Merge branch 'feature/type/__postgres/postgres_user-explorer' into 'master'
__postgres_*: Improve OS support and some cleanup See merge request ungleich-public/cdist!990
This commit is contained in:
commit
3e190c3481
10 changed files with 184 additions and 154 deletions
1
cdist/conf/type/__postgres_database/explorer/postgres_user
Symbolic link
1
cdist/conf/type/__postgres_database/explorer/postgres_user
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../__postgres_conf/explorer/postgres_user
|
|
@ -1,6 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
|
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||||
|
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -18,25 +19,18 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
case "$("${__explorer}/os")"
|
postgres_user=$("${__type_explorer:?}/postgres_user")
|
||||||
in
|
|
||||||
netbsd)
|
|
||||||
postgres_user='pgsql'
|
|
||||||
;;
|
|
||||||
openbsd)
|
|
||||||
postgres_user='_postgresql'
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
postgres_user='postgres'
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
dbname=${__object_id:?}
|
||||||
|
|
||||||
name="$__object_id"
|
quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; }
|
||||||
|
psql_exec() {
|
||||||
|
su - "${postgres_user}" -c "psql $(quote "$1") -twAc $(quote "$2")"
|
||||||
|
}
|
||||||
|
|
||||||
if test -n "$(su - "$postgres_user" -c "psql postgres -twAc \"SELECT 1 FROM pg_database WHERE datname='$name'\"")"
|
if psql_exec postgres "SELECT datname FROM pg_database" | grep -qFx "${dbname}"
|
||||||
then
|
then
|
||||||
echo 'present'
|
echo 'present'
|
||||||
else
|
else
|
||||||
echo 'absent'
|
echo 'absent'
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
#
|
#
|
||||||
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
|
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||||
|
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -18,60 +19,63 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
case "$(cat "${__global}/explorer/os")"
|
quote() {
|
||||||
in
|
for _arg
|
||||||
netbsd)
|
do
|
||||||
postgres_user='pgsql'
|
shift
|
||||||
;;
|
if test -n "$(printf '%s' "${_arg}" | tr -d -c '\t\n \042-\047\050-\052\073-\077\133\\`|~' | tr -c '' '.')"
|
||||||
openbsd)
|
then
|
||||||
postgres_user='_postgresql'
|
# needs quoting
|
||||||
;;
|
set -- "$@" "'$(printf '%s' "${_arg}" | sed -e "s/'/'\\\\''/g")'"
|
||||||
*)
|
else
|
||||||
postgres_user='postgres'
|
set -- "$@" "${_arg}"
|
||||||
;;
|
fi
|
||||||
esac
|
done
|
||||||
|
unset _arg
|
||||||
|
|
||||||
|
# NOTE: Use printf because POSIX echo interprets escape sequences
|
||||||
|
printf '%s' "$*"
|
||||||
|
}
|
||||||
|
|
||||||
name="$__object_id"
|
postgres_user=$(cat "${__object:?}/explorer/postgres_user")
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
|
||||||
state_is="$(cat "$__object/explorer/state")"
|
|
||||||
|
|
||||||
if [ "$state_should" != "$state_is" ]; then
|
dbname=${__object_id:?}
|
||||||
case "$state_should" in
|
state_should=$(cat "${__object:?}/parameter/state")
|
||||||
present)
|
state_is=$(cat "${__object:?}/explorer/state")
|
||||||
owner=""
|
|
||||||
if [ -f "$__object/parameter/owner" ]; then
|
|
||||||
owner="-O \"$(cat "$__object/parameter/owner")\""
|
|
||||||
fi
|
|
||||||
|
|
||||||
template=""
|
if test "${state_should}" = "$state_is"
|
||||||
if [ -f "$__object/parameter/template" ]; then
|
then
|
||||||
template="--template \"$(cat "$__object/parameter/template")\""
|
exit 0
|
||||||
fi
|
|
||||||
|
|
||||||
encoding=""
|
|
||||||
if [ -f "$__object/parameter/encoding" ]; then
|
|
||||||
encoding="--encoding \"$(cat "$__object/parameter/encoding")\""
|
|
||||||
fi
|
|
||||||
|
|
||||||
lc_collate=""
|
|
||||||
if [ -f "$__object/parameter/lc-collate" ]; then
|
|
||||||
lc_collate="--lc-collate \"$(cat "$__object/parameter/lc-collate")\""
|
|
||||||
fi
|
|
||||||
|
|
||||||
lc_ctype=""
|
|
||||||
if [ -f "$__object/parameter/lc-ctype" ]; then
|
|
||||||
lc_ctype="--lc-ctype \"$(cat "$__object/parameter/lc-ctype")\""
|
|
||||||
fi
|
|
||||||
|
|
||||||
cat << EOF
|
|
||||||
su - '$postgres_user' -c "createdb $owner \"$name\" $template $encoding $lc_collate $lc_ctype"
|
|
||||||
EOF
|
|
||||||
;;
|
|
||||||
absent)
|
|
||||||
cat << EOF
|
|
||||||
su - '$postgres_user' -c "dropdb \"$name\""
|
|
||||||
EOF
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
case ${state_should}
|
||||||
|
in
|
||||||
|
(present)
|
||||||
|
set --
|
||||||
|
|
||||||
|
while read -r param_name opt
|
||||||
|
do
|
||||||
|
if test -f "${__object:?}/parameter/${param_name}"
|
||||||
|
then
|
||||||
|
set -- "$@" "${opt}" "$(cat "${__object:?}/parameter/${param_name}")"
|
||||||
|
fi
|
||||||
|
done <<-'EOF'
|
||||||
|
owner -O
|
||||||
|
template --template
|
||||||
|
encoding --encoding
|
||||||
|
lc_collate --lc-collate
|
||||||
|
lc_ctype --lc-ctype
|
||||||
|
EOF
|
||||||
|
|
||||||
|
set -- "$@" "${dbname}"
|
||||||
|
|
||||||
|
cat <<-EOF
|
||||||
|
su - $(quote "${postgres_user}") -c $(quote "$(quote createdb "$@")")
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
(absent)
|
||||||
|
cat <<-EOF
|
||||||
|
su - $(quote "${postgres_user}") -c $(quote "$(quote dropdb "${dbname}")")
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
1
cdist/conf/type/__postgres_extension/explorer/postgres_user
Symbolic link
1
cdist/conf/type/__postgres_extension/explorer/postgres_user
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../__postgres_conf/explorer/postgres_user
|
41
cdist/conf/type/__postgres_extension/explorer/state
Normal file
41
cdist/conf/type/__postgres_extension/explorer/state
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
# -*- mode: sh; indent-tabs-mode: t -*-
|
||||||
|
#
|
||||||
|
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
# Prints "present" if the extension is currently installed.
|
||||||
|
# "absent" otherwise.
|
||||||
|
|
||||||
|
quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; }
|
||||||
|
|
||||||
|
postgres_user=$("${__type_explorer:?}/postgres_user")
|
||||||
|
|
||||||
|
IFS=: read -r dbname extname <<EOF
|
||||||
|
${__object_id:?}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
psql_exec() {
|
||||||
|
su - "${postgres_user}" -c "psql $(quote "$1") -twAc $(quote "$2")"
|
||||||
|
}
|
||||||
|
|
||||||
|
if psql_exec "${dbname}" 'SELECT extname FROM pg_extension' | grep -qFx "${extname}"
|
||||||
|
then
|
||||||
|
echo present
|
||||||
|
else
|
||||||
|
echo absent
|
||||||
|
fi
|
|
@ -2,9 +2,10 @@
|
||||||
#
|
#
|
||||||
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
|
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||||
# 2013 Tomas Pospisek (tpo_deb at sourcepole.ch)
|
# 2013 Tomas Pospisek (tpo_deb at sourcepole.ch)
|
||||||
|
# 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||||
#
|
#
|
||||||
# This type was created by Tomas Pospisek based on the
|
# This type was created by Tomas Pospisek based on the
|
||||||
#__postgres_role type by Steven Armstrong
|
# __postgres_role type by Steven Armstrong.
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -22,32 +23,38 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
case "$(cat "${__global}/explorer/os")"
|
postgres_user=$(cat "${__object:?}/explorer/postgres_user")
|
||||||
|
|
||||||
|
quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; }
|
||||||
|
psql_cmd() {
|
||||||
|
printf 'su - %s -c %s\n' \
|
||||||
|
"$(quote "${postgres_user}")" \
|
||||||
|
"$(quote psql "$(quote "$1")" -c "$(quote "$2")")"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
IFS=: read -r dbname extname <<EOF
|
||||||
|
${__object_id:?}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
state_is=$(cat "${__object:?}/explorer/state")
|
||||||
|
state_should=$(cat "${__object:?}/parameter/state")
|
||||||
|
|
||||||
|
if test "${state_is}" = "${state_should}"
|
||||||
|
then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
case ${state_should}
|
||||||
in
|
in
|
||||||
netbsd)
|
(present)
|
||||||
postgres_user='pgsql'
|
psql_cmd "${dbname}" "CREATE EXTENSION ${extname}"
|
||||||
;;
|
;;
|
||||||
openbsd)
|
(absent)
|
||||||
postgres_user='_postgresql'
|
psql_cmd "${dbname}" "DROP EXTENSION ${extname}"
|
||||||
;;
|
;;
|
||||||
*)
|
(*)
|
||||||
postgres_user='postgres'
|
printf 'Invalid --state: %s\n' "${state_should}" >&2
|
||||||
;;
|
exit 1
|
||||||
esac
|
;;
|
||||||
|
|
||||||
|
|
||||||
dbname=$( echo "$__object_id" | cut -d":" -f1 )
|
|
||||||
extension=$( echo "$__object_id" | cut -d":" -f2 )
|
|
||||||
|
|
||||||
state_should=$( cat "$__object/parameter/state" )
|
|
||||||
|
|
||||||
case "$state_should" in
|
|
||||||
present)
|
|
||||||
cmd="CREATE EXTENSION IF NOT EXISTS $extension"
|
|
||||||
echo "su - '$postgres_user' -c 'psql -c \"$cmd\" \"$dbname\"'"
|
|
||||||
;;
|
|
||||||
absent)
|
|
||||||
cmd="DROP EXTENSION IF EXISTS $extension"
|
|
||||||
echo "su - '$postgres_user' -c 'psql -c \"$cmd\" \"$dbname\"'"
|
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -3,32 +3,36 @@ cdist-type__postgres_extension(7)
|
||||||
|
|
||||||
NAME
|
NAME
|
||||||
----
|
----
|
||||||
cdist-type__postgres_extension - manage postgres extensions
|
cdist-type__postgres_extension - Manage PostgreSQL extensions
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
This cdist type allows you to create or drop postgres extensions.
|
This cdist type allows you to manage PostgreSQL extensions.
|
||||||
|
|
||||||
The object you need to pass to __postgres_extension consists of
|
The ``__object_id`` to pass to ``__postgres_extension`` is of the form
|
||||||
the database name and the extension name joined by a colon in the
|
``dbname:extension``, e.g.:
|
||||||
following form:
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
dbname:extension
|
|
||||||
|
|
||||||
f.ex.
|
|
||||||
|
|
||||||
.. code-block:: sh
|
.. code-block:: sh
|
||||||
|
|
||||||
rails_test:unaccent
|
rails_test:unaccent
|
||||||
|
|
||||||
|
|
||||||
|
**CAUTION!** Be careful when installing extensions from (untrusted) third-party
|
||||||
|
sources:
|
||||||
|
|
||||||
|
| Installing an extension as superuser requires trusting that the extension's
|
||||||
|
author wrote the extension installation script in a secure fashion. It is
|
||||||
|
not terribly difficult for a malicious user to create trojan-horse objects
|
||||||
|
that will compromise later execution of a carelessly-written extension
|
||||||
|
script, allowing that user to acquire superuser privileges.
|
||||||
|
| – `<https://www.postgresql.org/docs/13/sql-createextension.html#id-1.9.3.64.7>`_
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state
|
state
|
||||||
either "present" or "absent", defaults to "present"
|
either ``present`` or ``absent``, defaults to ``present``.
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
|
@ -36,24 +40,29 @@ EXAMPLES
|
||||||
|
|
||||||
.. code-block:: sh
|
.. code-block:: sh
|
||||||
|
|
||||||
__postgres_extension rails_test:unaccent
|
# Install extension unaccent into database rails_test
|
||||||
__postgres_extension --present rails_test:unaccent
|
__postgres_extension rails_test:unaccent
|
||||||
__postgres_extension --absent rails_test:unaccent
|
|
||||||
|
# Drop extension unaccent from database fails_test
|
||||||
|
__postgres_extension rails_test:unaccent --state absent
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
SEE ALSO
|
||||||
--------
|
--------
|
||||||
:strong:`cdist-type__postgre_database`\ (7)
|
- :strong:`cdist-type__postgres_database`\ (7)
|
||||||
|
- PostgreSQL "CREATE EXTENSION" documentation at:
|
||||||
|
`<http://www.postgresql.org/docs/current/static/sql-createextension.html>`_.
|
||||||
|
|
||||||
Postgres "Create Extension" documentation at: <http://www.postgresql.org/docs/current/static/sql-createextension.html>.
|
|
||||||
|
|
||||||
AUTHOR
|
AUTHORS
|
||||||
-------
|
-------
|
||||||
Tomas Pospisek <tpo_deb--@--sourcepole.ch>
|
| Tomas Pospisek <tpo_deb--@--sourcepole.ch>
|
||||||
|
| Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2014 Tomas Pospisek. You can redistribute it
|
Copyright \(C) 2014 Tomas Pospisek, 2021 Dennis Camera.
