diff options
author | varac <varacanero@zeromail.org> | 2016-06-09 17:32:31 +0200 |
---|---|---|
committer | varac <varacanero@zeromail.org> | 2016-06-14 12:05:18 +0200 |
commit | 1a18586f60291405af739fc787506566cf63e79c (patch) | |
tree | fa5300de6fa9ec990b965d789aa3b75f3b7a3dd2 /puppet/modules/couchdb/manifests/add_user.pp | |
parent | 6087aa329ff92ce02107792faf233279e6a77d55 (diff) |
git subrepo clone https://leap.se/git/puppet_couchdb puppet/modules/couchdb
subrepo:
subdir: "puppet/modules/couchdb"
merged: "76ff149"
upstream:
origin: "https://leap.se/git/puppet_couchdb"
branch: "master"
commit: "76ff149"
git-subrepo:
version: "0.3.0"
origin: "https://github.com/ingydotnet/git-subrepo.git"
commit: "cb2995b"
Diffstat (limited to 'puppet/modules/couchdb/manifests/add_user.pp')
-rw-r--r-- | puppet/modules/couchdb/manifests/add_user.pp | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/puppet/modules/couchdb/manifests/add_user.pp b/puppet/modules/couchdb/manifests/add_user.pp new file mode 100644 index 00000000..29c6a8c8 --- /dev/null +++ b/puppet/modules/couchdb/manifests/add_user.pp @@ -0,0 +1,39 @@ +define couchdb::add_user ( $roles, $pw, $salt = '' ) { + # Couchdb < 1.2 needs a pre-hashed pw and salt + # If you provide a salt, couchdb::add_user will assume that + # $pw is prehashed and pass both parameters to couchdb::update + # If $salt is empty, couchdb::add_user will assume that the pw + # is plaintext and will pass it to couchdb::update + + if $::couchdb::bigcouch == true { + $port = 5986 + } else { + $port = 5984 + } + + if $salt == '' { + # unhashed, plaintext pw, no salt. For couchdb >= 1.2 + $data = "{\"type\": \"user\", \"name\": \"${name}\", \"roles\": ${roles}, \"password\": \"${pw}\"}" + } else { + # prehashed pw with salt, for couchdb < 1.2 + # salt and encrypt pw + # str_and_salt2sha1 is a function from leap's stdlib module + $pw_and_salt = [ $pw, $salt ] + $sha = str_and_salt2sha1($pw_and_salt) + $data = "{\"type\": \"user\", \"name\": \"${name}\", \"roles\": ${roles}, \"password_sha\": \"${sha}\", \"salt\": \"${salt}\"}" + } + + # update the user with the given password unless they already work + couchdb::document { "update_user_${name}": + host => "127.0.0.1:${port}", + db => '_users', + id => "org.couchdb.user:${name}", + data => $data + } + + couchdb::query::setup { $name: + user => $name, + pw => $pw, + } + +} |