# Class: postgresql::config::afterservice
#
# Parameters:
#
#   [*postgres_password*]     - postgres db user password.
#
# Actions:
#
# Requires:
#
# Usage:
#   This class is not intended to be used directly; it is
#   managed by postgresl::config.  It contains resources
#   that should be handled *after* the postgres service
#   has been started up.
#
#   class { 'postgresql::config::afterservice':
#     postgres_password     => 'postgres'
#   }
#
class postgresql::config::afterservice(
  $postgres_password        = undef
) inherits postgresql::params {
  if ($postgres_password != undef) {
    # NOTE: this password-setting logic relies on the pg_hba.conf being configured
    #  to allow the postgres system user to connect via psql without specifying
    #  a password ('ident' or 'trust' security).  This is the default
    #  for pg_hba.conf.
    exec { 'set_postgres_postgrespw':
        # This command works w/no password because we run it as postgres system user
        command     => "psql -c \"ALTER ROLE ${postgresql::params::user} PASSWORD '${postgres_password}'\"",
        user        => $postgresql::params::user,
        group       => $postgresql::params::group,
        logoutput   => true,
        cwd         => '/tmp',
        # With this command we're passing -h to force TCP authentication, which does require
        #  a password.  We specify the password via the PGPASSWORD environment variable.  If
        #  the password is correct (current), this command will exit with an exit code of 0,
        #  which will prevent the main command from running.
        unless      => "env PGPASSWORD=\"${postgres_password}\" psql -h localhost -c 'select 1' > /dev/null",
        path        => '/usr/bin:/usr/local/bin:/bin',
    }
  }
}