//currently we define default DB users (postgres, cpmtest, pgpool)
//for all database containers
func createDBUsers(dbConn *sql.DB, dbnode admindb.Container) error {
var err error
var password admindb.Setting
//get the postgres password
password, err = admindb.GetSetting(dbConn, "POSTGRESPSW")
if err != nil {
logit.Error.Println(err.Error())
return err
}
//register postgres user
var user = admindb.ContainerUser{}
user.Containername = dbnode.Name
user.Rolname = "postgres"
user.Passwd = password.Value
_, err = admindb.AddContainerUser(dbConn, user)
if err != nil {
logit.Error.Println(err.Error())
return err
}
//cpmtest and pgpool users are created by the node-setup.sql script
//here, we just register them when we create a new node
//get the cpmtest password
password, err = admindb.GetSetting(dbConn, "CPMTESTPSW")
if err != nil {
logit.Error.Println(err.Error())
return err
}
//register cpmtest user
user.Containername = dbnode.Name
user.Rolname = "cpmtest"
user.Passwd = password.Value
_, err = admindb.AddContainerUser(dbConn, user)
if err != nil {
logit.Error.Println(err.Error())
return err
}
//get the pgpool password
password, err = admindb.GetSetting(dbConn, "PGPOOLPSW")
if err != nil {
logit.Error.Println(err.Error())
return err
}
user.Containername = dbnode.Name
user.Rolname = "pgpool"
user.Passwd = password.Value
//register pgpool user
_, err = admindb.AddContainerUser(dbConn, user)
if err != nil {
logit.Error.Println(err.Error())
return err
}
return err
}
func UpdateContainerUser(w rest.ResponseWriter, r *rest.Request) {
dbConn, err := util.GetConnection(CLUSTERADMIN_DB)
if err != nil {
logit.Error.Println("BackupNow: error " + err.Error())
rest.Error(w, err.Error(), 400)
return
}
defer dbConn.Close()
postMsg := NodeUser{}
err = r.DecodeJsonPayload(&postMsg)
if err != nil {
logit.Error.Println("UpdateContainerUser: error in decode" + err.Error())
rest.Error(w, err.Error(), http.StatusInternalServerError)
return
}
err = secimpl.Authorize(dbConn, postMsg.Token, "perm-user")
if err != nil {
logit.Error.Println("UpdateContainerUser: validate token error " + err.Error())
rest.Error(w, err.Error(), http.StatusUnauthorized)
return
}
if postMsg.ID == "" {
logit.Error.Println("UpdateContainerUser: error node ID required")
rest.Error(w, "ID required", 400)
return
}
if postMsg.Rolname == "" {
logit.Error.Println("UpdateContainerUser: error node Rolname required")
rest.Error(w, "Rolname required", 400)
return
}
//create user on the container
//get container info
var node admindb.Container
node, err = admindb.GetContainer(dbConn, postMsg.ID)
if err != nil {
logit.Error.Println("AddContainUser: "******"" {
} else {
//update the password
}
//get connection to container's database
var host = node.Name
if KubeEnv {
host = node.Name + "-db"
}
//fetch cpmtest user credentials
var cpmuser admindb.ContainerUser
cpmuser, err = admindb.GetContainerUser(dbConn, node.Name, CPMTEST_USER)
if err != nil {
logit.Error.Println(err.Error())
rest.Error(w, err.Error(), http.StatusBadRequest)
return
}
//get port
var pgport admindb.Setting
pgport, err = admindb.GetSetting(dbConn, "PG-PORT")
var dbConn2 *sql.DB
dbConn2, err = util.GetMonitoringConnection(host, CPMTEST_DB, pgport.Value, CPMTEST_USER, cpmuser.Passwd)
defer dbConn2.Close()
var SUPERUSER = "******"
var INHERIT = "INHERIT"
var CREATEROLE = "CREATEROLE"
var CREATEDB = "CREATEDB"
var LOGIN = "******"
var REPLICATION = "REPLICATION"
logit.Info.Println("Rolsuper is " + strconv.FormatBool(postMsg.Rolsuper))
if !postMsg.Rolsuper {
SUPERUSER = "******"
}
if !postMsg.Rolinherit {
INHERIT = "NOINHERIT"
}
if !postMsg.Rolcreaterole {
CREATEROLE = "NOCREATEROLE"
}
if !postMsg.Rolcreatedb {
CREATEDB = "NOCREATEDB"
}
if !postMsg.Rollogin {
LOGIN = "******"
}
if !postMsg.Rolreplication {
REPLICATION = "NOREPLICATION"
}
query := "alter user " + postMsg.Rolname + " " +
SUPERUSER + " " +
INHERIT + " " +
CREATEROLE + " " +
CREATEDB + " " +
LOGIN + " " +
REPLICATION + " "
if postMsg.Passwd != "" {
query = query + " PASSWORD '" + postMsg.Passwd + "'"
}
logit.Info.Println(query)
_, err = dbConn2.Query(query)
if err != nil {
logit.Error.Println("UpdateContainerUser:"******"" {
//update user's password
dbuser := admindb.ContainerUser{}
dbuser.Containername = node.Name
dbuser.Passwd = postMsg.Passwd
dbuser.Rolname = postMsg.Rolname
err = admindb.UpdateContainerUser(dbConn, dbuser)
if err != nil {
logit.Error.Println("UpdateContainerUser: "******"OK"
w.WriteJson(&status)
}
func GetAllUsersForContainer(w rest.ResponseWriter, r *rest.Request) {
dbConn, err := util.GetConnection(CLUSTERADMIN_DB)
if err != nil {
logit.Error.Println("BackupNow: error " + err.Error())
rest.Error(w, err.Error(), 400)
return
}
defer dbConn.Close()
err = secimpl.Authorize(dbConn, r.PathParam("Token"), "perm-read")
if err != nil {
logit.Error.Println("GetAllUsersForContainer: validate token error " + err.Error())
rest.Error(w, err.Error(), http.StatusUnauthorized)
return
}
ID := r.PathParam("ID")
if ID == "" {
rest.Error(w, "ID required", 400)
return
}
//get container info
var node admindb.Container
node, err = admindb.GetContainer(dbConn, ID)
if err != nil {
logit.Error.Println("GetAllUsersForContainer: " + err.Error())
rest.Error(w, err.Error(), http.StatusBadRequest)
return
}
//get connection to container's database
var host = node.Name
if KubeEnv {
host = node.Name + "-db"
}
//fetch cpmtest user credentials
var nodeuser admindb.ContainerUser
nodeuser, err = admindb.GetContainerUser(dbConn, node.Name, CPMTEST_USER)
if err != nil {
logit.Error.Println(err.Error())
rest.Error(w, err.Error(), http.StatusBadRequest)
return
}
logit.Info.Println("cpmtest password is " + nodeuser.Passwd)
//get port
var pgport admindb.Setting
pgport, err = admindb.GetSetting(dbConn, "PG-PORT")
var dbConn2 *sql.DB
dbConn2, err = util.GetMonitoringConnection(host, CPMTEST_DB, pgport.Value, CPMTEST_USER, nodeuser.Passwd)
defer dbConn2.Close()
users := make([]admindb.ContainerUser, 0)
//query results
var rows *sql.Rows
rows, err = dbConn2.Query("select rolname::text, rolsuper::text, rolinherit::text, rolcreaterole::text, rolcreatedb::text, rolcatupdate::text, rolcanlogin::text, rolreplication::text from pg_roles order by rolname")
if err != nil {
logit.Error.Println("GetAllUsersForContainer:" + err.Error())
rest.Error(w, err.Error(), http.StatusBadRequest)
return
}
defer rows.Close()
for rows.Next() {
user := admindb.ContainerUser{}
if err = rows.Scan(
&user.Rolname,
&user.Rolsuper,
&user.Rolinherit,
&user.Rolcreaterole,
&user.Rolcreatedb,
&user.Rolcatupdate,
&user.Rolcanlogin,
&user.Rolreplication,
); err != nil {
logit.Error.Println("GetAllUsersForContainer:" + err.Error())
rest.Error(w, err.Error(), http.StatusBadRequest)
return
}
user.Containername = node.Name
user.ContainerID = node.ID
users = append(users, user)
}
if err = rows.Err(); err != nil {
logit.Error.Println("GetAllUsersForContainer:" + err.Error())
rest.Error(w, err.Error(), http.StatusBadRequest)
return
}
w.WriteHeader(http.StatusOK)
w.WriteJson(&users)
}
