add role management - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/239

2025-10-02 14:14:30 +02:00
parent ee67aaa26c
commit 87d838f8be
5 changed files with 38 additions and 0 deletions
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -47,6 +47,7 @@
        "tablespaces",
        "tidscan",
        "timezonesets",
+        "usename",
        "walsender",
        "writethrough",
        "xacts",
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -18,6 +18,7 @@
 # @param [String] pl_server_crt the name of the server cert
 # @param [String] pl_server_key the name of the server key
 # @param [String] pl_ca_crt the name of the CA  crt
+# @param [Boolean] pl_manage_roles Whether to manage roles
 # @summary Class contains all parameters for the postgresql_cd module.
 ##############################################################################
 class postgresql_cd::params (
@@ -43,6 +44,7 @@ class postgresql_cd::params (
  String $pl_server_crt           = 'server.crt',
  String $pl_server_key           = 'server.key',
  String $pl_ca_crt               = 'root.crt',
+  Boolean $pl_manage_roles        = true,

 ) {
  $fqdn                     = $facts['networking']['fqdn']
--- a/manifests/server/roles/role_df.pp
+++ b/manifests/server/roles/role_df.pp
@@ -0,0 +1,33 @@
+## postgresql_cd::server::roles::role_df
+# Module name: postgresql_cd
+# Author: Arne Teuke (arne_teuke@confdroid.com)
+
+# @summary define manages databases
+# @see https://www.postgresql.org/docs/9.6/static/managing-databases.html
+# @param [string] pl_role_name the name of the role to be created.
+# @param [string] pl_role_pw the password to be created
+# @param [string] pl_role_attributes  attributes for the role to be created
+# @param [string] pl_role_status what to do with the role
+##############################################################################
+define postgresql_cd::server::roles::role_df (
+
+  Optional[String] $pl_role_name      = undef,
+  Optional[String] $pl_role_pw        = undef,
+  String $pl_role_attributes          = 'LOGIN',
+  String $pl_role_status              = 'CREATE ROLE',
+
+) {
+  $pl_manage_roles  = $postgresql_cd::params::pl_manage_roles
+
+  if $pl_manage_roles == true {
+    # create the role
+
+    exec { "role_${name}":
+      command => template('postgresql_cd/server/roles/role.sql.erb'),
+      user    => 'postgres',
+      path    => ['/usr/bin','/bin'],
+      cwd     => '/tmp',
+      unless  => template('postgresql_cd/server/roles/unless_sql.erb'),
+    }
+  }
+}
--- a/templates/server/roles/role.sql.erb
+++ b/templates/server/roles/role.sql.erb
@@ -0,0 +1 @@
+psql -U postgres -c "<%= @pl_role_status %> <%= @pl_role_name %> WITH <%= @pl_role_attributes %>  PASSWORD '<%= @pl_role_pw %>'"
--- a/templates/server/roles/unless_sql.erb
+++ b/templates/server/roles/unless_sql.erb
@@ -0,0 +1 @@
+psql -U postgres -c  "SELECT usename FROM pg_user WHERE usename='<%= @pl_role_name %>' " | grep -o 1
				`@@ -0,0 +1 @@`
				`psql -U postgres -c "<%= @pl_role_status %> <%= @pl_role_name %> WITH <%= @pl_role_attributes %> PASSWORD '<%= @pl_role_pw %>'"`
				`@@ -0,0 +1 @@`
				`psql -U postgres -c "SELECT usename FROM pg_user WHERE usename='<%= @pl_role_name %>' " \| grep -o 1`