From aa56a6bb45a67d4131038bc9ca82d4916fedd026 Mon Sep 17 00:00:00 2001
From: Michal Konecny <mkonecny@redhat.com>
Date: Fri, 15 Mar 2024 13:00:05 +0100
Subject: [PATCH] [mailman] Fixes for post-update script
Another bunch of fixes for post-update.sh script.
* Migrate pg-give-rights.py to python3
* Add settings_test.py to staging as well
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
---
.../mailman/files/mailman3_pg-give-rights.py | 85 +++++++++++++++++++
roles/mailman/tasks/main.yml | 7 +-
2 files changed, 91 insertions(+), 1 deletion(-)
create mode 100755 roles/mailman/files/mailman3_pg-give-rights.py
diff --git a/roles/mailman/files/mailman3_pg-give-rights.py b/roles/mailman/files/mailman3_pg-give-rights.py
new file mode 100755
index 0000000000..88b9ad6951
--- /dev/null
+++ b/roles/mailman/files/mailman3_pg-give-rights.py
@@ -0,0 +1,85 @@
+#!/usr/bin/env python3
+# vim: et ts=4 sw=4 fileencoding=utf-8
+
+"""
+Give non-admin rights to the database app user.
+"""
+
+CONFFILE = "/etc/mailman-migration.conf"
+
+
+import site
+import yaml
+import psycopg2
+
+
+def give_rights(dbhost, dbuser, dbpasswd, dbname, dbreguser=None):
+ if dbreguser is None:
+ dbreguser = dbname + "app"
+ conn = psycopg2.connect(host=dbhost, user=dbuser, password=dbpasswd,
+ database=dbname)
+ cur = conn.cursor()
+ # Database permissions
+ dbrightsquery = "GRANT CONNECT,TEMP ON DATABASE %s TO %s;" % (dbname, dbreguser)
+ print(dbrightsquery)
+ cur.execute(dbrightsquery)
+ # Table permissions
+ cur.execute("""
+ SELECT 'GRANT SELECT,INSERT,UPDATE,DELETE,TRUNCATE ON "' || relname || '" TO %s;'
+ FROM pg_class
+ JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace
+ WHERE nspname = 'public' AND relkind IN ('r', 'v');
+ """ % dbreguser)
+ queries = [q[0] for q in cur]
+ for query in queries:
+ print(query)
+ cur.execute(query)
+ # Sequence permissions
+ cur.execute("""
+ SELECT 'GRANT USAGE,SELECT,UPDATE ON ' || relname || ' TO %s;'
+ FROM pg_class
+ JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace
+ WHERE nspname = 'public' AND relkind = 'S';
+ """ % dbreguser)
+ queries = [q[0] for q in cur]
+ for query in queries:
+ print(query)
+ cur.execute(query)
+ conn.commit()
+ cur.close()
+ conn.close()
+
+
+def main():
+ with open(CONFFILE) as conffile:
+ conf = yaml.safe_load(conffile)
+ site.addsitedir(conf["confdir"])
+ import settings_admin
+
+ ## KittyStore
+ #dbspec = re.match("""
+ # postgresql://
+ # (?P<user>[a-z]+)
+ # :
+ # (?P<password>[^@]+)
+ # @
+ # (?P<host>[^/]+)
+ # /
+ # (?P<database>[^/?]+)
+ # """, settings_admin.KITTYSTORE_URL, re.X)
+ #give_rights(dbspec.group("host"),
+ # dbspec.group("user"),
+ # dbspec.group("password"),
+ # dbspec.group("database")
+ # )
+
+ # HyperKitty
+ give_rights(
+ settings_admin.DATABASES["default"]["HOST"],
+ settings_admin.DATABASES["default"]["USER"],
+ settings_admin.DATABASES["default"]["PASSWORD"],
+ settings_admin.DATABASES["default"]["NAME"],
+ )
+
+
+if __name__ == "__main__": main()
diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml
index cfd1cb6c0f..be3072e682 100644
--- a/roles/mailman/tasks/main.yml
+++ b/roles/mailman/tasks/main.yml
@@ -357,7 +357,6 @@
tags:
- config
- mailman
- when: env == 'production'
- name: install the fedora-specific modules
copy: src={{ item }}.py
@@ -568,6 +567,12 @@
tags: mailman
when: env == 'staging'
+- name: install the updated pg-give-rights script
+ copy: src=mailman3_pg-give-rights.py dest="{{ mailman_webui_basedir }}/bin/pg-give-rights.py"
+ owner=root group=root mode=0755
+ tags: mailman
+ when: env == 'staging'
+
- name: install the templatized scripts
template: src={{ item }}.j2 dest="{{ mailman_webui_basedir }}/bin/{{ item }}"
owner=root group=root mode=0755