puppetlabs-postgresql icon indicating copy to clipboard operation
puppetlabs-postgresql copied to clipboard

Published 20 hours ago verified publisher icon puppetlabs

postgresql::postgres_password throws errors when Deferred

Open bobnegri opened this issue 1 year ago • 6 comments

Describe the Bug

When postgresql::postgres_password is Deferred, it throws one of two possible errors:

Error 1:

$hash_postgresql_db_pw = Deferred('postgresql::postgresql_password', ['puppetdb', $plain_postgresql_db_pw])

Error: Failed to apply catalog: Function postgresql::postgresql_password(): Unknown function: 'postgresql::default'

Error 2:

# Get the hash value: md5 or scram-sha-256 $pwd_encrypt = $postgresql::params::password_encryption

$hash_postgresql_db_pw = Deferred('postgresql::postgresql_password', ['puppetdb', $plain_postgresql_db_pw, false, $pwd_encrypt])

Failed to apply catalog: 'postgresql::postgresql_password' parameter 'hash' references an unresolved type 'Postgresql::Pg_password_encryption'

Expected Behavior

A clear and concise description of what you expected to happen.

Expectation 1: When function postgresql::postgresql_password is Deferred and only passed username and password, the function should use the built in defaults without throwing an error.

Expectation 2: When function postgresql::postgresql_password is Deferred and values are provided for username, password, sensitive, and hash, the function should not throw a type error.

Steps to Reproduce

Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'

Environment

  • postgresql-12 10.0.3
  • puppet-agent 7.27.0
  • puppetdb 7.15.0
  • puppetserver 7.14.0
  • Ubuntu 20.04.6 LTS

Additional Context

Add any other context about the problem here.

Under postgresql 9.2.0, we did not provide sensitive and hash values and the function worked when Deferred.

bobnegri avatar Feb 18 '24 20:02 bobnegri

Is this a duplicate of https://github.com/puppetlabs/puppetlabs-postgresql/issues/1560?

ekohl avatar Apr 05 '24 16:04 ekohl

I'm going to go with, no.

I'm Deferring function 'postgresql::postgresql_password':

$hash_postgresql_db_pw = Deferred('postgresql::postgresql_password', ['puppetdb', $plain_postgresql_db_pw])

Issue #1560 is passing in a Deferred to the class.

class { '::postgresql::server':
    postgres_password => Deferred('unwrap', [$admin_password_vault]),
}

bobnegri avatar Apr 11 '24 11:04 bobnegri

Expectation 2: When function postgresql::postgresql_password is Deferred and values are provided for username, password, sensitive, and hash, the function should not throw a type error.

are you sure that's not the case? postgresql::postgresql_password() doesn't call postgresql::default() when the hash is set.

bastelfreak avatar May 29 '24 12:05 bastelfreak

Expectation 2: When function postgresql::postgresql_password is Deferred and values are provided for username, password, sensitive, and hash, the function should not throw a type error.

are you sure that's not the case? postgresql::postgresql_password() doesn't call postgresql::default() when the hash is set.

Yes. Deferred can't resolve this:

optional_param 'Optional[Postgresql::Pg_password_encryption]', :hash

So even though I'm providing values - and avoiding the Puppet function -- it still fails.

Note: I'm appearing as my work identity rather than my personal login.

bobnegri-vaerec avatar May 30 '24 13:05 bobnegri-vaerec

Can you provide a PR that switches to native Enum?

bastelfreak avatar Jun 03 '24 10:06 bastelfreak

I'll try and figure out how to do that. (First time.) Going to have to do it off work hours due to the bureaucracy that is my current employer and our client.

bobnegri avatar Jun 03 '24 12:06 bobnegri