diff --git a/manifests/instance.pp b/manifests/instance.pp index 2dbb9c9..aa3776f 100644 --- a/manifests/instance.pp +++ b/manifests/instance.pp @@ -57,46 +57,45 @@ # @example # include pgprobackup::instance class pgprobackup::instance( - String $id = $::hostname, - String $server_address = $::fqdn, - String $cluster = 'main', - Integer $server_port = 5432, - Boolean $manage_dbuser = true, - String $db_dir = '/var/lib/postgresql', - String $db_name = $pgprobackup::db_name, - String $db_user = $pgprobackup::db_user, - String $db_password = '', - Optional[String] $seed = undef, - String $remote_user = 'postgres', - Integer $remote_port = 22, - Boolean $manage_ssh_keys = $pgprobackup::manage_ssh_keys, - Boolean $manage_host_keys = $pgprobackup::manage_host_keys, - Boolean $manage_pgpass = $pgprobackup::manage_pgpass, - Boolean $manage_hba = $pgprobackup::manage_hba, - Boolean $manage_cron = $pgprobackup::manage_cron, - Boolean $archive_wal = false, - Stdlib::AbsolutePath $backup_dir = $pgprobackup::backup_dir, - String $backup_user = $pgprobackup::backup_user, - String $ssh_key_fact = $::pgprobackup_instance_key, - Stdlib::AbsolutePath $log_dir = $pgprobackup::log_dir, - Optional[String] $log_file = undef, - String $log_level = $pgprobackup::log_level, - #Hash $backups = {}, - Optional[Pgprobackup::Config] $backups = undef, - String $version = lookup('postgresql::globals::version'), - String $package_name = $pgprobackup::package_name, - String $package_ensure = $pgprobackup::package_ensure, - Optional[Integer] $retention_redundancy = undef, - Optional[Integer] $retention_window = undef, - Boolean $delete_expired = true, - Boolean $merge_expired = false, - Optional[Integer] $threads = undef, - Boolean $temp_slot = false, - Optional[String] $slot = undef, - Boolean $validate = true, - Optional[String] $compress_algorithm = undef, - Integer $compress_level = 1, - Optional[Integer] $archive_timeout = undef, + String $id = $::hostname, + String $server_address = $::fqdn, + String $cluster = 'main', + Integer $server_port = 5432, + Boolean $manage_dbuser = true, + String $db_dir = '/var/lib/postgresql', + String $db_name = $pgprobackup::db_name, + String $db_user = $pgprobackup::db_user, + Variant[String,Sensitive[String]] $db_password = '', + Optional[String] $seed = undef, + String $remote_user = 'postgres', + Integer $remote_port = 22, + Boolean $manage_ssh_keys = $pgprobackup::manage_ssh_keys, + Boolean $manage_host_keys = $pgprobackup::manage_host_keys, + Boolean $manage_pgpass = $pgprobackup::manage_pgpass, + Boolean $manage_hba = $pgprobackup::manage_hba, + Boolean $manage_cron = $pgprobackup::manage_cron, + Boolean $archive_wal = false, + Stdlib::AbsolutePath $backup_dir = $pgprobackup::backup_dir, + String $backup_user = $pgprobackup::backup_user, + String $ssh_key_fact = $::pgprobackup_instance_key, + Stdlib::AbsolutePath $log_dir = $pgprobackup::log_dir, + Optional[String] $log_file = undef, + String $log_level = $pgprobackup::log_level, + Optional[Pgprobackup::Config] $backups = undef, + String $version = lookup('postgresql::globals::version'), + String $package_name = $pgprobackup::package_name, + String $package_ensure = $pgprobackup::package_ensure, + Optional[Integer] $retention_redundancy = undef, + Optional[Integer] $retention_window = undef, + Boolean $delete_expired = true, + Boolean $merge_expired = false, + Optional[Integer] $threads = undef, + Boolean $temp_slot = false, + Optional[String] $slot = undef, + Boolean $validate = true, + Optional[String] $compress_algorithm = undef, + Integer $compress_level = 1, + Optional[Integer] $archive_timeout = undef, ) inherits pgprobackup { class {'pgprobackup::install': @@ -113,7 +112,10 @@ # Generate password if not defined $real_password = $db_password ? { '' => fqdn_rand_string('64','',$_seed), - default => $db_password, + default => $db_password =~ Sensitive ? { + true => $db_password.unwrap, + false => $db_password + }, } if $manage_dbuser { diff --git a/spec/classes/instance_spec.rb b/spec/classes/instance_spec.rb index 6520724..06b0634 100644 --- a/spec/classes/instance_spec.rb +++ b/spec/classes/instance_spec.rb @@ -77,6 +77,54 @@ } end + context 'with plain text password' do + let(:params) do + { + backups: { + common: { + FULL: {}, + }, + }, + version: '13', + id: 'psql', + server_port: 5433, + db_name: 'pg_backup', + db_user: 'pg_probackup', + db_password: 'TopSecret!', + } + end + + it { + expect(exported_resources).to contain_file_line('pgprobackup_pgpass_content-psql').with( + line: 'psql.localhost:5433:pg_backup:pg_probackup:TopSecret!', + ) + } + end + + context 'with encrypted password' do + let(:params) do + { + backups: { + common: { + FULL: {}, + }, + }, + version: '13', + id: 'psql', + server_port: 5433, + db_name: 'pg_backup', + db_user: 'pg_probackup', + db_password: sensitive('TopSecret!'), + } + end + + it { + expect(exported_resources).to contain_file_line('pgprobackup_pgpass_content-psql').with( + line: 'psql.localhost:5433:pg_backup:pg_probackup:TopSecret!', + ) + } + end + context 'with customized CRON schedule' do let(:params) do {