db: Grant read access to guest user on all schema tables

This now automatically grant read-only access to the guest user at db initialization or upgrade time. This way, sysadm no longer have to manually alter the schema after initialization or upgrade. Related to T4228

db: Grant read access to guest user on all schema tables
This now automatically grant read-only access to the guest user at db initialization or upgrade time. This way, sysadm no longer have to manually alter the schema after initialization or upgrade. Related to T4228
47d9e8e2 · Antoine R. Dumont · e1a1d84e · 47d9e8e2 · 47d9e8e2
Verified Commit 47d9e8e2 authored 2 years ago by Antoine R. Dumont
--- a/swh/core/db/db_utils.py
+++ b/swh/core/db/db_utils.py
@@ -689,3 +689,12 @@ def execute_sqlfiles(
            "Asked for flavor %s, but module does not support database flavors",
            flavor,
        )
+
+    # Grant read-access to guest user on all tables of the schema (if possible)
+    with connect_to_conninfo(db_or_conninfo) as db:
+        try:
+            with db.cursor() as c:
+                query = "grant select on all tables in schema public to guest"
+                c.execute(query)
+        except Exception:
+            logger.warning("Grant read-only access to guest user failed. Skipping.")
--- a/swh/core/db/tests/conftest.py
+++ b/swh/core/db/tests/conftest.py
@@ -7,7 +7,9 @@ import os

 from click.testing import CliRunner
 from hypothesis import HealthCheck
+import psycopg2
 import pytest
+from pytest_postgresql import factories

 from swh.core.db.db_utils import import_swhmodule

@@ -21,6 +23,17 @@ function_scoped_fixture_check = (
 )


+def create_role_guest(**kwargs):
+    with psycopg2.connect(**kwargs) as conn:
+        with conn.cursor() as cur:
+            cur.execute("CREATE ROLE guest LOGIN PASSWORD 'guest'")
+
+
+postgresql_proc = factories.postgresql_proc(
+    load=[create_role_guest],
+)
+
+
 @pytest.fixture
 def cli_runner():
    return CliRunner()