Commit 2bc1c1ff authored by Kristupas Bobraitis's avatar Kristupas Bobraitis
Browse files

Changed role definitions

parent a51f4314
CREATE OR REPLACE PROCEDURE btracker_app.create_api_user()
LANGUAGE 'plpgsql'
AS $$
BEGIN
--recreate role for reading data
DROP OWNED BY api_user;
DROP ROLE IF EXISTS api_user;
CREATE ROLE api_user;
GRANT USAGE ON SCHEMA btracker_app to api_user;
GRANT SELECT ON btracker_app.account_balance_history, hive.blocks TO api_user;
GRANT USAGE ON SCHEMA hive to api_user;
GRANT SELECT ON hive.accounts TO api_user;
-- recreate role for connecting to db
DROP ROLE IF EXISTS admin;
CREATE ROLE admin NOINHERIT LOGIN PASSWORD 'admin';
-- add ability for admin to switch to api_user role
GRANT api_user TO admin;
END
$$
;
CREATE OR REPLACE FUNCTION btracker_app.raise_exception(TEXT)
RETURNS TEXT
LANGUAGE 'plpgsql'
......
......@@ -49,6 +49,27 @@ CREATE TABLE IF NOT EXISTS btracker_app.account_balance_history
--CONSTRAINT pk_account_balance_history PRIMARY KEY (account, source_op_block, nai, source_op)
) INHERITS (hive.btracker_app);
--recreate role for reading data
DROP OWNED BY haf_app;
DROP ROLE IF EXISTS haf_app;
CREATE ROLE haf_app;
GRANT hive_applications_group TO haf_app;
GRANT USAGE ON SCHEMA btracker_app to haf_app;
GRANT SELECT ON btracker_app.account_balance_history, hive.blocks TO haf_app;
-- recreate role for connecting to db
DROP OWNED BY admin;
DROP ROLE IF EXISTS admin;
CREATE ROLE admin NOINHERIT LOGIN PASSWORD 'admin';
-- add ability for admin to switch to haf_app role
GRANT haf_app TO admin;
-- add btracker_app schema owner
DROP ROLE IF EXISTS owner;
CREATE ROLE owner;
ALTER SCHEMA btracker_app OWNER TO owner;
END
$$
;
......@@ -297,3 +318,14 @@ BEGIN
END
$$
;
CREATE OR REPLACE PROCEDURE btracker_app.create_indexes()
LANGUAGE 'plpgsql'
AS
$$
BEGIN
CREATE INDEX idx_btracker_app_account_balance_history_account ON btracker_app.account_balance_history(account);
CREATE INDEX idx_btracker_app_account_balance_history_nai ON btracker_app.account_balance_history(nai);
END
$$
;
\ No newline at end of file
......@@ -16,18 +16,13 @@ run_indexer() {
}
create_indexes() {
psql -a -v "ON_ERROR_STOP=1" "$@" -d haf_block_log -c '\timing' -c "create index idx_btracker_app_account_balance_history_account on btracker_app.account_balance_history(account);"
psql -a -v "ON_ERROR_STOP=1" "$@" -d haf_block_log -c '\timing' -c "create index idx_btracker_app_account_balance_history_nai on btracker_app.account_balance_history(nai);"
psql -a -v "ON_ERROR_STOP=1" "$@" -d haf_block_log -c '\timing' -c "call btracker_app.create_indexes();"
}
create_api() {
psql -a -v "ON_ERROR_STOP=1" -d haf_block_log -f $PWD/api/btracker_api.sql
}
create_user() {
psql -a -v "ON_ERROR_STOP=1" -d haf_block_log -c '\timing' -c "call btracker_app.create_api_user();"
}
start_webserver() {
postgrest webserver.conf
}
......@@ -83,7 +78,6 @@ restart_all() {
recreate_db $@
create_api
create_user
}
if [ "$1" = "re-all" ]; then
......
db-uri = "postgres://admin:admin@localhost:5432/haf_block_log"
db-schema = "btracker_app"
db-anon-role = "api_user"
\ No newline at end of file
db-anon-role = "haf_app"
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment