Merge pull request #298 from neicnordic/postgres_fixes

Postgres fixes
neicnordic · Sep 14, 2023 · b513ed5 · b513ed5
2 parents fe3add3 + e51c31a
commit b513ed5
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 2 deletions.
diff --git a/charts/sda-db/Chart.yaml b/charts/sda-db/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: sda-db
-version: "0.6.1"
+version: "0.6.2"
 description: Database component for Sensitive Data Archive (SDA) installation
 home: https://neic-sda.readthedocs.io
 icon: https://neic.no/assets/images/logo.png

diff --git a/charts/sda-db/templates/statefulset.yaml b/charts/sda-db/templates/statefulset.yaml
@@ -93,6 +93,10 @@ spec:
         - name: POSTGRES_VERIFY_PEER
           value: {{ .Values.global.tls.verifyPeer }}
         {{- end }}
+        {{- if .Values.global.databaseName }}
+        - name: POSTGRES_DB
+          value: {{ .Values.global.databaseName }}
+        {{- end }}
       {{- end }}
         - name: PGDATA
           value: {{ template "pgData" }}

diff --git a/charts/sda-db/values.yaml b/charts/sda-db/values.yaml
@@ -1,4 +1,5 @@
 global:
+  databaseName: ""
   postgresAdminPassword: ""
   tls:
     enabled: true
@@ -25,7 +26,7 @@ extraSecurityContext: {}
 
 image:
   repository: ghcr.io/neicnordic/sensitive-data-archive
-  tag: v0.0.83-postgres
+  tag: v0.0.85-postgres
   pullPolicy: IfNotPresent
 
 # utilize network isolation

diff --git a/postgresql/migratedb.d/10.sql b/postgresql/migratedb.d/10.sql
@@ -0,0 +1,50 @@
+DO
+$$
+DECLARE
+-- The version we know how to do migration from, at the end of a successful migration
+-- we will no longer be at this version.
+  sourcever INTEGER := 9;
+  changes VARCHAR := 'Create Inbox user';
+BEGIN
+-- No explicit transaction handling here, this all happens in a transaction
+-- automatically
+  IF (select max(version) from local_ega.dbschema_version) = sourcever then
+    RAISE NOTICE 'Doing migration from schema version % to %', sourcever, sourcever+1;
+    RAISE NOTICE 'Changes: %', changes;
+    INSERT INTO local_ega.dbschema_version VALUES(sourcever+1, now(), changes);
+
+    -- Temporary function for creating roles if they do not already exist.
+    CREATE FUNCTION create_role_if_not_exists(role_name NAME) RETURNS void AS $created$
+    BEGIN
+        IF EXISTS (
+            SELECT FROM pg_catalog.pg_roles
+            WHERE  rolname = role_name) THEN
+                RAISE NOTICE 'Role "%" already exists. Skipping.', role_name;
+        ELSE
+            BEGIN
+                EXECUTE format('CREATE ROLE %I', role_name);
+            EXCEPTION
+                WHEN duplicate_object THEN
+                    RAISE NOTICE 'Role "%" was just created by a concurrent transaction. Skipping.', role_name;
+            END;
+        END IF;
+    END;
+    $created$ LANGUAGE plpgsql;
+
+    PERFORM create_role_if_not_exists('inbox');
+    CREATE ROLE inbox;
+    GRANT USAGE ON SCHEMA sda TO inbox;
+    GRANT SELECT, INSERT, UPDATE ON sda.files TO inbox;
+    GRANT SELECT, INSERT ON sda.file_event_log TO inbox;
+    GRANT USAGE, SELECT ON SEQUENCE sda.file_event_log_id_seq TO inbox;
+    GRANT USAGE ON SCHEMA local_ega TO inbox;
+    GRANT INSERT, SELECT ON local_ega.main_to_files TO inbox;
+    GRANT USAGE, SELECT ON SEQUENCE local_ega.main_to_files_main_id_seq TO inbox;
+
+    GRANT base TO download, inbox, ingest, finalize, mapper, verify
+
+  ELSE
+    RAISE NOTICE 'Schema migration from % to % does not apply now, skipping', sourcever, sourcever+1;
+  END IF;
+END
+$$