You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

103 lines
2.8 KiB

  1. #!/bin/bash
  2. ## When writing relation script, remember:
  3. ## - they should be idempotents
  4. ## - they can be launched while the dockers is already up
  5. ## - they are launched from the host
  6. ## - the target of the link is launched first, and get a chance to ``relation-set``
  7. ## - both side of the scripts get to use ``relation-get``.
  8. DBNAME=$(relation-get dbname) || {
  9. DBNAME="$BASE_SERVICE_NAME"
  10. relation-set dbname "$DBNAME"
  11. }
  12. USER=$(relation-get user) || {
  13. USER="$BASE_SERVICE_NAME"
  14. relation-set user "$USER"
  15. }
  16. . lib/common
  17. set -e
  18. ## YYY: check that password was not already generated/set for the same user
  19. ## use session state storage.
  20. ## is there a previous password set for user $USER ?
  21. NO_PREVIOUS_PASS=
  22. PREVIOUS_PASSWORD_PATH="$state_tmpdir/$SERVICE_NAME/pwd/$USER"
  23. PREVIOUS_PASSWORD=$(cat "$PREVIOUS_PASSWORD_PATH" 2>/dev/null) || NO_PREVIOUS_PASS=true
  24. if PASSWORD="$(relation-get password 2>/dev/null)"; then
  25. if [ -z "$NO_PREVIOUS_PASS" -a "$PREVIOUS_PASSWORD" != "$PASSWORD" ]; then
  26. die "Inconsistent password specification for user '$USER' on ${DARKYELLOW}$TARGET_SERVICE_NAME$NORMAL."
  27. fi
  28. else
  29. if [ "$PREVIOUS_PASSWORD" ]; then
  30. PASSWORD="${PREVIOUS_PASSWORD}"
  31. else
  32. PASSWORD="$(gen_password)"
  33. info "Generated a new password for user '$USER'."
  34. fi
  35. fi
  36. array_read-0 extensions < <(relation-get extensions 2>/dev/null | shyaml get-values-0)
  37. ensure_db_docker_running
  38. ## XXXvlab: should send all these into only one docker...
  39. if ! db_has_database "$DBNAME"; then
  40. INITDB_ARGS=(encoding lc-collate lc-ctype template)
  41. CREATEDB_OPTS=()
  42. for option in "${INITDB_ARGS[@]}"; do
  43. value="$(relation-get "$option" 2>/dev/null)" || true
  44. if [ -n "$value" ]; then
  45. CREATEDB_OPTS+=("--$option=$value")
  46. fi
  47. done
  48. db_create "$DBNAME" "${CREATEDB_OPTS[@]}" || exit 1
  49. if sql=$(relation-get init-sql); then
  50. ddb "$DBNAME" > /dev/null < <(e "$sql") || exit 1
  51. fi
  52. fi
  53. if [ "${#extensions[@]}" -gt 0 ]; then
  54. db_install_extensions "$DBNAME" "${extensions[@]}" || exit 1
  55. fi
  56. if ! db_has_user "$USER"; then
  57. info "Creating a new user $USER."
  58. db_create_user "$USER" "$PASSWORD" || exit 1
  59. else
  60. info "Updating password of user $USER."
  61. db_change_password "$USER" "$PASSWORD" || exit 1
  62. fi
  63. db_grant_rights "$DBNAME" "$USER"
  64. info "Granted rights on database '$DBNAME' to user '$USER'."
  65. ##
  66. ## PGPASS
  67. ##
  68. pgpass_line="*:*:*:$USER:$PASSWORD"
  69. pgpass_file="$CONFIGSTORE/$BASE_SERVICE_NAME/root/.pgpass"
  70. if [ -e "$pgpass_file" ]; then
  71. sed -ri "/^.+:.+:.+:$USER:.*$/d" "$pgpass_file"
  72. fi
  73. mkdir -p "$(dirname "$pgpass_file")"
  74. echo "$pgpass_line" >> "$pgpass_file"
  75. chmod 600 "$pgpass_file"
  76. ##
  77. ## Saving password
  78. ##
  79. relation-set password "$PASSWORD"
  80. mkdir -p "$(dirname "$PREVIOUS_PASSWORD_PATH")"
  81. echo "$PASSWORD" > "$PREVIOUS_PASSWORD_PATH"