Shipyard DB init grant use admin user
Updates the db init job for Shipyard to use the DB admin user, connect to the airflow db, and grant the privileges. This changes from trying to connect as the 'airflow' user and the admin user password Change-Id: Ib3dbac2b81129b0a849781175fcce4593df639df
This commit is contained in:
parent
cf1e822599
commit
1c893ab3ef
@ -48,7 +48,7 @@ pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_SERVICE_USER';"
|
|||||||
# Grant permissions to user
|
# Grant permissions to user
|
||||||
pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_SERVICE_USER;"
|
pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_SERVICE_USER;"
|
||||||
|
|
||||||
# Grant permissions to shipyard user
|
# Grant permissions to shipyard user to the airflow dataabase tables
|
||||||
# This will allow shipyard user to query airflow database
|
# This will allow shipyard user to query airflow database
|
||||||
psql -h $db_fqdn -p $db_port -U ${AIRFLOW_DB_USER} \
|
psql -h $db_fqdn -p $db_port -U ${DB_ADMIN_USER} -d ${AIRFLOW_DB_NAME} \
|
||||||
--command="GRANT select, insert, update, delete on all tables in schema public to $DB_SERVICE_USER;"
|
--command="GRANT select, insert, update, delete on all tables in schema public to $DB_SERVICE_USER;"
|
||||||
|
@ -76,11 +76,11 @@ spec:
|
|||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ .Values.secrets.postgresql_shipyard_db.admin }}
|
name: {{ .Values.secrets.postgresql_shipyard_db.admin }}
|
||||||
key: SHIPYARD_DATABASE_PASSWORD
|
key: SHIPYARD_DATABASE_PASSWORD
|
||||||
- name: AIRFLOW_DB_USER
|
- name: AIRFLOW_DB_NAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ .Values.secrets.postgresql_airflow_db.user }}
|
name: {{ .Values.secrets.postgresql_airflow_db.user }}
|
||||||
key: AIRFLOW_DATABASE_USERNAME
|
key: AIRFLOW_DATABASE_NAME
|
||||||
command:
|
command:
|
||||||
- /tmp/shipyard-db-init.sh
|
- /tmp/shipyard-db-init.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
Loading…
Reference in New Issue
Block a user