diff options
-rw-r--r-- | modules/postgresql/manifests/init.pp | 12 | ||||
-rw-r--r-- | modules/postgresql/manifests/user.pp | 13 |
2 files changed, 13 insertions, 12 deletions
diff --git a/modules/postgresql/manifests/init.pp b/modules/postgresql/manifests/init.pp index 394037cd..e943052d 100644 --- a/modules/postgresql/manifests/init.pp +++ b/modules/postgresql/manifests/init.pp @@ -157,16 +157,4 @@ class postgresql { } } - # TODO convert to a regular type, so we can later change password without erasing the - # current user - define user($password) { - $sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" - - exec { "psql -U postgres -c \"$sql\" ": - user => root, - environment => "pass=$password", - unless => "psql -A -t -U postgres -c '\\du $name' | grep '$name'", - require => Service['postgresql'], - } - } } diff --git a/modules/postgresql/manifests/user.pp b/modules/postgresql/manifests/user.pp new file mode 100644 index 00000000..b70dd122 --- /dev/null +++ b/modules/postgresql/manifests/user.pp @@ -0,0 +1,13 @@ +# TODO convert to a regular type, so we can later change password +# without erasing the current user +define postgresql::user($password) { + $sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" + + exec { "psql -U postgres -c \"$sql\" ": + user => 'root', + # do not leak the password on commandline + environment => "pass=$password", + unless => "psql -A -t -U postgres -c '\\du $name' | grep '$name'", + require => Service['postgresql'], + } +} |