forked from ungleich-public/cdist
[type/__postgres_role] Refactor gencode-remote
This commit is contained in:
parent
7b7ca4d385
commit
4859c27900
1 changed files with 34 additions and 31 deletions
|
@ -51,9 +51,6 @@ then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case ${state_should}
|
|
||||||
in
|
|
||||||
(present)
|
|
||||||
if test -s "${__object:?}/parameter/password"
|
if test -s "${__object:?}/parameter/password"
|
||||||
then
|
then
|
||||||
quoted_password=$(
|
quoted_password=$(
|
||||||
|
@ -64,6 +61,11 @@ in
|
||||||
do
|
do
|
||||||
delim="\$$(LC_ALL=C tr -cd '[:alpha:]' </dev/urandom | dd bs=1 count=4 2>/dev/null)$"
|
delim="\$$(LC_ALL=C tr -cd '[:alpha:]' </dev/urandom | dd bs=1 count=4 2>/dev/null)$"
|
||||||
done
|
done
|
||||||
|
psql_query() {
|
||||||
|
printf 'su -l %s -c %s\n' \
|
||||||
|
"$(quote "${postgres_user}")" \
|
||||||
|
"$(quote "psql postgres -wc $(quote "$1")")"
|
||||||
|
}
|
||||||
|
|
||||||
raw_passwd=$(cat "${__object:?}/parameter/password"; printf .)
|
raw_passwd=$(cat "${__object:?}/parameter/password"; printf .)
|
||||||
# shellcheck disable=SC2016
|
# shellcheck disable=SC2016
|
||||||
|
@ -71,51 +73,52 @@ in
|
||||||
)
|
)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
booleans=
|
role_properties_should() {
|
||||||
for boolean in login createdb createrole superuser
|
_props=
|
||||||
do
|
for _prop in login createdb createrole superuser
|
||||||
booleans="${booleans}${booleans:+ }$(
|
do
|
||||||
if test -f "${__object:?}/parameter/${boolean}"
|
_props="${_props}${_props:+ }$(
|
||||||
then
|
if test -f "${__object:?}/parameter/${_prop}"
|
||||||
echo "${boolean}"
|
then
|
||||||
else
|
echo "${_prop}"
|
||||||
echo "no${boolean}"
|
else
|
||||||
fi \
|
echo "no${_prop}"
|
||||||
| tr '[:lower:]' '[:upper:]')"
|
fi \
|
||||||
done
|
| tr '[:lower:]' '[:upper:]')"
|
||||||
|
done
|
||||||
|
printf '%s\n' "${_props}"
|
||||||
|
unset _prop _props
|
||||||
|
}
|
||||||
|
|
||||||
|
case ${state_should}
|
||||||
|
in
|
||||||
|
(present)
|
||||||
case ${state_is}
|
case ${state_is}
|
||||||
in
|
in
|
||||||
(absent)
|
(absent)
|
||||||
query=$(printf 'CREATE ROLE "%s" WITH %s PASSWORD %s;' \
|
psql_query "$(printf 'CREATE ROLE "%s" WITH %s PASSWORD %s;' \
|
||||||
"${rolename}" "${booleans}" "${quoted_password:-NULL}")
|
"${rolename}" "$(role_properties_should)" "${quoted_password:-NULL}")"
|
||||||
;;
|
;;
|
||||||
(different*)
|
(different*)
|
||||||
query="ALTER ROLE \"${rolename}\" WITH"
|
|
||||||
|
|
||||||
if expr "${state_is}" : 'different.*properties' >/dev/null
|
if expr "${state_is}" : 'different.*properties' >/dev/null
|
||||||
then
|
then
|
||||||
query="${query} ${booleans}"
|
psql_query "ALTER ROLE \"${rolename}\" WITH $(role_properties_should);"
|
||||||
fi
|
|
||||||
if expr "${state_is}" : 'different.*password' >/dev/null
|
|
||||||
then
|
|
||||||
query="${query} PASSWORD ${quoted_password:-NULL}"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
query="${query};"
|
if expr "${state_is}" : 'different.*password' >/dev/null
|
||||||
|
then
|
||||||
|
psql_query "ALTER ROLE \"${rolename}\" WITH PASSWORD ${quoted_password:-NULL};"
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
(*)
|
(*)
|
||||||
printf 'Invalid state reported by state explorer: %s\n' "${state_is}" >&2
|
printf 'Invalid state reported by state explorer: %s\n' "${state_is}" >&2
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
psql_cmd=$(printf 'psql postgres -wc %s' "$(quote "${query}")" | quote)
|
|
||||||
printf "su -l '%s' -c %s\\n" "${postgres_user}" "${psql_cmd}"
|
|
||||||
;;
|
;;
|
||||||
(absent)
|
(absent)
|
||||||
printf "su -l '%s' -c 'dropuser '\\\\'%s\\\\'\\n" \
|
printf 'su -l %s -c %s\n' \
|
||||||
"${postgres_user}" \
|
"$(quote "${postgres_user}")" \
|
||||||
"$(quote "${rolename}")"
|
"$(quote "dropuser $(quote "${rolename}")")"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
Loading…
Reference in a new issue