Skip to content

Commit

Permalink
check if newOwner != azpg.user before granting the role
Browse files Browse the repository at this point in the history
  • Loading branch information
@wadhah101
wadhah101 committed Aug 29, 2024
1 parent 035c13a commit 3a26caa
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
2 changes: 2 additions & 0 deletions pkg/postgres/azure.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ func (azpg *azurepg) DropRole(role, newOwner, database string, logger logr.Logge
}
return err
}

err = azpg.pg.GrantRole(newOwner, azpg.user)
if err != nil && err.(*pq.Error).Code != "0LP01" {
if err.(*pq.Error).Code == "42704" {
Expand All @@ -81,6 +82,7 @@ func (azpg *azurepg) DropRole(role, newOwner, database string, logger logr.Logge
}
return err
}

defer azpg.pg.RevokeRole(newOwner, azpg.pg.user)

return azpg.pg.DropRole(role, newOwner, database, logger)
Expand Down
4 changes: 4 additions & 0 deletions pkg/postgres/role.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,10 @@ func (c *pg) CreateUserRole(role, password string) (string, error) {
}

func (c *pg) GrantRole(role, grantee string) error {
// Don't grant role to itself
if grantee == role {
return nil
}
_, err := c.db.Exec(fmt.Sprintf(GRANT_ROLE, role, grantee))
if err != nil {
return err
Expand Down

0 comments on commit 3a26caa

Please sign in to comment.