Allow create_haf_app_role to create non-owner users

40a77e18 · Dan Notestein · 7ee92dd8 · 40a77e18
Commit 40a77e18 authored 1 month ago by Dan Notestein
--- a/scripts/create_haf_app_role.sh
+++ b/scripts/create_haf_app_role.sh
@@ -7,7 +7,6 @@ source "$SCRIPTPATH/common.sh"

 log_exec_params "$@"

-
 print_help () {
    echo "Usage: $0 [OPTION[=VALUE]]..."
    echo
@@ -16,7 +15,8 @@ print_help () {
    echo "  --host=VALUE              Specify postgreSQL host location (defaults to /var/run/postgresql)."
    echo "  --port=NUMBER             Specify a postgreSQL operating port (defaults to 5432)."
    echo "  --postgres-url=URL        Specify postgreSQL connection url directly."
-    echo "  --haf-app-account=NAME    Specify an account name to be added to the 'hive_applications_owner_group' group."
+    echo "  --haf-app-account=NAME    Specify an account name to be added to the base group."
+    echo "  --base-group=GROUP        Specify the base group (defaults to hive_applications_owner_group)."
    echo "  --public                  Enable query_supervisor limiting for the haf_app_account."
    echo "  --help                    Display this help screen and exit."
    echo
@@ -27,7 +27,7 @@ create_haf_app_account() {
  local haf_app_account="$2"
  local is_public="$3"

-  local base_group="hive_applications_owner_group"
+  local base_group="$BASE_GROUP"
  local alter_to_public=""
  $is_public && alter_to_public="ALTER ROLE ${haf_app_account} SET query_supervisor.limits_enabled TO true;"

@@ -35,7 +35,7 @@ create_haf_app_account() {
 DO \$$
 BEGIN
    BEGIN
-      CREATE ROLE $haf_app_account WITH LOGIN INHERIT IN ROLE hive_applications_owner_group;
+      CREATE ROLE $haf_app_account WITH LOGIN INHERIT IN ROLE ${base_group};
      EXCEPTION WHEN DUPLICATE_OBJECT THEN
      RAISE NOTICE '$haf_app_account role already exists';
    END;
@@ -47,13 +47,15 @@ EOF

 }

-
+# Default values for variables
 HAF_APP_ACCOUNT=""
 POSTGRES_HOST="/var/run/postgresql"
 POSTGRES_PORT=5432
 POSTGRES_URL=""
 PUBLIC=false
+BASE_GROUP="hive_applications_owner_group"

+# Parse command line arguments
 while [ $# -gt 0 ]; do
  case "$1" in
    --host=*)
@@ -68,6 +70,9 @@ while [ $# -gt 0 ]; do
    --haf-app-account=*)
        HAF_APP_ACCOUNT="${1#*=}"
        ;;
+    --base-group=*)
+        BASE_GROUP="${1#*=}"
+        ;;
    --public)
        PUBLIC=true
        ;;
@@ -87,8 +92,8 @@ while [ $# -gt 0 ]; do
        print_help
        exit 2
        ;;
-    esac
-    shift
+  esac
+  shift
 done

 if [ -z "$POSTGRES_URL" ]; then
@@ -97,9 +102,9 @@ else
  POSTGRES_ACCESS=$POSTGRES_URL
 fi

-_TST_HAF_APP_ACCOUNT=${HAF_APP_ACCOUNT:? "Missing application account name - it should be specified by using `--haf-app-account=name` option"}
+# Ensure that the haf app account is specified
+_TST_HAF_APP_ACCOUNT=${HAF_APP_ACCOUNT:? "Missing application account name - it should be specified by using '--haf-app-account=name' option"}

 echo $POSTGRES_ACCESS

 create_haf_app_account "$POSTGRES_ACCESS" "$HAF_APP_ACCOUNT" ${PUBLIC}
-