libeufin

Integration and sandbox testing for FinTech APIs and data formats
Log | Files | Refs | Submodules | README | LICENSE
commit 56316825c16e80e59e3fa42f74674790900def63
parent bc5c9cfae023ee45a586bd1f74ab9c4615d25b7e
Author: Florian Dold <florian@dold.me>
Date:   Mon,  5 Feb 2024 22:22:00 +0100

dbconfig: set permissions in the right order

Diffstat:

Mcontrib/libeufin-dbconfig | 21+++++++++++++--------


1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/contrib/libeufin-dbconfig b/contrib/libeufin-dbconfig
@@ -159,21 +159,18 @@ if [ 1 = "$DO_CREATE" ]; then
   fi
 fi
 
-if [ 1 = "$SKIP_DBINIT" ]; then
-  echo "Database configuration finished, skipping dbinit." 1>&2
-  exit 0
-fi
-
-echo "Initializing database $DBNAME." 1>&2
+# We first initialize the libeufin-nexus DB
+# and then adjust permissions for the _v schema,
+# so that libeufin-bank can properly initialize
+# its DB without running into permission problems.
 
 if [ 0 = "$SKIP_DBINIT" ]; then
   echo "Initializing database '$DBNAME' for libeufin-nexus." 1>&2
   sudo -u "$NEXUS_DBUSER" "$NEXUS_DBINIT" -c "$NEXUS_CFGFILE"
-  echo "Initializing database '$DBNAME' for libeufin-bank." 1>&2
-  sudo -u "$BANK_DBUSER" "$BANK_DBINIT" -c "$BANK_CFGFILE"
 fi
 
 if [ 0 = "$SKIP_DBINIT" ] || [ 1 = "$FORCE_PERMS" ]; then
+  echo "Setting postgres permissions for $BANK_DBUSER" 1>&2
   if ! echo "GRANT ALL PRIVILEGES ON DATABASE $DBNAME TO \"$BANK_DBUSER\"" |
     sudo -i -u postgres psql "$DBNAME"; then
     exit_fail "Failed to grant access to database '$DBNAME' to '$BANK_DBUSER'."
@@ -194,7 +191,15 @@ if [ 0 = "$SKIP_DBINIT" ] || [ 1 = "$FORCE_PERMS" ]; then
     sudo -i -u postgres psql "$DBNAME"; then
     exit_fail "Failed to grant all privileges on schema 'libeufin_nexus' to '$BANK_DBUSER'."
   fi
+fi
 
+if [ 0 = "$SKIP_DBINIT" ]; then
+  echo "Initializing database '$DBNAME' for libeufin-bank." 1>&2
+  sudo -u "$BANK_DBUSER" "$BANK_DBINIT" -c "$BANK_CFGFILE"
+fi
+
+if [ 0 = "$SKIP_DBINIT" ] || [ 1 = "$FORCE_PERMS" ]; then
+  echo "Setting postgres permissions for $NEXUS_DBUSER" 1>&2
   if ! echo "GRANT USAGE ON SCHEMA libeufin_bank TO \"$NEXUS_DBUSER\"" |
     sudo -i -u postgres psql "$DBNAME"; then
     exit_fail "Failed to grant usage privilege on schema 'libeufin_bank' to '$NEXUS_DBUSER'."