//currently we define default DB users (postgres, cpmtest, pgpool) //for all database containers func createDBUsers(dbConn *sql.DB, dbnode types.Container) error { var err error var password types.Setting //get the postgres password password, err = admindb.GetSetting(dbConn, "POSTGRESPSW") if err != nil { logit.Error.Println(err.Error()) return err } //register postgres user var user = types.ContainerUser{} user.Containername = dbnode.Name user.Rolname = "postgres" user.Passwd = password.Value _, err = admindb.AddContainerUser(dbConn, user) if err != nil { logit.Error.Println(err.Error()) return err } //cpmtest and pgpool users are created by the node-setup.sql script //here, we just register them when we create a new node //get the cpmtest password password, err = admindb.GetSetting(dbConn, "CPMTESTPSW") if err != nil { logit.Error.Println(err.Error()) return err } //register cpmtest user user.Containername = dbnode.Name user.Rolname = "cpmtest" user.Passwd = password.Value _, err = admindb.AddContainerUser(dbConn, user) if err != nil { logit.Error.Println(err.Error()) return err } //get the pgpool password password, err = admindb.GetSetting(dbConn, "PGPOOLPSW") if err != nil { logit.Error.Println(err.Error()) return err } user.Containername = dbnode.Name user.Rolname = "pgpool" user.Passwd = password.Value //register pgpool user _, err = admindb.AddContainerUser(dbConn, user) if err != nil { logit.Error.Println(err.Error()) return err } return err }
// GetContainerUser returns a container user for a given container and user name func GetContainerUser(dbConn *sql.DB, containername string, usename string) (types.ContainerUser, error) { var user types.ContainerUser var err error queryStr := fmt.Sprintf("select id, passwd, to_char(updatedt, 'MM-DD-YYYY HH24:MI:SS') from containeruser where usename = '%s' and containername = '%s'", usename, containername) logit.Info.Println("admindb:GetContainerUser:"******"GetContainerUser got a row back") } user.Rolname = usename user.Containername = containername var unencrypted string unencrypted, err = sec.DecryptPassword(user.Passwd) if err != nil { return user, err } user.Passwd = unencrypted return user, nil }
// UpdateContainerUser updates a database users preferences on a given container db func UpdateContainerUser(w rest.ResponseWriter, r *rest.Request) { dbConn, err := util.GetConnection(CLUSTERADMIN_DB) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), 400) return } defer dbConn.Close() postMsg := types.NodeUser{} err = r.DecodeJsonPayload(&postMsg) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusInternalServerError) return } err = secimpl.Authorize(dbConn, postMsg.Token, "perm-user") if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusUnauthorized) return } if postMsg.ID == "" { logit.Error.Println("UpdateContainerUser: error node ID required") rest.Error(w, "ID required", 400) return } if postMsg.Rolname == "" { logit.Error.Println("UpdateContainerUser: error node Rolname required") rest.Error(w, "Rolname required", 400) return } //create user on the container //get container info var node types.Container node, err = admindb.GetContainer(dbConn, postMsg.ID) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusBadRequest) return } if postMsg.Passwd == "" { } else { //update the password } var credential types.Credential credential, err = admindb.GetUserCredentials(dbConn, &node) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusBadRequest) return } var dbConn2 *sql.DB dbConn2, err = util.GetMonitoringConnection(credential.Host, credential.Username, credential.Port, credential.Database, credential.Password) defer dbConn2.Close() var SUPERUSER = "******" var INHERIT = "INHERIT" var CREATEROLE = "CREATEROLE" var CREATEDB = "CREATEDB" var LOGIN = "******" var REPLICATION = "REPLICATION" logit.Info.Println("Rolsuper is " + strconv.FormatBool(postMsg.Rolsuper)) if !postMsg.Rolsuper { SUPERUSER = "******" } if !postMsg.Rolinherit { INHERIT = "NOINHERIT" } if !postMsg.Rolcreaterole { CREATEROLE = "NOCREATEROLE" } if !postMsg.Rolcreatedb { CREATEDB = "NOCREATEDB" } if !postMsg.Rollogin { LOGIN = "******" } if !postMsg.Rolreplication { REPLICATION = "NOREPLICATION" } query := "alter user " + postMsg.Rolname + " " + SUPERUSER + " " + INHERIT + " " + CREATEROLE + " " + CREATEDB + " " + LOGIN + " " + REPLICATION + " " if postMsg.Passwd != "" { query = query + " PASSWORD '" + postMsg.Passwd + "'" } logit.Info.Println(query) _, err = dbConn2.Query(query) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusBadRequest) return } var userexists = true _, err = admindb.GetContainerUser(dbConn, node.Name, postMsg.Rolname) if err == sql.ErrNoRows { // Handle no rows userexists = false } else if err != nil { // Handle actual error logit.Error.Println(err.Error()) rest.Error(w, err.Error(), 400) return } if postMsg.Passwd != "" { //update user's password dbuser := types.ContainerUser{} dbuser.Containername = node.Name dbuser.Passwd = postMsg.Passwd dbuser.Rolname = postMsg.Rolname if userexists { err = admindb.UpdateContainerUser(dbConn, dbuser) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), 400) return } } } w.WriteHeader(http.StatusOK) status := types.SimpleStatus{} status.Status = "OK" w.WriteJson(&status) }
