File Coverage

lib/Disbatch/Roles.pm
Criterion Covered Total %
statement 11 37 29.7
branch 0 8 0.0
condition 0 17 0.0
subroutine 4 11 36.3
pod 3 3 100.0
total 18 76 23.6


line stmt bran cond sub pod time code
1             package Disbatch::Roles;
2             $Disbatch::Roles::VERSION = '3.990';
3 1     1   473 use 5.12.0;
  1         2  
4 1     1   5 use warnings;
  1         0  
  1         30  
5              
6 1     1   3 use Safe::Isa;
  1         1  
  1         126  
7 1     1   6 use Try::Tiny;
  1         2  
  1         808  
8              
9             sub new {
10 0     0 1   my $class = shift;
11 0           my $self = { @_ };
12 0 0 0       die "A MongoDB::Database object must be passed as 'db'" unless ref ($self->{db} // '') eq 'MongoDB::Database';
13 0 0 0       die "Passwords for accounts must be passed as 'disbatchd', 'disbatch_web', 'task_runner', and 'plugin'" unless $self->{disbatchd} and $self->{disbatch_web} and $self->{task_runner} and $self->{plugin};
      0        
      0        
14              
15             $self->{userroles} = {
16             disbatchd => {
17             password => $self->{disbatchd},
18             privileges => [
19             { resource => { db => $self->{db}{name}, collection => '' }, actions => [ 'find' ] },
20             { resource => { db => $self->{db}{name}, collection => 'nodes' }, actions => [ 'find', 'insert', 'update', 'createIndex' ] },
21             { resource => { db => $self->{db}{name}, collection => 'queues' }, actions => [ 'update', 'createIndex' ] },
22             { resource => { db => $self->{db}{name}, collection => 'tasks' }, actions => [ 'update', 'createIndex' ] },
23             { resource => { db => $self->{db}{name}, collection => 'tasks.chunks' }, actions => [ 'createIndex' ] },
24             { resource => { db => $self->{db}{name}, collection => 'tasks.files' }, actions => [ 'createIndex' ] },
25             ],
26             },
27             disbatch_web => {
28             password => $self->{disbatch_web},
29             privileges => [
30             { resource => { db => $self->{db}{name}, collection => '' }, actions => [ 'find' ] },
31             { resource => { db => $self->{db}{name}, collection => 'nodes' }, actions => [ 'find', 'update' ] },
32             { resource => { db => $self->{db}{name}, collection => 'queues' }, actions => [ 'insert', 'update', 'remove' ] },
33             { resource => { db => $self->{db}{name}, collection => 'tasks' }, actions => [ 'insert' ] },
34             ],
35             },
36             task_runner => {
37             password => $self->{task_runner},
38             privileges => [
39             { resource => { db => $self->{db}{name}, collection => '' }, actions => [ 'find' ] },
40             { resource => { db => $self->{db}{name}, collection => 'queues' }, actions => [ 'update' ] },
41             { resource => { db => $self->{db}{name}, collection => 'tasks' }, actions => [ 'update' ] },
42             { resource => { db => $self->{db}{name}, collection => 'tasks.chunks' }, actions => [ 'insert' ] },
43             { resource => { db => $self->{db}{name}, collection => 'tasks.files' }, actions => [ 'insert' ] },
44             ],
45             },
46             plugin => {
47             password => $self->{plugin},
48 0           privileges => [ map { { resource => { db => $self->{db}{name}, collection => $_ }, actions => $self->{plugin_perms}{$_} } } keys %{$self->{plugin_perms}} ],
  0            
  0            
49             },
50             };
51 0           bless $self, $class;
52             }
53              
54             sub create_roles_and_users {
55 0     0 1   my ($self) = @_;
56 0           for my $name (keys %{$self->{userroles}}) {
  0            
57 0           $self->{db}->run_command([createRole => $name, roles => [], privileges => $self->{userroles}{$name}{privileges} ]);
58 0           $self->{db}->run_command([createUser => $name, pwd => $self->{userroles}{$name}{password}, roles => [ { role => $name, db => $self->{db}{name} } ]]);
59             };
60             }
61              
62             sub drop_roles_and_users {
63 0     0 1   my ($self) = @_;
64 0           for my $name (keys %{$self->{userroles}}) {
  0            
65             try {
66 0     0     $self->{db}->run_command([dropRole => $name]);
67             } catch {
68             # MongoDB::DatabaseError: No role named disbatch_web@disbatch
69 0 0 0 0     if ($_->$_isa('MongoDB::DatabaseError') and $_->{message} =~ /^No role named $name\@$self->{db}{name}$/) {
70 0           warn "$_->{message} (ignoring error)\n";
71             } else {
72 0           die $_;
73             }
74 0           };
75             # User 'disbatch_web@disbatch' not found
76             try {
77 0     0     $self->{db}->run_command([dropUser => $name]);
78             } catch {
79 0 0 0 0     if ($_->$_isa('MongoDB::DatabaseError') and $_->{message} =~ /^User '$name\@$self->{db}{name}' not found$/) {
80 0           warn "$_->{message} (ignoring error)\n";
81             } else {
82 0           die $_;
83             }
84 0           };
85             };
86             }
87              
88             1;
89              
90             __END__
91              
92             =encoding utf8
93              
94             =head1 NAME
95              
96             Disbatch::Roles - define and create MongoDB roles and users for Disbatch
97              
98             =head1 VERSION
99              
100             version 3.990
101              
102             =head1 SUBROUTINES
103              
104             =over 2
105              
106             =item new
107              
108             Parameters: C<< db => $db, plugin_perms => $plugin_perms, disbatchd => $disbatchd_pw, disbatch_web => $disbatch_web_pw, task_runner => $task_runner_pw, plugin => $plugin_pw >>
109              
110             C<db> is a C<MongoDB::Database> object which must be authenticated with an accout having the C<root> role.
111             C<plugin_perms> is a C<HASH> in the format of C<< { collection_name => array_of_actions, ... } >>, to give the plugin the needed permissions for MongoDB.
112             C<disbatchd>, C<disbatch_web>, C<task_runner>, and C<plugin> are roles and users to create, with their values being their respective passwords.
113              
114             Dies if invalid parameters.
115              
116             =item create_roles_and_users
117              
118             Parameters: none.
119              
120             Creates the roles and users for C<disbatchd>, C<disbatch_web>, C<task_runner>, and C<plugin>.
121              
122             Dies if the roles or users already exist, or on any other MongoDB error.
123              
124             =item drop_roles_and_users
125              
126             Parameters: none.
127              
128             Drops the roles and users for C<disbatchd>, C<disbatch_web>, C<task_runner>, and C<plugin>.
129              
130             Dies if the roles or users don't exist(???), or on any other MongoDB error.
131              
132             =back
133              
134             =head1 SEE ALSO
135              
136             L<Disbatch>
137              
138             L<Disbatch::Web>
139              
140             L<Disbatch::Plugin::Demo>
141              
142             L<disbatchd>
143              
144             L<disbatch.pl>
145              
146             L<task_runner>
147              
148             L<disbatch-create-users>
149              
150             =head1 AUTHORS
151              
152             Ashley Willis <awillis@synacor.com>
153              
154             =head1 COPYRIGHT AND LICENSE
155              
156             This software is Copyright (c) 2016 by Ashley Willis.
157              
158             This is free software, licensed under:
159              
160             The Apache License, Version 2.0, January 2004