11#! /bin/sh
22set -e
33
4- # OneGround
4+ # Keycloak
55psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " $POSTGRES_DB " << -EOSQL
6- CREATE USER oneground_user WITH PASSWORD 'oneground_user';
7- CREATE DATABASE ac_db;
8- CREATE DATABASE brc_db;
9- CREATE DATABASE drc_db;
10- CREATE DATABASE nrc_db;
11- CREATE DATABASE zrc_db;
12- CREATE DATABASE ztc_db;
13- CREATE DATABASE keycloak;
6+ CREATE DATABASE keycloak
147EOSQL
158
16- psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " ac_db " << -EOSQL
17- ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO oneground_user ;
9+ psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " keycloak " << -EOSQL
10+ CREATE SCHEMA IF NOT EXISTS keycloak AUTHORIZATION postgres ;
1811EOSQL
1912
20- psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " brc_db" << -EOSQL
21- ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO oneground_user;
22- EOSQL
13+ # OneGround
14+ grant_permissions () {
15+ local db_name=$1
16+ local admin_role=" oneground_admin"
17+ local user_role=" oneground_user"
2318
24- psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " drc_db" << -EOSQL
25- ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO oneground_user;
26- EOSQL
19+ psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " $db_name " << -EOSQL
20+ GRANT CREATE, USAGE ON SCHEMA public TO ${admin_role} ;
21+ GRANT USAGE ON SCHEMA public TO ${user_role} ;
22+
23+ ALTER DEFAULT PRIVILEGES FOR ROLE ${admin_role} IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE, TRUNCATE, TRIGGER ON TABLES TO ${admin_role} ;
24+ ALTER DEFAULT PRIVILEGES FOR ROLE ${admin_role} IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO ${user_role} ;
2725
28- psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " nrc_db" << -EOSQL
29- CREATE SCHEMA hangfire AUTHORIZATION oneground_user;
30- ALTER DEFAULT PRIVILEGES IN SCHEMA hangfire GRANT USAGE ON SEQUENCES TO oneground_user;
31- ALTER DEFAULT PRIVILEGES IN SCHEMA hangfire GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO oneground_user;
32- ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO oneground_user;
26+ ALTER DEFAULT PRIVILEGES FOR ROLE ${admin_role} IN SCHEMA public GRANT SELECT, USAGE, UPDATE ON SEQUENCES TO ${admin_role} ;
27+ ALTER DEFAULT PRIVILEGES FOR ROLE ${admin_role} IN SCHEMA public GRANT SELECT, USAGE ON SEQUENCES TO ${user_role} ;
28+
29+ ALTER DEFAULT PRIVILEGES FOR ROLE ${admin_role} IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO ${admin_role} ;
30+ ALTER DEFAULT PRIVILEGES FOR ROLE ${admin_role} IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO ${user_role} ;
31+
32+ ALTER DEFAULT PRIVILEGES FOR ROLE ${admin_role} IN SCHEMA public GRANT USAGE ON TYPES TO ${admin_role} ;
33+ ALTER DEFAULT PRIVILEGES FOR ROLE ${admin_role} IN SCHEMA public GRANT USAGE ON TYPES TO ${user_role} ;
3334EOSQL
35+ }
3436
35- psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " zrc_db" << -EOSQL
36- ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO oneground_user;
37+ grant_hangfire_permissions () {
38+ local db_name=$1
39+ psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " $db_name " << -EOSQL
40+ CREATE SCHEMA IF NOT EXISTS hangfire AUTHORIZATION oneground_user;
41+ GRANT ALL ON SCHEMA hangfire TO oneground_admin;
42+ GRANT ALL ON ALL TABLES IN SCHEMA hangfire TO oneground_admin;
43+ GRANT ALL ON ALL SEQUENCES IN SCHEMA hangfire TO oneground_admin;
44+ ALTER DEFAULT PRIVILEGES FOR ROLE oneground_admin IN SCHEMA hangfire GRANT ALL ON TABLES TO oneground_admin;
45+ ALTER DEFAULT PRIVILEGES FOR ROLE oneground_admin IN SCHEMA hangfire GRANT ALL ON SEQUENCES TO oneground_admin;
3746EOSQL
47+ }
3848
39- psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " ztc_db" << -EOSQL
40- ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO oneground_user;
49+ psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " $POSTGRES_DB " << -EOSQL
50+ CREATE ROLE oneground_admin WITH LOGIN PASSWORD 'oneground_admin' NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
51+ CREATE ROLE oneground_user WITH LOGIN PASSWORD 'oneground_user' NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
4152EOSQL
4253
43- # Keycloak
44- psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " keycloak" << -EOSQL
45- CREATE SCHEMA keycloak AUTHORIZATION postgres;
46- ALTER DEFAULT PRIVILEGES IN SCHEMA keycloak GRANT USAGE ON SEQUENCES TO postgres;
47- ALTER DEFAULT PRIVILEGES IN SCHEMA keycloak GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO postgres;
54+ DATABASES=" ac_db brc_db drc_db nrc_db zrc_db ztc_db"
55+
56+ for db in $DATABASES ; do
57+ psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " $POSTGRES_DB " " CREATE DATABASE $db ;"
58+ psql -v ON_ERROR_STOP=1 --username " $POSTGRES_USER " " $db " << -EOSQL
59+ CREATE EXTENSION IF NOT EXISTS postgis;
60+ CREATE EXTENSION IF NOT EXISTS pgcrypto;
4861EOSQL
62+ grant_permissions " $db "
63+ done
4964
65+ grant_hangfire_permissions " nrc_db"
0 commit comments