Skip to content

🔨 New sql script template to remove readonly user #6500

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Oct 8, 2024
Merged

🔨 New sql script template to remove readonly user #6500

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
dea5d09
udpates filters
pcrespov Oct 8, 2024
31d36f7
adds script for removal
pcrespov Oct 8, 2024
4b12991
updates recipe
pcrespov Oct 8, 2024
ede93e5
cleanup
pcrespov Oct 8, 2024
7b851a2
list
pcrespov Oct 8, 2024
3468c16
minor fixes
pcrespov Oct 8, 2024
6cdd876
Merge branch 'master' into mai/script-drop-users
pcrespov Oct 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .env-devel
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ POSTGRES_PORT=5432
POSTGRES_USER=scu

POSTGRES_READONLY_PASSWORD=readonly
POSTGRES_READONLY_USER=readonly
POSTGRES_READONLY_USER=postgres_readonly


RABBIT_HOST=rabbit
Expand Down
3 changes: 0 additions & 3 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,3 @@ tests/public-api/osparc_python_wheels/*

# osparc-config repo files
repo.config

# scripts resolved with .env s
services/postgres/scripts/create-readonly-user.sql
3 changes: 2 additions & 1 deletion .vscode/settings.template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,12 @@
"files.associations": {
".*rc": "ini",
".env*": "ini",
"*.logs*": "log",
"**/requirements/*.in": "pip-requirements",
"**/requirements/*.txt": "pip-requirements",
"*logs.txt": "log",
"*.logs*": "log",
"*Makefile": "makefile",
"*sql.*": "sql",
"docker-compose*.yml": "dockercompose",
"Dockerfile*": "dockerfile"
},
Expand Down
8 changes: 4 additions & 4 deletions services/postgres/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ ifneq (,$(wildcard $(DOT_ENV_FILE)))
endif


.PHONY: scripts/create-readonly-user.sql
scripts/create-readonly-user.sql: scripts/create-readonly-user.sql.template
@echo "Generating SQL script from $<..."

scripts/%.sql: scripts/%.sql.template
@echo "Generating SQL script from '$<'..."
@envsubst < $< > $@
@echo "SQL script generated as $@"
@echo "SQL script generated as '$@'"
3 changes: 3 additions & 0 deletions services/postgres/scripts/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
*
!.gitignore
!*.template.*
16 changes: 16 additions & 0 deletions services/postgres/scripts/remove-readonly-user.sql.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
-- Revoke all privileges the user has on the public schema
REVOKE ALL PRIVILEGES ON SCHEMA public FROM ${POSTGRES_READONLY_USER};

-- Revoke all privileges the user has on tables and sequences in the public schema
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM ${POSTGRES_READONLY_USER};
REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM ${POSTGRES_READONLY_USER};

-- Revoke any future privileges set via ALTER DEFAULT PRIVILEGES
ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON TABLES FROM ${POSTGRES_READONLY_USER};
ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON SEQUENCES FROM ${POSTGRES_READONLY_USER};

-- Drop the user
DROP USER ${POSTGRES_READONLY_USER};

-- Listing all users
SELECT * FROM pg_roles;
Loading