diff --git a/CHANGELOG.md b/CHANGELOG.md index 48fd52287..d13f1e82d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,8 @@ This file is used to list changes made in the last 3 major versions of the postg ## Unreleased -Standardise files with files in sous-chefs/repo-management +- Fix where only a single mapname was being set in the `pg_hba.conf` file when multiple were specified +- Standardise files with files in sous-chefs/repo-management ## 12.1.0 - *2025-05-17* diff --git a/documentation/postgresql_install.md b/documentation/postgresql_install.md index bf08529cd..a9a73203b 100644 --- a/documentation/postgresql_install.md +++ b/documentation/postgresql_install.md @@ -17,30 +17,32 @@ ## Properties -| Name | Name? | Type | Default | Description | Allowed Values | -| ---------------------------------- | ----- | --------------- | ----------------- | ------------------------------------------------ | -------------- | -| `sensitive` | | true, false | `true` | | | -| `version` | | String, Integer | `'17'` | Version to install | | -| `source` | | String, Symbol | `:repo` | Installation source | repo, os | -| `client_packages` | | String, Array | platform specific | Client packages to install | | -| `server_packages` | | String, Array | platform specific | Server packages to install | | -| `repo_pgdg` | | true, false | `true` | Create pgdg repo | | -| `setup_repo_pgdg` | | true, false | value of previous | Whether or not to manage the pgdg repo | | -| `repo_pgdg_common` | | true, false | `true` | Create pgdg-common repo | | -| `setup_repo_pgdg_common` | | true, false | value of previous | Whether or not to manage the pgdg_common repo | | -| `repo_pgdg_source` | | true, false | `false` | Create pgdg-source repo | | -| `setup_repo_pgdg_source` | | true, false | value of previous | Whether or not to manage the pgdg_source repo | | -| `repo_pgdg_updates_testing` | | true, false | `false` | Create pgdg-updates-testing repo | | -| `setup_repo_pgdg_updates_testing` | | true, false | value of previous | Whether or not to manage the pgdg_updates_testing repo | | -| `repo_pgdg_source_updates_testing` | | true, false | `false` | Create pgdg-source-updates-testing repo | | -| `setup_repo_pgdg_source_updates_testing` | | true, false | value of previous | Whether or not to manage the pgdg_source_updates_testing repo | | -| `yum_gpg_key_uri` | | String | platform specific | YUM/DNF GPG key URL | | -| `apt_repository_uri` | | String | [https://download.postgresql.org/pub/repos/apt/](https://download.postgresql.org/pub/repos/apt/) | apt repository URL | | -| `apt_gpg_key_uri` | | String | [https://download.postgresql.org/pub/repos/apt/ACCC4CF8.asc](https://download.postgresql.org/pub/repos/apt/ACCC4CF8.asc) | apt GPG key URL | | -| `initdb_additional_options` | | String | | Additional options to pass to the initdb command | | -| `initdb_locale` | | String | | Locale to use for the initdb command | | -| `initdb_encoding` | | String | | Encoding to use for the initdb command | | -| `initdb_user` | | String | `'postgres'` | User to run the initdb command as | | + +| Name | Name? | Type | Default | Description | Allowed Values | +| ---------------------------------------- | ----- | --------------- | ----------------- | ------------------------------------------------ | -------------- | +| `sensitive` | | true, false | `true` | | | +| `version` | | String, Integer | `'17'` | Version to install | | +| `source` | | String, Symbol | `:repo` | Installation source | repo, os | +| `client_packages` | | String, Array | platform specific | Client packages to install | | +| `server_packages` | | String, Array | platform specific | Server packages to install | | +| `repo_pgdg` | | true, false | `true` | Create pgdg repo | | +| `setup_repo_pgdg` | | true, false | value of previous | Whether or not to manage the pgdg repo | | +| `repo_pgdg_common` | | true, false | `true` | Create pgdg-common repo | | +| `setup_repo_pgdg_common` | | true, false | value of previous | Whether or not to manage the pgdg_common repo | | +| `repo_pgdg_source` | | true, false | `false` | Create pgdg-source repo | | +| `setup_repo_pgdg_source` | | true, false | value of previous | Whether or not to manage the pgdg_source repo | | +| `repo_pgdg_updates_testing` | | true, false | `false` | Create pgdg-updates-testing repo | | +| `setup_repo_pgdg_updates_testing` | | true, false | value of previous | Whether or not to manage the pgdg_updates_testing repo | | +| `repo_pgdg_source_updates_testing` | | true, false | `false` | Create pgdg-source-updates-testing repo | | +| `setup_repo_pgdg_source_updates_testing` | | true, false | value of previous | Whether or not to manage the pgdg_source_updates_testing repo | | +| `yum_gpg_key_uri` | | String | platform specific | YUM/DNF GPG key URL | | +| `apt_repository_uri` | | String | https://download.postgresql.org/pub/repos/apt/ | apt repository URL | | +| `apt_gpg_key_uri` | | String | https://download.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt GPG key URL | | +| `initdb_additional_options` | | String | | Additional options to pass to the initdb command | | +| `initdb_locale` | | String | | Locale to use for the initdb command | | +| `initdb_encoding` | | String | | Encoding to use for the initdb command | | +| `initdb_user` | | String | `'postgres'` | User to run the initdb command as | | + ## Libraries diff --git a/libraries/ident.rb b/libraries/ident.rb index 7391b9d03..45e4087c9 100644 --- a/libraries/ident.rb +++ b/libraries/ident.rb @@ -79,15 +79,15 @@ def initialize def add(entry) raise unless entry.is_a?(PgIdentFileEntry) - return false if entry?(entry.map_name) + return false if entry?(entry.map_name, entry.system_username, entry.database_username) @entries.push(entry) sort! end - def entry(map_name) - entry = @entries.filter { |e| e.map_name.eql?(map_name) } + def entry(map_name, system_username, database_username) + entry = @entries.filter { |e| e.map_name.eql?(map_name) && e.system_username.eql?(system_username) && e.database_username.eql?(database_username) } return if nil_or_empty?(entry) @@ -96,8 +96,8 @@ def entry(map_name) entry.pop end - def entry?(map_name) - !@entries.filter { |e| e.map_name.eql?(map_name) }.empty? + def entry?(map_name, system_username, database_username) + !@entries.filter { |e| e.map_name.eql?(map_name) && e.system_username.eql?(system_username) && e.database_username.eql?(database_username) }.empty? end def include?(entry) @@ -120,17 +120,8 @@ def read!(file = 'pg_ident.conf', sort: true) sort! if sort end - def remove(entry) - raise unless entry.is_a?(PgIdentFileEntry) || entry.is_a?(String) - - remove_name = case entry - when PgIdentFileEntry - entry.map_name - when String - entry - end - - @entries.reject! { |e| e.map_name.eql?(remove_name) } + def remove(map_name, system_username, database_username) + @entries.reject! { |e| e.map_name.eql?(map_name) && e.system_username.eql?(system_username) && e.database_username.eql?(database_username) } end def sort! @@ -193,6 +184,7 @@ def to_s ENTRY_FIELD_FORMAT.each do |field, ljust_count| field = respond_to?(field) ? send(field) : '' field_string = field.to_s.ljust(ljust_count) + field_string += ' ' unless field_string.include?(' ') || field == :comment entry_string.concat(field_string) end diff --git a/resources/ident.rb b/resources/ident.rb index 6cf1a4325..7622ea24c 100644 --- a/resources/ident.rb +++ b/resources/ident.rb @@ -52,9 +52,9 @@ ident_file = PostgreSQL::Cookbook::IdentHelpers::PgIdent::PgIdentFile.read(new_resource.config_file) - current_value_does_not_exist! unless ident_file.entry?(new_resource.map_name) + current_value_does_not_exist! unless ident_file.entry?(new_resource.map_name, new_resource.system_username, new_resource.database_username) - entry = ident_file.entry(new_resource.map_name) + entry = ident_file.entry(new_resource.map_name, new_resource.system_username, new_resource.database_username) %i(map_name system_username database_username comment).each { |p| send(p, entry.send(p)) } end @@ -65,7 +65,7 @@ action :create do converge_if_changed do config_resource_init - entry = config_resource.variables[:pg_ident].entry(new_resource.map_name) + entry = config_resource.variables[:pg_ident].entry(new_resource.map_name, new_resource.system_username, new_resource.database_username) if nil_or_empty?