Skip to content

Commit

Permalink
fix(postgres): fix grant users for pr db
Browse files Browse the repository at this point in the history
  • Loading branch information
keskiju committed Dec 11, 2024
1 parent 4f4e455 commit 0bc328c
Show file tree
Hide file tree
Showing 6 changed files with 13 additions and 8 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).

- Display warning only if pushing latest tag fails, as container image repository may have immutability enabled.
- Taito CLI now supports PR environments when using Helm. That is, you can use `pr-NUMBER` as ENV to deploy pull-request version aside your dev version.
- Postgres plugin now supports "db create" and "db drop" commands and database are create with the app specific database mgr user by default.

## 0.309.0

Expand Down
4 changes: 4 additions & 0 deletions plugins/postgres-db/lib/manage.bash
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ function postgres::create_database () {
-v "collate='${database_collate:-fi_FI.UTF-8}'" \
-v "template=${database_template:-template0}" \
-v "dbusermaster=${database_master_username_internal:-postgres}" \
-v "dbusermgr=${database_mgr_username_internal}" \
-v "dbuserapp=${database_app_username_internal}" \
-v "dbuserviewer=${database_viewer_username_internal}" > "${taito_vout}"
) do
Expand Down Expand Up @@ -77,6 +78,7 @@ function postgres::create_database () {
$([[ "${database_viewer_username_internal}" ]] && sql_file_flag grant-users-viewer.sql) \
-v "database=${database_name}" \
-v "dbusermaster=${database_master_username_internal:-postgres}" \
-v "dbusermgr=${database_mgr_username_internal}" \
-v "dbuserapp=${database_app_username_internal}" \
-v "dbuserviewer=${database_viewer_username_internal}" > "${taito_vout}"
)
Expand Down Expand Up @@ -142,6 +144,7 @@ function postgres::create_users () {
$([[ "${database_viewer_username_internal}" ]] && sql_file_flag create-users-viewer.sql) \
-v "database=${database_name}" \
-v "dbusermaster=${database_master_username_internal:-postgres}" \
-v "dbusermgr=${database_mgr_username_internal}" \
-v "dbuserapp=${database_app_username_internal}" \
-v "dbuserviewer=${database_viewer_username_internal}" \
-v "passwordapp=${database_app_password:?}" \
Expand All @@ -167,6 +170,7 @@ function postgres::drop_users () {
$([[ "${database_viewer_username_internal}" ]] && sql_file_flag drop-users-viewer.sql) \
-v "database=${database_name}" \
-v "dbusermaster=${database_master_username_internal:-postgres}" \
-v "dbusermgr=${database_mgr_username_internal}" \
-v "dbuserapp=${database_app_username_internal}" \
-v "dbuserviewer=${database_viewer_username_internal}" > "${taito_vout}"
) do
Expand Down
4 changes: 2 additions & 2 deletions plugins/postgres-db/resources/create-users.sql
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@ CREATE USER :dbuserapp PASSWORD :qpasswordapp
NOSUPERUSER NOCREATEDB NOCREATEROLE CONNECTION LIMIT 40;
ALTER USER :dbuserapp WITH PASSWORD :qpasswordapp;

CREATE USER :database PASSWORD :qpasswordbuild
CREATE USER :dbusermgr PASSWORD :qpasswordbuild
NOSUPERUSER CREATEDB NOCREATEROLE CONNECTION LIMIT 20;
ALTER USER :database WITH PASSWORD :qpasswordbuild;
ALTER USER :dbusermgr WITH PASSWORD :qpasswordbuild;
4 changes: 2 additions & 2 deletions plugins/postgres-db/resources/create.sql
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
CREATE DATABASE :database ENCODING 'UTF8' LC_COLLATE = :collate LC_CTYPE = :collate TEMPLATE :template;

GRANT ALL PRIVILEGES ON DATABASE :database TO
:dbusermaster, :database;
:dbusermaster, :dbusermgr;
GRANT CONNECT, TEMPORARY ON DATABASE :database TO
:dbuserapp;

Expand All @@ -19,5 +19,5 @@ REVOKE ALL ON ALL SEQUENCES IN SCHEMA public FROM PUBLIC;
REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public FROM PUBLIC;

-- Allow public schema for specific users
GRANT USAGE, CREATE ON SCHEMA public TO :dbusermaster, :database;
GRANT USAGE, CREATE ON SCHEMA public TO :dbusermaster, :dbusermgr;
GRANT USAGE ON SCHEMA public TO :dbuserapp;
2 changes: 1 addition & 1 deletion plugins/postgres-db/resources/drop-users.sql
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
-- used by: delete

DROP USER :database;
DROP USER :dbusermgr;
DROP USER :dbuserapp;
6 changes: 3 additions & 3 deletions plugins/postgres-db/resources/grant-users.sql
Original file line number Diff line number Diff line change
Expand Up @@ -3,23 +3,23 @@
-- Tables
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL PRIVILEGES ON TABLES TO
:dbusermaster, :database;
:dbusermaster, :dbusermgr;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO
:dbuserapp;

-- Sequences
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL PRIVILEGES ON SEQUENCES TO
:dbusermaster, :database;
:dbusermaster, :dbusermgr;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT USAGE, SELECT ON SEQUENCES TO
:dbuserapp;

-- Functions
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL PRIVILEGES ON FUNCTIONS TO
:dbusermaster, :database;
:dbusermaster, :dbusermgr;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT EXECUTE ON FUNCTIONS TO
:dbuserapp;

0 comments on commit 0bc328c

Please sign in to comment.