arcodange-org/erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(chart): template Postgres owner role in update_ownership.sql for multi-env #13

Merged
arcodange merged 1 commits from claude/fix-chart-owner-role into main 2026-06-28 22:30:55 +02:00
Conversation 0 Commits 1 Files Changed 4 +8 -6
4 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit c0d5f2e144 - Show all commits

10
chart/scripts/update_ownership.sql
View File

@@ -10,12 +10,12 @@ BEGIN
WHERE schemaname = 'public'
LIMIT 1;
-- Si le propriétaire actuel est différent de erp_role
IF current_schema_owner <> 'erp_role' THEN
-- Si le propriétaire actuel est différent de {{ .Values.db.ownerRole }}
IF current_schema_owner <> '{{ .Values.db.ownerRole }}' THEN
-- Construire et exécuter la requête REASSIGN OWNED BY
EXECUTE format('REASSIGN OWNED BY %I TO %I', current_schema_owner, 'erp_role');
RAISE NOTICE 'Ownership of all objects in schema "public" has been reassigned from % to %', current_schema_owner, 'erp_role';
EXECUTE format('REASSIGN OWNED BY %I TO %I', current_schema_owner, '{{ .Values.db.ownerRole }}');
RAISE NOTICE 'Ownership of all objects in schema "public" has been reassigned from % to %', current_schema_owner, '{{ .Values.db.ownerRole }}';
ELSE
RAISE NOTICE 'No change needed; the owner of schema "public" is already %', 'erp_role';
RAISE NOTICE 'No change needed; the owner of schema "public" is already %', '{{ .Values.db.ownerRole }}';
END IF;
END $$;

2
chart/templates/scripts-config.yaml
View File

@@ -7,4 +7,4 @@ data:
{{- .Files.Get "scripts/update_conf_db_credentials.sh" | nindent 4 }}
update_table_ownership.sql: |
{{- .Files.Get "scripts/update_ownership.sql" | nindent 4 }}
{{- tpl (.Files.Get "scripts/update_ownership.sql") . | nindent 4 }}

1
chart/values-sandbox.yaml
View File

@@ -16,6 +16,7 @@ host: erp-sandbox.arcodange.lab
db:
name: erp-sandbox
ownerRole: erp_sandbox_role
vault:
k8sRole: erp-sandbox

1
chart/values.yaml
View File

@@ -16,6 +16,7 @@ host: erp.arcodange.lab # internal hostname for this instance
db:
name: erp # PostgreSQL database name (matches factory tfvars)
ownerRole: erp_role # Postgres owner role; snake-case <app>_role for prod / <app>_<env>_role for non-prod (matches factory/postgres/iac)
vault:
k8sRole: erp # VaultAuth role (postgres/iac issues this per instance)