From 1090452bc84051fb74076fc16d87c7d961101dc5 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Fri, 19 Jan 2024 15:43:28 +0200
Subject: [PATCH] cloud: Switch to password_is_updated()

Use password_is_updated() instead of password_is_specified() to update
PostgreSQL user passwords whenever they change.
---
 kcidb/cloud/password.sh | 12 ++++++------
 kcidb/cloud/psql.sh     |  8 ++++++--
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/kcidb/cloud/password.sh b/kcidb/cloud/password.sh
index 2f66b10e..d2791ee8 100644
--- a/kcidb/cloud/password.sh
+++ b/kcidb/cloud/password.sh
@@ -254,24 +254,24 @@ function password_is_updated() {
 
 # Deploy passwords to their secrets (assuming they're set with
 # "password_secret_set"). For every password deploy only if the password is
-# specified, or the secret doesn't exist.
+# updated, or the secret doesn't exist.
 # Args: name...
 function password_secret_deploy() {
     declare name
+    declare updated
     declare project
     declare secret
-    declare exists
     assert password_exists "$@"
     assert password_secret_is_specified "$@"
     while (($#)); do
         name="$1"; shift
-        project="${PASSWORD_SECRETS[$name]%%:*}"
-        secret="${PASSWORD_SECRETS[$name]#*:}"
-        exists=$(secret_exists "$project" "$secret")
-        if ! "$exists" || password_is_specified "$name"; then
+        updated=$(password_is_updated "$name")
+        if "$updated"; then
             # Get and cache the password in the current shell first
             password_get "$name" > /dev/null
             # Deploy the cached password
+            project="${PASSWORD_SECRETS[$name]%%:*}"
+            secret="${PASSWORD_SECRETS[$name]#*:}"
             password_get "$name" | secret_deploy "$project" "$secret"
         fi
     done
diff --git a/kcidb/cloud/psql.sh b/kcidb/cloud/psql.sh
index b2f5d363..3d911782 100644
--- a/kcidb/cloud/psql.sh
+++ b/kcidb/cloud/psql.sh
@@ -75,6 +75,7 @@ function psql_instance_deploy() {
     declare -r name="$1"; shift
     declare -r viewer="$1"; shift
     declare exists
+    declare updated
 
     exists=$(psql_instance_exists "$project" "$name")
     if ! "$exists"; then
@@ -97,7 +98,8 @@ function psql_instance_deploy() {
 
     # Deploy the shared viewer user
     exists=$(psql_user_exists "$project" "$name" "$viewer")
-    if ! "$exists" || password_is_specified psql_viewer; then
+    updated=$(password_is_updated psql_viewer)
+    if ! "$exists" || "$updated"; then
         # Get and cache the password in the current shell first
         password_get psql_viewer >/dev/null
         # Create the user with the cached password
@@ -292,6 +294,7 @@ function psql_databases_deploy() {
     declare editor
     declare init
     declare exists
+    declare updated
 
     while (($#)); do
         database="$1"; shift
@@ -317,7 +320,8 @@ function psql_databases_deploy() {
 
         # Deploy the per-database editor user
         exists=$(psql_user_exists "$project" "$instance" "$editor")
-        if ! "$exists" || password_is_specified psql_editor; then
+        updated=$(password_is_updated psql_editor)
+        if ! "$exists" || "$updated"; then
             # Get and cache the password in the current shell first
             password_get psql_editor >/dev/null
             # Create the user with the cached password