/
azure.go
88 lines (78 loc) · 2.31 KB
/
azure.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
package postgres
import (
"fmt"
"strings"
"github.com/go-logr/logr"
"github.com/lib/pq"
)
type azurepg struct {
serverName string
pg
}
func newAzurePG(postgres *pg) PG {
splitUser := strings.Split(postgres.user, "@")
serverName := ""
// We need to know the server name for Azure Database for PostgreSQL Single Server
if len(splitUser) > 1 {
serverName = splitUser[1]
}
return &azurepg{
serverName,
*postgres,
}
}
func (azpg *azurepg) CreateUserRole(role, password string) (string, error) {
returnedRole, err := azpg.pg.CreateUserRole(role, password)
if err != nil {
return "", err
}
if azpg.serverName == "" {
return returnedRole, nil
}
// Azure Database for PostgreSQL Single Server offering uses <username>@<servername> convention
return fmt.Sprintf("%s@%s", returnedRole, azpg.serverName), nil
}
func (azpg *azurepg) GetRoleForLogin(login string) string {
splitUser := strings.Split(azpg.user, "@")
if len(splitUser) > 1 {
return splitUser[0]
}
return login
}
func (azpg *azurepg) CreateDB(dbname, role string) error {
// Have to add the master role to the group role before we can transfer the database owner
err := azpg.GrantRole(role, azpg.GetRoleForLogin(azpg.user))
if err != nil {
return err
}
return azpg.pg.CreateDB(dbname, role)
}
func (azpg *azurepg) DropRole(role, newOwner, database string, logger logr.Logger) error {
if azpg.serverName != "" {
// Logic for Single Server
azNewOwner := azpg.GetRoleForLogin(newOwner)
return azpg.pg.DropRole(role, azNewOwner, database, logger)
} else {
// Logic for Flexible Server (same as AWS)
// to REASSIGN OWNED BY unless he belongs to both roles
err := azpg.pg.GrantRole(role, azpg.user)
if err != nil && err.(*pq.Error).Code != "0LP01" {
if err.(*pq.Error).Code == "42704" {
// The group role does not exist, no point in continuing
return nil
}
return err
}
err = azpg.pg.GrantRole(newOwner, azpg.user)
if err != nil && err.(*pq.Error).Code != "0LP01" {
if err.(*pq.Error).Code == "42704" {
// The group role does not exist, no point of granting roles
logger.Info(fmt.Sprintf("not granting %s to %s as %s does not exist", role, newOwner, newOwner))
return nil
}
return err
}
defer azpg.pg.RevokeRole(newOwner, azpg.pg.user)
return azpg.pg.DropRole(role, newOwner, database, logger)
}
}