + it { is_expected.to allow_value(value) } + end + end + end + + describe 'invalid values' do + context 'with garbage inputs' do + [ + :symbol, + nil, + 'foobar', + '', + true, + false, + ['meep', 'meep'], + 65_538, + [95_000, 67_000], + {}, + { 'foo' => 'bar' }, + ].each do |value| + describe value.inspect do + it { is_expected.not_to allow_value(value) } + end + end + end + end +end diff --git a/spec/type_aliases/pg_hba_rules_spec.rb b/spec/type_aliases/pg_hba_rules_spec.rb new file mode 100644 index 0000000000..316de2f868 --- /dev/null +++ b/spec/type_aliases/pg_hba_rules_spec.rb @@ -0,0 +1,69 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'Postgresql::Pg_hba_rules' do + context 'base valid required data' do + let :data do + { + foo: { + description: 'pc', + type: 'host', + database: 'all', + user: 'all', + address: '127.0.0.1/32', + auth_method: 'md5', + target: '/foo.conf', + postgresql_version: '14', + order: 1 + }, + foo2: { + description: 'pc', + type: 'host', + database: 'all', + user: 'all', + address: '127.0.0.1/32', + auth_method: 'md5', + target: '/foo.conf', + postgresql_version: '14', + order: 2 + } + } + end + + it { is_expected.to allow_value(data) } + end + + context 'empty' do + let :data do + {} + end + + it { is_expected.to allow_value(data) } + end + + context 'invalid data' do + let :data do + { + description: 'pc', + type: 'host', + database: 'all', + user: 'all', + address: '/32', + auth_method: 'md5' + } + end + + it { is_expected.not_to allow_value(data) } + end + + context 'empty value' do + let :data do + { + foo: {} + } + end + + it { is_expected.not_to allow_value(data) } + end +end diff --git a/spec/unit/provider/postgresql_conf/parsed_spec.rb b/spec/unit/provider/postgresql_conf/parsed_spec.rb deleted file mode 100644 index b931ef2f71..0000000000 --- a/spec/unit/provider/postgresql_conf/parsed_spec.rb +++ /dev/null @@ -1,148 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' -require 'tempfile' - -provider_class = Puppet::Type.type(:postgresql_conf).provider(:parsed) - -describe provider_class do - let(:title) { 'postgresql_conf' } - let(:provider) do - conf_class = Puppet::Type.type(:postgresql_conf) - provider = conf_class.provider(:parsed) - conffile = tmpfilename('postgresql.conf') - allow_any_instance_of(provider).to receive(:target).and_return conffile # rubocop:disable RSpec/AnyInstance - provider - end - - before(:each) do - end - - after :each do - provider.initvars - end - - describe 'simple configuration that should be allowed' do - it 'parses a simple ini line' do - expect(provider.parse_line("listen_addreses = '*'")).to eq( - name: 'listen_addreses', value: '*', comment: nil, record_type: :parsed, - ) - end - - it 'parses a simple ini line (2)' do - expect(provider.parse_line(" listen_addreses = '*'")).to eq( - name: 'listen_addreses', value: '*', comment: nil, record_type: :parsed, - ) - end - - it 'parses a simple ini line (3)' do - expect(provider.parse_line("listen_addreses = '*' # dont mind me")).to eq( - name: 'listen_addreses', value: '*', comment: 'dont mind me', record_type: :parsed, - ) - end - - it 'parses a comment' do - expect(provider.parse_line('# dont mind me')).to eq( - line: '# dont mind me', record_type: :comment, - ) - end - - it 'parses a comment (2)' do - expect(provider.parse_line(" \t# dont mind me")).to eq( - line: " \t# dont mind me", record_type: :comment, - ) - end - - it 'allows includes' do - expect(provider.parse_line('include puppetextra')).to eq( - name: 'include', value: 'puppetextra', comment: nil, record_type: :parsed, - ) - end - - it 'allows numbers through without quotes' do - expect(provider.parse_line('wal_keep_segments = 32')).to eq( - name: 'wal_keep_segments', value: '32', comment: nil, record_type: :parsed, - ) - end - - it 'allows blanks through' do - expect(provider.parse_line('')).to eq( - line: '', record_type: :blank, - ) - end - - it 'parses keys with dots' do - expect(provider.parse_line('auto_explain.log_min_duration = 1ms')).to eq( - name: 'auto_explain.log_min_duration', value: '1ms', comment: nil, record_type: :parsed, - ) - end - end - - describe 'configuration that should be set' do - it 'sets comment lines' do - expect(provider.to_line(line: '# dont mind