async def _ensure_edgedb_role( ctx: BootstrapContext, role_name: str, *, superuser: bool = False, builtin: bool = False, objid: Optional[uuid.UUID] = None, ) -> uuid.UUID: member_of = set() if superuser: member_of.add(edbdef.EDGEDB_SUPERGROUP) if objid is None: objid = uuidgen.uuid1mc() members = set() login_role = ctx.cluster.get_connection_params().user sup_role = ctx.cluster.get_role_name(edbdef.EDGEDB_SUPERUSER) if login_role != sup_role: members.add(login_role) instance_params = ctx.cluster.get_runtime_params().instance_params pg_role_name = ctx.cluster.get_role_name(role_name) role = dbops.Role( name=pg_role_name, superuser=(superuser and bool(instance_params.capabilities & pgcluster.BackendCapabilities.SUPERUSER_ACCESS)), allow_login=True, allow_createdb=True, allow_createrole=True, membership=[ctx.cluster.get_role_name(m) for m in member_of], members=members, metadata=dict( id=str(objid), name=role_name, tenant_id=instance_params.tenant_id, builtin=builtin, ), ) create_role = dbops.CreateRole( role, neg_conditions=[dbops.RoleExists(pg_role_name)], ) block = dbops.PLTopBlock() create_role.generate(block) await _execute_block(ctx.conn, block) return objid
async def _ensure_edgedb_role( cluster, conn, username, *, membership=(), is_superuser=False, builtin=False, objid=None, ) -> None: membership = set(membership) if is_superuser: superuser_role = cluster.get_superuser_role() if superuser_role: # If the cluster is exposing an explicit superuser role, # become a member of that instead of creating a superuser # role directly. membership.add(superuser_role) superuser_flag = False else: superuser_flag = True else: superuser_flag = False if objid is None: objid = uuidgen.uuid1mc() role = dbops.Role( name=username, is_superuser=superuser_flag, allow_login=True, allow_createdb=True, allow_createrole=True, membership=membership, metadata=dict( id=str(objid), builtin=builtin, ), ) create_role = dbops.CreateRole( role, neg_conditions=[dbops.RoleExists(username)], ) block = dbops.PLTopBlock() create_role.generate(block) await _execute_block(conn, block) return objid
async def _ensure_edgedb_role( cluster, conn, username, *, superuser=False, builtin=False, objid=None, ) -> None: member_of = set() if superuser: member_of.add(edbdef.EDGEDB_SUPERGROUP) if objid is None: objid = uuidgen.uuid1mc() members = set() login_role = cluster.get_connection_params().user if login_role != edbdef.EDGEDB_SUPERUSER: members.add(login_role) instance_params = cluster.get_runtime_params().instance_params role = dbops.Role( name=username, superuser=(superuser and bool(instance_params.capabilities & pgcluster.BackendCapabilities.SUPERUSER_ACCESS)), allow_login=True, allow_createdb=True, allow_createrole=True, membership=member_of, members=members, metadata=dict( id=str(objid), builtin=builtin, ), ) create_role = dbops.CreateRole( role, neg_conditions=[dbops.RoleExists(username)], ) block = dbops.PLTopBlock() create_role.generate(block) await _execute_block(conn, block) return objid
async def _ensure_edgedb_user(conn, username, *, is_superuser=False): role = dbops.Role(name=username, is_superuser=is_superuser, allow_login=True, metadata=dict( id=str(uuidgen.uuid1mc()), __edgedb__='1', )) create_role = dbops.CreateRole(role=role, neg_conditions=[dbops.RoleExists(username)]) block = dbops.PLTopBlock() create_role.generate(block) await _execute_block(conn, block)
async def _ensure_edgedb_supergroup( ctx: BootstrapContext, role_name: str, *, member_of: Iterable[str] = (), members: Iterable[str] = (), ) -> None: member_of = set(member_of) instance_params = ctx.cluster.get_runtime_params().instance_params superuser_role = instance_params.base_superuser if superuser_role: # If the cluster is exposing an explicit superuser role, # become a member of that instead of creating a superuser # role directly. member_of.add(superuser_role) pg_role_name = ctx.cluster.get_role_name(role_name) role = dbops.Role( name=pg_role_name, superuser=bool(instance_params.capabilities & pgcluster.BackendCapabilities.SUPERUSER_ACCESS), allow_login=False, allow_createdb=True, allow_createrole=True, membership=member_of, members=members, ) create_role = dbops.CreateRole( role, neg_conditions=[dbops.RoleExists(pg_role_name)], ) block = dbops.PLTopBlock() create_role.generate(block) await _execute_block(ctx.conn, block)