1 |
# TODO convert to a regular type, so we can later change password |
2 |
# without erasing the current user |
3 |
define postgresql::user($password) { |
4 |
$sql = "CREATE ROLE $name ENCRYPTED PASSWORD '\$pass' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" |
5 |
|
6 |
exec { "psql -U postgres -c \"$sql\" ": |
7 |
user => 'root', |
8 |
# do not leak the password on commandline |
9 |
environment => "pass=$password", |
10 |
unless => "psql -A -t -U postgres -c '\\du $name' | grep '$name'", |
11 |
require => Service['postgresql'], |
12 |
} |
13 |
} |