diff options
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/add_users.pp | 16 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/create_dbs.pp | 17 |
2 files changed, 26 insertions, 7 deletions
diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp index e3b74865..8af9ea66 100644 --- a/puppet/modules/site_couchdb/manifests/add_users.pp +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -1,7 +1,10 @@ class site_couchdb::add_users { - # Populate couchdb + # Couchdb users + ## leap_mx couchdb user + ## read: identities + ## write access to user-<uuid> couchdb::add_user { $site_couchdb::couchdb_leap_mx_user: roles => '["identities"]', pw => $site_couchdb::couchdb_leap_mx_pw, @@ -9,9 +12,9 @@ class site_couchdb::add_users { require => Couchdb::Query::Setup['localhost'] } - # nickserver couchdb user - # read: identities, keycache - # write: keycache (a cache of discovered key, doesn’t exist yet) + ## nickserver couchdb user + ## r: identities + ## r/w: keycache couchdb::add_user { $site_couchdb::couchdb_nickserver_user: roles => '["identities"]', pw => $site_couchdb::couchdb_nickserver_pw, @@ -19,6 +22,9 @@ class site_couchdb::add_users { require => Couchdb::Query::Setup['localhost'] } + ## soledad couchdb user + ## read: tokens, user-<uuid>, shared + ## write: user-<uuid>, shared couchdb::add_user { $site_couchdb::couchdb_soledad_user: roles => '["auth"]', pw => $site_couchdb::couchdb_soledad_pw, @@ -26,6 +32,8 @@ class site_couchdb::add_users { require => Couchdb::Query::Setup['localhost'] } + ## webapp couchdb user + ## read/write: users, tokens, sessions, tickets, identities couchdb::add_user { $site_couchdb::couchdb_webapp_user: roles => '["auth","identities"]', pw => $site_couchdb::couchdb_webapp_pw, diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index a734c870..d3125448 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -1,28 +1,39 @@ class site_couchdb::create_dbs { - # identities database - # r/w: webapp - # r: nickserver, leap_mx - need to restrict with design document + # Couchdb databases + + ## identities database + ## r: nickserver, leap_mx - needs to be restrict with design document + ## r/w: webapp couchdb::create_db { 'identities': members => "{ \"names\": [], \"roles\": [\"identities\"] }", require => Couchdb::Query::Setup['localhost'] } + ## sessions database + ## r/w: webapp couchdb::create_db { 'sessions': members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", require => Couchdb::Query::Setup['localhost'] } + ## tickets database + ## r/w: webapp couchdb::create_db { 'tickets': members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", require => Couchdb::Query::Setup['localhost'] } + ## tokens database + ## r: soledad - needs to be restricted with a design document + ## r/w: webapp couchdb::create_db { 'tokens': members => "{ \"names\": [], \"roles\": [\"auth\"] }", require => Couchdb::Query::Setup['localhost'] } + ## users database + ## r/w: webapp couchdb::create_db { 'users': members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", require => Couchdb::Query::Setup['localhost'] |