Mercurial > gemma

changeset 470:638371a0e557

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Do not touch existing roles on database setup install-db.sh used to change passwords of standard login roles if they already existed, e.g. when running run_tests.sh, thus breaking everything relying on the previously set passwords. Further, the messages stating the users had been created were misleading in such cases. It is an error now to run std_login_roles.sql without giving passwords as variables to be interpolated. Simple SELECT statements are used now to emit messages, because variable interpolation is not possible within plpgsql code.
author Tom Gottfried <tom@intevation.de>
date Wed, 22 Aug 2018 18:46:30 +0200
parents 788c87b99bae
children 1b08432a0e5d
files schema/install-db.sh schema/std_login_roles.sql
diffstat 2 files changed, 12 insertions(+), 23 deletions(-) [+]
line wrap: on
line diff
--- a/schema/install-db.sh	Wed Aug 22 18:25:51 2018 +0200
+++ b/schema/install-db.sh	Wed Aug 22 18:46:30 2018 +0200
@@ -111,7 +111,10 @@
        -f "$BASEDIR/gemma.sql" \
        -f "$BASEDIR/manage_users.sql" \
        -f "$BASEDIR/auth.sql"
+
+  # setup initial login roles with given passwords:
   psql -qt -p "$port" -d "$db" \
+       -v adminpw="$adminpw" -v servicepw="$servicepw" -v metapw="$metapw" \
        -f "$BASEDIR/std_login_roles.sql"
 
   if [[ $demo -eq 1 ]] ; then
@@ -122,16 +125,7 @@
          -d "$db"
 
   fi
-  # set passwords:
-  psql -qt -p "$port" -d "$db" \
-       -c "ALTER ROLE sysadmin PASSWORD '$adminpw'"
-  psql -qt -p "$port" -d "$db" \
-       -c "ALTER ROLE gemma_service PASSWORD '$servicepw'"
-  psql -qt -p "$port" -d "$db" \
-       -c "ALTER ROLE meta_login PASSWORD '$metapw'"
-  echo "Default admin user 'sysadmin' created with password '$adminpw'."
-  echo "Back end user 'gemma_service' created with password '$servicepw'."
-  echo "Back end user 'meta_login' created with password '$metapw'."
+
 else
   # Evil mode: drop everything gemma
   echo "Really drop database '$db' and all gemma roles? [type 'yes']: "
--- a/schema/std_login_roles.sql	Wed Aug 22 18:25:51 2018 +0200
+++ b/schema/std_login_roles.sql	Wed Aug 22 18:46:30 2018 +0200
@@ -12,7 +12,8 @@
 --
 -- This initial Admin account is used to bootstrap the personalized
 -- accounts.
-CREATE ROLE sysadmin IN ROLE sys_admin LOGIN;
+CREATE ROLE sysadmin IN ROLE sys_admin LOGIN PASSWORD :'adminpw';
+
 -- We need an empty dummy country for the default admin, as the user is
 -- not supposed to work on data, it should be only used to create
 -- personalized accounts.
@@ -30,20 +31,14 @@
 --
 
 -- Used by the back end (gemma)
-CREATE ROLE gemma_service IN ROLE pw_reset LOGIN;
+CREATE ROLE gemma_service IN ROLE pw_reset LOGIN PASSWORD :'servicepw';
 
 -- Used by GeoServer and backend
-CREATE ROLE meta_login IN ROLE metamorph LOGIN;
+CREATE ROLE meta_login IN ROLE metamorph LOGIN PASSWORD :'metapw';
 
---
--- Remind the caller of his duties
---
-DO language plpgsql $$
-BEGIN
-  RAISE NOTICE 'Don''t forget to set a password for the user "sysadmin".';
-  RAISE NOTICE 'Don''t forget to set a password for the user "gemma_service".';
-  RAISE NOTICE 'Don''t forget to set a password for the user "meta_login".';
-END
-$$;
+-- Emit messages to the client if everything went ok
+SELECT 'Default admin user ''sysadmin'' created with password ' || :'adminpw';
+SELECT 'Backend user ''gemma_service'' created with password ' || :'servicepw';
+SELECT 'Backend user ''meta_login'' created with password ' || :'metapw';
 
 COMMIT;