X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=3rdparty%2Fmodules%2Fpostgresql%2Fmanifests%2Frole.pp;fp=3rdparty%2Fmodules%2Fpostgresql%2Fmanifests%2Frole.pp;h=ccada6b70bca44e527d276eb3fad0840fd16e821;hb=a29c0d1b4d2420aeb3ef6acf66feb00709dd2652;hp=0000000000000000000000000000000000000000;hpb=d98d8ae49a60547132c555f3669f3b9ae6a666bd;p=mirror%2Fdsa-puppet.git diff --git a/3rdparty/modules/postgresql/manifests/role.pp b/3rdparty/modules/postgresql/manifests/role.pp new file mode 100644 index 000000000..ccada6b70 --- /dev/null +++ b/3rdparty/modules/postgresql/manifests/role.pp @@ -0,0 +1,87 @@ +# puppet-postgresql +# For all details and documentation: +# http://github.com/inkling/puppet-postgresql +# +# Copyright 2012- Inkling Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +define postgresql::role( + $password_hash = false, + $createdb = false, + $createrole = false, + $db = 'postgres', + $login = false, + $superuser = false, + $replication = false, + $connection_limit = '-1', + $username = $title +) { + include postgresql::params + + $login_sql = $login ? { true => 'LOGIN' , default => 'NOLOGIN' } + $createrole_sql = $createrole ? { true => 'CREATEROLE' , default => 'NOCREATEROLE' } + $createdb_sql = $createdb ? { true => 'CREATEDB' , default => 'NOCREATEDB' } + $superuser_sql = $superuser ? { true => 'SUPERUSER' , default => 'NOSUPERUSER' } + $replication_sql = $replication ? { true => 'REPLICATION' , default => '' } + if ($password_hash != false) { + $password_sql = "ENCRYPTED PASSWORD '${password_hash}'" + } else { + $password_sql = "" + } + + Postgresql_psql { + db => $db, + psql_user => $postgresql::params::user, + psql_group => $postgresql::params::group, + psql_path => $postgresql::params::psql_path, + require => Postgresql_psql["CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}"], + } + + postgresql_psql {"CREATE ROLE \"${username}\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}'", + require => undef, + } + + postgresql_psql {"ALTER ROLE \"${username}\" ${superuser_sql}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolsuper=${superuser}", + } + + postgresql_psql {"ALTER ROLE \"${username}\" ${createdb_sql}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcreatedb=${createdb}", + } + + postgresql_psql {"ALTER ROLE \"${username}\" ${createrole_sql}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcreaterole=${createrole}", + } + + postgresql_psql {"ALTER ROLE \"${username}\" ${login_sql}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcanlogin=${login}", + } + + if(versioncmp($postgresql::params::version, '9.1') >= 0) { + postgresql_psql {"ALTER ROLE \"${username}\" ${replication_sql}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolreplication=${replication}", + } + } + + postgresql_psql {"ALTER ROLE \"${username}\" CONNECTION LIMIT ${connection_limit}": + unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolconnlimit=${connection_limit}", + } + + if $password_hash { + postgresql_psql {"ALTER ROLE \"${username}\" ${password_sql}": + unless => "SELECT usename FROM pg_shadow WHERE usename='${username}' and passwd='${password_hash}'", + } + } +}