puppet-prod/site/profiles/manifests/sql/postgresdb.pp

class profiles::sql::postgresdb (
  String  $dbname,
  String  $dbuser,
  String  $dbpass,
  String  $cluster_name,
  Boolean $create_host_users = false,
  Boolean $members_lookup    = false,
  String  $members_role      = undef,
  Array   $servers           = [],
){

  # if lookup is enabled
  if $members_lookup {

    # check that the role is also set
    unless !($members_role == undef) {
      fail("members_role must be provided for ${title} when members_lookup is True")
    }

    # if it is, find hosts, sort them so they dont cause changes every run
    $servers_array = sort(query_nodes("enc_role='${members_role}' and region='${facts['region']}'", 'networking.fqdn'))

  # else use provided array from params
  }else{
    $servers_array = $servers
  }

  $tag = "${cluster_name}-${facts['country']}-${facts['region']}-${facts['environment']}"

  # only export from the first server in a cluster
  if $servers_array[0] == $facts['networking']['fqdn'] {

    # manage the postgres db
    @@profiles::sql::postgres::db { "${facts['networking']['fqdn']}_db_${dbname}":
      dbname => $dbname,
      tag    => $tag,
    }

    @@profiles::sql::postgres::user { "${facts['networking']['fqdn']}_role_${dbuser}":
      username => $dbuser,
      password => $dbpass,
      tag      => $tag,
    }

    @@profiles::sql::postgres::grant { "${facts['networking']['fqdn']}_grant_db_${dbuser}_${dbuser}}":
      dbname    => $dbname,
      username  => $dbuser,
      type      => 'DATABASE',
      privilege => 'ALL PRIVILEGES',
      tag       => $tag,
    }

    @@profiles::sql::postgres::grant { "${facts['networking']['fqdn']}_grant_schema_${dbuser}_${dbuser}}":
      dbname    => $dbname,
      username  => $dbuser,
      type      => 'SCHEMA',
      schema    => 'public',
      privilege => 'ALL PRIVILEGES',
      tag       => $tag,
    }
  }
}