From 02e9033c0002af7f6e11d6dfd2815cd124299d8a Mon Sep 17 00:00:00 2001 From: "romg@pecan.ai" Date: Sun, 8 Sep 2024 18:06:58 +0100 Subject: [PATCH] add by default public --- .github/workflows/docker.yml | 2 +- pkg/controller/postgres/postgres_controller.go | 10 +++++----- pkg/postgres/database.go | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 351e9689..6ef9580a 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -3,7 +3,7 @@ name: Publish Container Image on: push: branches: - - 'main' + - '*' tags: - '*' workflow_dispatch: diff --git a/pkg/controller/postgres/postgres_controller.go b/pkg/controller/postgres/postgres_controller.go index d86ba542..20b3f5f1 100644 --- a/pkg/controller/postgres/postgres_controller.go +++ b/pkg/controller/postgres/postgres_controller.go @@ -206,7 +206,7 @@ func (r *ReconcilePostgres) Reconcile(request reconcile.Request) (_ reconcile.Re readerPrivs = "SELECT" writerPrivs = "SELECT,INSERT,DELETE,UPDATE" ) - for _, schema := range instance.Spec.Schemas { + for _, schema := range append(instance.Spec.Schemas, "public") { // Schema was previously created if utils.ListContains(instance.Status.Schemas, schema) { continue @@ -226,17 +226,17 @@ func (r *ReconcilePostgres) Reconcile(request reconcile.Request) (_ reconcile.Re reqLogger.Error(err, fmt.Sprintf("Could not give %s permissions \"%s\"", reader, readerPrivs)) continue } - reqLogger.Info("about to give writer %s permissions", writer) - schemaPrivilegesWriter := postgres.PostgresSchemaPrivileges{database, owner, writer, schema, writerPrivs, true} + reqLogger.Info(fmt.Sprintf("about to give writer %s permissions", writer)) + schemaPrivilegesWriter := postgres.PostgresSchemaPrivileges{database, owner, writer, schema, writerPrivs, false} err = r.pg.SetSchemaPrivileges(schemaPrivilegesWriter, reqLogger) if err != nil { reqLogger.Error(err, fmt.Sprintf("Could not give %s permissions \"%s\"", writer, writerPrivs)) continue } - sequncesPrivilegesWriter := postgres.PostgresSequncesPrivileges{database, owner, writer, schema, writerPrivs} + sequncesPrivilegesWriter := postgres.PostgresSequncesPrivileges{database, owner, writer, schema, "USAGE"} err = r.pg.SetSequncesPrivileges(sequncesPrivilegesWriter, reqLogger) if err != nil { - reqLogger.Error(err, fmt.Sprintf("Could not give %s permissions for sequnces \"%s\"", writer, writerPrivs)) + reqLogger.Error(err, fmt.Sprintf("Could not give %s permissions for sequnces \"%s\"", writer, "USAGE")) continue } schemaPrivilegesOwner := postgres.PostgresSchemaPrivileges{database, owner, owner, schema, readerPrivs, true} diff --git a/pkg/postgres/database.go b/pkg/postgres/database.go index 580707bd..c55fff16 100644 --- a/pkg/postgres/database.go +++ b/pkg/postgres/database.go @@ -109,13 +109,13 @@ func (c *pg) SetSchemaPrivileges(schemaPrivileges PostgresSchemaPrivileges, logg if err != nil { return err } - logger.Info("about to give permissions of %s to %s", schemaPrivileges.Privs, schemaPrivileges.Role) + logger.Info(fmt.Sprintf("about to give permissions of %s to %s", schemaPrivileges.Privs, schemaPrivileges.Role)) // Grant role privs on existing tables in schema _, err = tmpDb.Exec(fmt.Sprintf(GRANT_ALL_TABLES, schemaPrivileges.Privs, schemaPrivileges.Schema, schemaPrivileges.Role)) if err != nil { return err } - logger.Info("about to give default permissions of %s to %s", schemaPrivileges.Privs, schemaPrivileges.Role) + logger.Info(fmt.Sprintf("about to give default permissions of %s to %s", schemaPrivileges.Privs, schemaPrivileges.Role)) // Grant role privs on future tables in schema _, err = tmpDb.Exec(fmt.Sprintf(DEFAULT_PRIVS_SCHEMA, schemaPrivileges.Creator, schemaPrivileges.Schema, schemaPrivileges.Privs, schemaPrivileges.Role)) if err != nil {