1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
# add couchdb users for all services
class site_couchdb::add_users {
$services = hiera('services', [])
Class['site_couchdb::create_dbs']
-> Class['site_couchdb::add_users']
# Couchdb users
## leap_mx couchdb user
## read: identities
## write access to user-<uuid>
couchdb::add_user { $site_couchdb::couchdb_leap_mx_user:
roles => '["identities"]',
pw => $site_couchdb::couchdb_leap_mx_pw,
salt => $site_couchdb::couchdb_leap_mx_salt,
require => Couchdb::Query::Setup['localhost']
}
## nickserver couchdb user
## r: identities
## r/w: keycache
couchdb::add_user { $site_couchdb::couchdb_nickserver_user:
roles => '["identities","keycache"]',
pw => $site_couchdb::couchdb_nickserver_pw,
salt => $site_couchdb::couchdb_nickserver_salt,
require => Couchdb::Query::Setup['localhost']
}
## soledad couchdb user
## r/w: user-<uuid>, shared
## read: tokens
if member($services, 'soledad') {
couchdb::add_user { $site_couchdb::couchdb_soledad_user:
roles => '["tokens"]',
pw => $site_couchdb::couchdb_soledad_pw,
salt => $site_couchdb::couchdb_soledad_salt,
require => Couchdb::Query::Setup['localhost'],
notify => Service['soledad-server'];
}
}
## webapp couchdb user
## read/write: users, tokens, sessions, tickets, identities, customer
couchdb::add_user { $site_couchdb::couchdb_webapp_user:
roles => '["tokens","identities","users"]',
pw => $site_couchdb::couchdb_webapp_pw,
salt => $site_couchdb::couchdb_webapp_salt,
require => Couchdb::Query::Setup['localhost']
}
## replication couchdb user
## read/write: all databases for replication
couchdb::add_user { $site_couchdb::couchdb_replication_user:
roles => '["replication"]',
pw => $site_couchdb::couchdb_replication_pw,
salt => $site_couchdb::couchdb_replication_salt,
require => Couchdb::Query::Setup['localhost']
}
}
|