set search_path for default roles #1065
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes #1014
When creating databases through the
preparedDatabases
feature thesearch_path
is not configured hence all created roles need to put schema qualifiers in their queries. But, the existingPgUser
user type already has a fieldParameters
to allow for settingsearch_path
individually. Even code for altering the role has already been there, although it wasn't used probably.This PR defines a default
search_path: "$user"
for each role (notepublic
is not included) and then appends all schemas, if it's a<dbname>_[owner|reader|writer]
role or only one schema when it's a<dbname>_<schema>_[owner|reader|writer]
role.Adding databases with two schemas will have the following settings:
Open question 1:
If the database already contains roles that follow the naming pattern and existing databases and schemas are moved under the
preparedDatabases
key, existingsearch_path
settings will be overwritten. Other example: The minimal cluster defines no schemas which would create a default schemadata
. At one point somebody defines newschemas
underpreparedDatabases
and only these schemas are put into the search_path for the<dbname>_[owner|reader|writer]
roles.data
is lost. Solution: Get the current search_path and merge / concat it with the new one.Open question 2:
Should the ALTER ROLE command be enriched with the IN DATABASE term? Probably, it's already fine because of default access privileges.
Open question 3:
Should there be an option to add
public
to the defaultsearch_path
even if it's not that safe.Open question 4:
In case the user is called like the schema, the default "$user" is good enough. Should we still append the schema name in case the role is renamed at some point in the future.