[ckan-changes] [ckan/ckan] 748c1f: datastore: Rationalise set-permissions command

GitHub noreply at github.com
Thu Jun 26 13:29:01 UTC 2014


  Branch: refs/heads/master
  Home:   https://github.com/ckan/ckan
  Commit: 748c1fb6dda03300a61188165527f4e6ca31460f
      https://github.com/ckan/ckan/commit/748c1fb6dda03300a61188165527f4e6ca31460f
  Author: Nick Stenning <nick at whiteink.com>
  Date:   2014-06-20 (Fri, 20 Jun 2014)

  Changed paths:
    R ckanext/datastore/bin/__init__.py
    R ckanext/datastore/bin/datastore_setup.py
    R ckanext/datastore/bin/set_permissions.sql
    M ckanext/datastore/commands.py
    A ckanext/datastore/set_permissions.sql
    M doc/maintaining/datastore.rst

  Log Message:
  -----------
  datastore: Rationalise set-permissions command

This commit reduces the number of distinct ways of setting db
permissions from three to two (and both use the same paster command),
while simultaneously making it possible to set permissions on remote
database servers without having to manually edit SQL.

The three mechanisms of doing this before were:

1) Run a paster command "set-permissions", which shelled out to
2) A script in `ckanext/datastore/bin`, which shelled out to
   "sudo -u postgres psql ..." and piped in a prefilled version of
3) An SQL template script

The options available for passing through to `psql` did not extend to
setting remote host names, which meant that the only option for
configuring permissions on remote database servers was:

- copy the SQL template script to the remote server
- manually fill in the template parameters (despite the fact they're
  already in the config file)
- execute the SQL

This commit replaces these with two basic ways of setting permissions,
both of which use the "set-permissions" paster command. The script in
`ckanext/datastore/bin` has gone.

You can now either run simply:

    paster datastore set-permissions

Which will emit the correct SQL to STDOUT, allowing you to either pipe
it to a local `psql`:

    paster datastore set-permissions | sudo -u postgres psql

Or pipe it to a remote `psql`

    paster datastore set-permissions | ssh postgres at dbserver psql

Or, finally, you can ask the paste script to connect directly to the
database to run the SQL. This isn't ideal, as it implies you have
network access to a superuser account on the database, but it will make
life easier in development:

    paster datastore set-permissions -- -x

The unfortunate extra "--" is due to the fact that ckan.lib.cli is
insane. It's not possible to provide --options to subcommands without
it, as paster rather wants them all for itself, and will complain if it
sees options it doesn't recognise. By terminating the options list with
"--", paster treats these as extra args, and we can use them in the
subcommand.


  Commit: 71b367f4aad5ac06b021ff4c757cf99ac202c313
      https://github.com/ckan/ckan/commit/71b367f4aad5ac06b021ff4c757cf99ac202c313
  Author: Nick Stenning <nick at whiteink.com>
  Date:   2014-06-20 (Fri, 20 Jun 2014)

  Changed paths:
    M bin/travis-install-dependencies

  Log Message:
  -----------
  travis-install-dependencies: use new set-permissions


  Commit: e3ae168293f3660509aa90f2e68b43af455529c8
      https://github.com/ckan/ckan/commit/e3ae168293f3660509aa90f2e68b43af455529c8
  Author: Nick Stenning <nick at whiteink.com>
  Date:   2014-06-24 (Tue, 24 Jun 2014)

  Changed paths:
    M ckanext/datastore/commands.py
    M ckanext/datastore/set_permissions.sql
    M doc/maintaining/datastore.rst

  Log Message:
  -----------
  datastore: Simplify set-permissions even further

This commit removes the ability for CKAN to execute the permissions
script for you. Why?

1. It's unnecessary. You can almost always pipe the script into a psql
   shell, regardless of the location of your database server. If you
   can't, then the only way that CKAN is going to be able to help is by
   connecting over the network. See point 2.
2. It encourages a setup in which you can connect to your database as a
   superuser over the network. This is a Bad Idea.
3. It adds substantial complication to the set-permissions command.


  Commit: 16418ecd9fb5ecd341209f49a2783895a8cce199
      https://github.com/ckan/ckan/commit/16418ecd9fb5ecd341209f49a2783895a8cce199
  Author: Nick Stenning <nick at whiteink.com>
  Date:   2014-06-24 (Tue, 24 Jun 2014)

  Changed paths:
    M ckanext/datastore/set_permissions.sql

  Log Message:
  -----------
  datastore: Explicitly connect to datastore DB in set-permissions

See comment in set_permissions.sql


  Commit: 6b40b6db1463e2291a9798a2754312af5a9edeb8
      https://github.com/ckan/ckan/commit/6b40b6db1463e2291a9798a2754312af5a9edeb8
  Author: Joe Tsoi <joetsoi at users.noreply.github.com>
  Date:   2014-06-26 (Thu, 26 Jun 2014)

  Changed paths:
    M bin/travis-install-dependencies
    R ckanext/datastore/bin/__init__.py
    R ckanext/datastore/bin/datastore_setup.py
    R ckanext/datastore/bin/set_permissions.sql
    M ckanext/datastore/commands.py
    A ckanext/datastore/set_permissions.sql
    M doc/maintaining/datastore.rst

  Log Message:
  -----------
  Merge pull request #1786 from nickstenning/saner-set-permissions

datastore: Rationalise set-permissions command


Compare: https://github.com/ckan/ckan/compare/ffdd089c03df...6b40b6db1463


More information about the ckan-changes mailing list