« back to all changes in this revision
Viewing changes to hooks/service.py
- browse files at revision 132
- compare with another revision
- download diff
- download tarball
- view history from revision 132
- Committer: Stuart Bishop
- Date: 2015-11-20 09:52:07 UTC
- mfrom: (131.1.2 postgresql)
- Revision ID: stuart.bishop@canonical.com-20151120095207-9y5x1lq5u3tl1bhm
[bloodearnest, r=stub] Add test coverage of the pg_hba.conf generation, and fix several bugs in the process.
- files added:
- tests/test_pg_hba_conf.py
- files modified:
- hooks/service.py
added
removed
hooks/service.py
323
323
324
324
@data_ready_action
325
325
def update_pg_hba_conf():
326
327
# grab the needed current state
328
config = hookenv.config()
329
rels = context.Relations()
330
path = postgresql.pg_hba_conf_path()
331
with open(path, 'r') as f:
332
pg_hba = f.read()
333
334
# generate the new state
335
pg_hba_content = generate_pg_hba_conf(pg_hba, config, rels)
336
337
# write out the new state
338
helpers.rewrite(path, pg_hba_content)
339
340
341
def generate_pg_hba_conf(pg_hba, config, rels):
326
342
'''Update the pg_hba.conf file (host based authentication).'''
327
343
rules = [] # The ordered list, as tuples.
328
344
344
360
# user connect to their matching PostgreSQL user, if it exists.
345
361
add('local', 'all', 'all', 'peer')
346
362
347
rels = context.Relations()
348
349
363
# Peers need replication access as the charm replication user.
350
364
if rels.peer:
351
365
for peer, relinfo in rels.peer.items():
390
404
# as the relation gets its own user to avoid sharing credentials,
391
405
# and logical replication connections will want to specify the
392
406
# database name.
393
for rel in rels['master']:
407
for rel in rels['master'].values():
394
408
for relinfo in rel.values():
395
409
addr = postgresql.addr_to_range(relinfo['private-address'])
396
410
add('host', 'replication',
397
411
postgresql.quote_identifier(rel.local['user']),
398
412
postgresql.quote_identifier(addr),
399
413
'md5', '# {}'.format(relinfo))
400
if 'database' is rel.local:
414
if 'database' in rel.local:
401
415
add('host',
402
416
postgresql.quote_identifier(rel.local['database']),
403
417
postgresql.quote_identifier(rel.local['user']),
405
419
'md5', '# {}'.format(relinfo))
406
420
407
421
# External administrative addresses, if specified by the operator.
408
config = hookenv.config()
409
422
for addr in config['admin_addresses'].split(','):
410
423
if addr:
411
add('host', 'all', 'all', postgresql.addr_to_range(addr),
424
add('host', 'all', 'all',
425
postgresql.quote_identifier(postgresql.addr_to_range(addr)),
412
426
'md5', '# admin_addresses config')
413
427
414
428
# And anything-goes rules, if specified by the operator.
415
for line in config['extra_pg_auth'].splitlines():
416
add((line, '# extra_pg_auth config'))
429
for line in config['extra_pg_auth'].split(','):
430
add(line + '# extra_pg_auth config')
417
431
418
432
# Deny everything else
419
433
add('local', 'all', 'all', 'reject', '# Refuse by default')
420
434
add('host', 'all', 'all', 'all', 'reject', '# Refuse by default')
421
435
422
# Load the existing file
423
path = postgresql.pg_hba_conf_path()
424
with open(path, 'r') as f:
425
pg_hba = f.read()
426
427
436
# Strip out the existing juju managed section
428
437
start_mark = '### BEGIN JUJU SETTINGS ###'
429
438
end_mark = '### END JUJU SETTINGS ###'
438
447
rules.insert(0, (start_mark,))
439
448
rules.append((end_mark,))
440
449
pg_hba += '\n' + '\n'.join(' '.join(rule) for rule in rules)
441
helpers.rewrite(path, pg_hba)
450
return pg_hba
442
451
443
452
444
453
def assemble_postgresql_conf():
Loggerhead is a web-based interface for Breezy
Version: 2.0.1