From 946fd58591600916f8cee4831cef0a75c3cbca86 Mon Sep 17 00:00:00 2001 From: Valentin Lab Date: Sat, 14 Sep 2024 20:59:14 +0200 Subject: [PATCH] new: [odoo-tecnativa] add support of restricted postgres access --- .../hooks/postgres_database-relation-joined | 57 +++++++++++++++++-- odoo-tecnativa/lib/common | 29 ++++++++++ odoo-tecnativa/metadata.yml | 3 + .../odoo/common/entrypoint.d/20-postgres-wait | 17 ++++++ 4 files changed, 102 insertions(+), 4 deletions(-) create mode 100644 odoo-tecnativa/resources/opt/odoo/common/entrypoint.d/20-postgres-wait diff --git a/odoo-tecnativa/hooks/postgres_database-relation-joined b/odoo-tecnativa/hooks/postgres_database-relation-joined index 5cb9d1c..7086592 100755 --- a/odoo-tecnativa/hooks/postgres_database-relation-joined +++ b/odoo-tecnativa/hooks/postgres_database-relation-joined @@ -41,12 +41,9 @@ services: PGDATABASE: \"$DBNAME\" PGPASSWORD: \"$PASSWORD\" PGUSER: \"$USER\" - #DBFILTER: $DBNAME ADMIN_PASSWORD: \"$ADMIN_PASSWORD\" " -[ "$control" == "$(relation-get control 2>/dev/null)" ] && exit 0 - file_put $CONFIG <&1); then + warn "Failed to get database list" >&2 + printf "%s\n" "$out" | prefix " " >&2 + ## We don't have access to database list, so... + + ## if we have a dbfilter set, complain. + if dbfilter=$(options-get dbfilter 2>&1) && [ -n "$dbfilter" ]; then + err "Cannot set ${WHITE}dbfilter${NORMAL} without access to db list" + echo " You don't seem to have access rights on" \ + "${DARKYELLOW}$TARGET_SERVICE_NAME${NORMAL} to" \ + "the database list" >&2 + echo " So you cannot set" \ + "${WHITE}dbfilter${NORMAL} option in" \ + "${DARKYELLOW}$SERVICE_NAME${NORMAL} options." >&2 + exit 1 + fi + + service_base_image_export_dir \ + "$MASTER_BASE_SERVICE_NAME" \ + /opt/odoo/custom/src/odoo/odoo/sql_db.py \ + "$SERVICE_CONFIGSTORE/odoo-sql_db.py" + + chown "$odoo_uid" "$SERVICE_CONFIGSTORE/odoo-sql_db.py" + + patch -d "$SERVICE_CONFIGSTORE" -p0 < /dev/null 2>&1 && break + sleep 1 +done