summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_couchdb/manifests/add_users.pp16
-rw-r--r--puppet/modules/site_couchdb/manifests/create_dbs.pp17
2 files changed, 26 insertions, 7 deletions
diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index e3b74865..8af9ea66 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -1,7 +1,10 @@
class site_couchdb::add_users {
- # Populate couchdb
+ # Couchdb users
+ ## leap_mx couchdb user
+ ## read: identities
+ ## write access to user-<uuid>
couchdb::add_user { $site_couchdb::couchdb_leap_mx_user:
roles => '["identities"]',
pw => $site_couchdb::couchdb_leap_mx_pw,
@@ -9,9 +12,9 @@ class site_couchdb::add_users {
require => Couchdb::Query::Setup['localhost']
}
- # nickserver couchdb user
- # read: identities, keycache
- # write: keycache (a cache of discovered key, doesn’t exist yet)
+ ## nickserver couchdb user
+ ## r: identities
+ ## r/w: keycache
couchdb::add_user { $site_couchdb::couchdb_nickserver_user:
roles => '["identities"]',
pw => $site_couchdb::couchdb_nickserver_pw,
@@ -19,6 +22,9 @@ class site_couchdb::add_users {
require => Couchdb::Query::Setup['localhost']
}
+ ## soledad couchdb user
+ ## read: tokens, user-<uuid>, shared
+ ## write: user-<uuid>, shared
couchdb::add_user { $site_couchdb::couchdb_soledad_user:
roles => '["auth"]',
pw => $site_couchdb::couchdb_soledad_pw,
@@ -26,6 +32,8 @@ class site_couchdb::add_users {
require => Couchdb::Query::Setup['localhost']
}
+ ## webapp couchdb user
+ ## read/write: users, tokens, sessions, tickets, identities
couchdb::add_user { $site_couchdb::couchdb_webapp_user:
roles => '["auth","identities"]',
pw => $site_couchdb::couchdb_webapp_pw,
diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp
index a734c870..d3125448 100644
--- a/puppet/modules/site_couchdb/manifests/create_dbs.pp
+++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp
@@ -1,28 +1,39 @@
class site_couchdb::create_dbs {
- # identities database
- # r/w: webapp
- # r: nickserver, leap_mx - need to restrict with design document
+ # Couchdb databases
+
+ ## identities database
+ ## r: nickserver, leap_mx - needs to be restrict with design document
+ ## r/w: webapp
couchdb::create_db { 'identities':
members => "{ \"names\": [], \"roles\": [\"identities\"] }",
require => Couchdb::Query::Setup['localhost']
}
+ ## sessions database
+ ## r/w: webapp
couchdb::create_db { 'sessions':
members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
require => Couchdb::Query::Setup['localhost']
}
+ ## tickets database
+ ## r/w: webapp
couchdb::create_db { 'tickets':
members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
require => Couchdb::Query::Setup['localhost']
}
+ ## tokens database
+ ## r: soledad - needs to be restricted with a design document
+ ## r/w: webapp
couchdb::create_db { 'tokens':
members => "{ \"names\": [], \"roles\": [\"auth\"] }",
require => Couchdb::Query::Setup['localhost']
}
+ ## users database
+ ## r/w: webapp
couchdb::create_db { 'users':
members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
require => Couchdb::Query::Setup['localhost']