diff --git a/.sync.yml b/.sync.yml index d3575e177d..5850feded2 100644 --- a/.sync.yml +++ b/.sync.yml @@ -3,3 +3,5 @@ NOTICE: unmanaged: true appveyor.yml: delete: true +spec/spec_helper.rb: + allow_deprecations: true diff --git a/.travis.yml b/.travis.yml index 0c6f904c32..38d226395a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -22,7 +22,7 @@ matrix: script: bundle exec rake beaker services: docker sudo: required - - rvm: 2.4.0 + - rvm: 2.4.1 bundler_args: --without system_tests env: PUPPET_GEM_VERSION="~> 5.0" - rvm: 2.1.9 diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a74da5317..c1cc5ca675 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,43 @@ +# Change log + +All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) +and this project adheres to [Semantic Versioning](http://semver.org). + +## Supported Release 5.2.1 +### Summary +Bug fix for issue introduced in 5.2.0 + +#### Fixed +- issue where the module was attempting to install extensions before a database was available. ([SERVER-2003](https://tickets.puppetlabs.com/browse/SERVER-2003)) + +## Supported Release 5.2.0 +### Summary +Adds several new features including some work around OS support. Also includes a couple of fixes to tests and the removal of unsupported Ubuntu versions. + +#### Added +- Added default postgresql version of Ubuntu 17.4 version to the globals.pp file. +- Fedora 26 provides postgresql-server version 9.6 by default - Added support to manifests/globals.pp to avoid puppet failures on Fedora 26 nodes. +- Use postgresql 9.6 for the newest SLES and openSUSE releases. +- Enhanced --data-checksums on initdb. +- Added support for Debian version 9. +- Added a `version` parameter. + +#### Changed +- Replaced validate_re calls with puppet datatype `Pattern` and is_array calls with puppet datatype `Array`. +- Installation method for apt in the spec_helper_acceptance, this is a temporary workaround due to issues with module installation. + +#### Fixed +- Updated spec tests to remove deprecation warnings. +- Docs formatting. +- Pass default_connect_settings to validate service ([MODULES-4682](https://tickets.puppetlabs.com/browse/MODULES-4682)) +- Rocket Alignment for Lint. +- Fixed changes in error messages in tests ([MODULES-5378](https://tickets.puppetlabs.com/browse/MODULES-5378)) + +#### Removed +- Removed unsupported Ubuntu versions 10.04 and 12.04 ([MODULES-5501](https://tickets.puppetlabs.com/browse/MODULES-5501)) +- Removed unsupported Debian version 6. +- Removed numeric order override. + ## Supported Release 5.1.0 ### Summary This release includes Japanese translations for internationalization, Puppet 5 support, implementation of defined type postgresql::server::reassign_owned_by. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 990edba7e7..1a9fb3a5cd 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,63 +1,75 @@ -Checklist (and a short version for the impatient) -================================================= +# Contributing to Puppet modules - * Commits: +So you want to contribute to a Puppet module: Great! Below are some instructions to get you started doing +that very thing while setting expectations around code quality as well as a few tips for making the +process as easy as possible. - - Make commits of logical units. +### Table of Contents - - Check for unnecessary whitespace with "git diff --check" before - committing. +1. [Getting Started](#getting-started) +1. [Commit Checklist](#commit-checklist) +1. [Submission](#submission) +1. [More about commits](#more-about-commits) +1. [Testing](#testing) + - [Running Tests](#running-tests) + - [Writing Tests](#writing-tests) +1. [Get Help](#get-help) - - Commit using Unix line endings (check the settings around "crlf" in - git-config(1)). +## Getting Started - - Do not check in commented out code or unneeded files. +- Fork the module repository on GitHub and clone to your workspace - - The first line of the commit message should be a short - description (50 characters is the soft limit, excluding ticket - number(s)), and should skip the full stop. +- Make your changes! - - Associate the issue in the message. The first line should include - the issue number in the form "(#XXXX) Rest of message". +## Commit Checklist - - The body should provide a meaningful commit message, which: +### The Basics - - uses the imperative, present tense: "change", not "changed" or - "changes". +- [x] my commit is a single logical unit of work - - includes motivation for the change, and contrasts its - implementation with the previous behavior. +- [x] I have checked for unnecessary whitespace with "git diff --check" - - Make sure that you have tests for the bug you are fixing, or - feature you are adding. +- [x] my commit does not include commented out code or unneeded files - - Make sure the test suites passes after your commit: - `bundle exec rspec spec/acceptance` More information on [testing](#Testing) below +### The Content - - When introducing a new feature, make sure it is properly - documented in the README.md +- [x] my commit includes tests for the bug I fixed or feature I added - * Submission: +- [x] my commit includes appropriate documentation changes if it is introducing a new feature or changing existing functionality + +- [x] my code passes existing test suites - * Pre-requisites: +### The Commit Message - - Make sure you have a [GitHub account](https://github.com/join) +- [x] the first line of my commit message includes: - - [Create a ticket](https://tickets.puppet.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppet.com/browse/) you are patching for. + - [x] an issue number (if applicable), e.g. "(MODULES-xxxx) This is the first line" + + - [x] a short description (50 characters is the soft limit, excluding ticket number(s)) - * Preferred method: +- [x] the body of my commit message: - - Fork the repository on GitHub. + - [x] is meaningful - - Push your changes to a topic branch in your fork of the - repository. (the format ticket/1234-short_description_of_change is - usually preferred for this project). + - [x] uses the imperative, present tense: "change", not "changed" or "changes" - - Submit a pull request to the repository in the puppetlabs - organization. + - [x] includes motivation for the change, and contrasts its implementation with the previous behavior -The long version -================ +## Submission + +### Pre-requisites + +- Make sure you have a [GitHub account](https://github.com/join) + +- [Create a ticket](https://tickets.puppet.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppet.com/browse/) you are patching for. + +### Push and PR + +- Push your changes to your fork + +- [Open a Pull Request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/) against the repository in the puppetlabs organization + +## More about commits 1. Make separate commits for logically separate changes. @@ -104,37 +116,32 @@ The long version GitHub has some pretty good [general documentation](http://help.github.com/) on using their site. They also have documentation on - [creating pull requests](http://help.github.com/send-pull-requests/). + [creating pull requests](https://help.github.com/articles/creating-a-pull-request-from-a-fork/). In general, after pushing your topic branch up to your repository on GitHub, you can switch to the branch in the GitHub UI and click "Pull Request" towards the top of the page in order to open a pull request. + 3. Update the related JIRA issue. - 3. Update the related GitHub issue. - - If there is a GitHub issue associated with the change you + If there is a JIRA issue associated with the change you submitted, then you should update the ticket to include the location of your branch, along with any other commentary you may wish to make. -Testing -======= +# Testing -Getting Started ---------------- +## Getting Started -Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby -package manager such as [bundler](http://bundler.io/) what Ruby packages, +Our Puppet modules provide [`Gemfile`](./Gemfile)s, which can tell a Ruby package manager such as [bundler](http://bundler.io/) what Ruby packages, or Gems, are required to build, develop, and test this software. -Please make sure you have [bundler installed](http://bundler.io/#getting-started) -on your system, then use it to install all dependencies needed for this project, -by running +Please make sure you have [bundler installed](http://bundler.io/#getting-started) on your system, and then use it to +install all dependencies needed for this project in the project root by running ```shell -% bundle install +% bundle install --path .bundle/gems Fetching gem metadata from https://rubygems.org/........ Fetching gem metadata from https://rubygems.org/.. Using rake (10.1.0) @@ -148,7 +155,7 @@ Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed. ``` -NOTE some systems may require you to run this command with sudo. +NOTE: some systems may require you to run this command with sudo. If you already have those gems installed, make sure they are up-to-date: @@ -156,26 +163,27 @@ If you already have those gems installed, make sure they are up-to-date: % bundle update ``` -With all dependencies in place and up-to-date we can now run the tests: +## Running Tests + +With all dependencies in place and up-to-date, run the tests: + +### Unit Tests ```shell % bundle exec rake spec ``` -This will execute all the [rspec tests](http://rspec-puppet.com/) tests -under [spec/defines](./spec/defines), [spec/classes](./spec/classes), -and so on. rspec tests may have the same kind of dependencies as the -module they are testing. While the module defines in its [Modulefile](./Modulefile), +This executes all the [rspec tests](http://rspec-puppet.com/) in the directories defined [here](https://github.com/puppetlabs/puppetlabs_spec_helper/blob/699d9fbca1d2489bff1736bb254bb7b7edb32c74/lib/puppetlabs_spec_helper/rake_tasks.rb#L17) and so on. +rspec tests may have the same kind of dependencies as the module they are testing. Although the module defines these dependencies in its [metadata.json](./metadata.json), rspec tests define them in [.fixtures.yml](./fixtures.yml). -Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker) -tests. These tests spin up a virtual machine under -[VirtualBox](https://www.virtualbox.org/)) with, controlling it with -[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test -scenarios. In order to run these, you will need both of those tools -installed on your system. +### Acceptance Tests + +Some Puppet modules also come with acceptance tests, which use [beaker][]. These tests spin up a virtual machine under +[VirtualBox](https://www.virtualbox.org/), controlled with [Vagrant](http://www.vagrantup.com/), to simulate scripted test +scenarios. In order to run these, you need both Virtualbox and Vagrant installed on your system. -You can run them by issuing the following command +Run the tests by issuing the following command ```shell % bundle exec rake spec_clean @@ -183,35 +191,81 @@ You can run them by issuing the following command ``` This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), -install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) +install Puppet, copy this module, and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) and then run all the tests under [spec/acceptance](./spec/acceptance). -Writing Tests -------------- +## Writing Tests + +### Unit Tests -XXX getting started writing tests. +When writing unit tests for Puppet, [rspec-puppet][] is your best friend. It provides tons of helper methods for testing your manifests against a +catalog (e.g. contain_file, contain_package, with_params, etc). It would be ridiculous to try and top rspec-puppet's [documentation][rspec-puppet_docs] +but here's a tiny sample: -If you have commit access to the repository -=========================================== +Sample manifest: -Even if you have commit access to the repository, you will still need to -go through the process above, and have someone else review and merge -in your changes. The rule is that all changes must be reviewed by a -developer on the project (that did not write the code) to ensure that -all changes go through a code review process. +```puppet +file { "a test file": + ensure => present, + path => "/etc/sample", +} +``` + +Sample test: -Having someone other than the author of the topic branch recorded as -performing the merge is the record that they performed the code -review. +```ruby +it 'does a thing' do + expect(subject).to contain_file("a test file").with({:path => "/etc/sample"}) +end +``` +### Acceptance Tests + +Writing acceptance tests for Puppet involves [beaker][] and its cousin [beaker-rspec][]. A common pattern for acceptance tests is to create a test manifest, apply it +twice to check for idempotency or errors, then run expectations. + +```ruby +it 'does an end-to-end thing' do + pp = <<-EOF + file { 'a test file': + ensure => present, + path => "/etc/sample", + content => "test string", + } + + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + +end + +describe file("/etc/sample") do + it { is_expected.to contain "test string" } +end -Additional Resources -==================== +``` -* [Getting additional help](http://puppet.com/community/get-help) +# If you have commit access to the repository -* [Writing tests](https://docs.puppet.com/guides/module_guides/bgtm.html#step-three-module-testing) +Even if you have commit access to the repository, you still need to go through the process above, and have someone else review and merge +in your changes. The rule is that **all changes must be reviewed by a project developer that did not write the code to ensure that +all changes go through a code review process.** -* [General GitHub documentation](http://help.github.com/) +The record of someone performing the merge is the record that they performed the code review. Again, this should be someone other than the author of the topic branch. +# Get Help + +### On the web +* [Puppet help messageboard](http://puppet.com/community/get-help) +* [Writing tests](https://docs.puppet.com/guides/module_guides/bgtm.html#step-three-module-testing) +* [General GitHub documentation](http://help.github.com/) * [GitHub pull request documentation](http://help.github.com/send-pull-requests/) + +### On chat +* Slack (slack.puppet.com) #forge-modules, #puppet-dev, #windows, #voxpupuli +* IRC (freenode) #puppet-dev, #voxpupuli + + +[rspec-puppet]: http://rspec-puppet.com/ +[rspec-puppet_docs]: http://rspec-puppet.com/documentation/ +[beaker]: https://github.com/puppetlabs/beaker +[beaker-rspec]: https://github.com/puppetlabs/beaker-rspec diff --git a/Gemfile b/Gemfile index a9f0161c79..8bd07c79b0 100644 --- a/Gemfile +++ b/Gemfile @@ -51,6 +51,7 @@ group :system_tests do gem "beaker-hostgenerator", *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') gem "puppet-blacksmith", '~> 3.4', :require => false + gem "beaker-task_helper" end gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) diff --git a/README.md b/README.md index 412beec5af..9b1fb64ecf 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ * [Defined Types](#defined-types) * [Types](#types) * [Functions](#functions) + * [Tasks](#tasks) 5. [Limitations - OS compatibility, etc.](#limitations) 6. [Development - Guide for contributing to the