me', record_type: :comment)).to eq( - '# dont mind me', - ) - end - - it 'sets blank lines' do - expect(provider.to_line(line: '', record_type: :blank)).to eq( - '', - ) - end - - it 'sets simple configuration' do - expect(provider.to_line(name: 'listen_addresses', value: '*', comment: nil, record_type: :parsed)).to eq( - "listen_addresses = '*'", - ) - end - - it 'sets simple configuration with period in name' do - expect(provider.to_line(name: 'auto_explain.log_min_duration', value: '100ms', comment: nil, record_type: :parsed)).to eq( - 'auto_explain.log_min_duration = 100ms', - ) - end - - it 'sets simple configuration even with comments' do - expect(provider.to_line(name: 'listen_addresses', value: '*', comment: 'dont mind me', record_type: :parsed)).to eq( - "listen_addresses = '*' # dont mind me", - ) - end - - it 'quotes includes' do - expect(provider.to_line(name: 'include', value: 'puppetextra', comment: nil, record_type: :parsed)).to eq( - "include 'puppetextra'", - ) - end - - it 'quotes multiple words' do - expect(provider.to_line(name: 'archive_command', value: 'rsync up', comment: nil, record_type: :parsed)).to eq( - "archive_command = 'rsync up'", - ) - end - - it 'does not quote numbers' do - expect(provider.to_line(name: 'wal_segments', value: '32', comment: nil, record_type: :parsed)).to eq( - 'wal_segments = 32', - ) - end - - it 'allows numbers' do - expect(provider.to_line(name: 'integer', value: 42, comment: nil, record_type: :parsed)).to eq( - 'integer = 42', - ) - end - - it 'allows floats' do - expect(provider.to_line(name: 'float', value: 2.71828182845, comment: nil, record_type: :parsed)).to eq( - 'float = 2.71828182845', - ) - end - - it 'quotes addresses' do - expect(provider.to_line(name: 'listen_addresses', value: '0.0.0.0', comment: nil, record_type: :parsed)).to eq( - "listen_addresses = '0.0.0.0'", - ) - end - end -end diff --git a/spec/unit/provider/postgresql_conf/ruby_spec.rb b/spec/unit/provider/postgresql_conf/ruby_spec.rb new file mode 100644 index 0000000000..11800b0fc7 --- /dev/null +++ b/spec/unit/provider/postgresql_conf/ruby_spec.rb @@ -0,0 +1,60 @@ +# frozen_string_literal: true + +require 'spec_helper' +provider_class = Puppet::Type.type(:postgresql_conf).provider(:ruby) + +describe provider_class do + let(:resource) { Puppet::Type.type(:postgresql_conf).new(name: 'foo', value: 'bar') } + let(:provider) { resource.provider } + + before(:each) do + allow(provider).to receive(:file_path).and_return('/tmp/foo') + allow(provider).to receive(:read_file).and_return('foo = bar') + allow(provider).to receive(:write_file).and_return(true) + end + # rubocop:enable RSpec/ReceiveMessages + + it 'has a method parse_config' do + expect(provider).to respond_to(:parse_config) + end + + it 'has a method delete_header' do + expect(provider).to respond_to(:delete_header) + end + + it 'has a method add_header' do + expect(provider).to respond_to(:add_header) + end + + it 'has a method exists?' do + expect(provider).to respond_to(:exists?) + end + + it 'has a method create' do + expect(provider).to respond_to(:create) + end + + it 'has a method destroy' do + expect(provider).to respond_to(:destroy) + end + + it 'has a method value' do + expect(provider).to respond_to(:value) + end + + it 'has a method value=' do + expect(provider).to respond_to(:value=) + end + + it 'has a method comment' do + expect(provider).to respond_to(:comment) + end + + it 'has a method comment=' do + expect(provider).to respond_to(:comment=) + end + + it 'is an instance of the Provider Ruby' do + expect(provider).to be_an_instance_of Puppet::Type::Postgresql_conf::ProviderRuby + end +end diff --git a/spec/unit/puppet/provider/postgresql_conn_validator/ruby_spec.rb b/spec/unit/puppet/provider/postgresql_conn_validator/ruby_spec.rb index 8cd71e3913..ef18e65692 100644 --- a/spec/unit/puppet/provider/postgresql_conn_validator/ruby_spec.rb +++ b/spec/unit/puppet/provider/postgresql_conn_validator/ruby_spec.rb @@ -5,7 +5,7 @@ describe Puppet::Type.type(:postgresql_conn_validator).provider(:ruby) do let(:resource) do Puppet::Type.type(:postgresql_conn_validator).new({ - name: 'testname', + name: 'testname' }.merge(attributes)) end let(:provider) { resource.provider } @@ -15,7 +15,7 @@ host: 'db.test.com', port: 4444, db_username: 'testuser', - db_password: 'testpass', + db_password: 'testpass' } end let(:connect_settings) do @@ -23,8 +23,8 @@ connect_settings: { PGPASSWORD: 'testpass', PGHOST: 'db.test.com', - PGPORT: '1234', - }, + PGPORT: '1234' + } } end diff --git a/spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb b/spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb index 5e05cc2886..9f2c3b55e1 100644 --- a/spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb +++ b/spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb @@ -9,7 +9,7 @@ end let(:provider) { resource.provider } - context('#run_sql_command') do + describe('#run_sql_command') do describe 'with default attributes' do let(:attributes) { { db: 'spec_db' } } @@ -21,6 +21,7 @@ provider.run_sql_command('SELECT \'something\' as "Custom column"') end end + describe 'with psql_path and db' do let(:attributes) do { @@ -28,7 +29,7 @@ psql_user: 'spec_user', psql_group: 'spec_group', cwd: '/spec', - db: 'spec_db', + db: 'spec_db' } end @@ -41,10 +42,11 @@ provider.run_sql_command('SELECT \'something\' as "Custom column"') end end + describe 'with search_path string' do let(:attributes) do { - search_path: 'schema1', + search_path: 'schema1' } end @@ -56,10 +58,11 @@ provider.run_sql_command('SELECT \'something\' as "Custom column"') end end + describe 'with search_path array' do let(:attributes) do { - search_path: ['schema1', 'schema2'], + search_path: ['schema1', 'schema2'] } end @@ -73,6 +76,7 @@ end end end + describe 'with port string' do let(:attributes) { { port: '5555' } } @@ -85,6 +89,7 @@ provider.run_sql_command('SELECT something') end end + describe 'with connect_settings' do let(:attributes) { { connect_settings: { 'PGHOST' => '127.0.0.1' } } } @@ -92,13 +97,13 @@ expect(provider).to receive(:run_command).with(['psql', '-t', '-X', '-c', 'SELECT something'], - 'postgres', 'postgres', 'PGHOST' => '127.0.0.1') + 'postgres', 'postgres', { 'PGHOST' => '127.0.0.1' }) provider.run_sql_command('SELECT something') end end - context('#run_unless_sql_command') do + describe('#run_unless_sql_command') do let(:attributes) { {} } it 'calls #run_sql_command with SQL' do diff --git a/spec/unit/puppet/provider/postgresql_replication_slot/ruby_spec.rb b/spec/unit/puppet/provider/postgresql_replication_slot/ruby_spec.rb index 828b63e933..032ceac752 100644 --- a/spec/unit/puppet/provider/postgresql_replication_slot/ruby_spec.rb +++ b/spec/unit/puppet/provider/postgresql_replication_slot/ruby_spec.rb @@ -37,6 +37,7 @@ def | | physical | | | t | | | 0/ 'postgres', 'postgres' ).and_return([sql_instances, nil]) end + let(:attributes) { {} } let(:instances) { provider.class.instances } let(:expected) { ['abc', 'def'] } @@ -44,6 +45,7 @@ def | | physical | | | t | | | 0/ it 'lists instances #size' do expect(instances.size).to eq 2 end + it 'lists instances #content' do expected.each_with_index do |expect, index| expect(instances[index].name).to eq expect diff --git a/spec/unit/puppet/type/postgresql_conn_validator.rb b/spec/unit/puppet/type/postgresql_conn_validator.rb index 2315e9568d..47ae4c9930 100644 --- a/spec/unit/puppet/type/postgresql_conn_validator.rb +++ b/spec/unit/puppet/type/postgresql_conn_validator.rb @@ -1,4 +1,3 @@ -#! /usr/bin/env ruby # rubocop:disable Lint/ScriptPermission # frozen_string_literal: true require 'spec_helper' @@ -24,19 +23,23 @@ it "#{param} should be able to cast value as integer #string" do expect { described_class.new(:name => 'test', param => '1') }.not_to raise_error end + it "#{param} should be able to cast value as integer #integer" do expect { described_class.new(:name => 'test', param => 1) }.not_to raise_error end + it "#{param} should not accept non-numeric string" do expect { described_class.new(:name => 'test', param => 'test') }.to raise_error Puppet::ResourceError end end end + describe 'connect_settings' do it 'accepts a hash' do expect { described_class.new(name: 'test', connect_settings: { 'PGPASSWORD' => 'test1' }) }.not_to raise_error end end + describe 'port' do it 'does not accept a word' do expect { described_class.new(name: 'test', port: 'test') }.to raise_error Puppet::Error diff --git a/spec/unit/puppet/type/postgresql_psql_spec.rb