Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add extra_db_users variable to pass through any DB users that need da… #81

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add extra_db_users variable to pass through any DB users that need da… #81

wants to merge 1 commit into from

Conversation

mattholmes15
Copy link
Contributor

…tabase permissions

Signed-off-by: Matt Holmes matthew.holmes@engineering.digital.dwp.gov.uk

@mattholmes15
Add extra_db_users variable to pass through any DB users that need da…
d066e49 
…tabase permissions

Signed-off-by: Matt Holmes <matthew.holmes@engineering.digital.dwp.gov.uk>
dan-hill2802
dan-hill2802 reviewed Aug 9, 2022
View reviewed changes
Copy link
Contributor

@dan-hill2802 dan-hill2802 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rather than a string, would a list of maps be better? e.g. [{ user = "portal", access = "ALL" }]
Would also need to ensure it doesn't allow for SQL injection

@mattholmes15 mattholmes15 marked this pull request as draft August 10, 2022 08:10
@mattholmes15
Copy link
Contributor Author

mattholmes15 commented Aug 10, 2022
edited
Loading

Rather than a string, would a list of maps be better? e.g. [{ user = "portal", access = "ALL" }] Would also need to ensure it doesn't allow for SQL injection

Possibly - what varying degrees of access are you expecting though, apart from ALL? Would this then be passed into the psql command? My plan was to pass in the DB Users into the entrypoint file, and then run a for loop for each user to assign the permissions that's originally ran in the EC2 User data - 'access' sounds like we would grant different privileges which would change what psql command is ran

@mattholmes15
Copy link
Contributor Author

mattholmes15 commented Aug 10, 2022
edited
Loading

Possibly something a long the lines of GRANT ${access} PRIVILEGES ON TABLES, where ${access} can be ALL, or SELECT, INSERT, etc when taken from the list of maps, although that may be difficult in Bash

@mattholmes15 mattholmes15 force-pushed the feature/migration-updates branch from 891d12c to d066e49 Compare August 10, 2022 12:59
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dan-hill2802 dan-hill2802 dan-hill2802 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mattholmes15 @dan-hill2802