From 64321c74c147d931341b9554b22580b54208b491 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Tue, 21 Nov 2023 04:00:07 +0000 Subject: [PATCH] fix: db grant problem with function; wallet opeator permission --- database-grants/terraform/prod/extra/main.tf | 104 ++++++++++++++++++ database-grants/terraform/prod/main.tf | 7 -- .../terraform/prod/schemas/query/main.tf | 88 --------------- .../terraform/prod/schemas/query/provider.tf | 8 -- 4 files changed, 104 insertions(+), 103 deletions(-) delete mode 100644 database-grants/terraform/prod/schemas/query/main.tf delete mode 100644 database-grants/terraform/prod/schemas/query/provider.tf diff --git a/database-grants/terraform/prod/extra/main.tf b/database-grants/terraform/prod/extra/main.tf index 3ee78b2..3e575c0 100644 --- a/database-grants/terraform/prod/extra/main.tf +++ b/database-grants/terraform/prod/extra/main.tf @@ -22,3 +22,107 @@ resource "postgresql_grant" "wallet-operator-seq" { privileges = ["USAGE", "SELECT"] } + +resource "postgresql_grant" "wallet-operator-schema-public" { + database = "treetracker" + role = "wallet_operator" + schema = "public" + object_type = "schema" + privileges = ["USAGE", "CREATE"] +} + +resource "postgresql_grant" "wallet-operator-table-public" { + database = "treetracker" + role = "wallet_operator" + schema = "public" + object_type = "table" + privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"] +} + + +resource "postgresql_grant" "wallet-operator-seq-public" { + database = "treetracker" + role = "wallet_operator" + schema = "public" + object_type = "sequence" + privileges = ["USAGE", "SELECT"] + +} + + +resource "postgresql_grant" "wallet-operator-schema-herbarium" { + database = "treetracker" + role = "wallet_operator" + schema = "herbarium" + object_type = "schema" + privileges = ["USAGE", "CREATE"] +} + +resource "postgresql_grant" "wallet-operator-table-herbarium" { + database = "treetracker" + role = "wallet_operator" + schema = "herbarium" + object_type = "table" + privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"] +} + + +resource "postgresql_grant" "wallet-operator-seq-herbarium" { + database = "treetracker" + role = "wallet_operator" + schema = "herbarium" + object_type = "sequence" + privileges = ["USAGE", "SELECT"] +} + + +resource "postgresql_grant" "wallet-operator-schema-stakeholder" { + database = "treetracker" + role = "wallet_operator" + schema = "stakeholder" + object_type = "schema" + privileges = ["USAGE", "CREATE"] +} + +resource "postgresql_grant" "wallet-operator-table-stakeholder" { + database = "treetracker" + role = "wallet_operator" + schema = "stakeholder" + object_type = "table" + privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"] +} + + +resource "postgresql_grant" "wallet-operator-seq-stakeholder" { + database = "treetracker" + role = "wallet_operator" + schema = "stakeholder" + object_type = "sequence" + privileges = ["USAGE", "SELECT"] +} + + +resource "postgresql_grant" "wallet-operator-schema-treetracker" { + database = "treetracker" + role = "wallet_operator" + schema = "treetracker" + object_type = "schema" + privileges = ["USAGE", "CREATE"] +} + +resource "postgresql_grant" "wallet-operator-table-treetracker" { + database = "treetracker" + role = "wallet_operator" + schema = "treetracker" + object_type = "table" + privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"] +} + + +resource "postgresql_grant" "wallet-operator-seq-treetracker" { + database = "treetracker" + role = "wallet_operator" + schema = "treetracker" + object_type = "sequence" + privileges = ["USAGE", "SELECT"] +} diff --git a/database-grants/terraform/prod/main.tf b/database-grants/terraform/prod/main.tf index 46ea5ed..9a55a88 100644 --- a/database-grants/terraform/prod/main.tf +++ b/database-grants/terraform/prod/main.tf @@ -56,13 +56,6 @@ module "messaging_schema" { } } -module "query_schema" { - source = "./schemas/query" - providers = { - postgresql = postgresql.treetracker - } -} - module "stakeholder_schema" { source = "./schemas/stakeholder" providers = { diff --git a/database-grants/terraform/prod/schemas/query/main.tf b/database-grants/terraform/prod/schemas/query/main.tf deleted file mode 100644 index d636a82..0000000 --- a/database-grants/terraform/prod/schemas/query/main.tf +++ /dev/null @@ -1,88 +0,0 @@ - -module "microservice_schema" { - source = "./../../modules/microservice_schema" - schema = "query" -} - -resource "postgresql_grant" "query_messaging_schema" { - database = "treetracker" - role = "s_query" - schema = "messaging" - object_type = "schema" - privileges = ["USAGE"] -} - -resource "postgresql_grant" "query_messaging_tables" { - database = "treetracker" - role = "s_query" - schema = "messaging" - object_type = "table" - privileges = ["SELECT"] -} - -resource "postgresql_grant" "query_treetracker_schema" { - database = "treetracker" - role = "s_query" - schema = "treetracker" - object_type = "schema" - privileges = ["USAGE"] -} - -resource "postgresql_grant" "query_treetracker_tables" { - database = "treetracker" - role = "s_query" - schema = "treetracker" - object_type = "table" - privileges = ["SELECT"] -} - -resource "postgresql_grant" "query_stakeholder_schema" { - database = "treetracker" - role = "s_query" - schema = "stakeholder" - object_type = "schema" - privileges = ["USAGE"] -} - -resource "postgresql_grant" "query_stakeholder_tables" { - database = "treetracker" - role = "s_query" - schema = "stakeholder" - object_type = "table" - privileges = ["SELECT"] -} - -resource "postgresql_grant" "query_regions_schema" { - database = "treetracker" - role = "s_query" - schema = "regions" - object_type = "schema" - privileges = ["USAGE"] -} - -resource "postgresql_grant" "query_regions_tables" { - database = "treetracker" - role = "s_query" - schema = "regions" - object_type = "table" - privileges = ["SELECT"] -} - -resource "postgresql_grant" "query_public_schema" { - database = "treetracker" - role = "s_query" - schema = "public" - object_type = "schema" - privileges = ["USAGE"] -} - -resource "postgresql_grant" "query_public_function" { - database = "treetracker" - role = "s_query" - schema = "public" - object_type = "function" - privileges = ["EXECUTE"] -} - - - diff --git a/database-grants/terraform/prod/schemas/query/provider.tf b/database-grants/terraform/prod/schemas/query/provider.tf deleted file mode 100644 index 7c80654..0000000 --- a/database-grants/terraform/prod/schemas/query/provider.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - postgresql = { - source = "cyrilgdn/postgresql" - version = "1.11.0" - } - } -}