WIP

Author: pcrespov

services/docker-compose.yml

@@ -1137,7 +1137,6 @@ services:
       POSTGRES_READONLY_PASSWORD: ${POSTGRES_READONLY_PASSWORD}
       POSTGRES_READONLY_USER: ${POSTGRES_READONLY_USER}
     volumes:
-      - ./postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
       - postgres_data:/var/lib/postgresql/data
       - type: tmpfs
         target: /dev/shm

services/postgres/docker-entrypoint-initdb.d/create-readonly-user.sh renamed to services/postgres/scripts/docker-entrypoint-initdb.d/create-readonly-user.sh

@@ -0,0 +1,10 @@
+-- SQL script to create a read-only user and grant privileges
+CREATE USER ${POSTGRES_READONLY_USER} WITH PASSWORD '${POSTGRES_READONLY_PASSWORD}';
+
+GRANT CONNECT ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_READONLY_USER};
+GRANT USAGE ON SCHEMA public TO ${POSTGRES_READONLY_USER};
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO ${POSTGRES_READONLY_USER};
+GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO ${POSTGRES_READONLY_USER};
+
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO ${POSTGRES_READONLY_USER};
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON SEQUENCES TO ${POSTGRES_READONLY_USER};