From 744037e1f2dbb616028f16f13673854f5ee96954 Mon Sep 17 00:00:00 2001 From: Juho Makinen Date: Fri, 29 Nov 2024 15:50:34 +1100 Subject: [PATCH] fix: split auth statements --- .../postgres.go | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/cmd/ftl-provisioner-cloudformation/postgres.go b/cmd/ftl-provisioner-cloudformation/postgres.go index ad14214225..91106ea4bf 100644 --- a/cmd/ftl-provisioner-cloudformation/postgres.go +++ b/cmd/ftl-provisioner-cloudformation/postgres.go @@ -93,17 +93,20 @@ func PostgresPostUpdate(ctx context.Context, secrets *secretsmanager.Client, byN return fmt.Errorf("failed to create database: %w", err) } } - if _, err := db.ExecContext(ctx, fmt.Sprintf(` - GRANT CONNECT ON DATABASE %s TO ftluser; - GRANT USAGE ON SCHEMA public TO ftluser; - GRANT USAGE ON SCHEMA public TO ftluser; - GRANT CREATE ON SCHEMA public TO ftluser; - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ftluser; - GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO ftluser; - ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO ftluser; - ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO ftluser; - `, resourceID)); err != nil { - return fmt.Errorf("failed to grant FTL user privileges: %w", err) + statements := []string{ + fmt.Sprintf("GRANT CONNECT ON DATABASE %s TO ftluser", resourceID), + "GRANT USAGE ON SCHEMA public TO ftluser", + "GRANT USAGE ON SCHEMA public TO ftluser", + "GRANT CREATE ON SCHEMA public TO ftluser", + "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ftluser", + "GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO ftluser", + "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO ftluser", + "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO ftluser", + } + for _, stmt := range statements { + if _, err := db.ExecContext(ctx, stmt); err != nil { + return fmt.Errorf("failed to grant FTL user privileges: %w", err) + } } } }