//currently we define default DB users (postgres, cpmtest, pgpool)
//for all database containers
func createDBUsers(dbConn *sql.DB, dbnode types.Container) error {
var err error
var password types.Setting
//get the postgres password
password, err = admindb.GetSetting(dbConn, "POSTGRESPSW")
if err != nil {
logit.Error.Println(err.Error())
return err
}
//register postgres user
var user = types.ContainerUser{}
user.Containername = dbnode.Name
user.Rolname = "postgres"
user.Passwd = password.Value
_, err = admindb.AddContainerUser(dbConn, user)
if err != nil {
logit.Error.Println(err.Error())
return err
}
//cpmtest and pgpool users are created by the node-setup.sql script
//here, we just register them when we create a new node
//get the cpmtest password
password, err = admindb.GetSetting(dbConn, "CPMTESTPSW")
if err != nil {
logit.Error.Println(err.Error())
return err
}
//register cpmtest user
user.Containername = dbnode.Name
user.Rolname = "cpmtest"
user.Passwd = password.Value
_, err = admindb.AddContainerUser(dbConn, user)
if err != nil {
logit.Error.Println(err.Error())
return err
}
//get the pgpool password
password, err = admindb.GetSetting(dbConn, "PGPOOLPSW")
if err != nil {
logit.Error.Println(err.Error())
return err
}
user.Containername = dbnode.Name
user.Rolname = "pgpool"
user.Passwd = password.Value
//register pgpool user
_, err = admindb.AddContainerUser(dbConn, user)
if err != nil {
logit.Error.Println(err.Error())
return err
}
return err
}
// AddContainerUser creates a new database user for a given container
func AddContainerUser(w rest.ResponseWriter, r *rest.Request) {
postMsg := types.NodeUser{}
err := r.DecodeJsonPayload(&postMsg)
if err != nil {
logit.Error.Println(err.Error())
rest.Error(w, err.Error(), http.StatusInternalServerError)
return
}
var dbConn *sql.DB
dbConn, err = util.GetConnection(CLUSTERADMIN_DB)
if err != nil {
logit.Error.Println(err.Error())
rest.Error(w, err.Error(), 400)
return
}
defer dbConn.Close()
err = secimpl.Authorize(dbConn, postMsg.Token, "perm-user")
if err != nil {
logit.Error.Println(err.Error())
rest.Error(w, err.Error(), http.StatusUnauthorized)
return
}
if postMsg.ID == "" {
logit.Error.Println("AddContainerUser: error node ID required")
rest.Error(w, "ID required", 400)
return
}
if postMsg.Rolname == "" {
logit.Error.Println("AddContainerUser: error node Rolname required")
rest.Error(w, "Rolname required", 400)
return
}
if postMsg.Passwd == "" {
logit.Error.Println("AddContainerUser: error node Passwd required")
rest.Error(w, "Passwd required", 400)
return
}
//create user on the container
//get container info
node, err := admindb.GetContainer(dbConn, postMsg.ID)
if err != nil {
logit.Error.Println(err.Error())
rest.Error(w, err.Error(), http.StatusBadRequest)
return
}
var credential types.Credential
credential, err = admindb.GetUserCredentials(dbConn, &node)
if err != nil {
logit.Error.Println(err.Error())
rest.Error(w, err.Error(), http.StatusBadRequest)
return
}
var dbConn2 *sql.DB
dbConn2, err = util.GetMonitoringConnection(credential.Host,
credential.Username,
credential.Port, credential.Database, credential.Password)
defer dbConn2.Close()
var SUPERUSER = ""
var INHERIT = ""
var CREATEROLE = ""
var CREATEDB = ""
var LOGIN = ""
var REPLICATION = ""
//logit.Info.Println("Rolsuper is " + strconv.FormatBool(postMsg.Rolsuper))
if postMsg.Rolsuper {
SUPERUSER = "******"
}
if postMsg.Rolinherit {
INHERIT = "INHERIT"
}
if postMsg.Rolcreaterole {
CREATEROLE = "CREATEROLE"
}
if postMsg.Rolcreatedb {
CREATEDB = "CREATEDB"
}
if postMsg.Rollogin {
LOGIN = "******"
}
if postMsg.Rolreplication {
REPLICATION = "REPLICATION"
}
query := "create user " + postMsg.Rolname + " " +
SUPERUSER + " " +
INHERIT + " " +
CREATEROLE + " " +
CREATEDB + " " +
LOGIN + " " +
REPLICATION + " " +
"PASSWORD '" + postMsg.Passwd + "'"
logit.Info.Println(query)
_, err = dbConn2.Query(query)
if err != nil {
logit.Error.Println(err.Error())
rest.Error(w, err.Error(), http.StatusBadRequest)
return
}
//create user in the admin db
dbuser := types.ContainerUser{}
dbuser.Containername = node.Name
dbuser.Passwd = postMsg.Passwd
dbuser.Rolname = postMsg.Rolname
result, err := admindb.AddContainerUser(dbConn, dbuser)
if err != nil {
logit.Error.Println(err.Error())
rest.Error(w, err.Error(), 400)
return
}
logit.Info.Printf("AddContainerUser: new ID %d\n", result)
w.WriteHeader(http.StatusOK)
status := types.SimpleStatus{}
status.Status = "OK"
w.WriteJson(&status)
}