Merge pull request #142 from bastelfreak/password

make gpgsql-password optional
sensson · Dec 21, 2022 · e815917 · e815917
2 parents bff32a7 + a4c3742
commit e815917
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 12 deletions.
diff --git a/manifests/backends/mysql.pp b/manifests/backends/mysql.pp
@@ -29,11 +29,13 @@
     type    => 'authoritative',
   }
 
-  powerdns::config { 'gmysql-password':
-    ensure  => present,
-    setting => 'gmysql-password',
-    value   => $::powerdns::db_password,
-    type    => 'authoritative',
+  if $powerdns::db_password {
+    powerdns::config { 'gmysql-password':
+      ensure  => present,
+      setting => 'gmysql-password',
+      value   => $::powerdns::db_password,
+      type    => 'authoritative',
+    }
   }
 
   powerdns::config { 'gmysql-dbname':
@@ -65,7 +67,7 @@
     }
   }
 
-  if $::powerdns::backend_create_tables {
+  if $::powerdns::backend_create_tables and $powerdns::db_password {
     # make sure the database exists
     mysql::db { $::powerdns::db_name:
       user     => $::powerdns::db_username,

diff --git a/manifests/backends/postgresql.pp b/manifests/backends/postgresql.pp
@@ -38,11 +38,13 @@
     type    => 'authoritative',
   }
 
-  powerdns::config { 'gpgsql-password':
-    ensure  => present,
-    setting => 'gpgsql-password',
-    value   => $::powerdns::db_password,
-    type    => 'authoritative',
+  if $powerdns::db_password {
+    powerdns::config { 'gpgsql-password':
+      ensure  => present,
+      setting => 'gpgsql-password',
+      value   => $::powerdns::db_password,
+      type    => 'authoritative',
+    }
   }
 
   powerdns::config { 'gpgsql-dbname':

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -13,6 +13,7 @@
   Integer[1]                 $db_port                            = 3306,
   String[1]                  $db_dir                             = $::powerdns::params::db_dir,
   String[1]                  $db_file                            = $::powerdns::params::db_file,
+  Boolean                    $require_db_password                = true,
   String[1]                  $ldap_host                          = 'ldap://localhost/',
   Optional[String[1]]        $ldap_basedn                        = undef,
   String[1]                  $ldap_method                        = 'strict',
@@ -27,7 +28,7 @@
 ) inherits powerdns::params {
   # Do some additional checks. In certain cases, some parameters are no longer optional.
   if $authoritative {
-    if ($::powerdns::backend != 'bind') and ($::powerdns::backend != 'ldap') and ($::powerdns::backend != 'sqlite') {
+    if ($::powerdns::backend != 'bind') and ($::powerdns::backend != 'ldap') and ($::powerdns::backend != 'sqlite') and $require_db_password {
       assert_type(String[1], $db_password) |$expected, $actual| {
         fail("'db_password' must be a non-empty string when 'authoritative' == true")
       }
@@ -37,6 +38,11 @@
         }
       }
     }
+    if $backend_create_tables and $backend == 'mysql' {
+      assert_type(String[1], $db_root_password) |$expected, $actual| {
+        fail("On MySQL 'db_root_password' must be a non-empty string when 'backend_create_tables' == true")
+      }
+    }
   }
 
   # Include the required classes

diff --git a/spec/classes/powerdns_init_spec.rb b/spec/classes/powerdns_init_spec.rb
@@ -46,6 +46,44 @@
           }
         end
 
+        context 'powerdns class with require_db_password at false' do
+          let :params do
+            {
+              require_db_password: false
+            }
+          end
+
+          it {
+            is_expected.to raise_error(
+              %r{On MySQL 'db_root_password' must be a non-empty string when 'backend_create_tables' == true},
+            )
+          }
+        end
+
+        context 'powerdns class with require_db_password at false and backend postgresql' do
+          let :params do
+            {
+              require_db_password: false,
+              backend: 'postgresql'
+            }
+          end
+
+          it { is_expected.to compile.with_all_deps }
+          it { is_expected.not_to contain_powerdns__config('gpgsql-password') }
+        end
+
+        context 'powerdns class with require_db_password at false and backend_create_tables at false' do
+          let :params do
+            {
+              require_db_password: false,
+              backend_create_tables: false
+            }
+          end
+
+          it { is_expected.to compile.with_all_deps }
+          it { is_expected.not_to contain_powerdns__config('gmysql-password') }
+        end
+
         context 'powerdns class with parameters' do
           let(:params) do
             {