potluck-postgres 0.0.5 → 0.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 667d6b357e4b021bba60a415b90f8623d9b72683ed3b5869ce87f2e43e033325
-  data.tar.gz: 656fd69e5541b414c9e67f750daabaf072c94fbf1237042424a3a5848cfedfa8
+  metadata.gz: e2dc9b254c8fd0d0bd4c7fee8d03705c1fe054577addaacf874286bfb32d0a2a
+  data.tar.gz: b995b1b64aa3bca01392fcf874eaf71a7fae58bf0a5d0da54cc1e42269ed0499
 SHA512:
-  metadata.gz: 03b852e0ce06ed33d0c7010779eb5bd6d1804e0151df4814a3ad218a50ffcaa27daebf47e7b7288ac7755c75ef4c11b003a82516f6a383e724dbbcdc4269759c
-  data.tar.gz: c3cfc79e9c846ca36e2da1015871cac23928bca1291bb7ee7c05ec8b459c71c4918bf057f70516da5dec9a6ab6942a4fc9d1428af970ab79bbfb20936039f5d9
+  metadata.gz: 734fc97cfe75c7c0af39b2fb65db31dc6fe7d8355995fd339c7ec3808ffb2ee2f01de2b4852753b8ad45acde92a508126eef475725db2327c2482721c0a3b1d2
+  data.tar.gz: 108749ea87986e3af08ef7f392b381880a5b391f44a3e86c237620c52a60c67bd591c8784d59a27c8b75ac88e3016ebb4987d0bb33054b28d7712312d705f357

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright 2021 Nate Pickens
+Copyright 2021-2022 Nate Pickens
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
 documentation files (the "Software"), to deal in the Software without restriction, including without

data/lib/potluck/postgres.rb

@@ -64,34 +64,45 @@ module Potluck
     # Connects to the configured Postgres database.
     #
     def connect
-      (tries ||= 0) && (tries += 1)
-      @database = Sequel.connect(@config, logger: @logger)
-    rescue Sequel::DatabaseConnectionError => e
-      if (dud = Sequel::DATABASES.last)
-        dud.disconnect
-        Sequel.synchronize { Sequel::DATABASES.delete(dud) }
-      end
+      role_created = false
+      database_created = false
+
+      begin
+        (tries ||= 0) && (tries += 1)
+        @database = Sequel.connect(@config, logger: @logger)
+      rescue Sequel::DatabaseConnectionError => e
+        if (dud = Sequel::DATABASES.last)
+          dud.disconnect
+          Sequel.synchronize { Sequel::DATABASES.delete(dud) }
+        end
 
-      message = e.message.downcase
-
-      if message =~ ROLE_NOT_FOUND_REGEX && tries == 1
-        create_database_role
-        create_database
-        retry
-      elsif message =~ DATABASE_NOT_FOUND_REGEX && tries == 1
-        create_database
-        retry
-      elsif message.include?(STARTING_UP_STRING) && tries < STARTING_UP_TIMEOUT
-        sleep(1)
-        retry
-      elsif message.include?(CONNECTION_REFUSED_STRING) && tries < CONNECTION_REFUSED_TIMEOUT && manage?
-        sleep(1)
-        retry
-      elsif message.include?(CONNECTION_REFUSED_STRING)
-        raise(PostgresError.new(e.message.strip, e))
-      else
-        raise
+        message = e.message.downcase
+
+        if message =~ ROLE_NOT_FOUND_REGEX && !role_created && manage?
+          role_created = true
+          create_role
+          retry
+        elsif message =~ DATABASE_NOT_FOUND_REGEX && !database_created && manage?
+          database_created = true
+          create_database
+          retry
+        elsif message.include?(STARTING_UP_STRING) && tries < STARTING_UP_TIMEOUT
+          sleep(1)
+          retry
+        elsif message.include?(CONNECTION_REFUSED_STRING) && tries < CONNECTION_REFUSED_TIMEOUT
+          sleep(1)
+          retry
+        elsif message.include?(CONNECTION_REFUSED_STRING)
+          raise(PostgresError.new(e.message.strip, e))
+        else
+          raise
+        end
       end
+
+      # Only grant permissions if the database already existed but the role did not. Automatic database
+      # creation (via #create_database) is performed as the configured role, which means explicit permission
+      # granting is not necessary.
+      grant_permissions if role_created && !database_created
     end
 
     ##
@@ -118,7 +129,7 @@ module Potluck
       original_level = @logger.level
       @logger.level = Logger::WARN if @logger.level == Logger::INFO
 
-      args = [Sequel::Model.db, dir, {allow_missing_migration_files: true}]
+      args = [@database, dir, {allow_missing_migration_files: true}]
       migrator = Sequel::TimestampMigrator.new(*args)
 
       return if migrator.files.empty?
@@ -143,26 +154,47 @@ module Potluck
       @logger.level = original_level if original_level
     end
 
+    ##
+    # Content of the launchctl plist file.
+    #
+    def self.plist
+      super(
+        <<~EOS
+          <key>ProgramArguments</key>
+          <array>
+            <string>/usr/local/opt/postgresql/bin/postgres</string>
+            <string>-D</string>
+            <string>/usr/local/var/postgres</string>
+          </array>
+          <key>WorkingDirectory</key>
+          <string>/usr/local</string>
+          <key>StandardOutPath</key>
+          <string>/usr/local/var/log/postgres.log</string>
+          <key>StandardErrorPath</key>
+          <string>/usr/local/var/log/postgres.log</string>
+        EOS
+      )
+    end
+
     private
 
     ##
     # Attempts to connect to the 'postgres' database as the system user with no password and create the
     # configured role. Useful in development.
     #
-    def create_database_role
-      tmp_config = @config.dup
+    def create_role
+      tmp_config = admin_database_config
       tmp_config[:database] = 'postgres'
-      tmp_config[:username] = ENV['USER']
-      tmp_config[:password] = nil
 
       begin
         Sequel.connect(tmp_config, logger: @logger) do |database|
-          database.execute("CREATE ROLE #{@config[:username]} WITH LOGIN CREATEDB REPLICATION PASSWORD "\
-            "'#{@config[:password]}'")
+          database.execute("CREATE ROLE \"#{@config[:username]}\" WITH LOGIN CREATEDB REPLICATION"\
+            "#{" PASSWORD '#{@config[:password]}'" if @config[:password]}")
         end
       rescue => e
-        raise(PostgresError.new("Database role #{@config[:username].inspect} could not be created using "\
-          "system user #{tmp_config[:username].inspect}. Please create the role manually.", e))
+        raise(PostgresError.new("Failed to create database role #{@config[:username].inspect} by "\
+          "connecting to database #{tmp_config[:database].inspect} as role "\
+          "#{tmp_config[:username].inspect}. Please create the role manually.", e))
       end
     end
 
@@ -176,35 +208,45 @@ module Potluck
 
       begin
         Sequel.connect(tmp_config, logger: @logger) do |database|
-          database.execute("CREATE DATABASE #{@config[:database]}")
+          database.execute("CREATE DATABASE \"#{@config[:database]}\"")
         end
       rescue => e
-        raise(PostgresError.new("Database #{@config[:database].inspect} could not be created by "\
-          "connecting to system database #{tmp_config[:database].inspect}. Please create the database "\
-          'manually.', e))
+        raise(PostgresError.new("Failed to create database #{@config[:database].inspect} by connecting to "\
+          "database #{tmp_config[:database].inspect} as role #{tmp_config[:username].inspect}. "\
+          'Please create the database manually.', e))
       end
     end
 
     ##
-    # Content of the launchctl plist file.
+    # Grants appropriate permissions for the configured database role.
     #
-    def self.plist
-      super(
-        <<~EOS
-          <key>ProgramArguments</key>
-          <array>
-            <string>/usr/local/opt/postgresql/bin/postgres</string>
-            <string>-D</string>
-            <string>/usr/local/var/postgres</string>
-          </array>
-          <key>WorkingDirectory</key>
-          <string>/usr/local</string>
-          <key>StandardOutPath</key>
-          <string>/usr/local/var/log/postgres.log</string>
-          <key>StandardErrorPath</key>
-          <string>/usr/local/var/log/postgres.log</string>
-        EOS
-      )
+    def grant_permissions
+      tmp_config = admin_database_config
+
+      begin
+        Sequel.connect(tmp_config, logger: @logger) do |db|
+          db.execute("GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO \"#{@config[:username]}\"")
+          db.execute("GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO \"#{@config[:username]}\"")
+          db.execute("ALTER DEFAULT PRIVILEGES FOR ROLE \"#{@config[:username]}\" IN SCHEMA public GRANT "\
+            "ALL PRIVILEGES ON TABLES TO \"#{@config[:username]}\"")
+        end
+      rescue => e
+        raise(PostgresError.new("Failed to grant database permissions for role "\
+          "#{@config[:username].inspect} by connecting as role #{tmp_config[:username].inspect}. Please "\
+          'grant appropriate permissions manually.', e))
+      end
+    end
+
+    ##
+    # Returns a configuration hash for connecting to Postgres to perform administrative tasks (i.e. role and
+    # database creation). Uses the system user as the username and no password.
+    #
+    def admin_database_config
+      config = @config.dup
+      config[:username] = ENV['USER']
+      config[:password] = nil
+
+      config
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: potluck-postgres
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.6
 platform: ruby
 authors:
 - Nate Pickens
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-31 00:00:00.000000000 Z
+date: 2022-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: potluck
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.0.5
+        version: 0.0.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.0.5
+        version: 0.0.6
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement