From 0aed6d16a0303e05462f4c81cda0ced9872773bf Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 27 Nov 2013 14:27:50 -0500
Subject: add the tapicero couchdb user, and appropriate roles

Change-Id: I41e9a73c8d04d5a2d74b41c8e32aca9906f3a4cf
---
 puppet/modules/site_couchdb/manifests/add_users.pp  | 16 +++++++++++++---
 puppet/modules/site_couchdb/manifests/create_dbs.pp |  2 +-
 puppet/modules/site_couchdb/manifests/init.pp       |  5 +++++
 3 files changed, 19 insertions(+), 4 deletions(-)

(limited to 'puppet')

diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index 03ce12f1..f9ea7349 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -23,8 +23,8 @@ class site_couchdb::add_users {
   }
 
   ## soledad couchdb user
-  ## read: tokens, user-<uuid>, shared
-  ## write: user-<uuid>, shared
+  ## r/w: user-<uuid>, shared
+  ## read: tokens
   couchdb::add_user { $site_couchdb::couchdb_soledad_user:
     roles   => '["tokens"]',
     pw      => $site_couchdb::couchdb_soledad_pw,
@@ -32,10 +32,20 @@ class site_couchdb::add_users {
     require => Couchdb::Query::Setup['localhost']
   }
 
+  ### tapicero couchdb user
+  ### admin: needs to be able to create user-<uuid> databases
+  ### read: users
+  couchdb::add_user { $site_couchdb::couchdb_tapicero_user:
+    roles   => '["users"]',
+    pw      => $site_couchdb::couchdb_tapicero_pw,
+    salt    => $site_couchdb::couchdb_tapicero_salt,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
   ## webapp couchdb user
   ## read/write: users, tokens, sessions, tickets, identities, customer
   couchdb::add_user { $site_couchdb::couchdb_webapp_user:
-    roles   => '["tokens","identities"]',
+    roles   => '["tokens","identities","users"]',
     pw      => $site_couchdb::couchdb_webapp_pw,
     salt    => $site_couchdb::couchdb_webapp_salt,
     require => Couchdb::Query::Setup['localhost']
diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp
index a1db9d54..f53597e7 100644
--- a/puppet/modules/site_couchdb/manifests/create_dbs.pp
+++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp
@@ -49,7 +49,7 @@ class site_couchdb::create_dbs {
   ## users database
   ## r/w: webapp
   couchdb::create_db { 'users':
-    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+    members => "{ \"names\": [], \"roles\": [\"users\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 }
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index b73c23c3..bb3fa5d7 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -19,6 +19,11 @@ class site_couchdb {
   $couchdb_soledad_pw     = $couchdb_soledad['password']
   $couchdb_soledad_salt   = $couchdb_soledad['salt']
 
+  $couchdb_tapicero        = $couchdb_users['tapicero']
+  $couchdb_tapicero_user   = $couchdb_tapicero['username']
+  $couchdb_tapicero_pw     = $couchdb_tapicero['password']
+  $couchdb_tapicero_salt   = $couchdb_tapicero['salt']
+
   $couchdb_webapp         = $couchdb_users['webapp']
   $couchdb_webapp_user    = $couchdb_webapp['username']
   $couchdb_webapp_pw      = $couchdb_webapp['password']
-- 
cgit v1.2.3