From c845d09a7ebc04707f7e4360b7812f544713bf81 Mon Sep 17 00:00:00 2001 From: "Michael C. Jaeger" Date: Sun, 28 Feb 2021 22:52:46 +0100 Subject: [PATCH 1/6] feat(versions): new version ubuntu 20.04, couchdb 3.1.1 and liferay 7.3.4 --- download-packages.sh | 12 +- generate-box/Vagrantfile | 2 +- puppet/manifests/sw360-base.pp | 13 +- puppet/manifests/sw360-single.pp | 63 +- puppet/modules/postgresql/CHANGELOG.md | 171 +- puppet/modules/postgresql/CODEOWNERS | 2 + puppet/modules/postgresql/Gemfile | 55 +- puppet/modules/postgresql/HISTORY.md | 2 +- puppet/modules/postgresql/MAINTAINERS.md | 6 - puppet/modules/postgresql/README.md | 1603 +-------- puppet/modules/postgresql/REFERENCE.md | 2917 +++++++++++++++++ puppet/modules/postgresql/Rakefile | 82 + .../modules/postgresql/functions/default.pp | 15 + .../postgresql_acls_to_resources_hash.rb | 57 + .../functions/postgresql/postgresql_escape.rb | 30 + .../postgresql/postgresql_password.rb | 18 + .../lib/puppet/functions/postgresql_escape.rb | 10 + .../puppet/functions/postgresql_password.rb | 10 + .../postgresql_acls_to_resources_hash.rb | 75 - .../parser/functions/postgresql_escape.rb | 28 - .../parser/functions/postgresql_password.rb | 21 - .../puppet/provider/postgresql_psql/ruby.rb | 28 +- .../postgresql_replication_slot/ruby.rb | 20 +- .../puppet/type/postgresql_conn_validator.rb | 9 +- .../lib/puppet/type/postgresql_psql.rb | 20 +- .../type/postgresql_replication_slot.rb | 5 +- puppet/modules/postgresql/manifests/client.pp | 16 +- .../modules/postgresql/manifests/globals.pp | 108 +- .../modules/postgresql/manifests/lib/devel.pp | 14 +- .../modules/postgresql/manifests/lib/docs.pp | 15 +- .../modules/postgresql/manifests/lib/java.pp | 14 +- .../modules/postgresql/manifests/lib/perl.pp | 10 +- .../postgresql/manifests/lib/python.pp | 10 +- puppet/modules/postgresql/manifests/params.pp | 49 +- puppet/modules/postgresql/manifests/repo.pp | 2 +- .../manifests/repo/apt_postgresql_org.pp | 6 +- .../manifests/repo/yum_postgresql_org.pp | 4 +- puppet/modules/postgresql/manifests/server.pp | 97 +- .../postgresql/manifests/server/config.pp | 67 +- .../manifests/server/config_entry.pp | 9 +- .../postgresql/manifests/server/contrib.pp | 9 +- .../postgresql/manifests/server/database.pp | 14 +- .../manifests/server/database_grant.pp | 10 +- .../modules/postgresql/manifests/server/db.pp | 15 +- .../postgresql/manifests/server/extension.pp | 49 +- .../postgresql/manifests/server/grant.pp | 117 +- .../postgresql/manifests/server/grant_role.pp | 10 +- .../postgresql/manifests/server/initdb.pp | 87 +- .../postgresql/manifests/server/install.pp | 4 +- .../postgresql/manifests/server/passwd.pp | 6 +- .../manifests/server/pg_hba_rule.pp | 24 +- .../manifests/server/pg_ident_rule.pp | 10 +- .../postgresql/manifests/server/plperl.pp | 8 +- .../postgresql/manifests/server/plpython.pp | 10 +- .../postgresql/manifests/server/postgis.pp | 7 +- .../manifests/server/reassign_owned_by.pp | 12 +- .../postgresql/manifests/server/recovery.pp | 25 +- .../postgresql/manifests/server/reload.pp | 2 +- .../postgresql/manifests/server/role.pp | 29 +- .../postgresql/manifests/server/schema.pp | 24 +- .../postgresql/manifests/server/service.pp | 4 +- .../manifests/server/table_grant.pp | 14 +- .../postgresql/manifests/server/tablespace.pp | 40 +- .../manifests/validate_db_connection.pp | 18 +- puppet/modules/postgresql/metadata.json | 33 +- puppet/modules/postgresql/provision.yaml | 28 + .../postgresql/readmes/README_ja_JP.md | 14 +- .../spec/acceptance/00-utf8_encoding_spec.rb | 33 - .../spec/acceptance/alternative_port_spec.rb | 9 +- .../postgresql/spec/acceptance/db_spec.rb | 39 +- .../acceptance/default_parameters_spec.rb | 5 +- .../spec/acceptance/nodesets/centos-7-x64.yml | 10 - .../spec/acceptance/nodesets/debian-8-x64.yml | 10 - .../spec/acceptance/nodesets/default.yml | 10 - .../acceptance/nodesets/docker/centos-7.yml | 12 - .../acceptance/nodesets/docker/debian-8.yml | 11 - .../nodesets/docker/ubuntu-14.04.yml | 12 - .../acceptance/overridden_settings_spec.rb | 28 +- .../postgresql_conn_validator_spec.rb | 8 +- .../spec/acceptance/postgresql_psql_spec.rb | 11 +- .../spec/acceptance/remote_access_spec.rb | 71 - .../acceptance/server/config_entry_spec.rb | 33 +- .../spec/acceptance/server/grant_role_spec.rb | 79 +- .../spec/acceptance/server/grant_spec.rb | 361 +- .../server/reassign_owned_by_spec.rb | 13 +- .../spec/acceptance/server/recovery_spec.rb | 36 +- .../spec/acceptance/server/schema_spec.rb | 7 +- .../spec/acceptance/sql_task_spec.rb | 7 +- .../spec/acceptance/utf8_encoding_spec.rb | 20 + .../acceptance/z_alternative_pgdata_spec.rb | 14 +- .../modules/postgresql/spec/default_facts.yml | 2 +- .../spec/functions/postgresql_escape_spec.rb | 5 + .../functions/postgresql_password_spec.rb | 5 + ..._postgresql_acls_to_resources_hash_spec.rb | 148 + .../postgresql_postgresql_escape_spec.rb | 5 + .../postgresql_postgresql_password_spec.rb | 5 + puppet/modules/postgresql/spec/spec_helper.rb | 48 +- .../postgresql/spec/spec_helper_acceptance.rb | 105 +- .../spec/spec_helper_acceptance_local.rb | 61 + .../postgresql/spec/spec_helper_local.rb | 63 + .../spec/unit/classes/client_spec.rb | 4 +- .../spec/unit/classes/lib/java_spec.rb | 6 +- .../spec/unit/classes/lib/pgdocs_spec.rb | 4 +- .../spec/unit/classes/server/config_spec.rb | 69 +- .../spec/unit/classes/server/contrib_spec.rb | 4 +- .../spec/unit/classes/server/initdb_spec.rb | 35 + .../spec/unit/classes/server/plperl_spec.rb | 4 +- .../spec/unit/classes/server/plpython_spec.rb | 4 +- .../spec/unit/classes/server/postgis_spec.rb | 4 +- .../spec/unit/classes/server_spec.rb | 26 + .../unit/defines/server/extension_spec.rb | 117 + .../spec/unit/defines/server/grant_spec.rb | 100 + .../unit/defines/server/pg_hba_rule_spec.rb | 89 + .../spec/unit/defines/server/role_spec.rb | 30 + .../unit/defines/server/tablespace_spec.rb | 19 + .../postgresql_acls_to_resources_hash_spec.rb | 74 - .../unit/functions/postgresql_escape_spec.rb | 21 - .../functions/postgresql_password_spec.rb | 12 - .../provider/postgresql_psql/ruby_spec.rb | 12 +- .../postgresql_replication_slot/ruby_spec.rb | 21 +- .../postgresql/templates/systemd-override.erb | 1 + .../sw360/templates/couchdb.properties.erb | 4 +- .../sw360/templates/couchdb_local.ini.erb | 87 +- .../templates/couchdb_test.properties.erb | 29 + .../templates/databasetest.properties.erb | 14 + shared/configuration.rb | 4 +- shared/scripts/install-bundle-deps.sh | 26 +- shared/scripts/install-lucene.sh | 2 +- shared/scripts/liferay-install.sh | 10 +- sw360-single/sw360-install.sh | 2 +- 130 files changed, 5484 insertions(+), 2954 deletions(-) create mode 100755 puppet/modules/postgresql/CODEOWNERS delete mode 100755 puppet/modules/postgresql/MAINTAINERS.md create mode 100755 puppet/modules/postgresql/REFERENCE.md create mode 100755 puppet/modules/postgresql/functions/default.pp create mode 100755 puppet/modules/postgresql/lib/puppet/functions/postgresql/postgresql_acls_to_resources_hash.rb create mode 100755 puppet/modules/postgresql/lib/puppet/functions/postgresql/postgresql_escape.rb create mode 100755 puppet/modules/postgresql/lib/puppet/functions/postgresql/postgresql_password.rb create mode 100755 puppet/modules/postgresql/lib/puppet/functions/postgresql_escape.rb create mode 100755 puppet/modules/postgresql/lib/puppet/functions/postgresql_password.rb delete mode 100755 puppet/modules/postgresql/lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb delete mode 100755 puppet/modules/postgresql/lib/puppet/parser/functions/postgresql_escape.rb delete mode 100755 puppet/modules/postgresql/lib/puppet/parser/functions/postgresql_password.rb create mode 100755 puppet/modules/postgresql/provision.yaml delete mode 100755 puppet/modules/postgresql/spec/acceptance/00-utf8_encoding_spec.rb delete mode 100755 puppet/modules/postgresql/spec/acceptance/nodesets/centos-7-x64.yml delete mode 100755 puppet/modules/postgresql/spec/acceptance/nodesets/debian-8-x64.yml delete mode 100755 puppet/modules/postgresql/spec/acceptance/nodesets/default.yml delete mode 100755 puppet/modules/postgresql/spec/acceptance/nodesets/docker/centos-7.yml delete mode 100755 puppet/modules/postgresql/spec/acceptance/nodesets/docker/debian-8.yml delete mode 100755 puppet/modules/postgresql/spec/acceptance/nodesets/docker/ubuntu-14.04.yml delete mode 100755 puppet/modules/postgresql/spec/acceptance/remote_access_spec.rb create mode 100755 puppet/modules/postgresql/spec/acceptance/utf8_encoding_spec.rb create mode 100755 puppet/modules/postgresql/spec/functions/postgresql_escape_spec.rb create mode 100755 puppet/modules/postgresql/spec/functions/postgresql_password_spec.rb create mode 100755 puppet/modules/postgresql/spec/functions/postgresql_postgresql_acls_to_resources_hash_spec.rb create mode 100755 puppet/modules/postgresql/spec/functions/postgresql_postgresql_escape_spec.rb create mode 100755 puppet/modules/postgresql/spec/functions/postgresql_postgresql_password_spec.rb create mode 100755 puppet/modules/postgresql/spec/spec_helper_acceptance_local.rb delete mode 100755 puppet/modules/postgresql/spec/unit/functions/postgresql_acls_to_resources_hash_spec.rb delete mode 100755 puppet/modules/postgresql/spec/unit/functions/postgresql_escape_spec.rb delete mode 100755 puppet/modules/postgresql/spec/unit/functions/postgresql_password_spec.rb create mode 100644 puppet/modules/sw360/templates/couchdb_test.properties.erb create mode 100644 puppet/modules/sw360/templates/databasetest.properties.erb diff --git a/download-packages.sh b/download-packages.sh index f427a1a..4c27502 100755 --- a/download-packages.sh +++ b/download-packages.sh @@ -24,8 +24,8 @@ set -eo pipefail # # downloading all the big downloads # -packages='https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64-vagrant.box -https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz +packages='https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64-vagrant.box +https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.4%20GA5/liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz https://search.maven.org/remotecontent?filepath=commons-codec/commons-codec/1.12/commons-codec-1.12.jar commons-codec-1.12.jar https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar commons-compress-1.20.jar https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar commons-collections4-4.4.jar @@ -60,7 +60,7 @@ downloadAll(){ return fi if [ -e $2 ]; then - onlineSize=`wget $1 --spider --server-response -O - 2>&1 | sed -ne '/Content-Length/{s/.*: //;p}'` + onlineSize=`wget $1 --spider --server-response -O - 2>&1 | sed -ne '/Content-Length/{s/.*: //;p;}'` localSize=`wc -c < $2` if [ "$onlineSize" = "$localSize" ]; then echo "-[] The file $1 has the same size as the online version. No download." @@ -96,6 +96,10 @@ cleanAll(){ echo "remove old xenial-server-cloudimg-amd64-vagrant.box (downloaded by old version of this script)" rm xenial-server-cloudimg-amd64-vagrant.box fi + if [ -e bionic-server-cloudimg-amd64-vagrant.box ]; then + echo "remove old bionic-server-cloudimg-amd64-vagrant.box (downloaded by old version of this script)" + rm bionic-server-cloudimg-amd64-vagrant.box + fi echo "remove old liferay-tomcat-bundle versions" rm liferay-portal-tomcat-6.2-ce-ga*.zip 2>/dev/null } @@ -114,7 +118,7 @@ setPermissions(){ popd &>/dev/null } addBoxToVagrant(){ - vagrant box add --force bionic-server-cloudimg-amd64-vagrant "bionic-server-cloudimg-amd64-vagrant.box" + vagrant box add --force focal-server-cloudimg-amd64-vagrant "focal-server-cloudimg-amd64-vagrant.box" vagrant box add --force aws-dummy "dummy.box" } diff --git a/generate-box/Vagrantfile b/generate-box/Vagrantfile index 57920e3..231d3a2 100644 --- a/generate-box/Vagrantfile +++ b/generate-box/Vagrantfile @@ -25,7 +25,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| if SW360_provider == "virtualbox" # Every Vagrant virtual environment requires a box to build off of. - config.vm.box = 'bionic-server-cloudimg-amd64-vagrant' + config.vm.box = 'focal-server-cloudimg-amd64-vagrant' config.disksize.size = SW360_VB_DISK # Virtualbox provider diff --git a/puppet/manifests/sw360-base.pp b/puppet/manifests/sw360-base.pp index aa4ee09..38a6794 100644 --- a/puppet/manifests/sw360-base.pp +++ b/puppet/manifests/sw360-base.pp @@ -11,34 +11,37 @@ # Path definitions $java_home='/usr/lib/jvm/java-11-openjdk-amd64/' - $tomcat_path='/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33' - $puppet_does_not_allow_escaping='deb https://apache.bintray.com/couchdb-deb bionic main' + $tomcat_path='/opt/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33' + $puppet_does_not_allow_escaping='deb https://apache.bintray.com/couchdb-deb focal main' - package { ["software-properties-common", "unzip", "curl", "git-core", "maven", "openjdk-11-jdk", "postgresql-10", "apache2", "libapache2-mod-auth-mellon"]: + package { ["make", "software-properties-common", "unzip", "curl", "git-core", "maven", "openjdk-11-jdk", "postgresql", "apache2", "libapache2-mod-auth-mellon"]: ensure => present, } ############################################################################## - # bionic does not have couchdb anymore. need to install ppa and then couchdb # # + # since bionic ubuntu does not have couchdb anymore. need to install ppa # # ############################################################################## exec { 'install-couchdb-add-repo-key': path => ['/usr/bin', '/usr/sbin'], command => "curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc | sudo apt-key add -", } + exec { 'install-couchdb-add-repo-url': path => ['/usr/bin', '/usr/sbin', '/usr/local/sbin', '/usr/local/bin', '/sbin', '/bin'], command => "echo $puppet_does_not_allow_escaping | sudo tee -a /etc/apt/sources.list", require => Exec['install-couchdb-add-repo-key'], } + exec { 'install-couchdb-update-apt': path => ['/usr/bin', '/usr/sbin'], command => "sudo apt-get update -y", require => Exec['install-couchdb-add-repo-url'], } + exec { 'install-couchdb-install-finally': path => ['/usr/bin', '/usr/sbin'], - command => "sudo DEBIAN_FRONTEND=noninteractive apt-get install -y couchdb=2.1.2~bionic", + command => "sudo DEBIAN_FRONTEND=noninteractive apt-get install -y couchdb=3.1.1~focal", require => Exec['install-couchdb-update-apt'], } diff --git a/puppet/manifests/sw360-single.pp b/puppet/manifests/sw360-single.pp index 8d649de..035a1c1 100644 --- a/puppet/manifests/sw360-single.pp +++ b/puppet/manifests/sw360-single.pp @@ -18,8 +18,8 @@ $couchdb_bind_port = '5984' # Path definitions - $tomcat_path='/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33' - $liferay_install='/opt/liferay-ce-portal-7.3.3-ga4' + $tomcat_path='/opt/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33' + $liferay_install='/opt/liferay-ce-portal-7.3.4-ga5' $sw360_settings_path='/etc/sw360' ############################ @@ -52,24 +52,13 @@ path => "/etc/environment", } - #################### - ## Postgres Setup ## - #################### - - class { 'postgresql::server': } - - postgresql::server::db { 'lportal': - user => 'liferay', - password => postgresql_password('liferay', $liferay_admin_password), - } - ################### ## CouchDB Setup ## ################### # local.ini: Setup of CouchDB bind port and bind adress file { 'couchdb_local.ini': - path => '/etc/couchdb/local.ini', + path => '/opt/couchdb/etc/local.ini', ensure => 'present', owner => couchdb, content => template('sw360/couchdb_local.ini.erb'), @@ -80,6 +69,18 @@ service { 'couchdb': ensure => "running", enable => "true", + require => File['couchdb_local.ini'], + } + + #################### + ## Postgres Setup ## + #################### + + class { 'postgresql::server': } + + postgresql::server::db { 'lportal': + user => 'liferay', + password => postgresql_password('liferay', $liferay_admin_password), } ################## @@ -139,15 +140,31 @@ } # Configuration of the sw360 for accessing couchdb - # TODO central couchdb file does not work because it - # spoils the test configuration, leaving it on files in bundles - # file { 'couchdb.properties': - # path => "${sw360_settings_path}/couchdb.properties", - # content => template('sw360/couchdb.properties.erb'), - # owner => 'siemagrant', - # ensure => present, - # require => File['sw360-dir'] - # } + file { 'couchdb.properties': + path => "${sw360_settings_path}/couchdb.properties", + content => template('sw360/couchdb.properties.erb'), + owner => 'siemagrant', + ensure => present, + require => File['sw360-dir'] + } + + # central couchdb file ... + file { 'couchdb_test.properties': + path => "${sw360_settings_path}/couchdb_test.properties", + content => template('sw360/couchdb_test.properties.erb'), + owner => 'siemagrant', + ensure => present, + require => File['sw360-dir'] + } + + # another central couchdb file ... + file { 'databasetest.properties': + path => "${sw360_settings_path}/databasetest.properties", + content => template('sw360/databasetest.properties.erb'), + owner => 'siemagrant', + ensure => present, + require => File['sw360-dir'] + } # Configuration of the sw360 itself file { 'sw360.properties': diff --git a/puppet/modules/postgresql/CHANGELOG.md b/puppet/modules/postgresql/CHANGELOG.md index c67ee2b..38d7d61 100755 --- a/puppet/modules/postgresql/CHANGELOG.md +++ b/puppet/modules/postgresql/CHANGELOG.md @@ -2,6 +2,175 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## [v6.6.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.6.0) (2020-06-02) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.5.0...v6.6.0) + +### Added + +- \(IAC-746\) - Add ubuntu 20.04 support [\#1172](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1172) ([david22swan](https://github.com/david22swan)) + +### Fixed + +- Fix custom port in extension [\#1165](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1165) ([Vampouille](https://github.com/Vampouille)) + +## [v6.5.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.5.0) (2020-05-13) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.4.0...v6.5.0) + +### Added + +- service\_ensure =\> true is now an allowed value \(aliased to running\) [\#1167](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1167) ([binford2k](https://github.com/binford2k)) +- Finish conversion of `postgresql\_acls\_to\_resources\_hash` function [\#1163](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1163) ([alexjfisher](https://github.com/alexjfisher)) +- Finish conversion of `postgresql\_escape` function [\#1162](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1162) ([alexjfisher](https://github.com/alexjfisher)) +- Finish conversion of `postgresql\_password` function [\#1161](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1161) ([alexjfisher](https://github.com/alexjfisher)) +- Allow usage of grant and role when not managing postgresql::server [\#1159](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1159) ([tuxmea](https://github.com/tuxmea)) +- Add version configs for SLES 12 SP 3 to 5 [\#1158](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1158) ([XnS](https://github.com/XnS)) +- Add extra parameter "extra\_systemd\_config" [\#1156](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1156) ([veninga](https://github.com/veninga)) + +### Fixed + +- \(MODULES-10610\) Use correct lower bound for concat version [\#1160](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1160) ([ghoneycutt](https://github.com/ghoneycutt)) + +## [v6.4.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.4.0) (2020-03-17) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.3.0...v6.4.0) + +### Added + +- Add Fedora 31 compatibility [\#1141](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1141) ([blackknight36](https://github.com/blackknight36)) +- feat: enable different database resource name in extension [\#1136](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1136) ([jfroche](https://github.com/jfroche)) +- pdksync - \(FM-8581\) - Debian 10 added to travis and provision file refactored [\#1130](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1130) ([david22swan](https://github.com/david22swan)) +- Puppet 4 functions [\#1129](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1129) ([binford2k](https://github.com/binford2k)) + +### Fixed + +- Fix incorrectly quoted GRANT cmd on functions [\#1150](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1150) ([olifre](https://github.com/olifre)) +- Correct versioncmp logic in config.pp [\#1137](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1137) ([boydtom](https://github.com/boydtom)) +- Treat $version as an integer for comparison, defaults to string [\#1135](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1135) ([boydtom](https://github.com/boydtom)) +- Allow usage of PUBLIC role [\#1134](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1134) ([Vampouille](https://github.com/Vampouille)) +- fix missing systemd override config for EL8 \(CentOS and RHEL\) [\#1131](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1131) ([david-barbion](https://github.com/david-barbion)) + +## [v6.3.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.3.0) (2019-12-18) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.2.0...v6.3.0) + +### Added + +- Add support for granting privileges on functions [\#1118](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1118) ([crispygoth](https://github.com/crispygoth)) +- \(FM-8679\) - Support added for CentOS 8 [\#1117](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1117) ([david22swan](https://github.com/david22swan)) +- MODULES-10041 - allow define password\_encryption for version above 10 [\#1111](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1111) ([k2patel](https://github.com/k2patel)) + +### Fixed + +- Remove duplicate REFERENCE.md file with strange unicode character at end of filename [\#1108](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1108) ([nudgegoonies](https://github.com/nudgegoonies)) + +## [v6.2.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.2.0) (2019-09-12) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.1.0...v6.2.0) + +### Added + +- FM-8408 - add support on Debian10 [\#1103](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1103) ([lionce](https://github.com/lionce)) +- Fix/directory defined twice [\#1089](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1089) ([arcenik](https://github.com/arcenik)) +- Adding SLES 15 [\#1087](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1087) ([msurato](https://github.com/msurato)) +- \(FM-7500\) conversion to use litmus [\#1081](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1081) ([tphoney](https://github.com/tphoney)) + +### Fixed + +- \(MODULES-9658\) - custom ports are not labeled correctly [\#1099](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1099) ([blackknight36](https://github.com/blackknight36)) +- Fix: When assigning a tablespace to a database, no equal sign is needed in the query [\#1098](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1098) ([biertie](https://github.com/biertie)) +- Grant all tables in schema fixup [\#1096](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1096) ([georgehansper](https://github.com/georgehansper)) +- \(MODULES-9219\) - puppetlabs-postgresql : catalog compilation fails when the service command is not installed [\#1093](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1093) ([blackknight36](https://github.com/blackknight36)) + +## [v6.1.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.1.0) (2019-06-04) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/v6.0.0...v6.1.0) + +### Added + +- \(FM-8031\) Add RedHat 8 support [\#1083](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1083) ([eimlav](https://github.com/eimlav)) + +## [v6.0.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/v6.0.0) (2019-05-14) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.12.1...v6.0.0) + +### Changed + +- pdksync - \(MODULES-8444\) - Raise lower Puppet bound [\#1070](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1070) ([david22swan](https://github.com/david22swan)) +- \(maint\) remove inconsistent extra variable [\#1044](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1044) ([binford2k](https://github.com/binford2k)) + +### Added + +- Add Fedora 30 compatibility [\#1067](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1067) ([blackknight36](https://github.com/blackknight36)) +- Include EL8 version for config checks [\#1060](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1060) ([ehelms](https://github.com/ehelms)) + +### Fixed + +- Support current version of puppetlabs/apt. [\#1073](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1073) ([pillarsdotnet](https://github.com/pillarsdotnet)) +- change username/group/datadir defaults for FreeBSD [\#1063](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1063) ([olevole](https://github.com/olevole)) + +## [5.12.1](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.12.1) (2019-02-14) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.12.0...5.12.1) + +### Fixed + +- \(FM-7811\) - Use postgresql 9.4 for SLES 11 sp4 [\#1057](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1057) ([david22swan](https://github.com/david22swan)) +- \(MODULES-8553\) Further cleanup for package tag issues [\#1055](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1055) ([HelenCampbell](https://github.com/HelenCampbell)) + +## [5.12.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.12.0) (2019-02-01) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.11.0...5.12.0) + +### Added + +- \(MODULES-3804\) Fix sort order of pg\_hba\_rule entries [\#1040](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1040) ([olavmrk](https://github.com/olavmrk)) + +### Fixed + +- \(MODULES-8553\) Fix dependency on apt by explicitly using 'puppetlabs-postgresql' as tag [\#1052](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1052) ([HelenCampbell](https://github.com/HelenCampbell)) +- \(MODULES-8352\) Don't use empty encoding string on initdb [\#1043](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1043) ([binford2k](https://github.com/binford2k)) +- pdksync - \(FM-7655\) Fix rubygems-update for ruby \< 2.3 [\#1042](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1042) ([tphoney](https://github.com/tphoney)) + +## [5.11.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.11.0) (2018-11-21) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.10.0...5.11.0) + +### Added + +- Add postgis support for postgres 10 [\#1032](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1032) ([smussie](https://github.com/smussie)) + +### Fixed + +- Strip quotes from role names [\#1034](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1034) ([jstuart](https://github.com/jstuart)) +- Ignore .psqlrc so output is clean and doesn't break Puppet [\#1021](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1021) ([flaviogurgel](https://github.com/flaviogurgel)) +- Change initdb option '--xlogdir' to '-X' for PG10 compatibility [\#976](https://github.com/puppetlabs/puppetlabs-postgresql/pull/976) ([fcanovai](https://github.com/fcanovai)) + +## [5.10.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.10.0) (2018-09-27) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.9.0...5.10.0) + +### Added + +- pdksync - \(MODULES-6805\) metadata.json shows support for puppet 6 [\#1026](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1026) ([tphoney](https://github.com/tphoney)) + +## [5.9.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.9.0) (2018-09-06) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.8.0...5.9.0) + +### Added + +- pdksync - \(MODULES-7705\) - Bumping stdlib dependency from \< 5.0.0 to \< 6.0.0 [\#1018](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1018) ([pmcmaw](https://github.com/pmcmaw)) + +## [5.8.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.8.0) (2018-08-06) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.7.0...5.8.0) + +### Added + +- metadata.json: bump allowed version of puppetlabs-apt to 6.0.0 [\#1012](https://github.com/puppetlabs/puppetlabs-postgresql/pull/1012) ([mateusz-gozdek-sociomantic](https://github.com/mateusz-gozdek-sociomantic)) + ## [5.7.0](https://github.com/puppetlabs/puppetlabs-postgresql/tree/5.7.0) (2018-07-19) [Full Changelog](https://github.com/puppetlabs/puppetlabs-postgresql/compare/5.6.0...5.7.0) @@ -56,7 +225,7 @@ All notable changes to this project will be documented in this file. The format - Documentation error, `reassign\_owned\_by` uses `\*\_role` not `\*\_owner`. [\#958](https://github.com/puppetlabs/puppetlabs-postgresql/pull/958) ([computermouth](https://github.com/computermouth)) -## Supported Release [5.3.0] +## 5.3.0 ### Summary Implements rubocop changes within the module, alongside other smaller changes. diff --git a/puppet/modules/postgresql/CODEOWNERS b/puppet/modules/postgresql/CODEOWNERS new file mode 100755 index 0000000..a5d109e --- /dev/null +++ b/puppet/modules/postgresql/CODEOWNERS @@ -0,0 +1,2 @@ +# Setting ownership to the modules team +* @puppetlabs/modules diff --git a/puppet/modules/postgresql/Gemfile b/puppet/modules/postgresql/Gemfile index a7ec820..adbbe6d 100755 --- a/puppet/modules/postgresql/Gemfile +++ b/puppet/modules/postgresql/Gemfile @@ -1,22 +1,15 @@ source ENV['GEM_SOURCE'] || 'https://rubygems.org' def location_for(place_or_version, fake_version = nil) - if place_or_version =~ %r{\A(git[:@][^#]*)#(.*)} - [fake_version, { git: Regexp.last_match(1), branch: Regexp.last_match(2), require: false }].compact - elsif place_or_version =~ %r{\Afile:\/\/(.*)} - ['>= 0', { path: File.expand_path(Regexp.last_match(1)), require: false }] - else - [place_or_version, { require: false }] - end -end + git_url_regex = %r{\A(?(https?|git)[:@][^#]*)(#(?.*))?} + file_url_regex = %r{\Afile:\/\/(?.*)} -def gem_type(place_or_version) - if place_or_version =~ %r{\Agit[:@]} - :git - elsif !place_or_version.nil? && place_or_version.start_with?('file:') - :file + if place_or_version && (git_url = place_or_version.match(git_url_regex)) + [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact + elsif place_or_version && (file_url = place_or_version.match(file_url_regex)) + ['>= 0', { path: File.expand_path(file_url[:path]), require: false }] else - :gem + [place_or_version, { require: false }] end end @@ -24,29 +17,23 @@ ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments minor_version = ruby_version_segments[0..1].join('.') group :development do - gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') - gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') - gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') - gem "json", '<= 2.0.4', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.4.4') - gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby] - gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby] - gem "puppet-module-win-default-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-win-dev-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-blacksmith", '~> 3.4', require: false, platforms: [:ruby] -end -group :system_tests do - gem "puppet-module-posix-system-r#{minor_version}", require: false, platforms: [:ruby] - gem "puppet-module-win-system-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "beaker", *location_for(ENV['BEAKER_VERSION'] || '~> 3.13') - gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') - gem "beaker-pe", require: false - gem "beaker-hostgenerator" - gem "beaker-rspec" + gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') + gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') + gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') + gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') + gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-module-posix-default-r#{minor_version}", '~> 0.4', require: false, platforms: [:ruby] + gem "puppet-module-posix-dev-r#{minor_version}", '~> 0.4', require: false, platforms: [:ruby] + gem "puppet-module-win-default-r#{minor_version}", '~> 0.4', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-module-win-dev-r#{minor_version}", '~> 0.4', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "github_changelog_generator", require: false, git: 'https://github.com/skywinder/github-changelog-generator', ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018' if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2') + gem 'ed25519', '>= 1.2', '< 2.0' + gem 'bcrypt_pbkdf', '>= 1.0', '< 2.0' end puppet_version = ENV['PUPPET_GEM_VERSION'] -puppet_type = gem_type(puppet_version) facter_version = ENV['FACTER_GEM_VERSION'] hiera_version = ENV['HIERA_GEM_VERSION'] diff --git a/puppet/modules/postgresql/HISTORY.md b/puppet/modules/postgresql/HISTORY.md index e688f91..cd32fe9 100755 --- a/puppet/modules/postgresql/HISTORY.md +++ b/puppet/modules/postgresql/HISTORY.md @@ -1,4 +1,4 @@ -## Supported Release [5.3.0] +## 5.3.0 ### Summary Implements rubocop changes within the module, alongside other smaller changes. diff --git a/puppet/modules/postgresql/MAINTAINERS.md b/puppet/modules/postgresql/MAINTAINERS.md deleted file mode 100755 index d8c8f6f..0000000 --- a/puppet/modules/postgresql/MAINTAINERS.md +++ /dev/null @@ -1,6 +0,0 @@ -## Maintenance - -Maintainers: - - Puppet Forge Modules Team `forge-modules |at| puppet |dot| com` - -Tickets: https://tickets.puppet.com/browse/MODULES. Make sure to set component to `postgresql`. diff --git a/puppet/modules/postgresql/README.md b/puppet/modules/postgresql/README.md index d705551..d8470d6 100755 --- a/puppet/modules/postgresql/README.md +++ b/puppet/modules/postgresql/README.md @@ -16,11 +16,6 @@ * [Create user name maps for pg_ident.conf](#create-user-name-maps-for-pg_identconf) * [Validate connectivity](#validate-connectivity) 4. [Reference - An under-the-hood peek at what the module is doing and how](#reference) - * [Classes](#classes) - * [Defined Types](#defined-types) - * [Types](#types) - * [Functions](#functions) - * [Tasks](#tasks) 5. [Limitations - OS compatibility, etc.](#limitations) 6. [Development - Guide for contributing to the module](#development) * [Contributors - List of module contributors](#contributors) @@ -86,7 +81,7 @@ class { 'postgresql::server': postgresql::server::db { 'mydatabasename': user => 'mydatabaseuser', - password => postgresql_password('mydatabaseuser', 'mypassword'), + password => postgresql::postgresql_password('mydatabaseuser', 'mypassword'), } ``` @@ -99,7 +94,7 @@ class { 'postgresql::server': } postgresql::server::role { 'marmot': - password_hash => postgresql_password('marmot', 'mypasswd'), + password_hash => postgresql::postgresql_password('marmot', 'mypasswd'), } postgresql::server::database_grant { 'test1': @@ -321,1597 +316,13 @@ exec { 'rake db:migrate': ## Reference -The postgresql module comes with many options for configuring the server. While you are unlikely to use all of the settings below, they provide a decent amount of control over your security settings. - -**Classes:** - -* [postgresql::client](#postgresqlclient) -* [postgresql::globals](#postgresqlglobals) -* [postgresql::lib::devel](#postgresqllibdevel) -* [postgresql::lib::java](#postgresqllibjava) -* [postgresql::lib::perl](#postgresqllibperl) -* [postgresql::lib::python](#postgresqllibpython) -* [postgresql::server](#postgresqlserver) -* [postgresql::server::plperl](#postgresqlserverplperl) -* [postgresql::server::contrib](#postgresqlservercontrib) -* [postgresql::server::postgis](#postgresqlserverpostgis) - -**Defined Types:** - -* [postgresql::server::config_entry](#postgresqlserverconfig_entry) -* [postgresql::server::database](#postgresqlserverdatabase) -* [postgresql::server::database_grant](#postgresqlserverdatabase_grant) -* [postgresql::server::db](#postgresqlserverdb) -* [postgresql::server::extension](#postgresqlserverextension) -* [postgresql::server::grant](#postgresqlservergrant) -* [postgresql::server::grant_role](#postgresqlservergrant_role) -* [postgresql::server::pg_hba_rule](#postgresqlserverpg_hba_rule) -* [postgresql::server::pg_ident_rule](#postgresqlserverpg_ident_rule) -* [postgresql::server::reassign_owned_by](#postgresqlserverreassign_owned_by) -* [postgresql::server::recovery](#postgresqlserverrecovery) -* [postgresql::server::role](#postgresqlserverrole) -* [postgresql::server::schema](#postgresqlserverschema) -* [postgresql::server::table_grant](#postgresqlservertable_grant) -* [postgresql::server::tablespace](#postgresqlservertablespace) - -**Types:** - -* [postgresql_psql](#custom-resource-postgresql_psql) -* [postgresql_replication_slot](#custom-resource-postgresql_replication_slot) -* [postgresql_conf](#custom-resource-postgresql_conf) -* [postgresql_conn_validator](#custom-resource-postgresql_conn_validator) - -**Functions:** - -* [postgresql_password](#function-postgresql_password) -* [postgresql_acls_to_resources_hash](#function-postgresql_acls_to_resources_hashacl_array-id-order_offset) - -**Tasks:** - -* [`sql`](#tasks) - -### Classes - -#### postgresql::client - -Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install. - ->**Note:** Make sure to add any necessary yum or apt repositories if specifying a custom version. - -##### `package_ensure` - -Whether the PostgreSQL client package resource should be present. - -Valid values: 'present', 'absent'. - -Default value: 'present'. - -##### `package_name` - -Sets the name of the PostgreSQL client package. - -Default value: 'file'. - -#### postgresql::lib::docs - -Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install. - -**Note:** Make sure to add any necessary yum or apt repositories if specifying a custom version. - -##### `package_name` - -Specifies the name of the PostgreSQL docs package. - -##### `package_ensure` - -Whether the PostgreSQL docs package resource should be present. - -Valid values: 'present', 'absent'. - -Default value: 'present'. - -#### postgresql::globals - -**Note:** Most server-specific defaults should be overridden in the `postgresql::server` class. This class should be used only if you are using a non-standard OS, or if you are changing elements that can only be changed here, such as `version` or `manage_package_repo`. - -##### `bindir` - -Overrides the default PostgreSQL binaries directory for the target platform. - -Default value: OS dependent. - -##### `client_package_name` - -Overrides the default PostgreSQL client package name. - -Default value: OS dependent. - -##### `confdir` - -Overrides the default PostgreSQL configuration directory for the target platform. - -Default value: OS dependent. - -##### `contrib_package_name` - -Overrides the default PostgreSQL contrib package name. - -Default value: OS dependent. - -##### `createdb_path` - -**Deprecated.** Path to the `createdb` command. - -Default value: '${bindir}/createdb'. - -##### `datadir` - -Overrides the default PostgreSQL data directory for the target platform. - -Default value: OS dependent. - -**Note:** Changing the datadir after installation causes the server to come to a full stop before making the change. For Red Hat systems, the data directory must be labeled appropriately for SELinux. On Ubuntu, you must explicitly set `needs_initdb = true` to allow Puppet to initialize the database in the new datadir (`needs_initdb` defaults to true on other systems). - -**Warning:** If datadir is changed from the default, Puppet does not manage purging of the original data directory, which causes it to fail if the data directory is changed back to the original. - -##### `data_checksums` - -Optional. - -Data type: Boolean. - -Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. - -Valid values: `true` or `false`. - -Default: initdb's default (`false`). - -**Warning:** This option is used during initialization by initdb, and cannot be changed later. If set, checksums are calculated for all objects, in all databases. - -##### `default_database` - -Specifies the name of the default database to connect with. - -Default value: 'postgres' (for most systems). - -##### `devel_package_name` - -Overrides the default PostgreSQL devel package name. - -Default value: OS dependent. - -##### `docs_package_name` - -Optional. - -Overrides the default PostgreSQL docs package name. - -Default value: OS dependent. - -##### `encoding` - -Sets the default encoding for all databases created with this module. On certain operating systems, this is also used during the `template1` initialization, so it becomes a default outside of the module as well. - -Default value: Dependent on the operating system's default encoding. - -##### `group` - -Overrides the default postgres user group to be used for related files in the file system. - -Default value: 'postgres'. - -##### `initdb_path` - -Path to the `initdb` command. - -##### `java_package_name` - -Overrides the default PostgreSQL java package name. - -Default value: OS dependent. - -##### `locale` - -Sets the default database locale for all databases created with this module. On certain operating systems, this is also used during the `template1` initialization, so it becomes a default outside of the module as well. - -Default value: `undef`, which is effectively 'C'. - -**On Debian, you'll need to ensure that the 'locales-all' package is installed for full functionality of PostgreSQL.** - -##### `timezone` - -Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information. - -##### `logdir` - -Overrides the default PostgreSQL log directory. - -Default value: initdb's default path. - -##### `manage_package_repo` - -Sets up official PostgreSQL repositories on your host if set to `true`. - -Default value: `false`. - -##### `module_workdir` - -Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option. - -Default value: '/tmp'. - -##### `needs_initdb` - -Explicitly calls the initdb operation after the server package is installed and before the PostgreSQL service is started. - -Default value: OS dependent. - -##### `perl_package_name` - -Overrides the default PostgreSQL Perl package name. - -Default value: OS dependent. - -##### `pg_hba_conf_defaults` - -Disables the defaults supplied with the module for `pg_hba.conf` if set to `false`. This is useful if you want to override the defaults. Be sure that your changes align with the rest of the module, as some access is required to perform some operations, such as basic `psql` operations. - -Default value: The globals value set in `postgresql::globals::manage_pg_hba_conf` which defaults to `true`. - -##### `pg_hba_conf_path` - -Specifies the path to your `pg_hba.conf` file. - -Default value: '${confdir}/pg_hba.conf'. - -##### `pg_ident_conf_path` - -Specifies the path to your `pg_ident.conf` file. - -Default value: '${confdir}/pg_ident.conf'. - -##### `plperl_package_name` - -Overrides the default PostgreSQL PL/Perl package name. - -Default value: OS dependent. - -##### `plpython_package_name` - -Overrides the default PostgreSQL PL/Python package name. - -Default value: OS dependent. - -##### `postgis_version` - -Defines the version of PostGIS to install, if you install PostGIS. - -Default value: The lowest available with the version of PostgreSQL to be installed. - -##### `postgresql_conf_path` - -Sets the path to your `postgresql.conf` file. - -Default value: '${confdir}/postgresql.conf'. - -##### `psql_path` - -Sets the path to the `psql` command. - -##### `python_package_name` - -Overrides the default PostgreSQL Python package name. - -Default value: OS dependent. - -##### `recovery_conf_path` - -Path to your `recovery.conf` file. - -##### `repo_proxy` - -Sets the proxy option for the official PostgreSQL yum-repositories only. This is useful if your server is behind a corporate firewall and needs to use proxy servers for outside connectivity. - -Debian is currently not supported. - -##### `repo_baseurl` - -Sets the baseurl for the PostgreSQL repository. Useful if you host your own mirror of the repository. - -Default value: The official PostgreSQL repository. - -##### `server_package_name` - -Overrides the default PostgreSQL server package name. - -Default value: OS dependent. - -##### `service_name` - -Overrides the default PostgreSQL service name. - -Default value: OS dependent. - -##### `service_provider` - -Overrides the default PostgreSQL service provider. - -Default value: OS dependent. - -##### `service_status` - -Overrides the default status check command for your PostgreSQL service. - -Default value: OS dependent. - -##### `user` - -Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. - -Default value: 'postgres'. - -##### `version` - -The version of PostgreSQL to install and manage. - -Default value: OS system default. - -##### `xlogdir` - -Overrides the default PostgreSQL xlog directory. - -Default value: initdb's default path. - -#### postgresql::lib::devel - -Installs the packages containing the development libraries for PostgreSQL and symlinks `pg_config` into `/usr/bin` (if not in `/usr/bin` or `/usr/local/bin`). - -##### `link_pg_config` - -If the bin directory used by the PostgreSQL page is not `/usr/bin` or `/usr/local/bin`, symlinks `pg_config` from the package's bin dir into `usr/bin` (not applicable to Debian systems). Set to `false` to disable this behavior. - -Valid values: `true`, `false`. - -Default value: `true`. - -##### `package_ensure` - -Overrides the 'ensure' parameter during package installation. - -Default value: 'present'. - -##### `package_name` - -Overrides the default package name for the distribution you are installing to. - -Default value: 'postgresql-devel' or 'postgresql-devel' depending on your distro. - -#### postgresql::lib::java - -Installs PostgreSQL bindings for Java (JDBC). Set the following parameters if you have a custom version you would like to install. - -**Note:** Make sure to add any necessary yum or apt repositories if specifying a custom version. - -##### `package_ensure` - -Specifies whether the package is present. - -Valid values: 'present', 'absent'. - -Default value: 'present'. - -##### `package_name` - -Specifies the name of the PostgreSQL java package. - -#### postgresql::lib::perl - -Installs the PostgreSQL Perl libraries. - -##### `package_ensure` - -Specifies whether the package is present. - -Valid values: 'present', 'absent'. - -Default value: 'present'. - -##### `package_name` - -Specifies the name of the PostgreSQL perl package to install. - -#### postgresql::server::plpython - -Installs the PL/Python procedural language for PostgreSQL. - -##### `package_name` - -Specifies the name of the postgresql PL/Python package. - -##### `package_ensure` - -Specifies whether the package is present. - -Valid values: 'present', 'absent'. - -Default value: 'present'. - -#### postgresql::lib::python - -Installs PostgreSQL Python libraries. - -##### `package_ensure` - -Specifies whether the package is present. - -Valid values: 'present', 'absent'. - -Default value: 'present'. - -##### `package_name` - -The name of the PostgreSQL Python package. - -#### postgresql::server - -##### `config_entries` - -Specifies a hash from which to generate `postgresql::server::config_entry` resources. - -Default value: `{}` - -##### `createdb_path` - -**Deprecated.** Specifies the path to the `createdb` command. - -Default value: '${bindir}/createdb'. - -##### `data_checksums` - -Optional. - -Data type: Boolean. - -Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. - -Valid values: `true` or `false`. - -Default value: initdb's default (`false`). - -**Warning:** This option is used during initialization by initdb, and cannot be changed later. If set, checksums are calculated for all objects, in all databases. - -##### `default_database` - -Specifies the name of the default database to connect with. On most systems this is 'postgres'. - -##### `default_connect_settings` - -Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, such as `postgresql::server::role`. - -##### `encoding` - -Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the `template1` initialization, so it becomes a default outside of the module as well. - -Default value: `undef`. - -##### `group` - -Overrides the default postgres user group to be used for related files in the file system. - -Default value: OS dependent default. - -##### `initdb_path` - -Specifies the path to the `initdb` command. - -Default value: '${bindir}/initdb'. - -##### `ipv4acls` - -Lists strings for access control for connection method, users, databases, IPv4 addresses; - -see [PostgreSQL documentation](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) on `pg_hba.conf` for information. - -##### `ipv6acls` - -Lists strings for access control for connection method, users, databases, IPv6 addresses. - -see [PostgreSQL documentation](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) on `pg_hba.conf` for information. - -##### `ip_mask_allow_all_users` - -Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP from remote machines. If you'd like to allow this, you can override this setting. - -Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine on your local '192.168' subnet. - -Default value: '127.0.0.1/32'. - -##### `ip_mask_deny_postgres_user` - -Specifies the IP mask from which remote connections should be denied for the postgres superuser. - -Default value: '0.0.0.0/0', which denies any remote connection. - -##### `locale` - -Sets the default database locale for all databases created with this module. On certain operating systems this is used during the `template1` initialization as well, so it becomes a default outside of the module. - -Default value: `undef`, which is effectively 'C'. - -**On Debian, you must ensure that the 'locales-all' package is installed for full functionality of PostgreSQL.** - -##### `manage_pg_hba_conf` - -Whether to manage the `pg_hba.conf`. - -If set to `true`, Puppet overwrites this file. - -If set to `false`, Puppet does not modify the file. - -Valid values: `true`, `false`. - -Default value: `true` - -##### `manage_pg_ident_conf` - -Overwrites the pg_ident.conf file. - -If set to `true`, Puppet overwrites the file. - -If set to `false`, Puppet does not modify the file. - -Valid values: `true`, `false`. - -Default value: `true`. - -##### `manage_recovery_conf` - -Specifies whether or not manage the `recovery.conf`. - -If set to `true`, Puppet overwrites this file. - -Valid values: `true`, `false`. - -Default value: `false`. - -##### `needs_initdb` - -Explicitly calls the `initdb` operation after server package is installed, and before the PostgreSQL service is started. - -Default value: OS dependent. - -##### `package_ensure` - -Passes a value through to the `package` resource when creating the server instance. - -Default value: `undef`. - -##### `package_name` - -Specifies the name of the package to use for installing the server software. - -Default value: OS dependent. - -##### `pg_hba_conf_defaults` - -If `false`, disables the defaults supplied with the module for `pg_hba.conf`. This is useful if you disagree with the defaults and wish to override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform basic `psql` operations for example. - -##### `pg_hba_conf_path` - -Specifies the path to your `pg_hba.conf` file. - -##### `pg_hba_rules` - -Specifies a hash from which to generate `postgresql::server::pg_hba_rule` resources. - -Default value: `{}` - -##### `pg_ident_conf_path` - -Specifies the path to your `pg_ident.conf` file. - -Default value: '${confdir}/pg_ident.conf'. - -##### `plperl_package_name` - -Sets the default package name for the PL/Perl extension. - -Default value: OS dependent. - -##### `plpython_package_name` - -Sets the default package name for the PL/Python extension. - -Default value: OS dependent. - -##### `port` - -Specifies the port for the PostgreSQL server to listen on. **Note:** The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change. - -Default value: 5432. Meaning the Postgres server listens on TCP port 5432. - -##### `postgres_password` - -Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres database, with a user called `postgres` and no password. - -Default value: `undef`. - -##### `postgresql_conf_path` - -Specifies the path to your `postgresql.conf` file. - -Default value: '${confdir}/postgresql.conf'. - -##### `psql_path` - -Specifies the path to the `psql` command. - -Default value: OS dependent. - -##### `roles` - -Specifies a hash from which to generate `postgresql::server::role` resources. - -Default value: `{}` - -##### `service_manage` - -Defines whether or not Puppet should manage the service. - -Default value: `true`. - -##### `service_name` - -Overrides the default PostgreSQL service name. - -Default value: OS dependent. - -##### `service_provider` - -Overrides the default PostgreSQL service provider. - -Default value: `undef`. - -##### `service_reload` - -Overrides the default reload command for your PostgreSQL service. - -Default value: OS dependent. - -##### `service_restart_on_change` - -Overrides the default behavior to restart your PostgreSQL service when a config entry has been changed that requires a service restart to become active. - -Default value: `true`. - -##### `service_status` - -Overrides the default status check command for your PostgreSQL service. - -Default value: OS dependent. - -##### `user` - -Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. - -Default value: 'postgres'. - -#### postgresql::server::contrib - -Installs the PostgreSQL contrib package. - -##### `package_ensure` - -Sets the ensure parameter passed on to PostgreSQL contrib package resource. - -##### `package_name` - -The name of the PostgreSQL contrib package. - -#### postgresql::server::plperl - -Installs the PL/Perl procedural language for postgresql. - -##### `package_ensure` - -The ensure parameter passed on to PostgreSQL PL/Perl package resource. - -##### `package_name` - -The name of the PostgreSQL PL/Perl package. - -#### postgresql::server::postgis - -Installs the PostgreSQL postgis packages. - -### Defined Types - -#### postgresql::server::config_entry - -Modifies your `postgresql.conf` configuration file. - -Each resource maps to a line inside the file, for example: - -```puppet -postgresql::server::config_entry { 'check_function_bodies': - value => 'off', -} -``` - -##### `ensure` - -Removes an entry if set to 'absent'. - -Valid values: 'present', 'absent'. - -Default value: 'present'. - -##### `value` - -Defines the value for the setting. - -#### postgresql::server::db - -Creates a local database, user, and assigns necessary permissions. - -##### `comment` - -Defines a comment to be stored about the database using the PostgreSQL COMMENT command. - -##### `connect_settings` - -Specifies a hash of environment variables used when connecting to a remote server. - -Default value: Connects to the local Postgres instance. - -##### `dbname` - -Sets the name of the database to be created. - -Default value: the namevar. - -##### `encoding` - -Overrides the character set during creation of the database. - -Default value: The default defined during installation. - -##### `grant` - -Specifies the permissions to grant during creation. - -Default value: 'ALL'. - -##### `istemplate` - -Specifies that the database is a template, if set to `true`. - -Default value: `false`. - -##### `locale` - -Overrides the locale during creation of the database. - -Default value: The default defined during installation. - -##### `owner` - -Sets a user as the owner of the database. - -Default value: '$user' variable set in `postgresql::server` or `postgresql::globals`. - -##### `password` - -**Required** Sets the password for the created user. - -##### `tablespace` - -Defines the name of the tablespace to allocate the created database to. - -Default value: PostgreSQL default. - -##### `template` - -Specifies the name of the template database from which to build this database. - -Defaults value: `template0`. - -##### `user` - -User to create and assign access to the database upon creation. Mandatory. - -#### postgresql::server::database - -Creates a database with no users and no permissions. - -##### `dbname` - -Sets the name of the database. - -Defaults value: The namevar. - -##### `encoding` - -Overrides the character set during creation of the database. - -Default value: The default defined during installation. - -##### `istemplate` - -Defines the database as a template if set to `true`. - -Default value: `false`. - -##### `locale` - -Overrides the locale during creation of the database. - -Default value: The default defined during installation. - -##### `owner` - -Sets name of the database owner. - -Default value: The '$user' variable set in `postgresql::server` or `postgresql::globals`. - -##### `tablespace` - -Sets tablespace for where to create this database. - -Default value: The default defined during installation. - -##### `template` - -Specifies the name of the template database from which to build this database. - -Default value: 'template0'. - -#### postgresql::server::database_grant - -Manages grant-based access privileges for users, wrapping the `postgresql::server::database_grant` for database specific permissions. Consult the [PostgreSQL documentation for `grant`](http://www.postgresql.org/docs/current/static/sql-grant.html) for more information. - -##### `ensure` - -Specifies whether to grant or revoke the privilege. Revoke or 'absent' works only in PostgreSQL version 9.1.24 or later. - -Valid values: 'present', 'absent'. -* 'present' to grant the privilege -* 'absent' to revoke the privilege - -Default value: 'present'. - -#### `connect_settings` - -Specifies a hash of environment variables used when connecting to a remote server. - -Default value: Connects to the local Postgres instance. - -##### `db` - -Specifies the database to which you are granting access. - -##### `privilege` - -Specifies comma-separated list of privileges to grant. - -Valid options: 'ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP'. - -##### `psql_db` - -Defines the database to execute the grant against. - -**This should not ordinarily be changed from the default** - -Default value: 'postgres'. - -##### `psql_user` - -Specifies the OS user for running `psql`. - -Default value: The default user for the module, usually 'postgres'. - -##### `role` - -Specifies the role or user whom you are granting access to. - -#### postgresql::server::extension - -Manages a PostgreSQL extension. - -##### `database` - -Specifies the database on which to activate the extension. - -##### `schema` - -Specifies the schema on which to activate the extension. - -##### `ensure` - -Specifies whether to activate or deactivate the extension. - -Valid options: 'present' or 'absent'. - -#### `extension` - -Specifies the extension to activate. If left blank, uses the name of the resource. - -#### `version` - -Specifies the version of the extension which the database uses. -When an extension package is updated, this does not automatically change the effective version in each database. - -This needs be updated using the PostgreSQL-specific SQL `ALTER EXTENSION...` - -`version` may be set to `latest`, in which case the SQL `ALTER EXTENSION "extension" UPDATE` is applied to this database (only). - -`version` may be set to a specific version, in which case the extension is updated using `ALTER EXTENSION "extension" UPDATE TO 'version'` - -eg. If extension is set to `postgis` and version is set to `2.3.3`, this will apply the SQL `ALTER EXTENSION "postgis" UPDATE TO '2.3.3'` to this database only. - -`version` may be omitted, in which case no `ALTER EXTENSION...` SQL is applied, and the version will be left unchanged. - -##### `package_name` - -Specifies a package to install prior to activating the extension. - -##### `package_ensure` - -Overrides default package deletion behavior. - -By default, the package specified with `package_name` is installed when the extension is activated and removed when the extension is deactivated. To override this behavior, set the `ensure` value for the package. - -#### postgresql::server::grant - -Manages grant-based access privileges for roles. See [PostgreSQL documentation for `grant`](http://www.postgresql.org/docs/current/static/sql-grant.html) for more information. - -##### `ensure` - -Specifies whether to grant or revoke the privilege. Default is to grant the privilege. - -Valid values: 'present', 'absent'. -* 'present' to grant the privilege -* 'absent' to revoke the privilege - -Default value: 'present'. - -##### `db` - -Specifies the database to which you are granting access. - -##### `object_type` - -Specifies the type of object to which you are granting privileges. - -Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'. - -##### `object_name` - -Specifies name of `object_type` to which to grant access, can be either a string or a two element array. - -String: 'object_name' -Array: ['schema_name', 'object_name'] - -##### `port` - -Port to use when connecting. - -Default value: `undef`, which generally defaults to port 5432 depending on your PostgreSQL packaging. - -##### `privilege` - -Specifies the privilege to grant. - -Valid options: 'ALL', 'ALL PRIVILEGES' or 'object_type' dependent string. - -##### `psql_db` - -Specifies the database to execute the grant against. - -**This should not ordinarily be changed from the default** - -Default value: 'postgres'. - -##### `psql_user` - -Sets the OS user to run `psql`. - -Default value: the default user for the module, usually 'postgres'. - -##### `role` - -Specifies the role or user whom you are granting access to. - -#### postgresql::server::grant_role - -Allows you to assign a role to a (group) role. See [PostgreSQL documentation for `Role Membership`](http://www.postgresql.org/docs/current/static/role-membership.html) for more information. - -##### `group` - -Specifies the group role to which you are assigning a role. - -##### `role` - -Specifies the role you want to assign to a group. If left blank, uses the name of the resource. - -##### `ensure` - -Specifies whether to grant or revoke the membership. - -Valid options: 'present' or 'absent'. - -Default value: 'present'. - -##### `port` - -Port to use when connecting. - -Default value: `undef`, which generally defaults to port 5432 depending on your PostgreSQL packaging. - -##### `psql_db` - -Specifies the database to execute the grant against. - -**This should not ordinarily be changed from the default** - -Default value: 'postgres'. - -##### `psql_user` - -Sets the OS user to run `psql`. - -Default value: the default user for the module, usually `postgres`. - -##### `connect_settings` - -Specifies a hash of environment variables used when connecting to a remote server. - -Default value: Connects to the local Postgres instance. - -#### postgresql::server::pg_hba_rule - -Allows you to create an access rule for `pg_hba.conf`. For more details see the [usage example](#create-an-access-rule-for-pghba.conf) and the [PostgreSQL documentation](http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html). - -##### `address` - -Sets a CIDR based address for this rule matching when the type is not 'local'. - -##### `auth_method` - -Provides the method that is used for authentication for the connection that this rule matches. Described further in the PostgreSQL `pg_hba.conf` documentation. - -##### `auth_option` - -For certain `auth_method` settings there are extra options that can be passed. Consult the PostgreSQL `pg_hba.conf` documentation for further details. - -##### `database` - -Sets a comma-separated list of databases that this rule matches. - -##### `description` - -Defines a longer description for this rule, if required. This description is placed in the comments above the rule in `pg_hba.conf`. - -Default value: 'none'. - -Specifies a way to uniquely identify this resource, but functionally does nothing. - -##### `order` - -Sets an order for placing the rule in `pg_hba.conf`. - -Default value: 150. - -#### `postgresql_version` - -Manages `pg_hba.conf` without managing the entire PostgreSQL instance. - -Default value: the version set in `postgresql::server`. - -##### `target` - -Provides the target for the rule, and is generally an internal only property. - -**Use with caution.** - -##### `type` - -Sets the type of rule. - -Valid options: 'local', 'host', 'hostssl' or 'hostnossl'. - -##### `user` - -Sets a comma-separated list of users that this rule matches. - - -#### postgresql::server::pg_ident_rule - -Allows you to create user name maps for `pg_ident.conf`. For more details see the [usage example](#create-user-name-maps-for-pgidentconf) above and the [PostgreSQL documentation](http://www.postgresql.org/docs/current/static/auth-username-maps.html). - -##### `database_username` - -Specifies the user name of the database user. The `system_username` is mapped to this user name. - -##### `description` - -Sets a longer description for this rule if required. This description is placed in the comments above the rule in `pg_ident.conf`. - -Default value: 'none'. - -##### `map_name` - -Sets the name of the user map that is used to refer to this mapping in `pg_hba.conf`. - -##### `order` - -Defines an order for placing the mapping in `pg_ident.conf`. - -Default value: 150. - -##### `system_username` - -Specifies the operating system user name (the user name used to connect to the database). - -##### `target` - -Provides the target for the rule and is generally an internal only property. - -**Use with caution.** - -#### postgresql::server::reassign_owned_by - -Runs the PostgreSQL command 'REASSIGN OWNED' on a database, to transfer the ownership of existing objects between database roles - -##### `db` - -Specifies the database to which the 'REASSIGN OWNED' will be applied - -##### `old_role` - -Specifies the role or user who is the current owner of the objects in the specified db - -##### `new_role` - -Specifies the role or user who will be the new owner of these objects - -##### `psql_user` - -Specifies the OS user for running `psql`. - -Default value: The default user for the module, usually 'postgres'. - -##### `port` - -Port to use when connecting. - -Default value: `undef`, which generally defaults to port 5432 depending on your PostgreSQL packaging. - -##### `connect_settings` - -Specifies a hash of environment variables used when connecting to a remote server. - -Default value: Connects to the local Postgres instance. - -#### postgresql::server::recovery - -Allows you to create the content for `recovery.conf`. For more details see the [usage example](#create-recovery-configuration) and the [PostgreSQL documentation](http://www.postgresql.org/docs/current/static/recovery-config.html). - -Every parameter value is a string set in the template except `recovery_target_inclusive`, `pause_at_recovery_target`, `standby_mode` and `recovery_min_apply_delay`. - -A detailed description of all listed parameters can be found in the [PostgreSQL documentation](http://www.postgresql.org/docs/current/static/recovery-config.html). - -Only the specified parameters are recognized in the template. The `recovery.conf` is only created if at least one parameter is set **and** [manage_recovery_conf](#manage_recovery_conf) is set to true. - -The parameters are grouped into these three sections: - -##### [Archive Recovery Parameters](http://www.postgresql.org/docs/current/static/archive-recovery-settings.html) - -* `restore_command` -* `archive_cleanup_command` -* `recovery_end_command` - -##### [Recovery Target Settings](http://www.postgresql.org/docs/current/static/recovery-target-settings.html) -* `recovery_target_name` -* `recovery_target_time` -* `recovery_target_xid` -* `recovery_target_inclusive` -* `recovery_target` -* `recovery_target_timeline` -* `pause_at_recovery_target` - -##### [Standby Server Settings](http://www.postgresql.org/docs/current/static/standby-settings.html) -* `standby_mode`: Can be specified with the string ('on'/'off'), or by using a Boolean value (`true`/`false`). -* `primary_conninfo` -* `primary_slot_name` -* `trigger_file` -* `recovery_min_apply_delay` - -##### `target` -Provides the target for the rule, and is generally an internal only property. - -**Use with caution.** - -#### postgresql::server::role -Creates or drops a role or user in PostgreSQL. - -##### `ensure` - -Specify whether to create or drop the role. - -Specifying 'present' creates the role. -Specifying 'absent' drops the role. - -Default value: 'present'. - -##### `connection_limit` -Specifies how many concurrent connections the role can make. - -Default value: '-1', meaning no limit. - -##### `connect_settings` -Specifies a hash of environment variables used when connecting to a remote server. - -Default value: Connects to the local Postgres instance. - -##### `createdb` -Specifies whether to grant the ability to create new databases with this role. - -Default value: `false`. - -##### `createrole` -Specifies whether to grant the ability to create new roles with this role. - -Default value: `false`. - -##### `inherit` -Specifies whether to grant inherit capability for the new role. - -Default value: `true`. - -##### `login` -Specifies whether to grant login capability for the new role. - -Default value: `true`. - -##### `password_hash` -Sets the hash to use during password creation. If the password is not already pre-encrypted in a format that PostgreSQL supports, use the `postgresql_password` function to provide an MD5 hash here, for example: - -##### `update_password` -If set to true, updates the password on changes. Set this to false to not modify the role's password after creation. - -```puppet -postgresql::server::role { 'myusername': - password_hash => postgresql_password('myusername', 'mypassword'), -} -``` - -##### `replication` - -Provides provides replication capabilities for this role if set to `true`. - -Default value: `false`. - -##### `superuser` - -Specifies whether to grant super user capability for the new role. - -Default value: `false`. - -##### `username` - -Defines the username of the role to create. - -Default value: the namevar. - -#### postgresql::server::schema - -Creates a schema. - -##### `connect_settings` - -Specifies a hash of environment variables used when connecting to a remote server. - -Default value: Connects to the local Postgres instance. - -##### `db` - -Required. - -Sets the name of the database in which to create this schema. - -##### `owner` - -Sets the default owner of the schema. - -##### `schema` - -Sets the name of the schema. - -Default value: the namevar. - -#### postgresql::server::table_grant - -Manages grant-based access privileges for users. Consult the PostgreSQL documentation for `grant` for more information. - -##### `ensure` - -Specifies whether to grant or revoke the privilege. Default is to grant the privilege. - -Valid values: 'present', 'absent'. -* 'present' to grant the privilege -* 'absent' to revoke the privilege - -Default value: 'present'. - -##### `connect_settings` - -Specifies a hash of environment variables used when connecting to a remote server. - -Default value: Connects to the local Postgres instance. - -##### `db` - -Specifies which database the table is in. - -##### `privilege` - -Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER'. - -##### `psql_db` - -Specifies the database to execute the grant against. - -This should not ordinarily be changed from the default. - -Default value: 'postgres'. - -##### `psql_user` - -Specifies the OS user for running `psql`. - -Default value: The default user for the module, usually 'postgres'. - -##### `role` - -Specifies the role or user to whom you are granting access. - -##### `table` - -Specifies the table to which you are granting access. - -#### postgresql::server::tablespace - -Creates a tablespace. If necessary, also creates the location and assigns the same permissions as the PostgreSQL server. - -##### `connect_settings` - -Specifies a hash of environment variables used when connecting to a remote server. - -Default value: Connects to the local Postgres instance. - -##### `location` - -Specifies the path to locate this tablespace. - -##### `owner` - -Specifies the default owner of the tablespace. - -##### `spcname` - -Specifies the name of the tablespace. - -Default value: the namevar. - -### Types - -#### postgresql_psql - -Enables Puppet to run psql statements. - -##### `command` - -Required. - -Specifies the SQL command to execute via psql. - -##### `cwd` - -Specifies the working directory under which the psql command should be executed. - -Default value: '/tmp'. - -##### `db` - -Specifies the name of the database to execute the SQL command against. - -##### `environment` - -Specifies any additional environment variables you want to set for a SQL command. Multiple environment variables should be specified as an array. - -##### `name` - -Sets an arbitrary tag for your own reference; the name of the message. This is the namevar. - -##### `onlyif` - -Sets an optional SQL command to execute prior to the main command. This is generally intended to be used for idempotency, to check for the existence of an object in the database to determine whether or not the main SQL command needs to be executed at all. - -##### `port` - -Specifies the port of the database server to execute the SQL command against. - -##### `psql_group` - -Specifies the system user group account under which the psql command should be executed. - -Default value: 'postgres'. - -##### `psql_path` - -Specifies the path to psql executable. - -Default value: 'psql'. - -##### `psql_user` - -Specifies the system user account under which the psql command should be executed. - -Default value: 'postgres'. - -##### `refreshonly` - -Specifies whether to execute the SQL only if there is a notify or subscribe event. - -Valid values: `true`, `false`. - -Default value: `false`. - -##### `search_path` - -Defines the schema search path to use when executing the SQL command. - -##### `unless` - -The inverse of `onlyif`. - -#### postgresql_conf - -Allows Puppet to manage `postgresql.conf` parameters. - -##### `name` - -Specifies the PostgreSQL parameter name to manage. - -This is the namevar. - -##### `target` - -Specifies the path to `postgresql.conf`. - -Default value: '/etc/postgresql.conf'. - -##### `value` - -Specifies the value to set for this parameter. - -#### postgresql_replication_slot - -Allows you to create and destroy replication slots to register warm standby replication on a PostgreSQL master server. - -##### `name` - -Specifies the name of the slot to create. Must be a valid replication slot name. - -This is the namevar. - -##### `ensure` - -Required. - -Specifies the action to create or destroy named slot. - -Valid values: 'present', 'absent'. - -Default value: 'present'. - -#### postgresql_conn_validator - -Validate the connection to a local or remote PostgreSQL database using this type. - -##### `connect_settings` - -Specifies a hash of environment variables used when connecting to a remote server. This is an alternative to providing individual parameters (`host`, etc). If provided, the individual parameters take precedence. - -Default value: {} - -##### `db_name` - -Specifies the name of the database you wish to test. - -Default value: '' - -##### `db_password` - -Specifies the password to connect with. Can be left blank if `.pgpass` is being used, otherwise not recommended. - -Default value: '' - -##### `db_username` - -Specifies the username to connect with. - -Default value: '' - -When using a Unix socket and ident auth, this is the user you are running as. - -##### `command` - -This is the command run against the target database to verify connectivity. - -Default value: 'SELECT 1' - -##### `host` - -Sets the hostname of the database you wish to test. - -Default value: '', which generally uses the designated local Unix socket. - -**If the host is remote you must provide a username.** - -##### `port` - -Defines the port to use when connecting. - -Default value: '' - -##### `run_as` - -Specifies the user to run the `psql` command as. This is important when trying to connect to a database locally using Unix sockets and `ident` authentication. Not needed for remote testing. - -##### `sleep` - -Sets the number of seconds to sleep for before trying again after a failure. - -##### `tries` - -Sets the number of attempts after failure before giving up and failing the resource. - -### Functions - -#### postgresql_password - -Generates a PostgreSQL encrypted password, use `postgresql_password`. Call it from the command line and then copy and paste the encrypted password into your manifest: - -```shell -puppet apply --execute 'notify { 'test': message => postgresql_password('username', 'password') }' -``` - -Alternatively, you can call this from your production manifests, but the manifests will then contain a clear text version of your passwords. - -#### postgresql_acls_to_resources_hash(acl_array, id, order_offset) - -This internal function converts a list of `pg_hba.conf` based ACLs (passed in as an array of strings) to a format compatible with the `postgresql::pg_hba_rule` resource. - -**This function should only be used internally by the module**. - -### Tasks - -The Postgresql module has an example task that allows a user to execute arbitary SQL against a database. Please refer to to the [PE documentation](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html) or [Bolt documentation](https://puppet.com/docs/bolt/latest/bolt.html) on how to execute a task. - +For information on the classes and types, see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/REFERENCE.md) ## Limitations Works with versions of PostgreSQL from 8.1 through 9.5. -Currently, the postgresql module is tested on the following operating systems: - -* Debian 6.x, 7.x, 8.x. -* CentOS 5.x, 6.x, and 7.x. -* Ubuntu 10.04 and 12.04, 14.04. - -Other systems might be compatible, but are not being actively tested. +For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/metadata.json) ### Apt module support @@ -1922,9 +333,9 @@ While this module supports both 1.x and 2.x versions of the 'puppetlabs-apt' mod PostGIS is currently considered an unsupported feature, as it doesn't work on all platforms correctly. -### All versions of RHEL/CentOS +### All versions of RHEL/CentOS with manage_selinux => false -If you have SELinux enabled you must add any custom ports you use to the `postgresql_port_t` context. You can do this as follows: +If you have SELinux enabled and you are *not* using the selinux module to manage SELinux (this is the default configuration) you will need to label any custom ports you use with the `postgresql_port_t` context. The postgresql service will not start until this is done. To label a port use the semanage command as follows: ```shell semanage port -a -t postgresql_port_t -p tcp $customport @@ -1932,7 +343,7 @@ semanage port -a -t postgresql_port_t -p tcp $customport ## Development -Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. For more information, see our [module contribution guide](https://docs.puppetlabs.com/forge/contributing.html). +Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. For more information, see our [module contribution guide](https://puppet.com/docs/puppet/latest/contributing.html). ### Tests diff --git a/puppet/modules/postgresql/REFERENCE.md b/puppet/modules/postgresql/REFERENCE.md new file mode 100755 index 0000000..c68d934 --- /dev/null +++ b/puppet/modules/postgresql/REFERENCE.md @@ -0,0 +1,2917 @@ +# Reference + + +## Table of Contents + +**Classes** + +_Public Classes_ + +* [`postgresql::client`](#postgresqlclient): Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install. +* [`postgresql::globals`](#postgresqlglobals): Class for setting cross-class global overrides. +* [`postgresql::lib::devel`](#postgresqllibdevel): This class installs postgresql development libraries. +* [`postgresql::lib::docs`](#postgresqllibdocs): Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install. +* [`postgresql::lib::java`](#postgresqllibjava): This class installs the postgresql jdbc connector. +* [`postgresql::lib::perl`](#postgresqllibperl): This class installs the perl libs for postgresql. +* [`postgresql::lib::python`](#postgresqllibpython): This class installs the python libs for postgresql. +* [`postgresql::server`](#postgresqlserver): This installs a PostgreSQL server +* [`postgresql::server::contrib`](#postgresqlservercontrib): Install the contrib postgresql packaging. +* [`postgresql::server::plperl`](#postgresqlserverplperl): This class installs the PL/Perl procedural language for postgresql. +* [`postgresql::server::plpython`](#postgresqlserverplpython): This class installs the PL/Python procedural language for postgresql. +* [`postgresql::server::postgis`](#postgresqlserverpostgis): Install the postgis postgresql packaging. + +_Private Classes_ + +* `postgresql::params`: +* `postgresql::repo`: +* `postgresql::repo::apt_postgresql_org`: +* `postgresql::repo::yum_postgresql_org`: +* `postgresql::server::config`: +* `postgresql::server::initdb`: +* `postgresql::server::install`: +* `postgresql::server::passwd`: +* `postgresql::server::reload`: +* `postgresql::server::service`: + +**Defined types** + +* [`postgresql::server::config_entry`](#postgresqlserverconfig_entry): Manage a postgresql.conf entry. +* [`postgresql::server::database`](#postgresqlserverdatabase): Define for creating a database. +* [`postgresql::server::database_grant`](#postgresqlserverdatabase_grant): Manage a database grant. +* [`postgresql::server::db`](#postgresqlserverdb): Define for conveniently creating a role, database and assigning the correctpermissions. +* [`postgresql::server::extension`](#postgresqlserverextension): Activate an extension on a postgresql database. +* [`postgresql::server::grant`](#postgresqlservergrant): Define for granting permissions to roles. +* [`postgresql::server::grant_role`](#postgresqlservergrant_role): Define for granting membership to a role. +* [`postgresql::server::pg_hba_rule`](#postgresqlserverpg_hba_rule): This resource manages an individual rule that applies to the file defined in target. +* [`postgresql::server::pg_ident_rule`](#postgresqlserverpg_ident_rule): This resource manages an individual rule that applies to the file defined in target. +* [`postgresql::server::reassign_owned_by`](#postgresqlserverreassign_owned_by): Define for reassigning the ownership of objects within a database. +* [`postgresql::server::recovery`](#postgresqlserverrecovery): This resource manages the parameters that applies to the recovery.conf template. +* [`postgresql::server::role`](#postgresqlserverrole): Define for creating a database role. +* [`postgresql::server::schema`](#postgresqlserverschema): Create a new schema. +* [`postgresql::server::table_grant`](#postgresqlservertable_grant): This resource wraps the grant resource to manage table grants specifically. +* [`postgresql::server::tablespace`](#postgresqlservertablespace): This module creates tablespace. +* [`postgresql::validate_db_connection`](#postgresqlvalidate_db_connection): This type validates that a successful postgres connection. + +**Resource types** + +* [`postgresql_conf`](#postgresql_conf): This type allows puppet to manage postgresql.conf parameters. +* [`postgresql_conn_validator`](#postgresql_conn_validator): Verify if a connection can be successfully established +* [`postgresql_psql`](#postgresql_psql): An arbitrary tag for your own reference; the name of the message. +* [`postgresql_replication_slot`](#postgresql_replication_slot): Manages Postgresql replication slots. + +**Functions** + +_Public Functions_ + +* [`postgresql::default`](#postgresqldefault): This function pull default values from the `params` class or `globals` class if the value is not present in `params`. +* [`postgresql::postgresql_escape`](#postgresqlpostgresql_escape): This function escapes a string using [Dollar Quoting](https://www.postgresql.org/docs/12/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING) using a randomly generated tag if required. +* [`postgresql::postgresql_password`](#postgresqlpostgresql_password): This function returns the postgresql password hash from the clear text username / password +* [`postgresql_escape`](#postgresql_escape): DEPRECATED. Use the namespaced function [`postgresql::postgresql_escape`](#postgresqlpostgresql_escape) instead. +* [`postgresql_password`](#postgresql_password): DEPRECATED. Use the namespaced function [`postgresql::postgresql_password`](#postgresqlpostgresql_password) instead. + +_Private Functions_ + +* `postgresql::postgresql_acls_to_resources_hash`: This internal function translates the ipv(4|6)acls format into a resource suitable for create_resources. + +**Tasks** + +* [`sql`](#sql): Allows you to execute arbitary SQL + +## Classes + +### postgresql::client + +Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install. + +* **Note** Make sure to add any necessary yum or apt repositories if specifying a custom version. + +#### Parameters + +The following parameters are available in the `postgresql::client` class. + +##### `file_ensure` + +Data type: `Enum['file', 'absent']` + +Ensure the connection validation script is present + +Default value: 'file' + +##### `validcon_script_path` + +Data type: `Stdlib::Absolutepath` + +Optional. Absolute path for the postgresql connection validation script. + +Default value: $postgresql::params::validcon_script_path + +##### `package_name` + +Data type: `String[1]` + +Sets the name of the PostgreSQL client package. + +Default value: $postgresql::params::client_package_name + +##### `package_ensure` + +Data type: `String[1]` + +Ensure the client package is installed + +Default value: 'present' + +### postgresql::globals + +Class for setting cross-class global overrides. + +* **Note** Most server-specific defaults should be overridden in the postgresql::server class. +This class should be used only if you are using a non-standard OS, or if you are changing elements that can only be changed here, such as version or manage_package_repo. + +#### Parameters + +The following parameters are available in the `postgresql::globals` class. + +##### `client_package_name` + +Data type: `Any` + +Overrides the default PostgreSQL client package name. + +Default value: `undef` + +##### `server_package_name` + +Data type: `Any` + +Overrides the default PostgreSQL server package name. + +Default value: `undef` + +##### `contrib_package_name` + +Data type: `Any` + +Overrides the default PostgreSQL contrib package name. + +Default value: `undef` + +##### `devel_package_name` + +Data type: `Any` + +Overrides the default PostgreSQL devel package name. + +Default value: `undef` + +##### `java_package_name` + +Data type: `Any` + +Overrides the default PostgreSQL java package name. + +Default value: `undef` + +##### `docs_package_name` + +Data type: `Any` + +Overrides the default PostgreSQL docs package name. + +Default value: `undef` + +##### `perl_package_name` + +Data type: `Any` + +Overrides the default PostgreSQL Perl package name. + +Default value: `undef` + +##### `plperl_package_name` + +Data type: `Any` + +Overrides the default PostgreSQL PL/Perl package name. + +Default value: `undef` + +##### `plpython_package_name` + +Data type: `Any` + +Overrides the default PostgreSQL PL/Python package name. + +Default value: `undef` + +##### `python_package_name` + +Data type: `Any` + +Overrides the default PostgreSQL Python package name. + +Default value: `undef` + +##### `postgis_package_name` + +Data type: `Any` + +Overrides the default PostgreSQL PostGIS package name. + +Default value: `undef` + +##### `service_name` + +Data type: `Any` + +Overrides the default PostgreSQL service name. + +Default value: `undef` + +##### `service_provider` + +Data type: `Any` + +Overrides the default PostgreSQL service provider. + +Default value: `undef` + +##### `service_status` + +Data type: `Any` + +Overrides the default status check command for your PostgreSQL service. + +Default value: `undef` + +##### `default_database` + +Data type: `Any` + +Specifies the name of the default database to connect with. + +Default value: `undef` + +##### `validcon_script_path` + +Data type: `Any` + +Scipt path for the connection validation check. + +Default value: `undef` + +##### `initdb_path` + +Data type: `Any` + +Path to the initdb command. + +Default value: `undef` + +##### `createdb_path` + +Data type: `Any` + +Deprecated. Path to the createdb command. + +Default value: `undef` + +##### `psql_path` + +Data type: `Any` + +Sets the path to the psql command. + +Default value: `undef` + +##### `pg_hba_conf_path` + +Data type: `Any` + +Specifies the path to your pg_hba.conf file. + +Default value: `undef` + +##### `pg_ident_conf_path` + +Data type: `Any` + +Specifies the path to your pg_ident.conf file. + +Default value: `undef` + +##### `postgresql_conf_path` + +Data type: `Any` + +Sets the path to your postgresql.conf file. + +Default value: `undef` + +##### `recovery_conf_path` + +Data type: `Any` + +Path to your recovery.conf file. + +Default value: `undef` + +##### `default_connect_settings` + +Data type: `Any` + +Default connection settings. + +Default value: {} + +##### `pg_hba_conf_defaults` + +Data type: `Any` + +Disables the defaults supplied with the module for pg_hba.conf if set to false. + +Default value: `undef` + +##### `datadir` + +Data type: `Any` + +Overrides the default PostgreSQL data directory for the target platform. +Changing the datadir after installation causes the server to come to a full stop before making the change. +For Red Hat systems, the data directory must be labeled appropriately for SELinux. +On Ubuntu, you must explicitly set needs_initdb = true to allow Puppet to initialize the database in the new datadir (needs_initdb defaults to true on other systems). +Warning! If datadir is changed from the default, Puppet does not manage purging of the original data directory, which causes it to fail if the data directory is changed back to the original + +Default value: `undef` + +##### `confdir` + +Data type: `Any` + +Overrides the default PostgreSQL configuration directory for the target platform. + +Default value: `undef` + +##### `bindir` + +Data type: `Any` + +Overrides the default PostgreSQL binaries directory for the target platform. + +Default value: `undef` + +##### `xlogdir` + +Data type: `Any` + +Overrides the default PostgreSQL xlog directory. + +Default value: `undef` + +##### `logdir` + +Data type: `Any` + +Overrides the default PostgreSQL log directory. + +Default value: `undef` + +##### `log_line_prefix` + +Data type: `Any` + +Overrides the default PostgreSQL log prefix. + +Default value: `undef` + +##### `user` + +Data type: `Any` + +Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. + +Default value: `undef` + +##### `group` + +Data type: `Any` + +Overrides the default postgres user group to be used for related files in the file system. + +Default value: `undef` + +##### `version` + +Data type: `Any` + +The version of PostgreSQL to install and manage. + +Default value: `undef` + +##### `postgis_version` + +Data type: `Any` + +Defines the version of PostGIS to install, if you install PostGIS. + +Default value: `undef` + +##### `repo_proxy` + +Data type: `Any` + +Sets the proxy option for the official PostgreSQL yum-repositories only. + +Default value: `undef` + +##### `repo_baseurl` + +Data type: `Any` + +Sets the baseurl for the PostgreSQL repository. Useful if you host your own mirror of the repository. + +Default value: `undef` + +##### `needs_initdb` + +Data type: `Any` + +Explicitly calls the initdb operation after the server package is installed and before the PostgreSQL service is started. + +Default value: `undef` + +##### `encoding` + +Data type: `Any` + +Sets the default encoding for all databases created with this module. +On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well. + +Default value: `undef` + +##### `locale` + +Data type: `Any` + +Sets the default database locale for all databases created with this module. +On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well. +On