From 3a037a59935002729dfe7da742721111956eaf0b Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 14 Dec 2020 00:39:38 +0200
Subject: [PATCH] Ensure additional databases contain all the keys that we
 expect

---
 .../tasks/util/create_additional_database.yml             | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/roles/matrix-postgres/tasks/util/create_additional_database.yml b/roles/matrix-postgres/tasks/util/create_additional_database.yml
index 2da505eb..a994cc26 100644
--- a/roles/matrix-postgres/tasks/util/create_additional_database.yml
+++ b/roles/matrix-postgres/tasks/util/create_additional_database.yml
@@ -1,6 +1,12 @@
 ---
 
-# TODO - ensure `additional_db` contains all keys that we expect
+# It'd be better if this is belonged to `validate_config.yml`, but it would have to be some loop-within-a-loop there,
+# and that's ugly. We also don't expect this to catch errors often. It's more of a defensive last-minute check.
+- name: Fail if additional database data appears invalid
+  fail:
+    msg: "Additional database definition ({{ additional_db }} lacks a required key: {{ item }}"
+  when: "item not in additional_db"
+  with_items: "{{ ['name', 'username', 'pass'] }}"
 
 # The SQL statements that we'll run against Postgres are stored in a file that others can't read.
 # This file will be mounted into the container and fed to Postgres.