Files
puppet-prod/site/profiles/manifests/sql/postgresdb.pp
T
unkinben ae256b7c0b
ci/woodpecker/pr/erb-validate Pipeline was successful
ci/woodpecker/pr/ruby-validate Pipeline was successful
ci/woodpecker/pr/puppet-lint Pipeline was successful
ci/woodpecker/pr/yamllint Pipeline was successful
ci/woodpecker/pr/bolt-validate Pipeline was successful
ci/woodpecker/pr/epp-validate Pipeline was successful
ci/woodpecker/pr/puppet-validate Pipeline was successful
ci/woodpecker/pr/ruby-check Pipeline was successful
fix: replace puppetdbquery with native PQL queries
Replace deprecated dalen-puppetdbquery module with native puppetdb_query
function using PQL syntax to resolve URI.escape compatibility issues.
This is required to migrated to Puppet 8 (and kubernetes).

Changes:
- Remove dalen-puppetdbquery dependency from Puppetfile
- Replace query_nodes() calls with puppetdb_query() using PQL syntax
- Update 27 function calls across 18 Puppet manifests
- Maintain equivalent functionality with improved compatibility
2026-03-21 22:16:06 +11:00

73 lines
2.1 KiB
Puppet

class profiles::sql::postgresdb (
String $dbname,
String $dbuser,
String $dbpass,
String $cluster_name,
Boolean $create_host_users = false,
Boolean $members_lookup = true,
String $members_role = $facts['enc_role'],
Array $servers = [],
){
# if lookup is enabled
if $members_lookup {
# check that the role is also set
unless !($members_role == undef) {
fail("members_role must be provided for ${title} when members_lookup is True")
}
# if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(puppetdb_query(
"facts[certname] {
name = 'enc_role' and value = '${members_role}' and
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
}"
).map |$fact| { $fact['certname'] })
# else use provided array from params
}else{
$servers_array = $servers
}
$tag = "${cluster_name}-${facts['country']}-${facts['region']}-${facts['environment']}"
# only export from the first server in a cluster
if $servers_array[0] == $facts['networking']['fqdn'] {
# manage the postgres db
@@profiles::sql::postgres::db { "${facts['networking']['fqdn']}_db_${dbname}":
dbname => $dbname,
owner => $dbuser,
tag => $tag,
}
@@profiles::sql::postgres::user { "${facts['networking']['fqdn']}_role_${dbuser}":
username => $dbuser,
password => $dbpass,
tag => $tag,
}
['CONNECT', 'CREATE', 'TEMPORARY'].each |$priv| {
@@profiles::sql::postgres::grant { "${facts['networking']['fqdn']}_grant_db_${dbname}_${dbuser}_${priv}":
dbname => $dbname,
username => $dbuser,
type => 'DATABASE',
privilege => $priv,
tag => $tag,
}
}
#['USAGE', 'CREATE'].each |$priv| {
# @@profiles::sql::postgres::grant { "${facts['networking']['fqdn']}_grant_schema_${dbname}_${dbuser}_${priv}":
# dbname => $dbname,
# username => $dbuser,
# type => 'SCHEMA',
# schema => 'public',
# privilege => $priv,
# tag => $tag,
# }
#}
}
}