move from liamstask/goose to pressly/goose

0fb71e1b · Fabien Combernous · 6ad62d15 · 0fb71e1b · 0fb71e1b · 0fb71e1b
Commit 0fb71e1b authored 2 years ago by Fabien Combernous
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -16,7 +16,7 @@

 #### Private Classes

-* `cfssl::goose`: Install a database migration tool used by CFSSL
+* `cfssl::goose`: Installs Goose, a database migration tool used by CFSSL

 ### Defined types


--- a/manifests/goose.pp
+++ b/manifests/goose.pp
-# @summary Install a database migration tool used by CFSSL
+# @summary Installs Goose, a database migration tool used by CFSSL
 #
-# Install a database migration tool used by CFSSL
+# Installs Goose, a database migration tool used by CFSSL
 #
 # @example
 #   include cfssl::goose
@@ -9,20 +9,19 @@
 #
 class cfssl::goose {
  assert_private()
-  # stuffs for goose : a database migration tool used by CFSSL
-  package { $cfssl::params::go_package:
-    ensure => present,
+
+  archive { "${cfssl::binpath}/goose" :
+    ensure          => present,
+    source          => $cfssl::params::goose_downloadurl,
+    checksum_verify => true,
+    checksum_type   => $cfssl::params::goose_checksumtype,
+    checksum        => $cfssl::params::goose_checksum,
  }
-  -> file { '/usr/local/bin/go':
-    ensure => link,
-    target => $cfssl::params::go_targetlink,
-  }
-  -> exec { 'install goose':
-    command     => '/usr/local/bin/go install bitbucket.org/liamstask/goose/cmd/goose@latest',
-    creates     => "/home/${cfssl::sysuser}/go/bin/goose",
-    user        => $cfssl::sysuser,
-    environment => ["HOME=/home/${cfssl::sysuser}"],
-    cwd         => '/tmp',
-    require     => User[$cfssl::sysuser],
+  -> file { "${cfssl::binpath}/goose" :
+    ensure  => file,
+    mode    => '0700',
+    owner   => $cfssl::sysuser,
+    group   => $cfssl::sysgroup,
+    require => User[$cfssl::sysuser],
  }
 }
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -78,6 +78,11 @@ class cfssl (
  include postgresql::server

  $_goose_cfssldbmigrate_path = "/home/${cfssl::sysuser}/goose-cfssldbmigrate"
+  $_dbpassword_unsensitive = if $dbpassword =~ Sensitive[String] {
+    $dbpassword.unwrap
+  } else {
+    $dbpassword
+  }

  group { $sysgroup :
    ensure => present,
@@ -157,19 +162,16 @@ class cfssl (
    revision => "v${version}",
    user     => $sysuser,
  }
-  -> file { "${_goose_cfssldbmigrate_path}/certdb/pg/dbconf.yml":
-    ensure  => file,
-    mode    => '0600',
-    owner   => $sysuser,
-    group   => $sysgroup,
-    content => epp('cfssl/goose-dbconf.yml.epp'),
-  }

  exec { 'goose pg up':
-    command     => "/home/${sysuser}/go/bin/goose --env puppetmigrate -path ${_goose_cfssldbmigrate_path}/certdb/pg up",
+    command     => "${binpath}/goose postgres \"host=localhost user=${cfssl::dbuser} password='\$DBPASSWORD' dbname=${cfssl::dbname} sslmode=disable\" up",
    user        => $sysuser,
-    environment => ["HOME=/home/${sysuser}/"],
-    onlyif      => "/home/${sysuser}/go/bin/goose --env puppetmigrate -path ${_goose_cfssldbmigrate_path}/certdb/pg status | grep -q 'Pending'",
+    environment => [
+      "HOME=/home/${sysuser}/",
+      "DBPASSWORD=${_dbpassword_unsensitive}",
+    ],
+    cwd         => "${_goose_cfssldbmigrate_path}/certdb/pg/migrations",
+    onlyif      => "${binpath}/goose postgres \"host=localhost user=${cfssl::dbuser} password='\$DBPASSWORD' dbname=${cfssl::dbname} sslmode=disable\" status 2>&1 | grep -q 'Pending'",
    require     => [
      User[$sysuser],
      Vcsrepo[$_goose_cfssldbmigrate_path],

--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -10,18 +10,7 @@ class cfssl::params {
  $db_config_json = 'db-config.json'
  $systemd_unitdir = '/etc/systemd/system'
  $systemd_unit_file = "${systemd_unitdir}/cfssl.service"
-
-  case $facts['os']['release']['major'] {
-    '20.04':  {
-      $go_package = 'golang-1.16-go'
-      $go_targetlink = '/usr/lib/go-1.16/bin/go'
-    }
-    '22.04':  {
-      $go_package = 'golang-1.17-go'
-      $go_targetlink = '/usr/lib/go-1.17/bin/go'
-    }
-    default:  {
-      fail("${module_name} does not support OS ${facts['os']['name']}-${facts['os']['release']['major']}")
-    }
-  }
+  $goose_downloadurl = 'https://github.com/pressly/goose/releases/download/v3.7.0/goose_linux_x86_64'
+  $goose_checksumtype = 'sha256'
+  $goose_checksum = 'd3b6b90af96e898c8a7e6c7b4fd45d04b994ca2f7fa4a6f66ef0fccfe31818df'
 }