Refs #37325 - use container gateway DB password only when needed

Author: ianballou

manifests/plugin/container_gateway.pp

@@ -56,16 +56,22 @@
   if $manage_postgresql and $database_backend == 'postgres' {
     include postgresql::server
     $_postgresql_user = pick($postgresql_user, $foreman_proxy::user)
-    postgresql::server::db { $postgresql_database:
-      user     => $_postgresql_user,
-      password => postgresql::postgresql_password(
-        $_postgresql_user,
-        $postgresql_password.lest || {
-          extlib::cache_data('container_gateway_cache_data', 'db_password', extlib::random_password(32))
-        }
-      ),
-      encoding => 'utf8',
-      locale   => 'C.utf8',
+    if $postgresql_password {
+      postgresql::server::db { $postgresql_database:
+        user     => $_postgresql_user,
+        password => postgresql::postgresql_password(
+          $_postgresql_user,
+          $postgresql_password
+        ),
+        encoding => 'utf8',
+        locale   => 'C.utf8',
+      }
+    } else {
+      postgresql::server::db { $postgresql_database:
+        user     => $_postgresql_user,
+        encoding => 'utf8',
+        locale   => 'C.utf8',
+      }
     }
   }
 }

spec/classes/foreman_proxy__plugin__container_gateway_spec.rb

@@ -14,7 +14,7 @@
             ':enabled: https',
             ":pulp_endpoint: https://#{facts[:fqdn]}",
             ':sqlite_db_path: /var/lib/foreman-proxy/smart_proxy_container_gateway.db',
-            ':db_connection_string: postgres://:@:/container_gateway'
+            ':db_connection_string: postgres:///container_gateway'
           ])
         end
       end

templates/plugin/container_gateway.yml.erb

@@ -6,24 +6,17 @@
 <% if scope.lookupvar("foreman_proxy::plugin::container_gateway::sqlite_timeout") -%>
 :sqlite_timeout: <%= scope.lookupvar("foreman_proxy::plugin::container_gateway::sqlite_timeout") %>
 <% end -%>
-<% if scope.lookupvar('foreman_proxy::plugin::container_gateway::database_backend') == 'postgres' -%>
-:db_connection_string: <%= [
-  scope.lookupvar('foreman_proxy::plugin::container_gateway::database_backend'),
-  '://',
-  scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_user'),
-  ':',
-  scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_password'),
-  '@',
-  scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_host'),
-  ':',
-  scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_port'),
-  '/',
-  scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_database')
-].join %>
-<% end -%>
-<% if scope.lookupvar("foreman_proxy::plugin::container_gateway::database_backend") == 'sqlite' -%>
-:db_connection_string: <%=
-  "#{scope.lookupvar("foreman_proxy::plugin::container_gateway::database_backend")}://" \
-  "#{scope.lookupvar("foreman_proxy::plugin::container_gateway::sqlite_db_path")}"
-  %>
-<% end -%>
+<%-
+case scope.lookupvar('foreman_proxy::plugin::container_gateway::database_backend')
+when 'postgres'
+  uri = URI("postgres://")
+  uri.user = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_user')
+  uri.password = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_password')
+  uri.host = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_host')
+  uri.port = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_port')
+  uri.path = "/#{scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_database')}"
+when 'sqlite'
+  uri = "sqlite://#{scope.lookupvar('foreman_proxy::plugin::container_gateway::sqlite_db_path')}"
+end
+-%>
+:db_connection_string: <%= uri %>