Only require password when used

[arjenz]

If the if in line 39 evaluates to false, the user has been created
elsewhere, and we don't actually use (and thus need) password in
postgresql::server::db class.

[puppet-community-rangefinder]

postgresql::server::db is a type

Breaking changes to this file WILL impact these 37 modules (exact match):

• nicopaez-dockerserver
• jmkeyes-razor
• jjulien-trac
• atmesh-deploy_railsapp
• landcareresearch-pidservice
• driebit-zotonic
• eschiller-trac
• nnutter-testdb
• katello-gutterball
• nicopaez-alfred
• nicopaez-triage
• saw-reviewboard
• mjhas-mailserver
• Ginja-puppet_stack
• urgi-galaxy_roles_profiles
• hetzner-roundcube
• mukaibot-bamboo
• aursu-gitlabinstall
• opuscodium-taiga
• sensson-powerdns
• johanek-redmine
• npwalker-pe_external_postgresql
• adullact-demarchessimplifiees
• puppetfinland-puppetmaster
• zleslie-bacula
• sensu-sensu
• theforeman-pulpcore
• treydock-keycloak
• puppet-zabbix
• SchnWalter-happydev
• groupbuddies-gb
• blackknight36-bacula
• openstack-openstacklib
• puppetlabs-puppetdb
• wdijkerman-zabbix
• theforeman-foreman
• katello-candlepin

Breaking changes to this file MAY impact these 20 modules (near match):

• jmkeyes-netbox
• Firebladee-moodle
• example42-psick_profile
• jortencio-superset
• simp-foreman
• sebastianrakel-gitea
• tedivm-hieratic
• Lavaburn-razor
• example42-psick
• cesnet-oozie
• maestrodev-maestro_demo
• maestrodev-maestro_nodes
• puppetfinland-patchwork
• Lavaburn-cabot
• ash-netbox
• icinga-icinga
• cleo-harmony
• echoes-wrappers
• cesnet-hive
• soli-wrappers

This module is declared in 70 of 579 indexed public Puppetfiles.

---

These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

[ekohl]

I wonder about this use case. If you already define the user elsewhere, can't you simply use postgresql::server::database in the later places? What additional benefit is there in this defined type?

I see a tablespace relation, which is also in postgresql::server::database.

Then there is a GRANT. That isn't in postgresql::server::database, except for an owner. AFAIK that already implies all privileges so the only edge case is if you want that grant.

Am I missing anything?

[arjenz]

Well the major use case from my end is "this is how we happen to use it, and it stopped working when d878d13#diff-09acae987abfb6f2de2796ebbbcee8911d8326cf762451972538f4f78984f35c was introduced".
Before that commit setting it to undef was fine, but afterwards not anymore.
Looking just at the code in this class, without taking global context into perspective this solution kind of makes sense. "Why require data when it's not actually used or needed for this class".

[arjenz]

Oh, and right now, as a workaround, we're passing around password: 'unused' in hiera, since the value gets ignored anyway, so I feel solving this in the code is a bit more elegant :)

[ekohl]

Mostly because it makes the code (even more) compile order dependent. If the inclusion happens in another order, it may fail because no password is provided. Then again, you could already have code where there are 2 different passwords specified and the real password used ends up being determined by the compile order.

Now looking deeper, I see postgresql::server::role can create a user without a password. So I think this is valid if you drop the fail() part. That should then also be reflected in the @param tags.

[arjenz]

Done :)

[ekohl]

Did you forget to push?

[arjenz]

Did you forget to push?

Yes, yes I did :)

[ekohl]

@david22swan this would have been nice to get in the release. However, I can't merge it because of a failed test.

[david22swan]

LGTM

Will get it merged in now