3 describe 'postgresql::server::role', :type => :define do
7 :operatingsystem => 'Debian',
8 :operatingsystemrelease => '6.0',
10 :concat_basedir => tmpfilename('contrib'),
12 :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
22 :password_hash => 'new-pa$s',
27 "class {'postgresql::server':}"
30 it { is_expected.to contain_postgresql__server__role('test') }
31 it 'should have create role for "test" user with password as ****' do
32 is_expected.to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****').with({
33 'command' => "CREATE ROLE \"test\" ENCRYPTED PASSWORD '$NEWPGPASSWD' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER CONNECTION LIMIT -1",
34 'environment' => "NEWPGPASSWD=new-pa$s",
35 'unless' => "SELECT 1 FROM pg_roles WHERE rolname = 'test'",
39 it 'should have alter role for "test" user with password as ****' do
40 is_expected.to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****').with({
41 'command' => "ALTER ROLE \"test\" ENCRYPTED PASSWORD '$NEWPGPASSWD'",
42 'environment' => "NEWPGPASSWD=new-pa$s",
43 'unless' => "SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa'",
48 context "with specific db connection settings - default port" do
51 :password_hash => 'new-pa$s',
52 :connect_settings => { 'PGHOST' => 'postgres-db-server',
54 'PGUSER' => 'login-user',
55 'PGPASSWORD' => 'login-pass' },
60 "class {'postgresql::server':}"
63 it { is_expected.to contain_postgresql__server__role('test') }
64 it 'should have create role for "test" user with password as ****' do
65 is_expected.to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****').with({
66 'command' => "CREATE ROLE \"test\" ENCRYPTED PASSWORD '$NEWPGPASSWD' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER CONNECTION LIMIT -1",
67 'environment' => "NEWPGPASSWD=new-pa$s",
68 'unless' => "SELECT 1 FROM pg_roles WHERE rolname = 'test'",
71 'connect_settings' => { 'PGHOST' => 'postgres-db-server',
73 'PGUSER' => 'login-user',
74 'PGPASSWORD' => 'login-pass' },
77 it 'should have alter role for "test" user with password as ****' do
78 is_expected.to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****').with({
79 'command' => "ALTER ROLE \"test\" ENCRYPTED PASSWORD '$NEWPGPASSWD'",
80 'environment' => "NEWPGPASSWD=new-pa$s",
81 'unless' => "SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa'",
84 'connect_settings' => { 'PGHOST' => 'postgres-db-server',
86 'PGUSER' => 'login-user',
87 'PGPASSWORD' => 'login-pass' },
92 context "with specific db connection settings - including port" do
95 :password_hash => 'new-pa$s',
96 :connect_settings => { 'PGHOST' => 'postgres-db-server',
99 'PGUSER' => 'login-user',
100 'PGPASSWORD' => 'login-pass' },
104 let :pre_condition do
105 "class {'postgresql::server':}"
108 it { is_expected.to contain_postgresql__server__role('test') }
109 it 'should have create role for "test" user with password as ****' do
110 is_expected.to contain_postgresql_psql('CREATE ROLE test ENCRYPTED PASSWORD ****').with({
111 'command' => "CREATE ROLE \"test\" ENCRYPTED PASSWORD '$NEWPGPASSWD' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER CONNECTION LIMIT -1",
112 'environment' => "NEWPGPASSWD=new-pa$s",
113 'unless' => "SELECT 1 FROM pg_roles WHERE rolname = 'test'",
114 'connect_settings' => { 'PGHOST' => 'postgres-db-server',
115 'DBVERSION' => '9.1',
117 'PGUSER' => 'login-user',
118 'PGPASSWORD' => 'login-pass' },
121 it 'should have alter role for "test" user with password as ****' do
122 is_expected.to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****').with({
123 'command' => "ALTER ROLE \"test\" ENCRYPTED PASSWORD '$NEWPGPASSWD'",
124 'environment' => "NEWPGPASSWD=new-pa$s",
125 'unless' => "SELECT 1 FROM pg_shadow WHERE usename = 'test' AND passwd = 'md5b6f7fcbbabb4befde4588a26c1cfd2fa'",
126 'connect_settings' => { 'PGHOST' => 'postgres-db-server',
127 'DBVERSION' => '9.1',
129 'PGUSER' => 'login-user',
130 'PGPASSWORD' => 'login-pass' },
135 context 'with update_password set to false' do
138 :password_hash => 'new-pa$s',
139 :update_password => false,
143 let :pre_condition do
144 "class {'postgresql::server':}"
147 it 'should not have alter role for "test" user with password as **** if update_password is false' do
148 is_expected.not_to contain_postgresql_psql('ALTER ROLE test ENCRYPTED PASSWORD ****')