Debian, you'll need to ensure that the 'locales-all' package is installed for full functionality of PostgreSQL. + +Default value: `undef` + +##### `data_checksums` + +Data type: `Any` + +Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. +Warning: This option is used during initialization by initdb, and cannot be changed later. + +Default value: `undef` + +##### `timezone` + +Data type: `Any` + +Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information. + +Default value: `undef` + +##### `manage_pg_hba_conf` + +Data type: `Any` + +Allow Puppet to manage the pg_hba.conf file. + +Default value: `undef` + +##### `manage_pg_ident_conf` + +Data type: `Any` + +Allow Puppet to manage the pg_ident.conf file. + +Default value: `undef` + +##### `manage_recovery_conf` + +Data type: `Any` + +Allow Puppet to manage the recovery.conf file. + +Default value: `undef` + +##### `manage_datadir` + +Data type: `Any` + +Set to false if you have file{ $datadir: } already defined + +Default value: `undef` + +##### `manage_logdir` + +Data type: `Any` + +Set to false if you have file{ $logdir: } already defined + +Default value: `undef` + +##### `manage_xlogdir` + +Data type: `Any` + +Set to false if you have file{ $xlogdir: } already defined + +Default value: `undef` + +##### `manage_package_repo` + +Data type: `Any` + +Sets up official PostgreSQL repositories on your host if set to true. + +Default value: `undef` + +##### `module_workdir` + +Data type: `Any` + +Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option. + +Default value: `undef` + +##### `manage_selinux` + +Data type: `Any` + + + +Default value: `undef` + +### postgresql::lib::devel + +This class installs postgresql development libraries. + +#### Parameters + +The following parameters are available in the `postgresql::lib::devel` class. + +##### `package_name` + +Data type: `String` + +Override devel package name + +Default value: $postgresql::params::devel_package_name + +##### `package_ensure` + +Data type: `String[1]` + +Ensure the development libraries are installed + +Default value: 'present' + +##### `link_pg_config` + +Data type: `Boolean` + +If the bin directory used by the PostgreSQL page is not /usr/bin or /usr/local/bin, symlinks pg_config from the package's bin dir into usr/bin (not applicable to Debian systems). Set to false to disable this behavior. + +Default value: $postgresql::params::link_pg_config + +### postgresql::lib::docs + +Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install. + +* **Note** Make sure to add any necessary yum or apt repositories if specifying a custom version. + +#### Parameters + +The following parameters are available in the `postgresql::lib::docs` class. + +##### `package_name` + +Data type: `String` + +Specifies the name of the PostgreSQL docs package. + +Default value: $postgresql::params::docs_package_name + +##### `package_ensure` + +Data type: `String[1]` + +Whether the PostgreSQL docs package resource should be present. + +Default value: 'present' + +### postgresql::lib::java + +This class installs the postgresql jdbc connector. + +* **Note** Make sure to add any necessary yum or apt repositories if specifying a custom version. + +#### Parameters + +The following parameters are available in the `postgresql::lib::java` class. + +##### `package_name` + +Data type: `String` + +Specifies the name of the PostgreSQL java package. + +Default value: $postgresql::params::java_package_name + +##### `package_ensure` + +Data type: `String[1]` + +Specifies whether the package is present. + +Default value: 'present' + +### postgresql::lib::perl + +This class installs the perl libs for postgresql. + +#### Parameters + +The following parameters are available in the `postgresql::lib::perl` class. + +##### `package_name` + +Data type: `String` + +Specifies the name of the PostgreSQL perl package to install. + +Default value: $postgresql::params::perl_package_name + +##### `package_ensure` + +Data type: `String[1]` + +Ensure the perl libs for postgresql are installed. + +Default value: 'present' + +### postgresql::lib::python + +This class installs the python libs for postgresql. + +#### Parameters + +The following parameters are available in the `postgresql::lib::python` class. + +##### `package_name` + +Data type: `String[1]` + +The name of the PostgreSQL Python package. + +Default value: $postgresql::params::python_package_name + +##### `package_ensure` + +Data type: `String[1]` + +Ensure the python libs for postgresql are installed. + +Default value: 'present' + +### postgresql::server + +This installs a PostgreSQL server + +#### Parameters + +The following parameters are available in the `postgresql::server` class. + +##### `postgres_password` + +Data type: `Any` + +Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres database, with a user called postgres and no password. + +Default value: `undef` + +##### `package_name` + +Data type: `Any` + +Specifies the name of the package to use for installing the server software. + +Default value: $postgresql::params::server_package_name + +##### `package_ensure` + +Data type: `Any` + +Passes a value through to the package resource when creating the server instance. + +Default value: $postgresql::params::package_ensure + +##### `plperl_package_name` + +Data type: `Any` + +Sets the default package name for the PL/Perl extension. + +Default value: $postgresql::params::plperl_package_name + +##### `plpython_package_name` + +Data type: `Any` + +Sets the default package name for the PL/Python extension. + +Default value: $postgresql::params::plpython_package_name + +##### `service_ensure` + +Data type: `Any` + +Ensure service is installed + +Default value: $postgresql::params::service_ensure + +##### `service_enable` + +Data type: `Any` + +Enable the PostgreSQL service + +Default value: $postgresql::params::service_enable + +##### `service_manage` + +Data type: `Any` + +Defines whether or not Puppet should manage the service. + +Default value: $postgresql::params::service_manage + +##### `service_name` + +Data type: `Any` + +Overrides the default PostgreSQL service name. + +Default value: $postgresql::params::service_name + +##### `service_restart_on_change` + +Data type: `Any` + +Overrides the default behavior to restart your PostgreSQL service when a config entry has been changed that requires a service restart to become active. + +Default value: $postgresql::params::service_restart_on_change + +##### `service_provider` + +Data type: `Any` + +Overrides the default PostgreSQL service provider. + +Default value: $postgresql::params::service_provider + +##### `service_reload` + +Data type: `Any` + +Overrides the default reload command for your PostgreSQL service. + +Default value: $postgresql::params::service_reload + +##### `service_status` + +Data type: `Any` + +Overrides the default status check command for your PostgreSQL service. + +Default value: $postgresql::params::service_status + +##### `default_database` + +Data type: `Any` + +Specifies the name of the default database to connect with. On most systems this is 'postgres'. + +Default value: $postgresql::params::default_database + +##### `default_connect_settings` + +Data type: `Any` + +Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, such as postgresql::server::role. + +Default value: $postgresql::globals::default_connect_settings + +##### `listen_addresses` + +Data type: `Any` + +Address list on which the PostgreSQL service will listen + +Default value: $postgresql::params::listen_addresses + +##### `port` + +Data type: `Any` + +Specifies the port for the PostgreSQL server to listen on. Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change. +Default value: 5432. Meaning the Postgres server listens on TCP port 5432. + +Default value: $postgresql::params::port + +##### `ip_mask_deny_postgres_user` + +Data type: `Any` + +Specifies the IP mask from which remote connections should be denied for the postgres superuser. +Default value: '0.0.0.0/0', which denies any remote connection. + +Default value: $postgresql::params::ip_mask_deny_postgres_user + +##### `ip_mask_allow_all_users` + +Data type: `Any` + +Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP from remote machines. If you'd like to allow this, you can override this setting. +Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine on your local '192.168' subnet. +Default value: '127.0.0.1/32'. + +Default value: $postgresql::params::ip_mask_allow_all_users + +##### `ipv4acls` + +Data type: `Array[String[1]]` + +Lists strings for access control for connection method, users, databases, IPv4 addresses; + +Default value: $postgresql::params::ipv4acls + +##### `ipv6acls` + +Data type: `Array[String[1]]` + +Lists strings for access control for connection method, users, databases, IPv6 addresses. + +Default value: $postgresql::params::ipv6acls + +##### `initdb_path` + +Data type: `Any` + +Specifies the path to the initdb command. + +Default value: $postgresql::params::initdb_path + +##### `createdb_path` + +Data type: `Any` + +Deprecated. Specifies the path to the createdb command. + +Default value: $postgresql::params::createdb_path + +##### `psql_path` + +Data type: `Any` + +Specifies the path to the psql command. + +Default value: $postgresql::params::psql_path + +##### `pg_hba_conf_path` + +Data type: `Any` + +Specifies the path to your pg_hba.conf file. + +Default value: $postgresql::params::pg_hba_conf_path + +##### `pg_ident_conf_path` + +Data type: `Any` + +Specifies the path to your pg_ident.conf file. + +Default value: $postgresql::params::pg_ident_conf_path + +##### `postgresql_conf_path` + +Data type: `Any` + +Specifies the path to your postgresql.conf file. + +Default value: $postgresql::params::postgresql_conf_path + +##### `recovery_conf_path` + +Data type: `Any` + +Specifies the path to your recovery.conf file. + +Default value: $postgresql::params::recovery_conf_path + +##### `datadir` + +Data type: `Any` + +PostgreSQL data directory + +Default value: $postgresql::params::datadir + +##### `xlogdir` + +Data type: `Any` + +PostgreSQL xlog directory + +Default value: $postgresql::params::xlogdir + +##### `logdir` + +Data type: `Any` + +PostgreSQL log directory + +Default value: $postgresql::params::logdir + +##### `log_line_prefix` + +Data type: `Any` + +PostgreSQL log line prefix + +Default value: $postgresql::params::log_line_prefix + +##### `pg_hba_conf_defaults` + +Data type: `Any` + +If false, disables the defaults supplied with the module for pg_hba.conf. This is useful if you disagree with the defaults and wish to override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform basic psql operations for example. + +Default value: $postgresql::params::pg_hba_conf_defaults + +##### `user` + +Data type: `Any` + +Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. + +Default value: $postgresql::params::user + +##### `group` + +Data type: `Any` + +Overrides the default postgres user group to be used for related files in the file system. + +Default value: $postgresql::params::group + +##### `needs_initdb` + +Data type: `Any` + +Explicitly calls the initdb operation after server package is installed, and before the PostgreSQL service is started. + +Default value: $postgresql::params::needs_initdb + +##### `encoding` + +Data type: `Any` + +Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the template1 initialization, so it becomes a default outside of the module as well. + +Default value: $postgresql::params::encoding + +##### `locale` + +Data type: `Any` + +Sets the default database locale for all databases created with this module. On certain operating systems this is used during the template1 initialization as well, so it becomes a default outside of the module. + +Default value: $postgresql::params::locale + +##### `data_checksums` + +Data type: `Any` + +Boolean. Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. +Warning: This option is used during initialization by initdb, and cannot be changed later. If set, checksums are calculated for all objects, in all databases. + +Default value: $postgresql::params::data_checksums + +##### `timezone` + +Data type: `Any` + +Set timezone for the PostgreSQL instance + +Default value: $postgresql::params::timezone + +##### `manage_pg_hba_conf` + +Data type: `Any` + +Boolean. Whether to manage the pg_hba.conf. + +Default value: $postgresql::params::manage_pg_hba_conf + +##### `manage_pg_ident_conf` + +Data type: `Any` + +Boolean. Overwrites the pg_ident.conf file. + +Default value: $postgresql::params::manage_pg_ident_conf + +##### `manage_recovery_conf` + +Data type: `Any` + +Boolean. Specifies whether or not manage the recovery.conf. + +Default value: $postgresql::params::manage_recovery_conf + +##### `module_workdir` + +Data type: `Any` + +Working directory for the PostgreSQL module + +Default value: $postgresql::params::module_workdir + +##### `manage_datadir` + +Data type: `Any` + +Set to false if you have file{ $datadir: } already defined + +Default value: $postgresql::params::manage_datadir + +##### `manage_logdir` + +Data type: `Any` + +Set to false if you have file{ $logdir: } already defined + +Default value: $postgresql::params::manage_logdir + +##### `manage_xlogdir` + +Data type: `Any` + +Set to false if you have file{ $xlogdir: } already defined + +Default value: $postgresql::params::manage_xlogdir + +##### `roles` + +Data type: `Hash[String, Hash]` + +Specifies a hash from which to generate postgresql::server::role resources. + +Default value: {} + +##### `config_entries` + +Data type: `Hash[String, Any]` + +Specifies a hash from which to generate postgresql::server::config_entry resources. + +Default value: {} + +##### `pg_hba_rules` + +Data type: `Hash[String, Hash]` + +Specifies a hash from which to generate postgresql::server::pg_hba_rule resources. + +Default value: {} + +##### `version` + +Data type: `Any` + +Deprecated. Use postgresql::globals instead. Sets PostgreSQL version + +Default value: `undef` + +##### `extra_systemd_config` + +Data type: `Any` + +Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string + +Default value: $postgresql::params::extra_systemd_config + +##### `manage_selinux` + +Data type: `Boolean` + + + +Default value: $postgresql::params::manage_selinux + +##### `password_encryption` + +Data type: `Any` + + + +Default value: $postgresql::params::password_encryption + +### postgresql::server::contrib + +Install the contrib postgresql packaging. + +#### Parameters + +The following parameters are available in the `postgresql::server::contrib` class. + +##### `package_name` + +Data type: `String` + +The name of the PostgreSQL contrib package. + +Default value: $postgresql::params::contrib_package_name + +##### `package_ensure` + +Data type: `String[1]` + +Ensure the contrib package is installed. + +Default value: 'present' + +### postgresql::server::plperl + +This class installs the PL/Perl procedural language for postgresql. + +#### Parameters + +The following parameters are available in the `postgresql::server::plperl` class. + +##### `package_ensure` + +Data type: `Any` + +The ensure parameter passed on to PostgreSQL PL/Perl package resource. + +Default value: 'present' + +##### `package_name` + +Data type: `Any` + +The name of the PostgreSQL PL/Perl package. + +Default value: $postgresql::server::plperl_package_name + +### postgresql::server::plpython + +This class installs the PL/Python procedural language for postgresql. + +#### Parameters + +The following parameters are available in the `postgresql::server::plpython` class. + +##### `package_ensure` + +Data type: `Any` + +Specifies whether the package is present. + +Default value: 'present' + +##### `package_name` + +Data type: `Any` + +Specifies the name of the postgresql PL/Python package. + +Default value: $postgresql::server::plpython_package_name + +### postgresql::server::postgis + +Install the postgis postgresql packaging. + +#### Parameters + +The following parameters are available in the `postgresql::server::postgis` class. + +##### `package_name` + +Data type: `String` + +Sets the package name. + +Default value: $postgresql::params::postgis_package_name + +##### `package_ensure` + +Data type: `String[1]` + +Specifies if the package is present or not. + +Default value: 'present' + +## Defined types + +### postgresql::server::config_entry + +Manage a postgresql.conf entry. + +#### Parameters + +The following parameters are available in the `postgresql::server::config_entry` defined type. + +##### `ensure` + +Data type: `Any` + +Removes an entry if set to 'absent'. + +Default value: 'present' + +##### `value` + +Data type: `Any` + +Defines the value for the setting. + +Default value: `undef` + +##### `path` + +Data type: `Any` + +Path for postgresql.conf + +Default value: `false` + +### postgresql::server::database + +Define for creating a database. + +#### Parameters + +The following parameters are available in the `postgresql::server::database` defined type. + +##### `comment` + +Data type: `Any` + +Sets a comment on the database. + +Default value: `undef` + +##### `dbname` + +Data type: `Any` + +Sets the name of the database. + +Default value: $title + +##### `owner` + +Data type: `Any` + +Sets name of the database owner. + +Default value: `undef` + +##### `tablespace` + +Data type: `Any` + +Sets tablespace for where to create this database. + +Default value: `undef` + +##### `template` + +Data type: `Any` + +Specifies the name of the template database from which to build this database. Default value: 'template0'. + +Default value: 'template0' + +##### `encoding` + +Data type: `Any` + +Overrides the character set during creation of the database. + +Default value: $postgresql::server::encoding + +##### `locale` + +Data type: `Any` + +Overrides the locale during creation of the database. + +Default value: $postgresql::server::locale + +##### `istemplate` + +Data type: `Any` + +Defines the database as a template if set to true. + +Default value: `false` + +##### `connect_settings` + +Data type: `Any` + +Specifies a hash of environment variables used when connecting to a remote server. + +Default value: $postgresql::server::default_connect_settings + +### postgresql::server::database_grant + +Manage a database grant. + +#### Parameters + +The following parameters are available in the `postgresql::server::database_grant` defined type. + +##### `privilege` + +Data type: `Any` + +Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP'. + +##### `db` + +Data type: `Any` + +Specifies the database to which you are granting access. + +##### `role` + +Data type: `Any` + +Specifies the role or user whom you are granting access to. + +##### `ensure` + +Data type: `Any` + +Specifies whether to grant or revoke the privilege. Revoke or 'absent' works only in PostgreSQL version 9.1.24 or later. + +Default value: `undef` + +##### `psql_db` + +Data type: `Any` + +Defines the database to execute the grant against. This should not ordinarily be changed from the default + +Default value: `undef` + +##### `psql_user` + +Data type: `Any` + +Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'. + +Default value: `undef` + +##### `connect_settings` + +Data type: `Any` + +Specifies a hash of environment variables used when connecting to a remote server. + +Default value: `undef` + +### postgresql::server::db + +Define for conveniently creating a role, database and assigning the correctpermissions. + +#### Parameters + +The following parameters are available in the `postgresql::server::db` defined type. + +##### `user` + +Data type: `Any` + +User to create and assign access to the database upon creation. Mandatory. + +##### `password` + +Data type: `Any` + +Required Sets the password for the created user. + +##### `comment` + +Data type: `Any` + +Defines a comment to be stored about the database using the PostgreSQL COMMENT command. + +Default value: `undef` + +##### `dbname` + +Data type: `Any` + +Sets the name of the database to be created. + +Default value: $title + +##### `encoding` + +Data type: `Any` + +Overrides the character set during creation of the database. + +Default value: $postgresql::server::encoding + +##### `locale` + +Data type: `Any` + +Overrides the locale during creation of the database. + +Default value: $postgresql::server::locale + +##### `grant` + +Data type: `Any` + +Specifies the permissions to grant during creation. Default value: 'ALL'. + +Default value: 'ALL' + +##### `tablespace` + +Data type: `Any` + +Defines the name of the tablespace to allocate the created database to. + +Default value: `undef` + +##### `template` + +Data type: `Any` + +Specifies the name of the template database from which to build this database. Defaults value: template0. + +Default value: 'template0' + +##### `istemplate` + +Data type: `Any` + +Specifies that the database is a template, if set to true. + +Default value: `false` + +##### `owner` + +Data type: `Any` + +Sets a user as the owner of the database. + +Default value: `undef` + +### postgresql::server::extension + +Activate an extension on a postgresql database. + +#### Parameters + +The following parameters are available in the `postgresql::server::extension` defined type. + +##### `database` + +Data type: `Any` + +Specifies the database on which to activate the extension. + +##### `extension` + +Data type: `Any` + +Specifies the extension to activate. If left blank, uses the name of the resource. + +Default value: $name + +##### `schema` + +Data type: `Optional[String[1]]` + +Specifies the schema on which to activate the extension. + +Default value: `undef` + +##### `version` + +Data type: `Optional[String[1]]` + +Specifies the version of the extension which the database uses. When an extension package is updated, this does not automatically change the effective version in each database. +This needs be updated using the PostgreSQL-specific SQL ALTER EXTENSION... +version may be set to latest, in which case the SQL ALTER EXTENSION "extension" UPDATE is applied to this database (only). +version may be set to a specific version, in which case the extension is updated using ALTER EXTENSION "extension" UPDATE TO 'version' +eg. If extension is set to postgis and version is set to 2.3.3, this will apply the SQL ALTER EXTENSION "postgis" UPDATE TO '2.3.3' to this database only. +version may be omitted, in which case no ALTER EXTENSION... SQL is applied, and the version will be left unchanged. + +Default value: `undef` + +##### `ensure` + +Data type: `String[1]` + +Specifies whether to activate or deactivate the extension. Valid options: 'present' or 'absent'. + +Default value: 'present' + +##### `package_name` + +Data type: `Any` + +Specifies a package to install prior to activating the extension. + +Default value: `undef` + +##### `package_ensure` + +Data type: `Any` + +Overrides default package deletion behavior. By default, the package specified with package_name is installed when the extension is activated and removed when the extension is deactivated. To override this behavior, set the ensure value for the package. + +Default value: `undef` + +##### `port` + +Data type: `Optional[Integer]` + +Port to use when connecting. + +Default value: `undef` + +##### `connect_settings` + +Data type: `Any` + +Specifies a hash of environment variables used when connecting to a remote server. + +Default value: postgresql::default('default_connect_settings') + +##### `database_resource_name` + +Data type: `Any` + +Specifies the resource name of the DB being managed. Defaults to the parameter $database, if left blank. + +Default value: $database + +### postgresql::server::grant + +Define for granting permissions to roles. + +#### Parameters + +The following parameters are available in the `postgresql::server::grant` defined type. + +##### `role` + +Data type: `String` + +Specifies the role or user whom you are granting access to. + +##### `db` + +Data type: `String` + +Specifies the database to which you are granting access. + +##### `privilege` + +Data type: `String` + +Specifies the privilege to grant. Valid options: 'ALL', 'ALL PRIVILEGES' or 'object_type' dependent string. + +Default value: '' + +##### `object_type` + +Data type: `Pattern[#/(?i:^COLUMN$)/, + /(?i:^ALL SEQUENCES IN SCHEMA$)/, + /(?i:^ALL TABLES IN SCHEMA$)/, + /(?i:^DATABASE$)/, + #/(?i:^FOREIGN DATA WRAPPER$)/, + #/(?i:^FOREIGN SERVER$)/, + /(?i:^FUNCTION$)/, + /(?i:^LANGUAGE$)/, + #/(?i:^PROCEDURAL LANGUAGE$)/, + /(?i:^TABLE$)/, + #/(?i:^TABLESPACE$)/, + /(?i:^SCHEMA$)/, + /(?i:^SEQUENCE$)/ + #/(?i:^VIEW$)/ + ]` + +Specifies the type of object to which you are granting privileges. Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'. + +Default value: 'database' + +##### `object_name` + +Data type: `Optional[Variant[ + Array[String,2,2], + String[1]] + ]` + +Specifies name of object_type to which to grant access, can be either a string or a two element array. String: 'object_name' Array: ['schema_name', 'object_name'] + +Default value: `undef` + +##### `psql_db` + +Data type: `String` + +Specifies the database to execute the grant against. This should not ordinarily be changed from the default + +Default value: $postgresql::server::default_database + +##### `psql_user` + +Data type: `String` + +Sets the OS user to run psql. + +Default value: $postgresql::server::user + +##### `port` + +Data type: `Integer` + +Port to use when connecting. + +Default value: $postgresql::server::port + +##### `onlyif_exists` + +Data type: `Boolean` + +Create grant only if doesn't exist + +Default value: `false` + +##### `connect_settings` + +Data type: `Hash` + +Specifies a hash of environment variables used when connecting to a remote server. + +Default value: $postgresql::server::default_connect_settings + +##### `ensure` + +Data type: `Enum['present', + 'absent' + ]` + +Specifies whether to grant or revoke the privilege. Default is to grant the privilege. Valid values: 'present', 'absent'. + +Default value: 'present' + +##### `group` + +Data type: `String` + +Sets the OS group to run psql + +Default value: $postgresql::server::group + +##### `psql_path` + +Data type: `String` + +Sets the path to psql command + +Default value: $postgresql::server::psql_path + +##### `object_arguments` + +Data type: `Array[String[1],0]` + + + +Default value: [] + +### postgresql::server::grant_role + +Define for granting membership to a role. + +#### Parameters + +The following parameters are available in the `postgresql::server::grant_role` defined type. + +##### `group` + +Data type: `String[1]` + +Specifies the group role to which you are assigning a role. + +##### `role` + +Data type: `String[1]` + +Specifies the role you want to assign to a group. If left blank, uses the name of the resource. + +Default value: $name + +##### `ensure` + +Data type: `Enum['present', 'absent']` + +Specifies whether to grant or revoke the membership. Valid options: 'present' or 'absent'. + +Default value: 'present' + +##### `psql_db` + +Data type: `Any` + +Specifies the database to execute the grant against. This should not ordinarily be changed from the default + +Default value: $postgresql::server::default_database + +##### `psql_user` + +Data type: `Any` + +Sets the OS user to run psql. + +Default value: $postgresql::server::user + +##### `port` + +Data type: `Any` + +Port to use when connecting. + +Default value: $postgresql::server::port + +##### `connect_settings` + +Data type: `Any` + +Specifies a hash of environment variables used when connecting to a remote server. + +Default value: $postgresql::server::default_connect_settings + +### postgresql::server::pg_hba_rule + +This resource manages an individual rule that applies to the file defined in target. + +#### Parameters + +The following parameters are available in the `postgresql::server::pg_hba_rule` defined type. + +##### `type` + +Data type: `Enum['local', 'host', 'hostssl', 'hostnossl']` + +Sets the type of rule. +Enum['local','host','hostssl','hostnossl']. + +##### `database` + +Data type: `String` + +Sets a comma-separated list of databases that this rule matches. + +##### `user` + +Data type: `String` + +Sets a comma-separated list of users that this rule matches. + +##### `auth_method` + +Data type: `String` + +Provides the method that is used for authentication for the connection that this rule matches. Described further in the PostgreSQL pg_hba.conf documentation. + +##### `address` + +Data type: `Optional[String]` + +Sets a CIDR based address for this rule matching when the type is not 'local'. + +Default value: `undef` + +##### `description` + +Data type: `String` + +Defines a longer description for this rule, if required. This description is placed in the comments above the rule in pg_hba.conf. Default value: 'none'. + +Default value: 'none' + +##### `auth_option` + +Data type: `Optional[String]` + +For certain auth_method settings there are extra options that can be passed. Consult the PostgreSQL pg_hba.conf documentation for further details. + +Default value: `undef` + +##### `order` + +Data type: `Variant[String, Integer]` + +Sets an order for placing the rule in pg_hba.conf. This can be either a string or an integer. If it is an integer, it will be converted to a string by zero-padding it to three digits. E.g. 42 will be zero-padded to the string '042'. The pg_hba_rule fragments are sorted using the alpha sorting order. Default value: 150. + +Default value: 150 + +##### `target` + +Data type: `Stdlib::Absolutepath` + +Provides the target for the rule, and is generally an internal only property. Use with caution. + +Default value: $postgresql::server::pg_hba_conf_path + +##### `postgresql_version` + +Data type: `String` + +Manages pg_hba.conf without managing the entire PostgreSQL instance. + +Default value: $postgresql::server::_version + +### postgresql::server::pg_ident_rule + +This resource manages an individual rule that applies to the file defined in target. + +#### Parameters + +The following parameters are available in the `postgresql::server::pg_ident_rule` defined type. + +##### `map_name` + +Data type: `Any` + +Sets the name of the user map that is used to refer to this mapping in pg_hba.conf. + +##### `system_username` + +Data type: `Any` + +Specifies the operating system user name (the user name used to connect to the database). + +##### `database_username` + +Data type: `Any` + +Specifies the user name of the database user. The system_username is mapped to this user name. + +##### `description` + +Data type: `Any` + +Sets a longer description for this rule if required. This description is placed in the comments above the rule in pg_ident.conf. Default value: 'none'. + +Default value: 'none' + +##### `order` + +Data type: `Any` + +Defines an order for placing the mapping in pg_ident.conf. Default value: 150. + +Default value: '150' + +##### `target` + +Data type: `Any` + +Provides the target for the rule and is generally an internal only property. Use with caution. + +Default value: $postgresql::server::pg_ident_conf_path + +### postgresql::server::reassign_owned_by + +Define for reassigning the ownership of objects within a database. + +* **Note** This enables us to force the a particular ownership for objects within a database + +#### Parameters + +The following parameters are available in the `postgresql::server::reassign_owned_by` defined type. + +##### `old_role` + +Data type: `String` + +Specifies the role or user who is the current owner of the objects in the specified db + +##### `new_role` + +Data type: `String` + +Specifies the role or user who will be the new owner of these objects + +##### `db` + +Data type: `String` + +Specifies the database to which the 'REASSIGN OWNED' will be applied + +##### `psql_user` + +Data type: `String` + +Specifies the OS user for running psql. + +Default value: $postgresql::server::user + +##### `port` + +Data type: `Integer` + +Port to use when connecting. + +Default value: $postgresql::server::port + +##### `connect_settings` + +Data type: `Hash` + +Specifies a hash of environment variables used when connecting to a remote server. + +Default value: $postgresql::server::default_connect_settings + +### postgresql::server::recovery + +This resource manages the parameters that applies to the recovery.conf template. + +* **Note** Allows you to create the content for recovery.conf. For more details see the usage example and the PostgreSQL documentation. +Every parameter value is a string set in the template except recovery_target_inclusive, pause_at_recovery_target, standby_mode and recovery_min_apply_delay. +A detailed description of all listed parameters can be found in the PostgreSQL documentation. +Only the specified parameters are recognized in the template. The recovery.conf is only created if at least one parameter is set and manage_recovery_conf is set to true. + +#### Parameters + +The following parameters are available in the `postgresql::server::recovery` defined type. + +##### `restore_command` + +Data type: `Any` + +The shell command to execute to retrieve an archived segment of the WAL file series. + +Default value: `undef` + +##### `archive_cleanup_command` + +Data type: `Any` + +This optional parameter specifies a shell command that will be executed at every restartpoint. + +Default value: `undef` + +##### `recovery_end_command` + +Data type: `Any` + +This parameter specifies a shell command that will be executed once only at the end of recovery. + +Default value: `undef` + +##### `recovery_target_name` + +Data type: `Any` + +This parameter specifies the named restore point (created with pg_create_restore_point()) to which recovery will proceed. + +Default value: `undef` + +##### `recovery_target_time` + +Data type: `Any` + +This parameter specifies the time stamp up to which recovery will proceed. + +Default value: `undef` + +##### `recovery_target_xid` + +Data type: `Any` + +This parameter specifies the transaction ID up to which recovery will proceed. + +Default value: `undef` + +##### `recovery_target_inclusive` + +Data type: `Any` + +Specifies whether to stop just after the specified recovery target (true), or just before the recovery target (false). + +Default value: `undef` + +##### `recovery_target` + +Data type: `Any` + +This parameter specifies that recovery should end as soon as a consistent state is reached, i.e. as early as possible. + +Default value: `undef` + +##### `recovery_target_timeline` + +Data type: `Any` + +Specifies recovering into a particular timeline. + +Default value: `undef` + +##### `pause_at_recovery_target` + +Data type: `Any` + +Specifies whether recovery should pause when the recovery target is reached. + +Default value: `undef` + +##### `standby_mode` + +Data type: `Any` + +Specifies whether to start the PostgreSQL server as a standby. + +Default value: `undef` + +##### `primary_conninfo` + +Data type: `Any` + +Specifies a connection string to be used for the standby server to connect with the primary. + +Default value: `undef` + +##### `primary_slot_name` + +Data type: `Any` + +Optionally specifies an existing replication slot to be used when connecting to the primary via streaming replication to control resource removal on the upstream node. + +Default value: `undef` + +##### `trigger_file` + +Data type: `Any` + +Specifies a trigger file whose presence ends recovery in the standby. + +Default value: `undef` + +##### `recovery_min_apply_delay` + +Data type: `Any` + +This parameter allows you to delay recovery by a fixed period of time, measured in milliseconds if no unit is specified. + +Default value: `undef` + +##### `target` + +Data type: `Any` + +Provides the target for the rule, and is generally an internal only property. Use with caution. + +Default value: $postgresql::server::recovery_conf_path + +### postgresql::server::role + +Define for creating a database role. + +#### Parameters + +The following parameters are available in the `postgresql::server::role` defined type. + +##### `update_password` + +Data type: `Any` + +If set to true, updates the password on changes. Set this to false to not modify the role's password after creation. + +Default value: `true` + +##### `password_hash` + +Data type: `Any` + +Sets the hash to use during password creation. + +Default value: `false` + +##### `createdb` + +Data type: `Any` + +Specifies whether to grant the ability to create new databases with this role. + +Default value: `false` + +##### `createrole` + +Data type: `Any` + +Specifies whether to grant the ability to create new roles with this role. + +Default value: `false` + +##### `db` + +Data type: `Any` + +Database used to connect to. + +Default value: $postgresql::server::default_database + +##### `port` + +Data type: `Any` + +Port to use when connecting. + +Default value: `undef` + +##### `login` + +Data type: `Any` + +Specifies whether to grant login capability for the new role. + +Default value: `true` + +##### `inherit` + +Data type: `Any` + +Specifies whether to grant inherit capability for the new role. + +Default value: `true` + +##### `superuser` + +Data type: `Any` + +Specifies whether to grant super user capability for the new role. + +Default value: `false` + +##### `replication` + +Data type: `Any` + +Provides provides replication capabilities for this role if set to true. + +Default value: `false` + +##### `connection_limit` + +Data type: `Any` + +Specifies how many concurrent connections the role can make. Default value: '-1', meaning no limit. + +Default value: '-1' + +##### `username` + +Data type: `Any` + +Defines the username of the role to create. + +Default value: $title + +##### `connect_settings` + +Data type: `Any` + +Specifies a hash of environment variables used when connecting to a remote server. + +Default value: $postgresql::server::default_connect_settings + +##### `ensure` + +Data type: `Enum['present', 'absent']` + +Specify whether to create or drop the role. Specifying 'present' creates the role. Specifying 'absent' drops the role. + +Default value: 'present' + +##### `psql_user` + +Data type: `Any` + +Sets the OS user to run psql + +Default value: $postgresql::server::user + +##### `psql_group` + +Data type: `Any` + +Sets the OS group to run psql + +Default value: $postgresql::server::group + +##### `psql_path` + +Data type: `Any` + +Sets path to psql command + +Default value: $postgresql::server::psql_path + +##### `module_workdir` + +Data type: `Any` + +Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option. + +Default value: $postgresql::server::module_workdir + +### postgresql::server::schema + +Create a new schema. + +* **Note** The database must exist and the PostgreSQL user should have enough privileges + +#### Examples + +##### + +```puppet +postgresql::server::schema {'private': + db => 'template1', +} +``` + +#### Parameters + +The following parameters are available in the `postgresql::server::schema` defined type. + +##### `db` + +Data type: `Any` + +Required. Sets the name of the database in which to create this schema. + +Default value: $postgresql::server::default_database + +##### `owner` + +Data type: `Any` + +Sets the default owner of the schema. + +Default value: `undef` + +##### `schema` + +Data type: `Any` + +Sets the name of the schema. + +Default value: $title + +##### `connect_settings` + +Data type: `Any` + +Specifies a hash of environment variables used when connecting to a remote server. + +Default value: $postgresql::server::default_connect_settings + +### postgresql::server::table_grant + +This resource wraps the grant resource to manage table grants specifically. + +#### Parameters + +The following parameters are available in the `postgresql::server::table_grant` defined type. + +##### `privilege` + +Data type: `Any` + +Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER'. + +##### `table` + +Data type: `Any` + +Specifies the table to which you are granting access. + +##### `db` + +Data type: `Any` + +Specifies which database the table is in. + +##### `role` + +Data type: `Any` + +Specifies the role or user to whom you are granting access. + +##### `ensure` + +Data type: `Any` + +Specifies whether to grant or revoke the privilege. Default is to grant the privilege. + +Default value: `undef` + +##### `port` + +Data type: `Any` + +Port to use when connecting. + +Default value: `undef` + +##### `psql_db` + +Data type: `Any` + +Specifies the database to execute the grant against. This should not ordinarily be changed from the default. + +Default value: `undef` + +##### `psql_user` + +Data type: `Any` + +Specifies the OS user for running psql. + +Default value: `undef` + +##### `connect_settings` + +Data type: `Any` + +Specifies a hash of environment variables used when connecting to a remote server. + +Default value: `undef` + +##### `onlyif_exists` + +Data type: `Any` + +Create grant only if it doesn't exist. + +Default value: `false` + +### postgresql::server::tablespace + +This module creates tablespace. + +#### Parameters + +The following parameters are available in the `postgresql::server::tablespace` defined type. + +##### `location` + +Data type: `Any` + +Specifies the path to locate this tablespace. + +##### `manage_location` + +Data type: `Any` + +Set to false if you have file{ $location: } already defined + +Default value: `true` + +##### `owner` + +Data type: `Any` + +Specifies the default owner of the tablespace. + +Default value: `undef` + +##### `spcname` + +Data type: `Any` + +Specifies the name of the tablespace. + +Default value: $title + +##### `connect_settings` + +Data type: `Any` + +Specifies a hash of environment variables used when connecting to a remote server. + +Default value: $postgresql::server::default_connect_settings + +### postgresql::validate_db_connection + +This validated if the postgres connection can be established +between the node on which this resource is run and a specified postgres +instance (host/port/user/password/database name). + +#### Parameters + +The following parameters are available in the `postgresql::validate_db_connection` defined type. + +##### `database_host` + +Data type: `Any` + +Database host address + +Default value: `undef` + +##### `database_name` + +Data type: `Any` + +Specifies the name of the database you wish to test. + +Default value: `undef` + +##### `database_password` + +Data type: `Any` + +Specifies the password to connect with. + +Default value: `undef` + +##### `database_username` + +Data type: `Any` + +Specifies the username to connect with. + +Default value: `undef` + +##### `database_port` + +Data type: `Any` + +Defines the port to use when connecting. + +Default value: `undef` + +##### `connect_settings` + +Data type: `Any` + +Specifies a hash of environment variables used when connecting to a remote server. + +Default value: `undef` + +##### `run_as` + +Data type: `Any` + +Specifies the user to run the psql command as. + +Default value: `undef` + +##### `sleep` + +Data type: `Any` + +Sets the number of seconds to sleep for before trying again after a failure. + +Default value: 2 + +##### `tries` + +Data type: `Any` + +Sets the number of attempts after failure before giving up and failing the resource. + +Default value: 10 + +##### `create_db_first` + +Data type: `Any` + +Creates the database when obtaining a successful connection. + +Default value: `true` + +## Resource types + +### postgresql_conf + +This type allows puppet to manage postgresql.conf parameters. + +#### Properties + +The following properties are available in the `postgresql_conf` type. + +##### `ensure` + +Valid values: present, absent + +The basic property that the resource should be in. + +Default value: present + +##### `value` + +The value to set for this parameter. + +##### `target` + +The path to postgresql.conf + +#### Parameters + +The following parameters are available in the `postgresql_conf` type. + +##### `name` + +Valid values: %r{^[\w\.]+$} + +namevar + +The postgresql parameter name to manage. + +### postgresql_conn_validator + +Verify that a connection can be successfully established between a node +and the PostgreSQL server. Its primary use is as a precondition to +prevent configuration changes from being applied if the PostgreSQL +server cannot be reached, but it could potentially be used for other +purposes such as monitoring. + +#### Properties + +The following properties are available in the `postgresql_conn_validator` type. + +##### `ensure` + +Valid values: present, absent + +Ensure connection validation + +Default value: present + +#### Parameters + +The following parameters are available in the `postgresql_conn_validator` type. + +##### `name` + +namevar + +An arbitrary name used as the identity of the resource. + +##### `db_name` + +The name of the database you are trying to validate a connection with. + +##### `db_username` + +A user that has access to the target PostgreSQL database. + +##### `db_password` + +The password required to access the target PostgreSQL database. + +##### `host` + +The DNS name or IP address of the server where PostgreSQL should be running. + +##### `port` + +The port that the PostgreSQL server should be listening on. + +##### `connect_settings` + +Hash of environment variables for connection to a db. + +##### `sleep` + +The length of sleep time between connection tries. + +Default value: 2 + +##### `tries` + +The number of tries to validate the connection to the target PostgreSQL database. + +Default value: 10 + +##### `psql_path` + +Path to the psql command. + +##### `run_as` + +System user that will run the psql command. + +##### `command` + +Command to run against target database. + +Default value: SELECT 1 + +### postgresql_psql + +An arbitrary tag for your own reference; the name of the message. + +#### Properties + +The following properties are available in the `postgresql_psql` type. + +##### `command` + +The SQL command to execute via psql. + +#### Parameters + +The following parameters are available in the `postgresql_psql` type. + +##### `name` + +namevar + +An arbitrary tag for your own reference; the name of the message. + +##### `unless` + +An optional SQL command to execute prior to the main :command; +this is generally intended to be used for idempotency, to check +for the existence of an object in the database to determine whether +or not the main SQL command needs to be executed at all.' + +##### `onlyif` + +An optional SQL command to execute prior to the main :command; +this is generally intended to be used for idempotency, to check +for the existence of an object in the database to determine whether +or not the main SQL command needs to be executed at all. + +##### `connect_settings` + +Connection settings that will be used when connecting to postgres + +##### `db` + +The name of the database to execute the SQL command against, this overrides any PGDATABASE value in connect_settings + +##### `port` + +The port of the database server to execute the SQL command against, this overrides any PGPORT value in connect_settings. + +##### `search_path` + +The schema search path to use when executing the SQL command + +##### `psql_path` + +The path to psql executable. + +Default value: psql + +##### `psql_user` + +The system user account under which the psql command should be executed. + +Default value: postgres + +##### `psql_group` + +The system user group account under which the psql command should be executed. + +Default value: postgres + +##### `cwd` + +The working directory under which the psql command should be executed. + +Default value: /tmp + +##### `environment` + +Any additional environment variables you want to set for a +SQL command. Multiple environment variables should be +specified as an array. + +##### `refreshonly` + +Valid values: `true`, `false` + +If 'true', then the SQL will only be executed via a notify/subscribe event. + +Default value: `false` + +### postgresql_replication_slot + +This type allows to create and destroy replication slots +to register warm standby replication on a Postgresql +master server. + +#### Properties + +The following properties are available in the `postgresql_replication_slot` type. + +##### `ensure` + +Valid values: present, absent + +The basic property that the resource should be in. + +Default value: present + +#### Parameters + +The following parameters are available in the `postgresql_replication_slot` type. + +##### `name` + +Valid values: %r{^[a-z0-9_]+$} + +namevar + +The name of the slot to create. Must be a valid replication slot name. + +## Functions + +### postgresql::default + +Type: Puppet Language + +This function pull default values from the `params` class or `globals` class if the value is not present in `params`. + +#### Examples + +##### + +```puppet +postgresql::default('variable') +``` + +#### `postgresql::default(String $parameter_name)` + +The postgresql::default function. + +Returns: `Any` + +##### Examples + +###### + +```puppet +postgresql::default('variable') +``` + +##### `parameter_name` + +Data type: `String` + + + +### postgresql::postgresql_escape + +Type: Ruby 4.x API + +This function escapes a string using [Dollar Quoting](https://www.postgresql.org/docs/12/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING) using a randomly generated tag if required. + +#### `postgresql::postgresql_escape(String[1] $input_string)` + +The postgresql::postgresql_escape function. + +Returns: `String` A `Dollar Quoted` string + +##### `input_string` + +Data type: `String[1]` + +The unescaped string you want to escape using `dollar quoting` + +### postgresql::postgresql_password + +Type: Ruby 4.x API + +This function returns the postgresql password hash from the clear text username / password + +#### `postgresql::postgresql_password(Variant[String[1],Integer] $username, Variant[String[1],Integer] $password)` + +The postgresql::postgresql_password function. + +Returns: `String` The postgresql password hash from the clear text username / password. + +##### `username` + +Data type: `Variant[String[1],Integer]` + +The clear text `username` + +##### `password` + +Data type: `Variant[String[1],Integer]` + +The clear text `password` + +### postgresql_escape + +Type: Ruby 4.x API + +DEPRECATED. Use the namespaced function [`postgresql::postgresql_escape`](#postgresqlpostgresql_escape) instead. + +#### `postgresql_escape(Any *$args)` + +The postgresql_escape function. + +Returns: `Any` + +##### `*args` + +Data type: `Any` + + + +### postgresql_password + +Type: Ruby 4.x API + +DEPRECATED. Use the namespaced function [`postgresql::postgresql_password`](#postgresqlpostgresql_password) instead. + +#### `postgresql_password(Any *$args)` + +The postgresql_password function. + +Returns: `Any` + +##### `*args` + +Data type: `Any` + + + +## Tasks + +### sql + +Allows you to execute arbitary SQL + +**Supports noop?** false + +#### Parameters + +##### `database` + +Data type: `Optional[String[1]]` + +Database to connect to + +##### `host` + +Data type: `Optional[String[1]]` + +Hostname to connect to + +##### `password` + +Data type: `Optional[String[1]]` + +The password + +##### `port` + +Data type: `Optional[String[1]]` + +The port + +##### `sql` + +Data type: `String[1]` + +The SQL you want to execute + +##### `user` + +Data type: `Optional[String[1]]` + +The user + diff --git a/puppet/modules/postgresql/Rakefile b/puppet/modules/postgresql/Rakefile index d4e36da..96f6c89 100755 --- a/puppet/modules/postgresql/Rakefile +++ b/puppet/modules/postgresql/Rakefile @@ -1,6 +1,88 @@ +# frozen_string_literal: true + +require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any? require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-syntax/tasks/puppet-syntax' require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? +require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any? +require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any? + +def changelog_user + return unless Rake.application.top_level_tasks.include? "changelog" + returnVal = "puppetlabs" || JSON.load(File.read('metadata.json'))['author'] + raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil? + puts "GitHubChangelogGenerator user:#{returnVal}" + returnVal +end + +def changelog_project + return unless Rake.application.top_level_tasks.include? "changelog" + + returnVal = nil + returnVal ||= begin + metadata_source = JSON.load(File.read('metadata.json'))['source'] + metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z}) + + metadata_source_match && metadata_source_match[1] + end + + raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil? + + puts "GitHubChangelogGenerator project:#{returnVal}" + returnVal +end + +def changelog_future_release + return unless Rake.application.top_level_tasks.include? "changelog" + returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version'] + raise "unable to find the future_release (version) in metadata.json" if returnVal.nil? + puts "GitHubChangelogGenerator future_release:#{returnVal}" + returnVal +end PuppetLint.configuration.send('disable_relative') +if Bundler.rubygems.find_name('github_changelog_generator').any? + GitHubChangelogGenerator::RakeTask.new :changelog do |config| + raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil? + config.user = "#{changelog_user}" + config.project = "#{changelog_project}" + config.future_release = "#{changelog_future_release}" + config.exclude_labels = ['maintenance'] + config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)." + config.add_pr_wo_labels = true + config.issues = false + config.merge_prefix = "### UNCATEGORIZED PRS; GO LABEL THEM" + config.configure_sections = { + "Changed" => { + "prefix" => "### Changed", + "labels" => ["backwards-incompatible"], + }, + "Added" => { + "prefix" => "### Added", + "labels" => ["feature", "enhancement"], + }, + "Fixed" => { + "prefix" => "### Fixed", + "labels" => ["bugfix"], + }, + } + end +else + desc 'Generate a Changelog from GitHub' + task :changelog do + raise <= Gem::Version.new('2.2.2')" +EOM + end +end + diff --git a/puppet/modules/postgresql/functions/default.pp b/puppet/modules/postgresql/functions/default.pp new file mode 100755 index 0000000..7ce7684 --- /dev/null +++ b/puppet/modules/postgresql/functions/default.pp @@ -0,0 +1,15 @@ +# @summary This function pull default values from the `params` class or `globals` class if the value is not present in `params`. +# +# @example +# postgresql::default('variable') +# +function postgresql::default( + String $parameter_name +){ + include postgresql::params + + #search for the variable name in params first + #then fall back to globals if not found + pick( getvar("postgresql::params::${parameter_name}"), + "postgresql::globals::${parameter_name}") +} diff --git a/puppet/modules/postgresql/lib/puppet/functions/postgresql/postgresql_acls_to_resources_hash.rb b/puppet/modules/postgresql/lib/puppet/functions/postgresql/postgresql_acls_to_resources_hash.rb new file mode 100755 index 0000000..9625454 --- /dev/null +++ b/puppet/modules/postgresql/lib/puppet/functions/postgresql/postgresql_acls_to_resources_hash.rb @@ -0,0 +1,57 @@ +# @summary This internal function translates the ipv(4|6)acls format into a resource suitable for create_resources. +# @api private +Puppet::Functions.create_function(:'postgresql::postgresql_acls_to_resources_hash') do + # @param acls + # An array of strings that are pg_hba.conf rules. + # @param id + # An identifier that will be included in the namevar to provide uniqueness. + # @param offset + # An order offset, so you can start the order at an arbitrary starting point. + # + # @return [Hash] + # A hash that can be fed into create_resources to create multiple individual pg_hba_rule resources. + dispatch :default_impl do + param 'Array[String]', :acls + param 'String[1]', :id + param 'Integer[0]', :offset + end + + def default_impl(acls, id, offset) + resources = {} + acls.each do |acl| + index = acls.index(acl) + + parts = acl.split + + unless parts.length >= 4 + raise(Puppet::ParseError, "postgresql::postgresql_acls_to_resources_hash(): acl line #{index} does not " \ + 'have enough parts') + end + + resource = { + 'type' => parts[0], + 'database' => parts[1], + 'user' => parts[2], + 'order' => '%03d' % (offset + index), + } + if parts[0] == 'local' + resource['auth_method'] = parts[3] + if parts.length > 4 + resource['auth_option'] = parts.last(parts.length - 4).join(' ') + end + elsif parts[4] =~ %r{^\d} + resource['address'] = parts[3] + ' ' + parts[4] + resource['auth_method'] = parts[5] + + resource['auth_option'] = parts.last(parts.length - 6).join(' ') if parts.length > 6 + else + resource['address'] = parts[3] + resource['auth_method'] = parts[4] + + resource['auth_option'] = parts.last(parts.length - 5).join(' ') if parts.length > 5 + end + resources["postgresql class generated rule #{id} #{index}"] = resource + end + resources + end +end diff --git a/puppet/modules/postgresql/lib/puppet/functions/postgresql/postgresql_escape.rb b/puppet/modules/postgresql/lib/puppet/functions/postgresql/postgresql_escape.rb new file mode 100755 index 0000000..223ad70 --- /dev/null +++ b/puppet/modules/postgresql/lib/puppet/functions/postgresql/postgresql_escape.rb @@ -0,0 +1,30 @@ +require 'digest/md5' + +# @summary This function escapes a string using [Dollar Quoting](https://www.postgresql.org/docs/12/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING) using a randomly generated tag if required. +Puppet::Functions.create_function(:'postgresql::postgresql_escape') do + # @param input_string + # The unescaped string you want to escape using `dollar quoting` + # + # @return [String] + # A `Dollar Quoted` string + dispatch :default_impl do + param 'String[1]', :input_string + end + + def default_impl(input_string) + # Where allowed, just return the original string wrapped in `$$` + return "$$#{input_string}$$" unless tag_needed?(input_string) + + # Keep generating possible values for tag until we find one that doesn't appear in the input string + tag = Digest::MD5.hexdigest(input_string)[0..5].gsub(%r{\d}, '') + until input_string !~ %r{#{tag}} + tag = Digest::MD5.hexdigest(tag)[0..5].gsub(%r{\d}, '') + end + + "$#{tag}$#{input_string}$#{tag}$" + end + + def tag_needed?(input_string) + input_string =~ %r{\$\$} || input_string.end_with?('$') + end +end diff --git a/puppet/modules/postgresql/lib/puppet/functions/postgresql/postgresql_password.rb b/puppet/modules/postgresql/lib/puppet/functions/postgresql/postgresql_password.rb new file mode 100755 index 0000000..43b8bf8 --- /dev/null +++ b/puppet/modules/postgresql/lib/puppet/functions/postgresql/postgresql_password.rb @@ -0,0 +1,18 @@ +# @summary This function returns the postgresql password hash from the clear text username / password +Puppet::Functions.create_function(:'postgresql::postgresql_password') do + # @param username + # The clear text `username` + # @param password + # The clear text `password` + # + # @return [String] + # The postgresql password hash from the clear text username / password. + dispatch :default_impl do + param 'Variant[String[1],Integer]', :username + param 'Variant[String[1],Integer]', :password + end + + def default_impl(username, password) + 'md5' + Digest::MD5.hexdigest(password.to_s + username.to_s) + end +end diff --git a/puppet/modules/postgresql/lib/puppet/functions/postgresql_escape.rb b/puppet/modules/postgresql/lib/puppet/functions/postgresql_escape.rb new file mode 100755 index 0000000..1e366d2 --- /dev/null +++ b/puppet/modules/postgresql/lib/puppet/functions/postgresql_escape.rb @@ -0,0 +1,10 @@ +# @summary DEPRECATED. Use the namespaced function [`postgresql::postgresql_escape`](#postgresqlpostgresql_escape) instead. +Puppet::Functions.create_function(:postgresql_escape) do + dispatch :deprecation_gen do + repeated_param 'Any', :args + end + def deprecation_gen(*args) + call_function('deprecation', 'postgresql_escape', 'This method is deprecated, please use postgresql::postgresql_escape instead.') + call_function('postgresql::postgresql_escape', *args) + end +end diff --git a/puppet/modules/postgresql/lib/puppet/functions/postgresql_password.rb b/puppet/modules/postgresql/lib/puppet/functions/postgresql_password.rb new file mode 100755 index 0000000..e098ebe --- /dev/null +++ b/puppet/modules/postgresql/lib/puppet/functions/postgresql_password.rb @@ -0,0 +1,10 @@ +# @summary DEPRECATED. Use the namespaced function [`postgresql::postgresql_password`](#postgresqlpostgresql_password) instead. +Puppet::Functions.create_function(:postgresql_password) do + dispatch :deprecation_gen do + repeated_param 'Any', :args + end + def deprecation_gen(*args) + call_function('deprecation', 'postgresql_password', 'This method is deprecated, please use postgresql::postgresql_password instead.') + call_function('postgresql::postgresql_password', *args) + end +end diff --git a/puppet/modules/postgresql/lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb b/puppet/modules/postgresql/lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb deleted file mode 100755 index e9112ca..0000000 --- a/puppet/modules/postgresql/lib/puppet/parser/functions/postgresql_acls_to_resources_hash.rb +++ /dev/null @@ -1,75 +0,0 @@ -# postgresql_acls_to_resources_hash.rb -module Puppet::Parser::Functions - newfunction(:postgresql_acls_to_resources_hash, type: :rvalue, doc: <<-EOS - This internal function translates the ipv(4|6)acls format into a resource - suitable for create_resources. It is not intended to be used outside of the - postgresql internal classes/defined resources. - - This function accepts an array of strings that are pg_hba.conf rules. It - will return a hash that can be fed into create_resources to create multiple - individual pg_hba_rule resources. - - The second parameter is an identifier that will be included in the namevar - to provide uniqueness. It must be a string. - - The third parameter is an order offset, so you can start the order at an - arbitrary starting point. - EOS - ) do |args| - func_name = 'postgresql_acls_to_resources_hash()' - - if args.size != 3 - raise(Puppet::ParseError, "#{func_name}: Wrong number of arguments " \ - "given (#{args.size} for 3)") - end - - acls = args[0] - raise(Puppet::ParseError, "#{func_name}: first argument must be an array") \ - unless acls.instance_of? Array - - id = args[1] - raise(Puppet::ParseError, "#{func_name}: second argument must be a string") \ - unless id.instance_of? String - - offset = args[2].to_i - raise(Puppet::ParseError, "#{func_name}: third argument must be a number") \ - unless offset.is_a? Integer - - resources = {} - acls.each do |acl| - index = acls.index(acl) - - parts = acl.split - - unless parts.length >= 4 - raise(Puppet::ParseError, "#{func_name}: acl line #{index} does not " \ - 'have enough parts') - end - - resource = { - 'type' => parts[0], - 'database' => parts[1], - 'user' => parts[2], - 'order' => format('%03d', offset + index), # rubocop:disable Style/FormatString - } - if parts[0] == 'local' - resource['auth_method'] = parts[3] - if parts.length > 4 - resource['auth_option'] = parts.last(parts.length - 4).join(' ') - end - elsif parts[4] =~ %r{^\d} - resource['address'] = parts[3] + ' ' + parts[4] - resource['auth_method'] = parts[5] - - resource['auth_option'] = parts.last(parts.length - 6).join(' ') if parts.length > 6 - else - resource['address'] = parts[3] - resource['auth_method'] = parts[4] - - resource['auth_option'] = parts.last(parts.length - 5).join(' ') if parts.length > 5 - end - resources["postgresql class generated rule #{id} #{index}"] = resource - end - resources - end -end diff --git a/puppet/modules/postgresql/lib/puppet/parser/functions/postgresql_escape.rb b/puppet/modules/postgresql/lib/puppet/parser/functions/postgresql_escape.rb deleted file mode 100755 index 49d6d7e..0000000 --- a/puppet/modules/postgresql/lib/puppet/parser/functions/postgresql_escape.rb +++ /dev/null @@ -1,28 +0,0 @@ -require 'digest/md5' - -# postgresql_escape.rb -module Puppet::Parser::Functions - newfunction(:postgresql_escape, type: :rvalue, doc: <<-EOS - Safely escapes a string using $$ using a random tag which should be consistent - EOS - ) do |args| - - if args.size != 1 - raise(Puppet::ParseError, 'postgresql_escape(): Wrong number of arguments ' \ - "given (#{args.size} for 1)") - end - - password = args[0] - - if password !~ %r{\$\$} && password[-1] != '$' - retval = "$$#{password}$$" - else - escape = Digest::MD5.hexdigest(password)[0..5].gsub(%r{\d}, '') - until password !~ %r{#{escape}} - escape = Digest::MD5.hexdigest(escape)[0..5].gsub(%r{\d}, '') - end - retval = "$#{escape}$#{password}$#{escape}$" - end - retval - end -end diff --git a/puppet/modules/postgresql/lib/puppet/parser/functions/postgresql_password.rb b/puppet/modules/postgresql/lib/puppet/parser/functions/postgresql_password.rb deleted file mode 100755 index e53e5f9..0000000 --- a/puppet/modules/postgresql/lib/puppet/parser/functions/postgresql_password.rb +++ /dev/null @@ -1,21 +0,0 @@ -# hash a string as mysql's "PASSWORD()" function would do it -require 'digest/md5' - -# postgresql_password.rb -module Puppet::Parser::Functions - newfunction(:postgresql_password, type: :rvalue, doc: <<-EOS - Returns the postgresql password hash from the clear text username / password. - EOS - ) do |args| - - if args.size != 2 - raise(Puppet::ParseError, 'postgresql_password(): Wrong number of arguments ' \ - "given (#{args.size} for 2)") - end - - username = args[0] - password = args[1] - - 'md5' + Digest::MD5.hexdigest(password.to_s + username.to_s) - end -end diff --git a/puppet/modules/postgresql/lib/puppet/provider/postgresql_psql/ruby.rb b/puppet/modules/postgresql/lib/puppet/provider/postgresql_psql/ruby.rb index 45e7b07..dfad4cd 100755 --- a/puppet/modules/postgresql/lib/puppet/provider/postgresql_psql/ruby.rb +++ b/puppet/modules/postgresql/lib/puppet/provider/postgresql_psql/ruby.rb @@ -1,4 +1,5 @@ Puppet::Type.type(:postgresql_psql).provide(:ruby) do + desc 'Postgres psql provider' def run_unless_sql_command(sql) # for the 'unless' queries, we wrap the user's query in a 'SELECT COUNT', # which makes it easier to parse and process the output. @@ -13,7 +14,7 @@ def run_sql_command(sql) command = [resource[:psql_path]] command.push('-d', resource[:db]) if resource[:db] command.push('-p', resource[:port]) if resource[:port] - command.push('-t', '-c', '"' + sql.gsub('"', '\"') + '"') + command.push('-t', '-X', '-c', '"' + sql.gsub('"', '\"') + '"') environment = get_environment @@ -55,23 +56,12 @@ def get_environment # rubocop:disable Style/AccessorMethodName : Refactor does n def run_command(command, user, group, environment) command = command.join ' ' - if Puppet::PUPPETVERSION.to_f < 3.0 - require 'puppet/util/execution' - Puppet::Util::Execution.withenv environment do - Puppet::Util::SUIDManager.run_and_capture(command, user, group) - end - elsif Puppet::PUPPETVERSION.to_f < 3.4 - Puppet::Util.withenv environment do - Puppet::Util::SUIDManager.run_and_capture(command, user, group) - end - else - output = Puppet::Util::Execution.execute(command, uid: user, - gid: group, - failonfail: false, - combine: true, - override_locale: true, - custom_environment: environment) - [output, $CHILD_STATUS.dup] - end + output = Puppet::Util::Execution.execute(command, uid: user, + gid: group, + failonfail: false, + combine: true, + override_locale: true, + custom_environment: environment) + [output, $CHILD_STATUS.dup] end end diff --git a/puppet/modules/postgresql/lib/puppet/provider/postgresql_replication_slot/ruby.rb b/puppet/modules/postgresql/lib/puppet/provider/postgresql_replication_slot/ruby.rb index b120038..d163f40 100755 --- a/puppet/modules/postgresql/lib/puppet/provider/postgresql_replication_slot/ruby.rb +++ b/puppet/modules/postgresql/lib/puppet/provider/postgresql_replication_slot/ruby.rb @@ -1,5 +1,5 @@ Puppet::Type.type(:postgresql_replication_slot).provide(:ruby) do - # For confinement + desc 'For confinement' commands psql: 'psql' def self.instances @@ -44,16 +44,12 @@ def self.run_sql_command(sql) end def self.run_command(command, user, group) - if Puppet::PUPPETVERSION.to_f < 3.4 - Puppet::Util::SUIDManager.run_and_capture(command, user, group) - else - output = Puppet::Util::Execution.execute(command, uid: user, - gid: group, - failonfail: false, - combine: true, - override_locale: true, - custom_environment: {}) - [output, $CHILD_STATUS.dup] - end + output = Puppet::Util::Execution.execute(command, uid: user, + gid: group, + failonfail: false, + combine: true, + override_locale: true, + custom_environment: {}) + [output, $CHILD_STATUS.dup] end end diff --git a/puppet/modules/postgresql/lib/puppet/type/postgresql_conn_validator.rb b/puppet/modules/postgresql/lib/puppet/type/postgresql_conn_validator.rb index 8a07c6c..e617e35 100755 --- a/puppet/modules/postgresql/lib/puppet/type/postgresql_conn_validator.rb +++ b/puppet/modules/postgresql/lib/puppet/type/postgresql_conn_validator.rb @@ -1,11 +1,16 @@ Puppet::Type.newtype(:postgresql_conn_validator) do - @doc = "Verify that a connection can be successfully established between a node + @doc = <<-EOS + @summary Verify if a connection can be successfully established + + Verify that a connection can be successfully established between a node and the PostgreSQL server. Its primary use is as a precondition to prevent configuration changes from being applied if the PostgreSQL server cannot be reached, but it could potentially be used for other - purposes such as monitoring." + purposes such as monitoring. + EOS ensurable do + desc 'Ensure connection validation' defaultvalues defaultto :present end diff --git a/puppet/modules/postgresql/lib/puppet/type/postgresql_psql.rb b/puppet/modules/postgresql/lib/puppet/type/postgresql_psql.rb index a96ea78..715c4ce 100755 --- a/puppet/modules/postgresql/lib/puppet/type/postgresql_psql.rb +++ b/puppet/modules/postgresql/lib/puppet/type/postgresql_psql.rb @@ -26,10 +26,12 @@ def sync end newparam(:unless) do - desc 'An optional SQL command to execute prior to the main :command; ' \ - 'this is generally intended to be used for idempotency, to check ' \ - 'for the existence of an object in the database to determine whether ' \ - 'or not the main SQL command needs to be executed at all.' + desc <<-DOC + An optional SQL command to execute prior to the main :command; + this is generally intended to be used for idempotency, to check + for the existence of an object in the database to determine whether + or not the main SQL command needs to be executed at all.' + DOC # Return true if a matching row is found def matches(value) @@ -45,10 +47,12 @@ def matches(value) end newparam(:onlyif) do - desc 'An optional SQL command to execute prior to the main :command; ' \ - 'this is generally intended to be used for idempotency, to check ' \ - 'for the existence of an object in the database to determine whether ' \ - 'or not the main SQL command needs to be executed at all.' + desc <<-DOC + An optional SQL command to execute prior to the main :command; + this is generally intended to be used for idempotency, to check + for the existence of an object in the database to determine whether + or not the main SQL command needs to be executed at all. + DOC # Return true if a matching row is found def matches(value) diff --git a/puppet/modules/postgresql/lib/puppet/type/postgresql_replication_slot.rb b/puppet/modules/postgresql/lib/puppet/type/postgresql_replication_slot.rb index c489cc3..bfca4a7 100755 --- a/puppet/modules/postgresql/lib/puppet/type/postgresql_replication_slot.rb +++ b/puppet/modules/postgresql/lib/puppet/type/postgresql_replication_slot.rb @@ -1,10 +1,11 @@ Puppet::Type.newtype(:postgresql_replication_slot) do - @doc = "Manages Postgresql replication slots. + @doc = <<-EOS +@summary Manages Postgresql replication slots. This type allows to create and destroy replication slots to register warm standby replication on a Postgresql master server. -" +EOS ensurable diff --git a/puppet/modules/postgresql/manifests/client.pp b/puppet/modules/postgresql/manifests/client.pp index 7e6da1c..2235f68 100755 --- a/puppet/modules/postgresql/manifests/client.pp +++ b/puppet/modules/postgresql/manifests/client.pp @@ -1,4 +1,16 @@ -# Install client cli tool. See README.md for more details. +# @summary Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install. +# +# @note +# Make sure to add any necessary yum or apt repositories if specifying a custom version. +# +# @param file_ensure +# Ensure the connection validation script is present +# @param validcon_script_path +# Optional. Absolute path for the postgresql connection validation script. +# @param package_name +# Sets the name of the PostgreSQL client package. +# @param package_ensure +# Ensure the client package is installed class postgresql::client ( Enum['file', 'absent'] $file_ensure = 'file', Stdlib::Absolutepath $validcon_script_path = $postgresql::params::validcon_script_path, @@ -10,7 +22,7 @@ package { 'postgresql-client': ensure => $package_ensure, name => $package_name, - tag => 'postgresql', + tag => 'puppetlabs-postgresql', } } diff --git a/puppet/modules/postgresql/manifests/globals.pp b/puppet/modules/postgresql/manifests/globals.pp index a71253b..a2d6f3a 100755 --- a/puppet/modules/postgresql/manifests/globals.pp +++ b/puppet/modules/postgresql/manifests/globals.pp @@ -1,5 +1,89 @@ -# Class for setting cross-class global overrides. See README.md for more -# details. +# @summary Class for setting cross-class global overrides. +# +# @note +# Most server-specific defaults should be overridden in the postgresql::server class. +# This class should be used only if you are using a non-standard OS, or if you are changing elements that can only be changed here, such as version or manage_package_repo. +# +# +# @param client_package_name Overrides the default PostgreSQL client package name. +# @param server_package_name Overrides the default PostgreSQL server package name. +# @param contrib_package_name Overrides the default PostgreSQL contrib package name. +# @param devel_package_name Overrides the default PostgreSQL devel package name. +# @param java_package_name Overrides the default PostgreSQL java package name. +# @param docs_package_name Overrides the default PostgreSQL docs package name. +# @param perl_package_name Overrides the default PostgreSQL Perl package name. +# @param plperl_package_name Overrides the default PostgreSQL PL/Perl package name. +# @param plpython_package_name Overrides the default PostgreSQL PL/Python package name. +# @param python_package_name Overrides the default PostgreSQL Python package name. +# @param postgis_package_name Overrides the default PostgreSQL PostGIS package name. +# +# @param service_name Overrides the default PostgreSQL service name. +# @param service_provider Overrides the default PostgreSQL service provider. +# @param service_status Overrides the default status check command for your PostgreSQL service. +# @param default_database Specifies the name of the default database to connect with. +# +# @param validcon_script_path Scipt path for the connection validation check. +# +# @param initdb_path Path to the initdb command. +# @param createdb_path Deprecated. Path to the createdb command. +# @param psql_path Sets the path to the psql command. +# @param pg_hba_conf_path Specifies the path to your pg_hba.conf file. +# @param pg_ident_conf_path Specifies the path to your pg_ident.conf file. +# @param postgresql_conf_path Sets the path to your postgresql.conf file. +# @param recovery_conf_path Path to your recovery.conf file. +# @param default_connect_settings Default connection settings. +# +# @param pg_hba_conf_defaults Disables the defaults supplied with the module for pg_hba.conf if set to false. +# +# @param datadir +# Overrides the default PostgreSQL data directory for the target platform. +# Changing the datadir after installation causes the server to come to a full stop before making the change. +# For Red Hat systems, the data directory must be labeled appropriately for SELinux. +# On Ubuntu, you must explicitly set needs_initdb = true to allow Puppet to initialize the database in the new datadir (needs_initdb defaults to true on other systems). +# Warning! If datadir is changed from the default, Puppet does not manage purging of the original data directory, which causes it to fail if the data directory is changed back to the original +# +# @param confdir Overrides the default PostgreSQL configuration directory for the target platform. +# @param bindir Overrides the default PostgreSQL binaries directory for the target platform. +# @param xlogdir Overrides the default PostgreSQL xlog directory. +# @param logdir Overrides the default PostgreSQL log directory. +# @param log_line_prefix Overrides the default PostgreSQL log prefix. +# +# @param user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. +# @param group Overrides the default postgres user group to be used for related files in the file system. +# +# @param version The version of PostgreSQL to install and manage. +# @param postgis_version Defines the version of PostGIS to install, if you install PostGIS. +# @param repo_proxy Sets the proxy option for the official PostgreSQL yum-repositories only. +# +# @param repo_baseurl Sets the baseurl for the PostgreSQL repository. Useful if you host your own mirror of the repository. +# +# @param needs_initdb Explicitly calls the initdb operation after the server package is installed and before the PostgreSQL service is started. +# +# @param encoding +# Sets the default encoding for all databases created with this module. +# On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well. +# @param locale +# Sets the default database locale for all databases created with this module. +# On certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well. +# On Debian, you'll need to ensure that the 'locales-all' package is installed for full functionality of PostgreSQL. +# @param data_checksums +# Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. +# Warning: This option is used during initialization by initdb, and cannot be changed later. +# +# @param timezone Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information. +# +# @param manage_pg_hba_conf Allow Puppet to manage the pg_hba.conf file. +# @param manage_pg_ident_conf Allow Puppet to manage the pg_ident.conf file. +# @param manage_recovery_conf Allow Puppet to manage the recovery.conf file. +# +# @param manage_datadir Set to false if you have file{ $datadir: } already defined +# @param manage_logdir Set to false if you have file{ $logdir: } already defined +# @param manage_xlogdir Set to false if you have file{ $xlogdir: } already defined +# +# @param manage_package_repo Sets up official PostgreSQL repositories on your host if set to true. +# @param module_workdir Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option. +# +# class postgresql::globals ( $client_package_name = undef, $server_package_name = undef, @@ -37,6 +121,9 @@ $xlogdir = undef, $logdir = undef, $log_line_prefix = undef, + $manage_datadir = undef, + $manage_logdir = undef, + $manage_xlogdir = undef, $user = undef, $group = undef, @@ -56,6 +143,7 @@ $manage_pg_hba_conf = undef, $manage_pg_ident_conf = undef, $manage_recovery_conf = undef, + $manage_selinux = undef, $manage_package_repo = undef, $module_workdir = undef, @@ -65,6 +153,9 @@ $default_version = $::osfamily ? { /^(RedHat|Linux)/ => $::operatingsystem ? { 'Fedora' => $::operatingsystemrelease ? { + /^(31)$/ => '11.6', + /^(30)$/ => '11.2', + /^(29)$/ => '10.6', /^(28)$/ => '10.4', /^(26|27)$/ => '9.6', /^(24|25)$/ => '9.5', @@ -76,6 +167,7 @@ }, 'Amazon' => '9.2', default => $::operatingsystemrelease ? { + /^8\./ => '10', /^7\./ => '9.2', /^6\./ => '8.4', /^5\./ => '8.1', @@ -88,6 +180,7 @@ /^(wheezy|7\.)/ => '9.1', /^(jessie|8\.)/ => '9.4', /^(stretch|9\.)/ => '9.6', + /^(buster|10\.)/ => '11', default => undef, }, 'Ubuntu' => $::operatingsystemrelease ? { @@ -98,6 +191,7 @@ /^(16.04|16.10)$/ => '9.5', /^(17.04|17.10)$/ => '9.6', /^(18.04)$/ => '10', + /^(20.04)$/ => '12', default => undef, }, default => undef, @@ -115,9 +209,12 @@ }, 'Suse' => $::operatingsystem ? { 'SLES' => $::operatingsystemrelease ? { - /11\.[0-4]/ => '91', + /11\.[0-3]/ => '91', + /11\.4/ => '94', /12\.0/ => '93', - /12\.[1-2]/ => '94', + /12\.[1-3]/ => '94', + /12\.[4-5]/ => '10', + /15\.0/ => '10', default => '96', }, 'OpenSuSE' => $::operatingsystemrelease ? { @@ -145,6 +242,9 @@ '9.4' => '2.3', '9.5' => '2.3', '9.6' => '2.3', + '10' => '2.4', + '11' => '3.0', + '12' => '3.0', default => undef, } $globals_postgis_version = $postgis_version ? { diff --git a/puppet/modules/postgresql/manifests/lib/devel.pp b/puppet/modules/postgresql/manifests/lib/devel.pp index e6ff183..ee37509 100755 --- a/puppet/modules/postgresql/manifests/lib/devel.pp +++ b/puppet/modules/postgresql/manifests/lib/devel.pp @@ -1,5 +1,13 @@ -# This class installs postgresql development libraries. See README.md for more -# details. +# @summary This class installs postgresql development libraries. +# +# @param package_name +# Override devel package name +# @param package_ensure +# Ensure the development libraries are installed +# @param link_pg_config +# If the bin directory used by the PostgreSQL page is not /usr/bin or /usr/local/bin, symlinks pg_config from the package's bin dir into usr/bin (not applicable to Debian systems). Set to false to disable this behavior. +# +# class postgresql::lib::devel( String $package_name = $postgresql::params::devel_package_name, String[1] $package_ensure = 'present', @@ -13,7 +21,7 @@ package { 'postgresql-devel': ensure => $package_ensure, name => $package_name, - tag => 'postgresql', + tag => 'puppetlabs-postgresql', } if $link_pg_config { diff --git a/puppet/modules/postgresql/manifests/lib/docs.pp b/puppet/modules/postgresql/manifests/lib/docs.pp index f3c31ff..b3bd138 100755 --- a/puppet/modules/postgresql/manifests/lib/docs.pp +++ b/puppet/modules/postgresql/manifests/lib/docs.pp @@ -1,5 +1,14 @@ -# This class installs the postgresql-docs See README.md for more -# details. +# @summary Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install. +# +# @note +# Make sure to add any necessary yum or apt repositories if specifying a custom version. +# +# @param package_name +# Specifies the name of the PostgreSQL docs package. +# @param package_ensure +# Whether the PostgreSQL docs package resource should be present. +# +# class postgresql::lib::docs ( String $package_name = $postgresql::params::docs_package_name, String[1] $package_ensure = 'present', @@ -8,7 +17,7 @@ package { 'postgresql-docs': ensure => $package_ensure, name => $package_name, - tag => 'postgresql', + tag => 'puppetlabs-postgresql', } } diff --git a/puppet/modules/postgresql/manifests/lib/java.pp b/puppet/modules/postgresql/manifests/lib/java.pp index dc131d5..3fa98e1 100755 --- a/puppet/modules/postgresql/manifests/lib/java.pp +++ b/puppet/modules/postgresql/manifests/lib/java.pp @@ -1,5 +1,13 @@ -# This class installs the postgresql jdbc connector. See README.md for more -# details. +# @summary This class installs the postgresql jdbc connector. +# +# @note +# Make sure to add any necessary yum or apt repositories if specifying a custom version. +# +# @param package_name +# Specifies the name of the PostgreSQL java package. +# @param package_ensure +# Specifies whether the package is present. +# class postgresql::lib::java ( String $package_name = $postgresql::params::java_package_name, String[1] $package_ensure = 'present' @@ -8,7 +16,7 @@ package { 'postgresql-jdbc': ensure => $package_ensure, name => $package_name, - tag => 'postgresql', + tag => 'puppetlabs-postgresql', } } diff --git a/puppet/modules/postgresql/manifests/lib/perl.pp b/puppet/modules/postgresql/manifests/lib/perl.pp index 67fd4a2..782ddee 100755 --- a/puppet/modules/postgresql/manifests/lib/perl.pp +++ b/puppet/modules/postgresql/manifests/lib/perl.pp @@ -1,5 +1,10 @@ -# This class installs the perl libs for postgresql. See README.md for more -# details. +# @summary This class installs the perl libs for postgresql. +# +# @param package_name +# Specifies the name of the PostgreSQL perl package to install. +# @param package_ensure +# Ensure the perl libs for postgresql are installed. +# class postgresql::lib::perl( String $package_name = $postgresql::params::perl_package_name, String[1] $package_ensure = 'present' @@ -8,6 +13,7 @@ package { 'perl-DBD-Pg': ensure => $package_ensure, name => $package_name, + tag => 'puppetlabs-postgresql', } } diff --git a/puppet/modules/postgresql/manifests/lib/python.pp b/puppet/modules/postgresql/manifests/lib/python.pp index 590727d..7f7f0a8 100755 --- a/puppet/modules/postgresql/manifests/lib/python.pp +++ b/puppet/modules/postgresql/manifests/lib/python.pp @@ -1,5 +1,10 @@ -# This class installs the python libs for postgresql. See README.md for more -# details. +# @summary This class installs the python libs for postgresql. +# +# @param package_name +# The name of the PostgreSQL Python package. +# @param package_ensure +# Ensure the python libs for postgresql are installed. +# class postgresql::lib::python( String[1] $package_name = $postgresql::params::python_package_name, String[1] $package_ensure = 'present' @@ -8,6 +13,7 @@ package { 'python-psycopg2': ensure => $package_ensure, name => $package_name, + tag => 'puppetlabs-postgresql', } } diff --git a/puppet/modules/postgresql/manifests/params.pp b/puppet/modules/postgresql/manifests/params.pp index 4f6d285..15b72bd 100755 --- a/puppet/modules/postgresql/manifests/params.pp +++ b/puppet/modules/postgresql/manifests/params.pp @@ -1,4 +1,4 @@ -# PRIVATE CLASS: do not use directly +# @api private class postgresql::params inherits postgresql::globals { $version = $postgresql::globals::globals_version $postgis_version = $postgresql::globals::globals_postgis_version @@ -21,8 +21,14 @@ $manage_pg_hba_conf = pick($manage_pg_hba_conf, true) $manage_pg_ident_conf = pick($manage_pg_ident_conf, true) $manage_recovery_conf = pick($manage_recovery_conf, false) + $manage_selinux = pick($manage_selinux, false) $package_ensure = 'present' $module_workdir = pick($module_workdir,'/tmp') + $password_encryption = undef + $extra_systemd_config = '' + $manage_datadir = true + $manage_logdir = true + $manage_xlogdir = true # Amazon Linux's OS Family is 'Linux', operating system 'Amazon'. case $::osfamily { @@ -73,10 +79,33 @@ } $confdir = pick($confdir, $datadir) } + + case $::operatingsystem { + 'Amazon': { + $service_reload = "service ${service_name} reload" + $service_status = "service ${service_name} status" + } + + # RHEL 5 uses SysV init, RHEL 6 uses upstart. RHEL 7 and 8 both use systemd. + 'RedHat', 'CentOS', 'Scientific', 'OracleLinux': { + if $::operatingsystemrelease =~ /^[78].*/ { + $service_reload = "systemctl reload ${service_name}" + $service_status = "systemctl status ${service_name}" + } else { + $service_reload = "service ${service_name} reload" + $service_status = "service ${service_name} status" + } + } + + # Default will catch Fedora which uses systemd + default: { + $service_reload = "systemctl reload ${service_name}" + $service_status = "systemctl status ${service_name}" + } + } + $psql_path = pick($psql_path, "${bindir}/psql") - $service_status = $service_status - $service_reload = "service ${service_name} reload" $perl_package_name = pick($perl_package_name, 'perl-DBD-Pg') $python_package_name = pick($python_package_name, 'python-psycopg2') @@ -147,6 +176,8 @@ $contrib_package_name = pick($contrib_package_name, "postgresql-contrib-${version}") if $postgis_version and versioncmp($postgis_version, '2') < 0 { $postgis_package_name = pick($postgis_package_name, "postgresql-${version}-postgis") + } elsif $postgis_version and versioncmp($postgis_version, '3') >= 0 { + $postgis_package_name = pick($postgis_package_name, "postgresql-${version}-postgis-3") } else { $postgis_package_name = pick($postgis_package_name, "postgresql-${version}-postgis-${postgis_version}") } @@ -205,16 +236,16 @@ 'FreeBSD': { case $version { - '96', '10': { - $user = pick($user, 'postgres') - $group = pick($group, 'postgres') - $datadir = pick($datadir, "/var/db/postgres/data${version}") - } - default: { + '94', '95': { $user = pick($user, 'pgsql') $group = pick($group, 'pgsql') $datadir = pick($datadir, '/usr/local/pgsql/data') } + default: { + $user = pick($user, 'postgres') + $group = pick($group, 'postgres') + $datadir = pick($datadir, "/var/db/postgres/data${version}") + } } $link_pg_config = true diff --git a/puppet/modules/postgresql/manifests/repo.pp b/puppet/modules/postgresql/manifests/repo.pp index 5ec63c7..db00943 100755 --- a/puppet/modules/postgresql/manifests/repo.pp +++ b/puppet/modules/postgresql/manifests/repo.pp @@ -1,4 +1,4 @@ -# PRIVATE CLASS: do not use directly +# @api private class postgresql::repo ( $version = undef, $proxy = undef, diff --git a/puppet/modules/postgresql/manifests/repo/apt_postgresql_org.pp b/puppet/modules/postgresql/manifests/repo/apt_postgresql_org.pp index 1bbf620..794abba 100755 --- a/puppet/modules/postgresql/manifests/repo/apt_postgresql_org.pp +++ b/puppet/modules/postgresql/manifests/repo/apt_postgresql_org.pp @@ -1,4 +1,4 @@ -# PRIVATE CLASS: do not use directly +# @api private class postgresql::repo::apt_postgresql_org inherits postgresql::repo { include ::apt @@ -27,6 +27,6 @@ }, } - Apt::Source['apt.postgresql.org']->Package<|tag == 'postgresql'|> - Class['Apt::Update'] -> Package<|tag == 'postgresql'|> + Apt::Source['apt.postgresql.org']->Package<|tag == 'puppetlabs-postgresql'|> + Class['Apt::Update'] -> Package<|tag == 'puppetlabs-postgresql'|> } diff --git a/puppet/modules/postgresql/manifests/repo/yum_postgresql_org.pp b/puppet/modules/postgresql/manifests/repo/yum_postgresql_org.pp index 1ee8c9a..499dca2 100755 --- a/puppet/modules/postgresql/manifests/repo/yum_postgresql_org.pp +++ b/puppet/modules/postgresql/manifests/repo/yum_postgresql_org.pp @@ -1,4 +1,4 @@ -# PRIVATE CLASS: do not use directly +# @api private class postgresql::repo::yum_postgresql_org inherits postgresql::repo { $version_parts = split($postgresql::repo::version, '[.]') $package_version = "${version_parts[0]}${version_parts[1]}" @@ -32,5 +32,5 @@ proxy => $postgresql::repo::proxy, } - Yumrepo['yum.postgresql.org'] -> Package<|tag == 'postgresql'|> + Yumrepo['yum.postgresql.org'] -> Package<|tag == 'puppetlabs-postgresql'|> } diff --git a/puppet/modules/postgresql/manifests/server.pp b/puppet/modules/postgresql/manifests/server.pp index 2f2fe15..480a871 100755 --- a/puppet/modules/postgresql/manifests/server.pp +++ b/puppet/modules/postgresql/manifests/server.pp @@ -1,4 +1,82 @@ -# This installs a PostgreSQL server. See README.md for more details. +# @summary This installs a PostgreSQL server +# +# @param postgres_password Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres database, with a user called postgres and no password. +# @param package_name Specifies the name of the package to use for installing the server software. +# @param package_ensure Passes a value through to the package resource when creating the server instance. +# +# @param plperl_package_name Sets the default package name for the PL/Perl extension. +# @param plpython_package_name Sets the default package name for the PL/Python extension. +# +# @param service_ensure Ensure service is installed +# @param service_enable Enable the PostgreSQL service +# @param service_manage Defines whether or not Puppet should manage the service. +# @param service_name Overrides the default PostgreSQL service name. +# @param service_restart_on_change Overrides the default behavior to restart your PostgreSQL service when a config entry has been changed that requires a service restart to become active. +# @param service_provider Overrides the default PostgreSQL service provider. +# @param service_reload Overrides the default reload command for your PostgreSQL service. +# @param service_status Overrides the default status check command for your PostgreSQL service. +# @param default_database Specifies the name of the default database to connect with. On most systems this is 'postgres'. +# @param default_connect_settings Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, such as postgresql::server::role. +# +# @param listen_addresses Address list on which the PostgreSQL service will listen +# @param port Specifies the port for the PostgreSQL server to listen on. Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change. +# Default value: 5432. Meaning the Postgres server listens on TCP port 5432. +# +# @param ip_mask_deny_postgres_user Specifies the IP mask from which remote connections should be denied for the postgres superuser. +# Default value: '0.0.0.0/0', which denies any remote connection. +# +# @param ip_mask_allow_all_users Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP from remote machines. If you'd like to allow this, you can override this setting. +# Set to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine on your local '192.168' subnet. +# Default value: '127.0.0.1/32'. +# +# @param ipv4acls Lists strings for access control for connection method, users, databases, IPv4 addresses; +# @param ipv6acls Lists strings for access control for connection method, users, databases, IPv6 addresses. +# +# @param initdb_path Specifies the path to the initdb command. +# @param createdb_path Deprecated. Specifies the path to the createdb command. +# @param psql_path Specifies the path to the psql command. +# @param pg_hba_conf_path Specifies the path to your pg_hba.conf file. +# @param pg_ident_conf_path Specifies the path to your pg_ident.conf file. +# @param postgresql_conf_path Specifies the path to your postgresql.conf file. +# @param recovery_conf_path Specifies the path to your recovery.conf file. +# +# @param datadir PostgreSQL data directory +# @param xlogdir PostgreSQL xlog directory +# @param logdir PostgreSQL log directory +# +# @param log_line_prefix PostgreSQL log line prefix +# +# @param pg_hba_conf_defaults If false, disables the defaults supplied with the module for pg_hba.conf. This is useful if you disagree with the defaults and wish to override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform basic psql operations for example. +# +# @param user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. +# @param group Overrides the default postgres user group to be used for related files in the file system. +# +# @param needs_initdb Explicitly calls the initdb operation after server package is installed, and before the PostgreSQL service is started. +# +# @param encoding Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the template1 initialization, so it becomes a default outside of the module as well. +# @param locale Sets the default database locale for all databases created with this module. On certain operating systems this is used during the template1 initialization as well, so it becomes a default outside of the module. +# @param data_checksums Boolean. Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent. +# Warning: This option is used during initialization by initdb, and cannot be changed later. If set, checksums are calculated for all objects, in all databases. +# +# @param timezone Set timezone for the PostgreSQL instance +# +# @param manage_pg_hba_conf Boolean. Whether to manage the pg_hba.conf. +# @param manage_pg_ident_conf Boolean. Overwrites the pg_ident.conf file. +# @param manage_recovery_conf Boolean. Specifies whether or not manage the recovery.conf. +# @param module_workdir Working directory for the PostgreSQL module +# +# @param manage_datadir Set to false if you have file{ $datadir: } already defined +# @param manage_logdir Set to false if you have file{ $logdir: } already defined +# @param manage_xlogdir Set to false if you have file{ $xlogdir: } already defined +# +# @param roles Specifies a hash from which to generate postgresql::server::role resources. +# @param config_entries Specifies a hash from which to generate postgresql::server::config_entry resources. +# @param pg_hba_rules Specifies a hash from which to generate postgresql::server::pg_hba_rule resources. +# +# @param version Deprecated. Use postgresql::globals instead. Sets PostgreSQL version +# +# @param extra_systemd_config Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string +# class postgresql::server ( $postgres_password = undef, @@ -22,8 +100,8 @@ $port = $postgresql::params::port, $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user, $ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users, - $ipv4acls = $postgresql::params::ipv4acls, - $ipv6acls = $postgresql::params::ipv6acls, + Array[String[1]] $ipv4acls = $postgresql::params::ipv4acls, + Array[String[1]] $ipv6acls = $postgresql::params::ipv6acls, $initdb_path = $postgresql::params::initdb_path, $createdb_path = $postgresql::params::createdb_path, @@ -54,8 +132,15 @@ $manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf, $manage_pg_ident_conf = $postgresql::params::manage_pg_ident_conf, $manage_recovery_conf = $postgresql::params::manage_recovery_conf, + Boolean $manage_selinux = $postgresql::params::manage_selinux, $module_workdir = $postgresql::params::module_workdir, + $manage_datadir = $postgresql::params::manage_datadir, + $manage_logdir = $postgresql::params::manage_logdir, + $manage_xlogdir = $postgresql::params::manage_xlogdir, + $password_encryption = $postgresql::params::password_encryption, + $extra_systemd_config = $postgresql::params::extra_systemd_config, + Hash[String, Hash] $roles = {}, Hash[String, Any] $config_entries = {}, Hash[String, Hash] $pg_hba_rules = {}, @@ -63,8 +148,6 @@ #Deprecated $version = undef, ) inherits postgresql::params { - $pg = 'postgresql::server' - if $version != undef { warning('Passing "version" to postgresql::server is deprecated; please use postgresql::globals instead.') $_version = $version @@ -77,7 +160,9 @@ } # Reload has its own ordering, specified by other defines - class { "${pg}::reload": require => Class["${pg}::install"] } + class { 'postgresql::server::reload': + require => Class['postgresql::server::install'], + } contain postgresql::server::install contain postgresql::server::initdb diff --git a/puppet/modules/postgresql/manifests/server/config.pp b/puppet/modules/postgresql/manifests/server/config.pp index b5f42ff..93bc9b9 100755 --- a/puppet/modules/postgresql/manifests/server/config.pp +++ b/puppet/modules/postgresql/manifests/server/config.pp @@ -1,4 +1,4 @@ -# PRIVATE CLASS: do not call directly +# @api private class postgresql::server::config { $ip_mask_deny_postgres_user = $postgresql::server::ip_mask_deny_postgres_user $ip_mask_allow_all_users = $postgresql::server::ip_mask_allow_all_users @@ -22,6 +22,8 @@ $service_name = $postgresql::server::service_name $log_line_prefix = $postgresql::server::log_line_prefix $timezone = $postgresql::server::timezone + $password_encryption = $postgresql::server::password_encryption + $extra_systemd_config = $postgresql::server::extra_systemd_config if ($manage_pg_hba_conf == true) { # Prepare the main pg_hba file @@ -86,18 +88,16 @@ } } - # ipv4acls are passed as an array of rule strings, here we transform - # them into a resources hash, and pass the result to create_resources - $ipv4acl_resources = postgresql_acls_to_resources_hash($ipv4acls, - 'ipv4acls', 10) - create_resources('postgresql::server::pg_hba_rule', $ipv4acl_resources) - - - # ipv6acls are passed as an array of rule strings, here we transform - # them into a resources hash, and pass the result to create_resources - $ipv6acl_resources = postgresql_acls_to_resources_hash($ipv6acls, - 'ipv6acls', 102) - create_resources('postgresql::server::pg_hba_rule', $ipv6acl_resources) + # $ipv4acls and $ipv6acls are arrays of rule strings + # They are converted into hashes we can iterate over to create postgresql::server::pg_hba_rule resources. + ( + postgresql::postgresql_acls_to_resources_hash($ipv4acls, 'ipv4acls', 10) + + postgresql::postgresql_acls_to_resources_hash($ipv6acls, 'ipv6acls', 102) + ).each | String $key, Hash $attrs| { + postgresql::server::pg_hba_rule { $key: + * => $attrs, + } + } } if $listen_addresses { @@ -106,9 +106,46 @@ } } + # ensure that SELinux has a proper label for the port defined + if $postgresql::server::manage_selinux == true and $facts['selinux'] == true { + case $facts['osfamily'] { + 'RedHat', 'Linux': { + if $facts['operatingsystem'] == 'Amazon' { + $package_name = 'policycoreutils' + } + else { + $package_name = $facts['operatingsystemmajrelease'] ? { + '5' => 'policycoreutils', + '6' => 'policycoreutils-python', + '7' => 'policycoreutils-python', + default => 'policycoreutils-python-utils', + } + } + } + default: { + $package_name = 'policycoreutils' + } + } + + ensure_packages([$package_name]) + + exec { "/usr/sbin/semanage port -a -t postgresql_port_t -p tcp ${port}": + unless => "/usr/sbin/semanage port -l | grep -qw ${port}", + before => Postgresql::Server::Config_entry['port'], + require => Package[$package_name], + } + } + postgresql::server::config_entry { 'port': value => $port, } + + if ($password_encryption) and (versioncmp($version, '10') >= 0){ + postgresql::server::config_entry { 'password_encryption': + value => $password_encryption, + } + } + postgresql::server::config_entry { 'data_directory': value => $datadir, } @@ -132,7 +169,7 @@ # RedHat-based systems hardcode some PG* variables in the init script, and need to be overriden # in /etc/sysconfig/pgsql/postgresql. Create a blank file so we can manage it with augeas later. - if ($::osfamily == 'RedHat') and ($::operatingsystemrelease !~ /^7/) and ($::operatingsystem != 'Fedora') { + if ($::osfamily == 'RedHat') and ($::operatingsystemrelease !~ /^7|^8/) and ($::operatingsystem != 'Fedora') { file { '/etc/sysconfig/pgsql/postgresql': ensure => present, replace => false, @@ -162,7 +199,7 @@ } if $::osfamily == 'RedHat' { - if $::operatingsystemrelease =~ /^7/ or $::operatingsystem == 'Fedora' { + if $::operatingsystemrelease =~ /^7|^8/ or $::operatingsystem == 'Fedora' { # Template uses: # - $::operatingsystem # - $service_name diff --git a/puppet/modules/postgresql/manifests/server/config_entry.pp b/puppet/modules/postgresql/manifests/server/config_entry.pp index 5a4f83a..6b86f5f 100755 --- a/puppet/modules/postgresql/manifests/server/config_entry.pp +++ b/puppet/modules/postgresql/manifests/server/config_entry.pp @@ -1,4 +1,9 @@ -# Manage a postgresql.conf entry. See README.md for more details. +# @summary Manage a postgresql.conf entry. +# +# @param ensure Removes an entry if set to 'absent'. +# @param value Defines the value for the setting. +# @param path Path for postgresql.conf +# define postgresql::server::config_entry ( $ensure = 'present', $value = undef, @@ -112,7 +117,7 @@ } } if $::osfamily == 'RedHat' { - if ! ($::operatingsystemrelease =~ /^7/ or $::operatingsystem == 'Fedora') { + if ! ($::operatingsystemrelease =~ /^7|^8/ or $::operatingsystem == 'Fedora') { if $name == 'port' { # We need to force postgresql to stop before updating the port # because puppet becomes confused and is unable to manage the diff --git a/puppet/modules/postgresql/manifests/server/contrib.pp b/puppet/modules/postgresql/manifests/server/contrib.pp index 7e3426b..466a898 100755 --- a/puppet/modules/postgresql/manifests/server/contrib.pp +++ b/puppet/modules/postgresql/manifests/server/contrib.pp @@ -1,4 +1,9 @@ -# Install the contrib postgresql packaging. See README.md for more details. +# @summary Install the contrib postgresql packaging. +# +# @param package_name +# The name of the PostgreSQL contrib package. +# @param package_ensure +# Ensure the contrib package is installed. class postgresql::server::contrib ( String $package_name = $postgresql::params::contrib_package_name, String[1] $package_ensure = 'present' @@ -11,7 +16,7 @@ package { 'postgresql-contrib': ensure => $package_ensure, name => $package_name, - tag => 'postgresql', + tag => 'puppetlabs-postgresql', } anchor { 'postgresql::server::contrib::start': } diff --git a/puppet/modules/postgresql/manifests/server/database.pp b/puppet/modules/postgresql/manifests/server/database.pp index 057bc46..b0268f0 100755 --- a/puppet/modules/postgresql/manifests/server/database.pp +++ b/puppet/modules/postgresql/manifests/server/database.pp @@ -1,4 +1,14 @@ -# Define for creating a database. See README.md for more details. +# @summary Define for creating a database. +# +# @param comment Sets a comment on the database. +# @param dbname Sets the name of the database. +# @param owner Sets name of the database owner. +# @param tablespace Sets tablespace for where to create this database. +# @param template Specifies the name of the template database from which to build this database. Default value: 'template0'. +# @param encoding Overrides the character set during creation of the database. +# @param locale Overrides the locale during creation of the database. +# @param istemplate Defines the database as a template if set to true. +# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. define postgresql::server::database( $comment = undef, $dbname = $title, @@ -66,7 +76,7 @@ $tablespace_option = $tablespace ? { undef => '', - default => "TABLESPACE = \"${tablespace}\"", + default => "TABLESPACE \"${tablespace}\"", } if $createdb_path != undef { diff --git a/puppet/modules/postgresql/manifests/server/database_grant.pp b/puppet/modules/postgresql/manifests/server/database_grant.pp index 34a6953..373fa77 100755 --- a/puppet/modules/postgresql/manifests/server/database_grant.pp +++ b/puppet/modules/postgresql/manifests/server/database_grant.pp @@ -1,4 +1,12 @@ -# Manage a database grant. See README.md for more details. +# @summary Manage a database grant. +# +# @param privilege Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP'. +# @param db Specifies the database to which you are granting access. +# @param role Specifies the role or user whom you are granting access to. +# @param ensure Specifies whether to grant or revoke the privilege. Revoke or 'absent' works only in PostgreSQL version 9.1.24 or later. +# @param psql_db Defines the database to execute the grant against. This should not ordinarily be changed from the default +# @param psql_user Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'. +# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. define postgresql::server::database_grant( $privilege, $db, diff --git a/puppet/modules/postgresql/manifests/server/db.pp b/puppet/modules/postgresql/manifests/server/db.pp index 9b20928..98aa879 100755 --- a/puppet/modules/postgresql/manifests/server/db.pp +++ b/puppet/modules/postgresql/manifests/server/db.pp @@ -1,5 +1,16 @@ -# Define for conveniently creating a role, database and assigning the correct -# permissions. See README.md for more details. +# @summary Define for conveniently creating a role, database and assigning the correctpermissions. +# +# @param user User to create and assign access to the database upon creation. Mandatory. +# @param password Required Sets the password for the created user. +# @param comment Defines a comment to be stored about the database using the PostgreSQL COMMENT command. +# @param dbname Sets the name of the database to be created. +# @param encoding Overrides the character set during creation of the database. +# @param locale Overrides the locale during creation of the database. +# @param grant Specifies the permissions to grant during creation. Default value: 'ALL'. +# @param tablespace Defines the name of the tablespace to allocate the created database to. +# @param template Specifies the name of the template database from which to build this database. Defaults value: template0. +# @param istemplate Specifies that the database is a template, if set to true. +# @param owner Sets a user as the owner of the database. define postgresql::server::db ( $user, $password, diff --git a/puppet/modules/postgresql/manifests/server/extension.pp b/puppet/modules/postgresql/manifests/server/extension.pp index 9fb100c..71b11d8 100755 --- a/puppet/modules/postgresql/manifests/server/extension.pp +++ b/puppet/modules/postgresql/manifests/server/extension.pp @@ -1,4 +1,21 @@ -# Activate an extension on a postgresql database +# @summary Activate an extension on a postgresql database. +# +# @param database Specifies the database on which to activate the extension. +# @param extension Specifies the extension to activate. If left blank, uses the name of the resource. +# @param schema Specifies the schema on which to activate the extension. +# @param version Specifies the version of the extension which the database uses. When an extension package is updated, this does not automatically change the effective version in each database. +# This needs be updated using the PostgreSQL-specific SQL ALTER EXTENSION... +# version may be set to latest, in which case the SQL ALTER EXTENSION "extension" UPDATE is applied to this database (only). +# version may be set to a specific version, in which case the extension is updated using ALTER EXTENSION "extension" UPDATE TO 'version' +# eg. If extension is set to postgis and version is set to 2.3.3, this will apply the SQL ALTER EXTENSION "postgis" UPDATE TO '2.3.3' to this database only. +# version may be omitted, in which case no ALTER EXTENSION... SQL is applied, and the version will be left unchanged. +# +# @param ensure Specifies whether to activate or deactivate the extension. Valid options: 'present' or 'absent'. +# @param package_name Specifies a package to install prior to activating the extension. +# @param package_ensure Overrides default package deletion behavior. By default, the package specified with package_name is installed when the extension is activated and removed when the extension is deactivated. To override this behavior, set the ensure value for the package. +# @param port Port to use when connecting. +# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. +# @param database_resource_name Specifies the resource name of the DB being managed. Defaults to the parameter $database, if left blank. define postgresql::server::extension ( $database, $extension = $name, @@ -7,16 +24,18 @@ String[1] $ensure = 'present', $package_name = undef, $package_ensure = undef, - $connect_settings = $postgresql::server::default_connect_settings, + Optional[Integer] $port = undef, + $connect_settings = postgresql::default('default_connect_settings'), + $database_resource_name = $database, ) { - $user = $postgresql::server::user - $group = $postgresql::server::group - $psql_path = $postgresql::server::psql_path + $user = postgresql::default('user') + $group = postgresql::default('group') + $psql_path = postgresql::default('psql_path') case $ensure { 'present': { $command = "CREATE EXTENSION \"${extension}\"" - $unless_mod = '' + $unless_mod = undef $package_require = [] $package_before = Postgresql_psql["${database}: ${command}"] } @@ -36,10 +55,21 @@ if( $database != 'postgres' ) { # The database postgres cannot managed by this module, so it is exempt from this dependency Postgresql_psql { - require => Postgresql::Server::Database[$database], + require => Postgresql::Server::Database[$database_resource_name], } } + # + # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port + # + if $port != undef { + $port_override = $port + } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') { + $port_override = undef + } else { + $port_override = $postgresql::server::port + } + postgresql_psql { "${database}: ${command}": psql_user => $user, @@ -48,6 +78,7 @@ connect_settings => $connect_settings, db => $database, + port => $port_override, command => $command, unless => "SELECT 1 WHERE ${unless_mod}EXISTS (SELECT 1 FROM pg_extension WHERE extname = '${extension}')", } @@ -73,6 +104,7 @@ psql_path => $psql_path, connect_settings => $connect_settings, db => $database, + port => $port_override, require => Postgresql_psql["${database}: ${command}"], } @@ -87,7 +119,7 @@ ensure_packages($package_name, { ensure => $_package_ensure, - tag => 'postgresql', + tag => 'puppetlabs-postgresql', require => $package_require, before => $package_before, }) @@ -102,6 +134,7 @@ } postgresql_psql { "${database}: ${alter_extension_sql}": db => $database, + port => $port_override, psql_user => $user, psql_group => $group, psql_path => $psql_path, diff --git a/puppet/modules/postgresql/manifests/server/grant.pp b/puppet/modules/postgresql/manifests/server/grant.pp index 42613fe..4faea3b 100755 --- a/puppet/modules/postgresql/manifests/server/grant.pp +++ b/puppet/modules/postgresql/manifests/server/grant.pp @@ -1,15 +1,29 @@ -# Define for granting permissions to roles. See README.md for more details. +# @summary Define for granting permissions to roles. +# +# @param role Specifies the role or user whom you are granting access to. +# @param db Specifies the database to which you are granting access. +# @param privilege Specifies the privilege to grant. Valid options: 'ALL', 'ALL PRIVILEGES' or 'object_type' dependent string. +# @param object_type Specifies the type of object to which you are granting privileges. Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'. +# @param object_name Specifies name of object_type to which to grant access, can be either a string or a two element array. String: 'object_name' Array: ['schema_name', 'object_name'] +# @param psql_db Specifies the database to execute the grant against. This should not ordinarily be changed from the default +# @param psql_user Sets the OS user to run psql. +# @param port Port to use when connecting. +# @param onlyif_exists Create grant only if doesn't exist +# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. +# @param ensure Specifies whether to grant or revoke the privilege. Default is to grant the privilege. Valid values: 'present', 'absent'. +# @param group Sets the OS group to run psql +# @param psql_path Sets the path to psql command define postgresql::server::grant ( String $role, String $db, - Optional[String] $privilege = undef, + String $privilege = '', Pattern[#/(?i:^COLUMN$)/, /(?i:^ALL SEQUENCES IN SCHEMA$)/, /(?i:^ALL TABLES IN SCHEMA$)/, /(?i:^DATABASE$)/, #/(?i:^FOREIGN DATA WRAPPER$)/, #/(?i:^FOREIGN SERVER$)/, - #/(?i:^FUNCTION$)/, + /(?i:^FUNCTION$)/, /(?i:^LANGUAGE$)/, #/(?i:^PROCEDURAL LANGUAGE$)/, /(?i:^TABLE$)/, @@ -22,6 +36,8 @@ Array[String,2,2], String[1]] ] $object_name = undef, + Array[String[1],0] + $object_arguments = [], String $psql_db = $postgresql::server::default_database, String $psql_user = $postgresql::server::user, Integer $port = $postgresql::server::port, @@ -30,22 +46,24 @@ Enum['present', 'absent' ] $ensure = 'present', + String $group = $postgresql::server::group, + String $psql_path = $postgresql::server::psql_path, ) { case $ensure { default: { # default is 'present' - $sql_command = 'GRANT %s ON %s "%s" TO "%s"' + $sql_command = 'GRANT %s ON %s "%s%s" TO "%s"' + $sql_command_unquoted = 'GRANT %s ON %s %s%s TO "%s"' $unless_is = true } 'absent': { - $sql_command = 'REVOKE %s ON %s "%s" FROM "%s"' + $sql_command = 'REVOKE %s ON %s "%s%s" FROM "%s"' + $sql_command_unquoted = 'REVOKE %s ON %s %s%s FROM "%s"' $unless_is = false } } - $group = $postgresql::server::group - $psql_path = $postgresql::server::psql_path if ! $object_name { $_object_name = $db @@ -100,6 +118,8 @@ default => undef, 'absent' => 'role_exists', } + $arguments = '' + $_enquote_object = true } 'SCHEMA': { $unless_privilege = $_privilege ? { @@ -115,6 +135,8 @@ $unless_function = 'has_schema_privilege' $on_db = $db $onlyif_function = undef + $arguments = '' + $_enquote_object = true } 'SEQUENCE': { $unless_privilege = $_privilege ? { @@ -131,6 +153,8 @@ $unless_function = 'has_sequence_privilege' $on_db = $db $onlyif_function = undef + $arguments = '' + $_enquote_object = true } 'ALL SEQUENCES IN SCHEMA': { case $_privilege { @@ -147,6 +171,8 @@ $unless_function = 'custom' $on_db = $db $onlyif_function = undef + $arguments = '' + $_enquote_object = true $schema = $object_name @@ -187,7 +213,7 @@ SELECT DISTINCT object_schema, object_name, - (regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[1] AS grantee, + regexp_replace((regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[1],'\"','','g') AS grantee, regexp_split_to_table((regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[2],E'\\s*') AS privs_split FROM ( SELECT n.nspname as object_schema, @@ -221,7 +247,7 @@ SELECT DISTINCT object_schema, object_name, - (regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[1] AS grantee, + regexp_replace((regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[1],'\"','','g') AS grantee, regexp_split_to_table((regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[2],E'\\s*') AS privs_split FROM ( SELECT n.nspname as object_schema, @@ -263,6 +289,8 @@ true => 'table_exists', default => undef, } + $arguments = '' + $_enquote_object = true } 'ALL TABLES IN SCHEMA': { case $_privilege { @@ -283,6 +311,8 @@ $unless_function = 'custom' $on_db = $db $onlyif_function = undef + $arguments = '' + $_enquote_object = true $schema = $object_name @@ -302,28 +332,21 @@ if $_privilege == 'ALL' or $_privilege == 'ALL PRIVILEGES' { # GRANT ALL $custom_unless = "SELECT 1 WHERE NOT EXISTS - ( SELECT 1 FROM pg_catalog.pg_tables AS t, - (VALUES ('SELECT'), ('UPDATE'), ('INSERT'), ('DELETE'), ('TRIGGER'), ('REFERENCES'), ('TRUNCATE')) AS p(privilege_type) - WHERE t.schemaname = '${schema}' - AND NOT EXISTS ( - SELECT 1 FROM information_schema.role_table_grants AS g - WHERE g.grantee = '${role}' - AND g.table_schema = '${schema}' - AND g.privilege_type = p.privilege_type - ) + ( SELECT 1 FROM + ( SELECT t.tablename,count(privilege_type) AS priv_count FROM pg_catalog.pg_tables AS t + LEFT JOIN information_schema.role_table_grants AS g ON t.tablename = g.table_name AND g.grantee = '${role}' AND g.table_schema = '${schema}' + WHERE t.schemaname = '${schema}' AND + ( g.grantee = '${role}' AND privilege_type IN ('SELECT','UPDATE','INSERT','DELETE','TRIGGER','REFERENCES','TRUNCATE') OR privilege_type IS NULL ) + GROUP BY t.tablename + ) AS j WHERE j.priv_count < 7 )" } else { # GRANT $_privilege $custom_unless = "SELECT 1 WHERE NOT EXISTS ( SELECT 1 FROM pg_catalog.pg_tables AS t - WHERE t.schemaname = '${schema}' - AND NOT EXISTS ( - SELECT 1 FROM information_schema.role_table_grants AS g - WHERE g.grantee = '${role}' - AND g.table_schema = '${schema}' - AND g.privilege_type = '${_privilege}' - ) + LEFT JOIN information_schema.role_table_grants AS g ON t.tablename = g.table_name AND g.grantee = '${role}' AND g.table_schema = '${schema}' AND g.privilege_type = '${_privilege}' + WHERE t.schemaname = '${schema}' AND g.table_name IS NULL )" } } else { @@ -361,6 +384,28 @@ true => 'language_exists', default => undef, } + $arguments = '' + $_enquote_object = false + } + 'FUNCTION': { + $unless_privilege = $_privilege ? { + 'ALL' => 'EXECUTE', + 'ALL PRIVILEGES' => 'EXECUTE', + Pattern[ + /^$/, + /^EXECUTE$/, + ] => $_privilege, + default => fail('Illegal value for $privilege parameter'), + } + $unless_function = 'has_function_privilege' + $on_db = $db + $onlyif_function = $onlyif_exists ? { + true => 'function_exists', + default => undef, + } + $_joined_args = join($object_arguments, ',') + $arguments = "(${_joined_args})" + $_enquote_object = false } default: { @@ -378,7 +423,10 @@ # } case $_object_name { Array: { - $_togrant_object = join($_object_name, '"."') + $_togrant_object = $_enquote_object ? { + false => join($_object_name, '.'), + default => join($_object_name, '"."'), + } # Never put double quotes into has_*_privilege function $_granted_object = join($_object_name, '.') } @@ -388,21 +436,30 @@ } } + # Function like has_database_privilege() refer the PUBLIC pseudo role as 'public' + # So we need to replace 'PUBLIC' by 'public'. + $_unless = $unless_function ? { false => undef, 'custom' => $custom_unless, - default => "SELECT 1 WHERE ${unless_function}('${role}', - '${_granted_object}', '${unless_privilege}') = ${unless_is}", + default => $role ? { + 'PUBLIC' => "SELECT 1 WHERE ${unless_function}('public', '${_granted_object}${arguments}', '${unless_privilege}') = ${unless_is}", + default => "SELECT 1 WHERE ${unless_function}('${role}', '${_granted_object}${arguments}', '${unless_privilege}') = ${unless_is}", + } } $_onlyif = $onlyif_function ? { 'table_exists' => "SELECT true FROM pg_tables WHERE tablename = '${_togrant_object}'", 'language_exists' => "SELECT true from pg_language WHERE lanname = '${_togrant_object}'", - 'role_exists' => "SELECT 1 FROM pg_roles WHERE rolname = '${role}'", + 'role_exists' => "SELECT 1 FROM pg_roles WHERE rolname = '${role}' or '${role}' = 'PUBLIC'", + 'function_exists' => "SELECT true FROM pg_proc WHERE (oid::regprocedure)::text = '${_togrant_object}${arguments}'", default => undef, } - $grant_cmd = sprintf($sql_command, $_privilege, $_object_type, $_togrant_object, $role) + $grant_cmd = $_enquote_object ? { + false => sprintf($sql_command_unquoted, $_privilege, $_object_type, $_togrant_object, $arguments, $role), + default => sprintf($sql_command, $_privilege, $_object_type, $_togrant_object, $arguments, $role), + } postgresql_psql { "grant:${name}": command => $grant_cmd, diff --git a/puppet/modules/postgresql/manifests/server/grant_role.pp b/puppet/modules/postgresql/manifests/server/grant_role.pp index 601fd69..f5d674e 100755 --- a/puppet/modules/postgresql/manifests/server/grant_role.pp +++ b/puppet/modules/postgresql/manifests/server/grant_role.pp @@ -1,4 +1,12 @@ -# Define for granting membership to a role. See README.md for more information +# @summary Define for granting membership to a role. +# +# @param group Specifies the group role to which you are assigning a role. +# @param role Specifies the role you want to assign to a group. If left blank, uses the name of the resource. +# @param ensure Specifies whether to grant or revoke the membership. Valid options: 'present' or 'absent'. +# @param psql_db Specifies the database to execute the grant against. This should not ordinarily be changed from the default +# @param psql_user Sets the OS user to run psql. +# @param port Port to use when connecting. +# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. define postgresql::server::grant_role ( String[1] $group, String[1] $role = $name, diff --git a/puppet/modules/postgresql/manifests/server/initdb.pp b/puppet/modules/postgresql/manifests/server/initdb.pp index 7eb0652..a73186d 100755 --- a/puppet/modules/postgresql/manifests/server/initdb.pp +++ b/puppet/modules/postgresql/manifests/server/initdb.pp @@ -1,10 +1,13 @@ -# PRIVATE CLASS: do not call directly +# @api private class postgresql::server::initdb { $needs_initdb = $postgresql::server::needs_initdb $initdb_path = $postgresql::server::initdb_path $datadir = $postgresql::server::datadir $xlogdir = $postgresql::server::xlogdir $logdir = $postgresql::server::logdir + $manage_datadir = $postgresql::server::manage_datadir + $manage_logdir = $postgresql::server::manage_logdir + $manage_xlogdir = $postgresql::server::manage_xlogdir $encoding = $postgresql::server::encoding $locale = $postgresql::server::locale $data_checksums = $postgresql::server::data_checksums @@ -33,33 +36,65 @@ $logdir_type = undef } - # Make sure the data directory exists, and has the correct permissions. - file { $datadir: - ensure => directory, - owner => $user, - group => $group, - mode => '0700', - seltype => $seltype, - } - - if($xlogdir) { - # Make sure the xlog directory exists, and has the correct permissions. - file { $xlogdir: + if($manage_datadir) { + # Make sure the data directory exists, and has the correct permissions. + file { $datadir: ensure => directory, owner => $user, group => $group, mode => '0700', seltype => $seltype, } - } - - if($logdir) { - # Make sure the log directory exists, and has the correct permissions. - file { $logdir: + } else { + # changes an already defined datadir + File <| title == $datadir |> { ensure => directory, owner => $user, group => $group, - seltype => $logdir_type, + mode => '0700', + seltype => $seltype, + } + } + + if($xlogdir) { + if($manage_xlogdir) { + # Make sure the xlog directory exists, and has the correct permissions. + file { $xlogdir: + ensure => directory, + owner => $user, + group => $group, + mode => '0700', + seltype => $seltype, + } + } else { + # changes an already defined xlogdir + File <| title == $xlogdir |> { + ensure => directory, + owner => $user, + group => $group, + mode => '0700', + seltype => $seltype, + } + } + } + + if($logdir) { + if($manage_logdir) { + # Make sure the log directory exists, and has the correct permissions. + file { $logdir: + ensure => directory, + owner => $user, + group => $group, + seltype => $logdir_type, + } + } else { + # changes an already defined logdir + File <| title == $logdir |> { + ensure => directory, + owner => $user, + group => $group, + seltype => $logdir_type, + } } } @@ -69,10 +104,10 @@ # We optionally add the locale switch if specified. Older versions of the # initdb command don't accept this switch. So if the user didn't pass the # parameter, lets not pass the switch at all. - $ic_base = "${initdb_path} --encoding '${encoding}' --pgdata '${datadir}'" + $ic_base = "${initdb_path} --pgdata '${datadir}'" $ic_xlog = $xlogdir ? { undef => $ic_base, - default => "${ic_base} --xlogdir '${xlogdir}'" + default => "${ic_base} -X '${xlogdir}'" } # The xlogdir need to be present before initdb runs. @@ -83,9 +118,15 @@ $require_before_initdb = [$datadir] } - $ic_locale = $locale ? { + # PostgreSQL 11 no longer allows empty encoding + $ic_encoding = $encoding ? { undef => $ic_xlog, - default => "${ic_xlog} --locale '${locale}'" + default => "${ic_xlog} --encoding '${encoding}'" + } + + $ic_locale = $locale ? { + undef => $ic_encoding, + default => "${ic_encoding} --locale '${locale}'" } $initdb_command = $data_checksums ? { diff --git a/puppet/modules/postgresql/manifests/server/install.pp b/puppet/modules/postgresql/manifests/server/install.pp index 57fd0d3..666596b 100755 --- a/puppet/modules/postgresql/manifests/server/install.pp +++ b/puppet/modules/postgresql/manifests/server/install.pp @@ -1,4 +1,4 @@ -# PRIVATE CLASS: do not call directly +# @api private class postgresql::server::install { $package_ensure = $postgresql::server::package_ensure $package_name = $postgresql::server::package_name @@ -16,7 +16,7 @@ # This is searched for to create relationships with the package repos, be # careful about its removal - tag => 'postgresql', + tag => 'puppetlabs-postgresql', } } diff --git a/puppet/modules/postgresql/manifests/server/passwd.pp b/puppet/modules/postgresql/manifests/server/passwd.pp index bb922ee..a2f52ba 100755 --- a/puppet/modules/postgresql/manifests/server/passwd.pp +++ b/puppet/modules/postgresql/manifests/server/passwd.pp @@ -1,4 +1,4 @@ -# PRIVATE CLASS: do not call directly +# @api private class postgresql::server::passwd { $postgres_password = $postgresql::server::postgres_password $user = $postgresql::server::user @@ -15,12 +15,12 @@ default => '' } - if ($postgres_password != undef) { + if $postgres_password { # NOTE: this password-setting logic relies on the pg_hba.conf being # configured to allow the postgres system user to connect via psql # without specifying a password ('ident' or 'trust' security). This is # the default for pg_hba.conf. - $escaped = postgresql_escape($postgres_password) + $escaped = postgresql::postgresql_escape($postgres_password) exec { 'set_postgres_postgrespw': # This command works w/no password because we run it as postgres system # user diff --git a/puppet/modules/postgresql/manifests/server/pg_hba_rule.pp b/puppet/modules/postgresql/manifests/server/pg_hba_rule.pp index dce58a0..0307099 100755 --- a/puppet/modules/postgresql/manifests/server/pg_hba_rule.pp +++ b/puppet/modules/postgresql/manifests/server/pg_hba_rule.pp @@ -1,5 +1,16 @@ -# This resource manages an individual rule that applies to the file defined in -# $target. See README.md for more details. +# @summary This resource manages an individual rule that applies to the file defined in target. +# +# @param type Sets the type of rule. +# Enum['local','host','hostssl','hostnossl']. +# @param database Sets a comma-separated list of databases that this rule matches. +# @param user Sets a comma-separated list of users that this rule matches. +# @param auth_method Provides the method that is used for authentication for the connection that this rule matches. Described further in the PostgreSQL pg_hba.conf documentation. +# @param address Sets a CIDR based address for this rule matching when the type is not 'local'. +# @param description Defines a longer description for this rule, if required. This description is placed in the comments above the rule in pg_hba.conf. Default value: 'none'. +# @param auth_option For certain auth_method settings there are extra options that can be passed. Consult the PostgreSQL pg_hba.conf documentation for further details. +# @param order Sets an order for placing the rule in pg_hba.conf. This can be either a string or an integer. If it is an integer, it will be converted to a string by zero-padding it to three digits. E.g. 42 will be zero-padded to the string '042'. The pg_hba_rule fragments are sorted using the alpha sorting order. Default value: 150. +# @param target Provides the target for the rule, and is generally an internal only property. Use with caution. +# @param postgresql_version Manages pg_hba.conf without managing the entire PostgreSQL instance. define postgresql::server::pg_hba_rule( Enum['local', 'host', 'hostssl', 'hostnossl'] $type, String $database, @@ -32,6 +43,13 @@ fail('You must specify an address property when type is host based') } + if $order =~ Integer { + $_order = sprintf('%03d', $order) + } + else { + $_order = $order + } + $allowed_auth_methods = $postgresql_version ? { '10' => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'], '9.6' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'], @@ -55,7 +73,7 @@ concat::fragment { $fragname: target => $target, content => template('postgresql/pg_hba_rule.conf'), - order => $order, + order => $_order, } } } diff --git a/puppet/modules/postgresql/manifests/server/pg_ident_rule.pp b/puppet/modules/postgresql/manifests/server/pg_ident_rule.pp index 3e9cdcd..3d8ce7f 100755 --- a/puppet/modules/postgresql/manifests/server/pg_ident_rule.pp +++ b/puppet/modules/postgresql/manifests/server/pg_ident_rule.pp @@ -1,5 +1,11 @@ -# This resource manages an individual rule that applies to the file defined in -# $target. See README.md for more details. +# @summary This resource manages an individual rule that applies to the file defined in target. +# +# @param map_name Sets the name of the user map that is used to refer to this mapping in pg_hba.conf. +# @param system_username Specifies the operating system user name (the user name used to connect to the database). +# @param database_username Specifies the user name of the database user. The system_username is mapped to this user name. +# @param description Sets a longer description for this rule if required. This description is placed in the comments above the rule in pg_ident.conf. Default value: 'none'. +# @param order Defines an order for placing the mapping in pg_ident.conf. Default value: 150. +# @param target Provides the target for the rule and is generally an internal only property. Use with caution. define postgresql::server::pg_ident_rule( $map_name, $system_username, diff --git a/puppet/modules/postgresql/manifests/server/plperl.pp b/puppet/modules/postgresql/manifests/server/plperl.pp index 53145da..c54a6dd 100755 --- a/puppet/modules/postgresql/manifests/server/plperl.pp +++ b/puppet/modules/postgresql/manifests/server/plperl.pp @@ -1,5 +1,7 @@ -# This class installs the PL/Perl procedural language for postgresql. See -# README.md for more details. +# @summary This class installs the PL/Perl procedural language for postgresql. +# +# @param package_ensure The ensure parameter passed on to PostgreSQL PL/Perl package resource. +# @param package_name The name of the PostgreSQL PL/Perl package. class postgresql::server::plperl( $package_ensure = 'present', $package_name = $postgresql::server::plperl_package_name @@ -7,7 +9,7 @@ package { 'postgresql-plperl': ensure => $package_ensure, name => $package_name, - tag => 'postgresql', + tag => 'puppetlabs-postgresql', } anchor { 'postgresql::server::plperl::start': } diff --git a/puppet/modules/postgresql/manifests/server/plpython.pp b/puppet/modules/postgresql/manifests/server/plpython.pp index 892a95c..5ca7ed2 100755 --- a/puppet/modules/postgresql/manifests/server/plpython.pp +++ b/puppet/modules/postgresql/manifests/server/plpython.pp @@ -1,5 +1,9 @@ -# This class installs the PL/Python procedural language for postgresql. See -# README.md for more details. +# @summary This class installs the PL/Python procedural language for postgresql. +# +# @param package_ensure +# Specifies whether the package is present. +# @param package_name +# Specifies the name of the postgresql PL/Python package. class postgresql::server::plpython( $package_ensure = 'present', $package_name = $postgresql::server::plpython_package_name, @@ -7,7 +11,7 @@ package { 'postgresql-plpython': ensure => $package_ensure, name => $package_name, - tag => 'postgresql', + tag => 'puppetlabs-postgresql', } anchor { 'postgresql::server::plpython::start': } diff --git a/puppet/modules/postgresql/manifests/server/postgis.pp b/puppet/modules/postgresql/manifests/server/postgis.pp index a4e4321..364c3ed 100755 --- a/puppet/modules/postgresql/manifests/server/postgis.pp +++ b/puppet/modules/postgresql/manifests/server/postgis.pp @@ -1,4 +1,7 @@ -# Install the postgis postgresql packaging. See README.md for more details. +# @summary Install the postgis postgresql packaging. +# +# @param package_name Sets the package name. +# @param package_ensure Specifies if the package is present or not. class postgresql::server::postgis ( String $package_name = $postgresql::params::postgis_package_name, String[1] $package_ensure = 'present' @@ -7,7 +10,7 @@ package { 'postgresql-postgis': ensure => $package_ensure, name => $package_name, - tag => 'postgresql', + tag => 'puppetlabs-postgresql', } anchor { 'postgresql::server::postgis::start': } diff --git a/puppet/modules/postgresql/manifests/server/reassign_owned_by.pp b/puppet/modules/postgresql/manifests/server/reassign_owned_by.pp index d4d6f5b..df187e6 100755 --- a/puppet/modules/postgresql/manifests/server/reassign_owned_by.pp +++ b/puppet/modules/postgresql/manifests/server/reassign_owned_by.pp @@ -1,5 +1,13 @@ -# Define for reassigning the ownership of objects within a database. See README.md for more details. -# This enables us to force the a particular ownership for objects within a database +# @summary Define for reassigning the ownership of objects within a database. +# @note +# This enables us to force the a particular ownership for objects within a database +# +# @param old_role Specifies the role or user who is the current owner of the objects in the specified db +# @param new_role Specifies the role or user who will be the new owner of these objects +# @param db Specifies the database to which the 'REASSIGN OWNED' will be applied +# @param psql_user Specifies the OS user for running psql. +# @param port Port to use when connecting. +# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. define postgresql::server::reassign_owned_by ( String $old_role, String $new_role, diff --git a/puppet/modules/postgresql/manifests/server/recovery.pp b/puppet/modules/postgresql/manifests/server/recovery.pp index 97378b3..eae8777 100755 --- a/puppet/modules/postgresql/manifests/server/recovery.pp +++ b/puppet/modules/postgresql/manifests/server/recovery.pp @@ -1,4 +1,27 @@ -# This resource manages the parameters that applies to the recovery.conf template. See README.md for more details. +# @summary This resource manages the parameters that applies to the recovery.conf template. +# +# @note +# Allows you to create the content for recovery.conf. For more details see the usage example and the PostgreSQL documentation. +# Every parameter value is a string set in the template except recovery_target_inclusive, pause_at_recovery_target, standby_mode and recovery_min_apply_delay. +# A detailed description of all listed parameters can be found in the PostgreSQL documentation. +# Only the specified parameters are recognized in the template. The recovery.conf is only created if at least one parameter is set and manage_recovery_conf is set to true. +# +# @param restore_command The shell command to execute to retrieve an archived segment of the WAL file series. +# @param archive_cleanup_command This optional parameter specifies a shell command that will be executed at every restartpoint. +# @param recovery_end_command This parameter specifies a shell command that will be executed once only at the end of recovery. +# @param recovery_target_name This parameter specifies the named restore point (created with pg_create_restore_point()) to which recovery will proceed. +# @param recovery_target_time This parameter specifies the time stamp up to which recovery will proceed. +# @param recovery_target_xid This parameter specifies the transaction ID up to which recovery will proceed. +# @param recovery_target_inclusive Specifies whether to stop just after the specified recovery target (true), or just before the recovery target (false). +# @param recovery_target This parameter specifies that recovery should end as soon as a consistent state is reached, i.e. as early as possible. +# @param recovery_target_timeline Specifies recovering into a particular timeline. +# @param pause_at_recovery_target Specifies whether recovery should pause when the recovery target is reached. +# @param standby_mode Specifies whether to start the PostgreSQL server as a standby. +# @param primary_conninfo Specifies a connection string to be used for the standby server to connect with the primary. +# @param primary_slot_name Optionally specifies an existing replication slot to be used when connecting to the primary via streaming replication to control resource removal on the upstream node. +# @param trigger_file Specifies a trigger file whose presence ends recovery in the standby. +# @param recovery_min_apply_delay This parameter allows you to delay recovery by a fixed period of time, measured in milliseconds if no unit is specified. +# @param target Provides the target for the rule, and is generally an internal only property. Use with caution. define postgresql::server::recovery( $restore_command = undef, $archive_cleanup_command = undef, diff --git a/puppet/modules/postgresql/manifests/server/reload.pp b/puppet/modules/postgresql/manifests/server/reload.pp index 47f2704..0b17272 100755 --- a/puppet/modules/postgresql/manifests/server/reload.pp +++ b/puppet/modules/postgresql/manifests/server/reload.pp @@ -1,4 +1,4 @@ -# PRIVATE CLASS: do not use directly +# @api private class postgresql::server::reload { $service_name = $postgresql::server::service_name $service_status = $postgresql::server::service_status diff --git a/puppet/modules/postgresql/manifests/server/role.pp b/puppet/modules/postgresql/manifests/server/role.pp index c8db8b3..98519ba 100755 --- a/puppet/modules/postgresql/manifests/server/role.pp +++ b/puppet/modules/postgresql/manifests/server/role.pp @@ -1,4 +1,23 @@ -# Define for creating a database role. See README.md for more information +# @summary Define for creating a database role. +# +# @param update_password If set to true, updates the password on changes. Set this to false to not modify the role's password after creation. +# @param password_hash Sets the hash to use during password creation. +# @param createdb Specifies whether to grant the ability to create new databases with this role. +# @param createrole Specifies whether to grant the ability to create new roles with this role. +# @param db Database used to connect to. +# @param port Port to use when connecting. +# @param login Specifies whether to grant login capability for the new role. +# @param inherit Specifies whether to grant inherit capability for the new role. +# @param superuser Specifies whether to grant super user capability for the new role. +# @param replication Provides provides replication capabilities for this role if set to true. +# @param connection_limit Specifies how many concurrent connections the role can make. Default value: '-1', meaning no limit. +# @param username Defines the username of the role to create. +# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. +# @param ensure Specify whether to create or drop the role. Specifying 'present' creates the role. Specifying 'absent' drops the role. +# @param psql_user Sets the OS user to run psql +# @param psql_group Sets the OS group to run psql +# @param psql_path Sets path to psql command +# @param module_workdir Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option. define postgresql::server::role( $update_password = true, $password_hash = false, @@ -13,12 +32,12 @@ $connection_limit = '-1', $username = $title, $connect_settings = $postgresql::server::default_connect_settings, + $psql_user = $postgresql::server::user, + $psql_group = $postgresql::server::group, + $psql_path = $postgresql::server::psql_path, + $module_workdir = $postgresql::server::module_workdir, Enum['present', 'absent'] $ensure = 'present', ) { - $psql_user = $postgresql::server::user - $psql_group = $postgresql::server::group - $psql_path = $postgresql::server::psql_path - $module_workdir = $postgresql::server::module_workdir # # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port diff --git a/puppet/modules/postgresql/manifests/server/schema.pp b/puppet/modules/postgresql/manifests/server/schema.pp index 8b727b1..98503a3 100755 --- a/puppet/modules/postgresql/manifests/server/schema.pp +++ b/puppet/modules/postgresql/manifests/server/schema.pp @@ -1,17 +1,17 @@ -# = Type: postgresql::server::schema +# @summary +# Create a new schema. # -# Create a new schema. See README.md for more details. -# -# == Requires: -# -# The database must exist and the PostgreSQL user should have enough privileges -# -# == Sample Usage: -# -# postgresql::server::schema {'private': -# db => 'template1', -# } +# @note +# The database must exist and the PostgreSQL user should have enough privileges # +# @param db Required. Sets the name of the database in which to create this schema. +# @param owner Sets the default owner of the schema. +# @param schema Sets the name of the schema. +# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. +# @example +# postgresql::server::schema {'private': +# db => 'template1', +# } define postgresql::server::schema( $db = $postgresql::server::default_database, $owner = undef, diff --git a/puppet/modules/postgresql/manifests/server/service.pp b/puppet/modules/postgresql/manifests/server/service.pp index b421325..095970c 100755 --- a/puppet/modules/postgresql/manifests/server/service.pp +++ b/puppet/modules/postgresql/manifests/server/service.pp @@ -1,4 +1,4 @@ -# PRIVATE CLASS: do not call directly +# @api private class postgresql::server::service { $service_ensure = $postgresql::server::service_ensure $service_enable = $postgresql::server::service_enable @@ -25,7 +25,7 @@ status => $service_status, } - if $service_ensure == 'running' { + if $service_ensure in ['running', true] { # This blocks the class before continuing if chained correctly, making # sure the service really is 'up' before continuing. # diff --git a/puppet/modules/postgresql/manifests/server/table_grant.pp b/puppet/modules/postgresql/manifests/server/table_grant.pp index dd70aeb..ec60bd2 100755 --- a/puppet/modules/postgresql/manifests/server/table_grant.pp +++ b/puppet/modules/postgresql/manifests/server/table_grant.pp @@ -1,5 +1,15 @@ -# This resource wraps the grant resource to manage table grants specifically. -# See README.md for more details. +# @summary This resource wraps the grant resource to manage table grants specifically. +# +# @param privilege Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER'. +# @param table Specifies the table to which you are granting access. +# @param db Specifies which database the table is in. +# @param role Specifies the role or user to whom you are granting access. +# @param ensure Specifies whether to grant or revoke the privilege. Default is to grant the privilege. +# @param port Port to use when connecting. +# @param psql_db Specifies the database to execute the grant against. This should not ordinarily be changed from the default. +# @param psql_user Specifies the OS user for running psql. +# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. +# @param onlyif_exists Create grant only if it doesn't exist. define postgresql::server::table_grant( $privilege, $table, diff --git a/puppet/modules/postgresql/manifests/server/tablespace.pp b/puppet/modules/postgresql/manifests/server/tablespace.pp index 35dd8b7..43ce30b 100755 --- a/puppet/modules/postgresql/manifests/server/tablespace.pp +++ b/puppet/modules/postgresql/manifests/server/tablespace.pp @@ -1,6 +1,13 @@ -# This module creates tablespace. See README.md for more details. +# @summary This module creates tablespace. +# +# @param location Specifies the path to locate this tablespace. +# @param manage_location Set to false if you have file{ $location: } already defined +# @param owner Specifies the default owner of the tablespace. +# @param spcname Specifies the name of the tablespace. +# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. define postgresql::server::tablespace( $location, + $manage_location = true, $owner = undef, $spcname = $title, $connect_settings = $postgresql::server::default_connect_settings, @@ -26,15 +33,28 @@ cwd => $module_workdir, } - file { $location: - ensure => directory, - owner => $user, - group => $group, - mode => '0700', - seluser => 'system_u', - selrole => 'object_r', - seltype => 'postgresql_db_t', - require => Class['postgresql::server'], + if($manage_location) { + file { $location: + ensure => directory, + owner => $user, + group => $group, + mode => '0700', + seluser => 'system_u', + selrole => 'object_r', + seltype => 'postgresql_db_t', + require => Class['postgresql::server'], + } + } else { + File <| title == $location |> { + ensure => directory, + owner => $user, + group => $group, + mode => '0700', + seluser => 'system_u', + selrole => 'object_r', + seltype => 'postgresql_db_t', + require => Class['postgresql::server'], + } } postgresql_psql { "CREATE TABLESPACE \"${spcname}\"": diff --git a/puppet/modules/postgresql/manifests/validate_db_connection.pp b/puppet/modules/postgresql/manifests/validate_db_connection.pp index 10e5ecc..990c5f1 100755 --- a/puppet/modules/postgresql/manifests/validate_db_connection.pp +++ b/puppet/modules/postgresql/manifests/validate_db_connection.pp @@ -1,8 +1,22 @@ -# This type validates that a successful postgres connection can be established +# @summary This type validates that a successful postgres connection. +# +# @note +# This validated if the postgres connection can be established # between the node on which this resource is run and a specified postgres # instance (host/port/user/password/database name). # -# See README.md for more details. +# +# @param database_host Database host address +# @param database_name Specifies the name of the database you wish to test. +# @param database_password Specifies the password to connect with. +# @param database_username Specifies the username to connect with. +# @param database_port Defines the port to use when connecting. +# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server. +# @param run_as Specifies the user to run the psql command as. +# @param sleep Sets the number of seconds to sleep for before trying again after a failure. +# @param tries Sets the number of attempts after failure before giving up and failing the resource. +# @param create_db_first Creates the database when obtaining a successful connection. +# define postgresql::validate_db_connection( $database_host = undef, $database_name = undef, diff --git a/puppet/modules/postgresql/metadata.json b/puppet/modules/postgresql/metadata.json index 4f41552..1b458d2 100755 --- a/puppet/modules/postgresql/metadata.json +++ b/puppet/modules/postgresql/metadata.json @@ -1,24 +1,24 @@ { "name": "puppetlabs-postgresql", - "version": "5.7.0", + "version": "6.6.0", "author": "Inkling/Puppet Labs", "summary": "Offers support for basic management of PostgreSQL databases.", "license": "Apache-2.0", - "source": "git://github.com/puppetlabs/puppetlabs-postgresql.git", + "source": "https://github.com/puppetlabs/puppetlabs-postgresql", "project_page": "https://github.com/puppetlabs/puppetlabs-postgresql", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">= 4.13.1 < 5.0.0" + "version_requirement": ">= 4.13.1 < 7.0.0" }, { "name": "puppetlabs/apt", - "version_requirement": ">= 2.0.0 < 5.0.0" + "version_requirement": ">= 2.0.0 < 8.0.0" }, { "name": "puppetlabs/concat", - "version_requirement": ">= 1.1.0 < 5.0.0" + "version_requirement": ">= 4.1.0 < 7.0.0" } ], "operatingsystem_support": [ @@ -27,7 +27,8 @@ "operatingsystemrelease": [ "5", "6", - "7" + "7", + "8" ] }, { @@ -35,7 +36,8 @@ "operatingsystemrelease": [ "5", "6", - "7" + "7", + "8" ] }, { @@ -57,14 +59,16 @@ "operatingsystem": "Debian", "operatingsystemrelease": [ "8", - "9" + "9", + "10" ] }, { "operatingsystem": "SLES", "operatingsystemrelease": [ "11", - "12" + "12", + "15" ] }, { @@ -72,17 +76,18 @@ "operatingsystemrelease": [ "14.04", "16.04", - "18.04" + "18.04", + "20.04" ] } ], "requirements": [ { "name": "puppet", - "version_requirement": ">= 4.7.0 < 6.0.0" + "version_requirement": ">= 5.5.10 < 7.0.0" } ], - "pdk-version": "1.5.0", - "template-url": "https://github.com/puppetlabs/pdk-templates", - "template-ref": "heads/master-0-g34e3266" + "pdk-version": "1.17.0", + "template-url": "https://github.com/puppetlabs/pdk-templates#master", + "template-ref": "heads/master-0-g88b05c7" } diff --git a/puppet/modules/postgresql/provision.yaml b/puppet/modules/postgresql/provision.yaml new file mode 100755 index 0000000..b352fd7 --- /dev/null +++ b/puppet/modules/postgresql/provision.yaml @@ -0,0 +1,28 @@ +--- +default: + provisioner: docker + images: ['litmusimage/centos7'] +vagrant: + provisioner: vagrant + images: ['centos/7', 'generic/ubuntu1804'] +travis_deb: + provisioner: docker + images: ['litmusimage/debian:8', 'litmusimage/debian:9', 'litmusimage/debian:10'] +travis_ub_5: + provisioner: docker + images: ['litmusimage/ubuntu:14.04', 'litmusimage/ubuntu:16.04', 'litmusimage/ubuntu:18.04'] +travis_ub_6: + provisioner: docker + images: ['litmusimage/ubuntu:14.04', 'litmusimage/ubuntu:16.04', 'litmusimage/ubuntu:18.04', 'litmusimage/ubuntu:20.04'] +travis_el6: + provisioner: docker + images: ['litmusimage/centos:6', 'litmusimage/scientificlinux:6'] +travis_el7: + provisioner: docker + images: ['litmusimage/centos:7', 'litmusimage/oraclelinux:7', 'litmusimage/scientificlinux:7'] +release_checks_5: + provisioner: abs + images: ['redhat-5-x86_64', 'redhat-6-x86_64', 'redhat-7-x86_64', 'redhat-8-x86_64', 'centos-5-x86_64', 'centos-6-x86_64', 'centos-7-x86_64', 'centos-8-x86_64', 'oracle-5-x86_64', 'oracle-6-x86_64', 'oracle-7-x86_64', 'scientific-6-x86_64', 'scientific-7-x86_64', 'debian-8-x86_64', 'debian-9-x86_64', 'debian-10-x86_64', 'sles-11-x86_64', 'sles-12-x86_64', 'ubuntu-1404-x86_64', 'ubuntu-1604-x86_64', 'ubuntu-1804-x86_64'] +release_checks_6: + provisioner: abs + images: ['redhat-5-x86_64', 'redhat-6-x86_64', 'redhat-7-x86_64', 'redhat-8-x86_64', 'centos-5-x86_64', 'centos-6-x86_64', 'centos-7-x86_64', 'centos-8-x86_64', 'oracle-5-x86_64', 'oracle-6-x86_64', 'oracle-7-x86_64', 'scientific-6-x86_64', 'scientific-7-x86_64', 'debian-8-x86_64', 'debian-9-x86_64', 'debian-10-x86_64', 'sles-11-x86_64', 'sles-12-x86_64', 'ubuntu-1404-x86_64', 'ubuntu-1604-x86_64', 'ubuntu-1804-x86_64', 'ubuntu-2004-x86_64'] diff --git a/puppet/modules/postgresql/readmes/README_ja_JP.md b/puppet/modules/postgresql/readmes/README_ja_JP.md index 002d5a3..f9c4f65 100755 --- a/puppet/modules/postgresql/readmes/README_ja_JP.md +++ b/puppet/modules/postgresql/readmes/README_ja_JP.md @@ -1400,6 +1400,12 @@ Array: ['schema_name', 'object_name'] `pg_hba.conf`にルールを配置する順序を設定します。 +文字列または整数を使用できます。 +整数の場合、ゼロパディングで3桁にして文字列に変換します。 +例えば`42`はゼロパディングされて文字列`'042'`になります。 + +`pg_hba_rule`フラグメントのソートでは、[順序]を`alpha`に設定します(https://forge.puppet.com/puppetlabs/concat/reference#order)。 + デフォルト値: 150。 #### `postgresql_version` @@ -1904,13 +1910,7 @@ Postgresqlモジュールにはサンプルタスクがあり、ユーザはデ PostgreSQLのバージョン8.1~9.5で動作します。 -現在、postgresqlモジュールは次のオペレーティングシステムでテスト済みです。 - -* Debian 6.x, 7.x, 8.x. -* CentOS 5.x、6.x、7.x。 -* Ubuntu 10.04および12.04、14.04。 - -その他のシステムとも互換性がある可能性がありますが、積極的なテストは行っておりません。 +サポートされているオペレーティングシステムの一覧については、[metadata.json](https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/metadata.json)を参照してください。 ### Aptモジュールのサポート diff --git a/puppet/modules/postgresql/spec/acceptance/00-utf8_encoding_spec.rb b/puppet/modules/postgresql/spec/acceptance/00-utf8_encoding_spec.rb deleted file mode 100755 index e98762c..0000000 --- a/puppet/modules/postgresql/spec/acceptance/00-utf8_encoding_spec.rb +++ /dev/null @@ -1,33 +0,0 @@ -require 'spec_helper_acceptance' # rubocop:disable Style/FileName - -# These tests are designed to ensure that the module, when ran with defaults, -# sets up everything correctly and allows us to connect to Postgres. -describe 'postgresql::server', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - pp = <<-MANIFEST - class { 'postgresql::globals': - encoding => 'UTF8', - locale => 'en_NG', - } -> - class { 'postgresql::server': } - MANIFEST - it 'with defaults' do - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) - end - - describe port(5432) do - it { is_expected.to be_listening } - end - - it 'can connect with psql' do - psql('--command="\l" postgres', 'postgres') do |r| - expect(r.stdout).to match(%r{List of databases}) - end - end - - it 'must set UTF8 as template1 encoding' do - psql('--command="SELECT pg_encoding_to_char(encoding) FROM pg_database WHERE datname=\'template1\'"') do |r| - expect(r.stdout).to match(%r{UTF8}) - end - end -end diff --git a/puppet/modules/postgresql/spec/acceptance/alternative_port_spec.rb b/puppet/modules/postgresql/spec/acceptance/alternative_port_spec.rb index 6bf56b7..f854973 100755 --- a/puppet/modules/postgresql/spec/acceptance/alternative_port_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/alternative_port_spec.rb @@ -2,17 +2,16 @@ # These tests ensure that postgres can change itself to an alternative port # properly. -describe 'postgresql::server', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'postgresql::server' do it 'on an alternative port' do pp = <<-MANIFEST - class { 'postgresql::server': port => '55433' } + class { 'postgresql::server': port => '55433', manage_selinux => true } MANIFEST - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) + idempotent_apply(pp) end - describe port(55433) do # rubocop:disable Style/NumericLiterals + describe port(55_433) do it { is_expected.to be_listening } end diff --git a/puppet/modules/postgresql/spec/acceptance/db_spec.rb b/puppet/modules/postgresql/spec/acceptance/db_spec.rb index d068251..c17931d 100755 --- a/puppet/modules/postgresql/spec/acceptance/db_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/db_spec.rb @@ -1,10 +1,9 @@ require 'spec_helper_acceptance' -describe 'postgresql::server::db', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - # rubocop:disable Metrics/LineLength +describe 'postgresql::server::db' do it 'creates a database' do begin - tmpdir = default.tmpdir('postgresql') + tmpdir = run_shell('mktemp').stdout pp = <<-MANIFEST class { 'postgresql::server': postgres_password => 'space password', @@ -20,36 +19,28 @@ class { 'postgresql::server': } MANIFEST - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) + idempotent_apply(pp) # Verify that the postgres password works - shell("echo 'localhost:*:*:postgres:\'space password\'' > /root/.pgpass") - shell('chmod 600 /root/.pgpass') - shell("psql -U postgres -h localhost --command='\\l'") + run_shell("echo 'localhost:*:*:postgres:\'space password\'' > /root/.pgpass") + run_shell('chmod 600 /root/.pgpass') + run_shell("psql -U postgres -h localhost --command='\\l'") - psql('--command="select datname from pg_database" "postgresql-test-db"') do |r| - expect(r.stdout).to match(%r{postgresql-test-db}) - expect(r.stderr).to eq('') - end + result = psql('--command="select datname from pg_database" "postgresql-test-db"') + expect(result.stdout).to match(%r{postgresql-test-db}) + expect(result.stderr).to eq('') - psql('--command="SELECT 1 FROM pg_roles WHERE rolname=\'test-user\'"') do |r| - expect(r.stdout).to match(%r{\(1 row\)}) - end - - result = shell('psql --version') - version = result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] - comment_information_function = if version.to_f > 8.1 + result = psql('--command="SELECT 1 FROM pg_roles WHERE rolname=\'test-user\'"') + expect(result.stdout).to match(%r{\(1 row\)}) + comment_information_function = if Gem::Version.new(postgresql_version) > Gem::Version.new('8.1') 'shobj_description' else 'obj_description' end - psql("--dbname postgresql-test-db --command=\"SELECT pg_catalog.#{comment_information_function}(d.oid, 'pg_database') FROM pg_catalog.pg_database d WHERE datname = 'postgresql-test-db' AND pg_catalog.#{comment_information_function}(d.oid, 'pg_database') = 'testcomment'\"") do |r| - expect(r.stdout).to match(%r{\(1 row\)}) - end + result = psql("--dbname postgresql-test-db --command=\"SELECT pg_catalog.#{comment_information_function}(d.oid, 'pg_database') FROM pg_catalog.pg_database d WHERE datname = 'postgresql-test-db' AND pg_catalog.#{comment_information_function}(d.oid, 'pg_database') = 'testcomment'\"") # rubocop:disable Metrics/LineLength + expect(result.stdout).to match(%r{\(1 row\)}) ensure - psql('--command=\'drop database "postgresql-test-db" postgres\'') - psql('--command="DROP USER test"') + psql('--command=\'drop database "postgresql-test-db"\'') end end end diff --git a/puppet/modules/postgresql/spec/acceptance/default_parameters_spec.rb b/puppet/modules/postgresql/spec/acceptance/default_parameters_spec.rb index eb132e4..ea4ccc8 100755 --- a/puppet/modules/postgresql/spec/acceptance/default_parameters_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/default_parameters_spec.rb @@ -2,14 +2,13 @@ # These tests are designed to ensure that the module, when ran with defaults, # sets up everything correctly and allows us to connect to Postgres. -describe 'postgresql::server', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'postgresql::server' do it 'with defaults' do pp = <<-MANIFEST class { 'postgresql::server': } MANIFEST - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) + idempotent_apply(pp) end describe port(5432) do diff --git a/puppet/modules/postgresql/spec/acceptance/nodesets/centos-7-x64.yml b/puppet/modules/postgresql/spec/acceptance/nodesets/centos-7-x64.yml deleted file mode 100755 index 5eebdef..0000000 --- a/puppet/modules/postgresql/spec/acceptance/nodesets/centos-7-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - centos-7-x64: - roles: - - agent - - default - platform: el-7-x86_64 - hypervisor: vagrant - box: puppetlabs/centos-7.2-64-nocm -CONFIG: - type: foss diff --git a/puppet/modules/postgresql/spec/acceptance/nodesets/debian-8-x64.yml b/puppet/modules/postgresql/spec/acceptance/nodesets/debian-8-x64.yml deleted file mode 100755 index fef6e63..0000000 --- a/puppet/modules/postgresql/spec/acceptance/nodesets/debian-8-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - debian-8-x64: - roles: - - agent - - default - platform: debian-8-amd64 - hypervisor: vagrant - box: puppetlabs/debian-8.2-64-nocm -CONFIG: - type: foss diff --git a/puppet/modules/postgresql/spec/acceptance/nodesets/default.yml b/puppet/modules/postgresql/spec/acceptance/nodesets/default.yml deleted file mode 100755 index dba339c..0000000 --- a/puppet/modules/postgresql/spec/acceptance/nodesets/default.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - ubuntu-1404-x64: - roles: - - agent - - default - platform: ubuntu-14.04-amd64 - hypervisor: vagrant - box: puppetlabs/ubuntu-14.04-64-nocm -CONFIG: - type: foss diff --git a/puppet/modules/postgresql/spec/acceptance/nodesets/docker/centos-7.yml b/puppet/modules/postgresql/spec/acceptance/nodesets/docker/centos-7.yml deleted file mode 100755 index a3333aa..0000000 --- a/puppet/modules/postgresql/spec/acceptance/nodesets/docker/centos-7.yml +++ /dev/null @@ -1,12 +0,0 @@ -HOSTS: - centos-7-x64: - platform: el-7-x86_64 - hypervisor: docker - image: centos:7 - docker_preserve_image: true - docker_cmd: '["/usr/sbin/init"]' - # install various tools required to get the image up to usable levels - docker_image_commands: - - 'yum install -y crontabs tar wget openssl sysvinit-tools iproute which initscripts' -CONFIG: - trace_limit: 200 diff --git a/puppet/modules/postgresql/spec/acceptance/nodesets/docker/debian-8.yml b/puppet/modules/postgresql/spec/acceptance/nodesets/docker/debian-8.yml deleted file mode 100755 index df5c319..0000000 --- a/puppet/modules/postgresql/spec/acceptance/nodesets/docker/debian-8.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - debian-8-x64: - platform: debian-8-amd64 - hypervisor: docker - image: debian:8 - docker_preserve_image: true - docker_cmd: '["/sbin/init"]' - docker_image_commands: - - 'apt-get update && apt-get install -y net-tools wget locales strace lsof && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen' -CONFIG: - trace_limit: 200 diff --git a/puppet/modules/postgresql/spec/acceptance/nodesets/docker/ubuntu-14.04.yml b/puppet/modules/postgresql/spec/acceptance/nodesets/docker/ubuntu-14.04.yml deleted file mode 100755 index b1efa58..0000000 --- a/puppet/modules/postgresql/spec/acceptance/nodesets/docker/ubuntu-14.04.yml +++ /dev/null @@ -1,12 +0,0 @@ -HOSTS: - ubuntu-1404-x64: - platform: ubuntu-14.04-amd64 - hypervisor: docker - image: ubuntu:14.04 - docker_preserve_image: true - docker_cmd: '["/sbin/init"]' - docker_image_commands: - # ensure that upstart is booting correctly in the container - - 'rm /usr/sbin/policy-rc.d && rm /sbin/initctl && dpkg-divert --rename --remove /sbin/initctl && apt-get update && apt-get install -y net-tools wget && locale-gen en_US.UTF-8' -CONFIG: - trace_limit: 200 diff --git a/puppet/modules/postgresql/spec/acceptance/overridden_settings_spec.rb b/puppet/modules/postgresql/spec/acceptance/overridden_settings_spec.rb index 0a76da4..b2f26ae 100755 --- a/puppet/modules/postgresql/spec/acceptance/overridden_settings_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/overridden_settings_spec.rb @@ -2,8 +2,9 @@ # These tests are designed to ensure that the module, when ran overrides, # sets up everything correctly and allows us to connect to Postgres. -describe 'postgresql::server', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - pp = <<-MANIFEST +describe 'postgresql::server' do + let(:pp) do + <<-MANIFEST class { 'postgresql::server': roles => { 'testusername' => { @@ -29,25 +30,12 @@ class { 'postgresql::server': owner => 'testusername', } MANIFEST - - it 'with additional hiera entries' do - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) - end - - describe port(5432) do - it { is_expected.to be_listening } end - it 'can connect with psql' do - psql('--command="\l" postgres', 'postgres') do |r| - expect(r.stdout).to match(%r{List of databases}) - end - end - - it 'can connect with psql as testusername' do - shell('PGPASSWORD=supersecret psql -U testusername -h localhost --command="\l"') do |r| - expect(r.stdout).to match(%r{List of databases}) - end + it 'with additional hiera entries' do + idempotent_apply(pp) + expect(port(5432)).to be_listening + expect(psql('--command="\l" postgres', 'postgres').stdout).to match(%r{List of databases}) + expect(run_shell('PGPASSWORD=supersecret psql -U testusername -h localhost --command="\l"').stdout).to match 'List of databases' end end diff --git a/puppet/modules/postgresql/spec/acceptance/postgresql_conn_validator_spec.rb b/puppet/modules/postgresql/spec/acceptance/postgresql_conn_validator_spec.rb index 1b718b2..21bf221 100755 --- a/puppet/modules/postgresql/spec/acceptance/postgresql_conn_validator_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/postgresql_conn_validator_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'postgresql_conn_validator', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'postgresql_conn_validator' do let(:install_pp) do <<-MANIFEST class { 'postgresql::server': @@ -34,8 +34,7 @@ class { 'postgresql::server': } MANIFEST - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) + idempotent_apply(pp) end it 'works with connect settings hash' do @@ -53,8 +52,7 @@ class { 'postgresql::server': } MANIFEST - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) + idempotent_apply(pp) end it 'fails gracefully' do diff --git a/puppet/modules/postgresql/spec/acceptance/postgresql_psql_spec.rb b/puppet/modules/postgresql/spec/acceptance/postgresql_psql_spec.rb index 7f5ce79..fe13cdb 100755 --- a/puppet/modules/postgresql/spec/acceptance/postgresql_psql_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/postgresql_psql_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'postgresql_psql', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'postgresql_psql' do pp_one = <<-MANIFEST class { 'postgresql::server': } -> postgresql_psql { 'foobar': @@ -38,8 +38,7 @@ class { 'postgresql::server': } -> } MANIFEST it 'does not run SQL when the unless query returns rows' do - apply_manifest(pp_three, catch_failures: true) - apply_manifest(pp_three, catch_changes: true) + idempotent_apply(pp_three) end pp_four = <<-MANIFEST @@ -69,8 +68,7 @@ class { 'postgresql::server': } -> } MANIFEST it 'does not run SQL when the unless query returns no rows' do - apply_manifest(pp_five, catch_failures: true) - apply_manifest(pp_five, catch_changes: true) + idempotent_apply(pp_five) end pp_six = <<-MANIFEST.unindent @@ -166,8 +164,7 @@ class { 'postgresql::server': } -> } MANIFEST - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, expect_changes: false) + idempotent_apply(pp) end end end diff --git a/puppet/modules/postgresql/spec/acceptance/remote_access_spec.rb b/puppet/modules/postgresql/spec/acceptance/remote_access_spec.rb deleted file mode 100755 index f801f37..0000000 --- a/puppet/modules/postgresql/spec/acceptance/remote_access_spec.rb +++ /dev/null @@ -1,71 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'remote-access', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - before(:each) do - skip 'These tests require the spec/acceptance/nodesets/centos-64-x64-2-hosts nodeset' - end - - describe 'configuring multi-node postgresql' do - # Get the database's IP to connect to from the database - let(:database_ip_address) do - hosts_as('database').reduce({}) do |_memo, host| - fact_on host, 'ipaddress_eth1' - end - end - - hosts_as('database').each do |host| - pp_one = <<-MANIFEST - # Stop firewall so we can easily connect - service {'iptables': - ensure => 'stopped', - } - - class { 'postgresql::server': - ip_mask_allow_all_users => '0.0.0.0/0', - listen_addresses => '*', - } - - postgresql::server::db { 'puppet': - user => 'puppet', - password => postgresql_password('puppet', 'puppet'), - } - - postgresql::server::pg_hba_rule { 'allow full yolo access password': - type => 'host', - database => 'all', - user => 'all', - address => '0.0.0.0/0', - auth_method => 'password', - order => '002', - } - MANIFEST - it "should be able to configure a host as database on #{host}" do - apply_manifest_on(host, pp_one, catch_failures: true) - end - end - - hosts_as('client').each do |host| - pp_two = <<-MANIFEST - class { 'postgresql::client':} - - $connection_settings = { - 'PGUSER' => "puppet", - 'PGPASSWORD' => "puppet", - 'PGHOST' => "#{database_ip_address}", - 'PGPORT' => "5432", - 'PGDATABASE' => "puppet", - } - - postgresql_psql { 'run using connection_settings': - command => 'select 1', - psql_user => 'root', - psql_group => 'root', - connect_settings => $connection_settings, - } - MANIFEST - it "should be able to configure a host as client on #{host} and then access database" do - apply_manifest_on(host, pp_two, catch_failures: true) - end - end - end -end diff --git a/puppet/modules/postgresql/spec/acceptance/server/config_entry_spec.rb b/puppet/modules/postgresql/spec/acceptance/server/config_entry_spec.rb index 7e35bf8..35e22fa 100755 --- a/puppet/modules/postgresql/spec/acceptance/server/config_entry_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/server/config_entry_spec.rb @@ -1,39 +1,22 @@ require 'spec_helper_acceptance' describe 'postgresql::server::config_entry' do - let(:pp_setup) do - <<-MANIFEST - class { 'postgresql::server': - postgresql_conf_path => '/tmp/postgresql.conf', - } - MANIFEST - end - context 'unix_socket_directories' do let(:pp_test) do - pp_setup + <<-MANIFEST + <<-MANIFEST + class { 'postgresql::server': + postgresql_conf_path => '/tmp/postgresql.conf', + } + postgresql::server::config_entry { 'unix_socket_directories': value => '/var/socket/, /root/' } MANIFEST end - # get postgresql version - apply_manifest("class { 'postgresql::server': }") - result = shell('psql --version') - version = result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] - - if version >= '9.3' - it 'is expected to run idempotently' do - apply_manifest(pp_test, catch_failures: true) - apply_manifest(pp_test, catch_changes: true) - end - - it 'is expected to contain directories' do - shell('cat /tmp/postgresql.conf') do |output| - expect(output.stdout).to contain("unix_socket_directories = '/var/socket/, /root/'") - end - end + it 'is expected to run idempotently' do + idempotent_apply(pp_test) + expect(run_shell('cat /tmp/postgresql.conf').stdout).to match "unix_socket_directories = '/var/socket/, /root/'" end end end diff --git a/puppet/modules/postgresql/spec/acceptance/server/grant_role_spec.rb b/puppet/modules/postgresql/spec/acceptance/server/grant_role_spec.rb index b8da0ad..9515780 100755 --- a/puppet/modules/postgresql/spec/acceptance/server/grant_role_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/server/grant_role_spec.rb @@ -1,12 +1,12 @@ require 'spec_helper_acceptance' -describe 'postgresql::server::grant_role:', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'postgresql::server::grant_role:' do let(:db) { 'grant_role_test' } let(:user) { 'psql_grant_role_tester' } let(:group) { 'test_group' } let(:password) { 'psql_grant_role_pw' } let(:version) do - if fact('osfamily') == 'RedHat' && fact('operatingsystemrelease') =~ %r{5} + if os[:family] == 'redhat' && os[:release].start_with?('5') '8.1' end end @@ -65,60 +65,6 @@ class { 'postgresql::server': } MANIFEST end let(:pp_two) do - <<-MANIFEST.unindent - $db = #{db} - $user = #{user} - $group = #{group} - $password = #{password} - $version = '#{version}' - - class { 'postgresql::server': } - - # Since we are not testing pg_hba or any of that, make a local user for ident auth - user { $user: - ensure => present, - } - - postgresql::server::role { $user: - password_hash => postgresql_password($user, $password), - } - - postgresql::server::database { $db: - owner => $user, - require => Postgresql::Server::Role[$user], - } - - # Lets setup the base rules - $local_auth_option = $version ? { - '8.1' => 'sameuser', - default => undef, - } - - # Create a rule for the user - postgresql::server::pg_hba_rule { "allow ${user}": - type => 'local', - database => $db, - user => $user, - auth_method => 'ident', - auth_option => $local_auth_option, - order => 1, - } - - # Create a role to grant to the user - postgresql::server::role { $group: - db => $db, - login => false, - require => Postgresql::Server::Database[$db], - } - - # Grant the role to the user - postgresql::server::grant_role { "grant_role ${group} to ${user}": - role => $user, - group => $group, - } - MANIFEST - end - let(:pp_three) do <<-MANIFEST $db = "#{db}" $user = "#{user}" @@ -178,7 +124,7 @@ class { 'postgresql::server': } } MANIFEST end - let(:pp_four) do + let(:pp_three) do <<-MANIFEST $db = "#{db}" $user = "#{user}" @@ -210,24 +156,15 @@ class { 'postgresql::server': } MANIFEST end - it 'grants a role to a user' do + it 'grants a role to a user/superuser' do begin - apply_manifest(pp_one, catch_failures: true) - apply_manifest(pp_one, catch_changes: true) + idempotent_apply(pp_one) ## Check that the role was granted to the user psql('--command="SELECT 1 WHERE pg_has_role(\'psql_grant_role_tester\', \'test_group\', \'MEMBER\') = true" grant_role_test', 'psql_grant_role_tester') do |r| expect(r.stdout).to match(%r{\(1 row\)}) expect(r.stderr).to eq('') end - end - end - - it 'grants a role to a superuser' do - begin - apply_manifest(pp_two, catch_failures: true) - apply_manifest(pp_two, catch_changes: true) - ## Check that the role was granted to the user psql('--command="SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = \'test_group\' AND r_role.rolname = \'psql_grant_role_tester\'" grant_role_test', 'psql_grant_role_tester') do |r| # rubocop:disable Metrics/LineLength expect(r.stdout).to match(%r{\(1 row\)}) @@ -238,8 +175,8 @@ class { 'postgresql::server': } it 'revokes a role from a user' do begin - apply_manifest(pp_three, catch_failures: true) - apply_manifest(pp_three, expect_changes: true) + apply_manifest(pp_two, catch_failures: true) + apply_manifest(pp_two, expect_changes: true) psql('--command="SELECT 1 WHERE pg_has_role(\'psql_grant_role_tester\', \'test_group\', \'MEMBER\') = true" grant_role_test', 'psql_grant_role_tester') do |r| expect(r.stdout).to match(%r{\(0 rows\)}) @@ -250,7 +187,7 @@ class { 'postgresql::server': } it 'does not grant permission to a nonexistent user' do begin - apply_manifest(pp_four, expect_failures: true) + apply_manifest(pp_three, expect_failures: true) psql('--command="SELECT 1 WHERE pg_has_role(\'psql_grant_role_tester\', \'test_group\', \'MEMBER\') = true" grant_role_test', 'psql_grant_role_tester') do |r| expect(r.stdout).to match(%r{\(0 rows\)}) diff --git a/puppet/modules/postgresql/spec/acceptance/server/grant_spec.rb b/puppet/modules/postgresql/spec/acceptance/server/grant_spec.rb index 42f8b3d..05aef5f 100755 --- a/puppet/modules/postgresql/spec/acceptance/server/grant_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/server/grant_spec.rb @@ -1,11 +1,10 @@ require 'spec_helper_acceptance' -describe 'postgresql::server::grant:', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'postgresql::server::grant:' do let(:db) { 'grant_priv_test' } let(:owner) { 'psql_grant_priv_owner' } let(:user) { 'psql_grant_priv_tester' } let(:password) { 'psql_grant_role_pw' } - let(:pp_install) { "class {'postgresql::server': }" } let(:pp_setup) do <<-MANIFEST.unindent $db = #{db} @@ -53,7 +52,7 @@ class { 'postgresql::server': } describe 'GRANT * ON LANGUAGE' do # testing grants on language requires a superuser let(:superuser) { 'postgres' } - let(:pp_lang) do + let(:pp) do pp_setup + <<-MANIFEST.unindent postgresql_psql { 'make sure plpgsql exists': command => 'CREATE LANGUAGE plpgsql', @@ -71,42 +70,20 @@ class { 'postgresql::server': } role => $user, db => $db, require => [ Postgresql_psql['make sure plpgsql exists'], - Postgresql::Server::Role[$user], ] - } - MANIFEST - end - let(:pp_onlyif) do - pp_setup + <<-MANIFEST.unindent - postgresql::server::grant { 'grant usage on BSql': - psql_user => '#{superuser}', - privilege => 'USAGE', - object_type => 'LANGUAGE', - object_name => 'bsql', - role => $user, - db => $db, + Postgresql::Server::Role[$user], ], onlyif_exists => true, - } + } MANIFEST end it 'is expected to run idempotently' do - apply_manifest(pp_install) - - # postgres version - result = shell('psql --version') - version = result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] - - if version >= '8.4.0' - apply_manifest(pp_lang, catch_failures: true) - apply_manifest(pp_lang, catch_changes: true) + if Gem::Version.new(postgresql_version) >= Gem::Version.new('8.4.0') + idempotent_apply(pp) end end it 'is expected to GRANT USAGE ON LANGUAGE plpgsql to ROLE' do - result = shell('psql --version') - version = result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] - - if version >= '8.4.0' + if Gem::Version.new(postgresql_version) >= Gem::Version.new('8.4.0') ## Check that the privilege was granted to the user psql("-d #{db} --command=\"SELECT 1 WHERE has_language_privilege('#{user}', 'plpgsql', 'USAGE')\"", superuser) do |r| expect(r.stdout).to match(%r{\(1 row\)}) @@ -114,26 +91,12 @@ class { 'postgresql::server': } end end end - - # test onlyif_exists function - it 'is expected to not GRANT USAGE ON (dummy)LANGUAGE BSql to ROLE' do - apply_manifest(pp_install) - - # postgres version - result = shell('psql --version') - version = result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] - - if version >= '8.4.0' - apply_manifest(pp_onlyif, catch_failures: true) - apply_manifest(pp_onlyif, catch_changes: true) - end - end end end ### SEQUENCE grants context 'sequence' do - let(:pp_one) do + let(:pp) do pp_setup + <<-MANIFEST.unindent postgresql_psql { 'create test sequence': command => 'CREATE SEQUENCE test_seq', @@ -152,17 +115,6 @@ class { 'postgresql::server': } require => [ Postgresql_psql['create test sequence'], Postgresql::Server::Role[$user], ] } - MANIFEST - end - let(:pp_two) do - pp_setup + <<-MANIFEST.unindent - postgresql_psql { 'create test sequence': - command => 'CREATE SEQUENCE test_seq', - db => $db, - psql_user => $owner, - unless => "SELECT 1 FROM information_schema.sequences WHERE sequence_name = 'test_seq'", - require => Postgresql::Server::Database[$db], - } postgresql::server::grant { 'grant update on test_seq': privilege => 'UPDATE', @@ -175,37 +127,17 @@ class { 'postgresql::server': } } MANIFEST end - let(:result) do - shell('psql --version') - end - let(:version) do - result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] - end - before(:each) do - apply_manifest(pp_install, catch_failures: true) - end - - it 'grants usage on a sequence to a user' do + it 'grants usage/update on a sequence to a user' do begin - if version >= '9.0' - apply_manifest(pp_one, catch_failures: true) - apply_manifest(pp_one, catch_changes: true) + if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.0') + idempotent_apply(pp) ## Check that the privilege was granted to the user psql("-d #{db} --command=\"SELECT 1 WHERE has_sequence_privilege('#{user}', 'test_seq', 'USAGE')\"", user) do |r| expect(r.stdout).to match(%r{\(1 row\)}) expect(r.stderr).to eq('') end - end - end - end - - it 'grants update on a sequence to a user' do - begin - if version >= '9.0' - apply_manifest(pp_two, catch_failures: true) - apply_manifest(pp_two, catch_changes: true) ## Check that the privilege was granted to the user psql("-d #{db} --command=\"SELECT 1 WHERE has_sequence_privilege('#{user}', 'test_seq', 'UPDATE')\"", user) do |r| @@ -218,7 +150,7 @@ class { 'postgresql::server': } end context 'all sequences' do - let(:pp_one) do + let(:pp) do pp_setup + <<-MANIFEST.unindent postgresql_psql { 'create test sequences': @@ -238,20 +170,8 @@ class { 'postgresql::server': } require => [ Postgresql_psql['create test sequences'], Postgresql::Server::Role[$user], ] } - MANIFEST - end - let(:pp_two) do - pp_setup + <<-MANIFEST.unindent - - postgresql_psql { 'create test sequences': - command => 'CREATE SEQUENCE test_seq2; CREATE SEQUENCE test_seq3;', - db => $db, - psql_user => $owner, - unless => "SELECT 1 FROM information_schema.sequences WHERE sequence_name = 'test_seq2'", - require => Postgresql::Server::Database[$db], - } - postgresql::server::grant { 'grant usage on all sequences': + postgresql::server::grant { 'grant update on all sequences': privilege => 'UPDATE', object_type => 'ALL SEQUENCES IN SCHEMA', object_name => 'public', @@ -262,40 +182,90 @@ class { 'postgresql::server': } } MANIFEST end - let(:result) do - shell('psql --version') - end - let(:version) do - result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] - end - - before(:each) do - apply_manifest(pp_install, catch_failures: true) - end it 'grants usage on all sequences to a user' do begin - if version >= '9.0' - apply_manifest(pp_one, catch_failures: true) - apply_manifest(pp_one, catch_changes: true) + if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.0') + idempotent_apply(pp) - ## Check that the privileges were granted to the user, this check is not available on version < 9.0 + ## Check that the privileges were granted to the user, this check is not available on postgresql_version < 9.0 psql("-d #{db} --command=\"SELECT 1 WHERE has_sequence_privilege('#{user}', 'test_seq2', 'USAGE') AND has_sequence_privilege('#{user}', 'test_seq3', 'USAGE')\"", user) do |r| expect(r.stdout).to match(%r{\(1 row\)}) expect(r.stderr).to eq('') end + + ## Check that the privileges were granted to the user + psql("-d #{db} --command=\"SELECT 1 WHERE has_sequence_privilege('#{user}', 'test_seq2', 'UPDATE') AND has_sequence_privilege('#{user}', 'test_seq3', 'UPDATE')\"", user) do |r| + expect(r.stdout).to match(%r{\(1 row\)}) + expect(r.stderr).to eq('') + end end end end + end + ### FUNCTION grants + context 'sequence' do + let(:pp) do + pp_setup + <<-MANIFEST.unindent + postgresql_psql { 'create test function': + command => "CREATE FUNCTION test_func() RETURNS boolean AS 'SELECT true' LANGUAGE 'sql'", + db => $db, + psql_user => $owner, + unless => "SELECT 1 FROM information_schema.routines WHERE routine_name = 'test_func'", + require => Postgresql::Server::Database[$db], + } - it 'grants update on all sequences to a user' do + postgresql::server::grant { 'grant execute on test_func': + privilege => 'EXECUTE', + object_type => 'FUNCTION', + object_name => 'test_func', + db => $db, + role => $user, + require => [ Postgresql_psql['create test function'], + Postgresql::Server::Role[$user], ] + } + + postgresql_psql { 'create test function with argument': + command => "CREATE FUNCTION test_func_with_arg(val integer) RETURNS integer AS 'SELECT val + 1' LANGUAGE 'sql'", + db => $db, + psql_user => $owner, + unless => "SELECT 1 FROM (SELECT format('%I.%I(%s)', ns.nspname, p.proname, oidvectortypes(p.proargtypes)) as func_with_args FROM pg_proc p INNER JOIN pg_namespace ns ON (p.pronamespace = ns.oid) WHERE ns.nspname not in ('pg_catalog', 'information_schema')) as funclist WHERE func_with_args='public.test_func_with_arg(integer)'", + require => Postgresql::Server::Database[$db], + } + + postgresql::server::grant { 'grant execute on test_func_with_arg': + privilege => 'EXECUTE', + object_type => 'FUNCTION', + object_name => 'test_func_with_arg', + object_arguments => ['integer'], + db => $db, + role => $user, + require => [ Postgresql_psql['create test function with argument'], + Postgresql::Server::Role[$user], ] + } + MANIFEST + end + + it 'grants execute on a function to a user' do begin - if version >= '9.0' - apply_manifest(pp_two, catch_failures: true) - apply_manifest(pp_two, catch_changes: true) + if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.0') + idempotent_apply(pp) - ## Check that the privileges were granted to the user - psql("-d #{db} --command=\"SELECT 1 WHERE has_sequence_privilege('#{user}', 'test_seq2', 'UPDATE') AND has_sequence_privilege('#{user}', 'test_seq3', 'UPDATE')\"", user) do |r| + ## Check that the privilege was granted to the user + psql("-d #{db} --command=\"SELECT 1 WHERE has_function_privilege('#{user}', 'test_func()', 'EXECUTE')\"", user) do |r| + expect(r.stdout).to match(%r{\(1 row\)}) + expect(r.stderr).to eq('') + end + end + end + end + it 'grants execute on a function with argument to a user' do + begin + if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.0') + idempotent_apply(pp) + + ## Check that the privilege was granted to the user + psql("-d #{db} --command=\"SELECT 1 WHERE has_function_privilege('#{user}', 'test_func_with_arg(integer)', 'EXECUTE')\"", user) do |r| expect(r.stdout).to match(%r{\(1 row\)}) expect(r.stderr).to eq('') end @@ -315,12 +285,26 @@ class { 'postgresql::server': } unless => "SELECT table_name FROM information_schema.tables WHERE table_name = 'test_tbl'", require => Postgresql::Server::Database[$db], } + postgresql_psql { 'create test table 2': + command => 'CREATE TABLE test_tbl2 (col1 integer)', + db => $db, + psql_user => $owner, + unless => "SELECT table_name FROM information_schema.tables WHERE table_name = 'test_tbl2'", + require => Postgresql::Server::Database[$db], + } + postgresql_psql { "grant all on table test_tbl2 to ${user}": + command => "GRANT ALL ON TABLE test_tbl2 TO ${user}", + db => $db, + psql_user => $owner, + unless => "SELECT 1 FROM information_schema.role_table_grants WHERE table_name = 'test_tbl2' AND grantee = '${user}' HAVING count(*)>=7", + require => [ Postgresql::Server::Database[$db], Postgresql_psql['create test table 2'], Postgresql::Server::Role[$user] ], + } EOS end it 'grant select on a table to a user' do begin - pp = pp_create_table + <<-EOS.unindent + pp_grant = pp_setup + <<-EOS.unindent postgresql::server::grant { 'grant select on test_tbl': privilege => 'SELECT', @@ -328,12 +312,19 @@ class { 'postgresql::server': } object_name => 'test_tbl', db => $db, role => $user, - require => [ Postgresql_psql['create test table'], - Postgresql::Server::Role[$user], ] + require => [ Postgresql::Server::Role[$user] ], + } + + postgresql::server::table_grant { 'INSERT priviledge to table': + privilege => 'INSERT', + table => 'test_tbl', + db => $db, + role => $user, + require => [ Postgresql::Server::Role[$user] ], } EOS - pp_revoke = pp_create_table + <<-EOS.unindent + pp_revoke = pp_setup + <<-EOS.unindent postgresql::server::grant { 'revoke select on test_tbl': ensure => absent, @@ -342,31 +333,38 @@ class { 'postgresql::server': } object_name => 'test_tbl', db => $db, role => $user, - require => [ Postgresql_psql['create test table'], - Postgresql::Server::Role[$user], ] + require => [ Postgresql::Server::Role[$user] ], } - EOS - apply_manifest(pp_install, catch_failures: true) - - # postgres version - result = shell('psql --version') - version = result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] + postgresql::server::table_grant { 'INSERT priviledge to table': + ensure => absent, + privilege => 'INSERT', + table => 'test_tbl', + db => $db, + role => $user, + require => [ Postgresql::Server::Role[$user] ], + } + EOS - if version >= '9.0' - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) + if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.0') + idempotent_apply(pp_create_table) + idempotent_apply(pp_grant) - ## Check that the privilege was granted to the user + ## Check that the SELECT privilege was granted to the user psql("-d #{db} --tuples-only --command=\"SELECT * FROM has_table_privilege('#{user}', 'test_tbl', 'SELECT')\"", user) do |r| expect(r.stdout).to match(%r{t}) expect(r.stderr).to eq('') end - apply_manifest(pp_revoke, catch_failures: true) - apply_manifest(pp_revoke, catch_changes: true) + ## Check that the INSERT privilege was granted to the user + psql("-d #{db} --tuples-only --command=\"SELECT * FROM has_table_privilege('#{user}', 'test_tbl', 'INSERT')\"", user) do |r| + expect(r.stdout).to match(%r{t}) + end + + idempotent_apply(pp_create_table) + idempotent_apply(pp_revoke) - ## Check that the privilege was revoked from the user + ## Check that the SELECT privilege was revoked from the user psql("-d #{db} --tuples-only --command=\"SELECT * FROM has_table_privilege('#{user}', 'test_tbl', 'SELECT')\"", user) do |r| expect(r.stdout).to match(%r{f}) expect(r.stderr).to eq('') @@ -377,7 +375,7 @@ class { 'postgresql::server': } it 'grant update on all tables to a user' do begin - pp = pp_create_table + <<-EOS.unindent + pp_grant = pp_setup + <<-EOS.unindent postgresql::server::grant { 'grant update on all tables': privilege => 'UPDATE', @@ -385,12 +383,11 @@ class { 'postgresql::server': } object_name => 'public', db => $db, role => $user, - require => [ Postgresql_psql['create test table'], - Postgresql::Server::Role[$user], ] + require => [ Postgresql::Server::Role[$user] ], } EOS - pp_revoke = pp_create_table + <<-EOS.unindent + pp_revoke = pp_setup + <<-EOS.unindent postgresql::server::grant { 'revoke update on all tables': ensure => absent, @@ -399,34 +396,30 @@ class { 'postgresql::server': } object_name => 'public', db => $db, role => $user, - require => [ Postgresql_psql['create test table'], - Postgresql::Server::Role[$user], ] + require => [ Postgresql::Server::Role[$user] ], } EOS - apply_manifest(pp_install, catch_failures: true) - - # postgres version - result = shell('psql --version') - version = result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] - - if version >= '9.0' - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) + if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.0') + ## pp_create_table sets up the permissions that pp_grant 'fixes', so these to steps cannot be rolled into one + idempotent_apply(pp_create_table) + idempotent_apply(pp_grant) ## Check that all privileges were granted to the user psql("-d #{db} --command=\"SELECT table_name,privilege_type FROM information_schema.role_table_grants - WHERE grantee = '#{user}' AND table_schema = 'public'\"", user) do |r| - expect(r.stdout).to match(%r{test_tbl[ |]*UPDATE\s*\(1 row\)}) + WHERE grantee = '#{user}' AND table_schema = 'public' AND privilege_type='UPDATE'\"", user) do |r| + expect(r.stdout).to match(%r{test_tbl[ |]*UPDATE}) + expect(r.stdout).to match(%r{test_tbl2[ |]*UPDATE}) + expect(r.stdout).to match(%r{\(2 rows\)}) expect(r.stderr).to eq('') end - apply_manifest(pp_revoke, catch_failures: true) - apply_manifest(pp_revoke, catch_changes: true) + ## idempotent_apply(pp_create_table) + idempotent_apply(pp_revoke) ## Check that all privileges were revoked from the user psql("-d #{db} --command=\"SELECT table_name,privilege_type FROM information_schema.role_table_grants - WHERE grantee = '#{user}' AND table_schema = 'public'\"", user) do |r| + WHERE grantee = '#{user}' AND table_schema = 'public' AND privilege_type='UPDATE'\"", user) do |r| expect(r.stdout).to match(%r{\(0 rows\)}) expect(r.stderr).to eq('') end @@ -434,35 +427,9 @@ class { 'postgresql::server': } end end - it 'grant insert on single table test' do - begin - # postgres version - result = shell('psql --version') - version = result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] - - if version >= '9.0' - pp = pp_create_table + <<-EOS.unindent - postgresql::server::table_grant { 'INSERT priviledge to table': - privilege => 'INSERT', - table => 'test_tbl', - db => $db, - role => $user, - } - EOS - result = apply_manifest(pp, catch_failures: true) - expect(result.stdout).to match(%r{GRANT INSERT ON TABLE \"test_tbl\" TO \"psql_grant_priv_tester\"}) - - ## Check that the privilege was granted to the user - psql("-d #{db} --tuples-only --command=\"SELECT * FROM has_table_privilege('#{user}', 'test_tbl', 'INSERT')\"", user) do |r| - expect(r.stdout).to match(%r{t}) - end - end - end - end - it 'grant all on all tables to a user' do begin - pp = pp_create_table + <<-EOS.unindent + pp_grant = pp_setup + <<-EOS.unindent postgresql::server::grant { 'grant all on all tables': privilege => 'ALL', @@ -470,12 +437,11 @@ class { 'postgresql::server': } object_name => 'public', db => $db, role => $user, - require => [ Postgresql_psql['create test table'], - Postgresql::Server::Role[$user], ] + require => [ Postgresql::Server::Role[$user] ], } EOS - pp_revoke = pp_create_table + <<-EOS.unindent + pp_revoke = pp_setup + <<-EOS.unindent postgresql::server::grant { 'revoke all on all tables': ensure => absent, @@ -484,20 +450,14 @@ class { 'postgresql::server': } object_name => 'public', db => $db, role => $user, - require => [ Postgresql_psql['create test table'], - Postgresql::Server::Role[$user], ] + require => [ Postgresql::Server::Role[$user] ], } EOS - apply_manifest(pp_install, catch_failures: true) - - # postgres version - result = shell('psql --version') - version = result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] - - if version >= '9.0' - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) + if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.0') + ## pp_create_table sets up the permissions that pp_grant 'fixes', so these to steps cannot be rolled into one + idempotent_apply(pp_create_table) + idempotent_apply(pp_grant) ## Check that all privileges were granted to the user psql("-d #{db} --tuples-only --command=\"SELECT table_name,count(privilege_type) FROM information_schema.role_table_grants @@ -505,11 +465,12 @@ class { 'postgresql::server': } AND privilege_type IN ('SELECT','UPDATE','INSERT','DELETE','TRIGGER','REFERENCES','TRUNCATE') GROUP BY table_name\"", user) do |r| expect(r.stdout).to match(%r{test_tbl[ |]*7$}) + expect(r.stdout).to match(%r{test_tbl2[ |]*7$}) expect(r.stderr).to eq('') end - apply_manifest(pp_revoke, catch_failures: true) - apply_manifest(pp_revoke, catch_changes: true) + ## idempotent_apply(pp_create_table) + idempotent_apply(pp_revoke) ## Check that all privileges were revoked from the user psql("-d #{db} --command=\"SELECT table_name FROM information_schema.role_table_grants @@ -526,12 +487,7 @@ class { 'postgresql::server': } describe 'REVOKE ... ON DATABASE...' do it 'do not fail on revoke connect from non-existant user' do begin - # Test fail's on postgresql versions earlier than 9.1.24 - # postgres version - result = shell('psql --version') - version = result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] - - if version >= '9.1.24' + if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.1.24') apply_manifest(pp_setup, catch_failures: true) pp = pp_setup + <<-EOS.unindent postgresql::server::grant { 'revoke connect on db from norole': @@ -542,8 +498,7 @@ class { 'postgresql::server': } role => '#{user}_does_not_exist', } EOS - apply_manifest(pp, catch_changes: true) - apply_manifest(pp, catch_failures: true) + idempotent_apply(pp) end end end diff --git a/puppet/modules/postgresql/spec/acceptance/server/reassign_owned_by_spec.rb b/puppet/modules/postgresql/spec/acceptance/server/reassign_owned_by_spec.rb index 1f400cd..cd9059e 100755 --- a/puppet/modules/postgresql/spec/acceptance/server/reassign_owned_by_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/server/reassign_owned_by_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'postgresql::server::reassign_owned_by:', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'postgresql::server::reassign_owned_by:' do let(:db) { 'reassign_test' } let(:old_owner) { 'psql_reassign_old_owner' } let(:new_owner) { 'psql_reassign_new_owner' } @@ -104,15 +104,10 @@ class { 'postgresql::server': } it 'reassigns all objects to new_owner' do begin - # postgres version - result = shell('psql --version') - version = result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] - if version >= '9.0' - + if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.0') apply_manifest(pp_setup + pp_db_old_owner + pp_setup_objects, catch_failures: true) - apply_manifest(pp_setup + pp_db_no_owner + pp_reassign_owned_by, catch_failures: true) - apply_manifest(pp_setup + pp_db_no_owner + pp_reassign_owned_by, catch_changes: true) + idempotent_apply(pp_setup + pp_db_no_owner + pp_reassign_owned_by) ## Check that the ownership was transferred psql("-d #{db} --tuples-only --no-align --command=\"SELECT tablename,tableowner FROM pg_catalog.pg_tables WHERE schemaname NOT IN ('pg_catalog', 'information_schema')\"", superuser) do |r| @@ -123,7 +118,7 @@ class { 'postgresql::server': } expect(r.stdout).to match(%r{test_seq.#{new_owner}}) expect(r.stderr).to eq('') end - if version >= '9.3' + if Gem::Version.new(postgresql_version) >= Gem::Version.new('9.3') psql("-d #{db} --tuples-only --no-align --command=\"SELECT pg_get_userbyid(datdba) FROM pg_database WHERE datname = current_database()\"", superuser) do |r| expect(r.stdout).to match(%r{#{new_owner}}) expect(r.stderr).to eq('') diff --git a/puppet/modules/postgresql/spec/acceptance/server/recovery_spec.rb b/puppet/modules/postgresql/spec/acceptance/server/recovery_spec.rb index db20cce..862b2b0 100755 --- a/puppet/modules/postgresql/spec/acceptance/server/recovery_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/server/recovery_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'postgresql::server::recovery', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'postgresql::server::recovery' do describe 'should manage recovery' do after(:all) do pp = <<-MANIFEST.unindent @@ -27,8 +27,7 @@ class { 'postgresql::server': } } MANIFEST it 'adds conf file' do - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) + idempotent_apply(pp) end describe file('/tmp/recovery.conf') do @@ -39,16 +38,6 @@ class { 'postgresql::server': } end describe 'should not create recovery if recovery config not specified' do - after(:all) do - pp = <<-EOS.unindent - file { '/tmp/recovery.conf': - ensure => absent, - } - EOS - - apply_manifest(pp, catch_failures: true) - end - it 'does not add conf file' do pp = <<-EOS.unindent class { 'postgresql::globals': @@ -59,26 +48,7 @@ class { 'postgresql::globals': class { 'postgresql::server': } EOS - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) - end - - describe file('/tmp/recovery.conf') do - it { is_expected.not_to be_file } - end - end - - describe 'should not manage recovery' do - pp = <<-MANIFEST.unindent - class { 'postgresql::globals': - manage_recovery_conf => false, - } - - class { 'postgresql::server': } - MANIFEST - it 'does not add conf file' do - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) + idempotent_apply(pp) end describe file('/tmp/recovery.conf') do diff --git a/puppet/modules/postgresql/spec/acceptance/server/schema_spec.rb b/puppet/modules/postgresql/spec/acceptance/server/schema_spec.rb index 41fcf05..fd6d30a 100755 --- a/puppet/modules/postgresql/spec/acceptance/server/schema_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/server/schema_spec.rb @@ -1,8 +1,8 @@ require 'spec_helper_acceptance' -describe 'postgresql::server::schema:', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'postgresql::server::schema:' do let(:version) do - if fact('osfamily') == 'RedHat' && fact('operatingsystemrelease') =~ %r{5} + if os[:family] == 'redhat' && os[:release].start_with?('5') '8.1' end end @@ -55,8 +55,7 @@ class { 'postgresql::server': } it 'creates a schema for a user' do begin - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) + idempotent_apply(pp) ## Check that the user can create a table in the database psql('--command="create table psql_schema_tester.foo (foo int)" schema_test', 'psql_schema_tester') do |r| diff --git a/puppet/modules/postgresql/spec/acceptance/sql_task_spec.rb b/puppet/modules/postgresql/spec/acceptance/sql_task_spec.rb index 2cc4618..52ebfd4 100755 --- a/puppet/modules/postgresql/spec/acceptance/sql_task_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/sql_task_spec.rb @@ -1,7 +1,7 @@ # run a test task require 'spec_helper_acceptance' -describe 'postgresql task', if: puppet_version =~ %r{(5\.\d\.\d)} && !pe_install? do +describe 'postgresql task' do describe 'sql task' do pp = <<-MANIFEST class { 'postgresql::server': } -> @@ -17,8 +17,9 @@ class { 'postgresql::server': } -> it 'execute some sql' do # equates to 'psql -c "SELECT table_name FROM information_schema.tables WHERE table_schema = 'information_schema';" --password --host localhost --dbname=spec1 --username root1' - result = run_task(task_name: 'postgresql::sql', params: 'sql="SELECT count(table_name) FROM information_schema.tables;" host=localhost user=root1 password=password user=root1 database=spec1') - expect_multiple_regexes(result: result, regexes: [%r{count}, %r{1 row}, %r{Job completed. 1/1 nodes succeeded|Ran on 1 node}]) + result = run_bolt_task('postgresql::sql', 'sql' => 'SELECT count(table_name) FROM information_schema.tables;', 'host' => 'localhost', + 'user' => 'root1', 'password' => 'password', 'database' => 'spec1') + expect(result.stdout).to contain(%r{(1 row)}) end end end diff --git a/puppet/modules/postgresql/spec/acceptance/utf8_encoding_spec.rb b/puppet/modules/postgresql/spec/acceptance/utf8_encoding_spec.rb new file mode 100755 index 0000000..9493e6e --- /dev/null +++ b/puppet/modules/postgresql/spec/acceptance/utf8_encoding_spec.rb @@ -0,0 +1,20 @@ +require 'spec_helper_acceptance' + +describe 'postgresql::server' do + let(:pp) do + <<-MANIFEST + class { 'postgresql::globals': + encoding => 'UTF8', + locale => 'en_NG', + } -> + class { 'postgresql::server': } + MANIFEST + end + + it 'with defaults' do + idempotent_apply(pp) + expect(port(5432)).to be_listening + expect(psql('--command="\l" postgres', 'postgres').stdout).to match(%r{List of databases}) + expect(psql('--command="SELECT pg_encoding_to_char(encoding) FROM pg_database WHERE datname=\'template1\'"').stdout).to match(%r{UTF8}) + end +end diff --git a/puppet/modules/postgresql/spec/acceptance/z_alternative_pgdata_spec.rb b/puppet/modules/postgresql/spec/acceptance/z_alternative_pgdata_spec.rb index b893630..aada318 100755 --- a/puppet/modules/postgresql/spec/acceptance/z_alternative_pgdata_spec.rb +++ b/puppet/modules/postgresql/spec/acceptance/z_alternative_pgdata_spec.rb @@ -3,12 +3,13 @@ # These tests ensure that postgres can change itself to an alternative pgdata # location properly. -# Allow postgresql to use /tmp/* as a datadir -if fact('osfamily') == 'RedHat' && fact('selinux') == 'true' - shell 'setenforce 0' -end +describe 'postgresql::server' do + before(:each) do + if os[:family] == 'sles' + skip "These test's currently do not work on SLES/Suse modules" + end + end -describe 'postgresql::server', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do it 'on an alternative pgdata location' do pp = <<-MAIFEST #file { '/var/lib/pgsql': ensure => directory, } -> @@ -17,8 +18,7 @@ class { 'postgresql::server': datadir => '/tmp/data', needs_initdb => true } MAIFEST - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) + idempotent_apply(pp) end describe file('/tmp/data') do diff --git a/puppet/modules/postgresql/spec/default_facts.yml b/puppet/modules/postgresql/spec/default_facts.yml index 3248be5..f777abf 100755 --- a/puppet/modules/postgresql/spec/default_facts.yml +++ b/puppet/modules/postgresql/spec/default_facts.yml @@ -2,7 +2,7 @@ # # Facts specified here will override the values provided by rspec-puppet-facts. --- -concat_basedir: "/tmp" ipaddress: "172.16.254.254" +ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" is_pe: false macaddress: "AA:AA:AA:AA:AA:AA" diff --git a/puppet/modules/postgresql/spec/functions/postgresql_escape_spec.rb b/puppet/modules/postgresql/spec/functions/postgresql_escape_spec.rb new file mode 100755 index 0000000..a00f05e --- /dev/null +++ b/puppet/modules/postgresql/spec/functions/postgresql_escape_spec.rb @@ -0,0 +1,5 @@ +require 'spec_helper' + +describe 'postgresql_escape' do + it_behaves_like 'postgresql_escape function' +end diff --git a/puppet/modules/postgresql/spec/functions/postgresql_password_spec.rb b/puppet/modules/postgresql/spec/functions/postgresql_password_spec.rb new file mode 100755 index 0000000..7133c00 --- /dev/null +++ b/puppet/modules/postgresql/spec/functions/postgresql_password_spec.rb @@ -0,0 +1,5 @@ +require 'spec_helper' + +describe 'postgresql_password' do + it_behaves_like 'postgresql_password function' +end diff --git a/puppet/modules/postgresql/spec/functions/postgresql_postgresql_acls_to_resources_hash_spec.rb b/puppet/modules/postgresql/spec/functions/postgresql_postgresql_acls_to_resources_hash_spec.rb new file mode 100755 index 0000000..21a1ee1 --- /dev/null +++ b/puppet/modules/postgresql/spec/functions/postgresql_postgresql_acls_to_resources_hash_spec.rb @@ -0,0 +1,148 @@ +require 'spec_helper' + +describe 'postgresql::postgresql_acls_to_resources_hash' do + it { is_expected.not_to eq(nil) } + context 'individual transform tests' do + it do + input = 'local all postgres ident' + result = { + 'postgresql class generated rule test 0' => { + 'type' => 'local', + 'database' => 'all', + 'user' => 'postgres', + 'auth_method' => 'ident', + 'order' => '100', + }, + } + is_expected.to run.with_params([input], 'test', 100).and_return(result) + end + + it do + input = 'local all root ident' + result = { + 'postgresql class generated rule test 0' => { + 'type' => 'local', + 'database' => 'all', + 'user' => 'root', + 'auth_method' => 'ident', + 'order' => '100', + }, + } + is_expected.to run.with_params([input], 'test', 100).and_return(result) + end + + it do + input_array = ['local all all ident'] + result = { + 'postgresql class generated rule test 0' => { + 'type' => 'local', + 'database' => 'all', + 'user' => 'all', + 'auth_method' => 'ident', + 'order' => '100', + }, + } + is_expected.to run.with_params(input_array, 'test', 100).and_return(result) + end + + it do + input = 'host all all 127.0.0.1/32 md5' + result = { + 'postgresql class generated rule test 0' => { + 'type' => 'host', + 'database' => 'all', + 'user' => 'all', + 'address' => '127.0.0.1/32', + 'auth_method' => 'md5', + 'order' => '100', + }, + } + is_expected.to run.with_params([input], 'test', 100).and_return(result) + end + + it do + input = 'host all all 0.0.0.0/0 md5' + result = { + 'postgresql class generated rule test 0' => { + 'type' => 'host', + 'database' => 'all', + 'user' => 'all', + 'address' => '0.0.0.0/0', + 'auth_method' => 'md5', + 'order' => '100', + }, + } + is_expected.to run.with_params([input], 'test', 100).and_return(result) + end + + it do + input = 'host all all ::1/128 md5' + result = { + 'postgresql class generated rule test 0' => { + 'type' => 'host', + 'database' => 'all', + 'user' => 'all', + 'address' => '::1/128', + 'auth_method' => 'md5', + 'order' => '100', + }, + } + is_expected.to run.with_params([input], 'test', 100).and_return(result) + end + + it do + input = 'host all all 1.1.1.1 255.255.255.0 md5' + result = { + 'postgresql class generated rule test 0' => { + 'type' => 'host', + 'database' => 'all', + 'user' => 'all', + 'address' => '1.1.1.1 255.255.255.0', + 'auth_method' => 'md5', + 'order' => '100', + }, + } + + is_expected.to run.with_params([input], 'test', 100).and_return(result) + end + + it do + input = 'host all all 1.1.1.1 255.255.255.0 ldap ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=example, dc=net"' + result = { + 'postgresql class generated rule test 0' => { + 'type' => 'host', + 'database' => 'all', + 'user' => 'all', + 'address' => '1.1.1.1 255.255.255.0', + 'auth_method' => 'ldap', + 'auth_option' => 'ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=example, dc=net"', + 'order' => '100', + }, + } + + is_expected.to run.with_params([input], 'test', 100).and_return(result) + end + end + + context 'error catching tests' do + it do + is_expected.to run.with_params(['test'], 'test').and_raise_error(%r{expects 3 arguments, got 2}) + end + + it do + is_expected.to run.with_params('test', 'test', 100).and_raise_error(%r{parameter 'acls' expects an Array value, got String}) + end + + it do + is_expected.to run.with_params(['test'], 100, 'test').and_raise_error(%r{parameter 'id' expects a String value, got Integer}) + end + + it do + is_expected.to run.with_params(['test'], 'test', 1).and_raise_error(%r{does not have enough parts}) + end + end + + it 'returns an empty hash when input is empty array' do + is_expected.to run.with_params([], 'test', 100).and_return({}) + end +end diff --git a/puppet/modules/postgresql/spec/functions/postgresql_postgresql_escape_spec.rb b/puppet/modules/postgresql/spec/functions/postgresql_postgresql_escape_spec.rb new file mode 100755 index 0000000..329ae85 --- /dev/null +++ b/puppet/modules/postgresql/spec/functions/postgresql_postgresql_escape_spec.rb @@ -0,0 +1,5 @@ +require 'spec_helper' + +describe 'postgresql::postgresql_escape' do + it_behaves_like 'postgresql_escape function' +end diff --git a/puppet/modules/postgresql/spec/functions/postgresql_postgresql_password_spec.rb b/puppet/modules/postgresql/spec/functions/postgresql_postgresql_password_spec.rb new file mode 100755 index 0000000..ac24fe4 --- /dev/null +++ b/puppet/modules/postgresql/spec/functions/postgresql_postgresql_password_spec.rb @@ -0,0 +1,5 @@ +require 'spec_helper' + +describe 'postgresql::postgresql_password' do + it_behaves_like 'postgresql_password function' +end diff --git a/puppet/modules/postgresql/spec/spec_helper.rb b/puppet/modules/postgresql/spec/spec_helper.rb index e117192..16764b6 100755 --- a/puppet/modules/postgresql/spec/spec_helper.rb +++ b/puppet/modules/postgresql/spec/spec_helper.rb @@ -1,12 +1,13 @@ +# frozen_string_literal: true + +RSpec.configure do |c| + c.mock_with :rspec +end require 'puppetlabs_spec_helper/module_spec_helper' require 'rspec-puppet-facts' -begin - require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) -rescue LoadError => loaderror - warn "Could not require spec_helper_local: #{loaderror.message}" -end +require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) include RspecPuppetFacts @@ -15,15 +16,24 @@ facterversion: Facter.version, } -default_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')) -default_module_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')) +default_fact_files = [ + File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')), + File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')), +] + +default_fact_files.each do |f| + next unless File.exist?(f) && File.readable?(f) && File.size?(f) -if File.exist?(default_facts_path) && File.readable?(default_facts_path) - default_facts.merge!(YAML.safe_load(File.read(default_facts_path))) + begin + default_facts.merge!(YAML.safe_load(File.read(f), [], [], true)) + rescue => e + RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" + end end -if File.exist?(default_module_facts_path) && File.readable?(default_module_facts_path) - default_facts.merge!(YAML.safe_load(File.read(default_module_facts_path))) +# read default_facts and merge them over what is provided by facterdb +default_facts.each do |fact, value| + add_custom_fact fact, value end RSpec.configure do |c| @@ -32,5 +42,21 @@ # set to strictest setting for testing # by default Puppet runs at warning level Puppet.settings[:strict] = :warning + Puppet.settings[:strict_variables] = true + end + c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT'] + c.after(:suite) do + RSpec::Puppet::Coverage.report!(0) end end + +# Ensures that a module is defined +# @param module_name Name of the module +def ensure_module_defined(module_name) + module_name.split('::').reduce(Object) do |last_module, next_module| + last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false) + last_module.const_get(next_module, false) + end +end + +# 'spec_overrides' from sync.yml will appear below this line diff --git a/puppet/modules/postgresql/spec/spec_helper_acceptance.rb b/puppet/modules/postgresql/spec/spec_helper_acceptance.rb index c4a982b..4ac8d7e 100755 --- a/puppet/modules/postgresql/spec/spec_helper_acceptance.rb +++ b/puppet/modules/postgresql/spec/spec_helper_acceptance.rb @@ -1,103 +1,6 @@ -require 'puppet' -require 'beaker-rspec/spec_helper' -require 'beaker-rspec/helpers/serverspec' -require 'beaker/puppet_install_helper' -require 'beaker/module_install_helper' -require 'beaker-task_helper' +# frozen_string_literal: true -run_puppet_install_helper -install_ca_certs unless pe_install? +require 'puppet_litmus' +require 'spec_helper_acceptance_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_acceptance_local.rb')) -UNSUPPORTED_PLATFORMS = ['AIX', 'windows', 'Solaris', 'Suse'].freeze - -install_bolt_on(hosts) unless pe_install? -install_module_on(hosts) -install_module_dependencies_on(hosts) - -DEFAULT_PASSWORD = if default[:hypervisor] == 'vagrant' - 'vagrant' - elsif default[:hypervisor] == 'vcloud' - 'Qu@lity!' - end - -# Class String - unindent - Provide ability to remove indentation from strings, for the purpose of -# left justifying heredoc blocks. -class String - def unindent - gsub(%r{^#{scan(%r{^\s*}).min_by { |l| l.length }}}, '') - end -end - -def shellescape(str) - str = str.to_s - - # An empty argument will be skipped, so return empty quotes. - return "''" if str.empty? - - str = str.dup - - # Treat multibyte characters as is. It is caller's responsibility - # to encode the string in the right encoding for the shell - # environment. - str.gsub!(%r{([^A-Za-z0-9_\-.,:\/@\n])}, '\\\\\\1') - - # A LF cannot be escaped with a backslash because a backslash + LF - # combo is regarded as line continuation and simply ignored. - str.gsub!(%r{\n}, "'\n'") - - str -end - -def psql(psql_cmd, user = 'postgres', exit_codes = [0, 1], &block) - psql = "psql #{psql_cmd}" - shell("su #{shellescape(user)} -c #{shellescape(psql)}", acceptable_exit_codes: exit_codes, &block) -end - -RSpec.configure do |c| - # Readable test descriptions - c.formatter = :documentation - - # Configure all nodes in nodeset - c.before :suite do - run_puppet_access_login(user: 'admin') if pe_install? && puppet_version =~ %r{(5\.\d\.\d)} - # Set up selinux if appropriate. - if fact('osfamily') == 'RedHat' && fact('selinux') == 'true' - pp = <<-EOS - if $::osfamily == 'RedHat' and $::selinux == 'true' { - $semanage_package = $::operatingsystemmajrelease ? { - '5' => 'policycoreutils', - default => 'policycoreutils-python', - } - - package { $semanage_package: ensure => installed } - exec { 'set_postgres': - command => 'semanage port -a -t postgresql_port_t -p tcp 5433', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - subscribe => Package[$semanage_package], - } - } - EOS - - apply_manifest_on(agents, pp, catch_failures: false) - end - - # net-tools required for netstat utility being used by be_listening - if fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') == '7' || - fact('osfamily') == 'Debian' && fact('operatingsystemmajrelease') == '9' || - fact('osfamily') == 'Debian' && fact('operatingsystemmajrelease') == '18.04' - pp = <<-EOS - package { 'net-tools': ensure => installed } - EOS - - apply_manifest_on(agents, pp, catch_failures: false) - end - - hosts.each do |host| - on host, 'chmod 755 /root' - next unless fact_on(host, 'osfamily') == 'Debian' - on host, "echo \"en_US ISO-8859-1\nen_NG.UTF-8 UTF-8\nen_US.UTF-8 UTF-8\n\" > /etc/locale.gen" - on host, '/usr/sbin/locale-gen' - on host, '/usr/sbin/update-locale' - end - end -end +PuppetLitmus.configure! diff --git a/puppet/modules/postgresql/spec/spec_helper_acceptance_local.rb b/puppet/modules/postgresql/spec/spec_helper_acceptance_local.rb new file mode 100755 index 0000000..f73d697 --- /dev/null +++ b/puppet/modules/postgresql/spec/spec_helper_acceptance_local.rb @@ -0,0 +1,61 @@ +# frozen_string_literal: true + +require 'singleton' + +class LitmusHelper + include Singleton + include PuppetLitmus +end + +class String + def unindent + gsub(%r{^#{scan(%r{^\s*}).min_by { |l| l.length }}}, '') + end +end + +RSpec.configure do |c| + c.before :suite do + install_dependencies + end +end + +def install_dependencies + iproute2 = <<-MANIFEST + package { 'iproute2': ensure => installed } + MANIFEST + LitmusHelper.instance.apply_manifest(iproute2) if os[:family] == 'ubuntu' && os[:release].start_with?('18.04') + selinux = <<-MANIFEST + package { 'policycoreutils-python': ensure => installed } + MANIFEST + LitmusHelper.instance.apply_manifest(selinux) if os[:family] == 'redhat' && os[:release].start_with?('6', '7') +end + +def postgresql_version + result = LitmusHelper.instance.run_shell('psql --version') + result.stdout.match(%r{\s(\d{1,2}\.\d)})[1] +end + +def psql(psql_cmd, user = 'postgres', exit_codes = [0, 1], &block) + psql = "psql #{psql_cmd}" + LitmusHelper.instance.run_shell("cd /tmp; su #{shellescape(user)} -c #{shellescape(psql)}", acceptable_exit_codes: exit_codes, &block) +end + +def shellescape(str) + str = str.to_s + + # An empty argument will be skipped, so return empty quotes. + return "''" if str.empty? + + str = str.dup + + # Treat multibyte characters as is. It is caller's responsibility + # to encode the string in the right encoding for the shell + # environment. + str.gsub!(%r{([^A-Za-z0-9_\-.,:\/@\n])}, '\\\\\\1') + + # A LF cannot be escaped with a backslash because a backslash + LF + # combo is regarded as line continuation and simply ignored. + str.gsub!(%r{\n}, "'\n'") + + str +end diff --git a/puppet/modules/postgresql/spec/spec_helper_local.rb b/puppet/modules/postgresql/spec/spec_helper_local.rb index e25a51b..a5ed86a 100755 --- a/puppet/modules/postgresql/spec/spec_helper_local.rb +++ b/puppet/modules/postgresql/spec/spec_helper_local.rb @@ -7,8 +7,71 @@ end end +if ENV['COVERAGE'] == 'yes' + require 'simplecov' + require 'simplecov-console' + require 'codecov' + + SimpleCov.formatters = [ + SimpleCov::Formatter::HTMLFormatter, + SimpleCov::Formatter::Console, + SimpleCov::Formatter::Codecov, + ] + SimpleCov.start do + track_files 'lib/**/*.rb' + + add_filter '/spec' + + # do not track vendored files + add_filter '/vendor' + add_filter '/.vendor' + + # do not track gitignored files + # this adds about 4 seconds to the coverage check + # this could definitely be optimized + add_filter do |f| + # system returns true if exit status is 0, which with git-check-ignore means file is ignored + system("git check-ignore --quiet #{f.filename}") + end + end +end + # Convenience helper for returning parameters for a type from the # catalogue. def param(type, title, param) param_value(catalogue, type, title, param) end + +shared_examples 'postgresql_password function' do + it { is_expected.not_to eq(nil) } + + it { + is_expected.to run.with_params('foo', 'bar').and_return('md596948aad3fcae80c08a35c9b5958cd89') + } + it { + is_expected.to run.with_params('foo', 1234).and_return('md539a0e1b308278a8de5e007cd1f795920') + } + it 'raises an error if there is only 1 argument' do + is_expected.to run.with_params('foo').and_raise_error(StandardError) + end +end + +shared_examples 'postgresql_escape function' do + it { is_expected.not_to eq(nil) } + it { + is_expected.to run.with_params('foo') + .and_return('$$foo$$') + } + it { + is_expected.to run.with_params('fo$$o') + .and_return('$ed$fo$$o$ed$') + } + it { + is_expected.to run.with_params('foo$') + .and_return('$a$foo$$a$') + } + it 'raises an error if there is more than 1 argument' do + is_expected.to run.with_params(['foo'], ['foo']) + .and_raise_error(StandardError) + end +end diff --git a/puppet/modules/postgresql/spec/unit/classes/client_spec.rb b/puppet/modules/postgresql/spec/unit/classes/client_spec.rb index b28d992..7084084 100755 --- a/puppet/modules/postgresql/spec/unit/classes/client_spec.rb +++ b/puppet/modules/postgresql/spec/unit/classes/client_spec.rb @@ -22,7 +22,7 @@ it 'modifies package' do is_expected.to contain_package('postgresql-client').with(ensure: 'absent', name: 'mypackage', - tag: 'postgresql') + tag: 'puppetlabs-postgresql') end it 'has specified validate connexion' do @@ -35,7 +35,7 @@ describe 'with no parameters' do it 'creates package with postgresql tag' do - is_expected.to contain_package('postgresql-client').with(tag: 'postgresql') + is_expected.to contain_package('postgresql-client').with(tag: 'puppetlabs-postgresql') end end diff --git a/puppet/modules/postgresql/spec/unit/classes/lib/java_spec.rb b/puppet/modules/postgresql/spec/unit/classes/lib/java_spec.rb index 4555293..8aed2ac 100755 --- a/puppet/modules/postgresql/spec/unit/classes/lib/java_spec.rb +++ b/puppet/modules/postgresql/spec/unit/classes/lib/java_spec.rb @@ -14,7 +14,7 @@ is_expected.to contain_package('postgresql-jdbc').with( name: 'libpostgresql-jdbc-java', ensure: 'present', - tag: 'postgresql', + tag: 'puppetlabs-postgresql', ) } end @@ -32,7 +32,7 @@ is_expected.to contain_package('postgresql-jdbc').with( name: 'postgresql-jdbc', ensure: 'present', - tag: 'postgresql', + tag: 'puppetlabs-postgresql', ) } describe 'when parameters are supplied' do @@ -44,7 +44,7 @@ is_expected.to contain_package('postgresql-jdbc').with( name: 'somepackage', ensure: 'latest', - tag: 'postgresql', + tag: 'puppetlabs-postgresql', ) } end diff --git a/puppet/modules/postgresql/spec/unit/classes/lib/pgdocs_spec.rb b/puppet/modules/postgresql/spec/unit/classes/lib/pgdocs_spec.rb index 878abac..b531e79 100755 --- a/puppet/modules/postgresql/spec/unit/classes/lib/pgdocs_spec.rb +++ b/puppet/modules/postgresql/spec/unit/classes/lib/pgdocs_spec.rb @@ -14,7 +14,7 @@ is_expected.to contain_package('postgresql-docs').with( name: 'postgresql-docs', ensure: 'present', - tag: 'postgresql', + tag: 'puppetlabs-postgresql', ) } describe 'when parameters are supplied' do @@ -26,7 +26,7 @@ is_expected.to contain_package('postgresql-docs').with( name: 'somepackage', ensure: 'latest', - tag: 'postgresql', + tag: 'puppetlabs-postgresql', ) } end diff --git a/puppet/modules/postgresql/spec/unit/classes/server/config_spec.rb b/puppet/modules/postgresql/spec/unit/classes/server/config_spec.rb index 5e22d05..78bef21 100755 --- a/puppet/modules/postgresql/spec/unit/classes/server/config_spec.rb +++ b/puppet/modules/postgresql/spec/unit/classes/server/config_spec.rb @@ -2,7 +2,7 @@ describe 'postgresql::server::config', type: :class do let(:pre_condition) do - 'include postgresql::server' + 'class { postgresql::server: manage_selinux => true }' end describe 'on RedHat 7' do @@ -16,9 +16,29 @@ id: 'root', path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', selinux: true, + os: { + 'architecture' => 'x86_64', + 'family' => 'RedHat', + 'hardware' => 'x86_64', + 'name' => 'CentOS', + 'release' => { + 'full' => '7.6.1810', + 'major' => '7', + 'minor' => '6', + }, + }, } end + it 'has SELinux port defined' do + is_expected.to contain_package('policycoreutils-python-utils') .with(ensure: 'present') + + is_expected.to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') + .with(unless: '/usr/sbin/semanage port -l | grep -qw 5432') + .that_comes_before('Postgresql::Server::Config_entry[port]') + .that_requires('Package[policycoreutils-python-utils]') + end + it 'has the correct systemd-override file' do is_expected.to contain_file('systemd-override').with( ensure: 'present', path: '/etc/systemd/system/postgresql.service', @@ -65,9 +85,28 @@ class { 'postgresql::server': } id: 'root', path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', selinux: true, + os: { + 'architecture' => 'x86_64', + 'family' => 'RedHat', + 'hardware' => 'x86_64', + 'name' => 'Fedora', + 'release' => { + 'full' => '21', + 'major' => '21', + }, + }, } end + it 'has SELinux port defined' do + is_expected.to contain_package('policycoreutils-python-utils') .with(ensure: 'present') + + is_expected.to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') + .with(unless: '/usr/sbin/semanage port -l | grep -qw 5432') + .that_comes_before('Postgresql::Server::Config_entry[port]') + .that_requires('Package[policycoreutils-python-utils]') + end + it 'has the correct systemd-override file' do is_expected.to contain_file('systemd-override').with( ensure: 'present', path: '/etc/systemd/system/postgresql.service', @@ -103,6 +142,30 @@ class { 'postgresql::server': } end end + describe 'on Amazon' do + let :facts do + { + osfamily: 'RedHat', + operatingsystem: 'Amazon', + operatingsystemrelease: '1.0', + concat_basedir: tmpfilename('server'), + kernel: 'Linux', + id: 'root', + path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + selinux: true, + } + end + + it 'has SELinux port defined' do + is_expected.to contain_package('policycoreutils') .with(ensure: 'present') + + is_expected.to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') + .with(unless: '/usr/sbin/semanage port -l | grep -qw 5432') + .that_comes_before('Postgresql::Server::Config_entry[port]') + .that_requires('Package[policycoreutils]') + end + end + describe 'on Gentoo' do let(:pre_condition) do <<-EOS @@ -125,6 +188,10 @@ class { 'postgresql::server': } } end + it 'does not have SELinux port defined' do + is_expected.not_to contain_exec('/usr/sbin/semanage port -a -t postgresql_port_t -p tcp 5432') + end + it 'has the correct systemd-override file' do is_expected.to contain_file('systemd-override').with( ensure: 'present', path: '/etc/systemd/system/postgresql-9.5.service', diff --git a/puppet/modules/postgresql/spec/unit/classes/server/contrib_spec.rb b/puppet/modules/postgresql/spec/unit/classes/server/contrib_spec.rb index 529357d..fc4c8ab 100755 --- a/puppet/modules/postgresql/spec/unit/classes/server/contrib_spec.rb +++ b/puppet/modules/postgresql/spec/unit/classes/server/contrib_spec.rb @@ -28,13 +28,13 @@ it 'creates package with correct params' do is_expected.to contain_package('postgresql-contrib').with(ensure: 'absent', name: 'mypackage', - tag: 'postgresql') + tag: 'puppetlabs-postgresql') end end describe 'with no parameters' do it 'creates package with postgresql tag' do - is_expected.to contain_package('postgresql-contrib').with(tag: 'postgresql') + is_expected.to contain_package('postgresql-contrib').with(tag: 'puppetlabs-postgresql') end end diff --git a/puppet/modules/postgresql/spec/unit/classes/server/initdb_spec.rb b/puppet/modules/postgresql/spec/unit/classes/server/initdb_spec.rb index 3c05d07..980cffa 100755 --- a/puppet/modules/postgresql/spec/unit/classes/server/initdb_spec.rb +++ b/puppet/modules/postgresql/spec/unit/classes/server/initdb_spec.rb @@ -20,7 +20,29 @@ end it { is_expected.to contain_file('/var/lib/pgsql/data').with_ensure('directory') } + + context 'with (log,manage,xlog)_datadir set to false' do + let :pre_condition do + " + class {'postgresql::server': + manage_logdir => false, + manage_datadir => false, + manage_xlogdir => false, + logdir => '/var/lib/pgsql/data/log', + xlogdir => '/var/lib/pgsql/data/xlog', + } + file {'/var/lib/pgsql/data': ensure => 'directory'} + file {'/var/lib/pgsql/data/log': ensure => 'directory'} + file {'/var/lib/pgsql/data/xlog': ensure => 'directory'} + " + end + + it { is_expected.to contain_file('/var/lib/pgsql/data').with_ensure('directory') } + it { is_expected.to contain_file('/var/lib/pgsql/data/log').with_ensure('directory') } + it { is_expected.to contain_file('/var/lib/pgsql/data/xlog').with_ensure('directory') } + end end + describe 'on Amazon' do let :facts do { @@ -36,6 +58,19 @@ end it { is_expected.to contain_file('/var/lib/pgsql92/data').with_ensure('directory') } + + context 'with manage_datadir set to false' do + let :pre_condition do + " + class {'postgresql::server': + manage_datadir => false, + } + file {'/var/lib/pgsql92/data': ensure => 'directory'} + " + end + + it { is_expected.to contain_file('/var/lib/pgsql92/data').with_ensure('directory') } + end end describe 'exec with module_workdir => /var/tmp' do diff --git a/puppet/modules/postgresql/spec/unit/classes/server/plperl_spec.rb b/puppet/modules/postgresql/spec/unit/classes/server/plperl_spec.rb index c5614fe..721ebdb 100755 --- a/puppet/modules/postgresql/spec/unit/classes/server/plperl_spec.rb +++ b/puppet/modules/postgresql/spec/unit/classes/server/plperl_spec.rb @@ -21,7 +21,7 @@ it { is_expected.to contain_class('postgresql::server::plperl') } it 'creates package' do is_expected.to contain_package('postgresql-plperl').with(ensure: 'present', - tag: 'postgresql') + tag: 'puppetlabs-postgresql') end end @@ -37,7 +37,7 @@ it 'creates package with correct params' do is_expected.to contain_package('postgresql-plperl').with(ensure: 'absent', name: 'mypackage', - tag: 'postgresql') + tag: 'puppetlabs-postgresql') end end end diff --git a/puppet/modules/postgresql/spec/unit/classes/server/plpython_spec.rb b/puppet/modules/postgresql/spec/unit/classes/server/plpython_spec.rb index ea87951..26f6bf9 100755 --- a/puppet/modules/postgresql/spec/unit/classes/server/plpython_spec.rb +++ b/puppet/modules/postgresql/spec/unit/classes/server/plpython_spec.rb @@ -22,7 +22,7 @@ it { is_expected.to contain_class('postgresql::server::plpython') } it 'creates package' do is_expected.to contain_package('postgresql-plpython').with(ensure: 'present', - tag: 'postgresql') + tag: 'puppetlabs-postgresql') end end @@ -38,7 +38,7 @@ it 'creates package with correct params' do is_expected.to contain_package('postgresql-plpython').with(ensure: 'absent', name: 'mypackage', - tag: 'postgresql') + tag: 'puppetlabs-postgresql') end end end diff --git a/puppet/modules/postgresql/spec/unit/classes/server/postgis_spec.rb b/puppet/modules/postgresql/spec/unit/classes/server/postgis_spec.rb index 666d6a9..53cd48f 100755 --- a/puppet/modules/postgresql/spec/unit/classes/server/postgis_spec.rb +++ b/puppet/modules/postgresql/spec/unit/classes/server/postgis_spec.rb @@ -28,13 +28,13 @@ it 'creates package with correct params' do is_expected.to contain_package('postgresql-postgis').with(ensure: 'absent', name: 'mypackage', - tag: 'postgresql') + tag: 'puppetlabs-postgresql') end end describe 'with no parameters' do it 'creates package with postgresql tag' do - is_expected.to contain_package('postgresql-postgis').with(tag: 'postgresql') + is_expected.to contain_package('postgresql-postgis').with(tag: 'puppetlabs-postgresql') end end end diff --git a/puppet/modules/postgresql/spec/unit/classes/server_spec.rb b/puppet/modules/postgresql/spec/unit/classes/server_spec.rb index f202b4f..9cef244 100755 --- a/puppet/modules/postgresql/spec/unit/classes/server_spec.rb +++ b/puppet/modules/postgresql/spec/unit/classes/server_spec.rb @@ -26,6 +26,7 @@ describe 'with no parameters' do it { is_expected.to contain_class('postgresql::params') } it { is_expected.to contain_class('postgresql::server') } + it { is_expected.to contain_file('/var/lib/postgresql/9.4/main') } it { is_expected.to contain_exec('postgresql_reload').with('command' => 'service postgresql reload') } @@ -56,6 +57,28 @@ end end + describe 'service_ensure => true' do + let(:params) do + { + service_ensure: true, + postgres_password: 'new-p@s$word-to-set', + } + end + + it { is_expected.to contain_class('postgresql::params') } + it { is_expected.to contain_class('postgresql::server') } + it { is_expected.to contain_class('postgresql::server::passwd') } + it 'validates connection' do + is_expected.to contain_postgresql_conn_validator('validate_service_is_running') + end + it 'sets postgres password' do + is_expected.to contain_exec('set_postgres_postgrespw').with('command' => '/usr/bin/psql -c "ALTER ROLE \"postgres\" PASSWORD ${NEWPASSWD_ESCAPED}"', + 'user' => 'postgres', + 'environment' => ['PGPASSWORD=new-p@s$word-to-set', 'PGPORT=5432', 'NEWPASSWD_ESCAPED=$$new-p@s$word-to-set$$'], + 'unless' => "/usr/bin/psql -h localhost -p 5432 -c 'select 1' > /dev/null") + end + end + describe 'service_ensure => stopped' do let(:params) { { service_ensure: 'stopped' } } @@ -161,6 +184,9 @@ class { 'postgresql::globals': it 'contains the correct package version' do is_expected.to contain_class('postgresql::repo').with_version('99.5') + is_expected.to contain_file('/var/lib/postgresql/99.5/main') # FIXME: be more precise + is_expected.to contain_concat('/etc/postgresql/99.5/main/pg_hba.conf') # FIXME: be more precise + is_expected.to contain_concat('/etc/postgresql/99.5/main/pg_ident.conf') # FIXME: be more precise end end diff --git a/puppet/modules/postgresql/spec/unit/defines/server/extension_spec.rb b/puppet/modules/postgresql/spec/unit/defines/server/extension_spec.rb index b1f4358..14fe095 100755 --- a/puppet/modules/postgresql/spec/unit/defines/server/extension_spec.rb +++ b/puppet/modules/postgresql/spec/unit/defines/server/extension_spec.rb @@ -144,6 +144,10 @@ } end + it { is_expected.to contain_file('/var/lib/postgresql/8.4/main') } # FIXME: be more precise + it { is_expected.to contain_concat('/etc/postgresql/8.4/main/pg_hba.conf') } # FIXME: be more precise + it { is_expected.to contain_concat('/etc/postgresql/8.4/main/pg_ident.conf') } # FIXME: be more precise + context 'with mandatory arguments only' do it { is_expected.to contain_postgresql_psql('template_postgis2: CREATE EXTENSION "postgis"') @@ -151,3 +155,116 @@ } end end + +describe 'postgresql::server::extension', type: :define do + let :facts do + { + osfamily: 'Debian', + operatingsystem: 'Debian', + operatingsystemrelease: '6.0', + kernel: 'Linux', + concat_basedir: tmpfilename('postgis'), + id: 'root', + path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + + let(:title) { 'pg_repack' } + let(:params) do + { + database: 'postgres', + extension: 'pg_repack', + } + end + + context 'without including postgresql::server' do + let :pre_condition do + "class {'postgresql::server':}" + end + + it { + is_expected.to contain_postgresql_psql('postgres: CREATE EXTENSION "pg_repack"') + .with(db: 'postgres', command: 'CREATE EXTENSION "pg_repack"') + } + end + + context 'default port' do + let :params do + { + database: 'postgres', + extension: 'pg_repack', + } + end + + let :pre_condition do + "class {'postgresql::server':}" + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_postgresql_psql('postgres: CREATE EXTENSION "pg_repack"').with_port('5432') } + end + + context 'port overriden by explicit parameter' do + let :params do + { + database: 'postgres', + extension: 'pg_repack', + port: 1234, + } + end + + let :pre_condition do + "class {'postgresql::server':}" + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_postgresql_psql('postgres: CREATE EXTENSION "pg_repack"').with_port('1234') } + end + + context 'with specific db connection settings' do + let :params do + { + database: 'postgres', + extension: 'pg_repack', + connect_settings: { 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGPORT' => '1234' }, + } + end + + let :pre_condition do + "class {'postgresql::server':}" + end + + it { is_expected.to compile.with_all_deps } + it { + is_expected.to contain_postgresql_psql('postgres: CREATE EXTENSION "pg_repack"') + .with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', 'PGPORT' => '1234') + .with_port(nil) + } + end + + context 'with specific db connection settings - port overriden by explicit parameter' do + let :params do + { + database: 'postgres', + extension: 'pg_repack', + connect_settings: { 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGPORT' => '1234' }, + port: 5678, + } + end + + let :pre_condition do + "class {'postgresql::server':}" + end + + it { is_expected.to compile.with_all_deps } + it { + is_expected.to contain_postgresql_psql('postgres: CREATE EXTENSION "pg_repack"') + .with_connect_settings('PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', 'PGPORT' => '1234') + .with_port('5678') + } + end +end diff --git a/puppet/modules/postgresql/spec/unit/defines/server/grant_spec.rb b/puppet/modules/postgresql/spec/unit/defines/server/grant_spec.rb index 32bda6c..32d2fb9 100755 --- a/puppet/modules/postgresql/spec/unit/defines/server/grant_spec.rb +++ b/puppet/modules/postgresql/spec/unit/defines/server/grant_spec.rb @@ -214,6 +214,106 @@ class {'postgresql::server':} end end + context 'with a role defined to PUBLIC' do + let :params do + { + db: 'test', + role: 'PUBLIC', + privilege: 'all', + object_name: ['myschema', 'mytable'], + object_type: 'table', + } + end + + let :pre_condition do + <<-EOS + class {'postgresql::server':} + postgresql::server::role { 'test': } + EOS + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_postgresql__server__grant('test') } + it { is_expected.to contain_postgresql__server__role('test') } + it do + is_expected.to contain_postgresql_psql('grant:test') + .with_command(%r{GRANT ALL ON TABLE "myschema"."mytable" TO\s* "PUBLIC"}m) + .with_unless(%r{SELECT 1 WHERE has_table_privilege\('public',\s*'myschema.mytable', 'INSERT'\)}m) + end + end + + context 'function' do + let :params do + { + db: 'test', + role: 'test', + privilege: 'execute', + object_name: 'test', + object_arguments: ['text', 'boolean'], + object_type: 'function', + } + end + + let :pre_condition do + "class {'postgresql::server':}" + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_postgresql__server__grant('test') } + it do + is_expected.to contain_postgresql_psql('grant:test') + .with_command(%r{GRANT EXECUTE ON FUNCTION test\(text,boolean\) TO\s* "test"}m) + .with_unless(%r{SELECT 1 WHERE has_function_privilege\('test',\s* 'test\(text,boolean\)', 'EXECUTE'\)}m) + end + end + + context 'function with schema' do + let :params do + { + db: 'test', + role: 'test', + privilege: 'execute', + object_name: ['myschema', 'test'], + object_arguments: ['text', 'boolean'], + object_type: 'function', + } + end + + let :pre_condition do + "class {'postgresql::server':}" + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_postgresql__server__grant('test') } + it do + is_expected.to contain_postgresql_psql('grant:test') + .with_command(%r{GRANT EXECUTE ON FUNCTION myschema.test\(text,boolean\) TO\s* "test"}m) + .with_unless(%r{SELECT 1 WHERE has_function_privilege\('test',\s* 'myschema.test\(text,boolean\)', 'EXECUTE'\)}m) + end + end + + context 'standalone not managing server' do + let :params do + { + db: 'test', + role: 'test', + privilege: 'execute', + object_name: ['myschema', 'test'], + object_arguments: ['text', 'boolean'], + object_type: 'function', + group: 'postgresql', + psql_path: '/usr/bin', + psql_user: 'postgres', + psql_db: 'db', + port: 1542, + connect_settings: {}, + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.not_to contain_class('postgresql::server') } + end + context 'invalid object_type' do let :params do { diff --git a/puppet/modules/postgresql/spec/unit/defines/server/pg_hba_rule_spec.rb b/puppet/modules/postgresql/spec/unit/defines/server/pg_hba_rule_spec.rb index 4c3f977..1637b42 100755 --- a/puppet/modules/postgresql/spec/unit/defines/server/pg_hba_rule_spec.rb +++ b/puppet/modules/postgresql/spec/unit/defines/server/pg_hba_rule_spec.rb @@ -145,4 +145,93 @@ class { 'postgresql::server': } end end end + + context 'order' do + context 'default' do + let :pre_condition do + <<-MANIFEST + class { 'postgresql::server': } + MANIFEST + end + + let :params do + { + type: 'local', + database: 'all', + user: 'all', + auth_method: 'ident', + } + end + + it do + is_expected.to contain_concat__fragment('pg_hba_rule_test').with(order: '150') + end + end + + context 'string' do + let :pre_condition do + <<-MANIFEST + class { 'postgresql::server': } + MANIFEST + end + + let :params do + { + type: 'local', + database: 'all', + user: 'all', + auth_method: 'ident', + order: '12', + } + end + + it do + is_expected.to contain_concat__fragment('pg_hba_rule_test').with(order: '12') + end + end + + context 'short integer' do + let :pre_condition do + <<-MANIFEST + class { 'postgresql::server': } + MANIFEST + end + + let :params do + { + type: 'local', + database: 'all', + user: 'all', + auth_method: 'ident', + order: 12, + } + end + + it do + is_expected.to contain_concat__fragment('pg_hba_rule_test').with(order: '012') + end + end + + context 'long integer' do + let :pre_condition do + <<-MANIFEST + class { 'postgresql::server': } + MANIFEST + end + + let :params do + { + type: 'local', + database: 'all', + user: 'all', + auth_method: 'ident', + order: 1234, + } + end + + it do + is_expected.to contain_concat__fragment('pg_hba_rule_test').with(order: '1234') + end + end + end end diff --git a/puppet/modules/postgresql/spec/unit/defines/server/role_spec.rb b/puppet/modules/postgresql/spec/unit/defines/server/role_spec.rb index ecf4abc..ed24c32 100755 --- a/puppet/modules/postgresql/spec/unit/defines/server/role_spec.rb +++ b/puppet/modules/postgresql/spec/unit/defines/server/role_spec.rb @@ -142,4 +142,34 @@ is_expected.to contain_postgresql_psql('DROP ROLE "test"').that_requires('Class[postgresql::server::service]') end end + + context 'without including postgresql::server' do + it { is_expected.to compile } + it { is_expected.to contain_postgresql__server__role('test') } + end + + context 'standalone not managing server' do + let :params do + { + password_hash: 'new-pa$s', + connect_settings: { 'PGHOST' => 'postgres-db-server', + 'DBVERSION' => '9.1', + 'PGPORT' => '1234', + 'PGUSER' => 'login-user', + 'PGPASSWORD' => 'login-pass' }, + psql_user: 'postgresql', + psql_group: 'postgresql', + psql_path: '/usr/bin', + module_workdir: '/tmp', + db: 'db', + } + end + + let :pre_condition do + '' + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.not_to contain_class('postgresql::server') } + end end diff --git a/puppet/modules/postgresql/spec/unit/defines/server/tablespace_spec.rb b/puppet/modules/postgresql/spec/unit/defines/server/tablespace_spec.rb index e702e2a..256b543 100755 --- a/puppet/modules/postgresql/spec/unit/defines/server/tablespace_spec.rb +++ b/puppet/modules/postgresql/spec/unit/defines/server/tablespace_spec.rb @@ -27,6 +27,7 @@ "class {'postgresql::server':}" end + it { is_expected.to contain_file('/srv/data/foo').with_ensure('directory') } it { is_expected.to contain_postgresql__server__tablespace('test') } it { is_expected.to contain_postgresql_psql('CREATE TABLESPACE "test"').that_requires('Class[postgresql::server::service]') } @@ -40,4 +41,22 @@ it { is_expected.to contain_postgresql_psql('ALTER TABLESPACE "test" OWNER TO "test_owner"') } end + + context 'with manage_location set to false' do + let :params do + { + location: '/srv/data/foo', + manage_location: false, + } + end + + let :pre_condition do + " + class {'postgresql::server':} + file {'/srv/data/foo': ensure => 'directory'} + " + end + + it { is_expected.to contain_file('/srv/data/foo').with_ensure('directory') } + end end diff --git a/puppet/modules/postgresql/spec/unit/functions/postgresql_acls_to_resources_hash_spec.rb b/puppet/modules/postgresql/spec/unit/functions/postgresql_acls_to_resources_hash_spec.rb deleted file mode 100755 index 76df663..0000000 --- a/puppet/modules/postgresql/spec/unit/functions/postgresql_acls_to_resources_hash_spec.rb +++ /dev/null @@ -1,74 +0,0 @@ -require 'spec_helper' - -describe 'postgresql_acls_to_resources_hash', type: :puppet_function do - context 'individual transform tests' do - it do - input = 'local all postgres ident' - result = { 'postgresql class generated rule test 0' => { 'type' => 'local', 'database' => 'all', 'user' => 'postgres', - 'auth_method' => 'ident', 'order' => '100' } } - - is_expected.to run.with_params([input], 'test', 100).and_return(result) - end - - it do - input = 'local all root ident' - result = { 'postgresql class generated rule test 0' => { 'type' => 'local', 'database' => 'all', 'user' => 'root', - 'auth_method' => 'ident', 'order' => '100' } } - - is_expected.to run.with_params([input], 'test', 100).and_return(result) - end - - it do - input_array = ['local all all ident'] - result = { 'postgresql class generated rule test 0' => { 'type' => 'local', 'database' => 'all', 'user' => 'all', - 'auth_method' => 'ident', 'order' => '100' } } - - is_expected.to run.with_params(input_array, 'test', 100).and_return(result) - end - - it do - input = 'host all all 127.0.0.1/32 md5' - result = { 'postgresql class generated rule test 0' => { 'type' => 'host', 'database' => 'all', 'user' => 'all', 'address' => '127.0.0.1/32', - 'auth_method' => 'md5', 'order' => '100' } } - - is_expected.to run.with_params([input], 'test', 100).and_return(result) - end - - it do - input = 'host all all 0.0.0.0/0 md5' - result = { 'postgresql class generated rule test 0' => { 'type' => 'host', 'database' => 'all', 'user' => 'all', 'address' => '0.0.0.0/0', - 'auth_method' => 'md5', 'order' => '100' } } - - is_expected.to run.with_params([input], 'test', 100).and_return(result) - end - - it do - input = 'host all all ::1/128 md5' - result = { 'postgresql class generated rule test 0' => { 'type' => 'host', 'database' => 'all', 'user' => 'all', 'address' => '::1/128', - 'auth_method' => 'md5', 'order' => '100' } } - - is_expected.to run.with_params([input], 'test', 100).and_return(result) - end - - it do - input = 'host all all 1.1.1.1 255.255.255.0 md5' - result = { 'postgresql class generated rule test 0' => { 'type' => 'host', 'database' => 'all', 'user' => 'all', 'address' => '1.1.1.1 255.255.255.0', - 'auth_method' => 'md5', 'order' => '100' } } - - is_expected.to run.with_params([input], 'test', 100).and_return(result) - end - - it do - input = 'host all all 1.1.1.1 255.255.255.0 ldap ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=example, dc=net"' - result = { 'postgresql class generated rule test 0' => { 'type' => 'host', 'database' => 'all', 'user' => 'all', 'address' => '1.1.1.1 255.255.255.0', - 'auth_method' => 'ldap', 'auth_option' => 'ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=example, dc=net"', - 'order' => '100' } } - - is_expected.to run.with_params([input], 'test', 100).and_return(result) - end - end - - it 'returns an empty hash when input is empty array' do - is_expected.to run.with_params([], 'test', 100).and_return({}) - end -end diff --git a/puppet/modules/postgresql/spec/unit/functions/postgresql_escape_spec.rb b/puppet/modules/postgresql/spec/unit/functions/postgresql_escape_spec.rb deleted file mode 100755 index 2edd388..0000000 --- a/puppet/modules/postgresql/spec/unit/functions/postgresql_escape_spec.rb +++ /dev/null @@ -1,21 +0,0 @@ -require 'spec_helper' -describe 'postgresql_escape' do - describe 'postgresql_escape', type: :puppet_function do - it { - is_expected.to run.with_params('foo') - .and_return('$$foo$$') - } - end - describe 'postgresql_escape', type: :puppet_function do - it { - is_expected.to run.with_params('fo$$o') - .and_return('$ed$fo$$o$ed$') - } - end - describe 'postgresql_escape', type: :puppet_function do - it { - is_expected.to run.with_params('foo$') - .and_return('$a$foo$$a$') - } - end -end diff --git a/puppet/modules/postgresql/spec/unit/functions/postgresql_password_spec.rb b/puppet/modules/postgresql/spec/unit/functions/postgresql_password_spec.rb deleted file mode 100755 index aef13ea..0000000 --- a/puppet/modules/postgresql/spec/unit/functions/postgresql_password_spec.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'spec_helper' - -describe 'postgresql_password', type: :puppet_function do - it { - is_expected.to run.with_params('foo', 'bar') - .and_return('md596948aad3fcae80c08a35c9b5958cd89') - } - it { - is_expected.to run.with_params('foo', 1234) - .and_return('md539a0e1b308278a8de5e007cd1f795920') - } -end diff --git a/puppet/modules/postgresql/spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb b/puppet/modules/postgresql/spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb index 93585bd..725f755 100755 --- a/puppet/modules/postgresql/spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb +++ b/puppet/modules/postgresql/spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb @@ -13,7 +13,7 @@ it 'executes with the given psql_path on the given DB' do expect(provider).to receive(:run_command).with(['psql', '-d', - attributes[:db], '-t', '-c', '"SELECT \'something\' as \"Custom column\""'], 'postgres', + attributes[:db], '-t', '-X', '-c', '"SELECT \'something\' as \"Custom column\""'], 'postgres', 'postgres', {}) provider.run_sql_command('SELECT \'something\' as "Custom column"') @@ -33,7 +33,7 @@ it 'executes with the given psql_path on the given DB' do expect(Dir).to receive(:chdir).with(attributes[:cwd]).and_yield expect(provider).to receive(:run_command).with([attributes[:psql_path], - '-d', attributes[:db], '-t', '-c', '"SELECT \'something\' as \"Custom column\""'], + '-d', attributes[:db], '-t', '-X', '-c', '"SELECT \'something\' as \"Custom column\""'], attributes[:psql_user], attributes[:psql_group], {}) provider.run_sql_command('SELECT \'something\' as "Custom column"') @@ -47,7 +47,7 @@ end it 'executes with the given search_path' do - expect(provider).to receive(:run_command).with(['psql', '-t', '-c', + expect(provider).to receive(:run_command).with(['psql', '-t', '-X', '-c', '"set search_path to schema1; SELECT \'something\' as \"Custom column\""'], 'postgres', 'postgres', {}) @@ -62,7 +62,7 @@ end it 'executes with the given search_path' do - expect(provider).to receive(:run_command).with(['psql', '-t', '-c', + expect(provider).to receive(:run_command).with(['psql', '-t', '-X', '-c', '"set search_path to schema1,schema2; SELECT \'something\' as \"Custom column\""'], 'postgres', 'postgres', {}) @@ -77,7 +77,7 @@ it 'executes with the given port' do expect(provider).to receive(:run_command).with(['psql', '-p', '5555', - '-t', '-c', '"SELECT something"'], + '-t', '-X', '-c', '"SELECT something"'], 'postgres', 'postgres', {}) provider.run_sql_command('SELECT something') @@ -88,7 +88,7 @@ it 'executes with the given host' do expect(provider).to receive(:run_command).with(['psql', - '-t', '-c', + '-t', '-X', '-c', '"SELECT something"'], 'postgres', 'postgres', 'PGHOST' => '127.0.0.1') diff --git a/puppet/modules/postgresql/spec/unit/puppet/provider/postgresql_replication_slot/ruby_spec.rb b/puppet/modules/postgresql/spec/unit/puppet/provider/postgresql_replication_slot/ruby_spec.rb index 9b33b64..e5c6c1c 100755 --- a/puppet/modules/postgresql/spec/unit/puppet/provider/postgresql_replication_slot/ruby_spec.rb +++ b/puppet/modules/postgresql/spec/unit/puppet/provider/postgresql_replication_slot/ruby_spec.rb @@ -29,7 +29,10 @@ def | | physical | | | t | | | 0/ context 'when listing instances' do before(:each) do - provider.class.expects(:run_command).with(['psql', '-t', '-c', 'SELECT * FROM pg_replication_slots;'], 'postgres', 'postgres').returns([sql_instances, nil]) + expect(provider.class).to receive(:run_command).with( # rubocop:disable RSpec/ExpectInHook + ['psql', '-t', '-c', 'SELECT * FROM pg_replication_slots;'], + 'postgres', 'postgres' + ).and_return([sql_instances, nil]) end let(:attributes) { {} } let(:instances) { provider.class.instances } @@ -50,10 +53,10 @@ def | | physical | | | t | | | 0/ context 'when creation works' do it 'calls psql and succeed' do - provider.class.expects(:run_command).with( + expect(provider.class).to receive(:run_command).with( ['psql', '-t', '-c', "SELECT * FROM pg_create_physical_replication_slot('standby');"], 'postgres', 'postgres' - ).returns([nil, success_status]) + ).and_return([nil, success_status]) expect { provider.create }.not_to raise_error end @@ -61,10 +64,10 @@ def | | physical | | | t | | | 0/ context 'when creation fails' do it 'calls psql and fail' do - provider.class.expects(:run_command).with( + expect(provider.class).to receive(:run_command).with( ['psql', '-t', '-c', "SELECT * FROM pg_create_physical_replication_slot('standby');"], 'postgres', 'postgres' - ).returns([nil, fail_status]) + ).and_return([nil, fail_status]) expect { provider.create }.to raise_error(Puppet::Error, %r{Failed to create replication slot standby:}) end @@ -76,10 +79,10 @@ def | | physical | | | t | | | 0/ context 'when destruction works' do it 'calls psql and succeed' do - provider.class.expects(:run_command).with( + expect(provider.class).to receive(:run_command).with( ['psql', '-t', '-c', "SELECT pg_drop_replication_slot('standby');"], 'postgres', 'postgres' - ).returns([nil, success_status]) + ).and_return([nil, success_status]) expect { provider.destroy }.not_to raise_error end @@ -87,10 +90,10 @@ def | | physical | | | t | | | 0/ context 'when destruction fails' do it 'calls psql and fail' do - provider.class.expects(:run_command).with( + expect(provider.class).to receive(:run_command).with( ['psql', '-t', '-c', "SELECT pg_drop_replication_slot('standby');"], 'postgres', 'postgres' - ).returns([nil, fail_status]) + ).and_return([nil, fail_status]) expect { provider.destroy }.to raise_error(Puppet::Error, %r{Failed to destroy replication slot standby:}) end diff --git a/puppet/modules/postgresql/templates/systemd-override.erb b/puppet/modules/postgresql/templates/systemd-override.erb index 5a2a31c..cae5101 100755 --- a/puppet/modules/postgresql/templates/systemd-override.erb +++ b/puppet/modules/postgresql/templates/systemd-override.erb @@ -12,3 +12,4 @@ Environment=DATA_DIR=<%= @datadir %> <%- else -%> Environment=PGDATA=<%= @datadir %> <%- end -%> +<%= @extra_systemd_config %> diff --git a/puppet/modules/sw360/templates/couchdb.properties.erb b/puppet/modules/sw360/templates/couchdb.properties.erb index 2c0790d..ba00998 100644 --- a/puppet/modules/sw360/templates/couchdb.properties.erb +++ b/puppet/modules/sw360/templates/couchdb.properties.erb @@ -10,8 +10,8 @@ # N.B this is the default build property file, defined in module build-configuration couchdb.url = http://localhost:5984 -couchdb.user = -couchdb.password = +couchdb.user = admin +couchdb.password = <%= @liferay_admin_password %> couchdb.database = sw360db couchdb.usersdb = sw360users couchdb.attachments = sw360attachments diff --git a/puppet/modules/sw360/templates/couchdb_local.ini.erb b/puppet/modules/sw360/templates/couchdb_local.ini.erb index 757152e..68c943e 100644 --- a/puppet/modules/sw360/templates/couchdb_local.ini.erb +++ b/puppet/modules/sw360/templates/couchdb_local.ini.erb @@ -1,7 +1,3 @@ -; Modifications applied by Siemens AG 2015-2016. -; Modifications for supporting own infrastructure. -; Original file from couchdb project - ; CouchDB Configuration Settings ; Custom settings should be made in this file. They will override settings @@ -10,20 +6,33 @@ [couchdb] ;max_document_size = 4294967296 ; bytes -uuid = 8123d83e39b4cb59c8b8928636842252 -os_process_timeout=60000 - -[external] -fti=/usr/bin/java -jar /opt/couchdb-lucene-*-jar-with-dependencies.jar -search - -[httpd] +;os_process_timeout = 5000 + +[couch_peruser] +; If enabled, couch_peruser ensures that a private per-user database +; exists for each document in _users. These databases are writable only +; by the corresponding user. Databases are in the following form: +; userdb-{hex encoded username} +;enable = true +; If set to true and a user is deleted, the respective database gets +; deleted as well. +;delete_dbs = true +; Set a default q value for peruser-created databases that is different from +; cluster / q +;q = 1 + +[chttpd] port = <%= @couchdb_bind_port %> bind_address = <%= @couchdb_bind_address %> ; Options for the MochiWeb HTTP server. ;server_options = [{backlog, 128}, {acceptor_pool_size, 16}] ; For more socket options, consult Erlang's module 'inet' man page. -;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}] +;socket_options = [{sndbuf, 262144}, {nodelay, true}] +[httpd] +; NOTE that this only configures the "backend" node-local port, not the +; "frontend" clustered port. You probably don't want to change anything in +; this section. ; Uncomment next line to trigger basic-auth popup on unauthorized requests. ;WWW-Authenticate = Basic realm="administrator" @@ -34,51 +43,21 @@ bind_address = <%= @couchdb_bind_address %> ; the whitelist. ;config_whitelist = [{httpd,config_whitelist}, {log,level}, {etc,etc}] -[query_servers] -;nodejs = /usr/local/bin/couchjs-node /path/to/couchdb/share/server/main.js - - -[httpd_global_handlers] -;_google = {couch_httpd_proxy, handle_proxy_req, <<"http://www.google.com">>} -_fti = {couch_httpd_proxy, handle_proxy_req, <<"http://127.0.0.1:<%=@tomcat_port%>/couchdb-lucene">>} - -;[httpd_db_handlers] -;_fti = {couch_httpd_external, handle_external_req, <<"fti">>} - [couch_httpd_auth] ; If you set this to true, you should also uncomment the WWW-Authenticate line ; above. If you don't configure a WWW-Authenticate header, CouchDB will send ; Basic realm="server" in order to prevent you getting logged out. ; require_valid_user = false -[log] -;level = debug - -[log_level_by_module] -; In this section you can specify any of the four log levels 'none', 'info', -; 'error' or 'debug' on a per-module basis. See src/*/*.erl for various -; modules. -;couch_httpd = error - - -[os_daemons] -; For any commands listed here, CouchDB will attempt to ensure that -; the process remains alive. Daemons should monitor their environment -; to know when to exit. This can most easily be accomplished by exiting -; when stdin is closed. -;foo = /path/to/command -with args - -[daemons] -; enable SSL support by uncommenting the following line and supply the PEM's below. -; the default ssl port CouchDB listens on is 6984 -; httpsd = {couch_httpd, start_link, [https]} - [ssl] +;enable = true ;cert_file = /full/path/to/server_cert.pem ;key_file = /full/path/to/server_key.pem ;password = somepassword ; set to true to validate peer certificates -verify_ssl_certificates = false +;verify_ssl_certificates = false +; Set to true to fail if the client does not send a certificate. Only used if verify_ssl_certificates is true. +;fail_if_no_peer_cert = false ; Path to file containing PEM encoded CA certificates (trusted ; certificates used for verifying a peer certificate). May be omitted if ; you do not want to verify the peer. @@ -87,7 +66,16 @@ verify_ssl_certificates = false ; verification fun will be used. ;verify_fun = {Module, VerifyFun} ; maximum peer certificate depth -ssl_certificate_max_depth = 1 +;ssl_certificate_max_depth = 1 +; +; Reject renegotiations that do not live up to RFC 5746. +;secure_renegotiate = true +; The cipher suites that should be supported. +; Can be specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}" +; or in OpenSSL format "ECDHE-ECDSA-AES128-SHA256". +;ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"] +; The SSL/TLS versions to support +;tls_versions = [tlsv1, 'tlsv1.1', 'tlsv1.2'] ; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to ; the Virual Host will be redirected to the path. In the example below all requests @@ -97,9 +85,6 @@ ssl_certificate_max_depth = 1 [vhosts] ;example.com = /database/ -[update_notification] -;indexer=/usr/bin/java -jar /opt/couchdb-lucene-*-jar-with-dependencies.jar -index - ; To create an admin account uncomment the '[admins]' section below and add a ; line in the format 'username = password'. When you next start CouchDB, it ; will change the password to a hash (so that your passwords don't linger @@ -107,4 +92,4 @@ ssl_certificate_max_depth = 1 ; 'username = password' lines. Don't forget to restart CouchDB after ; changing this. [admins] -;admin = mysecretpassword +admin = <%= @liferay_admin_password %> diff --git a/puppet/modules/sw360/templates/couchdb_test.properties.erb b/puppet/modules/sw360/templates/couchdb_test.properties.erb new file mode 100644 index 0000000..8a98820 --- /dev/null +++ b/puppet/modules/sw360/templates/couchdb_test.properties.erb @@ -0,0 +1,29 @@ +# +# Copyright Siemens AG, 2013-2019. Part of the SW360 Portal Project. +# +# All rights reserved. This configuration file is provided to you under the +# terms and conditions of the Eclipse Distribution License v1.0 which +# accompanies this distribution, and is available at +# http://www.eclipse.org/org/documents/edl-v10.php +# + +# N.B this is the default build property file, defined in module build-configuration + +couchdb.url = http://localhost:5984 +couchdb.user = admin +couchdb.password = <%= @liferay_admin_password %> +couchdb.database = sw360_test_db +couchdb.usersdb = sw360_test_users +couchdb.attachments = sw360_test_attachments +couchdb.config = sw360_test_config +couchdb.fossologyKeys = sw360_test_fossologykeys +couchdb.vulnerability_management = sw360_test_vm +lucenesearch.limit = 150 + +# Warning: If you enable lucene leading wildcards you have to enable this configuration also in couchdb-lucene.ini +# leading wildcard search is disabled as default because its a expensive operation. +# couchdb-lucene.ini (is part of the couchdb-lucene .war package) +# [lucene] +# allowLeadingWildcard=true +# see more: https://wiki.apache.org/lucene-java/LuceneFAQ#What_wildcard_search_support_is_available_from_Lucene.3F +lucenesearch.leading.wildcard = true diff --git a/puppet/modules/sw360/templates/databasetest.properties.erb b/puppet/modules/sw360/templates/databasetest.properties.erb new file mode 100644 index 0000000..15cb2a1 --- /dev/null +++ b/puppet/modules/sw360/templates/databasetest.properties.erb @@ -0,0 +1,14 @@ +# +# Copyright Siemens AG, 2013-2019. Part of the SW360 Portal Project. +# +# All rights reserved. This configuration file is provided to you under the +# terms and conditions of the Eclipse Distribution License v1.0 which +# accompanies this distribution, and is available at +# http://www.eclipse.org/org/documents/edl-v10.php +# + +# todo: uses weird properties, should be unified +couchdb_db_url = http://localhost:5984 +couchdb.username = admin +couchdb.password = <%= @liferay_admin_password %> +couchdb_db_database = datahandlertestdb diff --git a/shared/configuration.rb b/shared/configuration.rb index 9bbec59..3016f35 100755 --- a/shared/configuration.rb +++ b/shared/configuration.rb @@ -26,8 +26,8 @@ SW360_default_password="sw360fossy" # admin password for liferay and tomcat SW360_admin_name="setup" # admin account name for liferay (only!) -SW360_vm_name="sw360-bingle" # how the vm is named in your hypervisor -SW360_basebox_name="sw360-bionic" # which base box vagrant should consider +SW360_vm_name="sw360-focal-installed" # how the vm is named in your hypervisor +SW360_basebox_name="sw360-focal" # which base box vagrant should consider SW360_vagrant_user="siemagrant" # the user created and used for the installation process SW360_enable_mellon=false # set to true to prepare for SAML authentication by installing and enabling mod_auth_mellon SW360_use_insecure_Keypair=true # setting this to true forces Vagrant to use the keypair in shared/insecureKeypair diff --git a/shared/scripts/install-bundle-deps.sh b/shared/scripts/install-bundle-deps.sh index d3fb919..b07451d 100755 --- a/shared/scripts/install-bundle-deps.sh +++ b/shared/scripts/install-bundle-deps.sh @@ -17,18 +17,18 @@ echo "-[shell provisioning] start installing bundle dependencies ..." # # coyping all jar files from the required bundle dependencies # -cp /vagrant_shared/packages/commons-codec-1.12.jar /opt/liferay-ce-portal-7.3.3-ga4/deploy/commons-codec-1.12.jar -cp /vagrant_shared/packages/commons-collections4-4.4.jar /opt/liferay-ce-portal-7.3.3-ga4/deploy/commons-collections4-4.4.jar -cp /vagrant_shared/packages/commons-compress-1.20.jar /opt/liferay-ce-portal-7.3.3-ga4/deploy/commons-compress-1.20.jar -cp /vagrant_shared/packages/commons-csv-1.4.jar /opt/liferay-ce-portal-7.3.3-ga4/deploy/commons-csv-1.4.jar -cp /vagrant_shared/packages/commons-io-2.6.jar /opt/liferay-ce-portal-7.3.3-ga4/deploy/commons-io-2.6.jar -cp /vagrant_shared/packages/commons-lang-2.4.jar /opt/liferay-ce-portal-7.3.3-ga4/deploy/commons-lang-2.4.jar -cp /vagrant_shared/packages/commons-logging-1.2.jar /opt/liferay-ce-portal-7.3.3-ga4/deploy/commons-logging-1.2.jar -cp /vagrant_shared/packages/gson-2.8.5.jar /opt/liferay-ce-portal-7.3.3-ga4/deploy/gson-2.8.5.jar -cp /vagrant_shared/packages/guava-21.0.jar /opt/liferay-ce-portal-7.3.3-ga4/deploy/guava-21.0.jar -cp /vagrant_shared/packages/jackson-annotations-2.11.3.jar /opt/liferay-ce-portal-7.3.3-ga4/deploy/jackson-annotations-2.11.3.jar -cp /vagrant_shared/packages/jackson-core-2.11.3.jar /opt/liferay-ce-portal-7.3.3-ga4/deploy/jackson-core-2.11.3.jar -cp /vagrant_shared/packages/jackson-databind-2.11.3.jar /opt/liferay-ce-portal-7.3.3-ga4/deploy/jackson-databind-2.11.3.jar -cp /vagrant_shared/packages/libthrift-0.13.0.jar /opt/liferay-ce-portal-7.3.3-ga4/deploy/libthrift-0.13.0.jar +cp /vagrant_shared/packages/commons-codec-1.12.jar /opt/liferay-ce-portal-7.3.4-ga5/deploy/commons-codec-1.12.jar +cp /vagrant_shared/packages/commons-collections4-4.4.jar /opt/liferay-ce-portal-7.3.4-ga5/deploy/commons-collections4-4.4.jar +cp /vagrant_shared/packages/commons-compress-1.20.jar /opt/liferay-ce-portal-7.3.4-ga5/deploy/commons-compress-1.20.jar +cp /vagrant_shared/packages/commons-csv-1.4.jar /opt/liferay-ce-portal-7.3.4-ga5/deploy/commons-csv-1.4.jar +cp /vagrant_shared/packages/commons-io-2.6.jar /opt/liferay-ce-portal-7.3.4-ga5/deploy/commons-io-2.6.jar +cp /vagrant_shared/packages/commons-lang-2.4.jar /opt/liferay-ce-portal-7.3.4-ga5/deploy/commons-lang-2.4.jar +cp /vagrant_shared/packages/commons-logging-1.2.jar /opt/liferay-ce-portal-7.3.4-ga5/deploy/commons-logging-1.2.jar +cp /vagrant_shared/packages/gson-2.8.5.jar /opt/liferay-ce-portal-7.3.4-ga5/deploy/gson-2.8.5.jar +cp /vagrant_shared/packages/guava-21.0.jar /opt/liferay-ce-portal-7.3.4-ga5/deploy/guava-21.0.jar +cp /vagrant_shared/packages/jackson-annotations-2.11.3.jar /opt/liferay-ce-portal-7.3.4-ga5/deploy/jackson-annotations-2.11.3.jar +cp /vagrant_shared/packages/jackson-core-2.11.3.jar /opt/liferay-ce-portal-7.3.4-ga5/deploy/jackson-core-2.11.3.jar +cp /vagrant_shared/packages/jackson-databind-2.11.3.jar /opt/liferay-ce-portal-7.3.4-ga5/deploy/jackson-databind-2.11.3.jar +cp /vagrant_shared/packages/libthrift-0.13.0.jar /opt/liferay-ce-portal-7.3.4-ga5/deploy/libthrift-0.13.0.jar echo "-[shell provisioning] end of installing bundle dependencies." diff --git a/shared/scripts/install-lucene.sh b/shared/scripts/install-lucene.sh index bf55396..3a0b45e 100755 --- a/shared/scripts/install-lucene.sh +++ b/shared/scripts/install-lucene.sh @@ -24,6 +24,6 @@ pushd /tmp/couchdb-lucene-2.1.0 patch -p1 /dev/null || RESULT=$? From 2af52cb3fe2a8810120a44b3c2859fbcdf8beb3b Mon Sep 17 00:00:00 2001 From: "Michael C. Jaeger" Date: Sat, 17 Apr 2021 23:05:25 +0200 Subject: [PATCH 2/6] feat(updates): couchdb3, ubuntu20, adding oauthclient portlet Signed-off-by: Michael C. Jaeger --- puppet/manifests/sw360-single.pp | 25 +++++++- .../sw360/templates/application.yml.erb | 57 +++++++++++++++++++ ...erties.erb => couchdb-test.properties.erb} | 0 .../sw360/templates/sw360.properties.erb | 1 + 4 files changed, 80 insertions(+), 3 deletions(-) create mode 100644 puppet/modules/sw360/templates/application.yml.erb rename puppet/modules/sw360/templates/{couchdb_test.properties.erb => couchdb-test.properties.erb} (100%) diff --git a/puppet/manifests/sw360-single.pp b/puppet/manifests/sw360-single.pp index 035a1c1..c47b7f2 100644 --- a/puppet/manifests/sw360-single.pp +++ b/puppet/manifests/sw360-single.pp @@ -150,14 +150,14 @@ # central couchdb file ... file { 'couchdb_test.properties': - path => "${sw360_settings_path}/couchdb_test.properties", - content => template('sw360/couchdb_test.properties.erb'), + path => "${sw360_settings_path}/couchdb-test.properties", + content => template('sw360/couchdb-test.properties.erb'), owner => 'siemagrant', ensure => present, require => File['sw360-dir'] } - # another central couchdb file ... + # another "central" couchdb file ... file { 'databasetest.properties': path => "${sw360_settings_path}/databasetest.properties", content => template('sw360/databasetest.properties.erb'), @@ -175,6 +175,25 @@ require => File['sw360-dir'] } + # creation of separate settings dir for authorization component + file { 'sw360-authorization-dir': + path => "${sw360_settings_path}/authorization", + owner => 'siemagrant', + group => 'siemagrant', + ensure => 'directory', + } + + # Configuration of the sw360 rest api (spring stuff) + file { 'application-auth.yml': + path => "${sw360_settings_path}/authorization/application.yml", + content => template('sw360/application.yml.erb'), + owner => 'siemagrant', + ensure => present, + require => File['sw360-authorization-dir'] + } + + ## todo setting for resource server for REST (runs with default settings) + ################### ## Apache2 Setup ## ################### diff --git a/puppet/modules/sw360/templates/application.yml.erb b/puppet/modules/sw360/templates/application.yml.erb new file mode 100644 index 0000000..cbdd815 --- /dev/null +++ b/puppet/modules/sw360/templates/application.yml.erb @@ -0,0 +1,57 @@ +# +# Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project. +# +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +# Port to open in standalone mode +server: + port: 8090 + +# Connection to the couch databases. Will be used to store client credentials +couchdb: + url: http://localhost:5984 + database: sw360oauthclients + # if your couchdb does not use authentication, pls just don't use the settings for username and password + username: admin + password: <%= @liferay_admin_password %> + +jwt: + secretkey: sw360SecretKey + +spring: + jackson: + serialization: + indent_output: true + +# Common SW360 properties +sw360: + # The url of the Liferay instance + sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} + # The id of the company in Liferay that sw360 is run for + sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101} + # Allowed origins that should be set in the header + cors: + allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} + +security: + # Configuration for enabling authorization via headers, e.g. when using SSO + # in combination with a reverse proxy server + customheader: + headername: + # You have to enable authorization by headers explicitly here + enabled: false + # Attention: please make sure that the proxy is removing there headers + # if they are coming from anywhere else then the authentication server + intermediateauthstore: custom-header-auth-marker + email: authenticated-email + extid: authenticated-extid + # also available - at least in saml pre auth - are "givenname", "surname" and "department" + + oauth2: + resource: + id: sw360-REST-API diff --git a/puppet/modules/sw360/templates/couchdb_test.properties.erb b/puppet/modules/sw360/templates/couchdb-test.properties.erb similarity index 100% rename from puppet/modules/sw360/templates/couchdb_test.properties.erb rename to puppet/modules/sw360/templates/couchdb-test.properties.erb diff --git a/puppet/modules/sw360/templates/sw360.properties.erb b/puppet/modules/sw360/templates/sw360.properties.erb index 37f03e3..e73f830 100644 --- a/puppet/modules/sw360/templates/sw360.properties.erb +++ b/puppet/modules/sw360/templates/sw360.properties.erb @@ -190,6 +190,7 @@ portlets.activate= \ org.eclipse.sw360.portal.portlets.admin.ScheduleAdminPortlet, \ org.eclipse.sw360.portal.portlets.admin.UserPortlet, \ org.eclipse.sw360.portal.portlets.admin.VendorPortlet, \ + org.eclipse.sw360.portal.portlets.admin.OAuthClientPortlet, \ \ org.eclipse.sw360.portal.portlets.homepage.signup.SignupPortlet, \ org.eclipse.sw360.portal.portlets.homepage.welcome.WelcomePortlet, \ From a6fd720bde7eaba6acfdc9504f77ce31a1058022 Mon Sep 17 00:00:00 2001 From: "Michael C. Jaeger" Date: Sat, 17 Apr 2021 23:07:08 +0200 Subject: [PATCH 3/6] feat(authorization): updating config for access to rest via oauth Signed-off-by: Michael C. Jaeger --- .../sw360/templates/apache2-sw360.conf.erb | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/puppet/modules/sw360/templates/apache2-sw360.conf.erb b/puppet/modules/sw360/templates/apache2-sw360.conf.erb index bf916eb..feb34ee 100644 --- a/puppet/modules/sw360/templates/apache2-sw360.conf.erb +++ b/puppet/modules/sw360/templates/apache2-sw360.conf.erb @@ -58,6 +58,45 @@ ProxyPass ! + + ProxyPass http://127.0.0.1:8080/authorization + ProxyPassReverse http://127.0.0.1:8080/authorization + ProxyErrorOverride off + Order allow,deny + Allow from all + # MellonEnable "off" + + + ProxyPass http://127.0.0.1:8080/authorization/client-management + ProxyPassReverse http://127.0.0.1:8080/authorization/client-management + ProxyErrorOverride off + Order allow,deny + Allow from all + # MellonEnable "auth" + + + ProxyPass http://127.0.0.1:8080/authorization/oauth/token + ProxyPassReverse http://127.0.0.1:8080/authorization/oauth/token + ProxyErrorOverride off + Order allow,deny + Allow from all + + # MellonEnable "off" + + + # MellonEnable "auth" + + + + + ProxyPass http://127.0.0.1:8080/resource + ProxyPassReverse http://127.0.0.1:8080/resource + ProxyErrorOverride off + Order allow,deny + Allow from all + # MellonEnable "off" + + Order allow,deny Deny from all; From 9d11997119228ed2f42b3d4d9981ea07d82b0807 Mon Sep 17 00:00:00 2001 From: "Michael C. Jaeger" Date: Tue, 20 Apr 2021 00:21:10 +0200 Subject: [PATCH 4/6] feat(couchdb): make couchdb admin password configurable Signed-off-by: Michael C. Jaeger --- generate-box/Vagrantfile | 1 + puppet/manifests/sw360-base.pp | 20 +++++++++++++++++++ puppet/manifests/sw360-single.pp | 20 ------------------- .../sw360/templates/couchdb_local.ini.erb | 2 +- 4 files changed, 22 insertions(+), 21 deletions(-) diff --git a/generate-box/Vagrantfile b/generate-box/Vagrantfile index 231d3a2..dc67dd3 100644 --- a/generate-box/Vagrantfile +++ b/generate-box/Vagrantfile @@ -91,6 +91,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| facts = { "tomcat_admin_password" => SW360_default_password, + "couchdb_admin_password" => SW360_default_password, "proxy_yes" => SW360_proxy, "enable_mellon" => SW360_enable_mellon } diff --git a/puppet/manifests/sw360-base.pp b/puppet/manifests/sw360-base.pp index 38a6794..c09c676 100644 --- a/puppet/manifests/sw360-base.pp +++ b/puppet/manifests/sw360-base.pp @@ -45,6 +45,26 @@ require => Exec['install-couchdb-update-apt'], } + ################### + ## CouchDB Setup ## + ################### + + # local.ini: Setup of CouchDB bind port and bind adress + file { 'couchdb_local.ini': + path => '/opt/couchdb/etc/local.ini', + ensure => 'present', + owner => couchdb, + content => template('sw360/couchdb_local.ini.erb'), + notify => Service["couchdb"], # Will cause the service to restart + } + + # Restart CouchDB + service { 'couchdb': + ensure => "running", + enable => "true", + require => File['couchdb_local.ini'], + } + ############################################################################## # User configuration, to create the siemagrant user when starting from a # # standard box. # diff --git a/puppet/manifests/sw360-single.pp b/puppet/manifests/sw360-single.pp index c47b7f2..f2b723d 100644 --- a/puppet/manifests/sw360-single.pp +++ b/puppet/manifests/sw360-single.pp @@ -52,26 +52,6 @@ path => "/etc/environment", } - ################### - ## CouchDB Setup ## - ################### - - # local.ini: Setup of CouchDB bind port and bind adress - file { 'couchdb_local.ini': - path => '/opt/couchdb/etc/local.ini', - ensure => 'present', - owner => couchdb, - content => template('sw360/couchdb_local.ini.erb'), - notify => Service["couchdb"], # Will cause the service to restart - } - - # Restart CouchDB - service { 'couchdb': - ensure => "running", - enable => "true", - require => File['couchdb_local.ini'], - } - #################### ## Postgres Setup ## #################### diff --git a/puppet/modules/sw360/templates/couchdb_local.ini.erb b/puppet/modules/sw360/templates/couchdb_local.ini.erb index 68c943e..80ce77d 100644 --- a/puppet/modules/sw360/templates/couchdb_local.ini.erb +++ b/puppet/modules/sw360/templates/couchdb_local.ini.erb @@ -92,4 +92,4 @@ bind_address = <%= @couchdb_bind_address %> ; 'username = password' lines. Don't forget to restart CouchDB after ; changing this. [admins] -admin = <%= @liferay_admin_password %> +admin = <%= @couchdb_admin_password %> From 90f3842e688a0e7eba489f1572cccdb5f16b473a Mon Sep 17 00:00:00 2001 From: "Michael C. Jaeger" Date: Tue, 20 Apr 2021 11:48:12 +0200 Subject: [PATCH 5/6] fix(maven): increasing max mem by 50% for compatibility wiith fast machines Signed-off-by: Michael C. Jaeger --- sw360-single/sw360-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sw360-single/sw360-install.sh b/sw360-single/sw360-install.sh index 2ca59c0..b4251c0 100755 --- a/sw360-single/sw360-install.sh +++ b/sw360-single/sw360-install.sh @@ -27,7 +27,7 @@ source $configurationFile wd=/sw360portal mavenParameters="" -mavenMemory="-Xmx1024m -XX:MaxPermSize=1024m" +mavenMemory="-Xmx1536m -XX:MaxPermSize=1024m" doFrontend=false doPortlets=false From 3bc63d3c41d4804ac6ac147465b5148435f5ad97 Mon Sep 17 00:00:00 2001 From: "Michael C. Jaeger" Date: Tue, 20 Apr 2021 22:20:10 +0200 Subject: [PATCH 6/6] fix(config): adding 1GB more RAM to improve reliability Signed-off-by: Michael C. Jaeger --- shared/configuration.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/configuration.rb b/shared/configuration.rb index 3016f35..a0d63f6 100755 --- a/shared/configuration.rb +++ b/shared/configuration.rb @@ -51,7 +51,7 @@ # Virtualbox section # Please refer to SW360_provider and set the value to virtualbox SW360_VB_CPUs=4 # well, how many logical cores ... -SW360_VB_RAM=10000 # RAM in MB, should be at least 5GB +SW360_VB_RAM=11000 # RAM in MB, should be at least 5GB SW360_VB_DISK="20GB" # disk space in GB, should be at least 12GB # AWS section