search

orchestracities / ngsi-timeseries-api

QuantumLeap: a FIWARE Generic Enabler to support the usage of NGSIv2 (and NGSI-LD experimentally) data in time-series databases
https://quantumleap.rtfd.io/
MIT License
38 stars 49 forks source link

Allow setting the pg_user in Docker image for timescale container #773

Open valluwtf opened 2 months ago

valluwtf commented 2 months ago

Is your feature request related to a problem? Please describe. We have to use the postgres user for the db since the Docker image doesn't allow setting the user.

Describe the solution you'd like In https://github.com/orchestracities/ngsi-timeseries-api/blob/master/timescale-container/quantumleap-db-setup.py#L133 the python script has the option of setting the user, it would just need to pass this parameter as env. variable in the Dockerfile like --pg-user "$PG_USER"

Describe alternatives you've considered We will use the postgres user for now but since we have multiple tenants in one external db, it would be more secure and nicer to have dedicated users.

Additional context The user specified in PG_USER would need elevated rights like CREATE_DATABASE, as I would guess. Please correct me if this is not a viable solution, I would just assume it's a simple option considering that it's implemented in the python script setting up the database.

c0c0n3 commented 2 months ago

hi @valluwtf :-)

the Docker image doesn't allow setting the user

You referring to the images we use in our docker compose files, I'd guess? It looks like you could actually whip together your own Docker Compose file with a recent Postgres image and specify the Postgres user through the POSTGRES_USER env var:

the python script has the option of setting the user, it would just need to pass this parameter as env. variable in the Dockerfile like

Not sure I understand what you're suggesting---old age, don't judge :-) Can you give me a bit more context? Are you trying to use the QuantumLeap Postgres init container? If so, is this the Docker file you're referring to:

Yes, there's no option for the user there, but keep in mind you could easily override the default Docker command in the Docker file with e.g. this one

python quantumleap-db-setup.py \
        --ql-db-pass "$QL_DB_PASS" \
        --ql-db-init-dir "$QL_DB_INIT_DIR" \
        --pg-host "$PG_HOST" \
        --pg-pass "$PG_PASS" \
        --pg-username "$PG_USER"

Surely, it'd be nicer to add that option to the Docker file, but it'd need to be done in a backward compatible way. That is, if the PG_USER env var is unset or empty, then don't add the --pg-username "$PG_USER" to the command.

Anyhoo, we welcome pull requests!

c0c0n3 commented 2 months ago

@valluwtf forgot to mention. If all you need to do is create the QuantumLeap DB, then you may be better off not using the init container. In fact, all that the script inside the container does is run this SQL code

which you could actually easily do yourself, e.g. by asking psql to evaluate this SQL

CREATE ROLE quantumleap
    LOGIN PASSWORD changeme;

CREATE DATABASE quantumleap
    OWNER quantumleap
    ENCODING 'UTF8';

\connect quantumleap

CREATE EXTENSION IF NOT EXISTS postgis CASCADE;
CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;