adds ro user sh

pcrespov · pcrespov · commit 9328e8a244b7 · 2024-09-23T19:25:40.000+02:00
diff --git a/services/postgres/docker-entrypoints-initdb.d/create-readonly-user.sh b/services/postgres/docker-entrypoints-initdb.d/create-readonly-user.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+set -e
+
+# Check if POSTGRES_READONLY_USER and POSTGRES_READONLY_PASSWORD are defined
+if [[ -z "${POSTGRES_READONLY_USER}" || -z "${POSTGRES_READONLY_PASSWORD}" ]]; then
+  echo "Skipping read-only user creation because POSTGRES_READONLY_USER or POSTGRES_READONLY_PASSWORD is not set."
+  exit 0
+fi
+
+# Variables from environment
+readonly_user=${POSTGRES_READONLY_USER}
+readonly_password=${POSTGRES_READONLY_PASSWORD}
+database=${POSTGRES_DB}
+schema=${SCHEMA:-public}
+
+echo "Creating read-only user: $readonly_user"
+
+# Create the read-only user and assign permissions
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$database" <<-EOSQL
+  CREATE USER $readonly_user WITH PASSWORD '$readonly_password';
+  GRANT CONNECT ON DATABASE $database TO $readonly_user;
+  GRANT USAGE ON SCHEMA $schema TO $readonly_user;
+  GRANT SELECT ON ALL TABLES IN SCHEMA $schema TO $readonly_user;
+  GRANT SELECT ON ALL SEQUENCES IN SCHEMA $schema TO $readonly_user;
+  ALTER DEFAULT PRIVILEGES IN SCHEMA $schema GRANT SELECT ON TABLES TO $readonly_user;
+EOSQL
