-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add More Granular Check to Postgres User During setup_db #4941
Comments
…chk_4.4.x improve check for createdb privileges during setup_db re: #4941
improve check for createdb privileges during setup_db re: #4941
This is now addressed, in stable/4.4.x (before the 4.4.2 release) and in master. |
@whatisgalen figured out this is not a sufficient fix, as the "Superuser" attribute does allow the creation of databases, but it doesn't actually bring along the "Create DB" attribute. A little more work needs to be done on this, presumably just additionally checking for |
…heck add check for superuser role #4941
…_4.4.x add check for superuser role #4941
The fix for this is now in stable/4.4.x and master, so I'm re-closing the ticket. |
User Story
Currently, in our setup_db command, there is a check to determine whether the user is a superuser: https://github.com/archesproject/arches/blob/master/arches/management/commands/setup_db.py#L152
If the user is a superuser, then the DROP/CREATE db commands are run to make a completely fresh installation of the Arches database. This must happen the very first time that the database is setup. If the user is not a superuser, then a "reset" of the database is undertaken, where all the data is flushed, but no CREATE commands are run. This can be done over and over by a non-superuser, but only if the database has been created already.
I have found that on AWS RDS (and perhaps other hosted Postgres solutions) the "superuser" you are provided with is not actually a superuser in the proper sense, but it has a more specific set of privileges (which do include the ability to create a database).
This means that in the case of RDS, the user is not properly flagged as a "superuser" with our current code, which triggers the database reset instead of the database creation, which, in turn, fails if the database hasn't yet been created.
Proposal
I have tested and confirmed that in the case of RDS, replacing the superuser check above with this check:
does properly determine whether the user has the ability to create databases, so it can be used to trigger the database creation.
Acceptance Criteria
Definition of Done
setup_db must continue to work, but should use a more specific check for whether the user has permission to create databases on the server.
The text was updated successfully, but these errors were encountered: