add role management - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/239

manifests/params.pp

@@ -18,6 +18,7 @@
 # @param [String] pl_server_crt the name of the server cert
 # @param [String] pl_server_key the name of the server key
 # @param [String] pl_ca_crt the name of the CA  crt
+# @param [Boolean] pl_manage_roles Whether to manage roles
 # @summary Class contains all parameters for the postgresql_cd module.
 ##############################################################################
 class postgresql_cd::params (
@@ -43,6 +44,7 @@ class postgresql_cd::params (
   String $pl_server_crt           = 'server.crt',
   String $pl_server_key           = 'server.key',
   String $pl_ca_crt               = 'root.crt',
+  Boolean $pl_manage_roles        = true,
 
 ) {
   $fqdn                     = $facts['networking']['fqdn']

manifests/server/roles/role_df.pp

@@ -0,0 +1,33 @@
+## postgresql_cd::server::roles::role_df
+# Module name: postgresql_cd
+# Author: Arne Teuke (arne_teuke@confdroid.com)
+
+# @summary define manages databases
+# @see https://www.postgresql.org/docs/9.6/static/managing-databases.html
+# @param [string] pl_role_name the name of the role to be created.
+# @param [string] pl_role_pw the password to be created
+# @param [string] pl_role_attributes  attributes for the role to be created
+# @param [string] pl_role_status what to do with the role
+##############################################################################
+define postgresql_cd::server::roles::role_df (
+
+  Optional[String] $pl_role_name      = undef,
+  Optional[String] $pl_role_pw        = undef,
+  String $pl_role_attributes          = 'LOGIN',
+  String $pl_role_status              = 'CREATE ROLE',
+
+) {
+  $pl_manage_roles  = $postgresql_cd::params::pl_manage_roles
+
+  if $pl_manage_roles == true {
+    # create the role
+
+    exec { "role_${name}":
+      command => template('postgresql_cd/server/roles/role.sql.erb'),
+      user    => 'postgres',
+      path    => ['/usr/bin','/bin'],
+      cwd     => '/tmp',
+      unless  => template('postgresql_cd/server/roles/unless_sql.erb'),
+    }
+  }
+}