module](#development) * [Contributors - List of module contributors](#contributors) @@ -365,6 +366,8 @@ The postgresql module comes with many options for configuring the server. While * [postgresql_password](#function-postgresql_password) * [postgresql_acls_to_resources_hash](#function-postgresql_acls_to_resources_hashacl_array-id-order_offset) +**Tasks:** + ### Classes #### postgresql::client @@ -455,7 +458,11 @@ Optional. Data type: Boolean. -Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. Valid values: 'true' or 'false'. Default: initdb's default ('false'). +Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. + +Valid values: `true` or `false`. + +Default: initdb's default (`false`). **Warning:** This option is used during initialization by initdb, and cannot be changed later. If set, checksums are calculated for all objects, in all databases. @@ -757,7 +764,11 @@ Optional. Data type: Boolean. -Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. Valid values: 'true' or 'false'. Default: initdb's default ('false'). +Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. + +Valid values: `true` or `false`. + +Default value: initdb's default (`false`). **Warning:** This option is used during initialization by initdb, and cannot be changed later. If set, checksums are calculated for all objects, in all databases. @@ -767,7 +778,7 @@ Specifies the name of the default database to connect with. On most systems this ##### `default_connect_settings` -Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined-types. i.e. `postgresql::server::role` +Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, such as `postgresql::server::role`. ##### `encoding` @@ -1201,6 +1212,21 @@ Valid options: 'present' or 'absent'. Specifies the extension to activate. If left blank, uses the name of the resource. +#### `version` + +Specifies the version of the extension which the database uses. +When an extension package is updated, this does not automatically change the effective version in each database. + +This needs be updated using the PostgreSQL-specific SQL `ALTER EXTENSION...` + +`version` may be set to `latest`, in which case the SQL `ALTER EXTENSION "extension" UPDATE` is applied to this database (only). + +`version` may be set to a specific version, in which case the extension is updated using `ALTER EXTENSION "extension" UPDATE TO 'version'` + +eg. If extension is set to `postgis` and version is set to `2.3.3`, this will apply the SQL `ALTER EXTENSION "postgis" UPDATE TO '2.3.3'` to this database only. + +`version` may be omitted, in which case no `ALTER EXTENSION...` SQL is applied, and the version will be left unchanged. + ##### `package_name` Specifies a package to install prior to activating the extension. @@ -1835,6 +1861,10 @@ This internal function converts a list of `pg_hba.conf` based ACLs (passed in as **This function should only be used internally by the module**. +### Tasks + +The Postgresql module has an example task that allows a user to execute arbitary SQL against a database. Please refer to to the [PE documentation](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html) or [Bolt documentation](https://puppet.com/docs/bolt/latest/bolt.html) on how to execute a task. + ## Limitations Works with versions of PostgreSQL from 8.1 through 9.5. diff --git a/locales/config.yaml b/locales/config.yaml index 4d2b70b77a..cf3c4832ef 100644 --- a/locales/config.yaml +++ b/locales/config.yaml @@ -22,4 +22,5 @@ gettext: # Patterns for +Dir.glob+ used to find all files that might contain # translatable content, relative to the project root directory source_files: + - './lib/**/*.rb' diff --git a/manifests/globals.pp b/manifests/globals.pp index 069262227e..8fad0c524d 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -65,6 +65,7 @@ $default_version = $::osfamily ? { /^(RedHat|Linux)/ => $::operatingsystem ? { 'Fedora' => $::operatingsystemrelease ? { + /^(26|27)$/ => '9.6', /^(24|25)$/ => '9.5', /^(22|23)$/ => '9.4', /^(21)$/ => '9.3', @@ -114,10 +115,12 @@ 'SLES' => $::operatingsystemrelease ? { /11\.[0-4]/ => '91', /12\.0/ => '93', - default => '94', + /12\.[1-2]/ => '94', + default => '96', }, 'OpenSuSE' => $::operatingsystemrelease ? { - default => '94', + /42\.[1-2]/ => '94', + default => '96', }, default => undef, }, diff --git a/manifests/server/config.pp b/manifests/server/config.pp index 616fc341de..a2f2434485 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -30,7 +30,6 @@ group => $group, mode => '0640', warn => true, - order => 'numeric', notify => Class['postgresql::server::reload'], } @@ -158,7 +157,6 @@ group => $group, mode => '0640', warn => true, - order => 'numeric', notify => Class['postgresql::server::reload'], } } @@ -169,7 +167,6 @@ group => $group, mode => '0640', warn => true, - order => 'numeric', notify => Class['postgresql::server::reload'], } } diff --git a/manifests/server/extension.pp b/manifests/server/extension.pp index 6d2878377f..86f2f9df11 100644 --- a/manifests/server/extension.pp +++ b/manifests/server/extension.pp @@ -1,11 +1,12 @@ # Activate an extension on a postgresql database define