Update creation script for schema_deployer (#1019)

* Update creation script for schema_deployer

Move the create user command for schema_deployer before the
initialization of roles. As the owner of all schema objects, it needs to
be present before grant statements are executed.

Also fixed a bug in credential printing, which fails when the password
contains '%'.

core/src/main/java/google/registry/tools/GetSqlCredentialCommand.java

@@ -75,7 +75,7 @@ public class GetSqlCredentialCommand implements Command {
             "%s %s %s", cloudSqlInstanceConnectionName, credential.login(), credential.password());
 
     if (outputPath == null) {
-      System.out.printf(outputText);
+      System.out.print(outputText);
       return;
     }
     try (FileOutputStream out = new FileOutputStream(outputPath.toFile())) {

db/src/main/resources/sql/user/create_schema_deployer_user.sql

@@ -1,24 +0,0 @@
--- Copyright 2019 The Nomulus Authors. All Rights Reserved.
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
--- You may obtain a copy of the License at
---
---     http://www.apache.org/licenses/LICENSE-2.0
---
--- Unless required by applicable law or agreed to in writing, software
--- distributed under the License is distributed on an "AS IS" BASIS,
--- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--- See the License for the specific language governing permissions and
--- limitations under the License.
---
--- Script to create a user with read-only permission to all tables. The
--- initialize_roles.sql script creates the readonly role used here.
-
--- Comment out line below if user already exists:
-CREATE USER schema_deployer ENCRYPTED PASSWORD :'password';
--- Comment out line above and uncomment line below if user has been created
--- from Cloud Dashboard:
--- ALTER USER :username NOCREATEDB NOCREATEROLE;
-GRANT CONNECT ON DATABASE postgres TO schema_deployer;
-GRANT CREATE, USAGE ON SCHEMA public TO schema_deployer;

db/src/main/resources/sql/user/initialize_roles.sql

@@ -19,18 +19,31 @@
 -- Prevent backdoor grants through the implicit 'public' role.
 REVOKE ALL PRIVILEGES ON SCHEMA public from public;
 
+-- Create the schema_deployer user, which will be used by the automated schema
+-- deployment process. This creation must come before the grants below.
+-- Comment out line below if user already exists:
+CREATE USER schema_deployer ENCRYPTED PASSWORD :'password';
+-- Comment out line above and uncomment line below if user has been created
+-- from Cloud Dashboard:
+-- ALTER USER schema_deployer NOCREATEDB NOCREATEROLE;
+GRANT CONNECT ON DATABASE postgres TO schema_deployer;
+GRANT CREATE, USAGE ON SCHEMA public TO schema_deployer;
+-- The 'postgres' user in Cloud SQL/postgres is not a true super user, and
+-- cannot grant access to schema_deployer's objects without taking on its role.
+GRANT schema_deployer to postgres;
+
 CREATE ROLE readonly;
 GRANT CONNECT ON DATABASE postgres TO readonly;
 GRANT USAGE ON SCHEMA public TO readonly;
 GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO readonly;
 ALTER DEFAULT PRIVILEGES
   IN SCHEMA public
-  FOR USER postgres
+  FOR USER schema_deployer
   GRANT USAGE, SELECT ON SEQUENCES TO readonly;
 GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly;
 ALTER DEFAULT PRIVILEGES
   IN SCHEMA public
-  FOR USER postgres
+  FOR USER schema_deployer
   GRANT SELECT ON TABLES TO readonly;
 
 CREATE ROLE readwrite;
@@ -39,10 +52,10 @@ GRANT USAGE ON SCHEMA public TO readwrite;
 GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO readwrite;
 ALTER DEFAULT PRIVILEGES
   IN SCHEMA public
-  FOR USER postgres
+  FOR USER schema_deployer
   GRANT USAGE, SELECT ON SEQUENCES TO readwrite;
 GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO readwrite;
 ALTER DEFAULT PRIVILEGES
   IN SCHEMA public
-  FOR USER postgres
+  FOR USER schema_deployer
   GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO readwrite;