add pg_ownership fix

This commit is contained in:
jem 2020-06-10 15:14:48 +02:00
parent be1c8d505a
commit 66c8f3d934

View file

@ -59,23 +59,59 @@ class AwsRdsPgMixin(DevopsBuild):
"GRANT " + group_role + " TO " + new_user_name + ";")
print("created user:", new_user_name)
def deactivate_user(self, gopass_path_superuser, to_remove_user_name):
def deactivate_user(self, gopass_path_superuser, to_deactivate_user_name):
superuser_name = gopass_field_from_path(gopass_path_superuser, 'user')
superuser_password = gopass_password_from_path(gopass_path_superuser)
owned_by_wrong_user = self.execute_pg_rds_sql(superuser_name, superuser_password,
"SELECT count(*) FROM pg_class c, pg_user u WHERE c.relowner = u.usesysid " +
"and u.usename='" + to_remove_user_name + "';")
"and u.usename='" + to_deactivate_user_name + "';")
if int(owned_by_wrong_user) > 0:
owned_objects = self.execute_pg_rds_sql(superuser_name, superuser_password,
"SELECT c.relname FROM pg_class c, pg_user u WHERE c.relowner = u.usesysid " +
"and u.usename='" + to_deactivate_user_name + "';")
raise AssertionError(
"There are still objects owned by the user to be deleted.")
"There are still objects owned by the user to be deactivated:", owned_objects,to_deactivate_user_name)
connections = self.execute_pg_rds_sql(superuser_name, superuser_password,
"SELECT count(*) FROM pg_stat_activity WHERE application_name = " +
"'PostgreSQL JDBC Driver' AND usename = '" + to_remove_user_name + "';")
"'PostgreSQL JDBC Driver' AND usename = '" + to_deactivate_user_name + "';")
if int(connections) > 0:
raise AssertionError("User is still connected.")
self.execute_pg_rds_sql(superuser_name, superuser_password,
"ALTER ROLE " + to_remove_user_name + " WITH NOLOGIN NOCREATEROLE;")
print('deactivated user:', to_remove_user_name)
"ALTER ROLE " + to_deactivate_user_name + " WITH NOLOGIN NOCREATEROLE;")
print('deactivated user:', to_deactivate_user_name)
def change_owned_objects(self, gopass_path_superuser, to_deactivate_user_name, owner):
superuser_name = gopass_field_from_path(gopass_path_superuser, 'user')
superuser_password = gopass_password_from_path(gopass_path_superuser)
alter_objects = f"""SELECT 'ALTER TABLE ' || c.relname || ' OWNER TO {owner};'
FROM pg_class c, pg_user u
WHERE c.relowner = u.usesysid
and c.relkind = 'r'
and u.usename='{to_deactivate_user_name}'
UNION
SELECT 'ALTER INDEX ' || c.relname || ' OWNER TO {owner};'
FROM pg_class c, pg_user u
WHERE c.relowner = u.usesysid
and c.relkind = 'i'
and c.relname not like 'pg_toast%'
and u.usename='{to_deactivate_user_name}'
UNION
SELECT 'ALTER SEQUENCE ' || c.relname || ' OWNER TO {owner};'
FROM pg_class c, pg_user u
WHERE c.relowner = u.usesysid
and c.relkind = 'S'
and u.usename='{to_deactivate_user_name}';"""
alter_stmt = self.execute_pg_rds_sql(superuser_name, superuser_password, alter_objects)
alter_stmt.strip()
if (alter_stmt != ''):
print('apply alter statements? \n', alter_stmt)
proceed = input('\n[y/n] \n')
if(proceed == 'y'):
self.execute_pg_rds_sql(superuser_name, superuser_password, alter_stmt)