Refs #37325 - use lest to hide default DB password

Author: ianballou

manifests/plugin/container_gateway.pp

@@ -44,7 +44,7 @@
   Optional[Stdlib::Port] $postgresql_port = undef,
   String $postgresql_database = 'container_gateway',
   String $postgresql_user = pick($foreman_proxy::globals::user, 'foreman-proxy'),
-  String $postgresql_password = extlib::cache_data('container_gateway_cache_data', 'db_password', extlib::random_password(32))
+  Optional[String] $postgresql_password = undef
 ) {
   foreman_proxy::plugin::module { 'container_gateway':
     version   => $version,
@@ -60,7 +60,9 @@
       user     => $foreman_proxy::plugin::container_gateway::postgresql_user,
       password => postgresql::postgresql_password(
         $foreman_proxy::plugin::container_gateway::postgresql_user,
-        $foreman_proxy::plugin::container_gateway::postgresql_password
+        $foreman_proxy::plugin::container_gateway::postgresql_password.lest || {
+          extlib::cache_data('container_gateway_cache_data', 'db_password', extlib::random_password(32))
+        }
       ),
       encoding => 'utf8',
       locale   => 'C.utf8',

spec/classes/foreman_proxy__plugin__container_gateway_spec.rb

@@ -9,16 +9,41 @@
       describe 'with default settings' do
         it { should contain_foreman_proxy__plugin__module('container_gateway') }
         it 'container_gateway.yml should contain the correct configuration' do
-          expect(get_content(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml')).to include("---")
-          expect(get_content(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml')).to include(":enabled: https")
-          expect(get_content(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml')).to include(":pulp_endpoint: https://#{facts[:fqdn]}")
-          expect(get_content(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml')).to include(":sqlite_db_path: /var/lib/foreman-proxy/smart_proxy_container_gateway.db")
-          connection_string = get_content(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml').find { |str| str.include?("db_connection_string") }
-          expect(connection_string.split(/[:@\/]/)[6]).to be_a(String).and have_attributes(length: 32)
+          verify_exact_contents(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml', [
+            '---',
+            ':enabled: https',
+            ":pulp_endpoint: https://#{facts[:fqdn]}",
+            ':sqlite_db_path: /var/lib/foreman-proxy/smart_proxy_container_gateway.db',
+            ':db_connection_string: postgres://foreman-proxy:@:/container_gateway'
+          ])
+        end
+      end
+
+      describe 'with overwritten postgres parameters' do
+        let :params do {
+          :pulp_endpoint => 'https://test.example.com',
+          :sqlite_db_path => '/dev/null.db',
+          :database_backend => 'postgres',
+          :postgresql_host => 'test.example.com',
+          :postgresql_port => 5432,
+          :postgresql_database => 'container_gateway',
+          :postgresql_user => 'foreman-proxy',
+          :postgresql_password => 'changeme'
+        } end
+
+        it 'container_gateway.yml should contain the correct configuration' do
+          verify_exact_contents(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml', [
+            '---',
+            ':enabled: https',
+            ':pulp_endpoint: https://test.example.com',
+            ':sqlite_db_path: /dev/null.db',
+            ':sqlite_timeout: 12345',
+            ':db_connection_string: postgres://foreman-proxy:[email protected]:5432/container_gateway'
+          ])
         end
       end
 
-      describe 'with overwritten parameters' do
+      describe 'with overwritten sqlite parameters' do
         let :params do {
           :pulp_endpoint => 'https://test.example.com',
           :sqlite_db_path => '/dev/null.db',