(PDB-5559) Grant read user to write user

austb · austb · commit 437e1c60c621 · 2022-12-12T17:01:59.000Z
To ensure old report partitions are removed promptly without blocking
commands and queries the write user needs the ability to cancel running
puppetdb queries. To do that the write user needs to be granted the read
user role.
diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp
@@ -99,5 +99,12 @@
       password_hash          => postgresql::postgresql_password($read_database_username, $read_database_password),
       database_owner         => $database_username
     }
+
+    -> postgresql_psql { "grant ${read_database_username} role to ${database_username}":
+      db      => $database_name,
+      command => "GRANT \"${read_database_username}\" TO \"${database_username}\"",
+      unless  => "SELECT oid, rolname FROM pg_roles WHERE
+                   pg_has_role( '${database_username}', oid, 'member') and rolname = '${read_database_username}'";
+    }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -99,5 +99,12 @@`
`99`	`99`	`password_hash => postgresql::postgresql_password($read_database_username, $read_database_password),`
`100`	`100`	`database_owner => $database_username`
`101`	`101`	`}`
	`102`	`+`
	`103`	`+ -> postgresql_psql { "grant ${read_database_username} role to ${database_username}":`
	`104`	`+ db => $database_name,`
	`105`	`+ command => "GRANT \"${read_database_username}\" TO \"${database_username}\"",`
	`106`	`+ unless => "SELECT oid, rolname FROM pg_roles WHERE`
	`107`	`+ pg_has_role( '${database_username}', oid, 'member') and rolname = '${read_database_username}'";`
	`108`	`+ }`
`102`	`109`	`}`
`103`	`110`	`}`