From af81a04e49ad63fb006546b8daf83691706e5284 Mon Sep 17 00:00:00 2001 From: Valentin Lab Date: Sat, 14 Sep 2024 20:59:14 +0200 Subject: [PATCH] new: [odoo-tecnativa] add support of restricted postgres access --- .../hooks/postgres_database-relation-joined | 54 ++++++++++++++++++- odoo-tecnativa/lib/common | 29 ++++++++++ odoo-tecnativa/metadata.yml | 3 ++ .../odoo/common/entrypoint.d/20-postgres-wait | 17 ++++++ 4 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 odoo-tecnativa/resources/opt/odoo/common/entrypoint.d/20-postgres-wait diff --git a/odoo-tecnativa/hooks/postgres_database-relation-joined b/odoo-tecnativa/hooks/postgres_database-relation-joined index 5cb9d1c..0e7a521 100755 --- a/odoo-tecnativa/hooks/postgres_database-relation-joined +++ b/odoo-tecnativa/hooks/postgres_database-relation-joined @@ -41,7 +41,6 @@ services: PGDATABASE: \"$DBNAME\" PGPASSWORD: \"$PASSWORD\" PGUSER: \"$USER\" - #DBFILTER: $DBNAME ADMIN_PASSWORD: \"$ADMIN_PASSWORD\" " @@ -60,6 +59,59 @@ odoo_uid=$(get_odoo_uid) chown "$odoo_uid" "$CONFIG" && chmod 600 "$CONFIG" +if ! out=$(echo "SELECT datname FROM pg_database;" | sql postgres 2>&1); then + warn "Failed to get database list" >&2 + printf "%s\n" "$out" | prefix " " >&2 + ## We don't have access to database list, so... + + ## if we have a dbfilter set, complain. + if dbfilter=$(options-get dbfilter 2>&1) && [ -n "$dbfilter" ]; then + err "Cannot set ${WHITE}dbfilter${NORMAL} without access to db list" + echo " You don't seem to have access rights on" \ + "${DARKYELLOW}$TARGET_SERVICE_NAME${NORMAL} to" \ + "the database list" >&2 + echo " So you cannot set" \ + "${WHITE}dbfilter${NORMAL} option in" \ + "${DARKYELLOW}$SERVICE_NAME${NORMAL} options." >&2 + exit 1 + fi + + service_base_image_export_dir \ + "$MASTER_BASE_SERVICE_NAME" \ + /opt/odoo/custom/src/odoo/odoo/sql_db.py \ + "$SERVICE_CONFIGSTORE/odoo-sql_db.py" + + chown "$odoo_uid" "$SERVICE_CONFIGSTORE/odoo-sql_db.py" + + patch -d "$SERVICE_CONFIGSTORE" -p0 < /dev/null 2>&1 && break + sleep 1 +done