opuppet/module-postgresql
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #395 from thunderkeys/postgresql-server-role-inherit-support

Browse source 
Postgresql server role inherit support
This commit is contained in:
Ashley Penney 2014-04-02 07:30:20 -04:00
commit d8875983c9
3 changed files with 37 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -689,6 +689,9 @@ Whether to grant the ability to create new roles with this role. Defaults to `fa
####`login` ####`login`
Whether to grant login capability for the new role. Defaults to `false`. Whether to grant login capability for the new role. Defaults to `false`.
####`inherit`
Whether to grant inherit capability for the new role. Defaults to `true`.
####`superuser` ####`superuser`
Whether to grant super user capability for the new role. Defaults to `false`. Whether to grant super user capability for the new role. Defaults to `false`.

6
manifests/server/role.pp
View file

@ -5,6 +5,7 @@ define postgresql::server::role(
$createrole = false, $createrole = false,
$db = $postgresql::server::default_database, $db = $postgresql::server::default_database,
$login = true, $login = true,
$inherit = true,
$superuser = false, $superuser = false,
$replication = false, $replication = false,
$connection_limit = '-1', $connection_limit = '-1',
@ -16,6 +17,7 @@ define postgresql::server::role(
$version = $postgresql::server::version $version = $postgresql::server::version
$login_sql = $login ? { true => 'LOGIN', default => 'NOLOGIN' } $login_sql = $login ? { true => 'LOGIN', default => 'NOLOGIN' }
$inherit_sql = $inherit ? { true => 'INHERIT', default => 'NOINHERIT' }
$createrole_sql = $createrole ? { true => 'CREATEROLE', default => 'NOCREATEROLE' } $createrole_sql = $createrole ? { true => 'CREATEROLE', default => 'NOCREATEROLE' }
$createdb_sql = $createdb ? { true => 'CREATEDB', default => 'NOCREATEDB' } $createdb_sql = $createdb ? { true => 'CREATEDB', default => 'NOCREATEDB' }
$superuser_sql = $superuser ? { true => 'SUPERUSER', default => 'NOSUPERUSER' } $superuser_sql = $superuser ? { true => 'SUPERUSER', default => 'NOSUPERUSER' }
@ -55,6 +57,10 @@ define postgresql::server::role(
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcanlogin=${login}", unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolcanlogin=${login}",
} }
postgresql_psql {"ALTER ROLE \"${username}\" ${inherit_sql}":
unless => "SELECT rolname FROM pg_roles WHERE rolname='${username}' and rolinherit=${inherit}",
}
if(versioncmp($version, '9.1') >= 0) { if(versioncmp($version, '9.1') >= 0) {
if $replication_sql == '' { if $replication_sql == '' {
postgresql_psql {"ALTER ROLE \"${username}\" NOREPLICATION": postgresql_psql {"ALTER ROLE \"${username}\" NOREPLICATION":

28
spec/acceptance/server/role_spec.rb
View file

@ -85,4 +85,32 @@ describe 'postgresql::server::role:', :unless => UNSUPPORTED_PLATFORMS.include?(
expect(r.stderr).to eq('') expect(r.stderr).to eq('')
end end
end end
it 'should idempotently create a user with noinherit' do
pp = <<-EOS.unindent
$user = "postgresql_test_noinherit"
$password = "postgresql_test_noinherit"
class { 'postgresql::server': }
# Since we are not testing pg_hba or any of that, make a local user for ident auth
user { $user:
ensure => present,
}
postgresql::server::role { $user:
password_hash => $password,
inherit => false,
}
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
# Check that the user has noinherit set
psql('--command="select rolname from pg_roles where not rolinherit" postgres', 'postgresql_test_noinherit') do |r|
expect(r.stdout).to match(/postgresql_test_noinherit/)
expect(r.stderr).to eq('')
end
end
end end