Skip to content

Commit e7a5af4

Browse files
apeschelapeschel
authored
Fixes for AWS RDS Permissions (#122)
1 parent cd8885d commit e7a5af4

File tree

2 files changed

+27
-12
lines changed

2 files changed

+27
-12
lines changed

pkg/postgres/aws.go

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,31 @@ func (c *awspg) AlterDefaultLoginRole(role, setRole string) error {
2929
return c.pg.AlterDefaultLoginRole(role, setRole)
3030
}
3131

32+
func (c *awspg) CreateDB(dbname, role string) error {
33+
// Have to add the master role to the group role before we can transfer the database owner
34+
err := c.GrantRole(role, c.user)
35+
if err != nil {
36+
return err
37+
}
38+
39+
return c.pg.CreateDB(dbname, role)
40+
}
41+
42+
func (c *awspg) CreateUserRole(role, password string) (string, error) {
43+
returnedRole, err := c.pg.CreateUserRole(role, password)
44+
if err != nil {
45+
return "", err
46+
}
47+
// On AWS RDS the postgres user isn't really superuser so he doesn't have permissions
48+
// to ALTER DEFAULT PRIVILEGES FOR ROLE unless he belongs to the role
49+
err = c.GrantRole(role, c.user)
50+
if err != nil {
51+
return "", err
52+
}
53+
54+
return returnedRole, nil
55+
}
56+
3257
func (c *awspg) DropRole(role, newOwner, database string, logger logr.Logger) error {
3358
// On AWS RDS the postgres user isn't really superuser so he doesn't have permissions
3459
// to REASSIGN OWNED BY unless he belongs to both roles

pkg/postgres/database.go

Lines changed: 2 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,9 @@ import (
99

1010
const (
1111
CREATE_DB = `CREATE DATABASE "%s"`
12-
CREATE_SCHEMA = `CREATE SCHEMA IF NOT EXISTS "%s"`
12+
CREATE_SCHEMA = `CREATE SCHEMA IF NOT EXISTS "%s" AUTHORIZATION "%s"`
1313
CREATE_EXTENSION = `CREATE EXTENSION IF NOT EXISTS "%s"`
1414
ALTER_DB_OWNER = `ALTER DATABASE "%s" OWNER TO "%s"`
15-
ALTER_SCHEMA_OWNER = `ALTER SCHEMA "%s" OWNER TO "%s"`
1615
DROP_DATABASE = `DROP DATABASE "%s"`
1716
GRANT_USAGE_SCHEMA = `GRANT USAGE ON SCHEMA "%s" TO "%s"`
1817
GRANT_ALL_TABLES = `GRANT %s ON ALL TABLES IN SCHEMA "%s" TO "%s"`
@@ -51,19 +50,10 @@ func (c *pg) CreateSchema(db, role, schema string, logger logr.Logger) error {
5150
}
5251
defer tmpDb.Close()
5352

54-
_, err = tmpDb.Exec(fmt.Sprintf(CREATE_SCHEMA, schema))
53+
_, err = tmpDb.Exec(fmt.Sprintf(CREATE_SCHEMA, schema, role))
5554
if err != nil {
5655
return err
5756
}
58-
59-
// Set the schema owner in a separate step, because AWS RDS breaks if
60-
// you try to create a schema and set the owner in a single command.
61-
// See: https://github.com/movetokube/postgres-operator/issues/91
62-
_, err = tmpDb.Exec(fmt.Sprintf(ALTER_SCHEMA_OWNER, schema, role))
63-
if err != nil {
64-
return err
65-
}
66-
6757
return nil
6858
}
6959

0 commit comments

Comments
 (0)