From 66c8f3d934bfdeb948e9ed53624db7543d42ab32 Mon Sep 17 00:00:00 2001 From: jem Date: Wed, 10 Jun 2020 15:14:48 +0200 Subject: [PATCH] add pg_ownership fix --- src/main/python/ddadevops/aws_rds_pg_mixin.py | 48 ++++++++++++++++--- 1 file changed, 42 insertions(+), 6 deletions(-) diff --git a/src/main/python/ddadevops/aws_rds_pg_mixin.py b/src/main/python/ddadevops/aws_rds_pg_mixin.py index 890398f..b58136f 100644 --- a/src/main/python/ddadevops/aws_rds_pg_mixin.py +++ b/src/main/python/ddadevops/aws_rds_pg_mixin.py @@ -59,23 +59,59 @@ class AwsRdsPgMixin(DevopsBuild): "GRANT " + group_role + " TO " + new_user_name + ";") print("created user:", new_user_name) - def deactivate_user(self, gopass_path_superuser, to_remove_user_name): + def deactivate_user(self, gopass_path_superuser, to_deactivate_user_name): superuser_name = gopass_field_from_path(gopass_path_superuser, 'user') superuser_password = gopass_password_from_path(gopass_path_superuser) owned_by_wrong_user = self.execute_pg_rds_sql(superuser_name, superuser_password, "SELECT count(*) FROM pg_class c, pg_user u WHERE c.relowner = u.usesysid " + - "and u.usename='" + to_remove_user_name + "';") + "and u.usename='" + to_deactivate_user_name + "';") + if int(owned_by_wrong_user) > 0: + owned_objects = self.execute_pg_rds_sql(superuser_name, superuser_password, + "SELECT c.relname FROM pg_class c, pg_user u WHERE c.relowner = u.usesysid " + + "and u.usename='" + to_deactivate_user_name + "';") raise AssertionError( - "There are still objects owned by the user to be deleted.") + "There are still objects owned by the user to be deactivated:", owned_objects,to_deactivate_user_name) connections = self.execute_pg_rds_sql(superuser_name, superuser_password, "SELECT count(*) FROM pg_stat_activity WHERE application_name = " + - "'PostgreSQL JDBC Driver' AND usename = '" + to_remove_user_name + "';") + "'PostgreSQL JDBC Driver' AND usename = '" + to_deactivate_user_name + "';") if int(connections) > 0: raise AssertionError("User is still connected.") self.execute_pg_rds_sql(superuser_name, superuser_password, - "ALTER ROLE " + to_remove_user_name + " WITH NOLOGIN NOCREATEROLE;") - print('deactivated user:', to_remove_user_name) + "ALTER ROLE " + to_deactivate_user_name + " WITH NOLOGIN NOCREATEROLE;") + print('deactivated user:', to_deactivate_user_name) + + def change_owned_objects(self, gopass_path_superuser, to_deactivate_user_name, owner): + superuser_name = gopass_field_from_path(gopass_path_superuser, 'user') + superuser_password = gopass_password_from_path(gopass_path_superuser) + + alter_objects = f"""SELECT 'ALTER TABLE ' || c.relname || ' OWNER TO {owner};' + FROM pg_class c, pg_user u + WHERE c.relowner = u.usesysid + and c.relkind = 'r' + and u.usename='{to_deactivate_user_name}' + UNION + SELECT 'ALTER INDEX ' || c.relname || ' OWNER TO {owner};' + FROM pg_class c, pg_user u + WHERE c.relowner = u.usesysid + and c.relkind = 'i' + and c.relname not like 'pg_toast%' + and u.usename='{to_deactivate_user_name}' + UNION + SELECT 'ALTER SEQUENCE ' || c.relname || ' OWNER TO {owner};' + FROM pg_class c, pg_user u + WHERE c.relowner = u.usesysid + and c.relkind = 'S' + and u.usename='{to_deactivate_user_name}';""" + + alter_stmt = self.execute_pg_rds_sql(superuser_name, superuser_password, alter_objects) + alter_stmt.strip() + + if (alter_stmt != ''): + print('apply alter statements? \n', alter_stmt) + proceed = input('\n[y/n] \n') + if(proceed == 'y'): + self.execute_pg_rds_sql(superuser_name, superuser_password, alter_stmt)