Support Postgres DSN that contains no password

Allow the Postgres connection DNS to contain no password which can be needed in situations like with Cloud SQL.

README.md

@@ -686,6 +686,8 @@ class { 'sensu::backend':
 }
 ```
 
+**NOTE** Set `postgresql_password` to `false` if you want the DSN to only contain a username.
+
 ### Installing Plugins
 
 Plugin management is handled by the `sensu::plugins` class.

manifests/backend.pp

@@ -153,7 +153,7 @@
   Boolean $manage_postgresql_db = true,
   String $postgresql_name = 'postgresql',
   String $postgresql_user = 'sensu',
-  String $postgresql_password = 'changeme',
+  Variant[String, Boolean] $postgresql_password = 'changeme',
   Stdlib::Host $postgresql_host = 'localhost',
   Stdlib::Port $postgresql_port = 5432,
   String $postgresql_dbname = 'sensu',

manifests/backend/datastore/postgresql.pp

@@ -7,11 +7,16 @@
 
   $user = $sensu::backend::postgresql_user
   $password = $sensu::backend::postgresql_password
+  if ! $password {
+    $password_dsn = '' # lint:ignore:empty_string_assignment
+  } else {
+    $password_dsn = ":${password}"
+  }
   $host = $sensu::backend::postgresql_host
   $port = $sensu::backend::postgresql_port
   $dbname = $sensu::backend::postgresql_dbname
   $sslmode = $sensu::backend::postgresql_sslmode
-  $dsn = "postgresql://${user}:${password}@${host}:${port}/${dbname}?sslmode=${sslmode}"
+  $dsn = "postgresql://${user}${password_dsn}@${host}:${port}/${dbname}?sslmode=${sslmode}"
 
   sensu_postgres_config { $sensu::backend::postgresql_name:
     ensure             => $sensu::backend::datastore_ensure,
@@ -25,9 +30,14 @@
   }
 
   if $sensu::backend::manage_postgresql_db and $sensu::backend::datastore_ensure == 'present' {
+    if ! $password {
+      $db_password = undef
+    } else {
+      $db_password = postgresql::postgresql_password($user, $password)
+    }
     postgresql::server::db { $dbname:
       user     => $user,
-      password => postgresql::postgresql_password($user, $password),
+      password => $db_password,
       before   => Sensu_postgres_config[$sensu::backend::postgresql_name],
     }
   }

spec/classes/backend_datastore_postgresql_spec.rb

@@ -52,7 +52,25 @@ class { 'sensu::backend': }
       it { should_not contain_file('sensu-backend postgresql_crl') }
       it { should_not contain_file('sensu-backend postgresql_cert') }
       it { should_not contain_file('sensu-backend postgresql_key') }
-
+
+      context 'with an empty password' do
+        let(:pre_condition) do
+          <<-EOS
+          class { '::postgresql::globals': version => '11' }
+          class { '::postgresql::server': }
+          class { 'sensu::backend': postgresql_password => false }
+          EOS
+        end
+
+        it do
+          should contain_sensu_postgres_config('postgresql').with({
+            :ensure    => 'present',
+            :dsn       => sensitive('postgresql://sensu@localhost:5432/sensu?sslmode=require'),
+            :pool_size => '20',
+          })
+        end
+      end
+
       context 'sslmode defined' do
         let(:pre_condition) do
           <<-EOS