🔨 New sql script template to remove readonly user (ITISFoundation#6500)

pcrespov · mrnicegyu11 · commit 26e7fd6b6f3c · 2024-10-14T10:37:15.000+02:00
diff --git a/.env-devel b/.env-devel
@@ -154,7 +154,7 @@ POSTGRES_PORT=5432
 POSTGRES_USER=scu
 
 POSTGRES_READONLY_PASSWORD=readonly
-POSTGRES_READONLY_USER=readonly
+POSTGRES_READONLY_USER=postgres_readonly
 
 
 RABBIT_HOST=rabbit
diff --git a/.gitignore b/.gitignore
@@ -181,6 +181,3 @@ tests/public-api/osparc_python_wheels/*
 
 # osparc-config repo files
 repo.config
-
-# scripts resolved with .env s
-services/postgres/scripts/create-readonly-user.sql
diff --git a/.vscode/settings.template.json b/.vscode/settings.template.json
@@ -9,11 +9,12 @@
   "files.associations": {
     ".*rc": "ini",
     ".env*": "ini",
+    "*.logs*": "log",
     "**/requirements/*.in": "pip-requirements",
     "**/requirements/*.txt": "pip-requirements",
     "*logs.txt": "log",
-    "*.logs*": "log",
     "*Makefile": "makefile",
+    "*sql.*": "sql",
     "docker-compose*.yml": "dockercompose",
     "Dockerfile*": "dockerfile"
   },
diff --git a/services/postgres/Makefile b/services/postgres/Makefile
@@ -7,8 +7,8 @@ ifneq (,$(wildcard $(DOT_ENV_FILE)))
 endif
 
 
-.PHONY: scripts/create-readonly-user.sql
-scripts/create-readonly-user.sql: scripts/create-readonly-user.sql.template
-	@echo "Generating SQL script from $<..."
+
+scripts/%.sql: scripts/%.sql.template
+	@echo "Generating SQL script from '$<'..."
 	@envsubst < $< > $@
-	@echo "SQL script generated as $@"
+	@echo "SQL script generated as '$@'"
diff --git a/services/postgres/scripts/.gitignore b/services/postgres/scripts/.gitignore
@@ -0,0 +1,3 @@
+*
+!.gitignore
+!*.template.*
diff --git a/services/postgres/scripts/remove-readonly-user.sql.template b/services/postgres/scripts/remove-readonly-user.sql.template
@@ -0,0 +1,16 @@
+-- Revoke all privileges the user has on the public schema
+REVOKE ALL PRIVILEGES ON SCHEMA public FROM ${POSTGRES_READONLY_USER};
+
+-- Revoke all privileges the user has on tables and sequences in the public schema
+REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM ${POSTGRES_READONLY_USER};
+REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM ${POSTGRES_READONLY_USER};
+
+-- Revoke any future privileges set via ALTER DEFAULT PRIVILEGES
+ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON TABLES FROM ${POSTGRES_READONLY_USER};
+ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON SEQUENCES FROM ${POSTGRES_READONLY_USER};
+
+-- Drop the user
+DROP USER ${POSTGRES_READONLY_USER};
+
+-- Listing all users
+SELECT * FROM pg_roles;

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+*`
	`2`	`+!.gitignore`
	`3`	`+!.template.`