Project

General

Profile

Tâche #33943

Scénario #33942: rendre efficiente la saisie de plusieurs permissions pour des roles postgresql

rendre efficiente la saisie de plusieurs permissions pour des roles postgresql

Added by Vincent Chavanon about 2 years ago. Updated about 2 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
-
Start date:
03/10/2022
Due date:
% Done:

100%

Estimated time:
0.00 h
Remaining (hours):
0.0

Description

le dictionnaire 22_postgresql permet de declarer, via la variable multi pg_role_perms, diverses permissions pour des roles de connection. Ces directives sont implémentées ensuite dans le pg_hba.conf via le script /usr/share/eole/posttemplate/01-eoledb.

Sur un seth 2.7.2, si une permission est déclarée, elle est bien prise en compte. Si plusieurs sont déclarées, seule la première est implémentée.

Associated revisions

Revision 81a63ba6 (diff)
Added by Emmanuel GARETTE about 2 years ago

gestion correct des lignes dedupliqués (ref #33943)

History

#1 Updated by Vincent Chavanon about 2 years ago

  • Target version set to Prestation Cadoles MTE 2022 10-15

#2 Updated by Vincent Chavanon about 2 years ago

  • Parent task set to #33942

#3 Updated by Emmanuel GARETTE about 2 years ago

Je ne reproduit pas.

Sur un Zéphir + eole-db en applicant ce script :

from creole.loader import creole_loader
from creole.loader import creole_loader, config_save_values

c = creole_loader(rw=True)

c.creole.postgresql.pg_additional_role = 'oui'
c.creole.postgresql.pg_additional_role_name.pg_additional_role_name = ["adl"]
c.creole.postgresql.pg_additional_role_name.pg_additional_role_pwd[0] = "manuelle" 
c.creole.postgresql.pg_additional_role_name.pg_additional_role_superuser[0] = "oui" 

c.creole.postgresql.set_pg_role_perms = 'oui'
c.creole.postgresql.pg_role_perms.pg_role_perms = ['un', 'deux']
c.creole.postgresql.pg_role_perms.pg_role_perms_name[0] = 'un'
c.creole.postgresql.pg_role_perms.pg_role_perms_object[0] = 'all'
c.creole.postgresql.pg_role_perms.pg_role_perms_source_ip[0] = '0.0.0.0'
c.creole.postgresql.pg_role_perms.pg_role_perms_source_netmask[0] = '0.0.0.0'
c.creole.postgresql.pg_role_perms.pg_role_perms_name[1] = 'deux'
c.creole.postgresql.pg_role_perms.pg_role_perms_object[1] = 'all'
c.creole.postgresql.pg_role_perms.pg_role_perms_source_ip[1] = '0.0.0.0'
c.creole.postgresql.pg_role_perms.pg_role_perms_source_netmask[1] = '0.0.0.0'

config_save_values(c, 'creole')

J'ai bien :

root@zephir:~# cat /etc/postgresql/12/main/pg_hba.conf 
local    all    postgres        md5
local    postgres    postgres        md5
local    zephir    zephir        md5
host    all    un    0.0.0.0    0.0.0.0    md5
host    all    deux    0.0.0.0    0.0.0.0    md5

#4 Updated by Vincent Chavanon about 2 years ago

Un CreoleCat -t pg_hba.conf -o /root/scripts/pg_hba.conf nous renvoie bien un fichier de conf correct :
(...)
  1. "local" is for Unix domain socket connections only
    local all postgres ident map=pg_map
    local all all password
    hostssl all all 127.0.0.1/32 password
  2. IPv4 local connections:
  3. IPv6 local connections:
  4. host all all ::1/128 password
  5. distant_users
    local zephir zephir md5
    hostssl all all 0.0.0.0 0.0.0.0 md5
    hostssl all all 10.79.34.32 255.255.255.224 md5

mais à l'issue d'un reconfigure, et le passage de /usr/share/eole/posttemplate/01-eoledb, on a plus que :

local all postgres md5
local adl adl md5
local postgres postgres md5
local zephir zephir md5
local template_postgis postgis md5
hostssl all all 10.79.34.32 255.255.255.224 md5

#5 Updated by Emmanuel GARETTE about 2 years ago

On peut reproduire en faisant :

from creole.loader import creole_loader
from creole.loader import creole_loader, config_save_values

c = creole_loader(rw=True)

c.creole.postgresql.pg_additional_role = 'oui'
c.creole.postgresql.pg_additional_role_name.pg_additional_role_name = ["adl"]
c.creole.postgresql.pg_additional_role_name.pg_additional_role_pwd[0] = "manuelle" 
c.creole.postgresql.pg_additional_role_name.pg_additional_role_superuser[0] = "oui" 

c.creole.postgresql.set_pg_role_perms = 'oui'
c.creole.postgresql.pg_role_perms.pg_role_perms = ['un', 'deux']
c.creole.postgresql.pg_role_perms.pg_role_perms_name[0] = 'all'
c.creole.postgresql.pg_role_perms.pg_role_perms_object[0] = 'all'
c.creole.postgresql.pg_role_perms.pg_role_perms_source_ip[0] = '0.0.0.0'
c.creole.postgresql.pg_role_perms.pg_role_perms_source_netmask[0] = '0.0.0.0'
c.creole.postgresql.pg_role_perms.pg_role_perms_name[1] = 'all'
c.creole.postgresql.pg_role_perms.pg_role_perms_object[1] = 'all'
c.creole.postgresql.pg_role_perms.pg_role_perms_source_ip[1] = '0.0.0.0'
c.creole.postgresql.pg_role_perms.pg_role_perms_source_netmask[1] = '0.0.0.0'

config_save_values(c, 'creole')

#6 Updated by Emmanuel GARETTE about 2 years ago

  • Status changed from Nouveau to Résolu
  • % Done changed from 0 to 100

#7 Updated by Vincent Chavanon about 2 years ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) set to 0.0

#8 Updated by Joël Cuissinat about 2 years ago

  • Estimated time set to 0.00 h
eole-db$ git branch -r --contains 81a63ba6 
  origin/2.7.2/master
  origin/2.8.0/master
  origin/2.8.1/master
  origin/HEAD -> origin/master
  origin/dist/eole/2.7.2/master
  origin/dist/eole/2.8.0/master
  origin/dist/eole/2.8.1/master
  origin/master

Also available in: Atom PDF