Creates a new service_catalogue DB user with access to the service_catalogue schema.
We'll be using this new user and views to source riffraff data into our Service Catalogue CloudQuery tables.
How to test
Run riff-raff locally
Connect to local DB as riffraff
Run `ALTER USER service_catalogue PASSWORD 'password';
Connect to local DB as service_catalogue and the newly set password password.
Run:
SELECT * FROM service_catalogue.riffraff_deploys should run sucessfully
SELECT * FROM public.deploy should fail with a permissions error.
Before Deployment / Merge
Rotate Master credentials on Riff Raff DB and make a note of them
SSH onto a riff-raff node to setup a tunnel to the DB eval $(ssm ssh --profile deployTools -t riff-raff,deploy,(STAGE) --raw --newest) -L (riff raff DB port):(riff raff DB host):(riff raff DB port)
Connect to riff-raff DB and run ALTER USER (riff raff app username) CREATEROLE;
What does this change?
Creates a new
service_catalogueDB user with access to theservice_catalogueschema.We'll be using this new user and views to source riffraff data into our Service Catalogue CloudQuery tables.
How to test
riffraffservice_catalogueand the newly setpasswordpassword.SELECT * FROM service_catalogue.riffraff_deploysshould run sucessfullySELECT * FROM public.deployshould fail with a permissions error.Before Deployment / Merge
eval $(ssm ssh --profile deployTools -t riff-raff,deploy,(STAGE) --raw --newest) -L (riff raff DB port):(riff raff DB host):(riff raff DB port)ALTER USER (riff raff app username) CREATEROLE;