From 8182b73f5c762dcd87149ef51b26fc5e051391b8 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Thu, 18 Jan 2024 14:55:14 +0200
Subject: [PATCH] cloud: Deploy pgpass when changed

---
 kcidb/cloud/password.sh | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/kcidb/cloud/password.sh b/kcidb/cloud/password.sh
index 3173df46..563014c6 100644
--- a/kcidb/cloud/password.sh
+++ b/kcidb/cloud/password.sh
@@ -261,15 +261,27 @@ function password_deploy_pgpass_secret() {
         password_names+=("$1")
         shift 2
     done
+    declare new_pgpass
     declare exists
+
+    # Generate the (potentially) new pgpass with cached passwords
+    new_pgpass="$(password_get_pgpass "${password_and_user_names[@]}")"
+
+    # If the secret already exists
     exists=$(secret_exists "$project" "$pgpass_secret")
-    if ! "$exists" || password_is_specified "${password_names[@]}"; then
-        # Cache the passwords in the current shell
-        password_get_pgpass "${password_and_user_names[@]}" > /dev/null
-        # Generate and deploy the .pgpass
-        password_get_pgpass "${password_and_user_names[@]}" |
-            secret_deploy "$project" "$pgpass_secret"
+    if "$exists"; then
+        declare old_pgpass
+        # Retrieve the current pgpass
+        old_pgpass="$(secret_get "$project" "$pgpass_secret")"
+        # If the pgpass hasn't changed
+        if [ "$new_pgpass" == "$old_pgpass" ]; then
+            # Don't deploy
+            return
+        fi
     fi
+
+    # Deploy the .pgpass
+    secret_deploy "$project" "$pgpass_secret" <<<"$new_pgpass"
 }
 
 fi # _PASSWORD_SH