Skip to content

Commit

Permalink
fix: split auth statements
Browse files Browse the repository at this point in the history
  • Loading branch information
@jvmakine
jvmakine committed Nov 29, 2024
1 parent 7b30a33 commit 744037e
Showing 1 changed file with 14 additions and 11 deletions.
25 changes: 14 additions & 11 deletions cmd/ftl-provisioner-cloudformation/postgres.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,17 +93,20 @@ func PostgresPostUpdate(ctx context.Context, secrets *secretsmanager.Client, byN
return fmt.Errorf("failed to create database: %w", err)
}
}
if _, err := db.ExecContext(ctx, fmt.Sprintf(`
GRANT CONNECT ON DATABASE %s TO ftluser;
GRANT USAGE ON SCHEMA public TO ftluser;
GRANT USAGE ON SCHEMA public TO ftluser;
GRANT CREATE ON SCHEMA public TO ftluser;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ftluser;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO ftluser;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO ftluser;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO ftluser;
`, resourceID)); err != nil {
return fmt.Errorf("failed to grant FTL user privileges: %w", err)
statements := []string{
fmt.Sprintf("GRANT CONNECT ON DATABASE %s TO ftluser", resourceID),
"GRANT USAGE ON SCHEMA public TO ftluser",
"GRANT USAGE ON SCHEMA public TO ftluser",
"GRANT CREATE ON SCHEMA public TO ftluser",
"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ftluser",
"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO ftluser",
"ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO ftluser",
"ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO ftluser",
}
for _, stmt := range statements {
if _, err := db.ExecContext(ctx, stmt); err != nil {
return fmt.Errorf("failed to grant FTL user privileges: %w", err)
}
}
}
}
Expand Down

0 comments on commit 744037e

Please sign in to comment.