defined type for creating database schemas
This defined type helps create database schemas, and assign them to an `owner`. It is closely modeled after Postgresql::Server::Tablespace. It uses PostgreSQL's builtin IF NOT EXISTS to guarantee idempotency. (>= 9.3, else it checks pg_namespace). n.b.: This defined type *requires* that a `db` is passed. This is a concious design decision, since we find it rather useless to create such schemas in the default `postgres` database, and if *were* useful, one can always "over-specify". This addresses MODULES-1098.
This commit is contained in:
parent
327c7e9cd9
commit
324c291b3f
4 changed files with 161 additions and 0 deletions
24
README.md
24
README.md
|
@ -241,6 +241,7 @@ Resources:
|
||||||
* [postgresql::server::database_grant](#resource-postgresqlserverdatabasegrant)
|
* [postgresql::server::database_grant](#resource-postgresqlserverdatabasegrant)
|
||||||
* [postgresql::server::pg_hba_rule](#resource-postgresqlserverpghbarule)
|
* [postgresql::server::pg_hba_rule](#resource-postgresqlserverpghbarule)
|
||||||
* [postgresql::server::role](#resource-postgresqlserverrole)
|
* [postgresql::server::role](#resource-postgresqlserverrole)
|
||||||
|
* [postgresql::server::schema](#resource-postgresqlserverschema)
|
||||||
* [postgresql::server::table_grant](#resource-postgresqlservertablegrant)
|
* [postgresql::server::table_grant](#resource-postgresqlservertablegrant)
|
||||||
* [postgresql::server::tablespace](#resource-postgresqlservertablespace)
|
* [postgresql::server::tablespace](#resource-postgresqlservertablespace)
|
||||||
* [postgresql::validate_db_connection](#resource-postgresqlvalidatedbconnection)
|
* [postgresql::validate_db_connection](#resource-postgresqlvalidatedbconnection)
|
||||||
|
@ -735,6 +736,29 @@ Specifies how many concurrent connections the role can make. Defaults to `-1` me
|
||||||
####`username`
|
####`username`
|
||||||
The username of the role to create, defaults to `namevar`.
|
The username of the role to create, defaults to `namevar`.
|
||||||
|
|
||||||
|
###Resource: postgresql::server::schema
|
||||||
|
This defined type can be used to create a schema. For example:
|
||||||
|
|
||||||
|
postgresql::server::schema { 'isolated':
|
||||||
|
owner => 'jane',
|
||||||
|
db => 'janedb',
|
||||||
|
}
|
||||||
|
|
||||||
|
It will create the schema `jane` in the database `janedb` if neccessary,
|
||||||
|
assigning the user `jane` ownership permissions.
|
||||||
|
|
||||||
|
####`namevar`
|
||||||
|
The schema name to create.
|
||||||
|
|
||||||
|
###`db`
|
||||||
|
Name of the database in which to create this schema. This must be passed.
|
||||||
|
|
||||||
|
####`owner`
|
||||||
|
The default owner of the schema.
|
||||||
|
|
||||||
|
####`schema`
|
||||||
|
Name of the schma. Defaults to `namevar`.
|
||||||
|
|
||||||
|
|
||||||
###Resource: postgresql::server::table\_grant
|
###Resource: postgresql::server::table\_grant
|
||||||
This defined type manages grant based access privileges for users. Consult the PostgreSQL documentation for `grant` for more information.
|
This defined type manages grant based access privileges for users. Consult the PostgreSQL documentation for `grant` for more information.
|
||||||
|
|
44
manifests/server/schema.pp
Normal file
44
manifests/server/schema.pp
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
# This defined types creates database schemas. See README.md for more details.
|
||||||
|
define postgresql::server::schema(
|
||||||
|
$db,
|
||||||
|
$owner = undef,
|
||||||
|
$schema = $title,
|
||||||
|
) {
|
||||||
|
$user = $postgresql::server::user
|
||||||
|
$group = $postgresql::server::group
|
||||||
|
$port = $postgresql::server::port
|
||||||
|
$psql_path = $postgresql::server::psql_path
|
||||||
|
$version = $postgresql::server::version
|
||||||
|
|
||||||
|
Postgresql_psql {
|
||||||
|
db => $db,
|
||||||
|
psql_user => $user,
|
||||||
|
psql_group => $group,
|
||||||
|
psql_path => $psql_path,
|
||||||
|
port => $port,
|
||||||
|
}
|
||||||
|
|
||||||
|
$schema_title = "Create Schema '${schema}'"
|
||||||
|
$authorization = $owner? {
|
||||||
|
undef => '',
|
||||||
|
default => "AUTHORIZATION \"${owner}\"",
|
||||||
|
}
|
||||||
|
|
||||||
|
if(versioncmp($version, '9.3') >= 0) {
|
||||||
|
$schema_command = "CREATE SCHEMA IF NOT EXISTS \"${schema}\" ${authorization}"
|
||||||
|
$unless = undef
|
||||||
|
} else {
|
||||||
|
$schema_command = "CREATE SCHEMA \"${schema}\" ${authorization}"
|
||||||
|
$unless = "SELECT nspname FROM pg_namespace WHERE nspname='${schema}'"
|
||||||
|
}
|
||||||
|
|
||||||
|
postgresql_psql { $schema_title:
|
||||||
|
command => $schema_command,
|
||||||
|
unless => $unless,
|
||||||
|
require => Class['postgresql::server'],
|
||||||
|
}
|
||||||
|
|
||||||
|
if($owner != undef and defined(Postgresql::Server::Role[$owner])) {
|
||||||
|
Postgresql::Server::Role[$owner]->Postgresql_psql[$schema_title]
|
||||||
|
}
|
||||||
|
}
|
61
spec/acceptance/server/schema_spec.rb
Normal file
61
spec/acceptance/server/schema_spec.rb
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
require 'spec_helper_acceptance'
|
||||||
|
|
||||||
|
describe 'postgresql::server::schema:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||||
|
after :all do
|
||||||
|
# Cleanup after tests have ran
|
||||||
|
apply_manifest("class { 'postgresql::server': ensure => absent }", :catch_failures => true)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should create a schema for a user' do
|
||||||
|
begin
|
||||||
|
pp = <<-EOS.unindent
|
||||||
|
$db = 'schema_test'
|
||||||
|
$user = 'psql_schema_tester'
|
||||||
|
$password = 'psql_schema_pw'
|
||||||
|
|
||||||
|
class { 'postgresql::server': }
|
||||||
|
|
||||||
|
# Since we are not testing pg_hba or any of that, make a local user for ident auth
|
||||||
|
user { $user:
|
||||||
|
ensure => present,
|
||||||
|
}
|
||||||
|
|
||||||
|
postgresql::server::role { $user:
|
||||||
|
password_hash => postgresql_password($user, $password),
|
||||||
|
}
|
||||||
|
|
||||||
|
postgresql::server::database { $db:
|
||||||
|
owner => $user,
|
||||||
|
require => Postgresql::Server::Role[$user],
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create a rule for the user
|
||||||
|
postgresql::server::pg_hba_rule { "allow ${user}":
|
||||||
|
type => 'local',
|
||||||
|
database => $db,
|
||||||
|
user => $user,
|
||||||
|
auth_method => 'ident',
|
||||||
|
order => 1,
|
||||||
|
}
|
||||||
|
|
||||||
|
postgresql::server::schema { $user:
|
||||||
|
db => $db,
|
||||||
|
owner => $user,
|
||||||
|
require => Postgresql::Server::Database[$db],
|
||||||
|
}
|
||||||
|
EOS
|
||||||
|
|
||||||
|
apply_manifest(pp, :catch_failures => true)
|
||||||
|
apply_manifest(pp, :catch_changes => true)
|
||||||
|
|
||||||
|
## Check that the user can create a table in the database
|
||||||
|
psql('--command="create table psql_schema_tester.foo (foo int)" schema_test', 'psql_schema_tester') do |r|
|
||||||
|
expect(r.stdout).to match(/CREATE TABLE/)
|
||||||
|
expect(r.stderr).to eq('')
|
||||||
|
end
|
||||||
|
ensure
|
||||||
|
psql('--command="drop table psql_schema_tester.foo" schema_test', 'psql_schema_tester')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
32
spec/unit/defines/server/schema_spec.rb
Normal file
32
spec/unit/defines/server/schema_spec.rb
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'postgresql::server::schema', :type => :define do
|
||||||
|
let :facts do
|
||||||
|
{
|
||||||
|
:osfamily => 'Debian',
|
||||||
|
:operatingsystem => 'Debian',
|
||||||
|
:operatingsystemrelease => '6.0',
|
||||||
|
:kernel => 'Linux',
|
||||||
|
:concat_basedir => tmpfilename('schema'),
|
||||||
|
:id => 'root',
|
||||||
|
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
let :title do
|
||||||
|
'test'
|
||||||
|
end
|
||||||
|
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:owner => 'jane',
|
||||||
|
:db => 'janedb',
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
let :pre_condition do
|
||||||
|
"class {'postgresql::server':}"
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_postgresql__server__schema('test') }
|
||||||
|
end
|
Loading…
Reference in a new issue