From 0a1108b4a70bc2c083891dc6b82304b4c112f4ef Mon Sep 17 00:00:00 2001 From: CJ_Clippy Date: Thu, 1 Aug 2024 11:33:36 -0800 Subject: [PATCH] fix schema roles and rename --- .gitea/workflows/builder.yaml | 19 +++++++++--------- .../migrations/migrations/00001_create.sql | 20 +++++++++---------- .../migrations/00002_add-records-table.sql | 2 +- 3 files changed, 21 insertions(+), 20 deletions(-) diff --git a/.gitea/workflows/builder.yaml b/.gitea/workflows/builder.yaml index c5019f2..bfb779f 100644 --- a/.gitea/workflows/builder.yaml +++ b/.gitea/workflows/builder.yaml @@ -13,6 +13,16 @@ jobs: - uses: actions/checkout@v3 name: Check out code + - uses: mr-smithers-excellent/docker-build-push@v6 + name: Build futureporn/migrations + with: + image: futureporn/migrations + tags: latest + registry: gitea.futureporn.net + dockerfile: d.migrations.dockerfile + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - uses: mr-smithers-excellent/docker-build-push@v6 name: Build futureporn/bot with: @@ -23,15 +33,6 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - uses: mr-smithers-excellent/docker-build-push@v6 - name: Build futureporn/migrations - with: - image: futureporn/migrations - tags: latest - registry: gitea.futureporn.net - dockerfile: d.migrations.dockerfile - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - uses: mr-smithers-excellent/docker-build-push@v6 name: Build futureporn/capture diff --git a/services/migrations/migrations/00001_create.sql b/services/migrations/migrations/00001_create.sql index 0aa3a35..ed35486 100644 --- a/services/migrations/migrations/00001_create.sql +++ b/services/migrations/migrations/00001_create.sql @@ -4,8 +4,8 @@ CREATE schema api; -- authenticator is the role which can "impersonate" other users. CREATE ROLE authenticator LOGIN NOINHERIT NOCREATEDB NOCREATEROLE NOSUPERUSER; --- anonymous is the role assigned to anonymous web requests -CREATE ROLE anonymous NOLOGIN; +-- anon is the role assigned to anon web requests +CREATE ROLE anon NOLOGIN; -- schema for @futureporn/capture and @futureporn/bot CREATE TABLE api.discord_interactions ( @@ -16,12 +16,12 @@ CREATE TABLE api.discord_interactions ( -- roles & permissions for our backend automation user -CREATE ROLE automation_user NOLOGIN; -GRANT automation_user TO authenticator; -GRANT usage ON SCHEMA api TO automation_user; -GRANT all ON api.discord_interactions TO automation_user; +CREATE ROLE automation NOLOGIN; +GRANT automation TO authenticator; +GRANT usage ON SCHEMA api TO automation; +GRANT all ON api.discord_interactions TO automation; --- role & permissions for anonymous web user -CREATE ROLE anonymous_user NOLOGIN; -GRANT usage on schema api TO anonymous_user; -GRANT SELECT ON api.discord_interactions TO anonymous_user; +-- role & permissions for anon web user +CREATE ROLE anon NOLOGIN; +GRANT usage on schema api TO anon; +GRANT SELECT ON api.discord_interactions TO anon; diff --git a/services/migrations/migrations/00002_add-records-table.sql b/services/migrations/migrations/00002_add-records-table.sql index 60eff7c..e3fc429 100644 --- a/services/migrations/migrations/00002_add-records-table.sql +++ b/services/migrations/migrations/00002_add-records-table.sql @@ -7,4 +7,4 @@ CREATE TABLE api.records ( ); -- roles & permissions for our backend automation user -GRANT all ON api.records TO automation_user; +GRANT all ON api.records TO automation;