From 0bc328c35e67985ce833e82a647395dba2de452d Mon Sep 17 00:00:00 2001 From: keskiju Date: Thu, 12 Dec 2024 00:35:49 +0200 Subject: [PATCH] fix(postgres): fix grant users for pr db --- CHANGELOG.md | 1 + plugins/postgres-db/lib/manage.bash | 4 ++++ plugins/postgres-db/resources/create-users.sql | 4 ++-- plugins/postgres-db/resources/create.sql | 4 ++-- plugins/postgres-db/resources/drop-users.sql | 2 +- plugins/postgres-db/resources/grant-users.sql | 6 +++--- 6 files changed, 13 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a59a539d..c677ad9e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - Display warning only if pushing latest tag fails, as container image repository may have immutability enabled. - Taito CLI now supports PR environments when using Helm. That is, you can use `pr-NUMBER` as ENV to deploy pull-request version aside your dev version. +- Postgres plugin now supports "db create" and "db drop" commands and database are create with the app specific database mgr user by default. ## 0.309.0 diff --git a/plugins/postgres-db/lib/manage.bash b/plugins/postgres-db/lib/manage.bash index 95cd5ad61..08e1d1263 100644 --- a/plugins/postgres-db/lib/manage.bash +++ b/plugins/postgres-db/lib/manage.bash @@ -40,6 +40,7 @@ function postgres::create_database () { -v "collate='${database_collate:-fi_FI.UTF-8}'" \ -v "template=${database_template:-template0}" \ -v "dbusermaster=${database_master_username_internal:-postgres}" \ + -v "dbusermgr=${database_mgr_username_internal}" \ -v "dbuserapp=${database_app_username_internal}" \ -v "dbuserviewer=${database_viewer_username_internal}" > "${taito_vout}" ) do @@ -77,6 +78,7 @@ function postgres::create_database () { $([[ "${database_viewer_username_internal}" ]] && sql_file_flag grant-users-viewer.sql) \ -v "database=${database_name}" \ -v "dbusermaster=${database_master_username_internal:-postgres}" \ + -v "dbusermgr=${database_mgr_username_internal}" \ -v "dbuserapp=${database_app_username_internal}" \ -v "dbuserviewer=${database_viewer_username_internal}" > "${taito_vout}" ) @@ -142,6 +144,7 @@ function postgres::create_users () { $([[ "${database_viewer_username_internal}" ]] && sql_file_flag create-users-viewer.sql) \ -v "database=${database_name}" \ -v "dbusermaster=${database_master_username_internal:-postgres}" \ + -v "dbusermgr=${database_mgr_username_internal}" \ -v "dbuserapp=${database_app_username_internal}" \ -v "dbuserviewer=${database_viewer_username_internal}" \ -v "passwordapp=${database_app_password:?}" \ @@ -167,6 +170,7 @@ function postgres::drop_users () { $([[ "${database_viewer_username_internal}" ]] && sql_file_flag drop-users-viewer.sql) \ -v "database=${database_name}" \ -v "dbusermaster=${database_master_username_internal:-postgres}" \ + -v "dbusermgr=${database_mgr_username_internal}" \ -v "dbuserapp=${database_app_username_internal}" \ -v "dbuserviewer=${database_viewer_username_internal}" > "${taito_vout}" ) do diff --git a/plugins/postgres-db/resources/create-users.sql b/plugins/postgres-db/resources/create-users.sql index de2477a64..de1c90f11 100644 --- a/plugins/postgres-db/resources/create-users.sql +++ b/plugins/postgres-db/resources/create-users.sql @@ -7,6 +7,6 @@ CREATE USER :dbuserapp PASSWORD :qpasswordapp NOSUPERUSER NOCREATEDB NOCREATEROLE CONNECTION LIMIT 40; ALTER USER :dbuserapp WITH PASSWORD :qpasswordapp; -CREATE USER :database PASSWORD :qpasswordbuild +CREATE USER :dbusermgr PASSWORD :qpasswordbuild NOSUPERUSER CREATEDB NOCREATEROLE CONNECTION LIMIT 20; -ALTER USER :database WITH PASSWORD :qpasswordbuild; +ALTER USER :dbusermgr WITH PASSWORD :qpasswordbuild; diff --git a/plugins/postgres-db/resources/create.sql b/plugins/postgres-db/resources/create.sql index 8c0170783..600065064 100644 --- a/plugins/postgres-db/resources/create.sql +++ b/plugins/postgres-db/resources/create.sql @@ -3,7 +3,7 @@ CREATE DATABASE :database ENCODING 'UTF8' LC_COLLATE = :collate LC_CTYPE = :collate TEMPLATE :template; GRANT ALL PRIVILEGES ON DATABASE :database TO - :dbusermaster, :database; + :dbusermaster, :dbusermgr; GRANT CONNECT, TEMPORARY ON DATABASE :database TO :dbuserapp; @@ -19,5 +19,5 @@ REVOKE ALL ON ALL SEQUENCES IN SCHEMA public FROM PUBLIC; REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public FROM PUBLIC; -- Allow public schema for specific users -GRANT USAGE, CREATE ON SCHEMA public TO :dbusermaster, :database; +GRANT USAGE, CREATE ON SCHEMA public TO :dbusermaster, :dbusermgr; GRANT USAGE ON SCHEMA public TO :dbuserapp; diff --git a/plugins/postgres-db/resources/drop-users.sql b/plugins/postgres-db/resources/drop-users.sql index 6a27ce319..25980ba54 100644 --- a/plugins/postgres-db/resources/drop-users.sql +++ b/plugins/postgres-db/resources/drop-users.sql @@ -1,4 +1,4 @@ -- used by: delete -DROP USER :database; +DROP USER :dbusermgr; DROP USER :dbuserapp; diff --git a/plugins/postgres-db/resources/grant-users.sql b/plugins/postgres-db/resources/grant-users.sql index a1bff6909..7c3692a43 100644 --- a/plugins/postgres-db/resources/grant-users.sql +++ b/plugins/postgres-db/resources/grant-users.sql @@ -3,7 +3,7 @@ -- Tables ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO - :dbusermaster, :database; + :dbusermaster, :dbusermgr; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO :dbuserapp; @@ -11,7 +11,7 @@ ALTER DEFAULT PRIVILEGES IN SCHEMA public -- Sequences ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON SEQUENCES TO - :dbusermaster, :database; + :dbusermaster, :dbusermgr; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO :dbuserapp; @@ -19,7 +19,7 @@ ALTER DEFAULT PRIVILEGES IN SCHEMA public -- Functions ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON FUNCTIONS TO - :dbusermaster, :database; + :dbusermaster, :dbusermgr; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO :dbuserapp;