From 0abb0cee0a6a2ac673a767de7338f9fd720aa96f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Tue, 20 Jun 2023 15:38:33 +0200
Subject: Manage postgres password through hiera.

extlib::cache togetether with sensitive doesn't seem to work.
---
 data/common.yaml                | 2 ++
 manifests/concourse_complete.pp | 7 ++-----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/data/common.yaml b/data/common.yaml
index bf01ca0..c9ca652 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -6,3 +6,5 @@ lookup_options:
     convert_to: Sensitive
   profiles::concourse_complete::tsa_private_key:
     convert_to: Sensitive
+  profiles::concourse_complete::postgres_password:
+    convert_to: Sensitive
diff --git a/manifests/concourse_complete.pp b/manifests/concourse_complete.pp
index 4059124..ed4a9f1 100644
--- a/manifests/concourse_complete.pp
+++ b/manifests/concourse_complete.pp
@@ -10,6 +10,7 @@
 class profiles::concourse_complete (
   Sensitive[String] $session_signing_key,
   Sensitive[String] $tsa_private_key,
+  Sensitive[String] $postgres_password,
   String $tsa_public_key,
 ) {
   $cluster = 'default'
@@ -19,11 +20,7 @@ class profiles::concourse_complete (
       $cluster => {
         # Database settings
         'postgres_user'       => 'concourse',
-        'postgres_password'   => Sensitive(extlib::cache_data(
-          'profiles::concourse',
-          'postgres_password',
-          extlib::random_password(25)
-        )),
+        'postgres_password'   => $postgres_password,
         'db_name'             => "atc-${cluster}",
         # worker settings
         'external_domain'     => 'concourse.adrift.space',
-- 
cgit v1.2.3