[DPE-3927] Collect readonly dbs #228
Conversation
actions.yaml
Outdated
| update-readonly-dbs: | ||
| description: Update unrelated readonly databases in the backend Postgresql server. |
There was a problem hiding this comment.
Action so the used doesn't need to wait for update status.
There was a problem hiding this comment.
Actions must be approved by Mohamed and Mykola.
Maybe: https://github.com/PietroPasotti/resurrect ?
There was a problem hiding this comment.
Got agreement in principle, but moving the action in a separate PR (#236) until everyone agrees on the specifics.
| "host": r_hosts, | ||
| "dbname": name, | ||
| "port": r_port, | ||
| "auth_dbname": databases["*"]["auth_dbname"], |
There was a problem hiding this comment.
We need an auth_dbname, since the new readonly dbs don't have the query injected.
There was a problem hiding this comment.
Is it a time to discuss the idea to put auth_query into template1 and make it always available?
There was a problem hiding this comment.
I suspect that even with that, we may lack some permission to execute the query due to the following statement from the PostgreSQL documentation:
However, CREATE DATABASE does not copy database-level GRANT permissions attached to the source database. The new database has default database-level permissions.
dragomirp
requested review from
taurus-forever,
marceloneppel and
lucasgameiroborges
dragomirp
force-pushed
the
dpe-3927-readonly_dbs
branch
from
a66c0e4 to
01d90a4
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #228 +/- ##
==========================================
- Coverage 69.41% 68.45% -0.97%
==========================================
Files 7 7
Lines 1102 1135 +33
Branches 189 201 +12
==========================================
+ Hits 765 777 +12
- Misses 259 279 +20
- Partials 78 79 +1 ☔ View full report in Codecov by Sentry. |
| "host": r_hosts, | ||
| "dbname": name, | ||
| "port": r_port, | ||
| "auth_dbname": databases["*"]["auth_dbname"], |
There was a problem hiding this comment.
Is it a time to discuss the idea to put auth_query into template1 and make it always available?
| @@ -2,6 +2,9 @@ | |||
| {% for name, database in databases.items() -%} | |||
| {{ name }} = host={{ database.host }} {% if database.dbname %}dbname={{ database.dbname }}{% else %}auth_dbname={{ database.auth_dbname }}{% endif %} port={{ database.port }} auth_user={{ database.auth_user }} | |||
| {% endfor %} | |||
| {% for name, database in readonly_databases.items() -%} | |||
| {{ name }} = host={{ database.host }} dbname={{ database.dbname }} auth_dbname={{ database.auth_dbname }} port={{ database.port }} auth_user={{ database.auth_user }} | |||
| {% endfor %} | |||
There was a problem hiding this comment.
I would be great to make sure PGB is OK having 100 lines in the config.
Collect read only dbs from the backend postgresql when wildcard dbs are enabled.
Split off of #210 for easier review.