b/spec/unit/puppet/type/postgresql_psql_spec.rb index cc448bb711..871645534d 100644 --- a/spec/unit/puppet/type/postgresql_psql_spec.rb +++ b/spec/unit/puppet/type/postgresql_psql_spec.rb @@ -36,7 +36,7 @@ refreshonly: :true, search_path: ['schema1', 'schema2'], connect_settings: { 'PGHOST' => 'postgres-db-server', - 'DBVERSION' => '9.1' }, + 'DBVERSION' => '9.1' } }.each do |attr, value| context attr do describe [attr] @@ -54,21 +54,25 @@ it { is_expected.to eq('psql') } end + context 'default value: [:psql_user]' do subject { super()[:psql_user] } it { is_expected.to eq('postgres') } end + context 'default value: [:psql_group]' do subject { super()[:psql_group] } it { is_expected.to eq('postgres') } end + context 'default value: [:cwd]' do subject { super()[:cwd] } it { is_expected.to eq('/tmp') } end + context 'default value: #refreshonly?' do subject { super().refreshonly? } @@ -76,7 +80,6 @@ end end - # rubocop:disable RSpec/NamedSubject # rubocop:disable RSpec/SubjectStub describe '#command' do let(:attributes) { { command: 'SELECT stuff' } } @@ -135,6 +138,7 @@ context 'not refreshing' it { expect(subject.should_run_sql).to be_falsey } end + context "refreshonly => #{refreshonly.inspect}" do let(:attributes) do { refreshonly: refreshonly } @@ -154,6 +158,7 @@ context 'not refreshing' it { expect(subject.should_run_sql).to be_truthy } end + context "refreshonly => #{refreshonly.inspect}" do let(:attributes) do { refreshonly: refreshonly } @@ -177,6 +182,7 @@ context 'not refreshing' it { expect(subject.should_run_sql).to be_falsey } end + context "refreshonly => #{refreshonly.inspect}" do let(:attributes) do { refreshonly: refreshonly, unless: 'SELECT something' } @@ -196,6 +202,7 @@ context 'not refreshing' it { expect(subject.should_run_sql).to be_falsey } end + context "refreshonly => #{refreshonly.inspect}" do let(:attributes) do { refreshonly: refreshonly, unless: 'SELECT something' } @@ -219,6 +226,7 @@ context 'not refreshing' it { expect(subject.should_run_sql).to be_falsey } end + context "refreshonly => #{refreshonly.inspect}" do let(:attributes) do { refreshonly: refreshonly, unless: 'SELECT something' } @@ -238,6 +246,7 @@ context 'not refreshing' it { expect(subject.should_run_sql).to be_truthy } end + context "refreshonly => #{refreshonly.inspect}" do let(:attributes) do { refreshonly: refreshonly, unless: 'SELECT something' } @@ -265,3 +274,5 @@ end end end +# rubocop:enable RSpec/NamedSubject +# rubocop:enable RSpec/SubjectStub diff --git a/spec/unit/puppet/type/postgresql_replication_slot_spec.rb b/spec/unit/puppet/type/postgresql_replication_slot_spec.rb index 27423bcad5..058e0500cb 100644 --- a/spec/unit/puppet/type/postgresql_replication_slot_spec.rb +++ b/spec/unit/puppet/type/postgresql_replication_slot_spec.rb @@ -8,6 +8,6 @@ end it 'has a name parameter' do - expect(subject[:name]).to eq 'standby' # rubocop:disable RSpec/NamedSubject + expect(subject[:name]).to eq 'standby' end end diff --git a/spec/unit/type/postgresql_conf_spec.rb b/spec/unit/type/postgresql_conf_spec.rb index 6ded102200..f6e972f620 100644 --- a/spec/unit/type/postgresql_conf_spec.rb +++ b/spec/unit/type/postgresql_conf_spec.rb @@ -1,4 +1,3 @@ -#! /usr/bin/env ruby # rubocop:disable Lint/ScriptPermission # frozen_string_literal: true require 'spec_helper' @@ -14,22 +13,24 @@ it 'has :name as its namevar' do expect(described_class.key_attributes).to eq([:name]) end + it 'does not invalid names' do expect { described_class.new(name: 'foo bar') }.to raise_error(Puppet::Error, %r{Invalid value}) end + it 'allows dots in names' do expect { described_class.new(name: 'foo.bar') }.not_to raise_error end end describe 'when validating attributes' do - [:name, :provider].each do |param| + [:name, :provider, :target].each do |param| it "has a #{param} parameter" do expect(described_class.attrtype(param)).to eq(:param) end end - [:value, :target].each do |property| + [:value, :comment].each do |property| it "has a #{property} property" do expect(described_class.attrtype(property)).to eq(:property) end @@ -41,12 +42,83 @@ it 'supports present as a value for ensure' do expect { described_class.new(name: 'foo', ensure: :present) }.not_to raise_error end + it 'supports absent as a value for ensure' do expect { described_class.new(name: 'foo', ensure: :absent) }.not_to raise_error end + it 'does not support other values' do expect { described_class.new(name: 'foo', ensure: :foo) }.to raise_error(Puppet::Error, %r{Invalid value}) end end + # boolean https://www.postgresql.org/docs/current/datatype-boolean.html + describe 'validate boolean values with newvalues function' do + it 'validates log_checkpoints with value on' do + expect { described_class.new(name: 'log_checkpoints', value: 'on') }.not_to raise_error + end + it 'validates log_checkpoints with value off' do + expect { described_class.new(name: 'log_checkpoints', value: 'off') }.not_to raise_error + end + it 'validates log_checkpoints with value true' do + expect { described_class.new(name: 'log_checkpoints', value: 'true') }.not_to raise_error + end + it 'validates log_checkpoints with value false' do + expect { described_class.new(name: 'log_checkpoints', value: 'false') }.not_to raise_error + end + it 'validates log_checkpoints with value yes' do + expect { described_class.new(name: 'log_checkpoints', value: 'yes') }.not_to raise_error + end + it 'validates log_checkpoints with value no' do + expect { described_class.new(name: 'log_checkpoints', value: 'no') }.not_to raise_error + end + it 'validates log_checkpoints with value 1' do + expect { described_class.new(name: 'log_checkpoints', value: '1') }.not_to raise_error + end + it 'validates log_checkpoints with value 0' do + expect { described_class.new(name: 'log_checkpoints', value: '0') }.not_to raise_error + end + end + # enums https://www.postgresql.org/docs/current/datatype-enum.html + describe 'validate enum values with newvalues function' do + it 'validates ssl_min_protocol_version with value TLSv1.3' do + expect { described_class.new(name: 'ssl_min_protocol_version', value: 'TLSv1.3') }.not_to raise_error + end + it 'validates ssl_min_protocol_version with value TLSv1.1' do + expect { described_class.new(name: 'ssl_min_protocol_version', value: 'TLSv1.1') }.not_to raise_error + end + end + # integer https://www.postgresql.org/docs/current/datatype-numeric.html#DATATYPE-INT + describe 'validate integer values with newvalues function' do + it 'validates max_connections with value 1000' do + expect { described_class.new(name: 'max_connections', value: '1000') }.not_to raise_error + end + end + # real https://www.postgresql.org/docs/current/datatype-numeric.html#DATATYPE-FLOAT + describe 'validate real values with newvalues function' do + it 'validates parallel_tuple_cost with value 0.3' do + expect { described_class.new(name: 'parallel_tuple_cost', value: '0.3') }.not_to raise_error + end + end + # string https://www.postgresql.org/docs/current/datatype-character.html + describe 'validate complex string values with newvalues function' do + it 'validates log_line_prefix with value [%p] %q:%u:%d:%' do + expect { described_class.new(name: 'log_line_prefix', value: '[%p] %q:%u:%d:%x ') }.not_to raise_error + end + it 'validates log_line_prefix with value %t %q%u@%d %p %i' do + expect { described_class.new(name: 'log_line_prefix', value: '%t %q%u@%d %p %i ') }.not_to raise_error + end + it 'validates log_filename with value psql_01-%Y-%m-%d.log' do + expect { described_class.new(name: 'log_filename', value: 'psql_01-%Y-%m-%d.log') }.not_to raise_error + end + end + # string https://www.postgresql.org/docs/current/datatype-character.html + describe 'validate string values with newvalues function' do + it 'validates log_timezone with value UTC' do + expect { described_class.new(name: 'log_timezone', value: 'UTC') }.not_to raise_error + end + it 'validates ssl_ciphers with value HIGH:MEDIUM:+3DES:!aNULL' do + expect { described_class.new(name: 'ssl_ciphers', value: 'HIGH:MEDIUM:+3DES:!aNULL') }.not_to raise_error + end + end end end diff --git a/tasks/sql.rb b/tasks/sql.rb index 21028794c9..d350625a38 100755 --- a/tasks/sql.rb +++ b/tasks/sql.rb @@ -15,10 +15,11 @@ def get(sql, database, user, port, password, host) cmd_string << "--host=#{host}" unless host.nil? stdout, stderr, status = Open3.capture3(env_hash, *cmd_string) raise Puppet::Error, stderr if status != 0 + { status: stdout.strip } end -params = JSON.parse(STDIN.read) +params = JSON.parse($stdin.read) database = params['database'] host = params['host'] password = params['password'] diff --git a/templates/pg_dump.sh.epp b/templates/pg_dump.sh.epp new file mode 100644 index 0000000000..c5b40db492 --- /dev/null +++ b/templates/pg_dump.sh.epp @@ -0,0 +1,116 @@ +<%- | + Boolean $compress, + Array $databases, + Optional[String[1]] $db_user, + Boolean $delete_before_dump, + String[1] $dir, + Enum['plain','custom','directory','tar'] $format, + Array $optional_args, + Optional[String[1]] $post_script, + Optional[String[1]] $pre_script, + Integer[0] $rotate, + Stdlib::Absolutepath $success_file_path, +| -%> +<%- if $facts['kernel'] == 'Linux' { -%> +#!/bin/bash +<%- } else { -%> +#!/bin/sh +<%- } -%> +# This file is managed by Puppet. DO NOT EDIT. +# +# A wrapper for pg_dump + +# Backup config +ROTATE=<%= $rotate %> +BASEDIR="<%= $dir %>" +DIR="${BASEDIR}/$(date +%F_%H-%M-%S)" + +# Pattern %FILENAME% will be replace or removed, depending +# on the pg_dump parameters. +TEMPLATE="${DIR}/%FILENAME%" + +# Use a filename suffix to better distinguish different file types. +SUFFIX=".pgdump" + +# Ensure backup directory exist. +mkdir -p $DIR + +<%- if $facts['kernel'] == 'Linux' { -%> +set -o pipefail +<%- } -%> + +<% if $pre_script { -%> + <%- flatten($pre_script).each |$_script| { %> +<%= $_script %> + <%- } -%> +<% } -%> + +cleanup() +{ + <%- if $facts['kernel'] == 'SunOS' { -%> + gfind "${BASEDIR}/" -mindepth 1 -maxdepth 1 -mtime +${ROTATE} -print0 | gxargs -0 -r rm -rf + <%- } else { -%> + find "${BASEDIR}/" -mindepth 1 -maxdepth 1 -mtime +${ROTATE} -print0 | xargs -0 -r rm -rf + <%- } -%> +} + +<% if $delete_before_dump { -%> +# Remove outdated backups unconditionally before making new backups. +cleanup +<% } -%> + +_pg_args='' + +<%- if $format == 'directory' { -%> +# The 'directory' format expects a target directory instead of a file. +TEMPLATE=$DIR +<%- } -%> + +<%- if $db_user { -%> +_pg_args="${_pg_args} --username=<%= $db_user %>" +<%- } -%> + +<%- if $optional_args { -%> + <%- $optional_args.each |$_arg| { -%> +_pg_args="${_pg_args} <%= $_arg %>" + <%- } -%> +<%- } -%> + +<%- if $databases and $databases =~ Array and !empty($databases) { -%> +_pg_args="${_pg_args} --format=<%= $format %>" + +<%# Compression is only supported by pg_dump, but not by pg_dumpall. -%> +<%- if !$compress { -%> +_pg_args="${_pg_args} --compress=0" +<%# The tar archive format does not support compression. -%> +<%- } elsif $format != 'tar' { -%> +_pg_args="${_pg_args} --compress=9" +SUFFIX="${SUFFIX}.gz" +<%- } -%> + +# Dump only selected databases + <%- $databases.each |$_db| { -%> +FILE=`echo $TEMPLATE | sed "s/%FILENAME%/<%= $_db %>$SUFFIX/;"` +pg_dump $_pg_args --file=${FILE} $@ <%= $_db %> + <%- } -%> +<%- } else { -%> +# Dump the whole instance +FILE=`echo $TEMPLATE | sed "s/%FILENAME%/all$SUFFIX/;"` +pg_dumpall $_pg_args --file=${FILE} $@ +<%- } -%> + +<% unless $delete_before_dump { -%> +# Remove outdated backups only if the new backup was successful. +if [ $? -eq 0 ] ; then + cleanup + <%- if $success_file_path { -%> + touch <%= $success_file_path %> + <%- } -%> +fi +<% } -%> + +<% if $post_script { -%> + <%- flatten($post_script).each |$_script| { %> +<%= $_script %> + <%- } -%> +<% } -%> diff --git a/templates/pg_hba_rule.conf b/templates/pg_hba_rule.conf deleted file mode 100644 index af54db5b2a..0000000000 --- a/templates/pg_hba_rule.conf +++ /dev/null @@ -1,5 +0,0 @@ - -# Rule Name: <%=@name%> -# Description: <%=@description%> -# Order: <%=@order%> -<%=@type%> <%=@database%> <%=@user%> <%=@address%> <%=@auth_method%> <%=@auth_option%> diff --git a/templates/pg_hba_rule.conf.epp b/templates/pg_hba_rule.conf.epp new file mode 100644 index 0000000000..9d54265624 --- /dev/null +++ b/templates/pg_hba_rule.conf.epp @@ -0,0 +1,16 @@ +<%- | + String[1] $name, + String[1] $description, + Variant[String, Integer] $order, + Postgresql::Pg_hba_rule_type $type, + String[1] $database, + String[1] $user, + Optional[Postgresql::Pg_hba_rule_address] $address, + String[1] $auth_method, + Optional[String] $auth_option, +| -%> +# Rule Name: <%= $name %> +# Description: <%= $description %> +# Order: <%= $order %> +<%= $type %> <%= $database %> <%= $user %> <%= $address %> <%= $auth_method %> <%= $auth_option %> + diff --git a/templates/pg_ident_rule.conf b/templates/pg_ident_rule.conf deleted file mode 100644 index 238c6e96f3..0000000000 --- a/templates/pg_ident_rule.conf +++ /dev/null @@ -1,5 +0,0 @@ - -# Rule Name: <%=@name%> -# Description: <%=@description%> -# Order: <%=@order%> -<%=@map_name%> <%=@system_username%> <%=@database_username%> diff --git a/templates/pg_ident_rule.conf.epp b/templates/pg_ident_rule.conf.epp new file mode 100644 index 0000000000..ba7ec2f855 --- /dev/null +++ b/templates/pg_ident_rule.conf.epp @@ -0,0 +1,12 @@ +<%- | + String[1] $name, + String[1] $description, + String[1] $order, + String[1] $map_name, + String[1] $system_username, + String[1] $database_username, +| -%> +# Rule Name: <%= $name %> +# Description: <%= $description %> +# Order: <%= $order %> +<%= $map_name %> <%= $system_username %> <%= $database_username %> diff --git a/templates/recovery.conf.epp b/templates/recovery.conf.epp new file mode 100644 index 0000000000..ebc28e1468 --- /dev/null +++ b/templates/recovery.conf.epp @@ -0,0 +1,64 @@ +<%- | + Optional[String] $restore_command, + Optional[String[1]] $archive_cleanup_command, + Optional[String[1]] $recovery_end_command, + Optional[String[1]] $recovery_target_name, + Optional[String[1]] $recovery_target_time, + Optional[String[1]] $recovery_target_xid, + Optional[Boolean] $recovery_target_inclusive, + Optional[String[1]] $recovery_target, + Optional[String[1]] $recovery_target_timeline, + Optional[Boolean] $pause_at_recovery_target, + Optional[String[1]] $standby_mode, + Optional[String[1]] $primary_conninfo, + Optional[String[1]] $primary_slot_name, + Optional[String[1]] $trigger_file, + Optional[Integer] $recovery_min_apply_delay, +| -%> +<% if $restore_command { -%> +restore_command = '<%= $restore_command %>' +<% } -%> +<% if $archive_cleanup_command { -%> +archive_cleanup_command = '<%= $archive_cleanup_command %>' +<% } -%> +<% if $recovery_end_command { -%> +recovery_end_command = '<%= $recovery_end_command %>' +<% } -%> + +<% if $recovery_target_name { -%> +recovery_target_name = '<%= $recovery_target_name %>' +<% } -%> +<% if $recovery_target_time { -%> +recovery_target_time = '<%= $recovery_target_time %>' +<% } -%> +<% if $recovery_target_xid { -%> +recovery_target_xid = '<%= $recovery_target_xid %>' +<% } -%> +<% if $recovery_target_inclusive { -%> +recovery_target_inclusive = <%= $recovery_target_inclusive %> +<% } -%> +<% if $recovery_target { -%> +recovery_target = '<%= $recovery_target %>' +<% } -%> +<% if $recovery_target_timeline { -%> +recovery_target_timeline = '<%= $recovery_target_timeline %>' +<% } -%> +<% if $pause_at_recovery_target { -%> +pause_at_recovery_target = <%= $pause_at_recovery_target %> +<% } -%> + +<% if $standby_mode { -%> +standby_mode = <%= $standby_mode %> +<% } -%> +<% if $primary_conninfo { -%> +primary_conninfo = '<%= $primary_conninfo %>' +<% } -%> +<% if $primary_slot_name { -%> +primary_slot_name = '<%= $primary_slot_name %>' +<% } -%> +<% if $trigger_file { -%> +trigger_file = '<%= $trigger_file %>' +<% } -%> +<% if $recovery_min_apply_delay { -%> +recovery_min_apply_delay = <%= $recovery_min_apply_delay %> +<% } -%> diff --git a/templates/recovery.conf.erb b/templates/recovery.conf.erb deleted file mode 100644 index a678faee0d..0000000000 --- a/templates/recovery.conf.erb +++ /dev/null @@ -1,47 +0,0 @@ -<% if @restore_command -%> -restore_command = '<%= @restore_command %>' -<% end -%> -<% if @archive_cleanup_command -%> -archive_cleanup_command = '<%= @archive_cleanup_command %>' -<% end -%> -<% if @recovery_end_command -%> -recovery_end_command = '<%= @recovery_end_command %>' -<% end -%> - -<% if @recovery_target_name -%> -recovery_target_name = '<%= @recovery_target_name %>' -<% end -%> -<% if @recovery_target_time -%> -recovery_target_time = '<%= @recovery_target_time %>' -<% end -%> -<% if @recovery_target_xid -%> -recovery_target_xid = '<%= @recovery_target_xid %>' -<% end -%> -<% if @recovery_target_inclusive -%> -recovery_target_inclusive = <%= @recovery_target_inclusive %> -<% end -%> -<% if @recovery_target -%> -recovery_target = '<%= @recovery_target %>' -<% end -%> -<% if @recovery_target_timeline -%> -recovery_target_timeline = '<%= @recovery_target_timeline %>' -<% end -%> -<% if @pause_at_recovery_target -%> -pause_at_recovery_target = <%= @pause_at_recovery_target %> -<% end -%> - -<% if @standby_mode -%> -standby_mode = <%= @standby_mode %> -<% end -%> -<% if @primary_conninfo -%> -primary_conninfo = '<%= @primary_conninfo %>' -<% end -%> -<% if @primary_slot_name -%> -primary_slot_name = '<%= @primary_slot_name %>' -<% end -%> -<% if @trigger_file -%> -trigger_file = '<%= @trigger_file %>' -<% end -%> -<% if @recovery_min_apply_delay -%> -recovery_min_apply_delay = <%= @recovery_min_apply_delay %> -<% end -%> diff --git a/templates/systemd-override.conf.epp b/templates/systemd-override.conf.epp new file mode 100644 index 0000000000..48b02c72f4 --- /dev/null +++ b/templates/systemd-override.conf.epp @@ -0,0 +1,15 @@ +<%- | + Stdlib::Port $port, + Stdlib::Absolutepath $datadir, + Optional[String[1]] $extra_systemd_config, +| -%> +[Service] +Environment=PGPORT=<%= $port %> +<%- if $facts['os']['family'] == 'Gentoo' { -%> +Environment=DATA_DIR=<%= $datadir %> +<%- } else { -%> +Environment=PGDATA=<%= $datadir %> +<%- } -%> +<% if $extra_systemd_config { -%> +<%= $extra_systemd_config %> +<% } -%> diff --git a/templates/systemd-override.erb b/templates/systemd-override.erb deleted file mode 100644 index 54b14476be..0000000000 --- a/templates/systemd-override.erb +++ /dev/null @@ -1,11 +0,0 @@ -<%- if @os['name'] == 'Fedora' and @os['release']['major'] <= '31' -%> -.include /usr/lib/systemd/system/<%= @service_name %>.service -<% end -%> -[Service] -Environment=PGPORT=<%= @port %> -<%- if @os['family'] == 'Gentoo' -%> -Environment=DATA_DIR=<%= @datadir %> -<%- else -%> -Environment=PGDATA=<%= @datadir %> -<%- end -%> -<%= @extra_systemd_config %> diff --git a/types/pg_hba_rule.pp b/types/pg_hba_rule.pp new file mode 100644 index 0000000000..b4759f3220 --- /dev/null +++ b/types/pg_hba_rule.pp @@ -0,0 +1,14 @@ +# @summary type for all parameters in the postgresql::server::hba_rule defined resource +# @see https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/manifests/server/pg_hba_rule.pp +type Postgresql::Pg_hba_rule = Struct[{ + Optional[description] => String, + type => Postgresql::Pg_hba_rule_type, + database => String, + user => String, + Optional[address] => Optional[Postgresql::Pg_hba_rule_address], + auth_method => String, + Optional[auth_option] => Optional[String], + Optional[order] => Variant[String,Integer], + Optional[target] => Stdlib::Absolutepath, + Optional[postgresql_version] => String, +}] diff --git a/types/pg_hba_rule_address.pp b/types/pg_hba_rule_address.pp new file mode 100644 index 0000000000..3955f00c0a --- /dev/null +++ b/types/pg_hba_rule_address.pp @@ -0,0 +1,10 @@ +# @summary Supported address types +# @see https://www.postgresql.org/docs/current/auth-pg-hba-conf.html +type Postgresql::Pg_hba_rule_address = Variant[ + Stdlib::IP::Address::V4::CIDR, + Stdlib::IP::Address::V6::CIDR, + Stdlib::Fqdn, + Enum['all', 'samehost', 'samenet'], + # RegExp for a DNS domain - also starting with a single dot + Pattern[/^\.(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]$/], +] diff --git a/types/pg_hba_rule_type.pp b/types/pg_hba_rule_type.pp new file mode 100644 index 0000000000..bbf4360748 --- /dev/null +++ b/types/pg_hba_rule_type.pp @@ -0,0 +1,3 @@ +# @summary enum for all different types for the pg_hba_conf +# @see https://www.postgresql.org/docs/current/auth-pg-hba-conf.html +type Postgresql::Pg_hba_rule_type = Enum['local', 'host', 'hostssl', 'hostnossl', 'hostgssenc', 'hostnogssenc'] diff --git a/types/pg_hba_rules.pp b/types/pg_hba_rules.pp new file mode 100644 index 0000000000..9f010bc040 --- /dev/null +++ b/types/pg_hba_rules.pp @@ -0,0 +1,3 @@ +# @summary validates a hash of entries for postgresql::server::pg_hab_conf +# @see https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/manifests/server/pg_hba_rule.pp +type Postgresql::Pg_hba_rules = Hash[String[1], Postgresql::Pg_hba_rule] diff --git a/types/pg_password_encryption.pp b/types/pg_password_encryption.pp new file mode 100644 index 0000000000..b2b5be66e5 --- /dev/null +++ b/types/pg_password_encryption.pp @@ -0,0 +1,2 @@ +# @summary the supported password_encryption +type Postgresql::Pg_password_encryption = Enum['md5', 'scram-sha-256']