add by default public

romga · Sep 9, 2024 · 9831549 · 9831549
1 parent f8a5cbe
commit 9831549
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 17 deletions.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -3,7 +3,7 @@ name: Publish Container Image
 on:
   push:
     branches:
-      - 'main'
+      - '*'
     tags:
       - '*'
   workflow_dispatch:

diff --git a/pkg/controller/postgres/postgres_controller.go b/pkg/controller/postgres/postgres_controller.go
@@ -206,7 +206,7 @@ func (r *ReconcilePostgres) Reconcile(request reconcile.Request) (_ reconcile.Re
 		readerPrivs = "SELECT"
 		writerPrivs = "SELECT,INSERT,DELETE,UPDATE"
 	)
-	for _, schema := range instance.Spec.Schemas {
+	for _, schema := range append(instance.Spec.Schemas, "public") {
 		// Schema was previously created
 		if utils.ListContains(instance.Status.Schemas, schema) {
 			continue
@@ -220,26 +220,26 @@ func (r *ReconcilePostgres) Reconcile(request reconcile.Request) (_ reconcile.Re
 		}
 
 		// Set privileges on schema
-		schemaPrivilegesReader := postgres.PostgresSchemaPrivileges{database, owner, reader, schema, readerPrivs, false}
+		schemaPrivilegesReader := postgres.PostgresSchemaPrivileges{database, reader, schema, readerPrivs, false}
 		err = r.pg.SetSchemaPrivileges(schemaPrivilegesReader, reqLogger)
 		if err != nil {
 			reqLogger.Error(err, fmt.Sprintf("Could not give %s permissions \"%s\"", reader, readerPrivs))
 			continue
 		}
-		reqLogger.Info("about to give writer %s permissions", writer)
-		schemaPrivilegesWriter := postgres.PostgresSchemaPrivileges{database, owner, writer, schema, writerPrivs, true}
+		reqLogger.Info(fmt.Sprintf("about to give writer %s permissions", writer))
+		schemaPrivilegesWriter := postgres.PostgresSchemaPrivileges{database, writer, schema, writerPrivs, false}
 		err = r.pg.SetSchemaPrivileges(schemaPrivilegesWriter, reqLogger)
 		if err != nil {
 			reqLogger.Error(err, fmt.Sprintf("Could not give %s permissions \"%s\"", writer, writerPrivs))
 			continue
 		}
-		sequncesPrivilegesWriter := postgres.PostgresSequncesPrivileges{database, owner, writer, schema, writerPrivs}
+		sequncesPrivilegesWriter := postgres.PostgresSequncesPrivileges{database, writer, schema, "USAGE"}
 		err = r.pg.SetSequncesPrivileges(sequncesPrivilegesWriter, reqLogger)
 		if err != nil {
-			reqLogger.Error(err, fmt.Sprintf("Could not give %s permissions for sequnces \"%s\"", writer, writerPrivs))
+			reqLogger.Error(err, fmt.Sprintf("Could not give %s permissions for sequnces \"%s\"", writer, "USAGE"))
 			continue
 		}
-		schemaPrivilegesOwner := postgres.PostgresSchemaPrivileges{database, owner, owner, schema, readerPrivs, true}
+		schemaPrivilegesOwner := postgres.PostgresSchemaPrivileges{database, owner, schema, readerPrivs, true}
 		err = r.pg.SetSchemaPrivileges(schemaPrivilegesOwner, reqLogger)
 		if err != nil {
 			reqLogger.Error(err, fmt.Sprintf("Could not give %s permissions \"%s\"", writer, writerPrivs))

diff --git a/pkg/postgres/database.go b/pkg/postgres/database.go
@@ -17,8 +17,8 @@ const (
 	GRANT_CREATE_TABLE      = `GRANT CREATE ON SCHEMA "%s" TO "%s"`
 	GRANT_ALL_TABLES        = `GRANT %s ON ALL TABLES IN SCHEMA "%s" TO "%s"`
 	GRANT_ALL_SEQUENCES     = `GRANT %s ON ALL SEQUENCES IN SCHEMA "%s" TO "%s"`
-	DEFAULT_PRIVS_SCHEMA    = `ALTER DEFAULT PRIVILEGES FOR ROLE "%s" IN SCHEMA "%s" GRANT %s ON TABLES TO "%s"`
-	DEFAULT_PRIVS_SEQUENCES = `ALTER DEFAULT PRIVILEGES FOR ROLE "%s" IN SCHEMA "%s" GRANT %s ON SEQUENCES TO "%s"`
+	DEFAULT_PRIVS_SCHEMA    = `ALTER DEFAULT PRIVILEGES IN SCHEMA "%s" GRANT "%s" ON TABLES TO "%s"`
+	DEFAULT_PRIVS_SEQUENCES = `ALTER DEFAULT PRIVILEGES IN SCHEMA "%s" GRANT "%s" ON SEQUENCES TO "%s"`
 	REVOKE_CONNECT          = `REVOKE CONNECT ON DATABASE "%s" FROM public`
 	TERMINATE_BACKEND       = `SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity	WHERE pg_stat_activity.datname = '%s' AND pid <> pg_backend_pid()`
 	GET_DB_OWNER            = `SELECT pg_catalog.pg_get_userbyid(d.datdba) FROM pg_catalog.pg_database d WHERE d.datname = '%s'`
@@ -109,16 +109,22 @@ func (c *pg) SetSchemaPrivileges(schemaPrivileges PostgresSchemaPrivileges, logg
 	if err != nil {
 		return err
 	}
-	logger.Info("about to give permissions of %s to %s", schemaPrivileges.Privs, schemaPrivileges.Role)
+	logger.Info(fmt.Sprintf("about to give permissions of %s to %s", schemaPrivileges.Privs, schemaPrivileges.Role))
+	logger.Info("about to run:")
+	logger.Info(fmt.Sprintf(GRANT_ALL_TABLES, schemaPrivileges.Privs, schemaPrivileges.Schema, schemaPrivileges.Role))
 	// Grant role privs on existing tables in schema
 	_, err = tmpDb.Exec(fmt.Sprintf(GRANT_ALL_TABLES, schemaPrivileges.Privs, schemaPrivileges.Schema, schemaPrivileges.Role))
 	if err != nil {
+		logger.Error(err, "failed in GRANT_ALL_TABLES")
 		return err
 	}
-	logger.Info("about to give default permissions of %s to %s", schemaPrivileges.Privs, schemaPrivileges.Role)
+	logger.Info(fmt.Sprintf("about to give default permissions of %s to %s", schemaPrivileges.Privs, schemaPrivileges.Role))
 	// Grant role privs on future tables in schema
-	_, err = tmpDb.Exec(fmt.Sprintf(DEFAULT_PRIVS_SCHEMA, schemaPrivileges.Creator, schemaPrivileges.Schema, schemaPrivileges.Privs, schemaPrivileges.Role))
+	logger.Info("about to run:")
+	logger.Info(fmt.Sprintf(DEFAULT_PRIVS_SCHEMA, schemaPrivileges.Schema, schemaPrivileges.Privs, schemaPrivileges.Role))
+	_, err = tmpDb.Exec(fmt.Sprintf(DEFAULT_PRIVS_SCHEMA, schemaPrivileges.Schema, schemaPrivileges.Privs, schemaPrivileges.Role))
 	if err != nil {
+		logger.Error(err, "failed in DEFAULT_PRIVS_SCHEMA")
 		return err
 	}
 
@@ -147,7 +153,7 @@ func (c *pg) SetSequncesPrivileges(SequncesPrivileges PostgresSequncesPrivileges
 	}
 
 	// Grant role privs on future sequences in schema
-	_, err = tmpDb.Exec(fmt.Sprintf(DEFAULT_PRIVS_SCHEMA, SequncesPrivileges.Creator, SequncesPrivileges.Schema, SequncesPrivileges.Privs, SequncesPrivileges.Role))
+	_, err = tmpDb.Exec(fmt.Sprintf(DEFAULT_PRIVS_SCHEMA, SequncesPrivileges.Schema, SequncesPrivileges.Privs, SequncesPrivileges.Role))
 	if err != nil {
 		return err
 	}

diff --git a/pkg/postgres/mock/postgres.go b/pkg/postgres/mock/postgres.go
diff --git a/pkg/postgres/postgres.go b/pkg/postgres/postgres.go
@@ -38,7 +38,6 @@ type pg struct {
 
 type PostgresSchemaPrivileges struct {
 	DB           string
-	Creator      string
 	Role         string
 	Schema       string
 	Privs        string
@@ -47,7 +46,6 @@ type PostgresSchemaPrivileges struct {
 
 type PostgresSequncesPrivileges struct {
 	DB           string
-	Creator      string
 	Role         string
 	Schema       string
 	Privs        string
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,7 +3,7 @@ name: Publish Container Image @@
     on:
       push:
         branches:
-          - 'main'
+          - '*'
         tags:
           - '*'
       workflow_dispatch:
@@ Expand Down @@