postgres-operator
postgres-operator copied to clipboard
Published
20 hours ago •
zalando
zalando
Missing default priviliges after migration from databases to preparedDatabases
Please, answer some short questions which should help us to understand your problem / question better?
- Which image of the operator are you using? registry.opensource.zalan.do/acid/postgres-operator:v1.8.2
- Where do you run it - cloud or metal? Kubernetes or OpenShift? [GCP k8s]
- Are you running Postgres Operator in production? [no]
- Type of issue? [Bug report]
After migration from databases to preparedDatabases we have missing default roles for <>_db_owner user. When the database is created with preparedDatabases everything looks good, but after migration, we have missing default priviliges. Example below:
#config before migration
users:
xxxxxx_db_owner:
- createdb
databases:
xxxxxx_db: xxxxxx_db_owner
#config after migration
preparedDatabases:
xxxxxx_db:
defaultUsers: true
default privileges when a database is created by preparedDatabases
xxxxxx_db_owner_user | data | function | xxxxxx_db_data_reader=X/xxxxxx_db_owner_user +
| | | xxxxxx_db_data_writer=X/xxxxxx_db_owner_user
xxxxxx_db_owner_user | data | sequence | xxxxxx_db_data_reader=r/xxxxxx_db_owner_user +
| | | xxxxxx_db_data_writer=wU/xxxxxx_db_owner_user
xxxxxx_db_owner_user | data | table | xxxxxx_db_data_reader=r/xxxxxx_db_owner_user +
| | | xxxxxx_db_data_writer=awd/xxxxxx_db_owner_user
xxxxxx_db_owner_user | data | type | xxxxxx_db_data_reader=U/xxxxxx_db_owner_user +
| | | xxxxxx_db_data_writer=U/xxxxxx_db_owner_user
xxxxxx_db_owner_user | | function | =X/xxxxxx_db_owner_user +
| | | xxxxxx_db_reader=X/xxxxxx_db_owner_user +
| | | xxxxxx_db_owner_user=X/xxxxxx_db_owner_user +
| | | xxxxxx_db_writer=X/xxxxxx_db_owner_user
xxxxxx_db_owner_user | | schema | xxxxxx_db_reader=U/xxxxxx_db_owner_user +
| | | xxxxxx_db_owner_user=UC/xxxxxx_db_owner_user +
| | | xxxxxx_db_writer=U/xxxxxx_db_owner_user
xxxxxx_db_owner_user | | sequence | xxxxxx_db_reader=r/xxxxxx_db_owner_user +
| | | xxxxxx_db_owner_user=rwU/xxxxxx_db_owner_user +
| | | xxxxxx_db_writer=wU/xxxxxx_db_owner_user
xxxxxx_db_owner_user | | table | xxxxxx_db_reader=r/xxxxxx_db_owner_user +
| | | xxxxxx_db_owner_user=arwdDxt/xxxxxx_db_owner_user+
| | | xxxxxx_db_writer=awd/xxxxxx_db_owner_user
xxxxxx_db_owner_user | | type | =U/xxxxxx_db_owner_user +
| | | xxxxxx_db_reader=U/xxxxxx_db_owner_user +
| | | xxxxxx_db_owner_user=U/xxxxxx_db_owner_user +
| | | xxxxxx_db_writer=U/xxxxxx_db_owner_user
default privileges when a database is migrated from database to preparedDatabases
xxxxxxxx_db_owner_user | data | function | xxxxxxxx_db_data_reader=X/xxxxxxxx_db_owner_user +
| | | xxxxxxxx_db_data_writer=X/xxxxxxxx_db_owner_user
xxxxxxxx_db_owner_user | data | sequence | xxxxxxxx_db_data_reader=r/xxxxxxxx_db_owner_user +
| | | xxxxxxxx_db_data_writer=wU/xxxxxxxx_db_owner_user
xxxxxxxx_db_owner_user | data | table | xxxxxxxx_db_data_reader=r/xxxxxxxx_db_owner_user +
| | | xxxxxxxx_db_data_writer=awd/xxxxxxxx_db_owner_user
xxxxxxxx_db_owner_user | data | type | xxxxxxxx_db_data_reader=U/xxxxxxxx_db_owner_user +
| | | xxxxxxxx_db_data_writer=U/xxxxxxxx_db_owner_user
