From 92d68c912d0de44ec9e88f7327303cc0fce7114b Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Tue, 26 Nov 2013 16:25:14 -0500
Subject: break out the database creation, user creation and design document
 loading into different classes

Change-Id: Idd126d69e1fbe9c9794ad50337307dcc5dd635f4
---
 puppet/modules/site_couchdb/manifests/add_users.pp | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 puppet/modules/site_couchdb/manifests/add_users.pp

(limited to 'puppet/modules/site_couchdb/manifests/add_users.pp')

diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
new file mode 100644
index 00000000..e9d3da78
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -0,0 +1,17 @@
+class site_couchdb::add_users {
+
+  # Populate couchdb
+  couchdb::add_user { $site_couchdb::couchdb_webapp_user:
+    roles   => '["auth"]',
+    pw      => $site_couchdb::couchdb_webapp_pw,
+    salt    => $site_couchdb::couchdb_webapp_salt,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  couchdb::add_user { $site_couchdb::couchdb_soledad_user:
+    roles   => '["auth"]',
+    pw      => $site_couchdb::couchdb_soledad_pw,
+    salt    => $site_couchdb::couchdb_soledad_salt,
+    require => Couchdb::Query::Setup['localhost']
+  }
+}
-- 
cgit v1.2.3


From 77528b228c6d7ba095a796df4c5cc4c95eb50d9d Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 27 Nov 2013 14:00:10 -0500
Subject: pretty reformat couchdb.json and site_couchdb/manifests/init.pp,
 alphabetizing couchdb users

Change-Id: I88264d32e9381f826652d1631083ba371e2b1b54
---
 puppet/modules/site_couchdb/manifests/add_users.pp | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/add_users.pp')

diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index e9d3da78..b9304a97 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -1,12 +1,6 @@
 class site_couchdb::add_users {
 
   # Populate couchdb
-  couchdb::add_user { $site_couchdb::couchdb_webapp_user:
-    roles   => '["auth"]',
-    pw      => $site_couchdb::couchdb_webapp_pw,
-    salt    => $site_couchdb::couchdb_webapp_salt,
-    require => Couchdb::Query::Setup['localhost']
-  }
 
   couchdb::add_user { $site_couchdb::couchdb_soledad_user:
     roles   => '["auth"]',
@@ -14,4 +8,12 @@ class site_couchdb::add_users {
     salt    => $site_couchdb::couchdb_soledad_salt,
     require => Couchdb::Query::Setup['localhost']
   }
+
+  couchdb::add_user { $site_couchdb::couchdb_webapp_user:
+    roles   => '["auth"]',
+    pw      => $site_couchdb::couchdb_webapp_pw,
+    salt    => $site_couchdb::couchdb_webapp_salt,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
 }
-- 
cgit v1.2.3


From fdf028e53cb1efa9d3d6c8ab76c89f98e2fb7498 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 27 Nov 2013 14:03:03 -0500
Subject: add leap_mx couchdb user/password

Change-Id: Ice83115e0feabddd40ad74c2a6e98e24da9b4c2f
---
 puppet/modules/site_couchdb/manifests/add_users.pp | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'puppet/modules/site_couchdb/manifests/add_users.pp')

diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index b9304a97..c83b096d 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -2,6 +2,13 @@ class site_couchdb::add_users {
 
   # Populate couchdb
 
+  couchdb::add_user { $site_couchdb::couchdb_leap_mx_user:
+    roles   => '["identities"]',
+    pw      => $site_couchdb::couchdb_leap_mx_pw,
+    salt    => $site_couchdb::couchdb_leap_mx_salt,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
   couchdb::add_user { $site_couchdb::couchdb_soledad_user:
     roles   => '["auth"]',
     pw      => $site_couchdb::couchdb_soledad_pw,
-- 
cgit v1.2.3


From e25091395d49d7e10c6266528d4bdfc48c10c886 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 27 Nov 2013 14:08:20 -0500
Subject: add identities roles

Change-Id: I483509850bee448bb2ea39863c1e6a796e102c3c
---
 puppet/modules/site_couchdb/manifests/add_users.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'puppet/modules/site_couchdb/manifests/add_users.pp')

diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index c83b096d..e525d01a 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -17,7 +17,7 @@ class site_couchdb::add_users {
   }
 
   couchdb::add_user { $site_couchdb::couchdb_webapp_user:
-    roles   => '["auth"]',
+    roles   => '["auth","identities"]',
     pw      => $site_couchdb::couchdb_webapp_pw,
     salt    => $site_couchdb::couchdb_webapp_salt,
     require => Couchdb::Query::Setup['localhost']
-- 
cgit v1.2.3


From 6bff399fdcdab967a13a27d40dcef4bfb871e046 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 27 Nov 2013 14:12:28 -0500
Subject: add nickserver couchdb user, set it to have 'identities' role

Change-Id: I06723ccf2ba040204e9fc5256c99a1faad6abb5f
---
 puppet/modules/site_couchdb/manifests/add_users.pp | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'puppet/modules/site_couchdb/manifests/add_users.pp')

diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index e525d01a..e3b74865 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -9,6 +9,16 @@ class site_couchdb::add_users {
     require => Couchdb::Query::Setup['localhost']
   }
 
+  # nickserver couchdb user
+  # read: identities, keycache
+  # write: keycache (a cache of discovered key, doesn’t exist yet)
+  couchdb::add_user { $site_couchdb::couchdb_nickserver_user:
+    roles   => '["identities"]',
+    pw      => $site_couchdb::couchdb_nickserver_pw,
+    salt    => $site_couchdb::couchdb_nickserver_salt,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
   couchdb::add_user { $site_couchdb::couchdb_soledad_user:
     roles   => '["auth"]',
     pw      => $site_couchdb::couchdb_soledad_pw,
-- 
cgit v1.2.3


From a9d75259f96e64825ea97eca17cbe6e0c6005d0d Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 27 Nov 2013 14:19:36 -0500
Subject: add comments with access information

Change-Id: I058ac1f061bca17736662f14826e99d32472739b
---
 puppet/modules/site_couchdb/manifests/add_users.pp | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/add_users.pp')

diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index e3b74865..8af9ea66 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -1,7 +1,10 @@
 class site_couchdb::add_users {
 
-  # Populate couchdb
+  # Couchdb users
 
+  ## leap_mx couchdb user
+  ## read: identities
+  ## write access to user-<uuid>
   couchdb::add_user { $site_couchdb::couchdb_leap_mx_user:
     roles   => '["identities"]',
     pw      => $site_couchdb::couchdb_leap_mx_pw,
@@ -9,9 +12,9 @@ class site_couchdb::add_users {
     require => Couchdb::Query::Setup['localhost']
   }
 
-  # nickserver couchdb user
-  # read: identities, keycache
-  # write: keycache (a cache of discovered key, doesn’t exist yet)
+  ## nickserver couchdb user
+  ## r: identities
+  ## r/w: keycache
   couchdb::add_user { $site_couchdb::couchdb_nickserver_user:
     roles   => '["identities"]',
     pw      => $site_couchdb::couchdb_nickserver_pw,
@@ -19,6 +22,9 @@ class site_couchdb::add_users {
     require => Couchdb::Query::Setup['localhost']
   }
 
+  ## soledad couchdb user
+  ## read: tokens, user-<uuid>, shared
+  ## write: user-<uuid>, shared
   couchdb::add_user { $site_couchdb::couchdb_soledad_user:
     roles   => '["auth"]',
     pw      => $site_couchdb::couchdb_soledad_pw,
@@ -26,6 +32,8 @@ class site_couchdb::add_users {
     require => Couchdb::Query::Setup['localhost']
   }
 
+  ## webapp couchdb user
+  ## read/write: users, tokens, sessions, tickets, identities
   couchdb::add_user { $site_couchdb::couchdb_webapp_user:
     roles   => '["auth","identities"]',
     pw      => $site_couchdb::couchdb_webapp_pw,
-- 
cgit v1.2.3


From 25ff4895b47ffd937e9f9881747ee8ffb511dacf Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 27 Nov 2013 14:20:51 -0500
Subject: add keycache couchdb database, and set appropriate roles

