From 39897105b27fc133802b0edc676bc3c8297d00b0 Mon Sep 17 00:00:00 2001 From: Anastasia Lubennikova Date: Mon, 24 Oct 2022 11:49:36 +0300 Subject: [PATCH] Check postgres version and ensure that public schema exists before running GRANT query on it --- compute_tools/src/spec.rs | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/compute_tools/src/spec.rs b/compute_tools/src/spec.rs index 1e7cd51b6e..58c94d74ae 100644 --- a/compute_tools/src/spec.rs +++ b/compute_tools/src/spec.rs @@ -423,11 +423,32 @@ pub fn handle_grants(node: &ComputeNode, client: &mut Client) -> Result<()> { ); db_client.simple_query(&alter_query)?; - // // Explicitly grant CREATE ON SCHEMA PUBLIC to the web_access user. - // // This is needed since postgres 15, where this privilege is removed by default. - // let grant_query: String = "GRANT CREATE ON SCHEMA public TO web_access".to_string(); - // info!("grant query for db {} : {}", &db.name, &grant_query); - // db_client.simple_query(&grant_query)?; + // Explicitly grant CREATE ON SCHEMA PUBLIC to the web_access user. + // This is needed because since postgres 15 this privilege is removed by default. + let grant_query = "DO $$\n\ + BEGIN\n\ + IF EXISTS(\n\ + SELECT nspname\n\ + FROM pg_catalog.pg_namespace\n\ + WHERE nspname = 'public'\n\ + ) AND\n\ + current_setting('server_version_num')::int/10000 >= 15\n\ + THEN\n\ + IF EXISTS(\n\ + SELECT rolname\n\ + FROM pg_catalog.pg_roles\n\ + WHERE rolname = 'web_access'\n\ + )\n\ + THEN\n\ + GRANT CREATE ON SCHEMA public TO web_access;\n\ + END IF;\n\ + END IF;\n\ + END\n\ + $$;" + .to_string(); + + info!("grant query for db {} : {}", &db.name, &grant_query); + db_client.simple_query(&grant_query)?; } Ok(())