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
You can redistribute it and/or modify it under the terms of the GNU General
|
||||||
published by the Free Software Foundation, either version 3 of the
|
Public License as published by the Free Software Foundation, either version 3 of
|
||||||
License, or (at your option) any later version.
|
the License, or (at your option) any later version.
|
||||||
|
|
1
cdist/conf/type/__postgres_role/explorer/postgres_user
Symbolic link
1
cdist/conf/type/__postgres_role/explorer/postgres_user
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../__postgres_conf/explorer/postgres_user
|
|
@ -19,19 +19,7 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
case $("${__explorer:?}/os")
|
postgres_user=$("${__type_explorer:?}/postgres_user")
|
||||||
in
|
|
||||||
(netbsd)
|
|
||||||
postgres_user='pgsql'
|
|
||||||
;;
|
|
||||||
(openbsd)
|
|
||||||
postgres_user='_postgresql'
|
|
||||||
;;
|
|
||||||
(*)
|
|
||||||
postgres_user='postgres'
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
rolename=${__object_id:?}
|
rolename=${__object_id:?}
|
||||||
|
|
||||||
|
|
||||||
|
@ -55,8 +43,7 @@ role_properties=$(
|
||||||
BEGIN { RS = "\036"; FS = "\034" }
|
BEGIN { RS = "\036"; FS = "\034" }
|
||||||
/^\([0-9]+ rows?\)/ { exit }
|
/^\([0-9]+ rows?\)/ { exit }
|
||||||
NR == 1 { for (i = 1; i <= NF; i++) cols[i] = $i; next }
|
NR == 1 { for (i = 1; i <= NF; i++) cols[i] = $i; next }
|
||||||
NR == 2 { for (i = 1; i <= NF; i++) printf "%s=%s\n", cols[i], $i }
|
NR == 2 { for (i = 1; i <= NF; i++) printf "%s=%s\n", cols[i], $i }'
|
||||||
'
|
|
||||||
)
|
)
|
||||||
|
|
||||||
if test -n "${role_properties}"
|
if test -n "${role_properties}"
|
||||||
|
@ -90,12 +77,10 @@ then
|
||||||
# Check password
|
# Check password
|
||||||
passwd_stored=$(
|
passwd_stored=$(
|
||||||
psql_query "SELECT rolpassword FROM pg_authid WHERE rolname = '${rolename}'" \
|
psql_query "SELECT rolpassword FROM pg_authid WHERE rolname = '${rolename}'" \
|
||||||
| awk 'BEGIN { RS = "\036" } NR == 2'
|
| awk 'BEGIN { RS = "\036" } NR == 2 { printf "%s.", $0 }')
|
||||||
printf .
|
passwd_stored=${passwd_stored%.}
|
||||||
)
|
|
||||||
passwd_stored=${passwd_stored%?.}
|
|
||||||
|
|
||||||
if test -f "${__object:?}/parameter/password"
|
if test -s "${__object:?}/parameter/password"
|
||||||
then
|
then
|
||||||
passwd_should=$(cat "${__object:?}/parameter/password"; printf .)
|
passwd_should=$(cat "${__object:?}/parameter/password"; printf .)
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -28,20 +28,7 @@ quote() {
|
||||||
fi | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"
|
fi | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"
|
||||||
}
|
}
|
||||||
|
|
||||||
case $(cat "${__global:?}/explorer/os")
|
postgres_user=$(cat "${__object:?}/explorer/postgres_user")
|
||||||
in
|
|
||||||
(netbsd)
|
|
||||||
postgres_user='pgsql'
|
|
||||||
;;
|
|
||||||
(openbsd)
|
|
||||||
postgres_user='_postgresql'
|
|
||||||
;;
|
|
||||||
(*)
|
|
||||||
postgres_user='postgres'
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
|
||||||
rolename=${__object_id:?}
|
rolename=${__object_id:?}
|
||||||
state_is=$(cat "${__object:?}/explorer/state")
|
state_is=$(cat "${__object:?}/explorer/state")
|
||||||
state_should=$(cat "${__object:?}/parameter/state")
|
state_should=$(cat "${__object:?}/parameter/state")
|
||||||
|
@ -59,7 +46,7 @@ psql_query() {
|
||||||
|
|
||||||
psql_set_password() {
|
psql_set_password() {
|
||||||
# NOTE: Always make sure that the password does not end up in psql_history!
|
# NOTE: Always make sure that the password does not end up in psql_history!
|
||||||
# NOTE: Never set an empty string as the password, because they can be
|
# NOTE: Never set an empty string as the password, because it can be
|
||||||
# interpreted differently by different tooling.
|
# interpreted differently by different tooling.
|
||||||
if test -s "${__object:?}/parameter/password"
|
if test -s "${__object:?}/parameter/password"
|
||||||
then
|
then
|
||||||
|
|
Loading…
Reference in a new issue