From 62930bdcd10ce187189e9fcc84fd9ceef466a3f6 Mon Sep 17 00:00:00 2001
From: Ramesh Sencha <ramesh.sencha@perforce.com>
Date: Fri, 19 May 2023 17:28:41 +0530
Subject: [PATCH] (CONT-576) allow deferred function for token & secrets

---
 {templates => files}/meb.cnf.erb               |  0
 manifests/backup/mysqlbackup.pp                |  6 +++---
 manifests/backup/mysqldump.pp                  |  2 +-
 manifests/backup/xtrabackup.pp                 |  2 +-
 manifests/db.pp                                |  2 +-
 manifests/server/root_password.pp              |  2 +-
 metadata.json                                  |  2 +-
 .../mysql_login_path/mysql_login_path_spec.rb  |  1 +
 templates/meb.cnf.epp                          | 18 ++++++++++++++++++
 9 files changed, 27 insertions(+), 8 deletions(-)
 rename {templates => files}/meb.cnf.erb (100%)
 create mode 100644 templates/meb.cnf.epp

diff --git a/templates/meb.cnf.erb b/files/meb.cnf.erb
similarity index 100%
rename from templates/meb.cnf.erb
rename to files/meb.cnf.erb
diff --git a/manifests/backup/mysqlbackup.pp b/manifests/backup/mysqlbackup.pp
index c5aa53f77..9bf5366cf 100644
--- a/manifests/backup/mysqlbackup.pp
+++ b/manifests/backup/mysqlbackup.pp
@@ -40,7 +40,7 @@
   }
   mysql_user { "${backupuser}@localhost":
     ensure        => $ensure,
-    password_hash => mysql::password($backuppassword),
+    password_hash => Deferred('mysql::password', [$backuppassword]),
     require       => Class['mysql::server::root_password'],
   }
 
@@ -108,14 +108,14 @@
       'incremental_base'       => 'history:last_backup',
       'incremental_backup_dir' => $backupdir,
       'user'                   => $backupuser,
-      'password'               => $backuppassword_unsensitive,
+      'password'               => Deferred('mysql::password', [$backuppassword_unsensitive]),
     },
   }
   $options = mysql::normalise_and_deepmerge($default_options, $mysql::server::override_options)
 
   file { 'mysqlbackup-config-file':
     path    => '/etc/mysql/conf.d/meb.cnf',
-    content => template('mysql/meb.cnf.erb'),
+    content => stdlib::deferrable_epp('mysql/meb.cnf.epp', { 'options' => $options }),
     mode    => '0600',
   }
 
diff --git a/manifests/backup/mysqldump.pp b/manifests/backup/mysqldump.pp
index ee4e46d05..ab9236564 100644
--- a/manifests/backup/mysqldump.pp
+++ b/manifests/backup/mysqldump.pp
@@ -50,7 +50,7 @@
 
   mysql_user { "${backupuser}@localhost":
     ensure        => $ensure,
-    password_hash => mysql::password($backuppassword),
+    password_hash => Deferred('mysql::password', [$backuppassword]),
     require       => Class['mysql::server::root_password'],
   }
 
diff --git a/manifests/backup/xtrabackup.pp b/manifests/backup/xtrabackup.pp
index 9bd6a7fa1..73df05af8 100644
--- a/manifests/backup/xtrabackup.pp
+++ b/manifests/backup/xtrabackup.pp
@@ -46,7 +46,7 @@
   if $backupuser and $backuppassword {
     mysql_user { "${backupuser}@localhost":
       ensure        => $ensure,
-      password_hash => mysql::password($backuppassword),
+      password_hash => Deferred('mysql::password', [$backuppassword]),
       require       => Class['mysql::server::root_password'],
     }
     # Percona XtraBackup needs additional grants/privileges to work with MySQL 8
diff --git a/manifests/db.pp b/manifests/db.pp
index 034f3247b..36a298459 100644
--- a/manifests/db.pp
+++ b/manifests/db.pp
@@ -102,7 +102,7 @@
 
   $user_resource = {
     ensure        => $ensure,
-    password_hash => mysql::password($password),
+    password_hash => Deferred('mysql::password', [$password]),
     tls_options   => $tls_options,
   }
   ensure_resource('mysql_user', "${user}@${host}", $user_resource)
diff --git a/manifests/server/root_password.pp b/manifests/server/root_password.pp
index 02f5ef2af..a182f6787 100644
--- a/manifests/server/root_password.pp
+++ b/manifests/server/root_password.pp
@@ -32,7 +32,7 @@
   if $mysql::server::create_root_user and $root_password_set {
     mysql_user { 'root@localhost':
       ensure        => present,
-      password_hash => mysql::password($mysql::server::root_password),
+      password_hash => Deferred('mysql::password', [$mysql::server::root_password]),
       require       => Exec['remove install pass'],
     }
   }
diff --git a/metadata.json b/metadata.json
index a240da962..d28272250 100644
--- a/metadata.json
+++ b/metadata.json
@@ -10,7 +10,7 @@
   "dependencies": [
     {
       "name": "puppetlabs/stdlib",
-      "version_requirement": ">= 3.2.0 < 9.0.0"
+      "version_requirement": ">= 8.4.0 < 9.0.0"
     }
   ],
   "operatingsystem_support": [
diff --git a/spec/unit/puppet/provider/mysql_login_path/mysql_login_path_spec.rb b/spec/unit/puppet/provider/mysql_login_path/mysql_login_path_spec.rb
index 48f0a6afe..43b8fcbf9 100644
--- a/spec/unit/puppet/provider/mysql_login_path/mysql_login_path_spec.rb
+++ b/spec/unit/puppet/provider/mysql_login_path/mysql_login_path_spec.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'spec_helper'
+require 'puppet/resource_api/base_context'
 
 ensure_module_defined('Puppet::Provider::MysqlLoginPath')
 require 'puppet/provider/mysql_login_path/mysql_login_path'
diff --git a/templates/meb.cnf.epp b/templates/meb.cnf.epp
new file mode 100644
index 000000000..80d7d868e
--- /dev/null
+++ b/templates/meb.cnf.epp
@@ -0,0 +1,18 @@
+### MANAGED BY PUPPET ###
+
+<% $options.map |Any $k, Any $v| { -%>
+<%   if $v.is_a(Hash) { -%>
+[<%=   $k %>]
+<%     $v.map |Any $ki, Any $vi| { -%>
+<%       if $vi == true or $v == '' {-%>
+<%=        $ki %>
+<%      } elsif $vi.is_a(Hash) { -%>
+<%         $vi.each |$vii| { -%>
+<%=          $ki %> = <%= $vii %>
+<%         } -%>
+<%       } elsif !($vi == '' or $vi == undef ) { -%>
+<%=        $ki %> = <%= $vi %>
+<%       } -%>
+<%     } -%>
+<%   } %>
+<% } -%>