From 1690a78982d7db84e56fca657aeee05c4e5b17fb Mon Sep 17 00:00:00 2001
From: DanEric <dan@syncad.com>
Date: Wed, 5 Feb 2025 22:36:55 +0000
Subject: [PATCH] Create a new hivemind_user database user to be used when
 serving API calls through PostgREST

---
 haf                           | 2 +-
 scripts/ci/start_postgrest.sh | 6 +++---
 scripts/setup_postgres.sh     | 2 ++
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/haf b/haf
index fd69207e2..a24790523 160000
--- a/haf
+++ b/haf
@@ -1 +1 @@
-Subproject commit fd69207e2026ecdf046a74deacb54950b186d773
+Subproject commit a247905233f6d38e34b6d535798e02fafa643664
diff --git a/scripts/ci/start_postgrest.sh b/scripts/ci/start_postgrest.sh
index b55ceaf76..29632d5fc 100755
--- a/scripts/ci/start_postgrest.sh
+++ b/scripts/ci/start_postgrest.sh
@@ -5,7 +5,7 @@ set -o pipefail
 
 POSTGRES_HOST="localhost"
 POSTGRES_PORT=5432
-POSTGRES_USER="hivemind"
+POSTGRES_USER="hivemind_user"
 WEBSERVER_PORT=8080
 ADMIN_PORT=3001
 LOG_LEVEL="error"
@@ -32,7 +32,7 @@ while [ $# -gt 0 ]; do
         ;;
     --log-level=*)
         LOG_LEVEL="${1#*=}"
-        ;;  
+        ;;
     -*)
         echo "ERROR: '$1' is not a valid option"
         echo
@@ -49,7 +49,7 @@ done
 
 POSTGRES_ACCESS=${POSTGRES_URL:-"postgresql://$POSTGRES_USER@$POSTGRES_HOST:$POSTGRES_PORT/haf_block_log"}
 
-start_webserver() { 
+start_webserver() {
     export PGRST_DB_URI=$POSTGRES_ACCESS
     export PGRST_SERVER_PORT=$WEBSERVER_PORT
     export PGRST_ADMIN_SERVER_PORT=$ADMIN_PORT
diff --git a/scripts/setup_postgres.sh b/scripts/setup_postgres.sh
index d324f299f..0e08ce54b 100755
--- a/scripts/setup_postgres.sh
+++ b/scripts/setup_postgres.sh
@@ -31,6 +31,7 @@ supplement_builtin_roles() {
   local pg_access="$1"
   echo "Attempting to supplement definition of hivemind builtin roles..."
   psql $pg_access -v ON_ERROR_STOP=on -c 'GRANT hivemind TO haf_admin;'
+  psql $pg_access -v ON_ERROR_STOP=on -c 'GRANT hivemind_user TO hivemind;'
 }
 
 POSTGRES_HOST="/var/run/postgresql"
@@ -75,6 +76,7 @@ else
 fi
 
 "$SCRIPTPATH/../haf/scripts/create_haf_app_role.sh" --postgres-url="$POSTGRES_ACCESS" --haf-app-account="hivemind"
+"$SCRIPTPATH/../haf/scripts/create_haf_app_role.sh" --postgres-url="$POSTGRES_ACCESS" --haf-app-account="hivemind_user" --base-group="hive_applications_group" --public
 
 #psql "$POSTGRES_ACCESS" -c "GRANT SET ON PARAMETER log_min_messages TO hivemind;"
 
-- 
GitLab