Merge pull request #287602 from Ma27/drop-postgres-ensurePermissions
nixos/postgresql: drop ensurePermissions option
This commit is contained in:
commit
3c8f4e06e6
2 changed files with 5 additions and 43 deletions
|
@ -129,6 +129,11 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
||||||
[v0.31](https://github.com/derailed/k9s/releases/tag/v0.31.0) for details. It is recommended
|
[v0.31](https://github.com/derailed/k9s/releases/tag/v0.31.0) for details. It is recommended
|
||||||
to back up your current configuration and let k9s recreate the new base configuration.
|
to back up your current configuration and let k9s recreate the new base configuration.
|
||||||
|
|
||||||
|
- The option `services.postgresql.ensureUsers._.ensurePermissions` has been removed as it's
|
||||||
|
not declarative and is broken with newer postgresql versions. Consider using
|
||||||
|
[](#opt-services.postgresql.ensureUsers._.ensureDBOwnership)
|
||||||
|
instead or a tool that's more suited for managing the data inside a postgresql database.
|
||||||
|
|
||||||
- `idris2` was updated to v0.7.0. This version introduces breaking changes. Check out the [changelog](https://github.com/idris-lang/Idris2/blob/v0.7.0/CHANGELOG.md#v070) for details.
|
- `idris2` was updated to v0.7.0. This version introduces breaking changes. Check out the [changelog](https://github.com/idris-lang/Idris2/blob/v0.7.0/CHANGELOG.md#v070) for details.
|
||||||
|
|
||||||
- `neo4j` has been updated to 5, you may want to read the [release notes for Neo4j 5](https://neo4j.com/release-notes/database/neo4j-5/)
|
- `neo4j` has been updated to 5, you may want to read the [release notes for Neo4j 5](https://neo4j.com/release-notes/database/neo4j-5/)
|
||||||
|
|
|
@ -161,33 +161,6 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
ensurePermissions = mkOption {
|
|
||||||
type = types.attrsOf types.str;
|
|
||||||
default = {};
|
|
||||||
visible = false; # This option has been deprecated.
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
This option is DEPRECATED and should not be used in nixpkgs anymore,
|
|
||||||
use `ensureDBOwnership` instead. It can also break with newer
|
|
||||||
versions of PostgreSQL (≥ 15).
|
|
||||||
|
|
||||||
Permissions to ensure for the user, specified as an attribute set.
|
|
||||||
The attribute names specify the database and tables to grant the permissions for.
|
|
||||||
The attribute values specify the permissions to grant. You may specify one or
|
|
||||||
multiple comma-separated SQL privileges here.
|
|
||||||
|
|
||||||
For more information on how to specify the target
|
|
||||||
and on which privileges exist, see the
|
|
||||||
[GRANT syntax](https://www.postgresql.org/docs/current/sql-grant.html).
|
|
||||||
The attributes are used as `GRANT ''${attrValue} ON ''${attrName}`.
|
|
||||||
'';
|
|
||||||
example = literalExpression ''
|
|
||||||
{
|
|
||||||
"DATABASE \"nextcloud\"" = "ALL PRIVILEGES";
|
|
||||||
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
ensureDBOwnership = mkOption {
|
ensureDBOwnership = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -460,16 +433,6 @@ in
|
||||||
Offender: ${name} has not been found among databases.
|
Offender: ${name} has not been found among databases.
|
||||||
'';
|
'';
|
||||||
}) cfg.ensureUsers;
|
}) cfg.ensureUsers;
|
||||||
# `ensurePermissions` is now deprecated, let's avoid it.
|
|
||||||
warnings = lib.optional (any ({ ensurePermissions, ... }: ensurePermissions != {}) cfg.ensureUsers) "
|
|
||||||
`services.postgresql.ensureUsers.*.ensurePermissions` is used in your expressions,
|
|
||||||
this option is known to be broken with newer PostgreSQL versions,
|
|
||||||
consider migrating to `services.postgresql.ensureUsers.*.ensureDBOwnership` or
|
|
||||||
consult the release notes or manual for more migration guidelines.
|
|
||||||
|
|
||||||
This option will be removed in NixOS 24.05 unless it sees significant
|
|
||||||
maintenance improvements.
|
|
||||||
";
|
|
||||||
|
|
||||||
services.postgresql.settings =
|
services.postgresql.settings =
|
||||||
{
|
{
|
||||||
|
@ -583,11 +546,6 @@ in
|
||||||
concatMapStrings
|
concatMapStrings
|
||||||
(user:
|
(user:
|
||||||
let
|
let
|
||||||
userPermissions = concatStringsSep "\n"
|
|
||||||
(mapAttrsToList
|
|
||||||
(database: permission: ''$PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"' '')
|
|
||||||
user.ensurePermissions
|
|
||||||
);
|
|
||||||
dbOwnershipStmt = optionalString
|
dbOwnershipStmt = optionalString
|
||||||
user.ensureDBOwnership
|
user.ensureDBOwnership
|
||||||
''$PSQL -tAc 'ALTER DATABASE "${user.name}" OWNER TO "${user.name}";' '';
|
''$PSQL -tAc 'ALTER DATABASE "${user.name}" OWNER TO "${user.name}";' '';
|
||||||
|
@ -599,7 +557,6 @@ in
|
||||||
userClauses = ''$PSQL -tAc 'ALTER ROLE "${user.name}" ${concatStringsSep " " clauseSqlStatements}' '';
|
userClauses = ''$PSQL -tAc 'ALTER ROLE "${user.name}" ${concatStringsSep " " clauseSqlStatements}' '';
|
||||||
in ''
|
in ''
|
||||||
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"'
|
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"'
|
||||||
${userPermissions}
|
|
||||||
${userClauses}
|
${userClauses}
|
||||||
|
|
||||||
${dbOwnershipStmt}
|
${dbOwnershipStmt}
|
||||||
|
|
Loading…
Reference in a new issue