From db02f94a21817a2649828889094113792efe5228 Mon Sep 17 00:00:00 2001
From: Andrew Moore <mooreandrew@gmail.com>
Date: Wed, 18 Dec 2024 15:53:22 +0000
Subject: [PATCH] Role Valid Until Date

This allows for the valid until attribute to be set on roles.
---
 manifests/server/role.pp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/manifests/server/role.pp b/manifests/server/role.pp
index 1b37ce282c..6103c19ac2 100644
--- a/manifests/server/role.pp
+++ b/manifests/server/role.pp
@@ -35,6 +35,7 @@
   Boolean                                     $inherit          = true,
   Boolean                                     $superuser        = false,
   Boolean                                     $replication      = false,
+  Optional[String[1]]                         $valid_until      = undef,
   String[1]                                   $connection_limit = '-1',
   String[1]                                   $username         = $title,
   Hash                                        $connect_settings = $postgresql::server::default_connect_settings,
@@ -126,6 +127,12 @@
       unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolinherit = ${inherit}",
     }
 
+    if $valid_until {
+      postgresql_psql { "ALTER ROLE \"${username}\" VALID UNTIL '${valid_until}'":
+        unless => "SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolvaliduntil = '${valid_until}'",
+      }
+    }
+
     if(versioncmp($version, '9.1') >= 0) {
       if $replication_sql == '' {
         postgresql_psql { "ALTER ROLE \"${username}\" NOREPLICATION":