You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2016/09/16 10:55:20 UTC
[jira] [Updated] (AMBARI-18226) Remove Redundant Embedded Postgres
SQL
[ https://issues.apache.org/jira/browse/AMBARI-18226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Onischuk updated AMBARI-18226:
-------------------------------------
Resolution: Fixed
Status: Resolved (was: Patch Available)
Committed to trunk and branch-2.5
> Remove Redundant Embedded Postgres SQL
> --------------------------------------
>
> Key: AMBARI-18226
> URL: https://issues.apache.org/jira/browse/AMBARI-18226
> Project: Ambari
> Issue Type: Bug
> Reporter: Andrew Onischuk
> Assignee: Andrew Onischuk
> Fix For: 2.5.0
>
> Attachments: AMBARI-18226.patch, AMBARI-18226.patch
>
>
> There are currently two SQL files which are being used to initialized Postgres
> databases.
> * [Ambari-DDL-Postgres-CREATE.sql](https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql)
> * [Ambari-DDL-Postgres-EMBEDDED-CREATE.sql](https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql)
> There should be no need to duplicate all of the SQL DDL/DML between these two
> files. It's error-prone and cumbersome to maintain.
> Instead, the problem seems to be that the embedded SQL doesn't actually switch
> users after it bootstraps everything:
>
>
>
> CREATE DATABASE :dbname;
> \connect :dbname;
>
> ALTER ROLE :username LOGIN ENCRYPTED PASSWORD :password;
> CREATE ROLE :username LOGIN ENCRYPTED PASSWORD :password;
>
> GRANT ALL PRIVILEGES ON DATABASE :dbname TO :username;
>
> CREATE SCHEMA ambari AUTHORIZATION :username;
> ALTER SCHEMA ambari OWNER TO :username;
> ALTER ROLE :username SET search_path TO 'ambari';
>
> ------create tables and grant privileges to db user---------
> CREATE TABLE ambari.stack(
> stack_id BIGINT NOT NULL,
> ...
> GRANT ALL PRIVILEGES ON TABLE ambari.stack TO :username;
>
> This causes several problems:
> * Because tables are being creating from the `postgres` user instead of `:username`, they need to be altered to have privileges granted.
> * Because tables are being creating from the `postgres` user instead of `:username`, the default `search_path` is wrong and needs to be prefixed to all calls.
> Instead, the embedded SQL should leverage the remote SQL for all of the table
> creation and data seeding. The embedded SQL should only be responsible for
> bootstrapping the database, schema, and user.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)