Browse Source

postgresql: Add option to give a user the SUPERUSER permission

This is necessary for databases used to test Ruby on Rails
applications :(
pjones/monitoring
Peter J. Jones 11 months ago
parent
commit
9745341307
Signed by: Peter Jones <pjones@devalot.com> GPG Key ID: 9DAFAA8D01941E49

+ 15
- 1
modules/services/databases/postgresql/create-user.sh View File

@@ -9,6 +9,7 @@ option_password_file=""
option_database=""
option_extensions=""
option_sqlfile="@out@/sql/create-user.sql"
option_superuser=0

################################################################################
usage () {
@@ -20,12 +21,13 @@ Usage: create-user.sh [options]
-h This message
-p FILE File containing USER's password
-s FILE The SQL template file (pg-create-user.sql)
-S Give USER super powers
-u USER Username to create
EOF
}

################################################################################
while getopts "d:e:hp:s:u:" o; do
while getopts "d:e:hp:s:Su:" o; do
case "${o}" in
d) option_database=$OPTARG
;;
@@ -43,6 +45,9 @@ while getopts "d:e:hp:s:u:" o; do
s) option_sqlfile=$OPTARG
;;

S) option_superuser=1
;;

u) option_username=$OPTARG
;;

@@ -91,8 +96,17 @@ mksql() {

################################################################################
create_user() {
local superuser

if [ "$option_superuser" -eq 1 ]; then
superuser="SUPERUSER"
else
superuser="NOSUPERUSER"
fi

mksql
_psql -d postgres -f "$tmp_sql_file" > /dev/null
_psql -d postgres -c "ALTER ROLE $option_username $superuser"
}

################################################################################

+ 17
- 1
modules/services/databases/postgresql/default.nix View File

@@ -62,6 +62,21 @@ let
description = "A list of extension modules to enable for the database.";
};

superuser = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Allow this user to be a superuser.

WARNING: You probably don't want to enable this. However,
you may have no choice in some situations. For
example, when running tests in a Ruby on Rails application
the test user needs superuser privileges in order to disable
referential integrity (yuck).
'';
};

netmask = mkOption {
type = types.nullOr types.str;
default = null;
@@ -98,7 +113,8 @@ let
-u "${account.user}" \
-d "${account.database}" \
-p "${account.passwordFile}" \
-e "${concatStringsSep " " account.extensions}"
-e "${concatStringsSep " " account.extensions}" \
-S "${toString account.superuser}"
'';

in

Loading…
Cancel
Save