matthijs/cdist
1
0
Fork 0
forked from ungleich-public/cdist
Code Issues Pull requests Projects Releases Wiki Activity

[type/__postgres_role] Refactor gencode-remote

Browse source
This commit is contained in:
Dennis Camera 2020-12-17 16:57:03 +01:00
commit 4859c27900
1 changed files with 34 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

53
cdist/conf/type/__postgres_role/gencode-remote
View file

@ -51,9 +51,6 @@ then
exit 0 exit 0
fi fi
case ${state_should}
in
(present)
if test -s "${__object:?}/parameter/password" if test -s "${__object:?}/parameter/password"
then then
quoted_password=$( quoted_password=$(
@ -64,6 +61,11 @@ in
do do
delim="\$$(LC_ALL=C tr -cd '[:alpha:]' </dev/urandom | dd bs=1 count=4 2>/dev/null)$" delim="\$$(LC_ALL=C tr -cd '[:alpha:]' </dev/urandom | dd bs=1 count=4 2>/dev/null)$"
done done
psql_query() {
printf 'su -l %s -c %s\n' \
"$(quote "${postgres_user}")" \
"$(quote "psql postgres -wc $(quote "$1")")"
}
raw_passwd=$(cat "${__object:?}/parameter/password"; printf .) raw_passwd=$(cat "${__object:?}/parameter/password"; printf .)
# shellcheck disable=SC2016 # shellcheck disable=SC2016
@ -71,51 +73,52 @@ in
) )
fi fi
booleans= role_properties_should() {
for boolean in login createdb createrole superuser _props=
for _prop in login createdb createrole superuser
do do
booleans="${booleans}${booleans:+ }$( _props="${_props}${_props:+ }$(
if test -f "${__object:?}/parameter/${boolean}" if test -f "${__object:?}/parameter/${_prop}"
then then
echo "${boolean}" echo "${_prop}"
else else
echo "no${boolean}" echo "no${_prop}"
fi \ fi \
| tr '[:lower:]' '[:upper:]')" | tr '[:lower:]' '[:upper:]')"
done done
printf '%s\n' "${_props}"
unset _prop _props
}
case ${state_should}
in
(present)
case ${state_is} case ${state_is}
in in
(absent) (absent)
query=$(printf 'CREATE ROLE "%s" WITH %s PASSWORD %s;' \ psql_query "$(printf 'CREATE ROLE "%s" WITH %s PASSWORD %s;' \
"${rolename}" "${booleans}" "${quoted_password:-NULL}") "${rolename}" "$(role_properties_should)" "${quoted_password:-NULL}")"
;; ;;
(different*) (different*)
query="ALTER ROLE \"${rolename}\" WITH"
if expr "${state_is}" : 'different.*properties' >/dev/null if expr "${state_is}" : 'different.*properties' >/dev/null
then then
query="${query} ${booleans}" psql_query "ALTER ROLE \"${rolename}\" WITH $(role_properties_should);"
fi
if expr "${state_is}" : 'different.*password' >/dev/null
then
query="${query} PASSWORD ${quoted_password:-NULL}"
fi fi
query="${query};" if expr "${state_is}" : 'different.*password' >/dev/null
then
psql_query "ALTER ROLE \"${rolename}\" WITH PASSWORD ${quoted_password:-NULL};"
fi
;; ;;
(*) (*)
printf 'Invalid state reported by state explorer: %s\n' "${state_is}" >&2 printf 'Invalid state reported by state explorer: %s\n' "${state_is}" >&2
exit 1 exit 1
;; ;;
esac esac
psql_cmd=$(printf 'psql postgres -wc %s' "$(quote "${query}")" | quote)
printf "su -l '%s' -c %s\\n" "${postgres_user}" "${psql_cmd}"
;; ;;
(absent) (absent)
printf "su -l '%s' -c 'dropuser '\\\\'%s\\\\'\\n" \ printf 'su -l %s -c %s\n' \
"${postgres_user}" \ "$(quote "${postgres_user}")" \
"$(quote "${rolename}")" "$(quote "dropuser $(quote "${rolename}")")"
;; ;;
esac esac