Limit postgresql_table to acting on tables

author Tom Hughes <tom@compton.nu>

Thu, 5 Oct 2023 13:29:21 +0000 (13:29 +0000)

committer Tom Hughes <tom@compton.nu>

Thu, 5 Oct 2023 13:29:21 +0000 (13:29 +0000)
author Tom Hughes <tom@compton.nu>
Thu, 5 Oct 2023 13:29:21 +0000 (13:29 +0000)
committer Tom Hughes <tom@compton.nu>
Thu, 5 Oct 2023 13:29:21 +0000 (13:29 +0000)
diff --git a/cookbooks/postgresql/libraries/postgresql.rb b/cookbooks/postgresql/libraries/postgresql.rb

index 62188795bd3f3aa6d168e5b172bdae217533f250..4f0d4a1fe5166d4699c1fd885bda6ff17e0a1f06 100644 (file)
--- a/cookbooks/postgresql/libraries/postgresql.rb
+++ b/cookbooks/postgresql/libraries/postgresql.rb
@@ -112,7 +112,7 @@ module OpenStreetMap
  
      def tables(database)
        @tables ||= {}
-      @tables[database] ||= query("SELECT n.nspname, c.relname, u.usename, c.relacl FROM pg_class AS c INNER JOIN pg_user AS u ON c.relowner = u.usesysid INNER JOIN pg_namespace AS n ON c.relnamespace = n.oid", :database => database).each_with_object({}) do |table, tables|
+      @tables[database] ||= query("SELECT n.nspname, c.relname, u.usename, c.relacl FROM pg_class AS c INNER JOIN pg_user AS u ON c.relowner = u.usesysid INNER JOIN pg_namespace AS n ON c.relnamespace = n.oid WHERE c.relkind = 'r'", :database => database).each_with_object({}) do |table, tables|
          name = "#{table[:nspname]}.#{table[:relname]}"
  
          tables[name] = {
diff --git a/cookbooks/postgresql/resources/table.rb b/cookbooks/postgresql/resources/table.rb

index f97417895e6780b2a290657a3e77dfe955719032..5970f4e0aba8c5fed1be808867c64b5d69eda1c3 100644 (file)
--- a/cookbooks/postgresql/resources/table.rb
+++ b/cookbooks/postgresql/resources/table.rb
@@ -42,7 +42,7 @@ action :create do
  
        converge_by("revoke all for #{user} on #{new_resource}") do
          Chef::Log.info("Revoking all for #{user} on #{new_resource}")
-        cluster.execute(:command => "REVOKE ALL ON #{qualified_name} FROM \"#{user}\"", :database => new_resource.database)
+        cluster.execute(:command => "REVOKE ALL ON TABLE #{qualified_name} FROM \"#{user}\"", :database => new_resource.database)
        end
      end
  
@@ -59,13 +59,13 @@ action :create do
            unless current_privileges.include?(privilege)
              converge_by("grant #{privilege} for #{user} on #{new_resource}") do
                Chef::Log.info("Granting #{privilege} for #{user} on #{new_resource}")
-              cluster.execute(:command => "GRANT #{privilege.to_s.upcase} ON #{qualified_name} TO \"#{user}\"", :database => new_resource.database)
+              cluster.execute(:command => "GRANT #{privilege.to_s.upcase} ON TABLE #{qualified_name} TO \"#{user}\"", :database => new_resource.database)
              end
            end
          elsif current_privileges.include?(privilege)
            converge_by("revoke #{privilege} for #{user} on #{new_resource}") do
              Chef::Log.info("Revoking #{privilege} for #{user} on #{new_resource}")
-            cluster.execute(:command => "REVOKE #{privilege.to_s.upcase} ON #{qualified_name} FROM \"#{user}\"", :database => new_resource.database)
+            cluster.execute(:command => "REVOKE #{privilege.to_s.upcase} ON TABLE #{qualified_name} FROM \"#{user}\"", :database => new_resource.database)
            end
          end
        end
author	Tom Hughes <tom@compton.nu>
	Thu, 5 Oct 2023 13:29:21 +0000 (13:29 +0000)
committer	Tom Hughes <tom@compton.nu>
	Thu, 5 Oct 2023 13:29:21 +0000 (13:29 +0000)
cookbooks/postgresql/libraries/postgresql.rb		patch \| blob \| history
cookbooks/postgresql/resources/table.rb		patch \| blob \| history