async def _ensure_edgedb_role(
ctx: BootstrapContext,
role_name: str,
*,
superuser: bool = False,
builtin: bool = False,
objid: Optional[uuid.UUID] = None,
) -> uuid.UUID:
member_of = set()
if superuser:
member_of.add(edbdef.EDGEDB_SUPERGROUP)
if objid is None:
objid = uuidgen.uuid1mc()
members = set()
login_role = ctx.cluster.get_connection_params().user
sup_role = ctx.cluster.get_role_name(edbdef.EDGEDB_SUPERUSER)
if login_role != sup_role:
members.add(login_role)
instance_params = ctx.cluster.get_runtime_params().instance_params
pg_role_name = ctx.cluster.get_role_name(role_name)
role = dbops.Role(
name=pg_role_name,
superuser=(superuser
and bool(instance_params.capabilities
& pgcluster.BackendCapabilities.SUPERUSER_ACCESS)),
allow_login=True,
allow_createdb=True,
allow_createrole=True,
membership=[ctx.cluster.get_role_name(m) for m in member_of],
members=members,
metadata=dict(
id=str(objid),
name=role_name,
tenant_id=instance_params.tenant_id,
builtin=builtin,
),
)
create_role = dbops.CreateRole(
role,
neg_conditions=[dbops.RoleExists(pg_role_name)],
)
block = dbops.PLTopBlock()
create_role.generate(block)
await _execute_block(ctx.conn, block)
return objid
async def _ensure_edgedb_role(
cluster,
conn,
username,
*,
membership=(),
is_superuser=False,
builtin=False,
objid=None,
) -> None:
membership = set(membership)
if is_superuser:
superuser_role = cluster.get_superuser_role()
if superuser_role:
# If the cluster is exposing an explicit superuser role,
# become a member of that instead of creating a superuser
# role directly.
membership.add(superuser_role)
superuser_flag = False
else:
superuser_flag = True
else:
superuser_flag = False
if objid is None:
objid = uuidgen.uuid1mc()
role = dbops.Role(
name=username,
is_superuser=superuser_flag,
allow_login=True,
allow_createdb=True,
allow_createrole=True,
membership=membership,
metadata=dict(
id=str(objid),
builtin=builtin,
),
)
create_role = dbops.CreateRole(
role,
neg_conditions=[dbops.RoleExists(username)],
)
block = dbops.PLTopBlock()
create_role.generate(block)
await _execute_block(conn, block)
return objid
async def _ensure_edgedb_role(
cluster,
conn,
username,
*,
superuser=False,
builtin=False,
objid=None,
) -> None:
member_of = set()
if superuser:
member_of.add(edbdef.EDGEDB_SUPERGROUP)
if objid is None:
objid = uuidgen.uuid1mc()
members = set()
login_role = cluster.get_connection_params().user
if login_role != edbdef.EDGEDB_SUPERUSER:
members.add(login_role)
instance_params = cluster.get_runtime_params().instance_params
role = dbops.Role(
name=username,
superuser=(superuser
and bool(instance_params.capabilities
& pgcluster.BackendCapabilities.SUPERUSER_ACCESS)),
allow_login=True,
allow_createdb=True,
allow_createrole=True,
membership=member_of,
members=members,
metadata=dict(
id=str(objid),
builtin=builtin,
),
)
create_role = dbops.CreateRole(
role,
neg_conditions=[dbops.RoleExists(username)],
)
block = dbops.PLTopBlock()
create_role.generate(block)
await _execute_block(conn, block)
return objid
async def _ensure_edgedb_user(conn, username, *, is_superuser=False):
role = dbops.Role(name=username,
is_superuser=is_superuser,
allow_login=True,
metadata=dict(
id=str(uuidgen.uuid1mc()),
__edgedb__='1',
))
create_role = dbops.CreateRole(role=role,
neg_conditions=[dbops.RoleExists(username)])
block = dbops.PLTopBlock()
create_role.generate(block)
await _execute_block(conn, block)
async def _ensure_edgedb_supergroup(
ctx: BootstrapContext,
role_name: str,
*,
member_of: Iterable[str] = (),
members: Iterable[str] = (),
) -> None:
member_of = set(member_of)
instance_params = ctx.cluster.get_runtime_params().instance_params
superuser_role = instance_params.base_superuser
if superuser_role:
# If the cluster is exposing an explicit superuser role,
# become a member of that instead of creating a superuser
# role directly.
member_of.add(superuser_role)
pg_role_name = ctx.cluster.get_role_name(role_name)
role = dbops.Role(
name=pg_role_name,
superuser=bool(instance_params.capabilities
& pgcluster.BackendCapabilities.SUPERUSER_ACCESS),
allow_login=False,
allow_createdb=True,
allow_createrole=True,
membership=member_of,
members=members,
)
create_role = dbops.CreateRole(
role,
neg_conditions=[dbops.RoleExists(pg_role_name)],
)
block = dbops.PLTopBlock()
create_role.generate(block)
await _execute_block(ctx.conn, block)
