summaryrefslogtreecommitdiff
path: root/puppet/modules/site_couchdb/manifests/add_users.pp
blob: 2f734ed4a7b2249b54d67285215a966bcaf94ab2 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

class site_couchdb::add_users {

  Class['site_couchdb::create_dbs']
    -> Class['site_couchdb::add_users']

  # Couchdb users

  ## leap_mx couchdb user
  ## read: identities
  ## write access to user-<uuid>
  couchdb::add_user { $site_couchdb::couchdb_leap_mx_user:
    roles   => '["identities"]',
    pw      => $site_couchdb::couchdb_leap_mx_pw,
    salt    => $site_couchdb::couchdb_leap_mx_salt,
    require => Couchdb::Query::Setup['localhost']
  }

  ## nickserver couchdb user
  ## r: identities
  ## r/w: keycache
  couchdb::add_user { $site_couchdb::couchdb_nickserver_user:
    roles   => '["identities","keycache"]',
    pw      => $site_couchdb::couchdb_nickserver_pw,
    salt    => $site_couchdb::couchdb_nickserver_salt,
    require => Couchdb::Query::Setup['localhost']
  }

  ## soledad couchdb user
  ## r/w: user-<uuid>, shared
  ## read: tokens
  couchdb::add_user { $site_couchdb::couchdb_soledad_user:
    roles   => '["tokens"]',
    pw      => $site_couchdb::couchdb_soledad_pw,
    salt    => $site_couchdb::couchdb_soledad_salt,
    require => Couchdb::Query::Setup['localhost']
  }

  ### tapicero couchdb user
  ### admin: needs to be able to create user-<uuid> databases
  ### read: users
  couchdb::add_user { $site_couchdb::couchdb_tapicero_user:
    roles   => '["users"]',
    pw      => $site_couchdb::couchdb_tapicero_pw,
    salt    => $site_couchdb::couchdb_tapicero_salt,
    require => Couchdb::Query::Setup['localhost']
  }

  ## webapp couchdb user
  ## read/write: users, tokens, sessions, tickets, identities, customer
  couchdb::add_user { $site_couchdb::couchdb_webapp_user:
    roles   => '["tokens","identities","users"]',
    pw      => $site_couchdb::couchdb_webapp_pw,
    salt    => $site_couchdb::couchdb_webapp_salt,
    require => Couchdb::Query::Setup['localhost']
  }

  ## replication couchdb user
  ## read/write: all databases for replication
  couchdb::add_user { $site_couchdb::couchdb_replication_user:
    roles   => '["replication"]',
    pw      => $site_couchdb::couchdb_replication_pw,
    salt    => $site_couchdb::couchdb_replication_salt,
    require => Couchdb::Query::Setup['localhost']
  }

}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 10:26:16 +0000