.*))?\s*$}
new_line = line(key: resource[:key], value: resource[:value], comment: resource[:comment])
@@ -140,7 +131,7 @@ def comment=(_comment)
matches = line.to_s.match(active_values_regex)
lines[index] = new_line if matches && (matches[:key] == resource[:key] && matches[:comment] != resource[:comment])
end
- write_config(file, lines)
+ write_config(lines)
end
private
diff --git a/lib/puppet/type/postgresql_conf.rb b/lib/puppet/type/postgresql_conf.rb
index 432f5aa877..5cd753e20f 100644
--- a/lib/puppet/type/postgresql_conf.rb
+++ b/lib/puppet/type/postgresql_conf.rb
@@ -16,7 +16,7 @@
newproperty(:value) do
desc 'The value to set for this parameter.'
- newvalues(%r{^\S(.*\S)?$})
+ newvalues(%r{^(\S.*)?$})
munge do |value|
if value.to_i.to_s == value
diff --git a/lib/puppet/type/postgresql_psql.rb b/lib/puppet/type/postgresql_psql.rb
index 021753e7ab..d0101857c0 100644
--- a/lib/puppet/type/postgresql_psql.rb
+++ b/lib/puppet/type/postgresql_psql.rb
@@ -135,11 +135,7 @@ def matches(value)
end
autorequire(:anchor) do
- ["postgresql::server::service::begin::#{self[:instance]}"]
- end
-
- autorequire(:service) do
- ["postgresqld_instance_#{self[:instance]}"]
+ ["postgresql::server::service::end::#{self[:instance]}"]
end
def should_run_sql(refreshing = false)
diff --git a/manifests/client.pp b/manifests/client.pp
index 0b15f91fb5..7aa952fddf 100644
--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -1,5 +1,5 @@
# @summary Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install.
-#
+#
# @note
# Make sure to add any necessary yum or apt repositories if specifying a custom version.
#
@@ -9,7 +9,7 @@
# Optional. Absolute path for the postgresql connection validation script.
# @param package_name
# Sets the name of the PostgreSQL client package.
-# @param package_ensure
+# @param package_ensure
# Ensure the client package is installed
class postgresql::client (
Enum['file', 'absent'] $file_ensure = 'file',
diff --git a/manifests/dnfmodule.pp b/manifests/dnfmodule.pp
index a320ba0d42..ef9316c4d5 100644
--- a/manifests/dnfmodule.pp
+++ b/manifests/dnfmodule.pp
@@ -1,6 +1,6 @@
# @summary Manage the DNF module
#
-# On EL8 and Fedora DNF can manage modules. This is a method of providing
+# On EL8 and newer and Fedora DNF can manage modules. This is a method of providing
# multiple versions on the same OS. Only one DNF module can be active at the
# same time.
#
diff --git a/manifests/globals.pp b/manifests/globals.pp
index ddd9353a73..64a4815fcc 100644
--- a/manifests/globals.pp
+++ b/manifests/globals.pp
@@ -60,6 +60,7 @@
#
# @param repo_baseurl Sets the baseurl for the PostgreSQL repository. Useful if you host your own mirror of the repository.
# @param yum_repo_commonurl Sets the url for the PostgreSQL common Yum repository. Useful if you host your own mirror of the YUM repository.
+# @param apt_source_release Overrides the default release for the apt source.
#
# @param needs_initdb
# Explicitly calls the initdb operation after the server package is installed and before the PostgreSQL service is started.
@@ -80,6 +81,10 @@
# @param timezone
# Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information.
#
+# @param password_encryption
+# Specify the type of encryption set for the password.
+# Defaults to scram-sha-256 for PostgreSQL >= 14, otherwise md5.
+#
# @param manage_pg_hba_conf Allow Puppet to manage the pg_hba.conf file.
# @param manage_pg_ident_conf Allow Puppet to manage the pg_ident.conf file.
# @param manage_recovery_conf Allow Puppet to manage the recovery.conf file.
@@ -96,8 +101,7 @@
# @param manage_package_repo Sets up official PostgreSQL repositories on your host if set to true.
# @param manage_dnf_module
# Manage the DNF module. This only makes sense on distributions that use DNF
-# package manager, such as EL8 or Fedora. It also requires Puppet 5.5.20+ or
-# Puppet 6.15.0+ since they ship the dnfmodule provider.
+# package manager, such as EL8, EL9 or Fedora.
# @param module_workdir
# Specifies working directory under which the psql command should be executed.
# May need to specify if '/tmp' is on volume mounted with noexec option.
@@ -151,6 +155,7 @@
Optional[String[1]] $repo_proxy = undef,
Optional[String[1]] $repo_baseurl = undef,
Optional[String[1]] $yum_repo_commonurl = undef,
+ Optional[String[1]] $apt_source_release = undef,
Optional[Boolean] $needs_initdb = undef,
@@ -158,6 +163,7 @@
Optional[String[1]] $locale = undef,
Optional[Boolean] $data_checksums = undef,
Optional[String[1]] $timezone = undef,
+ Optional[Postgresql::Pg_password_encryption] $password_encryption = undef,
Optional[Boolean] $manage_pg_hba_conf = undef,
Optional[Boolean] $manage_pg_ident_conf = undef,
@@ -174,7 +180,8 @@
$default_version = $facts['os']['family'] ? {
/^(RedHat|Linux)/ => $facts['os']['name'] ? {
'Fedora' => $facts['os']['release']['major'] ? {
- /^(38)$/ => '15',
+ /^(40|41)$/ => '16',
+ /^(38|39)$/ => '15',
/^(36|37)$/ => '14',
/^(34|35)$/ => '13',
/^(32|33)$/ => '12',
@@ -210,6 +217,7 @@
/^(20.04)$/ => '12',
/^(21.04|21.10)$/ => '13',
/^(22.04)$/ => '14',
+ /^(24.04)$/ => '16',
default => undef,
},
default => undef,
@@ -229,7 +237,7 @@
/12\.0/ => '93',
/12\.[1-3]/ => '94',
/12\.[4-5]/ => '12',
- /15\.[0-9]/ => '14',
+ /15\.[0-9]/ => '16',
default => '96',
},
'OpenSuSE' => $facts['os']['release']['full'] ? {
@@ -258,6 +266,7 @@
'10' => '2.4',
'11' => '3.0',
'12' => '3.0',
+ '16' => '3.4',
default => undef,
}
$globals_postgis_version = $postgis_version ? {
@@ -272,6 +281,7 @@
proxy => $repo_proxy,
baseurl => $repo_baseurl,
commonurl => $yum_repo_commonurl,
+ release => $apt_source_release,
}
}
diff --git a/manifests/params.pp b/manifests/params.pp
index 50f916a7b4..8441aa829c 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -25,7 +25,7 @@
$manage_selinux = pick($manage_selinux, false)
$package_ensure = 'present'
$module_workdir = pick($module_workdir,'/tmp')
- $password_encryption = versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' }
+ $password_encryption = pick($password_encryption, versioncmp($version, '14') ? { -1 => 'md5', default => 'scram-sha-256' })
$extra_systemd_config = undef
$manage_datadir = true
$manage_logdir = true
@@ -159,7 +159,15 @@
$perl_package_name = pick($perl_package_name, 'libdbd-pg-perl')
$plperl_package_name = pick($plperl_package_name, "postgresql-plperl-${version}")
$plpython_package_name = pick($plpython_package_name, "postgresql-plpython-${version}")
- $python_package_name = pick($python_package_name, 'python-psycopg2')
+
+ $_ubuntu_2204 = ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['full'], '22.04') >= 0)
+ $_debian_12 = ($facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['full'], '12') >= 0)
+
+ if $_ubuntu_2204 or $_debian_12 {
+ $python_package_name = pick($python_package_name, 'python3-psycopg2')
+ } else {
+ $python_package_name = pick($python_package_name, 'python-psycopg2')
+ }
$bindir = pick($bindir, "/usr/lib/postgresql/${version}/bin")
$datadir = pick($datadir, "/var/lib/postgresql/${version}/main")
diff --git a/manifests/repo.pp b/manifests/repo.pp
index 88c27b5e6f..b33b699e76 100644
--- a/manifests/repo.pp
+++ b/manifests/repo.pp
@@ -1,6 +1,7 @@
# @api private
class postgresql::repo (
Optional[String[1]] $version = undef,
+ Optional[String[1]] $release = undef,
Optional[String[1]] $proxy = undef,
Optional[String[1]] $baseurl = undef,
Optional[String[1]] $commonurl = undef,
diff --git a/manifests/repo/apt_postgresql_org.pp b/manifests/repo/apt_postgresql_org.pp
index 31b591a0f0..8acd3d3941 100644
--- a/manifests/repo/apt_postgresql_org.pp
+++ b/manifests/repo/apt_postgresql_org.pp
@@ -7,21 +7,24 @@
# http://www.postgresql.org/download/linux/debian/
#
$default_baseurl = 'https://apt.postgresql.org/pub/repos/apt/'
-
$_baseurl = pick($postgresql::repo::baseurl, $default_baseurl)
+ $default_release = "${facts['os']['distro']['codename']}-pgdg"
+ $_release = pick($postgresql::repo::release, $default_release)
+
apt::pin { 'apt_postgresql_org':
originator => 'apt.postgresql.org',
priority => 500,
}
-> apt::source { 'apt.postgresql.org':
location => $_baseurl,
- release => "${facts['os']['distro']['codename']}-pgdg",
+ release => $_release,
repos => 'main',
architecture => $facts['os']['architecture'],
key => {
- id => 'B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8',
- source => 'https://www.postgresql.org/media/keys/ACCC4CF8.asc',
+ name => 'apt.postgresql.org.asc',
+ # https://www.postgresql.org/media/keys/ACCC4CF8.asc
+ content => file("${module_name}/ACCC4CF8.asc"),
},
include => {
src => false,
diff --git a/manifests/repo/yum_postgresql_org.pp b/manifests/repo/yum_postgresql_org.pp
index be7e26820b..faf9c2ace5 100644
--- a/manifests/repo/yum_postgresql_org.pp
+++ b/manifests/repo/yum_postgresql_org.pp
@@ -4,8 +4,13 @@
$package_version = "${version_parts[0]}${version_parts[1]}"
$gpg_key_path = "/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}"
+ $gpg_key_file = $facts['os']['release']['major'] ? {
+ '7' => 'postgresql/RPM-GPG-KEY-PGDG-7',
+ default => 'postgresql/RPM-GPG-KEY-PGDG',
+ }
+
file { $gpg_key_path:
- content => file('postgresql/RPM-GPG-KEY-PGDG'),
+ content => file($gpg_key_file),
owner => 'root',
group => 'root',
mode => '0644',
@@ -30,7 +35,7 @@
baseurl => $_baseurl,
enabled => 1,
gpgcheck => 1,
- gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}",
+ gpgkey => "file://${gpg_key_path}",
proxy => $postgresql::repo::proxy,
}
@@ -39,7 +44,7 @@
baseurl => $_commonurl,
enabled => 1,
gpgcheck => 1,
- gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}",
+ gpgkey => "file://${gpg_key_path}",
proxy => $postgresql::repo::proxy,
}
diff --git a/manifests/server/config_entry.pp b/manifests/server/config_entry.pp
index d17b844a18..e6460659a2 100644
--- a/manifests/server/config_entry.pp
+++ b/manifests/server/config_entry.pp
@@ -5,6 +5,7 @@
# @param value Defines the value for the setting.
# @param path Path for postgresql.conf
# @param comment Defines the comment for the setting. The # is added by default.
+# @param instance_name The name of the instance.
#
define postgresql::server::config_entry (
Enum['present', 'absent'] $ensure = 'present',
@@ -12,6 +13,7 @@
Optional[Variant[String[1], Numeric, Array[String[1]]]] $value = undef,
Stdlib::Absolutepath $path = $postgresql::server::postgresql_conf_path,
Optional[String[1]] $comment = undef,
+ String[1] $instance_name = 'main',
) {
# Those are the variables that are marked as "(change requires restart)"
# on postgresql.conf. Items are ordered as on postgresql.conf.
@@ -72,15 +74,15 @@
versioncmp($postgresql::server::_version, $requires_restart_until[$key]) < 0
)) {
Postgresql_conf {
- notify => Class['postgresql::server::reload'],
+ notify => Postgresql::Server::Instance::Reload[$instance_name],
}
} elsif $postgresql::server::service_restart_on_change {
Postgresql_conf {
- notify => Class['postgresql::server::service'],
+ notify => Postgresql::Server::Instance::Service[$instance_name],
}
} else {
Postgresql_conf {
- before => Class['postgresql::server::service'],
+ before => Postgresql::Server::Instance::Service[$instance_name],
}
}
@@ -90,6 +92,6 @@
key => $key,
value => $value,
comment => $comment,
- require => Class['postgresql::server::initdb'],
+ require => Postgresql::Server::Instance::Initdb[$instance_name],
}
}
diff --git a/manifests/server/database.pp b/manifests/server/database.pp
index 7d95e76056..48cd44103b 100644
--- a/manifests/server/database.pp
+++ b/manifests/server/database.pp
@@ -72,7 +72,7 @@
postgresql_psql { "CREATE DATABASE \"${dbname}\"":
command => "CREATE DATABASE \"${dbname}\" WITH ${template_option} ${encoding_option} ${locale_option} ${tablespace_option}",
unless => "SELECT 1 FROM pg_database WHERE datname = '${dbname}'",
- require => Class['postgresql::server::service'],
+ require => Postgresql::Server::Instance::Service[$instance],
}
# This will prevent users from connecting to the database unless they've been
diff --git a/manifests/server/database_grant.pp b/manifests/server/database_grant.pp
index 3becf35975..c4a7c67ca1 100644
--- a/manifests/server/database_grant.pp
+++ b/manifests/server/database_grant.pp
@@ -9,6 +9,7 @@
# @param psql_group Overrides the default postgres user group to be used for related files in the file system.
# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server.
# @param port Port to use when connecting.
+# @param instance The name of the Postgresql database instance.
define postgresql::server::database_grant (
Enum['ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP', 'all', 'create', 'connect', 'temporary', 'temp'] $privilege,
String[1] $db,
@@ -19,6 +20,7 @@
Hash $connect_settings = $postgresql::server::default_connect_settings,
String[1] $psql_group = $postgresql::server::group,
Stdlib::Port $port = $postgresql::server::port,
+ String[1] $instance = 'main',
) {
postgresql::server::grant { "database:${name}":
ensure => $ensure,
@@ -32,5 +34,6 @@
group => $psql_group,
port => $port,
connect_settings => $connect_settings,
+ instance => $instance,
}
}
diff --git a/manifests/server/db.pp b/manifests/server/db.pp
index 513e548ed7..9542dcc618 100644
--- a/manifests/server/db.pp
+++ b/manifests/server/db.pp
@@ -44,6 +44,7 @@
port => $port,
user => $psql_user,
group => $psql_group,
+ instance => $instance,
}
}
@@ -54,6 +55,7 @@
psql_user => $psql_user,
psql_group => $psql_group,
before => Postgresql::Server::Database[$dbname],
+ instance => $instance,
}
}
@@ -65,6 +67,7 @@
port => $port,
psql_user => $psql_user,
psql_group => $psql_group,
+ instance => $instance,
} -> Postgresql_conn_validator<| db_name == $dbname |>
}
diff --git a/manifests/server/instance/config.pp b/manifests/server/instance/config.pp
index d596d0846b..342d8fdba3 100644
--- a/manifests/server/instance/config.pp
+++ b/manifests/server/instance/config.pp
@@ -88,7 +88,7 @@
group => $group,
mode => '0640',
warn => true,
- notify => Class['postgresql::server::reload'],
+ notify => Postgresql::Server::Instance::Reload[$name],
}
if $pg_hba_conf_defaults {
@@ -249,7 +249,7 @@
group => $group,
mode => '0640',
warn => true,
- notify => Class['postgresql::server::reload'],
+ notify => Postgresql::Server::Instance::Reload[$name],
}
}
diff --git a/manifests/server/instance/reload.pp b/manifests/server/instance/reload.pp
index 53eb5fad99..fd0c750ab2 100644
--- a/manifests/server/instance/reload.pp
+++ b/manifests/server/instance/reload.pp
@@ -11,6 +11,6 @@
command => $service_reload,
onlyif => $service_status,
refreshonly => true,
- require => Class['postgresql::server::service'],
+ require => Postgresql::Server::Instance::Service[$name],
}
}
diff --git a/manifests/server/instance/service.pp b/manifests/server/instance/service.pp
index f778518dc0..47e7ecda25 100644
--- a/manifests/server/instance/service.pp
+++ b/manifests/server/instance/service.pp
@@ -42,6 +42,10 @@
status => $service_status,
}
+ Anchor["postgresql::server::service::begin::${name}"]
+ -> Service["postgresqld_instance_${name}"]
+ -> Anchor["postgresql::server::service::end::${name}"]
+
if $service_ensure in ['running', true] {
# This blocks the class before continuing if chained correctly, making
# sure the service really is 'up' before continuing.
@@ -56,10 +60,13 @@
sleep => 1,
tries => 60,
psql_path => $psql_path,
- require => Service["postgresqld_instance_${name}"],
- before => Anchor["postgresql::server::service::end::${name}"],
}
- Postgresql::Server::Database <| title == $default_database |> -> Postgresql_conn_validator["validate_service_is_running_instance_${name}"]
+
+ Anchor["postgresql::server::service::begin::${name}"]
+ -> Service["postgresqld_instance_${name}"]
+ -> Postgresql::Server::Database <| title == $default_database |>
+ -> Postgresql_conn_validator["validate_service_is_running_instance_${name}"]
+ -> Anchor["postgresql::server::service::end::${name}"]
}
}
diff --git a/manifests/server/instance/systemd.pp b/manifests/server/instance/systemd.pp
index b9a46a2336..9214f2a22a 100644
--- a/manifests/server/instance/systemd.pp
+++ b/manifests/server/instance/systemd.pp
@@ -32,8 +32,8 @@
extra_systemd_config => $extra_systemd_config,
}
),
- notify => Class['postgresql::server::service'],
- before => Class['postgresql::server::reload'],
+ notify => Postgresql::Server::Instance::Service[$name],
+ before => Postgresql::Server::Instance::Reload[$name],
}
}
}
diff --git a/manifests/server/plperl.pp b/manifests/server/plperl.pp
index 1db5d4aa8f..08c5298fc3 100644
--- a/manifests/server/plperl.pp
+++ b/manifests/server/plperl.pp
@@ -16,5 +16,5 @@
-> Class['postgresql::server::install']
-> Package['postgresql-plperl']
-> Class['postgresql::server::service']
- anchor { 'postgresql::server::plperl::end': }
+ -> anchor { 'postgresql::server::plperl::end': }
}
diff --git a/manifests/server/role.pp b/manifests/server/role.pp
index 1b37ce282c..f71ecf599c 100644
--- a/manifests/server/role.pp
+++ b/manifests/server/role.pp
@@ -11,6 +11,7 @@
# @param inherit Specifies whether to grant inherit capability for the new role.
# @param superuser Specifies whether to grant super user capability for the new role.
# @param replication Provides provides replication capabilities for this role if set to true.
+# @param valid_until Specifies whether to set a valid until date for the role.
# @param connection_limit Specifies how many concurrent connections the role can make. Default value: '-1', meaning no limit.
# @param username Defines the username of the role to create.
# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server.
@@ -35,6 +36,7 @@
Boolean $inherit = true,
Boolean $superuser = false,
Boolean $replication = false,
+ Optional[String[1]] $valid_until = undef,
String[1] $connection_limit = '-1',
String[1] $username = $title,
Hash $connect_settings = $postgresql::server::default_connect_settings,
@@ -126,6 +128,12 @@
unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolinherit = ${inherit}",
}
+ if $valid_until {
+ postgresql_psql { "ALTER ROLE \"${username}\" VALID UNTIL '${valid_until}'":
+ unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolvaliduntil = '${valid_until}'",
+ }
+ }
+
if(versioncmp($version, '9.1') >= 0) {
if $replication_sql == '' {
postgresql_psql { "ALTER ROLE \"${username}\" NOREPLICATION":
diff --git a/manifests/server/table_grant.pp b/manifests/server/table_grant.pp
index 9168dd9ce0..719460fd22 100644
--- a/manifests/server/table_grant.pp
+++ b/manifests/server/table_grant.pp
@@ -12,6 +12,7 @@
# @param psql_user Specifies the OS user for running psql.
# @param connect_settings Specifies a hash of environment variables used when connecting to a remote server.
# @param onlyif_exists Create grant only if it doesn't exist.
+# @param instance The name of the Postgresql database instance.
define postgresql::server::table_grant (
Enum['ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER', 'all', 'select', 'insert', 'update', 'delete',
'truncate', 'references', 'trigger'] $privilege,
@@ -24,6 +25,7 @@
Optional[String[1]] $psql_user = undef,
Optional[Hash] $connect_settings = undef,
Boolean $onlyif_exists = false,
+ String[1] $instance = 'main',
) {
postgresql::server::grant { "table:${name}":
ensure => $ensure,
@@ -37,5 +39,6 @@
psql_user => $psql_user,
onlyif_exists => $onlyif_exists,
connect_settings => $connect_settings,
+ instance => $instance,
}
}
diff --git a/manifests/server_instance.pp b/manifests/server_instance.pp
index 49d2bbb8f7..5ef8dec527 100644
--- a/manifests/server_instance.pp
+++ b/manifests/server_instance.pp
@@ -66,6 +66,10 @@
port => $config_settings['port'],
user => $instance_user,
}
+ postgresql::server::instance::reload { $instance_name:
+ service_status => $service_settings['service_status'],
+ service_reload => "systemctl reload ${service_settings['service_name']}.service",
+ }
postgresql::server::instance::passwd { $instance_name:
* => $passwd_settings,
}
@@ -84,11 +88,12 @@
$value = $settings['value']
$comment = $settings['comment']
postgresql::server::config_entry { "${entry}_${$instance_name}":
- ensure => bool2str($value =~ Undef, 'absent', 'present'),
- key => $entry,
- value => $value,
- comment => $comment,
- path => $config_settings['postgresql_conf_path'],
+ ensure => bool2str($value =~ Undef, 'absent', 'present'),
+ key => $entry,
+ value => $value,
+ comment => $comment,
+ path => $config_settings['postgresql_conf_path'],
+ instance_name => $instance_name,
}
}
$pg_hba_rules.each |String[1] $rule_name, Postgresql::Pg_hba_rule $rule| {
@@ -108,10 +113,11 @@
}
$databases.each |$database, $database_details| {
postgresql::server::database { $database:
- * => $database_details,
- user => $instance_user,
- group => $instance_group,
- port => $config_settings['port'],
+ * => $database_details,
+ user => $instance_user,
+ group => $instance_group,
+ port => $config_settings['port'],
+ instance => $instance_name,
}
}
$database_grants.each |$db_grant_title, $dbgrants| {
@@ -120,6 +126,7 @@
psql_user => $instance_user,
psql_group => $instance_group,
port => $config_settings['port'],
+ instance => $instance_name,
}
}
$table_grants.each |$table_grant_title, $tgrants| {
@@ -127,6 +134,7 @@
* => $tgrants,
psql_user => $instance_user,
port => $config_settings['port'],
+ instance => $instance_name,
}
}
}
diff --git a/metadata.json b/metadata.json
index 62ae9b9280..6ad73624ec 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
{
"name": "puppetlabs-postgresql",
- "version": "10.0.1",
+ "version": "10.5.0",
"author": "puppetlabs",
"summary": "Offers support for basic management of PostgreSQL databases.",
"license": "Apache-2.0",
@@ -14,11 +14,11 @@
},
{
"name": "puppetlabs/apt",
- "version_requirement": ">= 2.0.0 < 10.0.0"
+ "version_requirement": ">= 9.2.0 < 11.0.0"
},
{
"name": "puppet/systemd",
- "version_requirement": ">= 4.0.1 < 7.0.0"
+ "version_requirement": ">= 4.0.1 < 9.0.0"
},
{
"name": "puppetlabs/concat",
@@ -38,13 +38,15 @@
"operatingsystem": "CentOS",
"operatingsystemrelease": [
"7",
- "8"
+ "8",
+ "9"
]
},
{
"operatingsystem": "OracleLinux",
"operatingsystemrelease": [
- "7"
+ "7",
+ "9"
]
},
{
@@ -57,7 +59,8 @@
"operatingsystem": "Debian",
"operatingsystemrelease": [
"10",
- "11"
+ "11",
+ "12"
]
},
{
@@ -72,19 +75,22 @@
"operatingsystemrelease": [
"18.04",
"20.04",
- "22.04"
+ "22.04",
+ "24.04"
]
},
{
"operatingsystem": "Rocky",
"operatingsystemrelease": [
- "8"
+ "8",
+ "9"
]
},
{
"operatingsystem": "AlmaLinux",
"operatingsystemrelease": [
- "8"
+ "8",
+ "9"
]
}
],
@@ -94,7 +100,7 @@
"version_requirement": ">= 7.0.0 < 9.0.0"
}
],
- "pdk-version": "3.0.0",
+ "pdk-version": "3.2.0",
"template-url": "https://github.com/puppetlabs/pdk-templates#main",
- "template-ref": "heads/main-0-g017b84e"
+ "template-ref": "tags/3.2.0.4-0-g5d17ec1"
}
diff --git a/spec/acceptance/utf8_encoding_spec.rb b/spec/acceptance/aaa_spec.rb
similarity index 92%
rename from spec/acceptance/utf8_encoding_spec.rb
rename to spec/acceptance/aaa_spec.rb
index b816842138..a7c9b52497 100644
--- a/spec/acceptance/utf8_encoding_spec.rb
+++ b/spec/acceptance/aaa_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper_acceptance'
-describe 'postgresql::server', skip: 'IAC-1286' do
+describe 'postgresql::server' do
let(:pp) do
<<-MANIFEST
class { 'postgresql::globals':
diff --git a/spec/acceptance/server_instance_spec.rb b/spec/acceptance/server_instance_spec.rb
index 93192bafb3..4b8d6a4bb8 100644
--- a/spec/acceptance/server_instance_spec.rb
+++ b/spec/acceptance/server_instance_spec.rb
@@ -3,7 +3,7 @@
# run a test task
require 'spec_helper_acceptance'
-describe 'postgresql instance test1', if: os[:family] == 'redhat' && os[:release].start_with?('8') do
+describe 'postgresql instance test1', if: os[:family] == 'redhat' && !os[:release].start_with?('7') do
pp = <<-MANIFEST
# set global defaults
class { 'postgresql::globals':
@@ -12,7 +12,7 @@ class { 'postgresql::globals':
manage_package_repo => false,
manage_dnf_module => true,
needs_initdb => true,
- version => '13',
+ version => '16',
}
# stop default main instance
class { 'postgresql::server':
@@ -156,6 +156,6 @@ class { 'postgresql::server':
it 'installs postgres instance test1' do
export_locales('en_US.UTF-8 ')
- apply_manifest(pp, catch_failures: true)
+ idempotent_apply(pp)
end
end
diff --git a/spec/classes/repo_spec.rb b/spec/classes/repo_spec.rb
index 3399203f3a..0414501a72 100644
--- a/spec/classes/repo_spec.rb
+++ b/spec/classes/repo_spec.rb
@@ -9,5 +9,28 @@
it 'instantiates apt_postgresql_org class' do
expect(subject).to contain_class('postgresql::repo::apt_postgresql_org')
end
+
+ it {
+ is_expected.to contain_apt__source('apt.postgresql.org')
+ .with_location('https://apt.postgresql.org/pub/repos/apt/')
+ .with_release("#{facts[:os]['distro']['codename']}-pgdg")
+ }
+
+ it { is_expected.to contain_apt__pin('apt_postgresql_org') }
+ end
+
+ describe 'with custom baseurl and release' do
+ let(:params) do
+ {
+ baseurl: 'https://apt-archive.postgresql.org/pub/repos/apt/',
+ release: 'bionic-pgdg-archive',
+ }
+ end
+
+ it {
+ is_expected.to contain_apt__source('apt.postgresql.org')
+ .with_location(params[:baseurl])
+ .with_release(params[:release])
+ }
end
end
diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb
index caf592d611..513c3d1760 100644
--- a/spec/classes/server_spec.rb
+++ b/spec/classes/server_spec.rb
@@ -129,7 +129,7 @@ class { 'postgresql::globals':
it { is_expected.to contain_class('postgresql::server') }
it {
- expect(subject).to contain_Postgresql_conf('data_directory_for_instance_main').that_notifies('Class[postgresql::server::service]')
+ expect(subject).to contain_Postgresql_conf('data_directory_for_instance_main').that_notifies('Postgresql::Server::Instance::Service[main]')
}
it { is_expected.to contain_postgresql__server__config_entry('data_directory_for_instance_main') }
diff --git a/spec/defines/server/config_entry_spec.rb b/spec/defines/server/config_entry_spec.rb
index 8b13e020bd..243e2ea5e9 100644
--- a/spec/defines/server/config_entry_spec.rb
+++ b/spec/defines/server/config_entry_spec.rb
@@ -76,7 +76,7 @@
expect(subject).to contain_postgresql_conf('unix_socket_directories')
.with(name: 'unix_socket_directories',
value: '/var/pgsql, /opt/postgresql, /root/')
- .that_notifies('Class[postgresql::server::service]')
+ .that_notifies('Postgresql::Server::Instance::Service[main]')
end
end
end
diff --git a/spec/defines/server_instance_spec.rb b/spec/defines/server_instance_spec.rb
index 89eadb06c8..ea63146fe4 100644
--- a/spec/defines/server_instance_spec.rb
+++ b/spec/defines/server_instance_spec.rb
@@ -73,7 +73,9 @@ class { 'postgresql::server':
'app_test1': { 'login' => true },
'rep_test1': { 'replication' => true,
'login' => true },
- 'rou_test1': { 'login' => true }, },
+ 'rou_test1': { 'login' => true },
+ 'val_test1': { 'login' => true,
+ 'valid_until' => '2030-01-01 00:00:00+00' }, },
'pg_hba_rules': { 'local all INSTANCE user': { 'type' => 'local',
'database' => 'all',
'user' => 'ins_test1',
@@ -214,10 +216,19 @@ class { 'postgresql::server':
it { is_expected.to contain_postgresql_psql('ALTER ROLE "rou_test1" NOCREATEROLE') }
it { is_expected.to contain_postgresql_psql('ALTER ROLE "rou_test1" NOREPLICATION') }
it { is_expected.to contain_postgresql_psql('ALTER ROLE "rou_test1" NOSUPERUSER') }
+ it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" CONNECTION LIMIT -1') }
+ it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" INHERIT') }
+ it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" LOGIN') }
+ it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" NOCREATEDB') }
+ it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" NOCREATEROLE') }
+ it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" NOREPLICATION') }
+ it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" NOSUPERUSER') }
+ it { is_expected.to contain_postgresql_psql('ALTER ROLE "val_test1" VALID UNTIL \'2030-01-01 00:00:00+00\'') }
it { is_expected.to contain_postgresql_psql('CREATE ROLE app_test1 ENCRYPTED PASSWORD ****') }
it { is_expected.to contain_postgresql_psql('CREATE ROLE dba_test1 ENCRYPTED PASSWORD ****') }
it { is_expected.to contain_postgresql_psql('CREATE ROLE ins_test1 ENCRYPTED PASSWORD ****') }
it { is_expected.to contain_postgresql_psql('CREATE ROLE rep_test1 ENCRYPTED PASSWORD ****') }
it { is_expected.to contain_postgresql_psql('CREATE ROLE rou_test1 ENCRYPTED PASSWORD ****') }
+ it { is_expected.to contain_postgresql_psql('CREATE ROLE val_test1 ENCRYPTED PASSWORD ****') }
end
end
diff --git a/spec/functions/postgresql_default_spec.rb b/spec/functions/postgresql_default_spec.rb
index 12ecde207e..a1d0cd6d57 100644
--- a/spec/functions/postgresql_default_spec.rb
+++ b/spec/functions/postgresql_default_spec.rb
@@ -30,5 +30,19 @@ class { 'postgresql::server':
# parameter in globals.pp only
it { is_expected.to run.with_params('default_connect_settings').and_return({}) }
+ it { is_expected.to run.with_params('password_encryption').and_return('md5') }
+
it { is_expected.to run.with_params('a_parameter_that_does_not_exist').and_raise_error(Puppet::ParseError, %r{pick\(\): must receive at least one non empty value}) }
+
+ context 'with overridden values' do
+ let(:pre_condition) do
+ <<~PUPPET
+ class { 'postgresql::globals':
+ password_encryption => 'scram-sha-256',
+ }
+ PUPPET
+ end
+
+ it { is_expected.to run.with_params('password_encryption').and_return('scram-sha-256') }
+ end
end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 6820cebee7..ae7c1f6818 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -25,7 +25,8 @@
next unless File.exist?(f) && File.readable?(f) && File.size?(f)
begin
- default_facts.merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
+ require 'deep_merge'
+ default_facts.deep_merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
rescue StandardError => e
RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}"
end
@@ -33,7 +34,7 @@
# read default_facts and merge them over what is provided by facterdb
default_facts.each do |fact, value|
- add_custom_fact fact, value
+ add_custom_fact fact, value, merge_facts: true
end
RSpec.configure do |c|
diff --git a/spec/spec_helper_acceptance_local.rb b/spec/spec_helper_acceptance_local.rb
index 4af007d09c..669741c6c1 100644
--- a/spec/spec_helper_acceptance_local.rb
+++ b/spec/spec_helper_acceptance_local.rb
@@ -27,9 +27,7 @@ def export_locales(locale)
LitmusHelper.instance.run_shell("echo export LANGUAGE=#{locale} >> /etc/profile.d/my-custom.lang.sh")
LitmusHelper.instance.run_shell('echo export LC_COLLATE=C >> /etc/profile.d/my-custom.lang.sh')
LitmusHelper.instance.run_shell("echo export LC_CTYPE=#{locale} >> /etc/profile.d/my-custom.lang.sh")
- LitmusHelper.instance.run_shell('source /etc/profile.d/my-custom.lang.sh')
LitmusHelper.instance.run_shell('echo export LC_ALL="C" >> ~/.bashrc')
- LitmusHelper.instance.run_shell('source ~/.bashrc')
end
def pre_run
@@ -48,8 +46,8 @@ def install_dependencies
if $facts['os']['family'] in ['SLES', 'SUSE'] {
exec { 'Enable legacy repos':
path => '/bin:/usr/bin/:/sbin:/usr/sbin',
- command => 'SUSEConnect --product sle-module-legacy/15.5/x86_64',
- unless => 'SUSEConnect --status-text | grep sle-module-legacy/15.5/x86_64',
+ command => "SUSEConnect --product sle-module-legacy/${$facts['os']['distro']['release']['full']}/x86_64",
+ unless => "SUSEConnect --status-text | grep sle-module-legacy/${$facts['os']['distro']['release']['full']}/x86_64",
}
package { 'net-tools-deprecated':
diff --git a/spec/unit/provider/postgresql_conf/ruby_spec.rb b/spec/unit/provider/postgresql_conf/ruby_spec.rb
index 11800b0fc7..1a5c3e806a 100644
--- a/spec/unit/provider/postgresql_conf/ruby_spec.rb
+++ b/spec/unit/provider/postgresql_conf/ruby_spec.rb
@@ -4,13 +4,14 @@
provider_class = Puppet::Type.type(:postgresql_conf).provider(:ruby)
describe provider_class do
- let(:resource) { Puppet::Type.type(:postgresql_conf).new(name: 'foo', value: 'bar') }
+ let(:resource) { Puppet::Type.type(:postgresql_conf).new(name: 'foo', key: 'foo', value: 'bar') }
let(:provider) { resource.provider }
before(:each) do
allow(provider).to receive(:file_path).and_return('/tmp/foo')
allow(provider).to receive(:read_file).and_return('foo = bar')
allow(provider).to receive(:write_file).and_return(true)
+ allow(provider).to receive(:resource).and_return(key: 'your_key', line_number: 1, value: 'foo')
end
# rubocop:enable RSpec/ReceiveMessages
@@ -26,8 +27,27 @@
expect(provider).to respond_to(:add_header)
end
- it 'has a method exists?' do
- expect(provider).to respond_to(:exists?)
+ describe '#exists?' do
+ it 'returns true when a matching config item is found' do
+ config_data = [{ key: 'your_key', value: 'your_value' }]
+ expect(provider).to receive(:parse_config).and_return(config_data)
+
+ expect(provider.exists?).to be true
+ end
+
+ it 'returns false when no matching config item is found' do
+ config_data = [{ key: 'other_key', value: 'other_value' }]
+ expect(provider).to receive(:parse_config).and_return(config_data)
+
+ expect(provider.exists?).to be false
+ end
+
+ it 'raises an error when multiple matching config items are found' do
+ config_data = [{ key: 'your_key', value: 'value1' }, { key: 'your_key', value: 'value2' }]
+ expect(provider).to receive(:parse_config).and_return(config_data)
+
+ expect { provider.exists? }.to raise_error(Puppet::Error, 'found multiple config items of your_key, please fix this')
+ end
end
it 'has a method create' do
diff --git a/spec/unit/type/postgresql_conf_spec.rb b/spec/unit/type/postgresql_conf_spec.rb
index 9ce4269bfa..f6e972f620 100644
--- a/spec/unit/type/postgresql_conf_spec.rb
+++ b/spec/unit/type/postgresql_conf_spec.rb
@@ -51,5 +51,74 @@
expect { described_class.new(name: 'foo', ensure: :foo) }.to raise_error(Puppet::Error, %r{Invalid value})
end
end
+ # boolean https://www.postgresql.org/docs/current/datatype-boolean.html
+ describe 'validate boolean values with newvalues function' do
+ it 'validates log_checkpoints with value on' do
+ expect { described_class.new(name: 'log_checkpoints', value: 'on') }.not_to raise_error
+ end
+ it 'validates log_checkpoints with value off' do
+ expect { described_class.new(name: 'log_checkpoints', value: 'off') }.not_to raise_error
+ end
+ it 'validates log_checkpoints with value true' do
+ expect { described_class.new(name: 'log_checkpoints', value: 'true') }.not_to raise_error
+ end
+ it 'validates log_checkpoints with value false' do
+ expect { described_class.new(name: 'log_checkpoints', value: 'false') }.not_to raise_error
+ end
+ it 'validates log_checkpoints with value yes' do
+ expect { described_class.new(name: 'log_checkpoints', value: 'yes') }.not_to raise_error
+ end
+ it 'validates log_checkpoints with value no' do
+ expect { described_class.new(name: 'log_checkpoints', value: 'no') }.not_to raise_error
+ end
+ it 'validates log_checkpoints with value 1' do
+ expect { described_class.new(name: 'log_checkpoints', value: '1') }.not_to raise_error
+ end
+ it 'validates log_checkpoints with value 0' do
+ expect { described_class.new(name: 'log_checkpoints', value: '0') }.not_to raise_error
+ end
+ end
+ # enums https://www.postgresql.org/docs/current/datatype-enum.html
+ describe 'validate enum values with newvalues function' do
+ it 'validates ssl_min_protocol_version with value TLSv1.3' do
+ expect { described_class.new(name: 'ssl_min_protocol_version', value: 'TLSv1.3') }.not_to raise_error
+ end
+ it 'validates ssl_min_protocol_version with value TLSv1.1' do
+ expect { described_class.new(name: 'ssl_min_protocol_version', value: 'TLSv1.1') }.not_to raise_error
+ end
+ end
+ # integer https://www.postgresql.org/docs/current/datatype-numeric.html#DATATYPE-INT
+ describe 'validate integer values with newvalues function' do
+ it 'validates max_connections with value 1000' do
+ expect { described_class.new(name: 'max_connections', value: '1000') }.not_to raise_error
+ end
+ end
+ # real https://www.postgresql.org/docs/current/datatype-numeric.html#DATATYPE-FLOAT
+ describe 'validate real values with newvalues function' do
+ it 'validates parallel_tuple_cost with value 0.3' do
+ expect { described_class.new(name: 'parallel_tuple_cost', value: '0.3') }.not_to raise_error
+ end
+ end
+ # string https://www.postgresql.org/docs/current/datatype-character.html
+ describe 'validate complex string values with newvalues function' do
+ it 'validates log_line_prefix with value [%p] %q:%u:%d:%' do
+ expect { described_class.new(name: 'log_line_prefix', value: '[%p] %q:%u:%d:%x ') }.not_to raise_error
+ end
+ it 'validates log_line_prefix with value %t %q%u@%d %p %i' do
+ expect { described_class.new(name: 'log_line_prefix', value: '%t %q%u@%d %p %i ') }.not_to raise_error
+ end
+ it 'validates log_filename with value psql_01-%Y-%m-%d.log' do
+ expect { described_class.new(name: 'log_filename', value: 'psql_01-%Y-%m-%d.log') }.not_to raise_error
+ end
+ end
+ # string https://www.postgresql.org/docs/current/datatype-character.html
+ describe 'validate string values with newvalues function' do
+ it 'validates log_timezone with value UTC' do
+ expect { described_class.new(name: 'log_timezone', value: 'UTC') }.not_to raise_error
+ end
+ it 'validates ssl_ciphers with value HIGH:MEDIUM:+3DES:!aNULL' do
+ expect { described_class.new(name: 'ssl_ciphers', value: 'HIGH:MEDIUM:+3DES:!aNULL') }.not_to raise_error
+ end
+ end
end
end
diff --git a/templates/systemd-override.conf.epp b/templates/systemd-override.conf.epp
index 48b02c72f4..e451ce8c88 100644
--- a/templates/systemd-override.conf.epp
+++ b/templates/systemd-override.conf.epp
@@ -3,6 +3,9 @@
Stdlib::Absolutepath $datadir,
Optional[String[1]] $extra_systemd_config,
| -%>
+[Unit]
+RequiresMountsFor=<%= $datadir %>
+
[Service]
Environment=PGPORT=<%= $port %>
<%- if $facts['os']['family'] == 'Gentoo' { -%>
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy