X-Git-Url: https://gerrit.mcp.mirantis.com/gitweb?p=salt-formulas%2Finfluxdb.git;a=blobdiff_plain;f=influxdb%2Fserver.sls;h=c0f0ea653c33f08b201fe6f7e3a9f77a37da6847;hp=06643b5e2311c519cdbf6883cd48804de1160740;hb=071a93efbd6bf5377719ab70f39b54b64b49ec95;hpb=e7b06140659f6aeeed98aba748378395b7d46eeb

diff --git a/influxdb/server.sls b/influxdb/server.sls
index 06643b5..c0f0ea6 100644
--- a/influxdb/server.sls
+++ b/influxdb/server.sls
@@ -25,8 +25,76 @@ influxdb_service:
   service.running:
   - enable: true
   - name: {{ server.service }}
+  # This delay is needed before being able to send data to server to create
+  # users and databases.
+  - init_delay: 5
   - watch:
     - file: influxdb_config
     - file: influxdb_default
 
+{% set url_for_query = "http://{}:{}/query".format(server.http.bind.address, server.http.bind.port) %}
+{% set admin_created = false %}
+
+{%- if server.admin.get('user', {}).get('enabled', false) %}
+  {% set query_create_admin = "--data-urlencode \"q=CREATE USER {} WITH PASSWORD '{}' WITH ALL PRIVILEGES\"".format(server.admin.user.name, server.admin.user.password) %}
+  {% set admin_url = "http://{}:{}/query?u={}&p={}".format(server.http.bind.address, server.http.bind.port, server.admin.user.name, server.admin.user.password) %}
+influxdb_create_admin:
+  cmd.run:
+  - name: curl -f -S -POST "{{ url_for_query }}" {{ query_create_admin }} || curl -f -S -POST "{{ admin_url }}" {{ query_create_admin }}
+  - require:
+    - service: influxdb_service
+  {% set url_for_query = admin_url %}
+  {% set admin_created = true %}
+{%- endif %}
+
+# An admin must exist before creating others users
+{%- if admin_created %}
+  {%- for user_name, user in server.get('user', {}).iteritems() %}
+    {%- if user.get('enabled', false) %}
+      {%- if user.get('admin', false) %}
+        {% set query_create_user = "--data-urlencode \"q=CREATE USER {} WITH PASSWORD '{}' WITH ALL PRIVILEGES\"".format(user.name, user.password) %}
+      {%- else %}
+        {% set query_create_user = "--data-urlencode \"q=CREATE USER {} WITH PASSWORD '{}'\"".format(user.name, user.password) %}
+      {%- endif %}
+influxdb_create_user_{{user.name}}:
+  cmd.run:
+    - name: curl -f -S -POST "{{ url_for_query }}" {{ query_create_user }}
+    - require:
+      - cmd: influxdb_create_admin
+    # TODO: manage user deletion
+    {%- endif %}
+  {%- endfor %}
+{%- endif %}
+
+{%- for db_name, db in server.get('database', {}).iteritems() %}
+  {%- if db.get('enabled', false) %}
+    {% set query_create_db = "--data-urlencode \"q=CREATE DATABASE {}\"".format(db.name) %}
+influxdb_create_db_{{db.name}}:
+  cmd.run:
+    - name: curl -f -S -POST "{{ url_for_query }}" {{ query_create_db }}
+    {%- if admin_created %}
+    - require:
+      - cmd: influxdb_create_admin
+    {%- endif %}
+  # TODO: manage database deletion
+  {%- endif %}
+{%- endfor %}
+
+# An admin must exist to manage grants, otherwise there is no user.
+{%- if admin_created %}
+{%- for grant_name, grant in server.get('grant', {}).iteritems() %}
+  {%- if grant.get('enabled', false) %}
+    {% set query_grant_user_access = "--data-urlencode \"q=GRANT {} ON {} TO {}\"".format(grant.privilege, grant.database, grant.user) %}
+influxdb_grant_{{grant_name}}:
+  cmd.run:
+    - name: curl -f -S -POST "{{ url_for_query }}" {{ query_grant_user_access }}
+    - require:
+      - cmd: influxdb_create_db_{{grant.database}}
+      - cmd: influxdb_create_user_{{grant.user}}
+      - cmd: influxdb_create_admin
+    # TODO: manage grant deletion (if needed)
+  {%- endif %}
+{%- endfor %}
+{%- endif %}
+
 {%- endif %}