Alex Lourie has uploaded a new change for review. Change subject: packaging: setup: validating read-only user before creation ......................................................................
packaging: setup: validating read-only user before creation The new implementation validates provided username before it creates a readonly user. The user provided cannot be one of the reserved users (postgres, engine, engine_history and engine_reports), it cannot be empty and it should not exist in the DB. Change-Id: Ic404e565a765c82d42f92a211a59d06c8a59d807 Bug-Url: https://bugzilla.redhat.com/1006948 Signed-off-by: Alex Lourie <[email protected]> --- M packaging/common_utils.py M packaging/ovirt-engine-dwh-setup.py 2 files changed, 40 insertions(+), 5 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-dwh refs/changes/44/19944/1 diff --git a/packaging/common_utils.py b/packaging/common_utils.py index d804d5f..b078678 100755 --- a/packaging/common_utils.py +++ b/packaging/common_utils.py @@ -1197,7 +1197,7 @@ EXEC_SU, '-l', 'postgres', - '-c', + '-tAc', '{command}'.format( command=' '.join(sql_command), ) @@ -1208,3 +1208,36 @@ failOnError=failOnError ) + +def userValid(user): + if user in ( + 'postgres', + 'engine', + 'engine_history', + 'engine_reports' + ): + print ( + '{user} is a reserved username and cannot be used ' + 'for creating read only user.' + ).format( + user=user + ) + return False + + if len(user) == 0: + return False + + sql_query = '"select 1 from pg_roles where rolname=\'{user}\'"'.format( + user=user + ) + + if '1' in runPostgresSuQuery(sql_query): + print ( + '"{user}" role already exists in the DB and cannot be user ' + 'for creating read only user.' + ).format( + user=user + ) + return False + else: + return True diff --git a/packaging/ovirt-engine-dwh-setup.py b/packaging/ovirt-engine-dwh-setup.py index 4b64078..4b68e8d 100755 --- a/packaging/ovirt-engine-dwh-setup.py +++ b/packaging/ovirt-engine-dwh-setup.py @@ -361,11 +361,13 @@ if not createReadUser: logging.debug('Skipping creation of read only DB user.') - print 'Skipping creationg of read only DB user.' + print 'Skipping creation of read only DB user.' else: - readonly_user = utils.askQuestion( - question='Provide a username for read-only user' - ) + readonly_user = '' + while not utils.userValid(readonly_user): + readonly_user = utils.askQuestion( + question='Provide a username for read-only user' + ) readonly_pass = getpass.getpass( prompt='Provide a password for read-only user: ' ) -- To view, visit http://gerrit.ovirt.org/19944 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ic404e565a765c82d42f92a211a59d06c8a59d807 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-dwh Gerrit-Branch: master Gerrit-Owner: Alex Lourie <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
