Mercurial > gemma
changeset 470:638371a0e557
Do not touch existing roles on database setup
install-db.sh used to change passwords of standard login roles
if they already existed, e.g. when running run_tests.sh, thus
breaking everything relying on the previously set passwords.
Further, the messages stating the users had been created were
misleading in such cases.
It is an error now to run std_login_roles.sql without giving
passwords as variables to be interpolated.
Simple SELECT statements are used now to emit messages, because
variable interpolation is not possible within plpgsql code.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Wed, 22 Aug 2018 18:46:30 +0200 |
parents | 788c87b99bae |
children | 1b08432a0e5d |
files | schema/install-db.sh schema/std_login_roles.sql |
diffstat | 2 files changed, 12 insertions(+), 23 deletions(-) [+] |
line wrap: on
line diff
--- a/schema/install-db.sh Wed Aug 22 18:25:51 2018 +0200 +++ b/schema/install-db.sh Wed Aug 22 18:46:30 2018 +0200 @@ -111,7 +111,10 @@ -f "$BASEDIR/gemma.sql" \ -f "$BASEDIR/manage_users.sql" \ -f "$BASEDIR/auth.sql" + + # setup initial login roles with given passwords: psql -qt -p "$port" -d "$db" \ + -v adminpw="$adminpw" -v servicepw="$servicepw" -v metapw="$metapw" \ -f "$BASEDIR/std_login_roles.sql" if [[ $demo -eq 1 ]] ; then @@ -122,16 +125,7 @@ -d "$db" fi - # set passwords: - psql -qt -p "$port" -d "$db" \ - -c "ALTER ROLE sysadmin PASSWORD '$adminpw'" - psql -qt -p "$port" -d "$db" \ - -c "ALTER ROLE gemma_service PASSWORD '$servicepw'" - psql -qt -p "$port" -d "$db" \ - -c "ALTER ROLE meta_login PASSWORD '$metapw'" - echo "Default admin user 'sysadmin' created with password '$adminpw'." - echo "Back end user 'gemma_service' created with password '$servicepw'." - echo "Back end user 'meta_login' created with password '$metapw'." + else # Evil mode: drop everything gemma echo "Really drop database '$db' and all gemma roles? [type 'yes']: "
--- a/schema/std_login_roles.sql Wed Aug 22 18:25:51 2018 +0200 +++ b/schema/std_login_roles.sql Wed Aug 22 18:46:30 2018 +0200 @@ -12,7 +12,8 @@ -- -- This initial Admin account is used to bootstrap the personalized -- accounts. -CREATE ROLE sysadmin IN ROLE sys_admin LOGIN; +CREATE ROLE sysadmin IN ROLE sys_admin LOGIN PASSWORD :'adminpw'; + -- We need an empty dummy country for the default admin, as the user is -- not supposed to work on data, it should be only used to create -- personalized accounts. @@ -30,20 +31,14 @@ -- -- Used by the back end (gemma) -CREATE ROLE gemma_service IN ROLE pw_reset LOGIN; +CREATE ROLE gemma_service IN ROLE pw_reset LOGIN PASSWORD :'servicepw'; -- Used by GeoServer and backend -CREATE ROLE meta_login IN ROLE metamorph LOGIN; +CREATE ROLE meta_login IN ROLE metamorph LOGIN PASSWORD :'metapw'; --- --- Remind the caller of his duties --- -DO language plpgsql $$ -BEGIN - RAISE NOTICE 'Don''t forget to set a password for the user "sysadmin".'; - RAISE NOTICE 'Don''t forget to set a password for the user "gemma_service".'; - RAISE NOTICE 'Don''t forget to set a password for the user "meta_login".'; -END -$$; +-- Emit messages to the client if everything went ok +SELECT 'Default admin user ''sysadmin'' created with password ' || :'adminpw'; +SELECT 'Backend user ''gemma_service'' created with password ' || :'servicepw'; +SELECT 'Backend user ''meta_login'' created with password ' || :'metapw'; COMMIT;