62 lines
1.6 KiB

  1. #!/bin/bash
  2. ## When writing relation script, remember:
  3. ## - they should be idempotents
  4. ## - they can be launched while the dockers is already up
  5. ## - they are launched from the host
  6. ## - the target of the link is launched first, and get a chance to ``relation-set``
  7. ## - both side of the scripts get to use ``relation-get``.
  8. DBNAME=$(relation-get dbname 2>/dev/null) || {
  9. DBNAME="$BASE_SERVICE_NAME"
  10. relation-set dbname "$DBNAME"
  11. }
  12. USER=$(relation-get user 2>/dev/null) || {
  13. USER="$BASE_SERVICE_NAME"
  14. relation-set user "$USER"
  15. }
  16. PASSWORD="$(relation-get password 2>/dev/null)"
  17. . lib/common
  18. set -e
  19. ## is there a previous password set for user $USER ?
  20. NO_PREVIOUS_PASS=
  21. PREVIOUS_PASSWORD_PATH="$state_tmpdir/$SERVICE_NAME/pwd/$USER"
  22. PREVIOUS_PASSWORD=$(cat "$PREVIOUS_PASSWORD_PATH" 2>/dev/null) || NO_PREVIOUS_PASS=true
  23. if PASSWORD="$(relation-get password 2>/dev/null)"; then
  24. if [ -z "$NO_PREVIOUS_PASS" -a "$PREVIOUS_PASSWORD" != "$PASSWORD" ]; then
  25. die "Inconsistent password specification for user '$USER' on ${DARKYELLOW}$TARGET_SERVICE_NAME$NORMAL."
  26. fi
  27. else
  28. if [ "$PREVIOUS_PASSWORD" ]; then
  29. PASSWORD="${PREVIOUS_PASSWORD}"
  30. else
  31. PASSWORD="$(gen_password)"
  32. info "Generated a new password for user '$USER'."
  33. fi
  34. fi
  35. ensure_db_docker_running || exit 1
  36. if [ "$?" == 0 ] && check_access "$DBNAME" "$USER" "$PASSWORD"; then
  37. info "Access to database '$DBNAME' from user '$USER' verified working."
  38. exit 0
  39. fi
  40. db_create "$DBNAME"
  41. db_grant_rights "$DBNAME" "$USER" "$PASSWORD"
  42. info "Granted rights on database '$DBNAME' to user '$USER'."
  43. relation-set password "$PASSWORD"