Skip to content

Commit

Permalink
Refs #37883 - connect to remote db for evr perms check via env vars
Browse files Browse the repository at this point in the history
  • Loading branch information
ianballou committed Nov 1, 2024
1 parent 3212405 commit ea941fd
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 59 deletions.
44 changes: 44 additions & 0 deletions hooks/boot/01-kafo-hook-extensions.rb
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,50 @@ def log_and_say(level, message, do_say = true, do_log = true)
Kafo::KafoConfigure.logger.send(level, message) if do_log
end

def load_db_config(db)
case db
when 'foreman'
module_name = 'foreman'
user_param = 'username'
db_param = 'database'
param_prefix = 'db_'
when 'candlepin'
module_name = 'katello'
user_param = 'user'
db_param = 'name'
param_prefix = 'candlepin_db_'
when 'pulpcore'
module_name = 'foreman_proxy_content'
user_param = 'user'
db_param = 'db_name'
param_prefix = 'pulpcore_postgresql_'
else
raise "installer module unknown for db: #{db}"
end

{
host: param_value(module_name, "#{param_prefix}host") || 'localhost',
port: param_value(module_name, "#{param_prefix}port") || 5432,
database: param_value(module_name, "#{param_prefix}#{db_param}") || db,
username: param_value(module_name, "#{param_prefix}#{user_param}"),
password: param_value(module_name, "#{param_prefix}password"),
}
end

def pg_env(config)
{
'PGHOST' => config.fetch(:host, 'localhost'),
'PGPORT' => config.fetch(:port, '5432').to_s,
'PGUSER' => config[:username],
'PGPASSWORD' => config[:password],
'PGDATABASE' => config[:database],
}
end

def pg_sql_statement(statement)
"psql -t -c \"#{statement}\""
end

def execute!(command, do_say = true, do_log = true, extra_env = {})
stdout_stderr, status = execute_command(command, do_say, do_log, extra_env)

Expand Down
44 changes: 0 additions & 44 deletions hooks/pre/10-reset_data.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,36 +10,6 @@ def reset
reset_pulpcore if pulpcore_enabled?
end

def load_db_config(db)
case db
when 'foreman'
module_name = 'foreman'
user_param = 'username'
db_param = 'database'
param_prefix = 'db_'
when 'candlepin'
module_name = 'katello'
user_param = 'user'
db_param = 'name'
param_prefix = 'candlepin_db_'
when 'pulpcore'
module_name = 'foreman_proxy_content'
user_param = 'user'
db_param = 'db_name'
param_prefix = 'pulpcore_postgresql_'
else
raise "installer module unknown for db: #{db}"
end

{
host: param_value(module_name, "#{param_prefix}host") || 'localhost',
port: param_value(module_name, "#{param_prefix}port") || 5432,
database: param_value(module_name, "#{param_prefix}#{db_param}") || db,
username: param_value(module_name, "#{param_prefix}#{user_param}"),
password: param_value(module_name, "#{param_prefix}password"),
}
end

def empty_db_in_postgresql(db)
logger.notice "Dropping #{db} database!"

Expand All @@ -56,20 +26,6 @@ def reset_candlepin
empty_db_in_postgresql('candlepin')
end

def pg_env(config)
{
'PGHOST' => config.fetch(:host, 'localhost'),
'PGPORT' => config.fetch(:port, '5432').to_s,
'PGUSER' => config[:username],
'PGPASSWORD' => config[:password],
'PGDATABASE' => config[:database],
}
end

def pg_sql_statement(statement)
"psql -t -c \"#{statement}\""
end

# WARNING: deletes all the data owned by the user. No warnings. No confirmations.
def empty_database!(config)
delete_statement = 'DROP OWNED BY CURRENT_USER CASCADE;'
Expand Down
31 changes: 16 additions & 15 deletions hooks/pre_commit/42-evr_extension_permissions.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,29 +2,30 @@
return if local_postgresql?

database = param_value('foreman', 'db_database') || 'foreman'
username = param_value('foreman', 'db_username') || 'foreman'
password = param_value('foreman', 'db_password')
host = param_value('foreman', 'db_host')
port = param_value('foreman', 'db_port') || 5432
config = load_db_config(database)

# If postgres is the owner of the DB, then the permissions will not matter.
return if username == 'postgres'
return if config[:username] == 'postgres'

check_evr_owner_sql = "SELECT CASE" \
" WHEN r.rolname = 'postgres' THEN 1" \
" ELSE 0" \
" WHEN r.rolname = '#{config[:username]}' THEN 0" \
" ELSE 1" \
" END AS evr_owned_by_postgres" \
" FROM pg_extension e" \
" JOIN pg_roles r ON e.extowner = r.oid" \
" WHERE e.extname = 'evr';"

command = "PGPASSWORD='#{password}' psql -U #{username} -h #{host} -p #{port} -d #{database} -t -c \"#{check_evr_owner_sql}\""
command = pg_sql_statement(check_evr_owner_sql)
logger.debug "Checking if the evr extension is owned by the postgres user via #{command}"
output, = execute_command(command, false, true)
unless output.nil?
if output.strip == '1'
fail_and_exit("The evr extension is owned by postgres and not the foreman DB owner. Please run the following command to fix it: " \
"UPDATE pg_extension SET extowner = (SELECT oid FROM pg_authid WHERE rolname='#{username}');")
end
end
output, = execute_command(command, false, true, pg_env(config))

case output&.strip
when '0'
# The evr extension is owned by the foreman DB owner, so we can skip this check.
return
when '1'
fail_and_exit("The evr extension is not owned by the #{database} DB owner. Please run the following command to fix it: " \
"UPDATE pg_extension SET extowner = (SELECT oid FROM pg_authid WHERE rolname='#{config[:username]}');")
else
fail_and_exit("Failed to check the ownership of the evr extension.")
end

0 comments on commit ea941fd

Please sign in to comment.