Skip to content

Commit

Permalink
{service connector}update postgresql permission (#7812)
Browse files Browse the repository at this point in the history 
* update postgresql permission

* update
  • Loading branch information
@xfz11
xfz11 authored Jul 24, 2024
1 parent 4a44741 commit e40ea73
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 12 deletions.
4 changes: 4 additions & 0 deletions src/serviceconnector-passwordless/HISTORY.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@
Release History
===============
2.0.6
++++++
* Add create permission in postgresql

2.0.5
++++++
* Bump version
Expand Down
22 changes: 12 additions & 10 deletions src/serviceconnector-passwordless/azext_serviceconnector_passwordless/_credential_free.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -416,7 +416,7 @@ def create_aad_user_in_mysql(self, connection_kwargs, query_list):
telemetry.set_exception(ex, "Connect-Db-Close-Fail")
raise ex from e

def get_connection_string(self):
def get_connection_string(self, dbname):
password = run_cli_cmd(
'az account get-access-token --resource-type oss-rdbms').get('accessToken')

Expand Down Expand Up @@ -606,7 +606,7 @@ def create_aad_user_in_sql(self, connection_args, query_list):
self.ip = search_ip.group(1)
raise AzureConnectionError("Fail to connect sql." + str(e)) from e

def get_connection_string(self):
def get_connection_string(self, dbname):
token_bytes = run_cli_cmd(
'az account get-access-token --output json --resource https://database.windows.net/').get('accessToken').encode('utf-16-le')

Expand Down Expand Up @@ -710,7 +710,8 @@ def create_aad_user(self):

try:
logger.warning("Connecting to database...")
self.create_aad_user_in_pg(connection_string, query_list)
self.create_aad_user_in_pg(connection_string, query_list[0:1])
self.create_aad_user_in_pg(self.get_connection_string(self.dbname), query_list[1:])
except AzureConnectionError as e:
logger.warning(e)
if 'password authentication failed' in str(e):
Expand Down Expand Up @@ -801,8 +802,6 @@ def create_aad_user_in_pg(self, conn_string, query_list):

conn.autocommit = True
cursor = conn.cursor()
logger.warning("Adding new Microsoft Entra user %s to database...",
self.aad_username)
for execution_query in query_list:
if execution_query:
try:
Expand All @@ -816,13 +815,13 @@ def create_aad_user_in_pg(self, conn_string, query_list):
cursor.close()
conn.close()

def get_connection_string(self):
def get_connection_string(self, dbname="postgres"):
password = run_cli_cmd(
'az account get-access-token --resource-type oss-rdbms').get('accessToken')

# extension functions require the extension to be available, which is the case for postgres (default) database.
conn_string = "host={} user='{}' dbname=postgres password={} sslmode=require".format(
self.host, self.admin_username, password)
conn_string = "host={} user='{}' dbname={} password={} sslmode=require".format(
self.host, self.admin_username, dbname, password)
return conn_string

def get_create_query(self):
Expand All @@ -840,7 +839,10 @@ def get_create_query(self):
'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "{}";'.format(
self.aad_username),
'GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO "{}";'.format(
self.aad_username)]
self.aad_username),
'GRANT CREATE ON SCHEMA public TO "{}";'.format(
self.aad_username)
]


class PostgresSingleHandler(PostgresFlexHandler):
Expand Down Expand Up @@ -921,7 +923,7 @@ def set_target_firewall(self, is_add, ip_name, start_ip=None, end_ip=None):
logger.warning(
"Can't remove firewall rule %s. Please manually delete it to avoid security issue. %s", ip_name, str(e))

def get_connection_string(self):
def get_connection_string(self, dbname=""):
password = run_cli_cmd(
'az account get-access-token --resource-type oss-rdbms').get('accessToken')

Expand Down
2 changes: 1 addition & 1 deletion src/serviceconnector-passwordless/azext_serviceconnector_passwordless/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@
# --------------------------------------------------------------------------------------------


VERSION = '2.0.5'
VERSION = '2.0.6'
NAME = 'serviceconnector-passwordless'
2 changes: 1 addition & 1 deletion src/serviceconnector-passwordless/setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
logger.warn("Wheel is not available, disabling bdist_wheel hook")


VERSION = '2.0.5'
VERSION = '2.0.6'
try:
from azext_serviceconnector_passwordless.config import VERSION
except ImportError:
Expand Down

0 comments on commit e40ea73

Please sign in to comment.