From ed906e298aa8df2de8756ea96aade9301f3e39ef Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 31 Aug 2023 15:27:13 +0200 Subject: [PATCH] server::db: Make port/user/group configureable --- REFERENCE.md | 255 ++++++++++++++++++++++++++++++++- manifests/server/db.pp | 25 +++- spec/defines/server/db_spec.rb | 24 +++- 3 files changed, 292 insertions(+), 12 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 770f3ada84..249bf1589e 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -44,9 +44,10 @@ * [`postgresql::server::config_entry`](#postgresql--server--config_entry): Manage a postgresql.conf entry. * [`postgresql::server::database`](#postgresql--server--database): Define for creating a database. * [`postgresql::server::database_grant`](#postgresql--server--database_grant): Manage a database grant. -* [`postgresql::server::db`](#postgresql--server--db): Define for conveniently creating a role, database and assigning the correctpermissions. +* [`postgresql::server::db`](#postgresql--server--db): Define for conveniently creating a role, database and assigning the correct permissions. * [`postgresql::server::default_privileges`](#postgresql--server--default_privileges): Manage a database defaults privileges. Only works with PostgreSQL version 9.6 and above. * [`postgresql::server::extension`](#postgresql--server--extension): Activate an extension on a postgresql database. +* [`postgresql::server::grant`](#postgresql--server--grant): Define for granting permissions to roles. * [`postgresql::server::grant_role`](#postgresql--server--grant_role): Define for granting membership to a role. * [`postgresql::server::instance::config`](#postgresql--server--instance--config): Manages the config for a postgresql::server instance * [`postgresql::server::instance::initdb`](#postgresql--server--instance--initdb): Manages initdb feature for a postgresql::server instance @@ -1565,6 +1566,11 @@ The following parameters are available in the `postgresql::server::database` def * [`locale`](#-postgresql--server--database--locale) * [`istemplate`](#-postgresql--server--database--istemplate) * [`connect_settings`](#-postgresql--server--database--connect_settings) +* [`psql_path`](#-postgresql--server--database--psql_path) +* [`default_db`](#-postgresql--server--database--default_db) +* [`user`](#-postgresql--server--database--user) +* [`group`](#-postgresql--server--database--group) +* [`port`](#-postgresql--server--database--port) ##### `comment` @@ -1638,6 +1644,46 @@ Specifies a hash of environment variables used when connecting to a remote serve Default value: `$postgresql::server::default_connect_settings` +##### `psql_path` + +Data type: `Stdlib::Absolutepath` + +Specifies the path to the psql command. + +Default value: `$postgresql::server::psql_path` + +##### `default_db` + +Data type: `String[1]` + +Specifies the name of the default database to connect with. On most systems this is 'postgres'. + +Default value: `$postgresql::server::default_database` + +##### `user` + +Data type: `String[1]` + +Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. + +Default value: `$postgresql::server::user` + +##### `group` + +Data type: `String[1]` + +Overrides the default postgres user group to be used for related files in the file system. + +Default value: `$postgresql::server::group` + +##### `port` + +Data type: `Stdlib::Port` + +Specifies the port for the PostgreSQL server to listen on. + +Default value: `$postgresql::server::port` + ### `postgresql::server::database_grant` Manage a database grant. @@ -1706,7 +1752,7 @@ Default value: `undef` ### `postgresql::server::db` -Define for conveniently creating a role, database and assigning the correctpermissions. +Define for conveniently creating a role, database and assigning the correct permissions. #### Parameters @@ -1723,6 +1769,9 @@ The following parameters are available in the `postgresql::server::db` defined t * [`template`](#-postgresql--server--db--template) * [`istemplate`](#-postgresql--server--db--istemplate) * [`owner`](#-postgresql--server--db--owner) +* [`port`](#-postgresql--server--db--port) +* [`psql_user`](#-postgresql--server--db--psql_user) +* [`psql_group`](#-postgresql--server--db--psql_group) ##### `user` @@ -1810,6 +1859,30 @@ Sets a user as the owner of the database. Default value: `undef` +##### `port` + +Data type: `Optional[Stdlib::Port]` + +Specifies the port where the PostgreSQL server is listening on. + +Default value: `undef` + +##### `psql_user` + +Data type: `String[1]` + +Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. + +Default value: `$postgresql::server::user` + +##### `psql_group` + +Data type: `String[1]` + +Overrides the default PostgreSQL