lcdp-postgres-utils 1.0.4.dev36__tar.gz → 1.5.8__tar.gz

{lcdp_postgres_utils-1.0.4.dev36 → lcdp_postgres_utils-1.5.8}/PKG-INFO

@@ -1,14 +1,17 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: lcdp-postgres-utils
-Version: 1.0.4.dev36
+Version: 1.5.8
 Summary: Postgres Utils to create users, databases, functions, ...
 Author: Le Comptoir Des Pharmacies
 Author-email: webmaster@lecomptoirdespharmacies.fr
-Requires-Python: >=3.8,<4.0
+Requires-Python: >=3.8
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Requires-Dist: boto3 (>=1.26.55,<2.0.0)
 Requires-Dist: pg8000 (>=1.29.4,<2.0.0)

{lcdp_postgres_utils-1.0.4.dev36 → lcdp_postgres_utils-1.5.8}/lcdp_postgres_utils/executor_factory.py

@@ -5,7 +5,7 @@ class ExecutorFactory:
     def __init__(self, engine_version="13"):
         self.engine_version = engine_version.split('.')[0]
 
-    def build(self, database_name, endpoint, user_name, db_password, decrypt_func):
+    def build(self, database_name, endpoint, user_name, db_password, decrypt_func=None):
         try:
             klass = globals()["Executor{0}".format(self.engine_version)]
             return klass(database_name, endpoint, user_name, db_password, decrypt_func)

{lcdp_postgres_utils-1.0.4.dev36 → lcdp_postgres_utils-1.5.8}/lcdp_postgres_utils/executors/__init__.py

@@ -1,2 +1,3 @@
 from .executor13 import Executor13
 from .executor14 import Executor14
+from .executor16 import Executor16

{lcdp_postgres_utils-1.0.4.dev36 → lcdp_postgres_utils-1.5.8}/lcdp_postgres_utils/executors/executor13.py

@@ -3,11 +3,15 @@ from ..utils import get_connection
 
 # Executor for postgres 13
 class Executor13:
-    dbz_publication_name = "dbz_publication"
+    dbz_publication_prefix = "dbz"
     dbz_signal_tablename = "debezium_signal"
+    dbz_heartbeat_tablename = "debezium_heartbeat"
+
+    ROLE_READ_ONLY = "role_read_only"
 
     def __init__(self, database_name,  endpoint, user_name, db_password, decrypt_func):
         self.database_name = database_name
+        self.connected_user_name = user_name
         self.__connection = get_connection(database_name, endpoint, user_name, db_password, decrypt_func)
         self.cursor = self.__connection.cursor()
         self.logs = []
@@ -32,9 +36,19 @@ class Executor13:
         type varchar(32) NOT NULL,
         data varchar(2048)
       );
-      GRANT SELECT, INSERT, UPDATE, DELETE, TRUNCATE ON \"{1}\" TO \"{2}\";
+      GRANT SELECT, INSERT, UPDATE, DELETE, TRUNCATE ON \"{0}\" TO \"{1}\";
     """.format(Executor13.dbz_signal_tablename,
-               Executor13.dbz_signal_tablename,
+               cdc_user_name)
+
+    def __create_debezium_heartbeat_table_sql(self, cdc_user_name):
+        return """
+      CREATE TABLE \"{0}\" (
+        id  uuid DEFAULT gen_random_uuid() CONSTRAINT debezium_heartbeat_pk PRIMARY KEY,
+        last_update timestamp not null
+      );
+      INSERT INTO \"{0}\" (last_update) VALUES (now());
+      GRANT SELECT, INSERT, UPDATE, DELETE, TRUNCATE ON \"{0}\" TO \"{1}\";
+    """.format(Executor13.dbz_heartbeat_tablename,
                cdc_user_name)
 
     def __create_immutable_unaccent_function(self):
@@ -42,7 +56,7 @@ class Executor13:
       CREATE OR REPLACE FUNCTION immutable_unaccent(text)
         RETURNS text AS
       $func$
-        SELECT unaccent('unaccent', $1)
+        SELECT public.unaccent($1)
       $func$  LANGUAGE sql IMMUTABLE PARALLEL SAFE STRICT;
     """
 
@@ -108,18 +122,54 @@ class Executor13:
     def __create_pg_trgm_extension(self):
         return "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
 
+    def __create_hstore_extension(self):
+        return "CREATE EXTENSION IF NOT EXISTS hstore;"
+
+    def __create_role_sql(self, role):
+        return "CREATE ROLE \"{0}\";".format(role)
+
     def __create_publication(self, value):
         return "CREATE PUBLICATION \"{0}\" FOR ALL TABLES;".format(value)
 
     def __create_schema(self, schema_name):
         return "CREATE SCHEMA IF NOT EXISTS \"{0}\";".format(schema_name)
 
+    def __grant_create(self):
+        return "GRANT CREATE ON DATABASE \"{0}\" TO \"{1}\";".format(self.database_name, self.connected_user_name)
+
     def __create_user_sql(self, user_name, user_password):
         return "CREATE USER \"{0}\" WITH PASSWORD '{1}';".format(user_name, user_password)
 
     def __alter_database_owner_sql(self, database_name, user_name):
         return "ALTER DATABASE \"{0}\" OWNER TO \"{1}\";".format(database_name, user_name)
 
+    def __alter_grant_read_only_sql(self, role):
+        return """
+    ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO \"{0}\";
+    ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON SEQUENCES TO \"{0}\";
+    """.format(role)
+
+    def __grant_select_read_only_sql(self, reader):
+        return """
+    GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{0}\";
+    GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO \"{0}\";
+    """.format(reader)
+
+    def __grant_select_on_table(self, user_name, table_name):
+        return """
+            GRANT SELECT ON TABLE \"{1}\" TO \"{0}\";
+        """.format(user_name, table_name)
+
+    def __grant_write_on_table(self, user_name, table_name):
+        return """
+            GRANT INSERT, UPDATE, DELETE ON TABLE \"{1}\" TO \"{0}\";
+        """.format(user_name, table_name)
+
+    def __grant_usage_on_all_sequences(self, user_name):
+        return """
+            GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO \"{0}\";
+        """.format(user_name)
+
     def __alter_database_work_mem_sql(self, value):
         return "ALTER DATABASE \"{0}\" SET work_mem TO \"{1}\";".format(self.database_name, value)
 
@@ -127,24 +177,18 @@ class Executor13:
         return """
     GRANT CONNECT ON DATABASE \"{2}\" TO \"{1}\";
     GRANT USAGE ON SCHEMA \"{0}\" TO \"{1}\";
-    GRANT SELECT ON ALL TABLES IN SCHEMA  \"{0}\" TO \"{1}\";
-    GRANT SELECT ON ALL SEQUENCES IN SCHEMA  \"{0}\" TO \"{1}\";
-    ALTER DEFAULT PRIVILEGES IN SCHEMA \"{0}\" GRANT SELECT ON TABLES TO \"{1}\";
-    ALTER DEFAULT PRIVILEGES IN SCHEMA \"{0}\" GRANT SELECT ON SEQUENCES TO \"{1}\";
     """.format(schema_name, user_name, self.database_name)
 
     def __grant_create_table(self, user_name):
         return f"GRANT CREATE, TEMPORARY ON DATABASE \"{self.database_name}\" TO \"{user_name}\";"
 
-    def __grant_replication_user_sql(self, user_name):
-        return "GRANT rds_replication TO \"{0}\";".format(user_name)
-
-    def __grant_superuser_user_sql(self, user_name):
-        return "GRANT rds_superuser TO \"{0}\";".format(user_name)
+    def __grant_role_to_user_sql(self, role, user_name):
+        return "GRANT \"{0}\" TO \"{1}\";".format(role, user_name)
 
     def __grant_schema_all_access(self, user_name, schema_name):
         return """
     GRANT CONNECT ON DATABASE \"{2}\" TO \"{1}\";
+    GRANT CREATE ON DATABASE \"{2}\" TO \"{1}\";
     GRANT USAGE ON SCHEMA \"{0}\" TO \"{1}\";
     GRANT ALL ON ALL TABLES IN SCHEMA \"{0}\" TO \"{1}\";
     GRANT ALL ON ALL SEQUENCES IN SCHEMA  \"{0}\" TO \"{1}\";
@@ -152,36 +196,51 @@ class Executor13:
     ALTER DEFAULT PRIVILEGES IN SCHEMA \"{0}\" GRANT ALL ON SEQUENCES TO \"{1}\";
     """.format(schema_name, user_name, self.database_name)
 
+    def __check_role_sql(self, role):
+        return "select * from pg_roles where rolname = '{0}';".format(role)
+
     def __check_user_sql(self, user_name):
         return "select * from pg_user where usename = '{0}';".format(user_name)
 
     def __check_database_sql(self, database_name):
         return "select * from pg_database where datname = '{0}';".format(database_name)
 
+    def __check_replication_slot_sql(self, slot_name):
+        return "select * from pg_replication_slots where slot_name = '{0}';".format(slot_name)
+
     def __check_table_sql(self, value):
         return "select * from pg_tables where tablename = '{0}';".format(value)
 
     def __check_debezium_signal_table_sql(self):
         return self.__check_table_sql(Executor13.dbz_signal_tablename)
 
+    def __check_debezium_heartbeat_table_sql(self):
+        return self.__check_table_sql(Executor13.dbz_heartbeat_tablename)
+
     def __check_database_unaccent_extension(self):
         return "select * from pg_extension where extname = 'unaccent';"
 
     def __check_database_pg_trgm_extension(self):
         return "select * from pg_extension where extname = 'pg_trgm';"
 
+    def __check_database_hstore_extension(self):
+        return "select * from pg_extension where extname = 'hstore';"
+
     def __check_publication_sql(self, value):
         return "select * from pg_publication where pubname = '{0}';".format(value)
 
     # ~~~~~ Log action ~~~~~ #
+    def __log_create_role(self, role):
+        return "Creation du role : {0} \n".format(role)
+
     def __log_create_user(self, user_name):
         return "Creation de l'utilisateur : {0} \n".format(user_name)
 
     def __log_create_database(self, database_name):
         return "Creation de la base de donnees : {0} \n".format(database_name)
 
-    def __log_create_debezium_signal_table(self):
-        return "Creation de la table {0} pour la base de donnees : {1} \n".format(Executor13.dbz_signal_tablename, self.database_name)
+    def __log_create_table(self, tablename):
+        return "Creation de la table {0} pour la base de donnees : {1} \n".format(tablename, self.database_name)
 
     def __log_create_unaccent_extension(self):
         return "Creation de l'extension unaccent pour la base de donnees : {0} \n".format(self.database_name)
@@ -201,6 +260,9 @@ class Executor13:
     def __log_create_pg_trgm_extension(self):
         return "Creation de l'extension pg_trgm pour la base de donnees : {0} \n".format(self.database_name)
 
+    def __log_create_hstore_extension(self):
+        return "Creation de l'extension hstore pour la base de donnees : {0} \n".format(self.database_name)
+
     def __log_create_publication(self, value):
         return "Creation de la publication {0} pour la base de donnees : {1} \n".format(value, self.database_name)
 
@@ -211,6 +273,26 @@ class Executor13:
         return "L'utilisateur {0} est proprietaire de la base {1} \n" \
             .format(user_name, database_name)
 
+    def __log_alter_database_read_to_role(self, role_owner, role_reader):
+        return "Le role {0} rend sa base accessible en lecture au role {1} \n" \
+            .format(role_owner, role_reader)
+
+    def __log_alter_grant_read_only(self, reader):
+        return "La base {0} est accessible en lecture pour role {1} \n" \
+            .format(self.database_name, reader)
+
+    def __log_grant_select_on_table(self, user_name, table_name):
+        return "L'utilisateur {0} a herite des droits select sur la table {1} \n".format(user_name, table_name)
+
+    def __log_grant_write_on_table(self, user_name, table_name):
+        return "L'utilisateur {0} a herite des droits insert, update, delete sur la table {1} \n".format(user_name, table_name)
+
+    def __log_grant_usage_on_all_sequences(self, user_name):
+        return "L'utilisateur {0} a herite des droits usage sur le schema public \n".format(user_name)
+
+    def __log_grant_select_read_only(self, reader):
+        return "{0} a herite des droits read only \n".format(reader)
+
     def __log_grant_schema_read_only_user(self, user_name, schema_name):
         return "L'utilisateur {0} a herite des droits read only sur le schema {1} \n".format(user_name, schema_name)
 
@@ -218,6 +300,9 @@ class Executor13:
         return "L'utilisateur {0} a herite des droits de creation de base de table sur la base de données {1} \n"\
             .format(user_name, self.database_name)
 
+    def __log_grant_role_to_user(self, role, user_name):
+        return "L'utilisateur {0} a herite du role {1} \n".format(user_name, role)
+
     def __log_grant_replication_user(self, user_name):
         return "L'utilisateur {0} a herite des droits replication \n".format(user_name)
 
@@ -235,6 +320,11 @@ class Executor13:
         self.cursor.execute(query)
         return self.cursor.fetchone()
 
+    def __execute_create_role(self, role):
+        if not self.__execute_select_query(self.__check_role_sql(role)):
+            self.cursor.execute(self.__create_role_sql(role))
+            return self.__log_create_role(role)
+
     def __execute_create_user(self, user_name, user_password):
         if not self.__execute_select_query(self.__check_user_sql(user_name)):
             self.cursor.execute(self.__create_user_sql(user_name, user_password))
@@ -271,20 +361,51 @@ class Executor13:
             self.cursor.execute(self.__create_pg_trgm_extension())
             return self.__log_create_pg_trgm_extension()
 
-    def __execute_create_publication(self, value):
-        if not self.__execute_select_query(self.__check_publication_sql(value)):
-            self.cursor.execute(self.__create_publication(value))
-            return self.__log_create_publication(value)
+    def __execute_create_hstore_extension(self):
+        if not self.__execute_select_query(self.__check_database_hstore_extension()):
+            self.cursor.execute(self.__create_hstore_extension())
+            return self.__log_create_hstore_extension()
+
+    def __execute_create_publication(self, prefix):
+        publication_name = '{0}_{1}'.format(prefix, 'publication')
+        if not self.__execute_select_query(self.__check_publication_sql(publication_name)):
+            self.cursor.execute(self.__create_publication(publication_name))
+            return self.__log_create_publication(publication_name)
 
     def __execute_create_debezium_signal_table(self, cdc_user_name):
         if not self.__execute_select_query(self.__check_debezium_signal_table_sql()):
             self.cursor.execute(self.__create_debezium_signal_table_sql(cdc_user_name))
-            return self.__log_create_debezium_signal_table()
+            return self.__log_create_table(Executor13.dbz_signal_tablename)
+
+    def __execute_create_debezium_heartbeat_table(self, cdc_user_name):
+        if not self.__execute_select_query(self.__check_debezium_heartbeat_table_sql()):
+            self.cursor.execute(self.__create_debezium_heartbeat_table_sql(cdc_user_name))
+            return self.__log_create_table(Executor13.dbz_heartbeat_tablename)
 
     def __alter_database_owner(self, database_name, user_name):
         self.cursor.execute(self.__alter_database_owner_sql(database_name, user_name))
         return self.__log_alter_database_owner(database_name, user_name)
 
+    def __alter_grant_read_only(self, reader):
+        self.cursor.execute(self.__alter_grant_read_only_sql(reader))
+        return self.__log_alter_grant_read_only(reader)
+
+    def __execute_grant_read_on_table(self, user_name, table_name):
+        self.cursor.execute(self.__grant_select_on_table(user_name, table_name))
+        return self.__log_grant_select_on_table(user_name, table_name)
+
+    def __execute_grant_write_on_table(self, user_name, table_name):
+        self.cursor.execute(self.__grant_write_on_table(user_name, table_name))
+        return self.__log_grant_write_on_table(user_name, table_name)
+
+    def __execute_grant_usage_on_all_sequences(self, user_name):
+        self.cursor.execute(self.__grant_usage_on_all_sequences(user_name))
+        return self.__log_grant_usage_on_all_sequences(user_name)
+
+    def __grant_select_read_only(self, reader):
+        self.cursor.execute(self.__grant_select_read_only_sql(reader))
+        return self.__log_grant_select_read_only(reader)
+
     def __alter_database_work_mem(self, value):
         self.cursor.execute(self.__alter_database_work_mem_sql(value))
         return self.__log_alter_database_work_mem()
@@ -297,15 +418,20 @@ class Executor13:
         self.cursor.execute(self.__grant_create_table(user_name))
         return self.__log_grant_create_table(user_name)
 
+    def __execute_grant_read_only(self, user_name):
+        self.cursor.execute(self.__grant_role_to_user_sql(Executor13.ROLE_READ_ONLY, user_name))
+        return self.__log_grant_role_to_user(Executor13.ROLE_READ_ONLY, user_name)
+
     def __execute_grant_replication(self, user_name):
-        self.cursor.execute(self.__grant_replication_user_sql(user_name))
+        self.cursor.execute(self.__grant_role_to_user_sql("rds_replication", user_name))
         return self.__log_grant_replication_user(user_name)
 
     def __execute_grant_superuser(self, user_name):
-        self.cursor.execute(self.__grant_superuser_user_sql(user_name))
+        self.cursor.execute(self.__grant_role_to_user_sql("rds_superuser", user_name))
         return self.__log_grant_superuser_user(user_name)
 
     def __execute_create_schema(self, schema_name):
+        self.cursor.execute(self.__grant_create())
         self.cursor.execute(self.__create_schema(schema_name))
         return self.__log_create_schema(schema_name)
 
@@ -317,8 +443,25 @@ class Executor13:
     def create_service(self, database_name, user_name, user_password):
         log_user = self.__execute_create_user(user_name, user_password)
         log_database = self.__execute_create_database(database_name)
-        log_alter = self.__alter_database_owner(database_name, user_name)
-        self.logs.extend(list(filter(None, [log_user, log_database, log_alter])))
+        log_alter_owner = self.__alter_database_owner(database_name, user_name)
+        self.logs.extend(list(filter(None, [log_user, log_database, log_alter_owner])))
+
+    def create_role(self, role):
+        log = self.__execute_create_role(role)
+        self.logs.extend(list(filter(None, [log])))
+
+    def create_read_only_role(self):
+        log = self.__execute_create_role(Executor13.ROLE_READ_ONLY)
+        self.logs.extend(list(filter(None, [log])))
+
+    # Grant read capabilities to objects of the database for read only role
+    # If 'existing' = True then will give the read access to already existing objects
+    def grant_read_only_capabilities(self, existing=False):
+        log_alter_read = self.__alter_grant_read_only(Executor13.ROLE_READ_ONLY)
+        log_grant_read = None
+        if existing:
+            log_grant_read = self.__grant_select_read_only(Executor13.ROLE_READ_ONLY)
+        self.logs.extend(list(filter(None, [log_alter_read, log_grant_read])))
 
     def create_unaccent_extension(self):
         log_unaccent_extension = self.__execute_create_unaccent_extension()
@@ -344,6 +487,10 @@ class Executor13:
         log_pg_trgm_extension = self.__execute_create_pg_trgm_extension()
         self.logs.extend(list(filter(None, [log_pg_trgm_extension])))
 
+    def create_hstore_extension(self):
+        log_hstore_extension = self.__execute_create_hstore_extension()
+        self.logs.extend(list(filter(None, [log_hstore_extension])))
+
     def create_user(self, user_name, user_password):
         log_user = self.__execute_create_user(user_name, user_password)
         self.logs.extend(list(filter(None, [log_user])))
@@ -351,7 +498,39 @@ class Executor13:
     def create_cdc_user(self, user_name, user_password):
         log_user = self.__execute_create_user(user_name, user_password)
         log_grant_replication = self.__execute_grant_replication(user_name)
-        self.logs.extend(list(filter(None, [log_user, log_grant_replication])))
+        log_grant_read_only = self.__execute_grant_read_only(user_name)
+        self.logs.extend(list(filter(None, [log_user, log_grant_replication, log_grant_read_only])))
+
+    def create_etl_user(self, user_name, user_password):
+        log_user = self.__execute_create_user(user_name, user_password)
+        log_grant_replication = self.__execute_grant_replication(user_name)
+        log_grant_read_only = self.__execute_grant_read_only(user_name)
+        self.logs.extend(list(filter(None, [log_user, log_grant_replication, log_grant_read_only])))
+
+    def create_read_only_user(self, user_name, user_password):
+        log_user = self.__execute_create_user(user_name, user_password)
+        log_grant_read_only = self.__execute_grant_read_only(user_name)
+        self.logs.extend(list(filter(None, [log_user, log_grant_read_only])))
+
+    def create_restricted_user(self, user_name, user_password):
+        log_user = self.__execute_create_user(user_name, user_password)
+        self.logs.extend(list(filter(None, [log_user])))
+
+    # permissions = { <table_name:string>: <'r' | 'w' | 'rw'> }
+    # permissions = { 'product': 'r', 'order': 'w', 'message': 'rw' }
+    def setup_restricted_user(self, user_name, permissions):
+        logs = []
+        for table_name, rights in permissions.items():
+            if self.__execute_select_query(self.__check_table_sql(table_name)) is not None:
+                if 'r' in rights:
+                    logs.append(self.__execute_grant_read_on_table(user_name, table_name))
+                if 'w' in rights:
+                    logs.append(self.__execute_grant_write_on_table(user_name, table_name))
+        if any('w' in value for value in permissions.values()):
+            # Because we will not enumerate permissions for every sequence,
+            # if user has write access, allow usage on all sequences
+            logs.append(self.__execute_grant_usage_on_all_sequences(user_name))
+        self.logs.extend(list(filter(None, logs)))
 
