From 300586b46b07f764eb45970919c89361e106d2af Mon Sep 17 00:00:00 2001
From: "Karl O. Pinc" <kop@karlpinc.com>
Date: Fri, 6 Oct 2023 14:06:39 -0500
Subject: [PATCH] Add user management commands: sokwedb-user-add,
 sokwedb-user-delete

---
 .gitignore                  |   4 +
 bin/sokwedb-user-add.m4     | 145 ++++++++++++++++++++++++++++++++++++
 bin/sokwedb-user-delete.m4  |  77 +++++++++++++++++++
 make_files/make_commands.mk |  19 ++++-
 4 files changed, 243 insertions(+), 2 deletions(-)
 create mode 100644 bin/sokwedb-user-add.m4
 create mode 100644 bin/sokwedb-user-delete.m4

diff --git a/.gitignore b/.gitignore
index 4c24851..cd6386b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,7 @@
+# Generated programs
+bin/sokwedb-user-add
+bin/sokwedb-user-delete
+
 # The generated sql
 db/schemas/**/*.sql
 db/*.sql
diff --git a/bin/sokwedb-user-add.m4 b/bin/sokwedb-user-add.m4
new file mode 100644
index 0000000..55ed356
--- /dev/null
+++ b/bin/sokwedb-user-add.m4
@@ -0,0 +1,145 @@
+#!/bin/sh
+# Copyright (C) 2012, 2023 The Meme Factory, Inc.  http://www.meme.com/
+# Copyright (C) 2005, 2008, 2011 Karl O. Pinc <kop@meme.com>
+#
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU Affero General Public License as
+#   published by the Free Software Foundation, either version 3 of the
+#   License, or (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU Affero General Public License for more details.
+#
+#   You should have received a copy of the GNU Affero General Public License
+#   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#
+# Add a user to the database
+#
+# Syntax: See usage() below.
+#
+# Karl O. Pinc <kop@meme.com>
+#
+# Bugs: Does not check to see if the user already exists.
+#       Lots of hardcoding.
+#       Creates an easily guessable password.
+#
+include(global_constants.m4)dnl
+include(global_macros.m4)dnl
+
+usage () {
+echo 'Syntax: sokwedb-user-add [-h host] adminuser username group'
+echo '        sokwedb-user-add [-h host] -a|-d [--no-azure] adminuser username'
+echo '        sokwedb-user-add --help'
+echo ''
+echo '  -a         Make the account an admin account'
+echo '  -d         Make the account a developer account'
+echo '  --no-azure The db is not on a pg azure hosted instance'
+echo '  -h host    Connect to the pg server on "host"'
+echo '  --help     Print this help'
+echo '  adminuser  The user to use to make the user'
+echo '  username   The username to add'
+echo '  group      The group in which to put the user'
+}
+
+# Parse command line
+export ADMIN=''
+export DEV=''
+export AZURE='yes'
+export HOSTARGS=''
+export A_ADMINUSER=$1
+while [ "$A_ADMINUSER" = '-a' \
+        -o "$A_ADMINUSER" = '-d' \
+        -o "$A_ADMINUSER" = '--no-azure' \
+        -o "$A_ADMINUSER" = '-h' \
+        -o "$A_ADMINUSER" = '--help' ] ; do
+  if [ "$A_ADMINUSER" = '-a' ] ; then
+    ADMIN='-a'
+    shift
+  elif [ "$A_ADMINUSER" = '-d' ] ; then
+    DEV='-d'
+    shift
+  elif [ "$A_ADMINUSER" = '--no-azure' ] ; then
+    AZURE="no"
+    shift
+  elif [ "$A_ADMINUSER" = '-h' ] ; then
+    HOSTARGS="--host $2"
+    shift 2
+  elif [ "$A_ADMINUSER" = '--help' ] ; then
+    usage
+    exit 0
+  fi
+  A_ADMINUSER=$1
+done
+export A_USER=$2
+export A_GROUP=$3
+
+if [ -z "$ADMIN" -a -z "$DEV" ] ; then
+  if [ "$A_GROUP" != "sdb_reader" \
+       -a "$A_GROUP" != "sdb_writer" ] ; then
+    echo "'$A_GROUP' not sdb_reader or sdb_writer" >&2
+    usage >&2
+    exit 1;
+  fi
+else
+  if [ ! -z "$A_GROUP" ] ; then
+    echo "Too many arguments" >&2
+    usage >&2
+    exit 1;
+  fi
+fi
+
+export AZURE_GRANTS=''
+if [ "$AZURE" = 'yes' ] ; then
+  AZURE_GRANTS="grant azure_pg_admin to $A_USER;"
+fi
+
+if [ -n "$ADMIN" ] ; then
+  psql $HOSTARGS -U $A_ADMINUSER -d template1 <<EOF
+create role $A_USER login createrole createdb password '$A_USER';
+grant sdb_admin_group
+    , pg_read_all_data
+    , pg_write_all_data
+    , pg_monitor
+    , pg_read_all_settings
+    , pg_read_all_stats
+    , pg_stat_scan_tables
+    , pg_signal_backend
+    , pg_checkpoint
+      TO $A_USER;
+$AZURE_GRANTS
+\q
+EOF
+elif [ -n "$DEV" ] ; then
+  psql $HOSTARGS -U $A_ADMINUSER -d template1 <<EOF
+create role $A_USER login createrole createdb password '$A_USER';
+grant sdb_admin_group to $A_USER;
+\q
+EOF
+else
+  psql $HOSTARGS -U $A_ADMINUSER -d sokwedb <<EOF
+begin;
+create user $A_USER password '$A_USER';
+alter group $A_GROUP add user $A_USER;
+create schema $A_USER authorization $A_USER;
+grant usage on schema $A_USER to public;
+commit;
+\c sokwedb_test
+begin;
+create schema $A_USER authorization $A_USER;
+grant usage on schema $A_USER to public;
+commit;
+\c sokwedb_copy
+begin;
+create schema $A_USER authorization $A_USER;
+grant usage on schema $A_USER to public;
+commit;
+\q
+EOF
+fi
+result=$?
+
+[ $result -ne 0 ] && exit $result
+echo "The password for $A_USER is $A_USER."
+echo "Please have them change it!"
diff --git a/bin/sokwedb-user-delete.m4 b/bin/sokwedb-user-delete.m4
new file mode 100644
index 0000000..fb5eae1
--- /dev/null
+++ b/bin/sokwedb-user-delete.m4
@@ -0,0 +1,77 @@
+#!/bin/sh
+# Copyright (C) 2012, 2023 The Meme Factory, Inc.  http://www.meme.com/
+# Copyright (C) 2005, 2008, 2011 Karl O. Pinc <kop@meme.com>
+#
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU Affero General Public License as
+#   published by the Free Software Foundation, either version 3 of the
+#   License, or (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU Affero General Public License for more details.
+#
+#   You should have received a copy of the GNU Affero General Public License
+#   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#
+# Add a user to the database
+#
+# Syntax: sokwedb-user-delete [-a] adminuser username
+#
+# Karl O. Pinc <kop@meme.com>
+#
+# Bugs: Does not check to see if the user already exists.
+#
+include(global_constants.m4)dnl
+include(global_macros.m4)dnl
+
+usage () {
+echo 'Syntax: sokwedb-user-delete [-h host] [-a] adminuser username'
+echo '        sokwedb-user-add --help'
+echo ''
+echo '  -a        Delete an admin or developer account'
+echo '  -h host   Connect to the pg server on "host"'
+echo '  --help    Print this help'
+echo '  adminuser The user to use to delete the user'
+echo '  username  The username to delete'
+}
+
+# Parse command line
+export ADMIN=''
+export HOSTARGS=''
+export A_ADMINUSER=$1
+while [ "$A_ADMINUSER" = '-a' \
+        -o "$A_ADMINUSER" = '-h' \
+        -o "$A_ADMINUSER" = '--help' ] ; do
+  if [ "$A_ADMINUSER" = '-a' ] ; then
+    ADMIN='-a'
+    shift
+  elif [ "$A_ADMINUSER" = '-h' ] ; then
+    HOSTARGS="--host $2"
+    shift 2
+  elif [ "$A_ADMINUSER" = '--help' ] ; then
+    usage
+    exit 0
+  fi
+A_ADMINUSER=$1
+done
+export A_USER=$2
+
+if [ -z "$ADMIN" ] ; then
+psql $HOSTARGS -U $A_ADMINUSER -d sokwedb_copy <<EOF
+-- We start in sokwedb_copy
+drop schema if exists $A_USER cascade;
+\c sokwedb_test
+drop schema if exists $A_USER cascade;
+\c sokwedb
+begin;
+drop schema if exists $A_USER cascade;
+drop role $A_USER;
+commit;
+EOF
+else
+psql $HOSTARGS -U $A_ADMINUSER -d template1 <<EOF
+drop role $A_USER;
+EOF
+fi
diff --git a/make_files/make_commands.mk b/make_files/make_commands.mk
index 7b494a9..4538aa4 100644
--- a/make_files/make_commands.mk
+++ b/make_files/make_commands.mk
@@ -22,13 +22,16 @@
 ## The available targets for make (make TARGET) are:
 ##
 
-CMD_TARGETS := /usr/local/lib/git_email_hook.sh
+CMD_TARGETS := /usr/local/lib/git_email_hook.sh \
+               /usr/local/bin/sokwedb-user-add \
+               /usr/local/bin/sokwedb-user-delete
 
 # Developers need permissions to install into the local directories
 DEV_GROUP := wwwdev
 LOCAL_DIRS := /usr/local/lib /usr/local/bin /usr/local/sbin
 
 CMD_DEPENDS := $(GENERIC_DEPENDS)
+M4_CMD_INCLUDE_ARGS := -I $(M4_GLOBAL_INCLUDE_PATH)
 
 ##   install-w-permissions
 ##                      Install the command line programs and libararies
@@ -64,8 +67,20 @@ set-install-permissions:
 	  chmod g+rwx $${dir_name} ; \
 	done
 
+##   /usr/local/bin/sokwedb-user-add
+##                      A simplistic script to add a database user
+##   /usr/local/bin/sokwedb-user-delete
+##                      A simplistic script to delete a database user
 ##   /usr/local/lib/git_email_hook.sh
 ##                      A git post-receive hook which emails push summaries
 # Install the actual files
-$(CMD_TARGETS): /usr/local/% : % $(CMD_DEPENDS)
+$(CMD_TARGETS): /usr/local/% : % $(CMD_DEPENDS) \
+	                       bin/sokwedb-user-add bin/sokwedb-user-delete
 	cp $< $@
+
+##   bin/sokwedb-user-add
+##   bin/sokwedb-user-delete
+##                      Un-installed expansions of the m4 source
+bin/sokwedb-user-add \
+bin/sokwedb-user-delete: % : %.m4 $(CMD_DEPENDS)
+	m4 $(M4_CMD_INCLUDE_ARGS) < $< > $@
-- 
2.34.1