line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Disbatch::Roles; |
2
|
|
|
|
|
|
|
$Disbatch::Roles::VERSION = '3.990'; |
3
|
1
|
|
|
1
|
|
473
|
use 5.12.0; |
|
1
|
|
|
|
|
2
|
|
4
|
1
|
|
|
1
|
|
5
|
use warnings; |
|
1
|
|
|
|
|
0
|
|
|
1
|
|
|
|
|
30
|
|
5
|
|
|
|
|
|
|
|
6
|
1
|
|
|
1
|
|
3
|
use Safe::Isa; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
126
|
|
7
|
1
|
|
|
1
|
|
6
|
use Try::Tiny; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
808
|
|
8
|
|
|
|
|
|
|
|
9
|
|
|
|
|
|
|
sub new { |
10
|
0
|
|
|
0
|
1
|
|
my $class = shift; |
11
|
0
|
|
|
|
|
|
my $self = { @_ }; |
12
|
0
|
0
|
0
|
|
|
|
die "A MongoDB::Database object must be passed as 'db'" unless ref ($self->{db} // '') eq 'MongoDB::Database'; |
13
|
0
|
0
|
0
|
|
|
|
die "Passwords for accounts must be passed as 'disbatchd', 'disbatch_web', 'task_runner', and 'plugin'" unless $self->{disbatchd} and $self->{disbatch_web} and $self->{task_runner} and $self->{plugin}; |
|
|
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
14
|
|
|
|
|
|
|
|
15
|
|
|
|
|
|
|
$self->{userroles} = { |
16
|
|
|
|
|
|
|
disbatchd => { |
17
|
|
|
|
|
|
|
password => $self->{disbatchd}, |
18
|
|
|
|
|
|
|
privileges => [ |
19
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => '' }, actions => [ 'find' ] }, |
20
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => 'nodes' }, actions => [ 'find', 'insert', 'update', 'createIndex' ] }, |
21
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => 'queues' }, actions => [ 'update', 'createIndex' ] }, |
22
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => 'tasks' }, actions => [ 'update', 'createIndex' ] }, |
23
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => 'tasks.chunks' }, actions => [ 'createIndex' ] }, |
24
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => 'tasks.files' }, actions => [ 'createIndex' ] }, |
25
|
|
|
|
|
|
|
], |
26
|
|
|
|
|
|
|
}, |
27
|
|
|
|
|
|
|
disbatch_web => { |
28
|
|
|
|
|
|
|
password => $self->{disbatch_web}, |
29
|
|
|
|
|
|
|
privileges => [ |
30
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => '' }, actions => [ 'find' ] }, |
31
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => 'nodes' }, actions => [ 'find', 'update' ] }, |
32
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => 'queues' }, actions => [ 'insert', 'update', 'remove' ] }, |
33
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => 'tasks' }, actions => [ 'insert' ] }, |
34
|
|
|
|
|
|
|
], |
35
|
|
|
|
|
|
|
}, |
36
|
|
|
|
|
|
|
task_runner => { |
37
|
|
|
|
|
|
|
password => $self->{task_runner}, |
38
|
|
|
|
|
|
|
privileges => [ |
39
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => '' }, actions => [ 'find' ] }, |
40
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => 'queues' }, actions => [ 'update' ] }, |
41
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => 'tasks' }, actions => [ 'update' ] }, |
42
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => 'tasks.chunks' }, actions => [ 'insert' ] }, |
43
|
|
|
|
|
|
|
{ resource => { db => $self->{db}{name}, collection => 'tasks.files' }, actions => [ 'insert' ] }, |
44
|
|
|
|
|
|
|
], |
45
|
|
|
|
|
|
|
}, |
46
|
|
|
|
|
|
|
plugin => { |
47
|
|
|
|
|
|
|
password => $self->{plugin}, |
48
|
0
|
|
|
|
|
|
privileges => [ map { { resource => { db => $self->{db}{name}, collection => $_ }, actions => $self->{plugin_perms}{$_} } } keys %{$self->{plugin_perms}} ], |
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
|
|
49
|
|
|
|
|
|
|
}, |
50
|
|
|
|
|
|
|
}; |
51
|
0
|
|
|
|
|
|
bless $self, $class; |
52
|
|
|
|
|
|
|
} |
53
|
|
|
|
|
|
|
|
54
|
|
|
|
|
|
|
sub create_roles_and_users { |
55
|
0
|
|
|
0
|
1
|
|
my ($self) = @_; |
56
|
0
|
|
|
|
|
|
for my $name (keys %{$self->{userroles}}) { |
|
0
|
|
|
|
|
|
|
57
|
0
|
|
|
|
|
|
$self->{db}->run_command([createRole => $name, roles => [], privileges => $self->{userroles}{$name}{privileges} ]); |
58
|
0
|
|
|
|
|
|
$self->{db}->run_command([createUser => $name, pwd => $self->{userroles}{$name}{password}, roles => [ { role => $name, db => $self->{db}{name} } ]]); |
59
|
|
|
|
|
|
|
}; |
60
|
|
|
|
|
|
|
} |
61
|
|
|
|
|
|
|
|
62
|
|
|
|
|
|
|
sub drop_roles_and_users { |
63
|
0
|
|
|
0
|
1
|
|
my ($self) = @_; |
64
|
0
|
|
|
|
|
|
for my $name (keys %{$self->{userroles}}) { |
|
0
|
|
|
|
|
|
|
65
|
|
|
|
|
|
|
try { |
66
|
0
|
|
|
0
|
|
|
$self->{db}->run_command([dropRole => $name]); |
67
|
|
|
|
|
|
|
} catch { |
68
|
|
|
|
|
|
|
# MongoDB::DatabaseError: No role named disbatch_web@disbatch |
69
|
0
|
0
|
0
|
0
|
|
|
if ($_->$_isa('MongoDB::DatabaseError') and $_->{message} =~ /^No role named $name\@$self->{db}{name}$/) { |
70
|
0
|
|
|
|
|
|
warn "$_->{message} (ignoring error)\n"; |
71
|
|
|
|
|
|
|
} else { |
72
|
0
|
|
|
|
|
|
die $_; |
73
|
|
|
|
|
|
|
} |
74
|
0
|
|
|
|
|
|
}; |
75
|
|
|
|
|
|
|
# User 'disbatch_web@disbatch' not found |
76
|
|
|
|
|
|
|
try { |
77
|
0
|
|
|
0
|
|
|
$self->{db}->run_command([dropUser => $name]); |
78
|
|
|
|
|
|
|
} catch { |
79
|
0
|
0
|
0
|
0
|
|
|
if ($_->$_isa('MongoDB::DatabaseError') and $_->{message} =~ /^User '$name\@$self->{db}{name}' not found$/) { |
80
|
0
|
|
|
|
|
|
warn "$_->{message} (ignoring error)\n"; |
81
|
|
|
|
|
|
|
} else { |
82
|
0
|
|
|
|
|
|
die $_; |
83
|
|
|
|
|
|
|
} |
84
|
0
|
|
|
|
|
|
}; |
85
|
|
|
|
|
|
|
}; |
86
|
|
|
|
|
|
|
} |
87
|
|
|
|
|
|
|
|
88
|
|
|
|
|
|
|
1; |
89
|
|
|
|
|
|
|
|
90
|
|
|
|
|
|
|
__END__ |
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
=encoding utf8 |
93
|
|
|
|
|
|
|
|
94
|
|
|
|
|
|
|
=head1 NAME |
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
Disbatch::Roles - define and create MongoDB roles and users for Disbatch |
97
|
|
|
|
|
|
|
|
98
|
|
|
|
|
|
|
=head1 VERSION |
99
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
version 3.990 |
101
|
|
|
|
|
|
|
|
102
|
|
|
|
|
|
|
=head1 SUBROUTINES |
103
|
|
|
|
|
|
|
|
104
|
|
|
|
|
|
|
=over 2 |
105
|
|
|
|
|
|
|
|
106
|
|
|
|
|
|
|
=item new |
107
|
|
|
|
|
|
|
|
108
|
|
|
|
|
|
|
Parameters: C<< db => $db, plugin_perms => $plugin_perms, disbatchd => $disbatchd_pw, disbatch_web => $disbatch_web_pw, task_runner => $task_runner_pw, plugin => $plugin_pw >> |
109
|
|
|
|
|
|
|
|
110
|
|
|
|
|
|
|
C<db> is a C<MongoDB::Database> object which must be authenticated with an accout having the C<root> role. |
111
|
|
|
|
|
|
|
C<plugin_perms> is a C<HASH> in the format of C<< { collection_name => array_of_actions, ... } >>, to give the plugin the needed permissions for MongoDB. |
112
|
|
|
|
|
|
|
C<disbatchd>, C<disbatch_web>, C<task_runner>, and C<plugin> are roles and users to create, with their values being their respective passwords. |
113
|
|
|
|
|
|
|
|
114
|
|
|
|
|
|
|
Dies if invalid parameters. |
115
|
|
|
|
|
|
|
|
116
|
|
|
|
|
|
|
=item create_roles_and_users |
117
|
|
|
|
|
|
|
|
118
|
|
|
|
|
|
|
Parameters: none. |
119
|
|
|
|
|
|
|
|
120
|
|
|
|
|
|
|
Creates the roles and users for C<disbatchd>, C<disbatch_web>, C<task_runner>, and C<plugin>. |
121
|
|
|
|
|
|
|
|
122
|
|
|
|
|
|
|
Dies if the roles or users already exist, or on any other MongoDB error. |
123
|
|
|
|
|
|
|
|
124
|
|
|
|
|
|
|
=item drop_roles_and_users |
125
|
|
|
|
|
|
|
|
126
|
|
|
|
|
|
|
Parameters: none. |
127
|
|
|
|
|
|
|
|
128
|
|
|
|
|
|
|
Drops the roles and users for C<disbatchd>, C<disbatch_web>, C<task_runner>, and C<plugin>. |
129
|
|
|
|
|
|
|
|
130
|
|
|
|
|
|
|
Dies if the roles or users don't exist(???), or on any other MongoDB error. |
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
=back |
133
|
|
|
|
|
|
|
|
134
|
|
|
|
|
|
|
=head1 SEE ALSO |
135
|
|
|
|
|
|
|
|
136
|
|
|
|
|
|
|
L<Disbatch> |
137
|
|
|
|
|
|
|
|
138
|
|
|
|
|
|
|
L<Disbatch::Web> |
139
|
|
|
|
|
|
|
|
140
|
|
|
|
|
|
|
L<Disbatch::Plugin::Demo> |
141
|
|
|
|
|
|
|
|
142
|
|
|
|
|
|
|
L<disbatchd> |
143
|
|
|
|
|
|
|
|
144
|
|
|
|
|
|
|
L<disbatch.pl> |
145
|
|
|
|
|
|
|
|
146
|
|
|
|
|
|
|
L<task_runner> |
147
|
|
|
|
|
|
|
|
148
|
|
|
|
|
|
|
L<disbatch-create-users> |
149
|
|
|
|
|
|
|
|
150
|
|
|
|
|
|
|
=head1 AUTHORS |
151
|
|
|
|
|
|
|
|
152
|
|
|
|
|
|
|
Ashley Willis <awillis@synacor.com> |
153
|
|
|
|
|
|
|
|
154
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE |
155
|
|
|
|
|
|
|
|
156
|
|
|
|
|
|
|
This software is Copyright (c) 2016 by Ashley Willis. |
157
|
|
|
|
|
|
|
|
158
|
|
|
|
|
|
|
This is free software, licensed under: |
159
|
|
|
|
|
|
|
|
160
|
|
|
|
|
|
|
The Apache License, Version 2.0, January 2004 |