From f34d925af1f338282176fbda6ddd95580440ecc6 Mon Sep 17 00:00:00 2001 From: Pieter Callewaert Date: Fri, 30 Apr 2021 15:32:53 +0200 Subject: [PATCH 1/2] Override DropRole method for Azure, the newOwner can be an invalid format for postgres --- pkg/postgres/azure.go | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/pkg/postgres/azure.go b/pkg/postgres/azure.go index 5edbc5095..0090c3d2a 100644 --- a/pkg/postgres/azure.go +++ b/pkg/postgres/azure.go @@ -3,6 +3,9 @@ package postgres import ( "fmt" "strings" + + "github.com/go-logr/logr" + "github.com/lib/pq" ) type azurepg struct { @@ -47,3 +50,28 @@ func (azpg *azurepg) CreateDB(dbname, role string) error { return azpg.pg.CreateDB(dbname, role) } + +func (azpg *azurepg) DropRole(role, newOwner, database string, logger logr.Logger) error { + // REASSIGN OWNED BY only works if the correct database is selected + tmpDb := GetConnection(azpg.user, azpg.pass, azpg.host, database, azpg.args, logger) + _, err := tmpDb.Exec(fmt.Sprintf(REASIGN_OBJECTS, role, azpg.GetRoleForLogin(newOwner))) + defer tmpDb.Close() + // Check if error exists and if different from "ROLE NOT FOUND" => 42704 + if err != nil && err.(*pq.Error).Code != "42704" { + return err + } + + // We previously assigned all objects to the operator's role so DROP OWNED BY will drop privileges of role + _, err = tmpDb.Exec(fmt.Sprintf(DROP_OWNED_BY, role)) + // Check if error exists and if different from "ROLE NOT FOUND" => 42704 + if err != nil && err.(*pq.Error).Code != "42704" { + return err + } + + _, err = azpg.db.Exec(fmt.Sprintf(DROP_ROLE, role)) + // Check if error exists and if different from "ROLE NOT FOUND" => 42704 + if err != nil && err.(*pq.Error).Code != "42704" { + return err + } + return nil +} From 6344ddf77e6f4e2aea3c2a14035917944cb7e699 Mon Sep 17 00:00:00 2001 From: Pieter Callewaert Date: Tue, 1 Jun 2021 09:00:05 +0200 Subject: [PATCH 2/2] Refactor --- pkg/postgres/azure.go | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/pkg/postgres/azure.go b/pkg/postgres/azure.go index 0090c3d2a..b15c8438a 100644 --- a/pkg/postgres/azure.go +++ b/pkg/postgres/azure.go @@ -5,7 +5,6 @@ import ( "strings" "github.com/go-logr/logr" - "github.com/lib/pq" ) type azurepg struct { @@ -52,26 +51,6 @@ func (azpg *azurepg) CreateDB(dbname, role string) error { } func (azpg *azurepg) DropRole(role, newOwner, database string, logger logr.Logger) error { - // REASSIGN OWNED BY only works if the correct database is selected - tmpDb := GetConnection(azpg.user, azpg.pass, azpg.host, database, azpg.args, logger) - _, err := tmpDb.Exec(fmt.Sprintf(REASIGN_OBJECTS, role, azpg.GetRoleForLogin(newOwner))) - defer tmpDb.Close() - // Check if error exists and if different from "ROLE NOT FOUND" => 42704 - if err != nil && err.(*pq.Error).Code != "42704" { - return err - } - - // We previously assigned all objects to the operator's role so DROP OWNED BY will drop privileges of role - _, err = tmpDb.Exec(fmt.Sprintf(DROP_OWNED_BY, role)) - // Check if error exists and if different from "ROLE NOT FOUND" => 42704 - if err != nil && err.(*pq.Error).Code != "42704" { - return err - } - - _, err = azpg.db.Exec(fmt.Sprintf(DROP_ROLE, role)) - // Check if error exists and if different from "ROLE NOT FOUND" => 42704 - if err != nil && err.(*pq.Error).Code != "42704" { - return err - } - return nil + azNewOwner := azpg.GetRoleForLogin(newOwner) + return azpg.pg.DropRole(role, azNewOwner, database, logger) }