// GetAllusersForContainer returns a list of all database users on a given db container func GetAllUsersForContainer(w rest.ResponseWriter, r *rest.Request) { dbConn, err := util.GetConnection(CLUSTERADMIN_DB) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), 400) return } defer dbConn.Close() err = secimpl.Authorize(dbConn, r.PathParam("Token"), "perm-read") if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusUnauthorized) return } ID := r.PathParam("ID") if ID == "" { rest.Error(w, "ID required", 400) return } //get container info var node types.Container node, err = admindb.GetContainer(dbConn, ID) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusBadRequest) return } var credential types.Credential credential, err = admindb.GetUserCredentials(dbConn, &node) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusBadRequest) return } var dbConn2 *sql.DB dbConn2, err = util.GetMonitoringConnection(credential.Host, credential.Username, credential.Port, credential.Database, credential.Password) defer dbConn2.Close() users := make([]types.ContainerUser, 0) //query results var rows *sql.Rows rows, err = dbConn2.Query("select rolname::text, rolsuper::text, rolinherit::text, rolcreaterole::text, rolcreatedb::text, rolcanlogin::text, rolreplication::text from pg_roles order by rolname") if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusBadRequest) return } defer rows.Close() for rows.Next() { user := types.ContainerUser{} if err = rows.Scan( &user.Rolname, &user.Rolsuper, &user.Rolinherit, &user.Rolcreaterole, &user.Rolcreatedb, &user.Rolcanlogin, &user.Rolreplication, ); err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusBadRequest) return } user.Containername = node.Name user.ContainerID = node.ID users = append(users, user) } if err = rows.Err(); err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusBadRequest) return } w.WriteHeader(http.StatusOK) w.WriteJson(&users) }
// AddContainerUser creates a new database user for a given container func AddContainerUser(w rest.ResponseWriter, r *rest.Request) { postMsg := types.NodeUser{} err := r.DecodeJsonPayload(&postMsg) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusInternalServerError) return } var dbConn *sql.DB dbConn, err = util.GetConnection(CLUSTERADMIN_DB) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), 400) return } defer dbConn.Close() err = secimpl.Authorize(dbConn, postMsg.Token, "perm-user") if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusUnauthorized) return } if postMsg.ID == "" { logit.Error.Println("AddContainerUser: error node ID required") rest.Error(w, "ID required", 400) return } if postMsg.Rolname == "" { logit.Error.Println("AddContainerUser: error node Rolname required") rest.Error(w, "Rolname required", 400) return } if postMsg.Passwd == "" { logit.Error.Println("AddContainerUser: error node Passwd required") rest.Error(w, "Passwd required", 400) return } //create user on the container //get container info node, err := admindb.GetContainer(dbConn, postMsg.ID) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusBadRequest) return } var credential types.Credential credential, err = admindb.GetUserCredentials(dbConn, &node) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusBadRequest) return } var dbConn2 *sql.DB dbConn2, err = util.GetMonitoringConnection(credential.Host, credential.Username, credential.Port, credential.Database, credential.Password) defer dbConn2.Close() var SUPERUSER = "" var INHERIT = "" var CREATEROLE = "" var CREATEDB = "" var LOGIN = "" var REPLICATION = "" //logit.Info.Println("Rolsuper is " + strconv.FormatBool(postMsg.Rolsuper)) if postMsg.Rolsuper { SUPERUSER = "******" } if postMsg.Rolinherit { INHERIT = "INHERIT" } if postMsg.Rolcreaterole { CREATEROLE = "CREATEROLE" } if postMsg.Rolcreatedb { CREATEDB = "CREATEDB" } if postMsg.Rollogin { LOGIN = "******" } if postMsg.Rolreplication { REPLICATION = "REPLICATION" } query := "create user " + postMsg.Rolname + " " + SUPERUSER + " " + INHERIT + " " + CREATEROLE + " " + CREATEDB + " " + LOGIN + " " + REPLICATION + " " + "PASSWORD '" + postMsg.Passwd + "'" logit.Info.Println(query) _, err = dbConn2.Query(query) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), http.StatusBadRequest) return } //create user in the admin db dbuser := types.ContainerUser{} dbuser.Containername = node.Name dbuser.Passwd = postMsg.Passwd dbuser.Rolname = postMsg.Rolname result, err := admindb.AddContainerUser(dbConn, dbuser) if err != nil { logit.Error.Println(err.Error()) rest.Error(w, err.Error(), 400) return } logit.Info.Printf("AddContainerUser: new ID %d\n", result) w.WriteHeader(http.StatusOK) status := types.SimpleStatus{} status.Status = "OK" w.WriteJson(&status) }