diff options
| -rw-r--r-- | provider_base/services/couchdb.json | 5 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/add_users.pp | 16 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/create_dbs.pp | 2 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/init.pp | 5 |
4 files changed, 24 insertions, 4 deletions
diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 1a8147f9..0cb044ef 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -38,6 +38,11 @@ "password": "= secret :couch_soledad_password", "salt": "= hex_secret :couch_soledad_password_salt, 128" }, + "tapicero": { + "username": "tapicero", + "password": "= secret :couch_tapicero_password", + "salt": "= hex_secret :couch_tapicero_password_salt, 128" + }, "webapp": { "username": "webapp", "password": "= secret :couch_webapp_password", diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp index 03ce12f1..f9ea7349 100644 --- a/puppet/modules/site_couchdb/manifests/add_users.pp +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -23,8 +23,8 @@ class site_couchdb::add_users { } ## soledad couchdb user - ## read: tokens, user-<uuid>, shared - ## write: user-<uuid>, shared + ## r/w: user-<uuid>, shared + ## read: tokens couchdb::add_user { $site_couchdb::couchdb_soledad_user: roles => '["tokens"]', pw => $site_couchdb::couchdb_soledad_pw, @@ -32,10 +32,20 @@ class site_couchdb::add_users { require => Couchdb::Query::Setup['localhost'] } + ### tapicero couchdb user + ### admin: needs to be able to create user-<uuid> databases + ### read: users + couchdb::add_user { $site_couchdb::couchdb_tapicero_user: + roles => '["users"]', + pw => $site_couchdb::couchdb_tapicero_pw, + salt => $site_couchdb::couchdb_tapicero_salt, + require => Couchdb::Query::Setup['localhost'] + } + ## webapp couchdb user ## read/write: users, tokens, sessions, tickets, identities, customer couchdb::add_user { $site_couchdb::couchdb_webapp_user: - roles => '["tokens","identities"]', + roles => '["tokens","identities","users"]', pw => $site_couchdb::couchdb_webapp_pw, salt => $site_couchdb::couchdb_webapp_salt, require => Couchdb::Query::Setup['localhost'] diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index a1db9d54..f53597e7 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -49,7 +49,7 @@ class site_couchdb::create_dbs { ## users database ## r/w: webapp couchdb::create_db { 'users': - members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", + members => "{ \"names\": [], \"roles\": [\"users\"] }", require => Couchdb::Query::Setup['localhost'] } } diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index b73c23c3..bb3fa5d7 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -19,6 +19,11 @@ class site_couchdb { $couchdb_soledad_pw = $couchdb_soledad['password'] $couchdb_soledad_salt = $couchdb_soledad['salt'] + $couchdb_tapicero = $couchdb_users['tapicero'] + $couchdb_tapicero_user = $couchdb_tapicero['username'] + $couchdb_tapicero_pw = $couchdb_tapicero['password'] + $couchdb_tapicero_salt = $couchdb_tapicero['salt'] + $couchdb_webapp = $couchdb_users['webapp'] $couchdb_webapp_user = $couchdb_webapp['username'] $couchdb_webapp_pw = $couchdb_webapp['password'] |