Peter Kurfer
647f602c79
- added Core CRD to manage DB migrations & configuration, PostgREST and GoTrue (auth) - added APIGateway CRD to manage Envoy proxy - added Dashboard CRD to manage (so far) pg-meta and (soon) studio deployments - implemented basic Envoy control plane based on K8s watcher
69 lines
1.4 KiB
Go
69 lines
1.4 KiB
Go
package db
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
|
|
"github.com/jackc/pgx/v5"
|
|
"sigs.k8s.io/controller-runtime/pkg/log"
|
|
|
|
"code.icb4dc0.de/prskr/supabase-operator/assets/migrations"
|
|
)
|
|
|
|
const (
|
|
alterUserPwd = `ALTER ROLE %s WITH PASSWORD '%s';`
|
|
checkUserExists = `SELECT 1 FROM pg_user WHERE usename = $1;`
|
|
)
|
|
|
|
func NewRolesManager(conn *pgx.Conn) RolesManager {
|
|
return RolesManager{
|
|
Conn: conn,
|
|
}
|
|
}
|
|
|
|
type RolesManager struct {
|
|
Conn *pgx.Conn
|
|
}
|
|
|
|
func (mgr RolesManager) UpdateRolePassword(ctx context.Context, roleName string, password []byte) error {
|
|
if err := mgr.ensureLoginRoleExists(ctx, roleName); err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err := mgr.Conn.Exec(ctx, fmt.Sprintf(alterUserPwd, roleName, password))
|
|
return err
|
|
}
|
|
|
|
func (mgr RolesManager) ensureLoginRoleExists(ctx context.Context, roleName string) error {
|
|
logger := log.FromContext(ctx).WithValues("role_name", roleName)
|
|
|
|
rows, err := mgr.Conn.Query(ctx, checkUserExists, roleName)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
defer rows.Close()
|
|
|
|
_, err = pgx.CollectExactlyOneRow(rows, func(row pgx.CollectableRow) (out int, err error) {
|
|
err = row.Scan(&out)
|
|
return
|
|
})
|
|
if err != nil {
|
|
if !errors.Is(err, pgx.ErrNoRows) {
|
|
return err
|
|
}
|
|
logger.Info("No rows, this means the role does not exists, creating it now")
|
|
} else {
|
|
return nil
|
|
}
|
|
|
|
script, err := migrations.RoleCreationScript(roleName)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = mgr.Conn.Exec(ctx, script.Content)
|
|
|
|
return err
|
|
}
|