Commit graph

9 commits

Author SHA1 Message Date
Brett Porter
6367e359ea add optional cwd to the postgres_psql command
When the psql command runs from a directory it does not have permission to
access, it outputs an error. This error trips up the unless SQL command,
causing the other SQL commands to run even if not needed. Rather than ignore
stderr (which might hide something else), or use an arbitrary directory like
/tmp, this code sets the cwd to the data directory, which will exist and be
owned by the postgres user. If someone uses the postgres_psql type and
customises the psql_user parameter, they should also set an appropriate cwd.
2012-12-14 23:02:18 +11:00
Chris Price
76fcf269d8 Merge branch 'master' into cprice-puppet-feature/master/port-psql-to-ruby
Conflicts:
	manifests/database.pp
	manifests/database_grant.pp
	manifests/psql.pp
	manifests/role.pp
2012-11-30 15:49:07 -08:00
Andreas Ntaflos
c4147a4105 Properly quote database name when using postgresql::psql for GRANT or REVOKE. 2012-11-09 04:20:36 +01:00
Chris Price
2a922f104a Initial working implementation of ruby psql type/provider
This commit provides a working implementation of a ruby
type/provider (`postgresql_psql` for handling the PSQL
commands.  This is a little more flexible than doing it
via Exec resources, which is what the `postgresql::psql`
type was doing.

The old type is still present but now includes a
deprecation notification, and all of the other types
that were using the `::psql` type have been ported over
to use the `postgresql_psql` type instead.
2012-11-04 21:47:49 -08:00
William Van Hevelingen
bdf6c0b84c Puppet lint fixes
- left longer than 80 char warnings
 - left inherits params class warnings
2012-11-03 02:37:20 +00:00
Albert Koch
9a0716f127 Support special characters in database role name
This will allow characters such as '-' in database role
names. Additionally, escaping of '"' characters now applies to all '"'
characters, not just the first in a sql command.
2012-11-01 09:45:20 -04:00
Jari Bakken
f9dbf4a9c9 Remove trailing commas.
This makes the module work on Puppet 2.7.1 (from Ubuntu 11.10).
2012-08-25 03:20:27 +02:00
Chris Price
1175ea20d6 Add postgresql::db convenience type, improve security
This commit adds a postgresql::db type for convenience;
it mirrors the 'db' type from the mysql module, which
allows you to create a database instance and user plus
grant privileges to that user all in one succint
resource.

This commit also improves security in the following ways:

* Revoke "CONNECT" privilege from the 'public' role for
  newly created databases; without this, any database
  created via this module will allow connections from
  any database user, and will allow them to do things
  like create tables.

* Change to a 'reject'-based policy for dealing with
  remote connections by the postgres user in pg_hba.conf.
  Prior to this commit, if you tried to restrict access
  to the postgres user by IP, the rule would simply not
  match for disallowed IPs; then it would fall through
  to the rule for "all" users, which could still match
  and thus allow the postgres user to connect remotely.
2012-06-09 09:23:11 -07:00
Chris Price
45055d324c Bring database, database_user, and database_grant into alignment with mysql module
Renamed a few files and made some tweaks to try to get
database_grant, database_user, and database types into
a state where they work very similarly to the ones in
the mysql module.  Also introduced a "postgresql_password"
function that can be used to generate an md5 password
hash for a postgres user.
2012-06-08 22:30:27 -07:00