2019-07-03 00:20:26 +08:00
|
|
|
-- Function that reassign the owner of a table to their ownership_role
|
2019-07-04 00:00:57 +08:00
|
|
|
CREATE OR REPLACE FUNCTION @extschema@.CDB_OAuthReassignTableOwnerOnCreation()
|
2019-07-03 00:20:26 +08:00
|
|
|
RETURNS event_trigger
|
|
|
|
|
AS $$
|
|
|
|
|
DECLARE
|
|
|
|
|
obj record;
|
|
|
|
|
owner_role text;
|
|
|
|
|
creator_role text;
|
|
|
|
|
BEGIN
|
|
|
|
|
FOR obj IN SELECT * FROM pg_event_trigger_ddl_commands()
|
|
|
|
|
LOOP
|
|
|
|
|
RAISE DEBUG '% ddl object: % % % %',
|
|
|
|
|
tg_tag,
|
|
|
|
|
obj.command_tag,
|
|
|
|
|
obj.object_type,
|
|
|
|
|
obj.schema_name,
|
|
|
|
|
obj.object_identity;
|
|
|
|
|
SELECT rolname FROM pg_class JOIN pg_roles ON relowner = pg_roles.oid WHERE pg_class.oid = obj.objid INTO creator_role;
|
2019-10-03 21:14:40 +08:00
|
|
|
SELECT value->>'ownership_role_name' from @extschema@.CDB_Conf_GetConf('api_keys_' || quote_ident(creator_role)) value INTO owner_role;
|
2019-07-04 19:07:50 +08:00
|
|
|
IF owner_role IS NULL OR owner_role = '' THEN
|
2019-07-03 00:20:26 +08:00
|
|
|
CONTINUE;
|
|
|
|
|
ELSE
|
2019-10-03 21:14:40 +08:00
|
|
|
EXECUTE 'ALTER ' || obj.object_type || ' ' || obj.object_identity || ' OWNER TO ' || quote_ident(owner_role);
|
2019-07-03 00:20:26 +08:00
|
|
|
EXECUTE 'GRANT ALL ON ' || obj.object_identity || ' TO ' || QUOTE_IDENT(creator_role);
|
|
|
|
|
RAISE DEBUG 'Changing ownership from % to %', creator_role, owner_role;
|
|
|
|
|
END IF;
|
|
|
|
|
END LOOP;
|
|
|
|
|
END;
|
2019-10-03 22:53:02 +08:00
|
|
|
$$ LANGUAGE plpgsql
|
|
|
|
|
VOLATILE
|
|
|
|
|
PARALLEL UNSAFE
|
|
|
|
|
SECURITY DEFINER
|
|
|
|
|
SET search_path = @extschema@, pg_temp;
|
2019-07-03 00:20:26 +08:00
|
|
|
|
|
|
|
|
-- Creates the trigger on DDL events in order to reassign the owner
|
|
|
|
|
CREATE OR REPLACE FUNCTION @extschema@.CDB_EnableOAuthReassignTablesTrigger()
|
|
|
|
|
RETURNS void
|
|
|
|
|
AS $$
|
|
|
|
|
BEGIN
|
|
|
|
|
DROP EVENT TRIGGER IF EXISTS oauth_reassign_tables_trigger;
|
|
|
|
|
|
|
|
|
|
CREATE EVENT TRIGGER oauth_reassign_tables_trigger
|
|
|
|
|
ON ddl_command_end
|
2019-07-15 18:31:44 +08:00
|
|
|
WHEN TAG IN ('CREATE TABLE', 'CREATE TABLE AS', 'SELECT INTO', 'CREATE VIEW', 'CREATE FOREIGN TABLE', 'CREATE MATERIALIZED VIEW', 'CREATE SEQUENCE', 'CREATE FUNCTION')
|
2019-07-03 00:20:26 +08:00
|
|
|
EXECUTE PROCEDURE @extschema@.CDB_OAuthReassignTableOwnerOnCreation();
|
|
|
|
|
END;
|
|
|
|
|
$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;
|
|
|
|
|
|
|
|
|
|
-- Deletes the trigger on DDL events in order to reassign the owner
|
|
|
|
|
CREATE OR REPLACE FUNCTION @extschema@.CDB_DisableOAuthReassignTablesTrigger()
|
|
|
|
|
RETURNS void
|
|
|
|
|
AS $$
|
|
|
|
|
BEGIN
|
|
|
|
|
DROP EVENT TRIGGER IF EXISTS oauth_reassign_tables_trigger;
|
|
|
|
|
END;
|
|
|
|
|
$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;
|
