From 87d838f8be544f6961fb43aa772f72f9b766500f Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Thu, 2 Oct 2025 14:14:30 +0200 Subject: [PATCH] add role management - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/239 --- .vscode/settings.json | 1 + manifests/params.pp | 2 ++ manifests/server/roles/role_df.pp | 33 +++++++++++++++++++++++++++ templates/server/roles/role.sql.erb | 1 + templates/server/roles/unless_sql.erb | 1 + 5 files changed, 38 insertions(+) create mode 100644 manifests/server/roles/role_df.pp create mode 100644 templates/server/roles/role.sql.erb create mode 100644 templates/server/roles/unless_sql.erb diff --git a/.vscode/settings.json b/.vscode/settings.json index 5bf56fa..87311dd 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -47,6 +47,7 @@ "tablespaces", "tidscan", "timezonesets", + "usename", "walsender", "writethrough", "xacts", diff --git a/manifests/params.pp b/manifests/params.pp index 5177ffc..724ede5 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -18,6 +18,7 @@ # @param [String] pl_server_crt the name of the server cert # @param [String] pl_server_key the name of the server key # @param [String] pl_ca_crt the name of the CA crt +# @param [Boolean] pl_manage_roles Whether to manage roles # @summary Class contains all parameters for the postgresql_cd module. ############################################################################## class postgresql_cd::params ( @@ -43,6 +44,7 @@ class postgresql_cd::params ( String $pl_server_crt = 'server.crt', String $pl_server_key = 'server.key', String $pl_ca_crt = 'root.crt', + Boolean $pl_manage_roles = true, ) { $fqdn = $facts['networking']['fqdn'] diff --git a/manifests/server/roles/role_df.pp b/manifests/server/roles/role_df.pp new file mode 100644 index 0000000..9bca733 --- /dev/null +++ b/manifests/server/roles/role_df.pp @@ -0,0 +1,33 @@ +## postgresql_cd::server::roles::role_df +# Module name: postgresql_cd +# Author: Arne Teuke (arne_teuke@confdroid.com) + +# @summary define manages databases +# @see https://www.postgresql.org/docs/9.6/static/managing-databases.html +# @param [string] pl_role_name the name of the role to be created. +# @param [string] pl_role_pw the password to be created +# @param [string] pl_role_attributes attributes for the role to be created +# @param [string] pl_role_status what to do with the role +############################################################################## +define postgresql_cd::server::roles::role_df ( + + Optional[String] $pl_role_name = undef, + Optional[String] $pl_role_pw = undef, + String $pl_role_attributes = 'LOGIN', + String $pl_role_status = 'CREATE ROLE', + +) { + $pl_manage_roles = $postgresql_cd::params::pl_manage_roles + + if $pl_manage_roles == true { + # create the role + + exec { "role_${name}": + command => template('postgresql_cd/server/roles/role.sql.erb'), + user => 'postgres', + path => ['/usr/bin','/bin'], + cwd => '/tmp', + unless => template('postgresql_cd/server/roles/unless_sql.erb'), + } + } +} diff --git a/templates/server/roles/role.sql.erb b/templates/server/roles/role.sql.erb new file mode 100644 index 0000000..4667473 --- /dev/null +++ b/templates/server/roles/role.sql.erb @@ -0,0 +1 @@ +psql -U postgres -c "<%= @pl_role_status %> <%= @pl_role_name %> WITH <%= @pl_role_attributes %> PASSWORD '<%= @pl_role_pw %>'" diff --git a/templates/server/roles/unless_sql.erb b/templates/server/roles/unless_sql.erb new file mode 100644 index 0000000..e288881 --- /dev/null +++ b/templates/server/roles/unless_sql.erb @@ -0,0 +1 @@ +psql -U postgres -c "SELECT usename FROM pg_user WHERE usename='<%= @pl_role_name %>' " | grep -o 1