search

Squarespace / pgbedrock

Manage a Postgres cluster's roles, role memberships, schema ownership, and privileges
https://pgbedrock.readthedocs.io/en/latest/
Other
313 stars 35 forks source link

Internally translate has_personal_schema #25

Open zcmarine opened 6 years ago

zcmarine commented 6 years ago

Currently personal schemas are supported as a first-class citizen throughout all of pgbedrock's code base. Once table and sequence ownership are supported, we can instead just translate the user's spec when we begin processing and thus get rid of all the special functionality internally that deals with personal schemas.

To be more specific, when we see has_personal_schema: True we would convert that to say that this role owns a schema of its own name and all tables and sequences within that schema, i.e. this role definition:

myrole:
    has_personal_schema: True

would be translated internally to this:

myrole:
    owns:
        schemas:
            - myrole
        tables:
            - myrole.*
        sequences:
            - myrole.*

We would then add myrole to a list of personal_schemas, so when we later saw personal_schemas.* somewhere we would know how to translate that, e.g. if we have found myrole0, myrole1, and myrole2 all had has_personal_schema: True, then we would take the following role definition:

another_role:
    privileges:
        tables:
            - personal_schemas.*

and translate that into:

another_role:
    privileges:
        tables:
            - myrole0.*
            - myrole1.*
            - myrole2.*

Conveniently, we already do this second part.

This would reduce a lot of head scratching that goes into making sure personal schemas are properly supported since everything after the initial loading of the spec could disregard them as a concept.