(CONT-576) allow deferred function for token & secrets

manifests/backup/mysqlbackup.pp

@@ -40,7 +40,7 @@
   }
   mysql_user { "${backupuser}@localhost":
     ensure        => $ensure,
-    password_hash => mysql::password($backuppassword),
+    password_hash => Deferred('mysql::password', [$backuppassword]),
     require       => Class['mysql::server::root_password'],
   }
 
@@ -108,14 +108,14 @@
       'incremental_base'       => 'history:last_backup',
       'incremental_backup_dir' => $backupdir,
       'user'                   => $backupuser,
-      'password'               => $backuppassword_unsensitive,
+      'password'               => Deferred('mysql::password', [$backuppassword_unsensitive]),
     },
   }
   $options = mysql::normalise_and_deepmerge($default_options, $mysql::server::override_options)
 
   file { 'mysqlbackup-config-file':
     path    => '/etc/mysql/conf.d/meb.cnf',
-    content => template('mysql/meb.cnf.erb'),
+    content => stdlib::deferrable_epp('mysql/meb.cnf.epp', { 'options' => $options }),
     mode    => '0600',
   }
 

manifests/backup/mysqldump.pp

@@ -50,7 +50,7 @@
 
   mysql_user { "${backupuser}@localhost":
     ensure        => $ensure,
-    password_hash => mysql::password($backuppassword),
+    password_hash => Deferred('mysql::password', [$backuppassword]),
     require       => Class['mysql::server::root_password'],
   }
 

manifests/backup/xtrabackup.pp

@@ -46,7 +46,7 @@
   if $backupuser and $backuppassword {
     mysql_user { "${backupuser}@localhost":
       ensure        => $ensure,
-      password_hash => mysql::password($backuppassword),
+      password_hash => Deferred('mysql::password', [$backuppassword]),
       require       => Class['mysql::server::root_password'],
     }
     # Percona XtraBackup needs additional grants/privileges to work with MySQL 8

manifests/db.pp

@@ -102,7 +102,7 @@
 
   $user_resource = {
     ensure        => $ensure,
-    password_hash => mysql::password($password),
+    password_hash => Deferred('mysql::password', [$password]),
     tls_options   => $tls_options,
   }
   ensure_resource('mysql_user', "${user}@${host}", $user_resource)

manifests/server/root_password.pp

@@ -32,7 +32,7 @@
   if $mysql::server::create_root_user and $root_password_set {
     mysql_user { 'root@localhost':
       ensure        => present,
-      password_hash => mysql::password($mysql::server::root_password),
+      password_hash => Deferred('mysql::password', [$mysql::server::root_password]),
       require       => Exec['remove install pass'],
     }
   }

metadata.json

@@ -10,7 +10,7 @@
   "dependencies": [
     {
       "name": "puppetlabs/stdlib",
-      "version_requirement": ">= 3.2.0 < 9.0.0"
+      "version_requirement": ">= 8.4.0 < 9.0.0"
     }
   ],
   "operatingsystem_support": [

spec/unit/puppet/provider/mysql_login_path/mysql_login_path_spec.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'spec_helper'
+require 'puppet/resource_api/base_context'
 
 ensure_module_defined('Puppet::Provider::MysqlLoginPath')
 require 'puppet/provider/mysql_login_path/mysql_login_path'

templates/meb.cnf.epp

@@ -0,0 +1,18 @@
+### MANAGED BY PUPPET ###
+
+<% $options.map |Any $k, Any $v| { -%>
+<%   if $v.is_a(Hash) { -%>
+[<%=   $k %>]
+<%     $v.map |Any $ki, Any $vi| { -%>
+<%       if $vi == true or $v == '' {-%>
+<%=        $ki %>
+<%      } elsif $vi.is_a(Hash) { -%>
+<%         $vi.each |$vii| { -%>
+<%=          $ki %> = <%= $vii %>
+<%         } -%>
+<%       } elsif !($vi == '' or $vi == undef ) { -%>
+<%=        $ki %> = <%= $vi %>
+<%       } -%>
+<%     } -%>
+<%   } %>
+<% } -%>