Shipyard DB init grant use admin user

Updates the db init job for Shipyard to use the DB admin user, connect to the airflow db, and grant the privileges. This changes from trying to connect as the 'airflow' user and the admin user password Change-Id: Ib3dbac2b81129b0a849781175fcce4593df639df
2018-02-07 18:00:45 -06:00 · 2018-02-07 18:00:45 -06:00 · 1c893ab3ef
parent cf1e822599
commit 1c893ab3ef
2 changed files with 4 additions and 4 deletions
--- a/charts/shipyard/templates/bin/_shipyard-db-init.sh.tpl
+++ b/charts/shipyard/templates/bin/_shipyard-db-init.sh.tpl
@ -48,7 +48,7 @@ pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_SERVICE_USER';"
 # Grant permissions to user
 pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_SERVICE_USER;"

-# Grant permissions to shipyard user
+# Grant permissions to shipyard user to the airflow dataabase tables
 # This will allow shipyard user to query airflow database
-psql -h $db_fqdn -p $db_port -U ${AIRFLOW_DB_USER} \
+psql -h $db_fqdn -p $db_port -U ${DB_ADMIN_USER} -d ${AIRFLOW_DB_NAME} \
 --command="GRANT select, insert, update, delete on all tables in schema public to $DB_SERVICE_USER;"
--- a/charts/shipyard/templates/job-shipyard-db-init.yaml
+++ b/charts/shipyard/templates/job-shipyard-db-init.yaml
@ -76,11 +76,11 @@ spec:
                secretKeyRef:
                  name: {{ .Values.secrets.postgresql_shipyard_db.admin }}
                  key: SHIPYARD_DATABASE_PASSWORD
-            - name: AIRFLOW_DB_USER
+            - name: AIRFLOW_DB_NAME
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.secrets.postgresql_airflow_db.user }}
-                  key: AIRFLOW_DATABASE_USERNAME
+                  key: AIRFLOW_DATABASE_NAME
          command:
            - /tmp/shipyard-db-init.sh
          volumeMounts: