Skip to content

allow more mappings per mapname #786

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jul 14, 2025
Merged

allow more mappings per mapname #786

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bc89f90
allow more mappings per mapname
kristofvandam Jun 20, 2025
b15c741
fixes markdown linting error
kristofvandam Jun 20, 2025
a21353f
fixes when the mapname is too long
kristofvandam Jun 23, 2025
24ac10f
Merge branch 'main' into kv/multi_ident_mapnames
damacus Jul 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ This file is used to list changes made in the last 3 major versions of the postg

## Unreleased

- Fix where only a single mapname was being set in the `pg_hba.conf` file when multiple were specified

## 12.1.0 - *2025-05-17*

- Cast `server_config` keys to strings in `postgresql_config` to avoid unnecessary converges
Expand Down
50 changes: 26 additions & 24 deletions documentation/postgresql_install.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,30 +17,32 @@

## Properties

| Name | Name? | Type | Default | Description | Allowed Values |
| ---------------------------------- | ----- | --------------- | ----------------- | ------------------------------------------------ | -------------- |
| `sensitive` | | true, false | `true` | | |
| `version` | | String, Integer | `'17'` | Version to install | |
| `source` | | String, Symbol | `:repo` | Installation source | repo, os |
| `client_packages` | | String, Array | platform specific | Client packages to install | |
| `server_packages` | | String, Array | platform specific | Server packages to install | |
| `repo_pgdg` | | true, false | `true` | Create pgdg repo | |
| `setup_repo_pgdg` | | true, false | value of previous | Whether or not to manage the pgdg repo | |
| `repo_pgdg_common` | | true, false | `true` | Create pgdg-common repo | |
| `setup_repo_pgdg_common` | | true, false | value of previous | Whether or not to manage the pgdg_common repo | |
| `repo_pgdg_source` | | true, false | `false` | Create pgdg-source repo | |
| `setup_repo_pgdg_source` | | true, false | value of previous | Whether or not to manage the pgdg_source repo | |
| `repo_pgdg_updates_testing` | | true, false | `false` | Create pgdg-updates-testing repo | |
| `setup_repo_pgdg_updates_testing` | | true, false | value of previous | Whether or not to manage the pgdg_updates_testing repo | |
| `repo_pgdg_source_updates_testing` | | true, false | `false` | Create pgdg-source-updates-testing repo | |
| `setup_repo_pgdg_source_updates_testing` | | true, false | value of previous | Whether or not to manage the pgdg_source_updates_testing repo | |
| `yum_gpg_key_uri` | | String | platform specific | YUM/DNF GPG key URL | |
| `apt_repository_uri` | | String | https://download.postgresql.org/pub/repos/apt/ | apt repository URL | |
| `apt_gpg_key_uri` | | String | https://download.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt GPG key URL | |
| `initdb_additional_options` | | String | | Additional options to pass to the initdb command | |
| `initdb_locale` | | String | | Locale to use for the initdb command | |
| `initdb_encoding` | | String | | Encoding to use for the initdb command | |
| `initdb_user` | | String | `'postgres'` | User to run the initdb command as | |
<!-- markdownlint-disable MD034 -->
| Name | Name? | Type | Default | Description | Allowed Values |
| ---------------------------------------- | ----- | --------------- | ----------------- | ------------------------------------------------ | -------------- |
| `sensitive` | | true, false | `true` | | |
| `version` | | String, Integer | `'17'` | Version to install | |
| `source` | | String, Symbol | `:repo` | Installation source | repo, os |
| `client_packages` | | String, Array | platform specific | Client packages to install | |
| `server_packages` | | String, Array | platform specific | Server packages to install | |
| `repo_pgdg` | | true, false | `true` | Create pgdg repo | |
| `setup_repo_pgdg` | | true, false | value of previous | Whether or not to manage the pgdg repo | |
| `repo_pgdg_common` | | true, false | `true` | Create pgdg-common repo | |
| `setup_repo_pgdg_common` | | true, false | value of previous | Whether or not to manage the pgdg_common repo | |
| `repo_pgdg_source` | | true, false | `false` | Create pgdg-source repo | |
| `setup_repo_pgdg_source` | | true, false | value of previous | Whether or not to manage the pgdg_source repo | |
| `repo_pgdg_updates_testing` | | true, false | `false` | Create pgdg-updates-testing repo | |
| `setup_repo_pgdg_updates_testing` | | true, false | value of previous | Whether or not to manage the pgdg_updates_testing repo | |
| `repo_pgdg_source_updates_testing` | | true, false | `false` | Create pgdg-source-updates-testing repo | |
| `setup_repo_pgdg_source_updates_testing` | | true, false | value of previous | Whether or not to manage the pgdg_source_updates_testing repo | |
| `yum_gpg_key_uri` | | String | platform specific | YUM/DNF GPG key URL | |
| `apt_repository_uri` | | String | https://download.postgresql.org/pub/repos/apt/ | apt repository URL | |
| `apt_gpg_key_uri` | | String | https://download.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt GPG key URL | |
| `initdb_additional_options` | | String | | Additional options to pass to the initdb command | |
| `initdb_locale` | | String | | Locale to use for the initdb command | |
| `initdb_encoding` | | String | | Encoding to use for the initdb command | |
| `initdb_user` | | String | `'postgres'` | User to run the initdb command as | |
<!-- markdownlint-enable MD034 -->