Change-Id: I492a8dfb42e92ced80fb09c2095fa1328e24346b
---
 puppet/modules/site_couchdb/manifests/add_users.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'puppet/modules/site_couchdb/manifests/add_users.pp')

diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index 8af9ea66..f5c38cbb 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -16,7 +16,7 @@ class site_couchdb::add_users {
   ## r: identities
   ## r/w: keycache
   couchdb::add_user { $site_couchdb::couchdb_nickserver_user:
-    roles   => '["identities"]',
+    roles   => '["identities","keycache"]',
     pw      => $site_couchdb::couchdb_nickserver_pw,
     salt    => $site_couchdb::couchdb_nickserver_salt,
     require => Couchdb::Query::Setup['localhost']
-- 
cgit v1.2.3


From ef0eae6b9ed6294f5c921a73777090142861beba Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 27 Nov 2013 14:22:57 -0500
Subject: setup tokens couchdb role for the tokens database and give soledad
 and the webapp access

Change-Id: Ifc44d5775e37655240573ab01dd2ee2f794bd8f3
---
 puppet/modules/site_couchdb/manifests/add_users.pp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/add_users.pp')

diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index f5c38cbb..03ce12f1 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -26,16 +26,16 @@ class site_couchdb::add_users {
   ## read: tokens, user-<uuid>, shared
   ## write: user-<uuid>, shared
   couchdb::add_user { $site_couchdb::couchdb_soledad_user:
-    roles   => '["auth"]',
+    roles   => '["tokens"]',
     pw      => $site_couchdb::couchdb_soledad_pw,
     salt    => $site_couchdb::couchdb_soledad_salt,
     require => Couchdb::Query::Setup['localhost']
   }
 
   ## webapp couchdb user
-  ## read/write: users, tokens, sessions, tickets, identities
+  ## read/write: users, tokens, sessions, tickets, identities, customer
   couchdb::add_user { $site_couchdb::couchdb_webapp_user:
-    roles   => '["auth","identities"]',
+    roles   => '["tokens","identities"]',
     pw      => $site_couchdb::couchdb_webapp_pw,
     salt    => $site_couchdb::couchdb_webapp_salt,
     require => Couchdb::Query::Setup['localhost']
-- 
cgit v1.2.3


From 0aed6d16a0303e05462f4c81cda0ced9872773bf Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 27 Nov 2013 14:27:50 -0500
Subject: add the tapicero couchdb user, and appropriate roles

Change-Id: I41e9a73c8d04d5a2d74b41c8e32aca9906f3a4cf
---
 puppet/modules/site_couchdb/manifests/add_users.pp | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/add_users.pp')

diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index 03ce12f1..f9ea7349 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -23,8 +23,8 @@ class site_couchdb::add_users {
   }
 
   ## soledad couchdb user
-  ## read: tokens, user-<uuid>, shared
-  ## write: user-<uuid>, shared
+  ## r/w: user-<uuid>, shared
+  ## read: tokens
   couchdb::add_user { $site_couchdb::couchdb_soledad_user:
     roles   => '["tokens"]',
     pw      => $site_couchdb::couchdb_soledad_pw,
@@ -32,10 +32,20 @@ class site_couchdb::add_users {
     require => Couchdb::Query::Setup['localhost']
   }
 
+  ### tapicero couchdb user
+  ### admin: needs to be able to create user-<uuid> databases
+  ### read: users
+  couchdb::add_user { $site_couchdb::couchdb_tapicero_user:
+    roles   => '["users"]',
+    pw      => $site_couchdb::couchdb_tapicero_pw,
+    salt    => $site_couchdb::couchdb_tapicero_salt,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
   ## webapp couchdb user
   ## read/write: users, tokens, sessions, tickets, identities, customer
   couchdb::add_user { $site_couchdb::couchdb_webapp_user:
-    roles   => '["tokens","identities"]',
+    roles   => '["tokens","identities","users"]',
     pw      => $site_couchdb::couchdb_webapp_pw,
     salt    => $site_couchdb::couchdb_webapp_salt,
     require => Couchdb::Query::Setup['localhost']
-- 
cgit v1.2.3