Open Smana opened 7 months ago
The only method I find so far requires an manual operation.
Create the database and the role, and set the owner
field
apiVersion: postgresql.sql.crossplane.io/v1alpha1
kind: Role
metadata:
annotations:
crossplane.io/composition-resource-name: owner-harbor
crossplane.io/external-create-pending: "2023-12-01T08:25:39Z"
crossplane.io/external-create-succeeded: "2023-12-01T08:25:39Z"
crossplane.io/external-name: harbor
labels:
crossplane.io/claim-name: xplane-harbor
crossplane.io/claim-namespace: harbor
crossplane.io/composite: xplane-harbor-8c62n
name: harbor
spec:
deletionPolicy: Delete
forProvider:
connectionLimit: -1
privileges:
bypassRls: false
createDb: false
createRole: false
inherit: true
login: true
replication: false
superUser: false
providerConfigRef:
name: xplane-harbor
writeConnectionSecretToRef:
name: sql-role-harbor
namespace: crossplane-system
---
apiVersion: postgresql.sql.crossplane.io/v1alpha1
kind: Database
metadata:
annotations:
crossplane.io/composition-resource-name: db-harbor
crossplane.io/external-create-pending: "2023-12-01T08:25:39Z"
crossplane.io/external-create-succeeded: "2023-12-01T08:25:39Z"
crossplane.io/external-name: harbor
labels:
crossplane.io/claim-name: xplane-harbor
crossplane.io/claim-namespace: harbor
crossplane.io/composite: xplane-harbor-8c62n
name: harbor
spec:
deletionPolicy: Orphan
forProvider:
allowConnections: true
connectionLimit: -1
encoding: UTF8
isTemplate: false
lcCType: en_US.UTF-8
lcCollate: en_US.UTF-8
owner: harbor
tablespace: pg_default
providerConfigRef:
name: xplane-harbor
Then a manual grant using the master user so that the master
user is able to change the ownership
psql -h xplane-harbor-8c62n-72k8n.cymnaynfchjt.eu-west-3.rds.amazonaws.com -U master -W postgres
postgres=> GRANT harbor to master; GRANT ROLE
Othewise I get an error
```console
ERROR: must be member of role "harbor"
What happened?
I'm currently building a composition that allows to create an RDS instance, databases and their credentials. The RDS instance is created and the SQL provider is configured properly.
My databases are created
example of a database manifest:
A role is created properly
However I'm not able to grant all privileges to the databases for this role. The grants statuses stay
False
I'm probably missing something but I didn't find anything. I checked the logs on RDS but nothing related to GRANT commands... Could you please give me a hand?
What environment did it happen in?
Crossplane version: 1.14.4 provider version 0.7.0 Running on EKS 1.28