Merge "Devstack plugin set privileges to json ingester DB"
This commit is contained in:
commit
42f6d876c6
|
@ -67,7 +67,8 @@ function configure_congress {
|
|||
# database_connection_url_postgresql returns URL with wrong prefix,
|
||||
# so we do a substitution here
|
||||
local db_connection_mysql=`database_connection_url_postgresql $CONGRESS_JSON_DB_NAME`
|
||||
iniset $CONGRESS_CONF json_ingester db_connection ${db_connection_mysql/?*:\/\//postgresql:\/\/}
|
||||
CONGRESS_JSON_DB_CONNECTION_URL=${db_connection_mysql/?*:\/\//postgresql:\/\/}
|
||||
iniset $CONGRESS_CONF json_ingester db_connection $CONGRESS_JSON_DB_CONNECTION_URL
|
||||
iniset $CONGRESS_CONF json_ingester config_path "$CONGRESS_JSON_CONF_DIR"
|
||||
iniset $CONGRESS_CONF json_ingester config_reusables_path "$CONGRESS_JSON_CONF_REUSABLES_PATH"
|
||||
|
||||
|
@ -297,6 +298,11 @@ function init_congress {
|
|||
configure_database_postgresql
|
||||
fi
|
||||
recreate_database_postgresql $CONGRESS_JSON_DB_NAME utf8
|
||||
psql --set=ingester_role="$CONGRESS_JSON_INGESTER_ROLE" \
|
||||
--set=user_role="$CONGRESS_JSON_USER_ROLE" \
|
||||
--set=db_name="$CONGRESS_JSON_DB_NAME" \
|
||||
$CONGRESS_JSON_DB_CONNECTION_URL \
|
||||
-f $CONGRESS_DIR/scripts/jgress/setup_permissions.sql
|
||||
fi
|
||||
# Run Congress db migrations
|
||||
congress-db-manage --config-file $CONGRESS_CONF upgrade head
|
||||
|
|
|
@ -55,6 +55,8 @@ ENABLE_CONGRESS_JSON=$(trueorfalse False ENABLE_CONGRESS_JSON)
|
|||
CONGRESS_JSON_DB_NAME=${CONGRESS_JSON_DB_NAME:-congress_json}
|
||||
CONGRESS_JSON_CONF_DIR=$CONGRESS_CONF_DIR/json_ingesters
|
||||
CONGRESS_JSON_CONF_REUSABLES_PATH=$CONGRESS_CONF_DIR/config_reusables.yaml
|
||||
CONGRESS_JSON_USER_ROLE=${CONGRESS_JSON_USER_ROLE:-jgress_user}
|
||||
CONGRESS_JSON_INGESTER_ROLE=${CONGRESS_JSON_INGESTER_ROLE:-root}
|
||||
|
||||
|
||||
TEMPEST_DIR=$DEST/tempest
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
--Sets up jgress user role and privileges
|
||||
-- Usage:
|
||||
-- $ psql --set=ingester_role=<ingester> --set=user_role=<user> --set=db_name=<name> -f setup_permissions.sql
|
||||
--
|
||||
-- Variables:
|
||||
-- ingester_role - name of the role used by jgress ingester
|
||||
-- user_role - name of the role for users writing & evaluating policy over
|
||||
-- db_name - name of the postgres database used for jgress ingestion
|
||||
|
||||
CREATE ROLE :user_role LOGIN;
|
||||
ALTER DEFAULT PRIVILEGES FOR USER :ingester_role GRANT USAGE ON schemas TO :user_role;
|
||||
ALTER DEFAULT PRIVILEGES FOR USER :ingester_role GRANT SELECT ON tables TO :user_role;
|
||||
GRANT ALL PRIVILEGES ON DATABASE :db_name TO :user_role;
|
Loading…
Reference in New Issue