From f2daead4026ef46b735816801e9aa014aa8957ca Mon Sep 17 00:00:00 2001 From: Anurag Singh Date: Fri, 4 Aug 2023 17:14:07 +0800 Subject: [PATCH 1/3] Added more privilege to user --- lambda/index.py | 51 +++++++++++++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 19 deletions(-) diff --git a/lambda/index.py b/lambda/index.py index ca9ec76..1fa40f7 100644 --- a/lambda/index.py +++ b/lambda/index.py @@ -59,36 +59,30 @@ def provision_db_and_user(master_secrets_json, secret_json): master_password = master_secrets_json['password'] try: + # Create database + create_database_flag = os.environ['CREATE_DATABASE'] + if create_database_flag == "true": + create_database(master_username, master_password, rds_host, rds_port, "postgres") + + # Connect to newly created database conn = psycopg2.connect(user=master_username, password=master_password, - host=rds_host, port=rds_port, database="postgres") + host=rds_host, port=rds_port, database=database_name) conn.autocommit = True cursor = conn.cursor() - # Create database - create_database = os.environ['CREATE_DATABASE'] - if create_database == "true": - try: - sql = "CREATE DATABASE {};".format(database_name) - cursor.execute(sql) - except errors.DuplicateDatabase as e: - print('Database already exists') - pass - # Create user usernames = get_pg_usernames(cursor) if username in usernames: print("User already exists - skipping creation of user") else: - sql = "CREATE USER {} WITH PASSWORD '{}' CREATEDB;".format(username, password) + sql = "CREATE USER {} WITH PASSWORD '{}';".format(username, password) cursor.execute(sql) # Grant privileges - grant_sql = "GRANT CONNECT ON DATABASE {} TO {};".format( - database_name, username) - grant_sql += "GRANT ALL PRIVILEGES ON DATABASE {} TO {};".format( - database_name, username) - grant_sql += "GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO {};".format( - username) + grant_sql = "GRANT CONNECT ON DATABASE {} TO {};".format(database_name, username) + grant_sql += "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO {};".format(username) + grant_sql += "GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO {};".format(username) + grant_sql += "GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO {};".format(username) cursor.execute(grant_sql) @@ -96,7 +90,7 @@ def provision_db_and_user(master_secrets_json, secret_json): cursor.close() conn.close() except Exception as e: - print('Error performing provisioning: ', str(e)) + print('Error while performing provisioning: ', str(e)) raise e # end def @@ -108,6 +102,25 @@ def get_pg_usernames(cursor): rows.append(row[0]) return rows +def create_database(master_username, master_password, rds_host, rds_port, database_name): + conn = psycopg2.connect(user=master_username, password=master_password, + host=rds_host, port=rds_port, dbname=database_name) + conn.autocommit = True + cursor = conn.cursor() + + # Create database + create_database_flag = os.environ['CREATE_DATABASE'] + if create_database_flag == "true": + try: + sql = "CREATE DATABASE {};".format(database_name) + cursor.execute(sql) + except errors.DuplicateDatabase as e: + print('Database already exists') + pass + + cursor.close() + conn.close() + def test_db_connection(username, password, database_name, rds_host, rds_port): '''Test if the database can be connected using the new password''' From aa9ad97f49b77543f44cd62934d9c3025b140de0 Mon Sep 17 00:00:00 2001 From: Anurag Singh Date: Fri, 4 Aug 2023 17:18:07 +0800 Subject: [PATCH 2/3] Removed deprecated variable --- lambda/index.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lambda/index.py b/lambda/index.py index 1fa40f7..99c92c7 100644 --- a/lambda/index.py +++ b/lambda/index.py @@ -66,7 +66,7 @@ def provision_db_and_user(master_secrets_json, secret_json): # Connect to newly created database conn = psycopg2.connect(user=master_username, password=master_password, - host=rds_host, port=rds_port, database=database_name) + host=rds_host, port=rds_port, dbname=database_name) conn.autocommit = True cursor = conn.cursor() From a1971fb766060cf9a7008e5f76521c35dee6cbd0 Mon Sep 17 00:00:00 2001 From: Anurag Singh Date: Fri, 4 Aug 2023 17:27:04 +0800 Subject: [PATCH 3/3] Removed DB creation check from create_database --- lambda/index.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/lambda/index.py b/lambda/index.py index 99c92c7..04ff868 100644 --- a/lambda/index.py +++ b/lambda/index.py @@ -101,6 +101,7 @@ def get_pg_usernames(cursor): for row in cursor: rows.append(row[0]) return rows +# end def def create_database(master_username, master_password, rds_host, rds_port, database_name): conn = psycopg2.connect(user=master_username, password=master_password, @@ -109,18 +110,17 @@ def create_database(master_username, master_password, rds_host, rds_port, databa cursor = conn.cursor() # Create database - create_database_flag = os.environ['CREATE_DATABASE'] - if create_database_flag == "true": - try: - sql = "CREATE DATABASE {};".format(database_name) - cursor.execute(sql) - except errors.DuplicateDatabase as e: - print('Database already exists') - pass + try: + sql = "CREATE DATABASE {};".format(database_name) + cursor.execute(sql) + except errors.DuplicateDatabase as e: + print('Database already exists') + pass cursor.close() conn.close() - +# enbd def + def test_db_connection(username, password, database_name, rds_host, rds_port): '''Test if the database can be connected using the new password'''