(entry) resource_properties = %i(map_name system_username database_username comment).map { |p| [ p, new_resource.send(p) ] }.to_h.compact @@ -80,7 +80,7 @@ action :update do converge_if_changed(:system_username, :database_username, :comment) do config_resource_init - entry = config_resource.variables[:pg_ident].entry(new_resource.map_name) + entry = config_resource.variables[:pg_ident].entry(new_resource.map_name, new_resource.system_username, new_resource.database_username) raise Chef::Exceptions::CurrentValueDoesNotExist, "Cannot update ident entry for '#{new_resource.map_name}' as it does not exist" if nil_or_empty?(entry) @@ -91,7 +91,7 @@ action :delete do config_resource_init - converge_by("Remove ident entry with map_name: #{new_resource.map_name}") do - config_resource.variables[:pg_ident].remove(new_resource.map_name) - end if config_resource.variables[:pg_ident].entry?(new_resource.map_name) + converge_by("Remove ident entry where map_name: #{new_resource.map_name}, system_username: #{new_resource.system_username}, database_username: #{new_resource.database_username}") do + config_resource.variables[:pg_ident].remove(new_resource.map_name, new_resource.system_username, new_resource.database_username) + end if config_resource.variables[:pg_ident].entry?(new_resource.map_name, new_resource.system_username, new_resource.database_username) end diff --git a/test/cookbooks/test/recipes/ident.rb b/test/cookbooks/test/recipes/ident.rb index 8626e53c7..e9226df7c 100644 --- a/test/cookbooks/test/recipes/ident.rb +++ b/test/cookbooks/test/recipes/ident.rb @@ -18,6 +18,7 @@ end user 'shef' +user 'shef2' postgresql_ident 'postgresl mapping' do map_name 'testmap1' @@ -36,6 +37,14 @@ notifies :reload, 'postgresql_service[postgresql]', :delayed end +postgresql_ident 'shef2 mapping' do + map_name 'testmap2' + system_username 'shef2' + database_username 'sous_chef' + + notifies :reload, 'postgresql_service[postgresql]', :delayed +end + postgresql_ident 'shef remove mapping' do map_name 'testmap3' system_username 'shef_remove' @@ -45,6 +54,14 @@ action :delete end +postgresql_ident 'map with very long name' do + map_name 'this_is_a_very_long_map_name_that_should_be_handled_correctly_by_the_postgresql_ident_resource' + system_username 'shef' + database_username 'sous_chef' + + notifies :reload, 'postgresql_service[postgresql]', :delayed +end + postgresql_access 'postgresql host superuser' do type 'host' database 'all' diff --git a/test/integration/ident/controls/ident_map.rb b/test/integration/ident/controls/ident_map.rb index d977a01cb..444f8b188 100644 --- a/test/integration/ident/controls/ident_map.rb +++ b/test/integration/ident/controls/ident_map.rb @@ -7,6 +7,19 @@ end end +control 'postgresql-ident-multi-map' do + impact 1.0 + desc 'This test ensures postgres configures ident access with multiple mappings correctly' + + describe command("sudo -u shef bash -c \"psql -U sous_chef -d test1 -c 'SELECT 1;'\"") do + its('exit_status') { should eq 0 } + end + + describe command("sudo -u shef2 bash -c \"psql -U sous_chef -d test1 -c 'SELECT 1;'\"") do + its('exit_status') { should eq 0 } + end +end + control 'shef and postgres roles should exist' do impact 1.0 desc 'The shef & postgres database user role should exist' @@ -18,3 +31,13 @@ its('output') { should include 'sous_chef' } end end + +control 'postgresql-ident-long-map-name' do + impact 1.0 + desc 'This test ensures postgres configures ident access with long map names correctly' + + describe postgres_ident_conf.where { map_name == 'this_is_a_very_long_map_name_that_should_be_handled_correctly_by_the_postgresql_ident_resource' } do + its('system_username') { should cmp 'shef' } + its('pg_username') { should cmp 'sous_chef' } + end +end