seira 0.6.6 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/seira/db.rb +12 -2
- data/lib/seira/db/create.rb +3 -6
- data/lib/seira/version.rb +1 -1
- metadata +2 -3
- data/lib/seira/db/alter_proxyuser_roles.rb +0 -42
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 13c209df481a4a1d50f03aab6f2a990bb1bf30fb0253fe1cf21772827af5a07d
|
4
|
+
data.tar.gz: caa64cea11c75f486bad0f59d9b7ea07211817b0b087cb74e2ca7531ce2f7bf6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c14f15cf05981d38d85a9064380bbb2de9826b1e1cc7505fed06b9b07ad282c49583e2ecbc054764c717e456bb94f57e7c9c4bef4b777157c667133f335bf23d
|
7
|
+
data.tar.gz: a260b2297ee4136d4517be460b569c3f7e7c5b10c29281f81f10d65635e30f0964a050e102ed22b7746692c87ad5b2e26a395c159bf4afe9e45b278a94b90c18
|
data/lib/seira/db.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
require 'securerandom'
|
2
2
|
require 'English'
|
3
3
|
|
4
|
-
require_relative 'db/alter_proxyuser_roles'
|
5
4
|
require_relative 'db/write_pgbouncer_yaml'
|
6
5
|
require_relative 'db/create'
|
7
6
|
|
@@ -146,7 +145,18 @@ module Seira
|
|
146
145
|
end
|
147
146
|
|
148
147
|
def run_alter_proxyuser_roles
|
149
|
-
|
148
|
+
instance_name = nil
|
149
|
+
args.each do |arg|
|
150
|
+
if arg.start_with? '--instance='
|
151
|
+
instance_name = arg.split('=')[1]
|
152
|
+
else
|
153
|
+
puts "Warning: Unrecognized argument '#{arg}'"
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
command = "ALTER ROLE proxyuser NOCREATEDB NOCREATEROLE;"
|
158
|
+
execute_db_command(command, instance_name: instance_name, as_admin: true)
|
159
|
+
puts "Removed Create role and Create DB roles from proxyuser"
|
150
160
|
end
|
151
161
|
|
152
162
|
def run_write_pgbouncer_yaml
|
data/lib/seira/db/create.rb
CHANGED
@@ -78,9 +78,10 @@ module Seira
|
|
78
78
|
|
79
79
|
set_secrets
|
80
80
|
|
81
|
-
alter_proxy_user_roles if replica_for.nil?
|
82
|
-
|
83
81
|
puts "To use this database, use write-pgbouncer-yaml command and deploy the pgbouncer config file that was created and use the ENV that was set."
|
82
|
+
if replica_for.nil?
|
83
|
+
puts "After deploying, make sure to run alter-proxyuser-roles for the created instance."
|
84
|
+
end
|
84
85
|
puts "To make this database the primary, promote it using the CLI and update the DATABASE_URL."
|
85
86
|
end
|
86
87
|
|
@@ -175,10 +176,6 @@ module Seira
|
|
175
176
|
end
|
176
177
|
end
|
177
178
|
|
178
|
-
def alter_proxy_user_roles
|
179
|
-
Seira::Db::AlterProxyuserRoles.new(app: app, action: action, args: [name, root_password], context: context).run
|
180
|
-
end
|
181
|
-
|
182
179
|
def set_secrets
|
183
180
|
env_name = name.tr('-', '_').upcase
|
184
181
|
|
data/lib/seira/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: seira
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Scott Ringwelski
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-12-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: highline
|
@@ -125,7 +125,6 @@ files:
|
|
125
125
|
- lib/seira/commands/kubectl.rb
|
126
126
|
- lib/seira/config.rb
|
127
127
|
- lib/seira/db.rb
|
128
|
-
- lib/seira/db/alter_proxyuser_roles.rb
|
129
128
|
- lib/seira/db/create.rb
|
130
129
|
- lib/seira/db/write_pgbouncer_yaml.rb
|
131
130
|
- lib/seira/jobs.rb
|
@@ -1,42 +0,0 @@
|
|
1
|
-
module Seira
|
2
|
-
class Db
|
3
|
-
class AlterProxyuserRoles
|
4
|
-
include Seira::Commands
|
5
|
-
|
6
|
-
attr_reader :name, :root_password
|
7
|
-
|
8
|
-
def initialize(app:, action:, args:, context:)
|
9
|
-
if args.length != 2
|
10
|
-
puts 'Specify db name and root password as the positional arguments'
|
11
|
-
exit(1)
|
12
|
-
end
|
13
|
-
|
14
|
-
@name = args[0]
|
15
|
-
@root_password = args[1]
|
16
|
-
end
|
17
|
-
|
18
|
-
def run
|
19
|
-
# Connect to the instance and remove some of the default group memberships and permissions
|
20
|
-
# from proxyuser, leaving it with only what it needs to be able to do
|
21
|
-
expect_script = <<~BASH
|
22
|
-
set timeout 90
|
23
|
-
spawn gcloud sql connect #{name}
|
24
|
-
expect "Password for user postgres:"
|
25
|
-
send "#{root_password}\\r"
|
26
|
-
expect "postgres=>"
|
27
|
-
send "ALTER ROLE proxyuser NOCREATEDB NOCREATEROLE;\\r"
|
28
|
-
expect "postgres=>"
|
29
|
-
BASH
|
30
|
-
if system("expect <<EOF\n#{expect_script}EOF")
|
31
|
-
puts "Successfully removed unnecessary permissions from proxyuser"
|
32
|
-
else
|
33
|
-
puts "Failed to remove unnecessary permissions from proxyuser."
|
34
|
-
puts "You may need to whitelist the correct IP in the gcloud UI."
|
35
|
-
puts "You can get the correct IP from https://www.whatismyip.com/"
|
36
|
-
puts "Make sure to remove it from the whitelist after successfully running db alter-proxyuser-roles"
|
37
|
-
exit(1)
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|