github.com/codefresh-io/kcfi@v0.0.0-20230301195427-c1578715cc46/stage/codefresh/addons/seed-scripts/postgres-seed.sh (about)

     1  #!/bin/bash
     2  
     3  set -xeuo pipefail
     4  
     5  POSTGRES_DATABASE="${POSTGRES_DATABASE:-codefresh}"
     6  POSTGRES_AUDIT_DATABASE="${POSTGRES_AUDIT_DATABASE:-audit}"
     7  POSTGRES_PORT="${POSTGRES_PORT:-5432}"
     8  
     9  # To create a separate non-privileged user the for Codefresh,
    10  # which has access only to the relevant databases, it is needed to specify 
    11  # additionally the POSTGRES_SEED_USER and POSTGRES_SEED_PASSWORD vars.
    12  # Otherwise only POSTGRES_USER and POSTGRES_PASSWORD will be used both
    13  # during seed job execution and runtime
    14  
    15  POSTGRES_SEED_USER="${POSTGRES_SEED_USER:-$POSTGRES_USER}"
    16  POSTGRES_SEED_PASSWORD="${POSTGRES_SEED_PASSWORD:-$POSTGRES_PASSWORD}"
    17  
    18  function createDB() {
    19      psql \
    20          --host ${POSTGRES_HOST} \
    21          --port ${POSTGRES_PORT} \
    22          -U ${POSTGRES_SEED_USER} \
    23          -c \
    24          "create database ${POSTGRES_DATABASE}"
    25  }
    26  
    27  function createAuditDB() {
    28      psql \
    29          --host ${POSTGRES_HOST} \
    30          --port ${POSTGRES_PORT} \
    31          -U ${POSTGRES_SEED_USER} \
    32          -c \
    33          "create database ${POSTGRES_AUDIT_DATABASE}"    
    34  }
    35   
    36  function createUser() {
    37      echo "Creating a separate non-privileged user for Codefresh"
    38      psql \
    39          --host ${POSTGRES_HOST} \
    40          --port ${POSTGRES_PORT} \
    41          -U ${POSTGRES_SEED_USER} \
    42          -c "CREATE USER ${POSTGRES_USER} WITH PASSWORD '${POSTGRES_PASSWORD}'"
    43  }
    44  
    45  function grantPrivileges() {
    46      psql \
    47          --host ${POSTGRES_HOST} \
    48          --port ${POSTGRES_PORT} \
    49          -U ${POSTGRES_SEED_USER} \
    50          -c "GRANT ALL ON DATABASE ${POSTGRES_DATABASE} TO ${POSTGRES_USER}"
    51  }
    52  
    53  function grantAuditPrivileges() {
    54      psql \
    55          --host ${POSTGRES_HOST} \
    56          --port ${POSTGRES_PORT} \
    57          -U ${POSTGRES_SEED_USER} \
    58          -c "GRANT ALL ON DATABASE ${POSTGRES_AUDIT_DATABASE} TO ${POSTGRES_USER}"
    59  }
    60  
    61  function runSeed() {
    62  
    63      export PGPASSWORD=${POSTGRES_SEED_PASSWORD}
    64  
    65      createDB
    66      createAuditDB
    67  
    68      if [[ "${POSTGRES_SEED_USER}" != "${POSTGRES_USER}" ]]; then
    69          createUser
    70      else   
    71          echo "There is no a separate user specified for the seed job, skipping user creation"
    72      fi
    73  
    74      grantPrivileges
    75      grantAuditPrivileges
    76  }
    77  
    78  runSeed