# TODO convert to a regular type, so we can later change password
# without erasing the current user
define postgresql::user($password) {
    $sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"

    exec { "psql -U postgres -c \"$sql\" ":
        user        => 'root',
        # do not leak the password on commandline
        environment => "pass=$password",
        unless      => "psql -A -t -U postgres -c '\\du $name' | grep '$name'",
        require     => Service['postgresql'],
    }
}