There are puppet roles for setting up a postgresql server and adding users, but none for creating a database. (There is postgresql::spatialdb but that seems something very specialized.)
That's because we don't really need one. the postgresql::spatialdb is there more in order to make the database spatially enabled and less to create a database. We don't have puppet roles for creating databases in mysql/mariadb either. DBAs get to create the database manually as managing databases via puppet turns out to be a mess.
That being said, we usually keep the grants (at least for MySQL/MariaDB and we started doing it with Postgres) in an SQL script. For example: https://phabricator.wikimedia.org/diffusion/OPUP/browse/production/templates/maps/grants.sql.erb
Ideally, you should be able to tick a checkbox when provisioning a Labs instance and get a running application by the time the puppet run ends. It's reasonable to have more complex installation steps for a production service but for Labs things should just work.
(I don't know whether a puppet role is the right way to do that. If a simple exec rule running an SQL script is the preferred solution, feel free to close this.)
Well, that's a worthy goal, but having to execute a command wouldn't exactly destroy it. In any case, it can be made conditional in a variety of ways. The sanest is probably a flag looked up by hiera, defaulting to false and overriden to true in labs. I am not sure what exactly you refer to with a puppet role I 'll try and find time (or someone) to review.
I think a role is nicer than a command in that I don't have to google up pgsql syntax and figure out exactly what to put in the unless parameter, but I don't have strong feelings about it. (By puppet role I meant puppet resource type, sorry for the confusion.) I am leaving a note for myself on the patch to add a flag.