Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🔨 Doc and scripts to create read-only user in PostgreSQL #6426

Merged
merged 11 commits into from
Oct 2, 2024
Merged

🔨 Doc and scripts to create read-only user in PostgreSQL #6426

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
3941ed9
adds ro user sh
pcrespov Sep 13, 2024
91526ca
new envs and avoids error upon recreationg
pcrespov Sep 13, 2024
539ea0f
tabs
pcrespov Sep 13, 2024
12f3f63
minor
pcrespov Sep 13, 2024
266c0bc
rename base name
pcrespov Sep 23, 2024
38d4af5
adds script
pcrespov Sep 23, 2024
4779d4e
WIP
pcrespov Sep 25, 2024
7a6761a
@YuryHrytsuk review: rm mount on postgres db
pcrespov Oct 1, 2024
28fcf62
minor
pcrespov Oct 1, 2024
179d03b
@YuryHrytsuk review: rm init script on startup
pcrespov Oct 1, 2024
0049779
Merge branch 'master' into is1701/pg-readonly-user
pcrespov Oct 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .env-devel
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,10 @@ POSTGRES_PASSWORD=adminadmin
POSTGRES_PORT=5432
POSTGRES_USER=scu

POSTGRES_READONLY_PASSWORD=readonly
pcrespov marked this conversation as resolved.
Show resolved Hide resolved
POSTGRES_READONLY_USER=readonly


RABBIT_HOST=rabbit
RABBIT_PASSWORD=adminadmin
RABBIT_PORT=5672
Expand Down
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,3 +181,6 @@ tests/public-api/osparc_python_wheels/*

# osparc-config repo files
repo.config

# scripts resolved with .env s
services/postgres/scripts/create-readonly-user.sql
14 changes: 14 additions & 0 deletions services/postgres/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
include ../../scripts/common.Makefile


ifneq (,$(wildcard $(DOT_ENV_FILE)))
include $(DOT_ENV_FILE)
export $(shell sed 's/=.*//' $(DOT_ENV_FILE))
endif


.PHONY: scripts/create-readonly-user.sql
scripts/create-readonly-user.sql: scripts/create-readonly-user.sql.template
@echo "Generating SQL script from $<..."
@envsubst < $< > $@
@echo "SQL script generated as $@"
22 changes: 22 additions & 0 deletions services/postgres/scripts/create-readonly-user.sql.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
-- SQL script to create a read-only user and grant privileges


--Create the read-only user with a password
CREATE USER ${POSTGRES_READONLY_USER} WITH PASSWORD '${POSTGRES_READONLY_PASSWORD}';

--Grant CONNECT privilege to the database (e.g., 'foo' is the database name)
GRANT CONNECT ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_READONLY_USER};

--Grant USAGE privilege on the **public** schema
GRANT USAGE ON SCHEMA public TO ${POSTGRES_READONLY_USER};

--Grant SELECT privilege on all existing tables and sequencies in the **public** schema
GRANT SELECT ON ALL TABLES IN SCHEMA public TO ${POSTGRES_READONLY_USER};
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO ${POSTGRES_READONLY_USER};

--Ensure that future tables created in the public schema and sequencies will have SELECT privilege for the read-only user
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO ${POSTGRES_READONLY_USER};
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON SEQUENCES TO ${POSTGRES_READONLY_USER};

-- Listing all users
SELECT * FROM pg_roles;
Loading