Merge branch 'feature/type/__postgres/postgres_user-explorer' into 'master'

__postgres_*: Improve OS support and some cleanup

See merge request ungleich-public/cdist!990
This commit is contained in:
poljakowski 2021-04-26 21:26:38 +02:00
commit 3e190c3481
10 changed files with 184 additions and 154 deletions

View file

@ -0,0 +1 @@
../../__postgres_conf/explorer/postgres_user

View file

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2011 Steven Armstrong (steven-cdist at armstrong.cc)
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,25 +19,18 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
case "$("${__explorer}/os")" postgres_user=$("${__type_explorer:?}/postgres_user")
in
netbsd)
postgres_user='pgsql'
;;
openbsd)
postgres_user='_postgresql'
;;
*)
postgres_user='postgres'
;;
esac
dbname=${__object_id:?}
name="$__object_id" quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; }
psql_exec() {
su - "${postgres_user}" -c "psql $(quote "$1") -twAc $(quote "$2")"
}
if test -n "$(su - "$postgres_user" -c "psql postgres -twAc \"SELECT 1 FROM pg_database WHERE datname='$name'\"")" if psql_exec postgres "SELECT datname FROM pg_database" | grep -qFx "${dbname}"
then then
echo 'present' echo 'present'
else else
echo 'absent' echo 'absent'
fi fi

View file

@ -1,6 +1,7 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2011 Steven Armstrong (steven-cdist at armstrong.cc)
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,60 +19,63 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
case "$(cat "${__global}/explorer/os")" quote() {
in for _arg
netbsd) do
postgres_user='pgsql' shift
;; if test -n "$(printf '%s' "${_arg}" | tr -d -c '\t\n \042-\047\050-\052\073-\077\133\\`|~' | tr -c '' '.')"
openbsd) then
postgres_user='_postgresql' # needs quoting
;; set -- "$@" "'$(printf '%s' "${_arg}" | sed -e "s/'/'\\\\''/g")'"
*) else
postgres_user='postgres' set -- "$@" "${_arg}"
;; fi
esac done
unset _arg
# NOTE: Use printf because POSIX echo interprets escape sequences
printf '%s' "$*"
}
name="$__object_id" postgres_user=$(cat "${__object:?}/explorer/postgres_user")
state_should="$(cat "$__object/parameter/state")"
state_is="$(cat "$__object/explorer/state")"
if [ "$state_should" != "$state_is" ]; then dbname=${__object_id:?}
case "$state_should" in state_should=$(cat "${__object:?}/parameter/state")
present) state_is=$(cat "${__object:?}/explorer/state")
owner=""
if [ -f "$__object/parameter/owner" ]; then
owner="-O \"$(cat "$__object/parameter/owner")\""
fi
template="" if test "${state_should}" = "$state_is"
if [ -f "$__object/parameter/template" ]; then then
template="--template \"$(cat "$__object/parameter/template")\"" exit 0
fi
encoding=""
if [ -f "$__object/parameter/encoding" ]; then
encoding="--encoding \"$(cat "$__object/parameter/encoding")\""
fi
lc_collate=""
if [ -f "$__object/parameter/lc-collate" ]; then
lc_collate="--lc-collate \"$(cat "$__object/parameter/lc-collate")\""
fi
lc_ctype=""
if [ -f "$__object/parameter/lc-ctype" ]; then
lc_ctype="--lc-ctype \"$(cat "$__object/parameter/lc-ctype")\""
fi
cat << EOF
su - '$postgres_user' -c "createdb $owner \"$name\" $template $encoding $lc_collate $lc_ctype"
EOF
;;
absent)
cat << EOF
su - '$postgres_user' -c "dropdb \"$name\""
EOF
;;
esac
fi fi
case ${state_should}
in
(present)
set --
while read -r param_name opt
do
if test -f "${__object:?}/parameter/${param_name}"
then
set -- "$@" "${opt}" "$(cat "${__object:?}/parameter/${param_name}")"
fi
done <<-'EOF'
owner -O
template --template
encoding --encoding
lc_collate --lc-collate
lc_ctype --lc-ctype
EOF
set -- "$@" "${dbname}"
cat <<-EOF
su - $(quote "${postgres_user}") -c $(quote "$(quote createdb "$@")")
EOF
;;
(absent)
cat <<-EOF
su - $(quote "${postgres_user}") -c $(quote "$(quote dropdb "${dbname}")")
EOF
;;
esac

View file

@ -0,0 +1 @@
../../__postgres_conf/explorer/postgres_user

View file

@ -0,0 +1,41 @@
#!/bin/sh -e
# -*- mode: sh; indent-tabs-mode: t -*-
#
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Prints "present" if the extension is currently installed.
# "absent" otherwise.
quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; }
postgres_user=$("${__type_explorer:?}/postgres_user")
IFS=: read -r dbname extname <<EOF
${__object_id:?}
EOF
psql_exec() {
su - "${postgres_user}" -c "psql $(quote "$1") -twAc $(quote "$2")"
}
if psql_exec "${dbname}" 'SELECT extname FROM pg_extension' | grep -qFx "${extname}"
then
echo present
else
echo absent
fi

View file

@ -2,9 +2,10 @@
# #
# 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2011 Steven Armstrong (steven-cdist at armstrong.cc)
# 2013 Tomas Pospisek (tpo_deb at sourcepole.ch) # 2013 Tomas Pospisek (tpo_deb at sourcepole.ch)
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This type was created by Tomas Pospisek based on the # This type was created by Tomas Pospisek based on the
#__postgres_role type by Steven Armstrong # __postgres_role type by Steven Armstrong.
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -22,32 +23,38 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
case "$(cat "${__global}/explorer/os")" postgres_user=$(cat "${__object:?}/explorer/postgres_user")
quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; }
psql_cmd() {
printf 'su - %s -c %s\n' \
"$(quote "${postgres_user}")" \
"$(quote psql "$(quote "$1")" -c "$(quote "$2")")"
}
IFS=: read -r dbname extname <<EOF
${__object_id:?}
EOF
state_is=$(cat "${__object:?}/explorer/state")
state_should=$(cat "${__object:?}/parameter/state")
if test "${state_is}" = "${state_should}"
then
exit 0
fi
case ${state_should}
in in
netbsd) (present)
postgres_user='pgsql' psql_cmd "${dbname}" "CREATE EXTENSION ${extname}"
;; ;;
openbsd) (absent)
postgres_user='_postgresql' psql_cmd "${dbname}" "DROP EXTENSION ${extname}"
;; ;;
*) (*)
postgres_user='postgres' printf 'Invalid --state: %s\n' "${state_should}" >&2
;; exit 1
esac ;;
dbname=$( echo "$__object_id" | cut -d":" -f1 )
extension=$( echo "$__object_id" | cut -d":" -f2 )
state_should=$( cat "$__object/parameter/state" )
case "$state_should" in
present)
cmd="CREATE EXTENSION IF NOT EXISTS $extension"
echo "su - '$postgres_user' -c 'psql -c \"$cmd\" \"$dbname\"'"
;;
absent)
cmd="DROP EXTENSION IF EXISTS $extension"
echo "su - '$postgres_user' -c 'psql -c \"$cmd\" \"$dbname\"'"
;;
esac esac

View file

@ -3,32 +3,36 @@ cdist-type__postgres_extension(7)
NAME NAME
---- ----
cdist-type__postgres_extension - manage postgres extensions cdist-type__postgres_extension - Manage PostgreSQL extensions
DESCRIPTION DESCRIPTION
----------- -----------
This cdist type allows you to create or drop postgres extensions. This cdist type allows you to manage PostgreSQL extensions.
The object you need to pass to __postgres_extension consists of The ``__object_id`` to pass to ``__postgres_extension`` is of the form
the database name and the extension name joined by a colon in the ``dbname:extension``, e.g.:
following form:
.. code-block:: sh
dbname:extension
f.ex.
.. code-block:: sh .. code-block:: sh
rails_test:unaccent rails_test:unaccent
**CAUTION!** Be careful when installing extensions from (untrusted) third-party
sources:
| Installing an extension as superuser requires trusting that the extension's
author wrote the extension installation script in a secure fashion. It is
not terribly difficult for a malicious user to create trojan-horse objects
that will compromise later execution of a carelessly-written extension
script, allowing that user to acquire superuser privileges.
| `<https://www.postgresql.org/docs/13/sql-createextension.html#id-1.9.3.64.7>`_
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
state state
either "present" or "absent", defaults to "present" either ``present`` or ``absent``, defaults to ``present``.
EXAMPLES EXAMPLES
@ -36,24 +40,29 @@ EXAMPLES
.. code-block:: sh .. code-block:: sh
__postgres_extension rails_test:unaccent # Install extension unaccent into database rails_test
__postgres_extension --present rails_test:unaccent __postgres_extension rails_test:unaccent
__postgres_extension --absent rails_test:unaccent
# Drop extension unaccent from database fails_test
__postgres_extension rails_test:unaccent --state absent
SEE ALSO SEE ALSO
-------- --------
:strong:`cdist-type__postgre_database`\ (7) - :strong:`cdist-type__postgres_database`\ (7)
- PostgreSQL "CREATE EXTENSION" documentation at:
`<http://www.postgresql.org/docs/current/static/sql-createextension.html>`_.
Postgres "Create Extension" documentation at: <http://www.postgresql.org/docs/current/static/sql-createextension.html>.
AUTHOR AUTHORS
------- -------
Tomas Pospisek <tpo_deb--@--sourcepole.ch> | Tomas Pospisek <tpo_deb--@--sourcepole.ch>
| Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING COPYING
------- -------
Copyright \(C) 2014 Tomas Pospisek. You can redistribute it Copyright \(C) 2014 Tomas Pospisek, 2021 Dennis Camera.
and/or modify it under the terms of the GNU General Public License as You can redistribute it and/or modify it under the terms of the GNU General
published by the Free Software Foundation, either version 3 of the Public License as published by the Free Software Foundation, either version 3 of
License, or (at your option) any later version. the License, or (at your option) any later version.

