Skip to content

Commit

Permalink
Test PR movetokube#136
Browse files Browse the repository at this point in the history
  • Loading branch information
pcallewaert committed Feb 22, 2024
1 parent 9547812 commit bdb31c7
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 7 deletions.
4 changes: 2 additions & 2 deletions pkg/controller/postgres/postgres_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -220,12 +220,12 @@ func (r *ReconcilePostgres) Reconcile(request reconcile.Request) (_ reconcile.Re
}

// Set privileges on schema
err = r.pg.SetSchemaPrivileges(database, owner, reader, schema, readerPrivs, reqLogger)
err = r.pg.SetSchemaPrivileges(database, owner, reader, schema, readerPrivs, false, reqLogger)
if err != nil {
reqLogger.Error(err, fmt.Sprintf("Could not give %s permissions \"%s\"", reader, readerPrivs))
continue
}
err = r.pg.SetSchemaPrivileges(database, owner, writer, schema, writerPrivs, reqLogger)
err = r.pg.SetSchemaPrivileges(database, owner, writer, schema, writerPrivs, true, reqLogger)
if err != nil {
reqLogger.Error(err, fmt.Sprintf("Could not give %s permissions \"%s\"", writer, writerPrivs))
continue
Expand Down
22 changes: 18 additions & 4 deletions pkg/postgres/database.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,12 @@ const (
ALTER_DB_OWNER = `ALTER DATABASE "%s" OWNER TO "%s"`
DROP_DATABASE = `DROP DATABASE "%s"`
GRANT_USAGE_SCHEMA = `GRANT USAGE ON SCHEMA "%s" TO "%s"`
GRANT_CREATE_TABLE = `GRANT CREATE ON SCHEMA "%s" TO "%s"`
GRANT_ALL_TABLES = `GRANT %s ON ALL TABLES IN SCHEMA "%s" TO "%s"`
DEFAULT_PRIVS_SCHEMA = `ALTER DEFAULT PRIVILEGES FOR ROLE "%s" IN SCHEMA "%s" GRANT %s ON TABLES TO "%s"`
REVOKE_CONNECT = `REVOKE CONNECT ON DATABASE "%s" FROM public`
TERMINATE_BACKEND = `SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE pg_stat_activity.datname = '%s' AND pid <> pg_backend_pid()`
GET_DB_OWNER = `SELECT pg_catalog.pg_get_userbyid(d.datdba) FROM pg_catalog.pg_database d WHERE d.datname = '%s'`
REVOKE_CONNECT = `REVOKE CONNECT ON DATABASE "%s" FROM public`
TERMINATE_BACKEND = `SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE pg_stat_activity.datname = '%s' AND pid <> pg_backend_pid()`
GET_DB_OWNER = `SELECT pg_catalog.pg_get_userbyid(d.datdba) FROM pg_catalog.pg_database d WHERE d.datname = '%s'`
GRANT_CREATE_SCHEMA = `GRANT CREATE ON DATABASE "%s" TO "%s"`
)

Expand All @@ -40,6 +41,12 @@ func (c *pg) CreateDB(dbname, role string) error {
if err != nil {
return err
}

_, err = c.db.Exec(fmt.Sprintf(GRANT_CREATE_TABLE, "public", role))
if err != nil {
return err
}

return nil
}

Expand Down Expand Up @@ -94,7 +101,7 @@ func (c *pg) CreateExtension(db, extension string, logger logr.Logger) error {
return nil
}

func (c *pg) SetSchemaPrivileges(db, creator, role, schema, privs string, logger logr.Logger) error {
func (c *pg) SetSchemaPrivileges(db, creator, role, schema, privs string, createSchema bool, logger logr.Logger) error {
tmpDb, err := GetConnection(c.user, c.pass, c.host, db, c.args, logger)
if err != nil {
return err
Expand All @@ -118,5 +125,12 @@ func (c *pg) SetSchemaPrivileges(db, creator, role, schema, privs string, logger
if err != nil {
return err
}
// Grant role usage on schema if createSchema
if createSchema {
_, err = tmpDb.Exec(fmt.Sprintf(GRANT_CREATE_TABLE, schema, role))
if err != nil {
return err
}
}
return nil
}
2 changes: 1 addition & 1 deletion pkg/postgres/postgres.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ type PG interface {
CreateUserRole(role, password string) (string, error)
UpdatePassword(role, password string) error
GrantRole(role, grantee string) error
SetSchemaPrivileges(db, creator, role, schema, privs string, logger logr.Logger) error
SetSchemaPrivileges(db, creator, role, schema, privs string, createSchema bool, logger logr.Logger) error
RevokeRole(role, revoked string) error
AlterDefaultLoginRole(role, setRole string) error
DropDatabase(db string, logger logr.Logger) error
Expand Down

0 comments on commit bdb31c7

Please sign in to comment.