## Libraries

Expand Down
23 changes: 7 additions & 16 deletions libraries/ident.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,15 +79,15 @@ def initialize
def add(entry)
raise unless entry.is_a?(PgIdentFileEntry)

return false if entry?(entry.map_name)
return false if entry?(entry.map_name, entry.system_username, entry.database_username)

@entries.push(entry)

sort!
end

def entry(map_name)
entry = @entries.filter { |e| e.map_name.eql?(map_name) }
def entry(map_name, system_username, database_username)
entry = @entries.filter { |e| e.map_name.eql?(map_name) && e.system_username.eql?(system_username) && e.database_username.eql?(database_username) }

return if nil_or_empty?(entry)

Expand All @@ -96,8 +96,8 @@ def entry(map_name)
entry.pop
end

def entry?(map_name)
[email protected] { |e| e.map_name.eql?(map_name) }.empty?
def entry?(map_name, system_username, database_username)
[email protected] { |e| e.map_name.eql?(map_name) && e.system_username.eql?(system_username) && e.database_username.eql?(database_username) }.empty?
end

def include?(entry)
Expand All @@ -120,17 +120,8 @@ def read!(file = 'pg_ident.conf', sort: true)
sort! if sort
end

def remove(entry)
raise unless entry.is_a?(PgIdentFileEntry) || entry.is_a?(String)

remove_name = case entry
when PgIdentFileEntry
entry.map_name
when String
entry
end

@entries.reject! { |e| e.map_name.eql?(remove_name) }
def remove(map_name, system_username, database_username)
@entries.reject! { |e| e.map_name.eql?(map_name) && e.system_username.eql?(system_username) && e.database_username.eql?(database_username) }
end

def sort!
Expand Down
14 changes: 7 additions & 7 deletions resources/ident.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,9 @@

ident_file = PostgreSQL::Cookbook::IdentHelpers::PgIdent::PgIdentFile.read(new_resource.config_file)

current_value_does_not_exist! unless ident_file.entry?(new_resource.map_name)
current_value_does_not_exist! unless ident_file.entry?(new_resource.map_name, new_resource.system_username, new_resource.database_username)

entry = ident_file.entry(new_resource.map_name)
entry = ident_file.entry(new_resource.map_name, new_resource.system_username, new_resource.database_username)
%i(map_name system_username database_username comment).each { |p| send(p, entry.send(p)) }
end

Expand All @@ -65,7 +65,7 @@
action :create do
converge_if_changed do
config_resource_init
entry = config_resource.variables[:pg_ident].entry(new_resource.map_name)
entry = config_resource.variables[:pg_ident].entry(new_resource.map_name, new_resource.system_username, new_resource.database_username)

if nil_or_empty?(entry)
resource_properties = %i(map_name system_username database_username comment).map { |p| [ p, new_resource.send(p) ] }.to_h.compact
Expand All @@ -80,7 +80,7 @@
action :update do
converge_if_changed(:system_username, :database_username, :comment) do
config_resource_init
entry = config_resource.variables[:pg_ident].entry(new_resource.map_name)
entry = config_resource.variables[:pg_ident].entry(new_resource.map_name, new_resource.system_username, new_resource.database_username)

raise Chef::Exceptions::CurrentValueDoesNotExist, "Cannot update ident entry for '#{new_resource.map_name}' as it does not exist" if nil_or_empty?(entry)

Expand All @@ -91,7 +91,7 @@
action :delete do
config_resource_init

converge_by("Remove ident entry with map_name: #{new_resource.map_name}") do
config_resource.variables[:pg_ident].remove(new_resource.map_name)
end if config_resource.variables[:pg_ident].entry?(new_resource.map_name)
converge_by("Remove ident entry where map_name: #{new_resource.map_name}, system_username: #{new_resource.system_username}, database_username: #{new_resource.database_username}") do
config_resource.variables[:pg_ident].remove(new_resource.map_name, new_resource.system_username, new_resource.database_username)
end if config_resource.variables[:pg_ident].entry?(new_resource.map_name, new_resource.system_username, new_resource.database_username)
end
9 changes: 9 additions & 0 deletions test/cookbooks/test/recipes/ident.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
end

user 'shef'
user 'shef2'

postgresql_ident 'postgresl mapping' do
map_name 'testmap1'
Expand All @@ -36,6 +37,14 @@
notifies :reload, 'postgresql_service[postgresql]', :delayed
end

postgresql_ident 'shef2 mapping' do
map_name 'testmap2'
system_username 'shef2'
database_username 'sous_chef'

notifies :reload, 'postgresql_service[postgresql]', :delayed
end

postgresql_ident 'shef remove mapping' do
map_name 'testmap3'
system_username 'shef_remove'
Expand Down
13 changes: 13 additions & 0 deletions test/integration/ident/controls/ident_map.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,19 @@
end
end

control 'postgresql-ident-multi-map' do
impact 1.0
desc 'This test ensures postgres configures ident access with multiple mappings correctly'

describe command("sudo -u shef bash -c \"psql -U sous_chef -d test1 -c 'SELECT 1;'\"") do
its('exit_status') { should eq 0 }
end

describe command("sudo -u shef2 bash -c \"psql -U sous_chef -d test1 -c 'SELECT 1;'\"") do
its('exit_status') { should eq 0 }
end
end

control 'shef and postgres roles should exist' do
impact 1.0
desc 'The shef & postgres database user role should exist'
Expand Down
Loading