user group to be used for related files in the file system. + +Default value: `$postgresql::server::group` + ### `postgresql::server::default_privileges` Manage a database defaults privileges. Only works with PostgreSQL version 9.6 and above. @@ -1957,6 +2030,9 @@ The following parameters are available in the `postgresql::server::extension` de * [`port`](#-postgresql--server--extension--port) * [`connect_settings`](#-postgresql--server--extension--connect_settings) * [`database_resource_name`](#-postgresql--server--extension--database_resource_name) +* [`psql_path`](#-postgresql--server--extension--psql_path) +* [`user`](#-postgresql--server--extension--user) +* [`group`](#-postgresql--server--extension--group) ##### `database` @@ -2044,6 +2120,181 @@ Specifies the resource name of the DB being managed. Defaults to the parameter $ Default value: `$database` +##### `psql_path` + +Data type: `Stdlib::Absolutepath` + +Specifies the path to the psql command. + +Default value: `postgresql::default('psql_path')` + +##### `user` + +Data type: `String[1]` + +Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. + +Default value: `postgresql::default('user')` + +##### `group` + +Data type: `String[1]` + +Overrides the default postgres user group to be used for related files in the file system. + +Default value: `postgresql::default('group')` + +### `postgresql::server::grant` + +Define for granting permissions to roles. + +#### Parameters + +The following parameters are available in the `postgresql::server::grant` defined type: + +* [`role`](#-postgresql--server--grant--role) +* [`db`](#-postgresql--server--grant--db) +* [`privilege`](#-postgresql--server--grant--privilege) +* [`object_type`](#-postgresql--server--grant--object_type) +* [`object_name`](#-postgresql--server--grant--object_name) +* [`object_arguments`](#-postgresql--server--grant--object_arguments) +* [`psql_db`](#-postgresql--server--grant--psql_db) +* [`psql_user`](#-postgresql--server--grant--psql_user) +* [`port`](#-postgresql--server--grant--port) +* [`onlyif_exists`](#-postgresql--server--grant--onlyif_exists) +* [`connect_settings`](#-postgresql--server--grant--connect_settings) +* [`ensure`](#-postgresql--server--grant--ensure) +* [`group`](#-postgresql--server--grant--group) +* [`psql_path`](#-postgresql--server--grant--psql_path) + +##### `role` + +Data type: `String` + +Specifies the role or user whom you are granting access to. + +##### `db` + +Data type: `String` + +Specifies the database to which you are granting access. + +##### `privilege` + +Data type: `String` + +Specifies the privilege to grant. Valid options: 'ALL', 'ALL PRIVILEGES' or 'object_type' dependent string. + +Default value: `''` + +##### `object_type` + +Data type: + +```puppet +Pattern[#/(?i:^COLUMN$)/, + /(?i:^ALL SEQUENCES IN SCHEMA$)/, + /(?i:^ALL TABLES IN SCHEMA$)/, + /(?i:^DATABASE$)/, + #/(?i:^FOREIGN DATA WRAPPER$)/, + #/(?i:^FOREIGN SERVER$)/, + /(?i:^FUNCTION$)/, + /(?i:^LANGUAGE$)/, + #/(?i:^PROCEDURAL LANGUAGE$)/, + /(?i:^TABLE$)/, + #/(?i:^TABLESPACE$)/, + /(?i:^SCHEMA$)/, + /(?i:^SEQUENCE$)/ + #/(?i:^VIEW$)/ + ] +``` + +Specifies the type of object to which you are granting privileges. +Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'. + +Default value: `'database'` + +##### `object_name` + +Data type: `Optional[Variant[Array[String,2,2],String[1]]]` + +Specifies name of object_type to which to grant access, can be either a string or a two element array. +String: 'object_name' Array: ['schema_name', 'object_name'] + +Default value: `undef` + +##### `object_arguments` + +Data type: `Array[String[1],0]` + +Specifies any arguments to be passed alongisde the access grant. + +Default value: `[]` + +##### `psql_db` + +Data type: `String` + +Specifies the database to execute the grant against. This should not ordinarily be changed from the default + +Default value: `$postgresql::server::default_database` + +##### `psql_user` + +Data type: `String` + +Sets the OS user to run psql. + +Default value: `$postgresql::server::user` + +##### `port` + +Data type: `Optional[Stdlib::Port]` + +Port to use when connecting. + +Default value: `undef` + +##### `onlyif_exists` + +Data type: `Boolean` + +Create grant only if doesn't exist + +Default value: `false` + +##### `connect_settings` + +Data type: `Hash` + +Specifies a hash of environment variables used when connecting to a remote server. + +Default value: `$postgresql::server::default_connect_settings` + +##### `ensure` + +Data type: `Enum['present', 'absent']` + +Specifies whether to grant or revoke the privilege. Default is to grant the privilege. Valid values: 'present', 'absent'. + +Default value: `'present'` + +##### `group` + +Data type: `String` + +Sets the OS group to run psql + +Default value: `$postgresql::server::group` + +##### `psql_path` + +Data type: `Stdlib::Absolutepath` + +Sets the path to psql command + +Default value: `$postgresql::server::psql_path` + ### `postgresql::server::grant_role` Define for granting membership to a role. diff --git a/manifests/server/db.pp b/manifests/server/db.pp index 9cd7ad4afe..01cc61b665 100644 --- a/manifests/server/db.pp +++ b/manifests/server/db.pp @@ -1,4 +1,4 @@ -# @summary Define for conveniently creating a role, database and assigning the correctpermissions. +# @summary Define for conveniently creating a role, database and assigning the correct permissions. # # @param user User to assign access to the database upon creation (will be created if not defined elsewhere). Mandatory. # @param password Sets the password for the created user (if a user is created). @@ -11,6 +11,9 @@ # @param template Specifies the name of the template database from which to build this database. Defaults value: template0. # @param istemplate Specifies that the database is a template, if set to true. # @param owner Sets a user as the owner of the database. +# @param port Specifies the port where the PostgreSQL server is listening on. +# @param psql_user Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system. +# @param psql_group Overrides the default PostgreSQL user group to be used for related files in the file system. define postgresql::server::db ( String[1] $user, Optional[Variant[String, Sensitive[String]]] $password = undef, @@ -22,7 +25,10 @@ Optional[String[1]] $tablespace = undef, String[1] $template = 'template0', Boolean $istemplate = false, - Optional[String[1]] $owner = undef + Optional[String[1]] $owner = undef, + Optional[Stdlib::Port] $port = undef, + String[1] $psql_user = $postgresql::server::user, + String[1] $psql_group = $postgresql::server::group, ) { if ! defined(Postgresql::Server::Database[$dbname]) { postgresql::server::database { $dbname: @@ -33,21 +39,30 @@ locale => $locale, istemplate => $istemplate, owner => $owner, + port => $port, + user => $psql_user, + group => $psql_group, } } if ! defined(Postgresql::Server::Role[$user]) { postgresql::server::role { $user: password_hash => $password, + port => $port, + psql_user => $psql_user, + psql_group => $psql_group, before => Postgresql::Server::Database[$dbname], } } if ! defined(Postgresql::Server::Database_grant["GRANT ${user} - ${grant} - ${dbname}"]) { postgresql::server::database_grant { "GRANT ${user} - ${grant} - ${dbname}": - privilege => $grant, - db => $dbname, - role => $user, + privilege => $grant, + db => $dbname, + role => $user, + port => $port, + psql_user => $psql_user, + psql_group => $psql_group, } -> Postgresql_conn_validator<| db_name == $dbname |> } diff --git a/spec/defines/server/db_spec.rb b/spec/defines/server/db_spec.rb index 0051b678c9..44be729a7a 100644 --- a/spec/defines/server/db_spec.rb +++ b/spec/defines/server/db_spec.rb @@ -6,7 +6,21 @@ include_examples 'Debian 11' let :title do - 'test' + 'testdb' + end + + context 'with minimal params' do + let :params do + { + user: 'foo' + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_postgresql__server__db('testdb').with_port(5432).with_user('postgres').with_group('postgres') } + it { is_expected.to contain_postgresql__server__database('testdb').with_owner('tester').with_port(5432).with_user('postgres').with_group('postgres') } + it { is_expected.to contain_postgresql__server__role('testdb').that_comes_before('Postgresql::Server::Database[testdb]').with_port(5432).with_psql_user('postgres').with_psql_group('postgres') } + it { is_expected.to contain_postgresql__server__database_grant('GRANT test - ALL - testdb').with_port(5432).with_psql_user('postgres').with_psql_group('postgres') } end context 'without dbname param' do @@ -22,10 +36,10 @@ "class {'postgresql::server':}" end - it { is_expected.to contain_postgresql__server__db('test') } - it { is_expected.to contain_postgresql__server__database('test').with_owner('tester') } - it { is_expected.to contain_postgresql__server__role('test').that_comes_before('Postgresql::Server::Database[test]') } - it { is_expected.to contain_postgresql__server__database_grant('GRANT test - ALL - test') } + it { is_expected.to contain_postgresql__server__db('testdb') } + it { is_expected.to contain_postgresql__server__database('testdb').with_owner('tester') } + it { is_expected.to contain_postgresql__server__role('testdb').that_comes_before('Postgresql::Server::Database[testdb]') } + it { is_expected.to contain_postgresql__server__database_grant('GRANT test - ALL - testdb') } end context 'dbname' do