feat: manage database/user/grants for patroni

- add defines for exporting/collecting psql objects for patroni
- add generic profile for managing patroni psql databases for an app
This commit is contained in:
2024-08-24 00:30:47 +10:00
parent 68c569b282
commit 8fad79f2bc
5 changed files with 127 additions and 0 deletions
+61
View File
@@ -0,0 +1,61 @@
class profiles::sql::postgresdb (
String $dbname,
String $dbuser,
String $dbpass,
Boolean $create_host_users = false,
Boolean $members_lookup = false,
String $members_role = undef,
Array $servers = [],
){
# if lookup is enabled
if $members_lookup {
# check that the role is also set
unless !($members_role == undef) {
fail("members_role must be provided for ${title} when members_lookup is True")
}
# if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(query_nodes("enc_role='${members_role}' and region='${facts['region']}'", 'networking.fqdn'))
# else use provided array from params
}else{
$servers_array = $servers
}
$tag = "${facts['country']}-${facts['region']}-${facts['environment']}"
# only export from the first server in a cluster
if $servers_array[0] == $facts['networking']['fqdn'] {
# manage the postgres db
@@profiles::sql::postgres::db { "${facts['networking']['fqdn']}_db_${dbname}":
dbname => $dbname,
tag => $tag,
}
@@profiles::sql::postgres::user { "${facts['networking']['fqdn']}_role_${dbuser}":
username => $dbuser,
password => $dbpass,
tag => $tag,
}
@@profiles::sql::postgres::grant { "${facts['networking']['fqdn']}_grant_db_${dbuser}_${dbuser}}":
dbname => $dbname,
username => $dbuser,
type => 'DATABASE',
privilege => 'ALL PRIVILEGES',
tag => $tag,
}
@@profiles::sql::postgres::grant { "${facts['networking']['fqdn']}_grant_schema_${dbuser}_${dbuser}}":
dbname => $dbname,
username => $dbuser,
type => 'SCHEMA',
schema => 'public',
privilege => 'ALL PRIVILEGES',
tag => $tag,
}
}
}