From 40a77e182a3a00af18479755d5eb43d8b76070d8 Mon Sep 17 00:00:00 2001
From: DanEric <dan@syncad.com>
Date: Wed, 5 Feb 2025 22:35:24 +0000
Subject: [PATCH] Allow create_haf_app_role to create non-owner users

---
 scripts/create_haf_app_role.sh | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/scripts/create_haf_app_role.sh b/scripts/create_haf_app_role.sh
index 8e72a6ff5..38c864320 100755
--- a/scripts/create_haf_app_role.sh
+++ b/scripts/create_haf_app_role.sh
@@ -7,7 +7,6 @@ source "$SCRIPTPATH/common.sh"
 
 log_exec_params "$@"
 
-
 print_help () {
     echo "Usage: $0 [OPTION[=VALUE]]..."
     echo
@@ -16,7 +15,8 @@ print_help () {
     echo "  --host=VALUE              Specify postgreSQL host location (defaults to /var/run/postgresql)."
     echo "  --port=NUMBER             Specify a postgreSQL operating port (defaults to 5432)."
     echo "  --postgres-url=URL        Specify postgreSQL connection url directly."
-    echo "  --haf-app-account=NAME    Specify an account name to be added to the 'hive_applications_owner_group' group."
+    echo "  --haf-app-account=NAME    Specify an account name to be added to the base group."
+    echo "  --base-group=GROUP        Specify the base group (defaults to hive_applications_owner_group)."
     echo "  --public                  Enable query_supervisor limiting for the haf_app_account."
     echo "  --help                    Display this help screen and exit."
     echo
@@ -27,7 +27,7 @@ create_haf_app_account() {
   local haf_app_account="$2"
   local is_public="$3"
 
-  local base_group="hive_applications_owner_group"
+  local base_group="$BASE_GROUP"
   local alter_to_public=""
   $is_public && alter_to_public="ALTER ROLE ${haf_app_account} SET query_supervisor.limits_enabled TO true;"
 
@@ -35,7 +35,7 @@ create_haf_app_account() {
 DO \$$
 BEGIN
     BEGIN
-      CREATE ROLE $haf_app_account WITH LOGIN INHERIT IN ROLE hive_applications_owner_group;
+      CREATE ROLE $haf_app_account WITH LOGIN INHERIT IN ROLE ${base_group};
       EXCEPTION WHEN DUPLICATE_OBJECT THEN
       RAISE NOTICE '$haf_app_account role already exists';
     END;
@@ -47,13 +47,15 @@ EOF
 
 }
 
-
+# Default values for variables
 HAF_APP_ACCOUNT=""
 POSTGRES_HOST="/var/run/postgresql"
 POSTGRES_PORT=5432
 POSTGRES_URL=""
 PUBLIC=false
+BASE_GROUP="hive_applications_owner_group"
 
+# Parse command line arguments
 while [ $# -gt 0 ]; do
   case "$1" in
     --host=*)
@@ -68,6 +70,9 @@ while [ $# -gt 0 ]; do
     --haf-app-account=*)
         HAF_APP_ACCOUNT="${1#*=}"
         ;;
+    --base-group=*)
+        BASE_GROUP="${1#*=}"
+        ;;
     --public)
         PUBLIC=true
         ;;
@@ -87,8 +92,8 @@ while [ $# -gt 0 ]; do
         print_help
         exit 2
         ;;
-    esac
-    shift
+  esac
+  shift
 done
 
 if [ -z "$POSTGRES_URL" ]; then
@@ -97,9 +102,9 @@ else
   POSTGRES_ACCESS=$POSTGRES_URL
 fi
 
-_TST_HAF_APP_ACCOUNT=${HAF_APP_ACCOUNT:? "Missing application account name - it should be specified by using `--haf-app-account=name` option"}
+# Ensure that the haf app account is specified
+_TST_HAF_APP_ACCOUNT=${HAF_APP_ACCOUNT:? "Missing application account name - it should be specified by using '--haf-app-account=name' option"}
 
 echo $POSTGRES_ACCESS
 
 create_haf_app_account "$POSTGRES_ACCESS" "$HAF_APP_ACCOUNT" ${PUBLIC}
-
-- 
GitLab