benvin/grafana_postgres (#334)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/334
This commit was merged in pull request #334.
This commit is contained in:
@@ -1,9 +1,9 @@
|
||||
define profiles::sql::postgres::db (
|
||||
String $dbname,
|
||||
String $owner,
|
||||
) {
|
||||
postgresql_psql { "create_database_${dbname}":
|
||||
command => "CREATE DATABASE \"${dbname}\"",
|
||||
command => "CREATE DATABASE \"${dbname}\" OWNER \"${owner}\"",
|
||||
unless => "SELECT 1 FROM pg_database WHERE datname = '${dbname}'",
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,11 +1,10 @@
|
||||
define profiles::sql::postgres::grant (
|
||||
String $username,
|
||||
String $privilege,
|
||||
Enum['SCHEMA', 'DATABASE'] $type = 'DATABASE',
|
||||
Optional[String] $dbname = undef,
|
||||
Optional[String] $schema = undef,
|
||||
String $privilege = 'ALL PRIVILEGES',
|
||||
) {
|
||||
# Validate parameters based on type
|
||||
if $type == 'DATABASE' and $dbname == undef {
|
||||
fail('The dbname parameter must be provided when type is DATABASE')
|
||||
}
|
||||
@@ -14,25 +13,19 @@ define profiles::sql::postgres::grant (
|
||||
fail('Both dbname and schema parameters must be provided when type is SCHEMA')
|
||||
}
|
||||
|
||||
# Determine the appropriate SQL command and unless condition
|
||||
$command = $type ? {
|
||||
'DATABASE' => "GRANT ${privilege} ON DATABASE ${dbname} TO ${username}",
|
||||
'SCHEMA' => "GRANT ${privilege} ON SCHEMA ${schema} TO ${username}",
|
||||
}
|
||||
|
||||
$unless = $type ? {
|
||||
'DATABASE' => "SELECT 1 FROM pg_roles r WHERE r.rolname='${username}' AND has_database_privilege('${username}', '${dbname}', 'CONNECT')", # lint:ignore:140chars
|
||||
'SCHEMA' => "SELECT 1 FROM pg_namespace n JOIN pg_roles r ON r.oid = n.nspowner WHERE nspname = '${schema}' AND r.rolname = '${username}'", # lint:ignore:140chars
|
||||
}
|
||||
# Ensure the db parameter is set correctly when type is SCHEMA
|
||||
$effective_dbname = $type ? {
|
||||
'SCHEMA' => $dbname,
|
||||
'DATABASE' => $dbname,
|
||||
'DATABASE' => "SELECT 1 FROM pg_roles r WHERE r.rolname='${username}' AND has_database_privilege('${username}', '${dbname}', '${privilege}')", # lint:ignore:140chars
|
||||
'SCHEMA' => undef,
|
||||
}
|
||||
|
||||
postgresql_psql { "grant_${privilege}_on_${type}_${effective_dbname}_${schema}_to_${username}":
|
||||
postgresql_psql { "grant_${privilege}_on_${type}_${dbname}_${schema}_to_${username}":
|
||||
command => $command,
|
||||
unless => $unless,
|
||||
db => $effective_dbname,
|
||||
db => $dbname,
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user