[mailman] Fixes for post-update script
Another bunch of fixes for post-update.sh script. * Migrate pg-give-rights.py to python3 * Add settings_test.py to staging as well Signed-off-by: Michal Konecny <mkonecny@redhat.com>
This commit is contained in:
parent
ad315c5536
commit
aa56a6bb45
2 changed files with 91 additions and 1 deletions
roles/mailman
85
roles/mailman/files/mailman3_pg-give-rights.py
Executable file
85
roles/mailman/files/mailman3_pg-give-rights.py
Executable file
|
@ -0,0 +1,85 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
# vim: et ts=4 sw=4 fileencoding=utf-8
|
||||||
|
|
||||||
|
"""
|
||||||
|
Give non-admin rights to the database app user.
|
||||||
|
"""
|
||||||
|
|
||||||
|
CONFFILE = "/etc/mailman-migration.conf"
|
||||||
|
|
||||||
|
|
||||||
|
import site
|
||||||
|
import yaml
|
||||||
|
import psycopg2
|
||||||
|
|
||||||
|
|
||||||
|
def give_rights(dbhost, dbuser, dbpasswd, dbname, dbreguser=None):
|
||||||
|
if dbreguser is None:
|
||||||
|
dbreguser = dbname + "app"
|
||||||
|
conn = psycopg2.connect(host=dbhost, user=dbuser, password=dbpasswd,
|
||||||
|
database=dbname)
|
||||||
|
cur = conn.cursor()
|
||||||
|
# Database permissions
|
||||||
|
dbrightsquery = "GRANT CONNECT,TEMP ON DATABASE %s TO %s;" % (dbname, dbreguser)
|
||||||
|
print(dbrightsquery)
|
||||||
|
cur.execute(dbrightsquery)
|
||||||
|
# Table permissions
|
||||||
|
cur.execute("""
|
||||||
|
SELECT 'GRANT SELECT,INSERT,UPDATE,DELETE,TRUNCATE ON "' || relname || '" TO %s;'
|
||||||
|
FROM pg_class
|
||||||
|
JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace
|
||||||
|
WHERE nspname = 'public' AND relkind IN ('r', 'v');
|
||||||
|
""" % dbreguser)
|
||||||
|
queries = [q[0] for q in cur]
|
||||||
|
for query in queries:
|
||||||
|
print(query)
|
||||||
|
cur.execute(query)
|
||||||
|
# Sequence permissions
|
||||||
|
cur.execute("""
|
||||||
|
SELECT 'GRANT USAGE,SELECT,UPDATE ON ' || relname || ' TO %s;'
|
||||||
|
FROM pg_class
|
||||||
|
JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace
|
||||||
|
WHERE nspname = 'public' AND relkind = 'S';
|
||||||
|
""" % dbreguser)
|
||||||
|
queries = [q[0] for q in cur]
|
||||||
|
for query in queries:
|
||||||
|
print(query)
|
||||||
|
cur.execute(query)
|
||||||
|
conn.commit()
|
||||||
|
cur.close()
|
||||||
|
conn.close()
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
with open(CONFFILE) as conffile:
|
||||||
|
conf = yaml.safe_load(conffile)
|
||||||
|
site.addsitedir(conf["confdir"])
|
||||||
|
import settings_admin
|
||||||
|
|
||||||
|
## KittyStore
|
||||||
|
#dbspec = re.match("""
|
||||||
|
# postgresql://
|
||||||
|
# (?P<user>[a-z]+)
|
||||||
|
# :
|
||||||
|
# (?P<password>[^@]+)
|
||||||
|
# @
|
||||||
|
# (?P<host>[^/]+)
|
||||||
|
# /
|
||||||
|
# (?P<database>[^/?]+)
|
||||||
|
# """, settings_admin.KITTYSTORE_URL, re.X)
|
||||||
|
#give_rights(dbspec.group("host"),
|
||||||
|
# dbspec.group("user"),
|
||||||
|
# dbspec.group("password"),
|
||||||
|
# dbspec.group("database")
|
||||||
|
# )
|
||||||
|
|
||||||
|
# HyperKitty
|
||||||
|
give_rights(
|
||||||
|
settings_admin.DATABASES["default"]["HOST"],
|
||||||
|
settings_admin.DATABASES["default"]["USER"],
|
||||||
|
settings_admin.DATABASES["default"]["PASSWORD"],
|
||||||
|
settings_admin.DATABASES["default"]["NAME"],
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__": main()
|
|
@ -357,7 +357,6 @@
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
- mailman
|
- mailman
|
||||||
when: env == 'production'
|
|
||||||
|
|
||||||
- name: install the fedora-specific modules
|
- name: install the fedora-specific modules
|
||||||
copy: src={{ item }}.py
|
copy: src={{ item }}.py
|
||||||
|
@ -568,6 +567,12 @@
|
||||||
tags: mailman
|
tags: mailman
|
||||||
when: env == 'staging'
|
when: env == 'staging'
|
||||||
|
|
||||||
|
- name: install the updated pg-give-rights script
|
||||||
|
copy: src=mailman3_pg-give-rights.py dest="{{ mailman_webui_basedir }}/bin/pg-give-rights.py"
|
||||||
|
owner=root group=root mode=0755
|
||||||
|
tags: mailman
|
||||||
|
when: env == 'staging'
|
||||||
|
|
||||||
- name: install the templatized scripts
|
- name: install the templatized scripts
|
||||||
template: src={{ item }}.j2 dest="{{ mailman_webui_basedir }}/bin/{{ item }}"
|
template: src={{ item }}.j2 dest="{{ mailman_webui_basedir }}/bin/{{ item }}"
|
||||||
owner=root group=root mode=0755
|
owner=root group=root mode=0755
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue