Skip to content

Commit d5911ec

Browse files
smortexsmortex
authored
Merge pull request #1624 from mooreandrew/feature/support-role-valid-until
2 parents 3ea94c5 + c16d850 commit d5911ec

File tree

2 files changed

+20
-1
lines changed

2 files changed

+20
-1
lines changed

manifests/server/role.pp

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
# @param inherit Specifies whether to grant inherit capability for the new role.
1212
# @param superuser Specifies whether to grant super user capability for the new role.
1313
# @param replication Provides provides replication capabilities for this role if set to true.
14+
# @param valid_until Specifies whether to set a valid until date for the role.
1415
# @param connection_limit Specifies how many concurrent connections the role can make. Default value: '-1', meaning no limit.
1516
# @param username Defines the username of the role to create.
1617
# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server.
@@ -35,6 +36,7 @@
3536
Boolean $inherit = true,
3637
Boolean $superuser = false,
3738
Boolean $replication = false,
39+
Optional[String[1]] $valid_until = undef,
3840
String[1] $connection_limit = '-1',
3941
String[1] $username = $title,
4042
Hash $connect_settings = $postgresql::server::default_connect_settings,
@@ -126,6 +128,12 @@
126128
unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolinherit = ${inherit}",
127129
}
128130

131+
if $valid_until {
132+
postgresql_psql { "ALTER ROLE \"${username}\" VALID UNTIL '${valid_until}'":
133+
unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolvaliduntil = '${valid_until}'",
134+
}
135+
}
136+
129137
if(versioncmp($version, '9.1') >= 0) {
130138
if $replication_sql == '' {
131139
postgresql_psql { "ALTER ROLE \"${username}\" NOREPLICATION":

spec/defines/server_instance_spec.rb

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,9 @@ class { 'postgresql::server':
7373
'app_test1': { 'login' => true },
7474
'rep_test1': { 'replication' => true,
7575
'login' => true },
76-
'rou_test1': { 'login' => true }, },
76+
'rou_test1': { 'login' => true },
77+
'val_test1': { 'login' => true,
78+
'valid_until' => '2030-01-01 00:00:00+00' }, },
7779
'pg_hba_rules': { 'local all INSTANCE user': { 'type' => 'local',
7880
'database' => 'all',
7981
'user' => 'ins_test1',
@@ -214,10 +216,19 @@ class { 'postgresql::server':
214216
it { is_expected.to contain_postgresql_psql('ALTER ROLE "rou_test1" NOCREATEROLE') }
215217
it { is_expected.to contain_postgresql_psql('ALTER ROLE "rou_test1" NOREPLICATION') }
216218
it { is_expected.to contain_postgresql_psql('ALTER ROLE "rou_test1" NOSUPERUSER') }
219+
it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" CONNECTION LIMIT -1') }
220+
it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" INHERIT') }
221+
it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" LOGIN') }
222+
it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" NOCREATEDB') }
223+
it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" NOCREATEROLE') }
224+
it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" NOREPLICATION') }
225+
it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" NOSUPERUSER') }
226+
it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" VALID UNTIL \'2030-01-01 00:00:00+00\'') }
217227
it { is_expected.to contain_postgresql_psql('CREATE ROLE app_test1 ENCRYPTED PASSWORD ****') }
218228
it { is_expected.to contain_postgresql_psql('CREATE ROLE dba_test1 ENCRYPTED PASSWORD ****') }
219229
it { is_expected.to contain_postgresql_psql('CREATE ROLE ins_test1 ENCRYPTED PASSWORD ****') }
220230
it { is_expected.to contain_postgresql_psql('CREATE ROLE rep_test1 ENCRYPTED PASSWORD ****') }
221231
it { is_expected.to contain_postgresql_psql('CREATE ROLE rou_test1 ENCRYPTED PASSWORD ****') }
232+
it { is_expected.to contain_postgresql_psql('CREATE ROLE val_test1 ENCRYPTED PASSWORD ****') }
222233
end
223234
end

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy