diff --git a/manifests/backends/mysql.pp b/manifests/backends/mysql.pp index 9e676fb..ade627e 100644 --- a/manifests/backends/mysql.pp +++ b/manifests/backends/mysql.pp @@ -29,11 +29,13 @@ type => 'authoritative', } - powerdns::config { 'gmysql-password': - ensure => present, - setting => 'gmysql-password', - value => $::powerdns::db_password, - type => 'authoritative', + if $powerdns::db_password { + powerdns::config { 'gmysql-password': + ensure => present, + setting => 'gmysql-password', + value => $::powerdns::db_password, + type => 'authoritative', + } } powerdns::config { 'gmysql-dbname': @@ -65,7 +67,7 @@ } } - if $::powerdns::backend_create_tables { + if $::powerdns::backend_create_tables and $powerdns::db_password { # make sure the database exists mysql::db { $::powerdns::db_name: user => $::powerdns::db_username, diff --git a/manifests/backends/postgresql.pp b/manifests/backends/postgresql.pp index a4699ad..e9bc77e 100644 --- a/manifests/backends/postgresql.pp +++ b/manifests/backends/postgresql.pp @@ -38,11 +38,13 @@ type => 'authoritative', } - powerdns::config { 'gpgsql-password': - ensure => present, - setting => 'gpgsql-password', - value => $::powerdns::db_password, - type => 'authoritative', + if $powerdns::db_password { + powerdns::config { 'gpgsql-password': + ensure => present, + setting => 'gpgsql-password', + value => $::powerdns::db_password, + type => 'authoritative', + } } powerdns::config { 'gpgsql-dbname': diff --git a/manifests/init.pp b/manifests/init.pp index 661f68c..91fce5a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -13,6 +13,7 @@ Integer[1] $db_port = 3306, String[1] $db_dir = $::powerdns::params::db_dir, String[1] $db_file = $::powerdns::params::db_file, + Boolean $require_db_password = true, String[1] $ldap_host = 'ldap://localhost/', Optional[String[1]] $ldap_basedn = undef, String[1] $ldap_method = 'strict', @@ -27,7 +28,7 @@ ) inherits powerdns::params { # Do some additional checks. In certain cases, some parameters are no longer optional. if $authoritative { - if ($::powerdns::backend != 'bind') and ($::powerdns::backend != 'ldap') and ($::powerdns::backend != 'sqlite') { + if ($::powerdns::backend != 'bind') and ($::powerdns::backend != 'ldap') and ($::powerdns::backend != 'sqlite') and $require_db_password { assert_type(String[1], $db_password) |$expected, $actual| { fail("'db_password' must be a non-empty string when 'authoritative' == true") } @@ -37,6 +38,11 @@ } } } + if $backend_create_tables and $backend == 'mysql' { + assert_type(String[1], $db_root_password) |$expected, $actual| { + fail("On MySQL 'db_root_password' must be a non-empty string when 'backend_create_tables' == true") + } + } } # Include the required classes diff --git a/spec/classes/powerdns_init_spec.rb b/spec/classes/powerdns_init_spec.rb index a1970e1..ffba5ca 100644 --- a/spec/classes/powerdns_init_spec.rb +++ b/spec/classes/powerdns_init_spec.rb @@ -46,6 +46,44 @@ } end + context 'powerdns class with require_db_password at false' do + let :params do + { + require_db_password: false + } + end + + it { + is_expected.to raise_error( + %r{On MySQL 'db_root_password' must be a non-empty string when 'backend_create_tables' == true}, + ) + } + end + + context 'powerdns class with require_db_password at false and backend postgresql' do + let :params do + { + require_db_password: false, + backend: 'postgresql' + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.not_to contain_powerdns__config('gpgsql-password') } + end + + context 'powerdns class with require_db_password at false and backend_create_tables at false' do + let :params do + { + require_db_password: false, + backend_create_tables: false + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.not_to contain_powerdns__config('gmysql-password') } + end + context 'powerdns class with parameters' do let(:params) do {