set search_path for default roles (#1065)

* set search_path for default roles * deployment back to 1.5.0 Co-authored-by: Felix Kunde <felix.kunde@zalando.de>
2020-08-11 10:42:31 +02:00 · 2020-08-11 10:42:31 +02:00 · dfd0dd90ed
parent 0508266219
commit dfd0dd90ed
3 changed files with 53 additions and 35 deletions
--- a/pkg/cluster/cluster.go
+++ b/pkg/cluster/cluster.go
@ -959,32 +959,42 @@ func (c *Cluster) initPreparedDatabaseRoles() error {
 	}
 	for preparedDbName, preparedDB := range c.Spec.PreparedDatabases {
 		// get list of prepared schemas to set in search_path
 		preparedSchemas := preparedDB.PreparedSchemas
 		if len(preparedDB.PreparedSchemas) == 0 {
 			preparedSchemas = map[string]acidv1.PreparedSchema{"data": {DefaultRoles: util.True()}}
 		}
 		var searchPath strings.Builder
 		searchPath.WriteString(constants.DefaultSearchPath)
 		for preparedSchemaName := range preparedSchemas {
 			searchPath.WriteString(", " + preparedSchemaName)
 		}
 		// default roles per database
-		if err := c.initDefaultRoles(defaultRoles, "admin", preparedDbName); err != nil {
+		if err := c.initDefaultRoles(defaultRoles, "admin", preparedDbName, searchPath.String()); err != nil {
 			return fmt.Errorf("could not initialize default roles for database %s: %v", preparedDbName, err)
 		}
 		if preparedDB.DefaultUsers {
-			if err := c.initDefaultRoles(defaultUsers, "admin", preparedDbName); err != nil {
+			if err := c.initDefaultRoles(defaultUsers, "admin", preparedDbName, searchPath.String()); err != nil {
 				return fmt.Errorf("could not initialize default roles for database %s: %v", preparedDbName, err)
 			}
 		}
 		// default roles per database schema
 		preparedSchemas := preparedDB.PreparedSchemas
 		if len(preparedDB.PreparedSchemas) == 0 {
 			preparedSchemas = map[string]acidv1.PreparedSchema{"data": {DefaultRoles: util.True()}}
 		}
 		for preparedSchemaName, preparedSchema := range preparedSchemas {
 			if preparedSchema.DefaultRoles == nil || *preparedSchema.DefaultRoles {
 				if err := c.initDefaultRoles(defaultRoles,
 					preparedDbName+constants.OwnerRoleNameSuffix,
-					preparedDbName+"_"+preparedSchemaName); err != nil {
+					preparedDbName+"_"+preparedSchemaName,
 					constants.DefaultSearchPath+", "+preparedSchemaName); err != nil {
 					return fmt.Errorf("could not initialize default roles for database schema %s: %v", preparedSchemaName, err)
 				}
 				if preparedSchema.DefaultUsers {
 					if err := c.initDefaultRoles(defaultUsers,
 						preparedDbName+constants.OwnerRoleNameSuffix,
-						preparedDbName+"_"+preparedSchemaName); err != nil {
+						preparedDbName+"_"+preparedSchemaName,
 						constants.DefaultSearchPath+", "+preparedSchemaName); err != nil {
 						return fmt.Errorf("could not initialize default users for database schema %s: %v", preparedSchemaName, err)
 					}
 				}
@ -994,7 +1004,7 @@ func (c *Cluster) initPreparedDatabaseRoles() error {
 	return nil
 }
-func (c *Cluster) initDefaultRoles(defaultRoles map[string]string, admin, prefix string) error {
+func (c *Cluster) initDefaultRoles(defaultRoles map[string]string, admin, prefix string, searchPath string) error {
 	for defaultRole, inherits := range defaultRoles {
@ -1023,6 +1033,7 @@ func (c *Cluster) initDefaultRoles(defaultRoles map[string]string, admin, prefix
 			Password:   util.RandomPassword(constants.PasswordLength),
 			Flags:      flags,
 			MemberOf:   memberOf,
 			Parameters: map[string]string{"search_path": searchPath},
 			AdminRole:  adminRole,
 		}
 		if currentRole, present := c.pgUsers[roleName]; present {
--- a/pkg/util/constants/roles.go
+++ b/pkg/util/constants/roles.go
@ -18,4 +18,5 @@ const (
 	ReaderRoleNameSuffix        = "_reader"
 	WriterRoleNameSuffix        = "_writer"
 	UserRoleNameSuffix          = "_user"
 	DefaultSearchPath           = "\"$user\""
 )
--- a/pkg/util/users/users.go
+++ b/pkg/util/users/users.go
@ -114,14 +114,14 @@ func (strategy DefaultUserSyncStrategy) ExecuteSyncRequests(requests []spec.PgSy
 	return nil
 }
-func (strategy DefaultUserSyncStrategy) alterPgUserSet(user spec.PgUser, db *sql.DB) (err error) {
+
 func (strategy DefaultUserSyncStrategy) alterPgUserSet(user spec.PgUser, db *sql.DB) error {
 	queries := produceAlterRoleSetStmts(user)
 	query := fmt.Sprintf(doBlockStmt, strings.Join(queries, ";"))
-	if _, err = db.Exec(query); err != nil {
+	if _, err := db.Exec(query); err != nil {
-		err = fmt.Errorf("dB error: %v, query: %s", err, query)
+		return fmt.Errorf("dB error: %v, query: %s", err, query)
 		return
 	}
-	return
+	return nil
 }
 func (strategy DefaultUserSyncStrategy) createPgUser(user spec.PgUser, db *sql.DB) error {
@ -149,6 +149,12 @@ func (strategy DefaultUserSyncStrategy) createPgUser(user spec.PgUser, db *sql.D
 		return fmt.Errorf("dB error: %v, query: %s", err, query)
 	}
 	if len(user.Parameters) > 0 {
 		if err := strategy.alterPgUserSet(user, db); err != nil {
 			return fmt.Errorf("incomplete setup for user %s: %v", user.Name, err)
 		}
 	}
 	return nil
 }