From e37efb583f5c327b470cc4fc72118f4b66f2b97a Mon Sep 17 00:00:00 2001 From: Ian Ballou Date: Tue, 29 Oct 2024 17:40:53 -0400 Subject: [PATCH] Refs #37883 - connect to remote db for evr perms check via env vars --- hooks/boot/01-kafo-hook-extensions.rb | 44 +++++++++++++++++++ hooks/pre/10-reset_data.rb | 44 ------------------- .../42-evr_extension_permissions.rb | 30 ++++++------- 3 files changed, 59 insertions(+), 59 deletions(-) diff --git a/hooks/boot/01-kafo-hook-extensions.rb b/hooks/boot/01-kafo-hook-extensions.rb index 23abaa4b..f352f3f5 100644 --- a/hooks/boot/01-kafo-hook-extensions.rb +++ b/hooks/boot/01-kafo-hook-extensions.rb @@ -101,6 +101,50 @@ def log_and_say(level, message, do_say = true, do_log = true) Kafo::KafoConfigure.logger.send(level, message) if do_log end + def load_db_config(db) + case db + when 'foreman' + module_name = 'foreman' + user_param = 'username' + db_param = 'database' + param_prefix = 'db_' + when 'candlepin' + module_name = 'katello' + user_param = 'user' + db_param = 'name' + param_prefix = 'candlepin_db_' + when 'pulpcore' + module_name = 'foreman_proxy_content' + user_param = 'user' + db_param = 'db_name' + param_prefix = 'pulpcore_postgresql_' + else + raise "installer module unknown for db: #{db}" + end + + { + host: param_value(module_name, "#{param_prefix}host") || 'localhost', + port: param_value(module_name, "#{param_prefix}port") || 5432, + database: param_value(module_name, "#{param_prefix}#{db_param}") || db, + username: param_value(module_name, "#{param_prefix}#{user_param}"), + password: param_value(module_name, "#{param_prefix}password"), + } + end + + def pg_env(config) + { + 'PGHOST' => config.fetch(:host, 'localhost'), + 'PGPORT' => config.fetch(:port, '5432').to_s, + 'PGUSER' => config[:username], + 'PGPASSWORD' => config[:password], + 'PGDATABASE' => config[:database], + } + end + + def pg_sql_statement(statement) + "psql -t -c \"#{statement}\"" + end + def execute!(command, do_say = true, do_log = true, extra_env = {}) stdout_stderr, status = execute_command(command, do_say, do_log, extra_env) diff --git a/hooks/pre/10-reset_data.rb b/hooks/pre/10-reset_data.rb index bb3db431..67906016 100644 --- a/hooks/pre/10-reset_data.rb +++ b/hooks/pre/10-reset_data.rb @@ -10,36 +10,6 @@ def reset reset_pulpcore if pulpcore_enabled? end -def load_db_config(db) - case db - when 'foreman' - module_name = 'foreman' - user_param = 'username' - db_param = 'database' - param_prefix = 'db_' - when 'candlepin' - module_name = 'katello' - user_param = 'user' - db_param = 'name' - param_prefix = 'candlepin_db_' - when 'pulpcore' - module_name = 'foreman_proxy_content' - user_param = 'user' - db_param = 'db_name' - param_prefix = 'pulpcore_postgresql_' - else - raise "installer module unknown for db: #{db}" - end - - { - host: param_value(module_name, "#{param_prefix}host") || 'localhost', - port: param_value(module_name, "#{param_prefix}port") || 5432, - database: param_value(module_name, "#{param_prefix}#{db_param}") || db, - username: param_value(module_name, "#{param_prefix}#{user_param}"), - password: param_value(module_name, "#{param_prefix}password"), - } -end - def empty_db_in_postgresql(db) logger.notice "Dropping #{db} database!" @@ -56,20 +26,6 @@ def reset_candlepin empty_db_in_postgresql('candlepin') end -def pg_env(config) - { - 'PGHOST' => config.fetch(:host, 'localhost'), - 'PGPORT' => config.fetch(:port, '5432').to_s, - 'PGUSER' => config[:username], - 'PGPASSWORD' => config[:password], - 'PGDATABASE' => config[:database], - } -end - -def pg_sql_statement(statement) - "psql -t -c \"#{statement}\"" -end - # WARNING: deletes all the data owned by the user. No warnings. No confirmations. def empty_database!(config) delete_statement = 'DROP OWNED BY CURRENT_USER CASCADE;' diff --git a/hooks/pre_commit/42-evr_extension_permissions.rb b/hooks/pre_commit/42-evr_extension_permissions.rb index ceca20db..df754258 100644 --- a/hooks/pre_commit/42-evr_extension_permissions.rb +++ b/hooks/pre_commit/42-evr_extension_permissions.rb @@ -2,29 +2,29 @@ return if local_postgresql? database = param_value('foreman', 'db_database') || 'foreman' -username = param_value('foreman', 'db_username') || 'foreman' -password = param_value('foreman', 'db_password') -host = param_value('foreman', 'db_host') -port = param_value('foreman', 'db_port') || 5432 +config = load_db_config(database) # If postgres is the owner of the DB, then the permissions will not matter. -return if username == 'postgres' +return if config[:username] == 'postgres' check_evr_owner_sql = "SELECT CASE" \ - " WHEN r.rolname = 'postgres' THEN 1" \ - " ELSE 0" \ + " WHEN r.rolname = '#{config[:username]}' THEN 0" \ + " ELSE 1" \ " END AS evr_owned_by_postgres" \ " FROM pg_extension e" \ " JOIN pg_roles r ON e.extowner = r.oid" \ " WHERE e.extname = 'evr';" -command = "PGPASSWORD='#{password}' psql -U #{username} -h #{host} -p #{port} -d #{database} -t -c \"#{check_evr_owner_sql}\"" +command = pg_sql_statement(check_evr_owner_sql) logger.debug "Checking if the evr extension is owned by the postgres user via #{command}" -output, = execute_command(command, false, true) -unless output.nil? - if output.strip == '1' - fail_and_exit("The evr extension is owned by postgres and not the foreman DB owner. Please run the following command to fix it: " \ - "UPDATE pg_extension SET extowner = (SELECT oid FROM pg_authid WHERE rolname='#{username}');") - end -end +output, = execute_command(command, false, true, pg_env(config)) +case output&.strip +when '0' + # The evr extension is owned by the foreman DB owner, so we can skip this check. +when '1' + fail_and_exit("The evr extension is not owned by the #{database} DB owner. Please run the following command to fix it: " \ + "UPDATE pg_extension SET extowner = (SELECT oid FROM pg_authid WHERE rolname='#{config[:username]}');") +when nil + fail_and_exit("Failed to check the ownership of the evr extension.") +end