summaryrefslogtreecommitdiff
path: root/puppet/modules/site_couchdb/manifests/add_users.pp
blob: 5c32c1e3ac12ec4c0459650701b503f4d5d0c402 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# add couchdb users for all services
class site_couchdb::add_users {

  $services = hiera('services', [])

  Class['site_couchdb::create_dbs']
    -> Class['site_couchdb::add_users']

  # Couchdb users

  ## leap_mx couchdb user
  ## read: identities
  ## write access to user-<uuid>
  couchdb::add_user { $site_couchdb::couchdb_leap_mx_user:
    roles   => '["identities"]',
    pw      => $site_couchdb::couchdb_leap_mx_pw,
    salt    => $site_couchdb::couchdb_leap_mx_salt,
    require => Couchdb::Query::Setup['localhost']
  }

  ## nickserver couchdb user
  ## r: identities
  ## r/w: keycache
  couchdb::add_user { $site_couchdb::couchdb_nickserver_user:
    roles   => '["identities","keycache"]',
    pw      => $site_couchdb::couchdb_nickserver_pw,
    salt    => $site_couchdb::couchdb_nickserver_salt,
    require => Couchdb::Query::Setup['localhost']
  }

  ## soledad couchdb user
  ## r/w: user-<uuid>, shared
  ## read: tokens
  if member($services, 'soledad') {
    couchdb::add_user { $site_couchdb::couchdb_soledad_user:
      roles   => '["tokens"]',
      pw      => $site_couchdb::couchdb_soledad_pw,
      salt    => $site_couchdb::couchdb_soledad_salt,
      require => Couchdb::Query::Setup['localhost'],
      notify  => Service['soledad-server'];
    }
  }

  ## webapp couchdb user
  ## read/write: users, tokens, sessions, tickets, identities, customer
  couchdb::add_user { $site_couchdb::couchdb_webapp_user:
    roles   => '["tokens","identities","users"]',
    pw      => $site_couchdb::couchdb_webapp_pw,
    salt    => $site_couchdb::couchdb_webapp_salt,
    require => Couchdb::Query::Setup['localhost']
  }

  ## replication couchdb user
  ## read/write: all databases for replication
  couchdb::add_user { $site_couchdb::couchdb_replication_user:
    roles   => '["replication"]',
    pw      => $site_couchdb::couchdb_replication_pw,
    salt    => $site_couchdb::couchdb_replication_salt,
    require => Couchdb::Query::Setup['localhost']
  }

}