|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [OSSTEST PATCH 6/7] Schema: Check that schema creation and update runs as the right user
Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
---
Osstest/Executive.pm | 1 +
README | 5 +++++
mg-schema-create | 4 +++-
mg-schema-test-database | 1 +
mg-schema-update | 16 ++++++++++++++++
5 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/Osstest/Executive.pm b/Osstest/Executive.pm
index e1fbe3b..f2d29ef 100644
--- a/Osstest/Executive.pm
+++ b/Osstest/Executive.pm
@@ -105,6 +105,7 @@ augmentconfigdefaults(
QueuePlanUpdateInterval => 300, # seconds
Repos => "$ENV{'HOME'}/repos",
BisectionRevisonGraphSize => '600x300',
+ ExecutiveDbOwningRoleRegexp => 'osstest',
);
augmentconfigdefaults(
diff --git a/README b/README
index 5740ac0..0a346dc 100644
--- a/README
+++ b/README
@@ -571,6 +571,11 @@ ExecutiveDbname_<DB>
PostgreSQL dbname string for the database <DB>. Default is to use
ExecutiveDbnamePat.
+ExecutiveDbOwningRoleRegexp
+ Regexp which is supposed to match the database user used for schema
+ changes - because, that role will end up owning the database objects.
+ Defaults to `osstest'.
+
Adhoc/Custom Flights
====================
diff --git a/mg-schema-create b/mg-schema-create
index 1ee007b..df5e215 100755
--- a/mg-schema-create
+++ b/mg-schema-create
@@ -25,7 +25,7 @@
# do CREATE DATABASE.)
#
# When setting up a production database, mg-schema-create should
-# be run *AS THE ROLE USER* who is to own all the resources.
+# be run as the role user who is to own all the resources.
#
# Options:
#
@@ -70,6 +70,8 @@ export OSSTEST_DB_USEREAL_IGNORETEST='.*'
. ./cri-getconfig
+./mg-schema-update $quietopt check-user
+
$progress "Populating database..."
$(get_psql_cmd) $quietopt -f schema/initial.sql
diff --git a/mg-schema-test-database b/mg-schema-test-database
index 5c6a935..bf82c75 100755
--- a/mg-schema-test-database
+++ b/mg-schema-test-database
@@ -335,6 +335,7 @@ OwnerDaemonHost $ctrlhost
QueueDaemonHost $ctrlhost
OwnerDaemonPort ${ctrlports%,*}
QueueDaemonPort ${ctrlports#*,}
+ExecutiveDbOwningRoleRegexp .*
END
mv -f $tcfg.tmp $tcfg
diff --git a/mg-schema-update b/mg-schema-update
index a617c3b..f699180 100755
--- a/mg-schema-update
+++ b/mg-schema-update
@@ -22,6 +22,7 @@
# ./mg-schema-update [<options>] apply [<updatename>...]
# ./mg-schema-update [<options>] show
# ./mg-schema-update [<options>] apply-all
+# ./mg-schema-update [<options>] check-user
#
# Usual rune for applying updates:
#
@@ -119,6 +120,13 @@ sub getstate () {
@state = sort { $a->{Sortkey} <=> $b->{Sortkey} } values %state;
}
+sub check_user () {
+ my $user = $dbh_tests->{pg_user};
+ my $re = $c{ExecutiveDbOwningRoleRegexp};
+ return if $user =~ m/^$re$/o;
+ die "running as wrong user \`$user', expected to match \`$re'\n";
+}
+
sub cmd_list_applied () {
die if @ARGV;
getstate();
@@ -170,6 +178,8 @@ sub applyone ($) {
die "Will not apply $v->{Name}.sql: $v->{Msg}\n"
unless want_apply($v);
+ check_user();
+
my $fn = $v->{File};
db_retry($dbh_tests, \@all_lock_tables, sub {
@@ -242,6 +252,12 @@ sub cmd_apply_all () {
print "Appropriate updates applied.\n" unless $quiet;
}
+sub cmd_check_user () {
+ die "too many arguments\n" if @ARGV>1;
+ $c{ExecutiveDbOwningRoleRegexp} = shift @ARGV if @ARGV;
+ check_user();
+}
+
GetOptions('f|force+' => \$force,
'q+' => \$quiet,
'o|oldest=s' => \$there);
--
1.7.10.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |