From dc954f622c04e9a604b0d300bb69f586fbc3fd80 Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@mageia.org>
Date: Fri, 17 Dec 2010 01:45:21 +0000
Subject: - do not include password on command line, but use a environnement  
 variable, so we avoid password leak on the mailling list

---
 modules/postgresql/manifests/init.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'modules/postgresql/manifests/init.pp')

diff --git a/modules/postgresql/manifests/init.pp b/modules/postgresql/manifests/init.pp
index 9a1e9172..50aa8fde 100644
--- a/modules/postgresql/manifests/init.pp
+++ b/modules/postgresql/manifests/init.pp
@@ -91,10 +91,11 @@ class postgresql {
     }
 
     define user($password) {
-        $sql = "CREATE ROLE $name ENCRYPTED PASSWORD '$password' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"
+        $sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"
 
         exec { "psql -U postgres -c \"$sql\" ":
             user => root,
+            environment => "pass=$password", 
             unless => "psql -A -t -U postgres -c '\du $name' | grep '$name'",
         }
     }
-- 
cgit v1.2.1