Skip to content

Commit

Permalink
Merge pull request #1584 from ekohl/globally-configurable-password-en…
Browse files Browse the repository at this point in the history
…cryption

Add a global password_encryption parameter
  • Loading branch information
bastelfreak authored Mar 26, 2024
2 parents b88c8a6 + 43c21af commit 5eb1690
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 1 deletion.
5 changes: 5 additions & 0 deletions manifests/globals.pp
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,10 @@
# @param timezone
# Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information.
#
# @param password_encryption
# Specify the type of encryption set for the password.
# Defaults to scram-sha-256 for PostgreSQL >= 14, otherwise md5.
#
# @param manage_pg_hba_conf Allow Puppet to manage the pg_hba.conf file.
# @param manage_pg_ident_conf Allow Puppet to manage the pg_ident.conf file.
# @param manage_recovery_conf Allow Puppet to manage the recovery.conf file.
Expand Down Expand Up @@ -159,6 +163,7 @@
Optional[String[1]] $locale = undef,
Optional[Boolean] $data_checksums = undef,
Optional[String[1]] $timezone = undef,
Optional[Postgresql::Pg_password_encryption] $password_encryption = undef,

Optional[Boolean] $manage_pg_hba_conf = undef,
Optional[Boolean] $manage_pg_ident_conf = undef,
Expand Down
2 changes: 1 addition & 1 deletion manifests/params.pp
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
$manage_selinux = pick($manage_selinux, false)
$package_ensure = 'present'
$module_workdir = pick($module_workdir,'/tmp')
$password_encryption = versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' }
$password_encryption = pick($password_encryption, versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' })
$extra_systemd_config = undef
$manage_datadir = true
$manage_logdir = true
Expand Down
14 changes: 14 additions & 0 deletions spec/functions/postgresql_default_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -30,5 +30,19 @@ class { 'postgresql::server':
# parameter in globals.pp only
it { is_expected.to run.with_params('default_connect_settings').and_return({}) }

it { is_expected.to run.with_params('password_encryption').and_return('md5') }

it { is_expected.to run.with_params('a_parameter_that_does_not_exist').and_raise_error(Puppet::ParseError, %r{pick\(\): must receive at least one non empty value}) }

context 'with overridden values' do
let(:pre_condition) do
<<~PUPPET
class { 'postgresql::globals':
password_encryption => 'scram-sha-256',
}
PUPPET
end

it { is_expected.to run.with_params('password_encryption').and_return('scram-sha-256') }
end
end

0 comments on commit 5eb1690

Please sign in to comment.