From 6bee440194eef59da0d8551eca924c3ba81d9425 Mon Sep 17 00:00:00 2001 From: Weimin Yu Date: Thu, 18 Mar 2021 22:24:03 -0400 Subject: [PATCH] Update creation script for schema_deployer (#1019) * Update creation script for schema_deployer Move the create user command for schema_deployer before the initialization of roles. As the owner of all schema objects, it needs to be present before grant statements are executed. Also fixed a bug in credential printing, which fails when the password contains '%'. --- .../tools/GetSqlCredentialCommand.java | 2 +- .../sql/user/create_schema_deployer_user.sql | 24 ------------------- .../resources/sql/user/initialize_roles.sql | 21 ++++++++++++---- 3 files changed, 18 insertions(+), 29 deletions(-) delete mode 100644 db/src/main/resources/sql/user/create_schema_deployer_user.sql diff --git a/core/src/main/java/google/registry/tools/GetSqlCredentialCommand.java b/core/src/main/java/google/registry/tools/GetSqlCredentialCommand.java index 775df6cfe..da8a082c1 100644 --- a/core/src/main/java/google/registry/tools/GetSqlCredentialCommand.java +++ b/core/src/main/java/google/registry/tools/GetSqlCredentialCommand.java @@ -75,7 +75,7 @@ public class GetSqlCredentialCommand implements Command { "%s %s %s", cloudSqlInstanceConnectionName, credential.login(), credential.password()); if (outputPath == null) { - System.out.printf(outputText); + System.out.print(outputText); return; } try (FileOutputStream out = new FileOutputStream(outputPath.toFile())) { diff --git a/db/src/main/resources/sql/user/create_schema_deployer_user.sql b/db/src/main/resources/sql/user/create_schema_deployer_user.sql deleted file mode 100644 index 535a91d1c..000000000 --- a/db/src/main/resources/sql/user/create_schema_deployer_user.sql +++ /dev/null @@ -1,24 +0,0 @@ --- Copyright 2019 The Nomulus Authors. All Rights Reserved. --- --- Licensed under the Apache License, Version 2.0 (the "License"); --- you may not use this file except in compliance with the License. --- You may obtain a copy of the License at --- --- http://www.apache.org/licenses/LICENSE-2.0 --- --- Unless required by applicable law or agreed to in writing, software --- distributed under the License is distributed on an "AS IS" BASIS, --- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. --- See the License for the specific language governing permissions and --- limitations under the License. --- --- Script to create a user with read-only permission to all tables. The --- initialize_roles.sql script creates the readonly role used here. - --- Comment out line below if user already exists: -CREATE USER schema_deployer ENCRYPTED PASSWORD :'password'; --- Comment out line above and uncomment line below if user has been created --- from Cloud Dashboard: --- ALTER USER :username NOCREATEDB NOCREATEROLE; -GRANT CONNECT ON DATABASE postgres TO schema_deployer; -GRANT CREATE, USAGE ON SCHEMA public TO schema_deployer; diff --git a/db/src/main/resources/sql/user/initialize_roles.sql b/db/src/main/resources/sql/user/initialize_roles.sql index eaaa09c74..cc07bd629 100644 --- a/db/src/main/resources/sql/user/initialize_roles.sql +++ b/db/src/main/resources/sql/user/initialize_roles.sql @@ -19,18 +19,31 @@ -- Prevent backdoor grants through the implicit 'public' role. REVOKE ALL PRIVILEGES ON SCHEMA public from public; +-- Create the schema_deployer user, which will be used by the automated schema +-- deployment process. This creation must come before the grants below. +-- Comment out line below if user already exists: +CREATE USER schema_deployer ENCRYPTED PASSWORD :'password'; +-- Comment out line above and uncomment line below if user has been created +-- from Cloud Dashboard: +-- ALTER USER schema_deployer NOCREATEDB NOCREATEROLE; +GRANT CONNECT ON DATABASE postgres TO schema_deployer; +GRANT CREATE, USAGE ON SCHEMA public TO schema_deployer; +-- The 'postgres' user in Cloud SQL/postgres is not a true super user, and +-- cannot grant access to schema_deployer's objects without taking on its role. +GRANT schema_deployer to postgres; + CREATE ROLE readonly; GRANT CONNECT ON DATABASE postgres TO readonly; GRANT USAGE ON SCHEMA public TO readonly; GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO readonly; ALTER DEFAULT PRIVILEGES IN SCHEMA public - FOR USER postgres + FOR USER schema_deployer GRANT USAGE, SELECT ON SEQUENCES TO readonly; GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly; ALTER DEFAULT PRIVILEGES IN SCHEMA public - FOR USER postgres + FOR USER schema_deployer GRANT SELECT ON TABLES TO readonly; CREATE ROLE readwrite; @@ -39,10 +52,10 @@ GRANT USAGE ON SCHEMA public TO readwrite; GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO readwrite; ALTER DEFAULT PRIVILEGES IN SCHEMA public - FOR USER postgres + FOR USER schema_deployer GRANT USAGE, SELECT ON SEQUENCES TO readwrite; GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO readwrite; ALTER DEFAULT PRIVILEGES IN SCHEMA public - FOR USER postgres + FOR USER schema_deployer GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO readwrite;