From 5b3ec13355000edbe838f82375f28df86e352921 Mon Sep 17 00:00:00 2001
From: Tom Robinson <trobinso@yelp.com>
Date: Mon, 31 Jul 2017 11:53:11 -0700
Subject: [PATCH 1/3] Use curly brace syntax instead of ARRAY syntax for group
 members

---
 manifests/server/dbgroup.pp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/manifests/server/dbgroup.pp b/manifests/server/dbgroup.pp
index b043ca8072..9b5dffdb61 100644
--- a/manifests/server/dbgroup.pp
+++ b/manifests/server/dbgroup.pp
@@ -44,8 +44,8 @@
     require     => Class['Postgresql::Server'],
   }
 
-  postgresql_psql {"${title}: UPDATE pg_group SET grolist = ARRAY${groupmembers} WHERE groname = '${groupname}'":
-    command => "UPDATE pg_group SET grolist = ARRAY${groupmembers} WHERE groname = '${groupname}'",
-    unless => "SELECT 1 FROM pg_group WHERE groname = '${groupname}' AND grolist = ARRAY${groupmembers}",
+  postgresql_psql {"${title}: UPDATE pg_group SET grolist = '${groupmembers}' WHERE groname = '${groupname}'":
+    command => "UPDATE pg_group SET grolist = '${groupmembers}' WHERE groname = '${groupname}'",
+    unless => "SELECT 1 FROM pg_group WHERE groname = '${groupname}' AND grolist = '${groupmembers}'",
   }
 }
\ No newline at end of file

From b6865c8da7272d4467cc934d49fdac1436906ab9 Mon Sep 17 00:00:00 2001
From: Tom Robinson <trobinso@yelp.com>
Date: Mon, 31 Jul 2017 14:04:27 -0700
Subject: [PATCH 2/3] Update tests to apply the new array format

---
 manifests/server/dbgroup.pp              |  2 +-
 spec/unit/defines/server/dbgroup_spec.rb | 18 ++++++++----------
 spec/unit/defines/server/role_spec.rb    |  1 -
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/manifests/server/dbgroup.pp b/manifests/server/dbgroup.pp
index 9b5dffdb61..fcf5549fa5 100644
--- a/manifests/server/dbgroup.pp
+++ b/manifests/server/dbgroup.pp
@@ -2,7 +2,7 @@
 define postgresql::server::dbgroup(
   $db               = $postgresql::server::default_database,
   $port             = undef, 
-  $groupmembers     = [],
+  $groupmembers     = '{}',
   $groupname        = $title,
   $dialect          = $postgresql::server::dialect,
   $connect_settings = undef,
diff --git a/spec/unit/defines/server/dbgroup_spec.rb b/spec/unit/defines/server/dbgroup_spec.rb
index 8d30921225..71c0d6e2f7 100644
--- a/spec/unit/defines/server/dbgroup_spec.rb
+++ b/spec/unit/defines/server/dbgroup_spec.rb
@@ -33,11 +33,10 @@
         'port'        => "5432",
       })
     end
-    it 'should have update pg_group for test group with groupmembers as []' do
-      is_expected.to contain_postgresql_psql("test: UPDATE pg_group SET grolist = ARRAY[] WHERE groname = 'test'").with({
-        'command'     => "UPDATE pg_group SET grolist = ARRAY[] WHERE groname = 'test'",
-        'environment' => [],
-        'unless'      => "SELECT 1 FROM pg_group WHERE groname = 'test' AND grolist = ARRAY[]",
+    it 'should have update pg_group for test group with groupmembers as {}' do
+      is_expected.to contain_postgresql_psql("test: UPDATE pg_group SET grolist = '{}' WHERE groname = 'test'").with({
+        'command'     => "UPDATE pg_group SET grolist = '{}' WHERE groname = 'test'",
+        'unless'      => "SELECT 1 FROM pg_group WHERE groname = 'test' AND grolist = '{}'",
         'port'        => "5432",
       })
     end
@@ -51,7 +50,7 @@
   
     let :params do
       {
-        :groupmembers => ['testuser1', 'testuser2'],
+        :groupmembers => "{\"testuser1\", \"testuser2\"}",
       }
     end
 
@@ -65,10 +64,9 @@
       })
     end
     it 'should have update pg_group for test group with provided groupmembers' do
-      is_expected.to contain_postgresql_psql("test: UPDATE pg_group SET grolist = ARRAY[testuser1, testuser2] WHERE groname = 'test'").with({
-        'command'     => "UPDATE pg_group SET grolist = ARRAY[testuser1, testuser2] WHERE groname = 'test'",
-        'environment' => [],
-        'unless'      => "SELECT 1 FROM pg_group WHERE groname = 'test' AND grolist = ARRAY[testuser1, testuser2]",
+      is_expected.to contain_postgresql_psql("test: UPDATE pg_group SET grolist = '{\"testuser1\", \"testuser2\"}' WHERE groname = 'test'").with({
+        'command'     => "UPDATE pg_group SET grolist = '{\"testuser1\", \"testuser2\"}' WHERE groname = 'test'",
+        'unless'      => "SELECT 1 FROM pg_group WHERE groname = 'test' AND grolist = '{\"testuser1\", \"testuser2\"}'",
         'port'        => "5432",
       })
     end
diff --git a/spec/unit/defines/server/role_spec.rb b/spec/unit/defines/server/role_spec.rb
index 7df6a7264a..8b02660949 100644
--- a/spec/unit/defines/server/role_spec.rb
+++ b/spec/unit/defines/server/role_spec.rb
@@ -255,7 +255,6 @@
     it 'should have an alter statement to set PASSWORD DISABLE' do
       is_expected.to contain_postgresql_psql('test: ALTER USER "test" PASSWORD DISABLE').with({
         'command'     => "ALTER USER \"test\" PASSWORD DISABLE",
-        'environment' => [],
         'port'        => "5432",
       })
     end

From 150eea7bc4d0fcf890a1db80e262c57d161ee6d9 Mon Sep 17 00:00:00 2001
From: Tom Robinson <trobinso@yelp.com>
Date: Mon, 31 Jul 2017 16:57:41 -0700
Subject: [PATCH 3/3] Replace puppet array syntax with psql array syntax, thus
 allowing a puppet array to be passed as input. This makes the following
 assumptions:

1. A valid puppet array is passed in as input (input is trusted, not supplied by an external party)
2. Users do not contain special characters (such as commas or double quotes)
3. Array syntax from puppet is consistent with its runbook, in re, no square brackets, items appear in the array without surrounding quotes
---
 manifests/server/dbgroup.pp              | 16 ++++++++++++----
 spec/unit/defines/server/dbgroup_spec.rb |  2 +-
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/manifests/server/dbgroup.pp b/manifests/server/dbgroup.pp
index fcf5549fa5..5db2696915 100644
--- a/manifests/server/dbgroup.pp
+++ b/manifests/server/dbgroup.pp
@@ -2,7 +2,7 @@
 define postgresql::server::dbgroup(
   $db               = $postgresql::server::default_database,
   $port             = undef, 
-  $groupmembers     = '{}',
+  $groupmembers     = [],
   $groupname        = $title,
   $dialect          = $postgresql::server::dialect,
   $connect_settings = undef,
@@ -23,6 +23,14 @@
     $port_override = $postgresql::server::port
   }
 
+  #
+  # Group members, converted to a string acceptable by psql
+  # [user1, user2] to {"user1", "user2"}
+  #
+  $groupmembers_braces = regsubst("${groupmembers}", '^\[(.*)\]$', '{"\1"}')
+  $groupmembers_strip_empty_array = regsubst("${groupmembers_braces}", '^{""}$', '{}')
+  $groupmembers_psql = regsubst("${groupmembers_strip_empty_array}", ', ', '", "', 'G')
+
   Postgresql_psql {
     db         => $db,
     port       => $port_override,
@@ -44,8 +52,8 @@
     require     => Class['Postgresql::Server'],
   }
 
-  postgresql_psql {"${title}: UPDATE pg_group SET grolist = '${groupmembers}' WHERE groname = '${groupname}'":
-    command => "UPDATE pg_group SET grolist = '${groupmembers}' WHERE groname = '${groupname}'",
-    unless => "SELECT 1 FROM pg_group WHERE groname = '${groupname}' AND grolist = '${groupmembers}'",
+  postgresql_psql {"${title}: UPDATE pg_group SET grolist = '${groupmembers_psql}' WHERE groname = '${groupname}'":
+    command => "UPDATE pg_group SET grolist = '${groupmembers_psql}' WHERE groname = '${groupname}'",
+    unless => "SELECT 1 FROM pg_group WHERE groname = '${groupname}' AND grolist = '${groupmembers_psql}'",
   }
 }
\ No newline at end of file
diff --git a/spec/unit/defines/server/dbgroup_spec.rb b/spec/unit/defines/server/dbgroup_spec.rb
index 71c0d6e2f7..2ae879628c 100644
--- a/spec/unit/defines/server/dbgroup_spec.rb
+++ b/spec/unit/defines/server/dbgroup_spec.rb
@@ -50,7 +50,7 @@
   
     let :params do
       {
-        :groupmembers => "{\"testuser1\", \"testuser2\"}",
+        :groupmembers => ['testuser1', 'testuser2'],
       }
     end