postgresql::server::extension ( $database, - $extension = $name, - String[1] $ensure = 'present', - $package_name = undef, - $package_ensure = undef, - $connect_settings = $postgresql::server::default_connect_settings, + $extension = $name, + Optional[String[1]] $version = undef, + String[1] $ensure = 'present', + $package_name = undef, + $package_ensure = undef, + $connect_settings = $postgresql::server::default_connect_settings, ) { $user = $postgresql::server::user $group = $postgresql::server::group @@ -31,6 +32,12 @@ } } + if( $database != 'postgres' ) { + # The database postgres cannot managed by this module, so it is exempt from this dependency + Postgresql_psql { + require => Postgresql::Server::Database[$database], + } + } postgresql_psql {"Add ${extension} extension to ${database}": @@ -42,7 +49,6 @@ db => $database, command => $command, unless => "SELECT t.count FROM (SELECT count(extname) FROM pg_extension WHERE extname = '${extension}') as t WHERE t.count ${unless_comp} 1", - require => Postgresql::Server::Database[$database], } if $package_name { @@ -58,4 +64,22 @@ before => $package_before, }) } + if $version { + if $version == 'latest' { + $alter_extension_sql = "ALTER EXTENSION \"${extension}\" UPDATE" + $update_unless = "SELECT 1 FROM pg_available_extensions WHERE name = '${extension}' AND default_version = installed_version" + } else { + $alter_extension_sql = "ALTER EXTENSION \"${extension}\" UPDATE TO '${version}'" + $update_unless = "SELECT 1 FROM pg_extension WHERE extname='${extension}' AND extversion='${version}'" + } + postgresql_psql { "${database}: ${alter_extension_sql}": + db => $database, + psql_user => $user, + psql_group => $group, + psql_path => $psql_path, + connect_settings => $connect_settings, + command => $alter_extension_sql, + unless => $update_unless, + } + } } diff --git a/manifests/server/pg_hba_rule.pp b/manifests/server/pg_hba_rule.pp index 3abd6c845a..dce58a0ffb 100644 --- a/manifests/server/pg_hba_rule.pp +++ b/manifests/server/pg_hba_rule.pp @@ -33,6 +33,7 @@ } $allowed_auth_methods = $postgresql_version ? { + '10' => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'], '9.6' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'], '9.5' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'], '9.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'], @@ -44,7 +45,7 @@ '8.3' => ['trust', 'reject', 'md5', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'], '8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'], '8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'], - default => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd'] + default => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd'] } assert_type(Enum[$allowed_auth_methods], $auth_method) diff --git a/metadata.json b/metadata.json index 715f1e73b4..e448752d88 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-postgresql", - "version": "5.1.0", + "version": "5.2.1", "author": "Inkling/Puppet Labs", "summary": "Offers support for basic management of PostgreSQL databases.", "license": "Apache-2.0", @@ -49,7 +49,6 @@ { "operatingsystem": "Debian", "operatingsystemrelease": [ - "6", "7", "8" ] diff --git a/readmes/README_ja_JP.md b/readmes/README_ja_JP.md index 7982919188..de69428dc9 100644 --- a/readmes/README_ja_JP.md +++ b/readmes/README_ja_JP.md @@ -10,6 +10,7 @@ * [サーバーの設定](#configure-a-server) * [データベースの作成](#create-a-database) * [ユーザ、ロール、パーミッションの管理](#manage-users-roles-and-permissions) + * [DBオブジェクトの所有権の管理](#manage-ownership-of-db-objects) * [デフォルトのオーバーライド](#override-defaults) * [pg_hba.confのアクセスルールの作成](#create-an-access-rule-for-pg_hbaconf) * [pg_ident.confのユーザ名マップの作成](#create-user-name-maps-for-pg_identconf) @@ -23,7 +24,7 @@ 6. [開発 - モジュール貢献についてのガイド](#development) * [コントリビュータ - モジュール貢献者の一覧](#contributors) 7. [テスト](#tests) -8. [コントリビュータ - モジュール貢献者のリスト](#contributors) +8. [コントリビュータ - モジュール貢献者の一覧](#contributors) ## モジュールの概要 @@ -116,6 +117,24 @@ postgresql::server::table_grant { 'my_table of test2': この例では、test1データベース上とtest2データベースの`my_table`テーブル上の**すべての**権限を、指定したユーザまたはグループに付与します。値がPuppetDB設定ファイルに追加されると、このデータベースは使用可能になります。 +### DBオブジェクトの所有権の管理 + +REASSIGN OWNEDを使用して、データベース内にあるすべてのオブジェクトの所有権を変更するには、次のようにします。 + +```puppet +postgresql::server::reassign_owned_by { 'new owner is meerkat': + db => 'test_db', + old_owner => 'marmot', + new_owner => 'meerkat', +} +``` + +この例では、PostgreSQLの'REASSIGN OWNED'ステートメントを実行して所有権を更新し、現在、ロール'marmot'が所有しているすべてのテーブル、シーケンス、関数、ビューが、ロール'meerkat'に所有されるようにします。 + +これは、指定された'test_db'内のオブジェクトに対してのみ適用されます。 + +バージョン9.3以上のPostgresqlでは、データベースの所有権も更新されます。 + ### デフォルトのオーバーライド `postgresql::globals`クラスを使用すると、このモジュールの主な設定をグローバルに構成できます。この設定は、他のクラスや定義済みリソースから使用できます。単独では機能しません。 @@ -327,6 +346,7 @@ postgresqlモジュールには、サーバー設定用に多数のオプショ * [postgresql::server::grant_role](#postgresqlservergrant_role) * [postgresql::server::pg_hba_rule](#postgresqlserverpg_hba_rule) * [postgresql::server::pg_ident_rule](#postgresqlserverpg_ident_rule) +* [postgresql::server::reassign_owned_by](#postgresqlserverreassign_owned_by) * [postgresql::server::recovery](#postgresqlserverrecovery) * [postgresql::server::role](#postgresqlserverrole) * [postgresql::server::schema](#postgresqlserverschema) @@ -429,6 +449,20 @@ PostgreSQL docsパッケージリソースが存在する必要があるかど **警告:** datadirがデフォルトから変更された場合、Puppetは元のデータディレクトリのパージを管理しません。そのため、データディレクトリが元のディレクトリに戻ったときにエラーが発生します。 +##### `data_checksums` + +オプションです。 + +データタイプ: 真偽値(boolean) + +データページに対してチェックサムを使用すると、その他の方法では発見の難しいI/Oシステムによる破損を検出するのに役立ちます。 + +有効な値: `true`、`false`。 + +デフォルト値: initdbのデフォルト値(`false`)。 + +**警告:** このオプションは、initdbによって初期化中に使用され、後から変更することはできません。設定された時点で、すべてのデータベース内のすべてのオブジェクトに対してチェックサムが計算されます。 + ##### `default_database` 接続するデフォルトのデータベースの名前を指定します。 @@ -721,6 +755,20 @@ PostgreSQL Pythonパッケージの名前。 デフォルト値: '${bindir}/createdb'。 +##### `data_checksums` + +オプションです。 + +データタイプ: 真偽値(boolean) + +データページに対してチェックサムを使用すると、その他の方法では発見の難しいI/Oシステムによる破損を検出するのに役立ちます。 + +有効な値: `true`、`false`。 + +デフォルト値: initdbのデフォルト値(`false`)。 + +**警告:** このオプションは、initdbによって初期化中に使用され、後から変更することはできません。設定された時点で、すべてのデータベース内のすべてのオブジェクトに対してチェックサムが計算されます。 + ##### `default_database` 接続するデフォルトのデータベースの名前を指定します。ほとんどのシステムで、'postgres'になります。 @@ -737,7 +785,7 @@ PostgreSQL Pythonパッケージの名前。 ##### `group` -ファイルシステムの関連ファイルに使用されるデフォルトのpostgresユーグループをオーバーライドします。 +ファイルシステムの関連ファイルに使用されるデフォルトのpostgresユーザグループをオーバーライドします。 デフォルト値: OSによって異なります。 @@ -1151,6 +1199,21 @@ PostgreSQL拡張を管理します。 有効化する拡張を指定します。空欄にした場合、リソースの名前が使用されます。 +#### `version` + +データベースが使用するエクステンションのバージョンを指定します。 +拡張パッケージが更新された場合、各データベースで有効なバージョンを自動的に変更することはありません。 + +そのためには、PostgreSQLに固有のSQL `ALTER EXTENSION...`を使用して更新する必要があります + +`version`は`latest`に設定できます。この場合、SQL `ALTER EXTENSION "extension" UPDATE`がこのデータベースのみに適用されます。 + +`version`は特定のバージョンに設定できます。この場合、拡張は`ALTER EXTENSION "extension" UPDATE TO 'version'`を使用して更新されます + +例えば、拡張を`postgis`、バージョンを`2.3.3`に設定した場合、SQL `ALTER EXTENSION "postgis" UPDATE TO '2.3.3'`がこのデータベースのみに適用されます。 + +`version`は省略される場合もあります。この場合、SQL `ALTER EXTENSION...`は適用されません。バージョンは変更されず、そのままになります。 + ##### `package_name` 拡張を有効化する前にインストールするパッケージを指定します。 @@ -1177,7 +1240,10 @@ PostgreSQL拡張を管理します。 ##### `object_name` -アクセス権を付与する`object_type`の名前を指定します。 +アクセス権を付与する`object_type`の名前を、文字列または2要素の配列で指定します。 + +String: 'object_name' +Array: ['schema_name', 'object_name'] ##### `port` @@ -1251,7 +1317,7 @@ PostgreSQL拡張を管理します。 ##### `connect_settings` -リモートサーバーに接続する際に使用される環境変数のハッシュを指定します。 +リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 デフォルト値: ローカルのPostgresインスタンスに接続します。 @@ -1346,6 +1412,40 @@ PostgreSQLインスタンス全体を管理することなく、`pg_hba.conf`を **注意して使用してください。** +#### postgresql::server::reassign_owned_by + +PostgreSQLコマンド'REASSIGN OWNED'をデータベースに対して実行し、既存オブジェクトの所有権を別のデータベースロールに移します。 + +##### `db` + + 'REASSIGN OWNED'コマンドを適用するデータベースを指定します。 + +##### `old_role` + +指定したデータベース内のオブジェクトを現在所有しているロールまたはユーザを指定します。 + +##### `new_role` + +対象オブジェクトの新しい所有者となるロールまたはユーザを指定します。 + +##### `psql_user` + +`psql`を実行するOSユーザを指定します。 + +デフォルト値: モジュールのデフォルトユーザ。通常、'postgres'。 + +##### `port` + +接続に使用するポート。 + +デフォルト値: `undef`。PostgreSQLのパッケージングに応じて、通常、デフォルトでポート5432になります。 + +##### `connect_settings` + +リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 + +デフォルト値: ローカルのPostgresインスタンスに接続します。 + #### postgresql::server::recovery `recovery.conf`の内容を作成可能にします。詳細については、[使用例](#create-recovery-configuration)および[PostgreSQLマニュアル](http://www.postgresql.org/docs/current/static/recovery-config.html)を参照してください。 @@ -1362,7 +1462,7 @@ PostgreSQLインスタンス全体を管理することなく、`pg_hba.conf`を * `archive_cleanup_command` * `recovery_end_command` -##### [リカバリターゲット設定](http://www.postgresql.org/docs/current/static/recovery-target-settings.html) +##### [Recovery Target Settings](http://www.postgresql.org/docs/current/static/recovery-target-settings.html) * `recovery_target_name` * `recovery_target_time` * `recovery_target_xid` @@ -1371,7 +1471,7 @@ PostgreSQLインスタンス全体を管理することなく、`pg_hba.conf`を * `recovery_target_timeline` * `pause_at_recovery_target` -##### [スタンバイサーバー設定](http://www.postgresql.org/docs/current/static/standby-settings.html) +##### [Standby Server Settings](http://www.postgresql.org/docs/current/static/standby-settings.html) * `standby_mode`: 文字列('on'/'off')またはブール値(`true`/`false`)で指定できます。 * `primary_conninfo` * `primary_slot_name` @@ -1380,7 +1480,7 @@ PostgreSQLインスタンス全体を管理することなく、`pg_hba.conf`を ##### `target` ルールのターゲットを提供します。通常、内部使用のみのプロパティです。 - + **注意して使用してください。** #### postgresql::server::role @@ -1392,7 +1492,7 @@ PostgreSQLのロールまたはユーザを作成します。 デフォルト値: '-1'。これは、無制限を意味します。 ##### `connect_settings` -リモートサーバーに接続する際に使用される環境変数のハッシュを指定します。 +リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 デフォルト値: ローカルのPostgresインスタンスに接続します。 @@ -1452,7 +1552,7 @@ postgresql::server::role { 'myusername': ##### `connect_settings` -リモートサーバーに接続する際に使用される環境変数のハッシュを指定します。 +リモートサーバーへの接続時に使用する環境変数のハッシュを指定します。 デフォルト値: ローカルのPostgresインスタンスに接続します。 @@ -1638,6 +1738,16 @@ PostgreSQLマスターサーバー上でウォームスタンバイレプリケ これはnamevarです。 +##### `ensure` + +必須。 + +指定されたスロットに対して、作成または消去のいずれかのアクションを指定します。 + +有効な値: 'present'、'absent'。 + +デフォルト値: 'present'。 + #### postgresql_conn_validator このタイプを使用するローカルまたはリモートのPostgreSQLデータベースへの接続を検証します。 @@ -1724,7 +1834,7 @@ PostgreSQLのバージョン8.1~9.5で動作します。 現在、postgresqlモジュールは次のオペレーティングシステムでテスト済みです。 -* Debian 6.x、7.x、8.x。 +* Debian 6.x, 7.x, 8.x. * CentOS 5.x、6.x、7.x。 * Ubuntu 10.04および12.04、14.04。 diff --git a/spec/acceptance/sql_task_spec.rb b/spec/acceptance/sql_task_spec.rb new file mode 100644 index 0000000000..3b323c6131 --- /dev/null +++ b/spec/acceptance/sql_task_spec.rb @@ -0,0 +1,24 @@ +# run a test task +require 'spec_helper_acceptance' + +describe 'postgresql task', if: puppet_version =~ %r{(5\.\d\.\d)} && !pe_install? do + describe 'sql task' do + pp = <<-EOS + class { 'postgresql::server': } -> + postgresql::server::db { 'spec1': + user => 'root1', + password => postgresql_password('root1', 'password'), + } + EOS + + it 'sets up a postgres db' do + apply_manifest(pp, :catch_failures => true) + end + + it 'execute some sql' do + # equates to 'psql -c "SELECT table_name FROM information_schema.tables WHERE table_schema = 'information_schema';" --password --host localhost --dbname=spec1 --username root1' + result = run_task(task_name: 'postgresql::sql', params: 'sql="SELECT count(table_name) FROM information_schema.tables;" host=localhost user=root1 password=password user=root1 database=spec1') + expect_multiple_regexes(result: result, regexes: [%r{count}, %r{1 row}, %r{Job completed. 1/1 nodes succeeded|Ran on 1 node}]) + end + end +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 22d5d689f4..01912b60c4 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,8 +1,9 @@ -#This file is generated by ModuleSync, do not edit. +# This file is generated by ModuleSync, do not edit. require 'puppetlabs_spec_helper/module_spec_helper' # put local configuration and setup into spec_helper_local begin require 'spec_helper_local' -rescue LoadError +rescue LoadError => loaderror + puts "Could not require spec_helper_local: #{loaderror.message}" end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 050660d4c7..77a3992062 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -2,13 +2,51 @@ require 'beaker-rspec/helpers/serverspec' require 'beaker/puppet_install_helper' require 'beaker/module_install_helper' +require 'beaker/task_helper' run_puppet_install_helper -install_ca_certs unless ENV['PUPPET_INSTALL_TYPE'] =~ /pe/i +install_ca_certs unless pe_install? + +UNSUPPORTED_PLATFORMS = ['AIX','windows','Solaris','Suse'] + +# monkey patch to get around apt/forge issue (PUP-8008) +module Beaker::ModuleInstallHelper + include Beaker::DSL + + def module_dependencies_from_metadata + metadata = module_metadata + return [] unless metadata.key?('dependencies') + + dependencies = [] + + # get it outta here! + metadata['dependencies'].delete_if {|d| d['name'] == 'puppetlabs/apt' } + + metadata['dependencies'].each do |d| + tmp = { module_name: d['name'].sub('/', '-') } + + if d.key?('version_requirement') + tmp[:version] = module_version_from_requirement(tmp[:module_name], + d['version_requirement']) + end + dependencies.push(tmp) + end + + dependencies + end +end + + +install_bolt_on(hosts) unless pe_install? install_module_on(hosts) install_module_dependencies_on(hosts) +install_module_from_forge_on(hosts,'puppetlabs/apt','< 4.2.0') -UNSUPPORTED_PLATFORMS = ['AIX','windows','Solaris','Suse'] +DEFAULT_PASSWORD = if default[:hypervisor] == 'vagrant' + 'vagrant' + elsif default[:hypervisor] == 'vcloud' + 'Qu@lity!' + end class String # Provide ability to remove indentation from strings, for the purpose of @@ -49,6 +87,7 @@ def psql(psql_cmd, user = 'postgres', exit_codes = [0,1], &block) # Configure all nodes in nodeset c.before :suite do + run_puppet_access_login(user: 'admin') if pe_install? # Set up selinux if appropriate. if fact('osfamily') == 'RedHat' && fact('selinux') == 'true' pp = <<-EOS @@ -80,7 +119,6 @@ def psql(psql_cmd, user = 'postgres', exit_codes = [0,1], &block) end hosts.each do |host| - on host, "/bin/touch #{host['puppetpath']}/hiera.yaml" on host, 'chmod 755 /root' if fact_on(host, 'osfamily') == 'Debian' on host, "echo \"en_US ISO-8859-1\nen_NG.UTF-8 UTF-8\nen_US.UTF-8 UTF-8\n\" > /etc/locale.gen" diff --git a/spec/unit/classes/globals_spec.rb b/spec/unit/classes/globals_spec.rb index d4bceda47c..67890905bf 100644 --- a/spec/unit/classes/globals_spec.rb +++ b/spec/unit/classes/globals_spec.rb @@ -8,7 +8,8 @@ :family => 'Debian', :name => 'Debian', :release => { - :full => '6.0' + :full => '6.0', + :major => '6' } }, :osfamily => 'Debian', diff --git a/spec/unit/classes/repo_spec.rb b/spec/unit/classes/repo_spec.rb index edfeda3735..3942d65d20 100644 --- a/spec/unit/classes/repo_spec.rb +++ b/spec/unit/classes/repo_spec.rb @@ -7,7 +7,8 @@ :name => 'Debian', :family => 'Debian', :release => { - :full => '6.0' + :full => '6.0', + :major => '6' } }, :osfamily => 'Debian', diff --git a/spec/unit/classes/server_spec.rb b/spec/unit/classes/server_spec.rb index c78e60e7e7..18013d8ff4 100644 --- a/spec/unit/classes/server_spec.rb +++ b/spec/unit/classes/server_spec.rb @@ -7,7 +7,8 @@ :family => 'Debian', :name => 'Debian', :release => { - :full => '6.0' + :full => '6.0', + :major => '6' } }, :osfamily => 'Debian', diff --git a/spec/unit/defines/server/extension_spec.rb b/spec/unit/defines/server/extension_spec.rb index 54386a165f..6ce5de665a 100644 --- a/spec/unit/defines/server/extension_spec.rb +++ b/spec/unit/defines/server/extension_spec.rb @@ -90,6 +90,36 @@ } end end + + context "when extension version is specified" do + let (:params) { super().merge({ + :ensure => 'absent', + :package_name => 'postgis', + :version => '99.99.99', + }) } + + it { + is_expected.to contain_postgresql_psql('template_postgis: ALTER EXTENSION "postgis" UPDATE TO \'99.99.99\'').with({ + :db => 'template_postgis', + :unless => "SELECT 1 FROM pg_extension WHERE extname='postgis' AND extversion='99.99.99'", + }).that_requires('Postgresql::Server::Database[template_postgis]') + } + end + + context "when extension version is latest" do + let (:params) { super().merge({ + :ensure => 'absent', + :package_name => 'postgis', + :version => 'latest', + }) } + + it { + is_expected.to contain_postgresql_psql('template_postgis: ALTER EXTENSION "postgis" UPDATE').with({ + :db => 'template_postgis', + :unless => "SELECT 1 FROM pg_available_extensions WHERE name = 'postgis' AND default_version = installed_version", + }).that_requires('Postgresql::Server::Database[template_postgis]') + } + end end describe 'postgresql::server::extension', :type => :define do diff --git a/spec/unit/defines/server/grant_spec.rb b/spec/unit/defines/server/grant_spec.rb index 87c020a870..b69b8a8e6f 100644 --- a/spec/unit/defines/server/grant_spec.rb +++ b/spec/unit/defines/server/grant_spec.rb @@ -233,7 +233,11 @@ "class {'postgresql::server':}" end - it { is_expected.to compile.and_raise_error(/parameter 'object_name' variant 0 expects size to be 2, got 1/) } + if Puppet::Util::Package.versioncmp(Puppet.version, '5.2.0') >= 0 + it { is_expected.to compile.and_raise_error(/parameter 'object_name' variant 1 expects size to be 2, got 1/) } + else + it { is_expected.to compile.and_raise_error(/parameter 'object_name' variant 0 expects size to be 2, got 1/) } + end end context 'invalid object_name - too many array elements' do @@ -251,7 +255,10 @@ "class {'postgresql::server':}" end - it { is_expected.to compile.and_raise_error(/parameter 'object_name' variant 0 expects size to be 2, got 3/) } + if Puppet::Util::Package.versioncmp(Puppet.version, '5.2.0') >= 0 + it { is_expected.to compile.and_raise_error(/parameter 'object_name' variant 1 expects size to be 2, got 3/) } + else + it { is_expected.to compile.and_raise_error(/parameter 'object_name' variant 0 expects size to be 2, got 3/) } + end end - end diff --git a/spec/unit/defines/server/pg_hba_rule_spec.rb b/spec/unit/defines/server/pg_hba_rule_spec.rb index f657589c7a..24ead07d1b 100644 --- a/spec/unit/defines/server/pg_hba_rule_spec.rb +++ b/spec/unit/defines/server/pg_hba_rule_spec.rb @@ -122,5 +122,35 @@ class { 'postgresql::server': } end end + context 'allows scram-sha-256 on postgres 10' do + let :pre_condition do + <<-EOS + class { 'postgresql::globals': + version => '10', + } + class { 'postgresql::server': } + EOS + end + + let :params do + { + :type => 'local', + :database => 'all', + :user => 'all', + :address => '0.0.0.0/0', + :auth_method => 'scram-sha-256', + :target => target, + } + end + + it do + is_expected.to contain_concat__fragment('pg_hba_rule_test').with( + { + :content => /local\s+all\s+all\s+0\.0\.0\.0\/0\s+scram-sha-256/ + } + ) + end + end + end end diff --git a/tasks/sql.json b/tasks/sql.json new file mode 100644 index 0000000000..1cd8a04a7b --- /dev/null +++ b/tasks/sql.json @@ -0,0 +1,30 @@ +{ + "description": "Allows you to execute arbitary SQL", + "input_method": "stdin", + "parameters": { + "database": { + "description": "Database to connect to", + "type": "Optional[String[1]]" + }, + "host": { + "description": "Hostname to connect to", + "type": "Optional[String[1]]" + }, + "password": { + "description": "The password", + "type": "Optional[String[1]]" + }, + "port": { + "description": "The port", + "type": "Optional[String[1]]" + }, + "sql": { + "description": "The SQL you want to execute", + "type": "String[1]" + }, + "user": { + "description": "The user", + "type": "Optional[String[1]]" + } + } +} diff --git a/tasks/sql.rb b/tasks/sql.rb new file mode 100755 index 0000000000..c706016318 --- /dev/null +++ b/tasks/sql.rb @@ -0,0 +1,33 @@ +#!/opt/puppetlabs/puppet/bin/ruby +require 'json' +require 'open3' +require 'puppet' + +def get(sql, database, user, port, password, host) + env_hash = {'PGPASSWORD' => password} unless password.nil? + cmd_string = "psql -c \"#{sql}\"" + cmd_string << " --dbname=#{database}" unless database.nil? + cmd_string << " --username=#{user}" unless user.nil? + cmd_string << " --port=#{port}" unless port.nil? + cmd_string << " --host=#{host}" unless host.nil? + stdout, stderr, status = Open3.capture3(env_hash, cmd_string) + raise Puppet::Error, stderr if status != 0 + { status: stdout.strip } +end + +params = JSON.parse(STDIN.read) +database = params['database'] +host = params['host'] +password = params['password'] +port = params['port'] +sql = params['sql'] +user = params['user'] + +begin + result = get(sql, database, user, port, password, host) + puts result.to_json + exit 0 +rescue Puppet::Error => e + puts({ status: 'failure', error: e.message }.to_json) + exit 1 +end