Skip to content

Commit 283463b

Browse files
author
Lucas Gameiro
authored
[DPE-5387] Grants priviledges to non-public schemas (#647)
1 parent 88f1a76 commit 283463b

File tree

1 file changed

+18
-10
lines changed

1 file changed

+18
-10
lines changed

lib/charms/postgresql_k8s/v0/postgresql.py

Lines changed: 18 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@
3636

3737
# Increment this PATCH version before using `charmcraft publish-lib` or reset
3838
# to 0 if you are raising the major API version
39-
LIBPATCH = 36
39+
LIBPATCH = 37
4040

4141
INVALID_EXTRA_USER_ROLE_BLOCKING_MESSAGE = "invalid role(s) for extra user roles"
4242

@@ -393,24 +393,32 @@ def _generate_database_privileges_statements(
393393
SET lomowner = (SELECT oid FROM pg_roles WHERE rolname = '{}')
394394
WHERE lomowner = (SELECT oid FROM pg_roles WHERE rolname = '{}');""".format(user, self.user)
395395
)
396+
for schema in schemas:
397+
statements.append(
398+
sql.SQL("ALTER SCHEMA {} OWNER TO {};").format(
399+
sql.Identifier(schema), sql.Identifier(user)
400+
)
401+
)
396402
else:
397403
for schema in schemas:
398404
schema = sql.Identifier(schema)
399-
statements.append(
405+
statements.extend([
400406
sql.SQL("GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA {} TO {};").format(
401407
schema, sql.Identifier(user)
402-
)
403-
)
404-
statements.append(
408+
),
405409
sql.SQL("GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {} TO {};").format(
406410
schema, sql.Identifier(user)
407-
)
408-
)
409-
statements.append(
411+
),
410412
sql.SQL("GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA {} TO {};").format(
411413
schema, sql.Identifier(user)
412-
)
413-
)
414+
),
415+
sql.SQL("GRANT USAGE ON SCHEMA {} TO {};").format(
416+
schema, sql.Identifier(user)
417+
),
418+
sql.SQL("GRANT CREATE ON SCHEMA {} TO {};").format(
419+
schema, sql.Identifier(user)
420+
),
421+
])
414422
return statements
415423

416424
def get_last_archived_wal(self) -> str:

0 commit comments

Comments
 (0)