seira 0.6.6 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/seira/db.rb +12 -2
- data/lib/seira/db/create.rb +3 -6
- data/lib/seira/version.rb +1 -1
- metadata +2 -3
- data/lib/seira/db/alter_proxyuser_roles.rb +0 -42
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 13c209df481a4a1d50f03aab6f2a990bb1bf30fb0253fe1cf21772827af5a07d
|
|
4
|
+
data.tar.gz: caa64cea11c75f486bad0f59d9b7ea07211817b0b087cb74e2ca7531ce2f7bf6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c14f15cf05981d38d85a9064380bbb2de9826b1e1cc7505fed06b9b07ad282c49583e2ecbc054764c717e456bb94f57e7c9c4bef4b777157c667133f335bf23d
|
|
7
|
+
data.tar.gz: a260b2297ee4136d4517be460b569c3f7e7c5b10c29281f81f10d65635e30f0964a050e102ed22b7746692c87ad5b2e26a395c159bf4afe9e45b278a94b90c18
|
data/lib/seira/db.rb
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
require 'securerandom'
|
|
2
2
|
require 'English'
|
|
3
3
|
|
|
4
|
-
require_relative 'db/alter_proxyuser_roles'
|
|
5
4
|
require_relative 'db/write_pgbouncer_yaml'
|
|
6
5
|
require_relative 'db/create'
|
|
7
6
|
|
|
@@ -146,7 +145,18 @@ module Seira
|
|
|
146
145
|
end
|
|
147
146
|
|
|
148
147
|
def run_alter_proxyuser_roles
|
|
149
|
-
|
|
148
|
+
instance_name = nil
|
|
149
|
+
args.each do |arg|
|
|
150
|
+
if arg.start_with? '--instance='
|
|
151
|
+
instance_name = arg.split('=')[1]
|
|
152
|
+
else
|
|
153
|
+
puts "Warning: Unrecognized argument '#{arg}'"
|
|
154
|
+
end
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
command = "ALTER ROLE proxyuser NOCREATEDB NOCREATEROLE;"
|
|
158
|
+
execute_db_command(command, instance_name: instance_name, as_admin: true)
|
|
159
|
+
puts "Removed Create role and Create DB roles from proxyuser"
|
|
150
160
|
end
|
|
151
161
|
|
|
152
162
|
def run_write_pgbouncer_yaml
|
data/lib/seira/db/create.rb
CHANGED
|
@@ -78,9 +78,10 @@ module Seira
|
|
|
78
78
|
|
|
79
79
|
set_secrets
|
|
80
80
|
|
|
81
|
-
alter_proxy_user_roles if replica_for.nil?
|
|
82
|
-
|
|
83
81
|
puts "To use this database, use write-pgbouncer-yaml command and deploy the pgbouncer config file that was created and use the ENV that was set."
|
|
82
|
+
if replica_for.nil?
|
|
83
|
+
puts "After deploying, make sure to run alter-proxyuser-roles for the created instance."
|
|
84
|
+
end
|
|
84
85
|
puts "To make this database the primary, promote it using the CLI and update the DATABASE_URL."
|
|
85
86
|
end
|
|
86
87
|
|
|
@@ -175,10 +176,6 @@ module Seira
|
|
|
175
176
|
end
|
|
176
177
|
end
|
|
177
178
|
|
|
178
|
-
def alter_proxy_user_roles
|
|
179
|
-
Seira::Db::AlterProxyuserRoles.new(app: app, action: action, args: [name, root_password], context: context).run
|
|
180
|
-
end
|
|
181
|
-
|
|
182
179
|
def set_secrets
|
|
183
180
|
env_name = name.tr('-', '_').upcase
|
|
184
181
|
|
data/lib/seira/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: seira
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Scott Ringwelski
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-12-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: highline
|
|
@@ -125,7 +125,6 @@ files:
|
|
|
125
125
|
- lib/seira/commands/kubectl.rb
|
|
126
126
|
- lib/seira/config.rb
|
|
127
127
|
- lib/seira/db.rb
|
|
128
|
-
- lib/seira/db/alter_proxyuser_roles.rb
|
|
129
128
|
- lib/seira/db/create.rb
|
|
130
129
|
- lib/seira/db/write_pgbouncer_yaml.rb
|
|
131
130
|
- lib/seira/jobs.rb
|
|
@@ -1,42 +0,0 @@
|
|
|
1
|
-
module Seira
|
|
2
|
-
class Db
|
|
3
|
-
class AlterProxyuserRoles
|
|
4
|
-
include Seira::Commands
|
|
5
|
-
|
|
6
|
-
attr_reader :name, :root_password
|
|
7
|
-
|
|
8
|
-
def initialize(app:, action:, args:, context:)
|
|
9
|
-
if args.length != 2
|
|
10
|
-
puts 'Specify db name and root password as the positional arguments'
|
|
11
|
-
exit(1)
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
@name = args[0]
|
|
15
|
-
@root_password = args[1]
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
def run
|
|
19
|
-
# Connect to the instance and remove some of the default group memberships and permissions
|
|
20
|
-
# from proxyuser, leaving it with only what it needs to be able to do
|
|
21
|
-
expect_script = <<~BASH
|
|
22
|
-
set timeout 90
|
|
23
|
-
spawn gcloud sql connect #{name}
|
|
24
|
-
expect "Password for user postgres:"
|
|
25
|
-
send "#{root_password}\\r"
|
|
26
|
-
expect "postgres=>"
|
|
27
|
-
send "ALTER ROLE proxyuser NOCREATEDB NOCREATEROLE;\\r"
|
|
28
|
-
expect "postgres=>"
|
|
29
|
-
BASH
|
|
30
|
-
if system("expect <<EOF\n#{expect_script}EOF")
|
|
31
|
-
puts "Successfully removed unnecessary permissions from proxyuser"
|
|
32
|
-
else
|
|
33
|
-
puts "Failed to remove unnecessary permissions from proxyuser."
|
|
34
|
-
puts "You may need to whitelist the correct IP in the gcloud UI."
|
|
35
|
-
puts "You can get the correct IP from https://www.whatismyip.com/"
|
|
36
|
-
puts "Make sure to remove it from the whitelist after successfully running db alter-proxyuser-roles"
|
|
37
|
-
exit(1)
|
|
38
|
-
end
|
|
39
|
-
end
|
|
40
|
-
end
|
|
41
|
-
end
|
|
42
|
-
end
|