     def create_schema(self, schema_name):
         log_create_schema = self.__execute_create_schema(schema_name)
@@ -367,9 +546,29 @@ class Executor13:
 
     def setup_cdc(self, cdc_user_name):
         log_grant_read_only = self.__execute_grant_schema_read_only(cdc_user_name, "public")
-        log_publication = self.__execute_create_publication(Executor13.dbz_publication_name)
+        log_publication = self.__execute_create_publication(Executor13.dbz_publication_prefix)
         log_debezium_signal_table = self.__execute_create_debezium_signal_table(cdc_user_name)
-        self.logs.extend(list(filter(None, [log_grant_read_only, log_publication, log_debezium_signal_table])))
+        log_debezium_heartbeat_table = self.__execute_create_debezium_heartbeat_table(cdc_user_name)
+        self.logs.extend(list(filter(None, [log_grant_read_only, log_publication, log_debezium_signal_table, log_debezium_heartbeat_table])))
+
+    def setup_stitch(self):
+        log_create_replication_slot = self.__execute_create_database_replication_slot('stitch', slot_type='wal2json')
+        self.logs.extend(list(filter(None, [log_create_replication_slot])))
+
+    def setup_airbyte(self):
+        log_create_publication = self.__execute_create_publication('airbyte')
+        log_create_replication_slot = self.__execute_create_database_replication_slot('airbyte', slot_type='pgoutput')
+        self.logs.extend(list(filter(None, [log_create_publication, log_create_replication_slot])))
+
+    def setup_fivetran(self):
+        log_create_publication = self.__execute_create_publication('fivetran')
+        log_create_replication_slot = self.__execute_create_database_replication_slot('fivetran', slot_type='pgoutput')
+        log_grant_replication = self.__execute_grant_replication('user-fivetran')
+        self.logs.extend(list(filter(None, [log_create_publication, log_create_replication_slot, log_grant_replication])))
+
+    def setup_etl(self, etl_user_name):
+        log_grant_read_only = self.__execute_grant_schema_read_only(etl_user_name, "public")
+        self.logs.extend(list(filter(None, [log_grant_read_only])))
 
