Skip to content

🔨 Doc and scripts to create read-only user in PostgreSQL #6426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Oct 2, 2024
Merged

🔨 Doc and scripts to create read-only user in PostgreSQL #6426

merged 11 commits into from
Oct 2, 2024

Conversation

@pcrespov
Copy link
Member

@pcrespov pcrespov commented Sep 23, 2024
edited
Loading

What do these changes do?

This PR introduces a way to create a read-only user in PostgreSQL databases.

  • Adds environment variables POSTGRES_READONLY_USER and POSTGRES_READONLY_PASSWORD to define credentials for the read-only user.
  • Provides an initialization script for PostgreSQL services, which runs during the initial setup (i.e., only when the PostgreSQL data directory is empty) to automatically create a read-only user.
  • For existing databases, you can manually create the read-only user by executing the generated SQL script. To generate and apply the script, follow these steps: 
    make .env
cd services/postgres
make readonly-user-sql
    Then, run the script in your PostgreSQL instance using a tool like Adminer, or via a Docker exec command.

Related issue/s

How to test

  • Test new user in an existing db
    1. cd services/postgres
    2. make scripts/create-readonly-user.sql
    3. login in adminer
    4. Execute in SQL query the result of (2)

Dev-ops checklist

  • Review new POSTGRES_READONLY_USER, POSTGRES_READONLY_PASSWORD and following steps in osparc-config

@codecov
Copy link

codecov bot commented Sep 23, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.2%. Comparing base (cafbf96) to head (9065a59).
Report is 573 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff            @@
##           master   #6426      +/-   ##
=========================================
+ Coverage    84.5%   88.2%    +3.6%     
=========================================
  Files          10    1507    +1497     
  Lines         214   62506   +62292     
  Branches       25    2070    +2045     
=========================================
+ Hits          181   55164   +54983     
- Misses         23    7022    +6999     
- Partials       10     320     +310
Flag Coverage Δ
integrationtests 64.7% <ø> (?)
unittests 86.2% <ø> (+1.6%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 1457 files with indirect coverage changes

@pcrespov pcrespov self-assigned this Sep 23, 2024
@pcrespov pcrespov added the a:database associated to postgres service and postgres-database package label Sep 23, 2024
@pcrespov pcrespov added this to the MartinKippenberger milestone Sep 23, 2024
@pcrespov pcrespov changed the title Is1701/pg readonly user 🔨 Create readonly user for database Sep 23, 2024
@pcrespov pcrespov changed the title 🔨 Create readonly user for database 🔨 Add Mechanism for Creating a Read-Only User in PostgreSQL Sep 23, 2024
@pcrespov pcrespov marked this pull request as ready for review September 23, 2024 18:03
GitHK
GitHK approved these changes Sep 24, 2024
View reviewed changes
YuryHrytsuk
YuryHrytsuk reviewed Sep 24, 2024
View reviewed changes
GitHK
GitHK reviewed Sep 25, 2024
View reviewed changes
Copy link
Contributor

@GitHK GitHK left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nothing more to add form my behalf

@pcrespov pcrespov force-pushed the is1701/pg-readonly-user branch from 9065a59 to 28fcf62 Compare October 1, 2024 08:38
@pcrespov pcrespov requested a review from YuryHrytsuk October 1, 2024 08:46
@pcrespov pcrespov enabled auto-merge (squash) October 1, 2024 08:46
mrnicegyu11
mrnicegyu11 reviewed Oct 1, 2024
View reviewed changes
Copy link
Member

@mrnicegyu11 mrnicegyu11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure that we can merge this in as-is.

Ideally this PR requires:

  • Sister PRs in osparc-ops-deployment-configuration to add those env-vars to the repo.config.template.
  • Potentially a PR in osparc-ops-environments that adds this env-var in the simcore/docker-compose*.yml files
  • Likely there should be a test running periodically to asses that both the readonly user and the admin user login works as expected. This would then also add those credentials to the credentialspage.

@mrnicegyu11
Copy link
Member

Please let us know how you want to proceed :--) we can help/assist.

@pcrespov pcrespov requested a review from mrnicegyu11 October 1, 2024 09:36
YuryHrytsuk
YuryHrytsuk approved these changes Oct 1, 2024
View reviewed changes
Copy link
Contributor

@YuryHrytsuk YuryHrytsuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

mrnicegyu11
mrnicegyu11 approved these changes Oct 1, 2024
View reviewed changes
Copy link
Member

@mrnicegyu11 mrnicegyu11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok as said

@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 2, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@pcrespov pcrespov changed the title 🔨 Add Mechanism for Creating a Read-Only User in PostgreSQL 🔨 Doc and added scripts for creating a Read-Only User in PostgreSQL Oct 2, 2024
@pcrespov pcrespov changed the title 🔨 Doc and added scripts for creating a Read-Only User in PostgreSQL 🔨 Doc and scripts for creating a Read-Only User in PostgreSQL Oct 2, 2024
@pcrespov pcrespov changed the title 🔨 Doc and scripts for creating a Read-Only User in PostgreSQL 🔨 Doc and scripts to create read-only user in PostgreSQL Oct 2, 2024
@pcrespov pcrespov mentioned this pull request Oct 2, 2024
Open
@pcrespov pcrespov disabled auto-merge October 2, 2024 10:41
@pcrespov pcrespov merged commit bde0ab0 into ITISFoundation:master Oct 2, 2024
51 checks passed
@pcrespov pcrespov deleted the is1701/pg-readonly-user branch October 2, 2024 11:39
@matusdrobuliak66 matusdrobuliak66 mentioned this pull request Oct 4, 2024
Closed
16 tasks
This was referenced Oct 29, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GitHK GitHK GitHK approved these changes

@mrnicegyu11 mrnicegyu11 mrnicegyu11 approved these changes

@YuryHrytsuk YuryHrytsuk YuryHrytsuk approved these changes

@matusdrobuliak66 matusdrobuliak66 matusdrobuliak66 approved these changes

@sanderegg sanderegg Awaiting requested review from sanderegg sanderegg is a code owner

@giancarloromeo giancarloromeo Awaiting requested review from giancarloromeo

Assignees

@pcrespov pcrespov

Labels

a:database associated to postgres service and postgres-database package

Projects

None yet

Milestone

MartinKippenberger

Development

Successfully merging this pull request may close these issues.

5 participants

@pcrespov @mrnicegyu11 @GitHK @YuryHrytsuk @matusdrobuliak66