fix elasticsearch/user: allow ensure=absent without password

Author: milad-zanganeh

REFERENCE.md

@@ -2179,13 +2179,15 @@ Default value: `'present'`
 
 ##### <a name="-elasticsearch--user--password"></a>`password`
 
-Data type: `String`
+Data type: `Optional[String]`
 
 Password for the given user. A plaintext password will be managed
 with the esusers utility and requires a refresh to update, while
 a hashed password from the esusers utility will be managed manually
 in the uses file.
 
+Default value: `undef`
+
 ##### <a name="-elasticsearch--user--roles"></a>`roles`
 
 Data type: `Array`

manifests/user.pp

@@ -23,28 +23,39 @@
 # @author Gavin Williams <[email protected]>
 #
 define elasticsearch::user (
-  String                    $password,
-  Enum['absent', 'present'] $ensure = 'present',
-  Array                     $roles  = [],
+  Optional[String]          $password = undef,
+  Enum['absent', 'present'] $ensure   = 'present',
+  Array                     $roles    = [],
 ) {
-  if $password =~ /^\$2a\$/ {
-    elasticsearch_user_file { $name:
-      ensure          => $ensure,
-      configdir       => $elasticsearch::configdir,
-      hashed_password => $password,
-      before          => Elasticsearch_user_roles[$name],
-    }
-  } else {
+  if $ensure == 'absent' {
     elasticsearch_user { $name:
-      ensure    => $ensure,
+      ensure    => 'absent',
       configdir => $elasticsearch::configdir,
-      password  => $password,
-      before    => Elasticsearch_user_roles[$name],
     }
   }
-
+  else {
+    if $password == undef {
+      fail('elasticsearch::user: password must be provided when ensure => present')
+    }
+    if $password =~ /^\$2a\$/ {
+      elasticsearch_user_file { $name:
+        ensure          => present,
+        configdir       => $elasticsearch::configdir,
+        hashed_password => $password,
+        before          => Elasticsearch_user_roles[$name],
+      }
+    } else {
+      elasticsearch_user { $name:
+        ensure    => present,
+        configdir => $elasticsearch::configdir,
+        password  => $password,
+        before    => Elasticsearch_user_roles[$name],
+      }
+    }
+  }
   elasticsearch_user_roles { $name:
     ensure => $ensure,
     roles  => $roles,
   }
 }
+