     def setup_schema_write_user(self, user_name, schema_name):
         log_grant_access = self.__execute_grant_schema_all_access(user_name, schema_name)
@@ -382,3 +581,70 @@ class Executor13:
     def setup_etl_user(self, user_name):
         log_grant_create_table = self.__execute_grant_create_table(user_name)
         self.logs.extend(list(filter(None, [log_grant_create_table])))
+
+
+    def create_database_publication(self, prefix):
+        log_create_publication = self.__execute_create_publication(prefix)
+        self.logs.extend(list(filter(None, [log_create_publication])))
+
+    def create_database_replication_slot(self, prefix, slot_type='pgoutput'):
+        log_create_slot = self.__execute_create_database_replication_slot(prefix, slot_type)
+        self.logs.extend(list(filter(None, [log_create_slot])))
+
+    def __execute_create_database_replication_slot(self, prefix, slot_type):
+        slot_name = '{0}_{1}'.format(prefix, self.database_name)
+        if not self.__execute_select_query(self.__check_replication_slot_sql(slot_name)):
+            self.cursor.execute(self.__create_database_replication_slot(slot_name, slot_type))
+            return self.__log_create_database_replication_slot(slot_name, slot_type)
+
+    def __create_database_replication_slot(self, slot_name, slot_type):
+        return "SELECT * FROM pg_create_logical_replication_slot('{0}', '{1}');"\
+                .format(slot_name, slot_type)
+
+    def __log_create_database_replication_slot(self, slot_name, slot_type):
+        return "Creation du slot de replication logique {0} {1} \n".format(slot_type, slot_name)
+
+    def change_schema_owner(self, schema_name, user_name):
+        log_change_schema_owner = self._change_schema_owner(schema_name, user_name)
+        self.logs.extend(list(filter(None, [log_change_schema_owner])))
+
+    def _change_schema_owner(self, schema_name, user_name):
+        self.cursor.execute("ALTER SCHEMA \"{0}\" OWNER TO \"{1}\"".format(schema_name, user_name))
+        return "Set db {0} schema owner: {1} ".format(schema_name, user_name)
+
+    def setup_datadog(self, datadog_user_name):
+        log_grant_datadog = self._setup_datadog(datadog_user_name)
+        self.logs.extend(list(filter(None, [log_grant_datadog])))
+
+    def _setup_datadog(self, datadog_user_name):
+        self.cursor.execute(
+            """
+            CREATE SCHEMA IF NOT EXISTS datadog;
+            GRANT USAGE ON SCHEMA public TO \"{0}\";
+            GRANT USAGE ON SCHEMA datadog TO \"{0}\";
+            GRANT pg_monitor TO \"{0}\";
+            CREATE EXTENSION IF NOT EXISTS pg_stat_statements schema public;
+
+            CREATE OR REPLACE FUNCTION datadog.explain_statement(
+               l_query TEXT,
+               OUT explain JSON
+            )
+            RETURNS SETOF JSON AS
+            $$
+            DECLARE
+            curs REFCURSOR;
+            plan JSON;
+
+            BEGIN
+               OPEN curs FOR EXECUTE pg_catalog.concat('EXPLAIN (FORMAT JSON) ', l_query);
+               FETCH curs INTO plan;
+               CLOSE curs;
+               RETURN QUERY SELECT plan;
+            END;
+            $$
+            LANGUAGE 'plpgsql'
+            RETURNS NULL ON NULL INPUT
+            SECURITY DEFINER;
+            """.format(datadog_user_name)
+        )
+        return "Setup datadog Database monitoring"

{lcdp_postgres_utils-1.0.4.dev36 → lcdp_postgres_utils-1.5.8}/lcdp_postgres_utils/executors/executor14.py

@@ -9,14 +9,29 @@ class Executor14(Executor13):
     def __grant_read_only_roles(self, user_name):
         return "GRANT pg_read_all_data TO \"{0}\";".format(user_name)
 
+    def __grant_write_all_data_role(self, user_name):
+        return f"GRANT pg_write_all_data TO \"{user_name}\";"
+
     def __log_grant_read_only_roles(self, user_name):
         return "L'utilisateur {0} a herite des droits read only sur toutes les tables, vues et sequences \n"\
             .format(user_name)
 
+    def __log_grant_write_all_data_role(self, user_name):
+        return "L'utilisateur {0} a herite des droits d'écriture sur toutes les tables, vues et sequences \n"\
+            .format(user_name)
+
     def __execute_grant_read_only_roles(self, user_name):
         self.cursor.execute(self.__grant_read_only_roles(user_name))
         return self.__log_grant_read_only_roles(user_name)
 
+    def __execute_grant_write_all_data_role(self, user_name):
+        self.cursor.execute(self.__grant_write_all_data_role(user_name))
+        return self.__log_grant_write_all_data_role(user_name)
+
+    def grant_write_all_data_role(self, user_name):
+        log = self.__execute_grant_write_all_data_role(user_name)
+        self.logs.extend(list(filter(None, [log])))
+
     def setup_hawking(self, hawking_user_name):
         log_grant_read_only = self.__execute_grant_read_only_roles(hawking_user_name)
         self.logs.extend(list(filter(None, [log_grant_read_only])))

lcdp_postgres_utils-1.5.8/lcdp_postgres_utils/executors/executor16.py

@@ -0,0 +1,7 @@
+from .executor14 import Executor14
+
+
+# Executor for postgres 16
+class Executor16(Executor14):
+    def __init__(self, database_name,  endpoint, user_name, db_password, decrypt_func):
+        super().__init__(database_name, endpoint, user_name, db_password, decrypt_func)

lcdp_postgres_utils-1.5.8/lcdp_postgres_utils/restricted_user.py

@@ -0,0 +1,16 @@
+from .user import User
+
+class RestrictedUser(User):
+    database = None
+    permissions = {}
+
+    def __init__(self, credentials, decrypt_func=None):
+        super().__init__(credentials, decrypt_func)
+        self.database = credentials['database']
+        self.permissions = credentials['permissions']
+
+    def get_database(self):
+        return self.database
+
+    def get_permissions(self):
+        return self.permissions

{lcdp_postgres_utils-1.0.4.dev36 → lcdp_postgres_utils-1.5.8}/lcdp_postgres_utils/user.py

@@ -2,7 +2,7 @@ class User:
     name = None
     password = None
 
-    def __init__(self, credentials, decrypt_func):
+    def __init__(self, credentials, decrypt_func=None):
         self.name = credentials['user_name']
         self.password = decrypt_func(credentials["user_password"]) if decrypt_func else credentials["user_password"]
 

{lcdp_postgres_utils-1.0.4.dev36 → lcdp_postgres_utils-1.5.8}/pyproject.toml

@@ -1,24 +1,24 @@
 [tool.poetry]
 name = "lcdp-postgres-utils"
 # https://github.com/python-poetry/poetry/issues/1208
-version = "1.0.4.dev36"
+version = "1.5.8"
 description = "Postgres Utils to create users, databases, functions, ..."
 authors = ["Le Comptoir Des Pharmacies <webmaster@lecomptoirdespharmacies.fr>"]
 
 [tool.poetry-dynamic-versioning]
 enable = false
 vcs = "git"
-style = "pep440"
-format-jinja = "{% if distance == 0 %}{{ base }}{% else %}{{ base }}.dev{{ distance }}{% endif %}"
-bump = true
+
+[tool.poetry.requires-plugins]
+poetry-dynamic-versioning = { version = ">=1.0.0,<2.0.0", extras = ["plugin"] }
 
 [tool.poetry.dependencies]
-python = "^3.8"
+python = ">=3.8"
 boto3 = "^1.26.55"
 pg8000 = "^1.29.4"
 
 [tool.poetry.dev-dependencies]
 
 [build-system]
-requires = ["poetry>=1.1.0", "poetry-dynamic-versioning"]
-build-backend = "poetry.core.masonry.api"
+requires = ["poetry-core>=1.0.0", "poetry-dynamic-versioning>=1.0.0,<2.0.0"]
+build-backend = "poetry_dynamic_versioning.backend"

lcdp_postgres_utils-1.0.4.dev36/setup.py

@@ -1,32 +0,0 @@
-# -*- coding: utf-8 -*-
-from setuptools import setup
-
-packages = \
-['lcdp_postgres_utils',
- 'lcdp_postgres_utils.executors',
- 'lcdp_postgres_utils.utils']
-
-package_data = \
-{'': ['*']}
-
-install_requires = \
-['boto3>=1.26.55,<2.0.0', 'pg8000>=1.29.4,<2.0.0']
-
-setup_kwargs = {
-    'name': 'lcdp-postgres-utils',
-    'version': '1.0.4.dev36',
-    'description': 'Postgres Utils to create users, databases, functions, ...',
-    'long_description': 'None',
-    'author': 'Le Comptoir Des Pharmacies',
-    'author_email': 'webmaster@lecomptoirdespharmacies.fr',
-    'maintainer': 'None',
-    'maintainer_email': 'None',
-    'url': 'None',
-    'packages': packages,
-    'package_data': package_data,
-    'install_requires': install_requires,
-    'python_requires': '>=3.8,<4.0',
-}
-
-
-setup(**setup_kwargs)