View file

@ -0,0 +1 @@
../../__postgres_conf/explorer/postgres_user

View file

@ -19,19 +19,7 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
case $("${__explorer:?}/os") postgres_user=$("${__type_explorer:?}/postgres_user")
in
(netbsd)
postgres_user='pgsql'
;;
(openbsd)
postgres_user='_postgresql'
;;
(*)
postgres_user='postgres'
;;
esac
rolename=${__object_id:?} rolename=${__object_id:?}
@ -55,8 +43,7 @@ role_properties=$(
BEGIN { RS = "\036"; FS = "\034" } BEGIN { RS = "\036"; FS = "\034" }
/^\([0-9]+ rows?\)/ { exit } /^\([0-9]+ rows?\)/ { exit }
NR == 1 { for (i = 1; i <= NF; i++) cols[i] = $i; next } NR == 1 { for (i = 1; i <= NF; i++) cols[i] = $i; next }
NR == 2 { for (i = 1; i <= NF; i++) printf "%s=%s\n", cols[i], $i } NR == 2 { for (i = 1; i <= NF; i++) printf "%s=%s\n", cols[i], $i }'
'
) )
if test -n "${role_properties}" if test -n "${role_properties}"
@ -90,12 +77,10 @@ then
# Check password # Check password
passwd_stored=$( passwd_stored=$(
psql_query "SELECT rolpassword FROM pg_authid WHERE rolname = '${rolename}'" \ psql_query "SELECT rolpassword FROM pg_authid WHERE rolname = '${rolename}'" \
| awk 'BEGIN { RS = "\036" } NR == 2' | awk 'BEGIN { RS = "\036" } NR == 2 { printf "%s.", $0 }')
printf . passwd_stored=${passwd_stored%.}
)
passwd_stored=${passwd_stored%?.}
if test -f "${__object:?}/parameter/password" if test -s "${__object:?}/parameter/password"
then then
passwd_should=$(cat "${__object:?}/parameter/password"; printf .) passwd_should=$(cat "${__object:?}/parameter/password"; printf .)
fi fi

View file

@ -28,20 +28,7 @@ quote() {
fi | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/" fi | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"
} }
case $(cat "${__global:?}/explorer/os") postgres_user=$(cat "${__object:?}/explorer/postgres_user")
in
(netbsd)
postgres_user='pgsql'
;;
(openbsd)
postgres_user='_postgresql'
;;
(*)
postgres_user='postgres'
;;
esac
rolename=${__object_id:?} rolename=${__object_id:?}
state_is=$(cat "${__object:?}/explorer/state") state_is=$(cat "${__object:?}/explorer/state")
state_should=$(cat "${__object:?}/parameter/state") state_should=$(cat "${__object:?}/parameter/state")
@ -59,7 +46,7 @@ psql_query() {
psql_set_password() { psql_set_password() {
# NOTE: Always make sure that the password does not end up in psql_history! # NOTE: Always make sure that the password does not end up in psql_history!
# NOTE: Never set an empty string as the password, because they can be # NOTE: Never set an empty string as the password, because it can be
# interpreted differently by different tooling. # interpreted differently by different tooling.
if test -s "${__object:?}/parameter/password" if test -s "${__object:?}/parameter/password"
then then