confdroid/confdroid_postgresql
3
0
Fork 0
Code Wiki Activity

add role management - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/239

Browse Source
This commit is contained in:
Arne Teuke
2025-10-02 14:14:30 +02:00
parent ee67aaa26c
commit 87d838f8be
5 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.vscode/settings.json vendored
View File

@@ -47,6 +47,7 @@
"tablespaces", "tablespaces",
"tidscan", "tidscan",
"timezonesets", "timezonesets",
"usename",
"walsender", "walsender",
"writethrough", "writethrough",
"xacts", "xacts",

2
manifests/params.pp
View File

@@ -18,6 +18,7 @@
# @param [String] pl_server_crt the name of the server cert # @param [String] pl_server_crt the name of the server cert
# @param [String] pl_server_key the name of the server key # @param [String] pl_server_key the name of the server key
# @param [String] pl_ca_crt the name of the CA crt # @param [String] pl_ca_crt the name of the CA crt
# @param [Boolean] pl_manage_roles Whether to manage roles
# @summary Class contains all parameters for the postgresql_cd module. # @summary Class contains all parameters for the postgresql_cd module.
############################################################################## ##############################################################################
class postgresql_cd::params ( class postgresql_cd::params (
@@ -43,6 +44,7 @@ class postgresql_cd::params (
String $pl_server_crt = 'server.crt', String $pl_server_crt = 'server.crt',
String $pl_server_key = 'server.key', String $pl_server_key = 'server.key',
String $pl_ca_crt = 'root.crt', String $pl_ca_crt = 'root.crt',
Boolean $pl_manage_roles = true,
) { ) {
$fqdn = $facts['networking']['fqdn'] $fqdn = $facts['networking']['fqdn']

33
manifests/server/roles/role_df.pp Normal file
View File

@@ -0,0 +1,33 @@
## postgresql_cd::server::roles::role_df
# Module name: postgresql_cd
# Author: Arne Teuke (arne_teuke@confdroid.com)
# @summary define manages databases
# @see https://www.postgresql.org/docs/9.6/static/managing-databases.html
# @param [string] pl_role_name the name of the role to be created.
# @param [string] pl_role_pw the password to be created
# @param [string] pl_role_attributes attributes for the role to be created
# @param [string] pl_role_status what to do with the role
##############################################################################
define postgresql_cd::server::roles::role_df (
Optional[String] $pl_role_name = undef,
Optional[String] $pl_role_pw = undef,
String $pl_role_attributes = 'LOGIN',
String $pl_role_status = 'CREATE ROLE',
) {
$pl_manage_roles = $postgresql_cd::params::pl_manage_roles
if $pl_manage_roles == true {
# create the role
exec { "role_${name}":
command => template('postgresql_cd/server/roles/role.sql.erb'),
user => 'postgres',
path => ['/usr/bin','/bin'],
cwd => '/tmp',
unless => template('postgresql_cd/server/roles/unless_sql.erb'),
}
}
}

1
templates/server/roles/role.sql.erb Normal file
View File

@@ -0,0 +1 @@
psql -U postgres -c "<%= @pl_role_status %> <%= @pl_role_name %> WITH <%= @pl_role_attributes %> PASSWORD '<%= @pl_role_pw %>'"

1
templates/server/roles/unless_sql.erb Normal file
View File

@@ -0,0 +1 @@
psql -U postgres -c "SELECT usename FROM pg_user WHERE usename='<%= @pl_role_name %>' " | grep -o 1