Skip to content

Commit df7201f

Browse files
pcrespovpcrespov
committed
new envs and avoids error upon recreationg
1 parent 9328e8a commit df7201f

File tree

3 files changed

+28
-11
lines changed

3 files changed

+28
-11
lines changed

.env-devel

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -152,6 +152,10 @@ POSTGRES_PASSWORD=adminadmin
152152
POSTGRES_PORT=5432
153153
POSTGRES_USER=scu
154154

155+
POSTGRES_READONLY_PASSWORD=adminadmin
156+
POSTGRES_READONLY_USER=scu-ro
157+
158+
155159
RABBIT_HOST=rabbit
156160
RABBIT_PASSWORD=adminadmin
157161
RABBIT_PORT=5672

services/docker-compose.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1134,7 +1134,10 @@ services:
11341134
POSTGRES_DB: ${POSTGRES_DB}
11351135
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
11361136
POSTGRES_USER: ${POSTGRES_USER}
1137+
POSTGRES_READONLY_PASSWORD: ${POSTGRES_READONLY_PASSWORD}
1138+
POSTGRES_READONLY_USER: ${POSTGRES_READONLY_USER}
11371139
volumes:
1140+
- ./postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
11381141
- postgres_data:/var/lib/postgresql/data
11391142
- type: tmpfs
11401143
target: /dev/shm

services/postgres/docker-entrypoints-initdb.d/create-readonly-user.sh

Lines changed: 21 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
#!/bin/bash
22
set -e
33

4-
# Check if POSTGRES_READONLY_USER and POSTGRES_READONLY_PASSWORD are defined
4+
# NOTE: POSTGRES_READONLY_USER and POSTGRES_READONLY_PASSWORD are optional
55
if [[ -z "${POSTGRES_READONLY_USER}" || -z "${POSTGRES_READONLY_PASSWORD}" ]]; then
66
echo "Skipping read-only user creation because POSTGRES_READONLY_USER or POSTGRES_READONLY_PASSWORD is not set."
77
exit 0
@@ -11,16 +11,26 @@ fi
1111
readonly_user=${POSTGRES_READONLY_USER}
1212
readonly_password=${POSTGRES_READONLY_PASSWORD}
1313
database=${POSTGRES_DB}
14-
schema=${SCHEMA:-public}
14+
schema=${SCHEMA:-public} # TODO: what is this???
1515

1616
echo "Creating read-only user: $readonly_user"
1717

18-
# Create the read-only user and assign permissions
19-
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$database" <<-EOSQL
20-
CREATE USER $readonly_user WITH PASSWORD '$readonly_password';
21-
GRANT CONNECT ON DATABASE $database TO $readonly_user;
22-
GRANT USAGE ON SCHEMA $schema TO $readonly_user;
23-
GRANT SELECT ON ALL TABLES IN SCHEMA $schema TO $readonly_user;
24-
GRANT SELECT ON ALL SEQUENCES IN SCHEMA $schema TO $readonly_user;
25-
ALTER DEFAULT PRIVILEGES IN SCHEMA $schema GRANT SELECT ON TABLES TO $readonly_user;
26-
EOSQL
18+
19+
# Check if the user already exists
20+
user_exists=$(psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='$readonly_user'")
21+
22+
if [[ $user_exists == "1" ]]; then
23+
echo "User '$readonly_user' already exists, skipping creation."
24+
else
25+
echo "Creating read-only user: $readonly_user"
26+
27+
# Create the read-only user and assign permissions
28+
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$database" <<-EOSQL
29+
CREATE USER $readonly_user WITH PASSWORD '$readonly_password';
30+
GRANT CONNECT ON DATABASE $database TO $readonly_user;
31+
GRANT USAGE ON SCHEMA $schema TO $readonly_user;
32+
GRANT SELECT ON ALL TABLES IN SCHEMA $schema TO $readonly_user;
33+
GRANT SELECT ON ALL SEQUENCES IN SCHEMA $schema TO $readonly_user;
34+
ALTER DEFAULT PRIVILEGES IN SCHEMA $schema GRANT SELECT ON TABLES TO $readonly_user;
35+
EOSQL
36+
fi

0 commit comments

Comments
 (0)