From 28fcf621f06b75c5e7c85cd6a08f782532a77b00 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Tue, 1 Oct 2024 10:33:09 +0200 Subject: [PATCH] minor --- services/postgres/Makefile | 31 +++++-------------------------- 1 file changed, 5 insertions(+), 26 deletions(-) diff --git a/services/postgres/Makefile b/services/postgres/Makefile index b03a1a4c533..5c2e8543472 100644 --- a/services/postgres/Makefile +++ b/services/postgres/Makefile @@ -7,29 +7,8 @@ ifneq (,$(wildcard $(DOT_ENV_FILE))) endif -readonly_user=${POSTGRES_READONLY_USER} -readonly_password=${POSTGRES_READONLY_PASSWORD} -database=${POSTGRES_DB} -schema=$(if $(POSTGRES_SCHEMA),$(POSTGRES_SCHEMA),public) - -.PHONY: readonly-user-sql -readonly-user-sql: ## ql-script to create a new readonly user - @echo " -- Creating read-only user ${readonly_user} for ${database}.${schema}" - @echo - @echo " --Create the read-only user with a password" - @echo "CREATE USER \"${readonly_user}\" WITH PASSWORD '${readonly_password}';" - @echo " --Grant CONNECT privilege to the database (e.g., 'foo' is the database name)" - @echo "GRANT CONNECT ON DATABASE ${database} TO \"${readonly_user}\";" - @echo " --Grant USAGE privilege on the public schema" - @echo "GRANT USAGE ON SCHEMA ${schema} TO \"${readonly_user}\";" - @echo " --Grant SELECT privilege on all existing tables in the public schema" - @echo "GRANT SELECT ON ALL TABLES IN SCHEMA ${schema} TO \"${readonly_user}\";" - @echo " --Grant SELECT privilege on all existing sequences in the public schema" - @echo "GRANT SELECT ON ALL SEQUENCES IN SCHEMA ${schema} TO \"${readonly_user}\";" - @echo " --Ensure that future tables created in the public schema will have SELECT privilege for the read-only user" - @echo "ALTER DEFAULT PRIVILEGES IN SCHEMA ${schema} GRANT SELECT ON TABLES TO \"${readonly_user}\";" - @echo " --Ensure that future sequences created in the public schema will have SELECT privilege for the read-only user" - @echo "ALTER DEFAULT PRIVILEGES IN SCHEMA ${schema} GRANT SELECT ON SEQUENCES TO \"${readonly_user}\";" - @echo - @echo " -- Listing all users" - @echo "SELECT * FROM pg_roles;" +.PHONY: scripts/create-readonly-user.sql +scripts/create-readonly-user.sql: scripts/create-readonly-user.sql.template + @echo "Generating SQL script from $<..." + @envsubst < $< > $@ + @echo "SQL script generated as $@"