Skip to content

Commit 5646d24

Browse files
sebixsebix
committed
sql: add ownership statements
allows and enables execution of the script as postgres user with working GRANTs
1 parent 32fac18 commit 5646d24

2 files changed

Lines changed: 31 additions & 4 deletions

File tree

debian/changelog

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,9 @@ intelmq-certbund-contact (1.2.0-1) UNRELEASED; urgency=medium
4040
* Add repr methods to Organisation and Contact classes
4141
* packages:
4242
* include example rules in documentation (#31)
43-
* database:
44-
* support for upgrades in the initialisation SQL file (#35).
43+
* database (initialisation SQL file):
44+
* add re-run/idempotency support (#35).
45+
* Add ownership statements (#39).
4546

4647
-- Sebastian Wagner <swagner@intevation.de> Wed, 05 Mar 2025 14:29:32 +0100
4748

sql/initdb.sql

Lines changed: 28 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,6 @@ $$;
2121

2222
BEGIN;
2323

24-
SET ROLE contactdb_owner;
25-
2624
/*
2725
Template table containing with elements for automatic tables
2826
*/
@@ -38,6 +36,7 @@ CREATE TABLE IF NOT EXISTS sector (
3836
sector_id SERIAL PRIMARY KEY,
3937
name VARCHAR(100) NOT NULL
4038
);
39+
ALTER TABLE sector OWNER TO contactdb_owner;
4140

4241
/*
4342
Organisation and Contact
@@ -76,6 +75,7 @@ CREATE TABLE IF NOT EXISTS organisation (
7675

7776
FOREIGN KEY (sector_id) REFERENCES sector(sector_id)
7877
);
78+
ALTER TABLE organisation OWNER TO contactdb_owner;
7979

8080

8181
CREATE TABLE IF NOT EXISTS organisation_automatic (
@@ -85,6 +85,7 @@ CREATE TABLE IF NOT EXISTS organisation_automatic (
8585

8686
FOREIGN KEY (sector_id) REFERENCES sector(sector_id)
8787
);
88+
ALTER TABLE organisation_automatic OWNER TO contactdb_owner;
8889

8990

9091
CREATE TABLE IF NOT EXISTS organisation_annotation (
@@ -94,6 +95,7 @@ CREATE TABLE IF NOT EXISTS organisation_annotation (
9495

9596
FOREIGN KEY (organisation_id) REFERENCES organisation(organisation_id)
9697
);
98+
ALTER TABLE organisation_annotation OWNER TO contactdb_owner;
9799

98100
CREATE INDEX IF NOT EXISTS organisation_annotation_organisation_idx
99101
ON organisation_annotation (organisation_id);
@@ -124,6 +126,7 @@ CREATE TABLE IF NOT EXISTS contact (
124126

125127
FOREIGN KEY (organisation_id) REFERENCES organisation (organisation_id)
126128
);
129+
ALTER TABLE contact OWNER TO contactdb_owner;
127130

128131
CREATE INDEX IF NOT EXISTS contact_organisation_idx ON contact (organisation_id);
129132

@@ -137,6 +140,7 @@ CREATE TABLE IF NOT EXISTS contact_automatic (
137140
FOREIGN KEY (organisation_automatic_id)
138141
REFERENCES organisation_automatic (organisation_automatic_id)
139142
);
143+
ALTER TABLE contact_automatic OWNER TO contactdb_owner;
140144

141145
CREATE INDEX IF NOT EXISTS contact_automatic_organisation_idx
142146
ON contact_automatic (organisation_automatic_id);
@@ -152,6 +156,7 @@ CREATE TABLE IF NOT EXISTS autonomous_system_annotation (
152156
asn BIGINT NOT NULL,
153157
annotation JSONB NOT NULL
154158
);
159+
ALTER TABLE autonomous_system_annotation OWNER TO contactdb_owner;
155160

156161
CREATE INDEX IF NOT EXISTS autonomous_system_annotation_asn_idx
157162
ON autonomous_system_annotation (asn);
@@ -171,6 +176,7 @@ CREATE TABLE IF NOT EXISTS network (
171176
network_id SERIAL PRIMARY KEY,
172177
LIKE network_templ INCLUDING ALL
173178
);
179+
ALTER TABLE network OWNER TO contactdb_owner;
174180

175181
CREATE TABLE IF NOT EXISTS network_automatic (
176182
network_automatic_id SERIAL PRIMARY KEY,
@@ -179,6 +185,7 @@ CREATE TABLE IF NOT EXISTS network_automatic (
179185

180186
UNIQUE (address, import_source)
181187
);
188+
ALTER TABLE network_automatic OWNER TO contactdb_owner;
182189

183190

184191
-- Indexes on the cidr column to improve queries that look up a network
@@ -224,6 +231,7 @@ CREATE TABLE IF NOT EXISTS network_annotation (
224231

225232
FOREIGN KEY (network_id) REFERENCES network(network_id)
226233
);
234+
ALTER TABLE network_annotation OWNER TO contactdb_owner;
227235

228236
CREATE INDEX IF NOT EXISTS network_annotation_network_idx
229237
ON network_annotation (network_id);
@@ -244,6 +252,7 @@ CREATE TABLE IF NOT EXISTS fqdn (
244252
fqdn_id SERIAL PRIMARY KEY,
245253
LIKE fqdn_templ INCLUDING ALL
246254
);
255+
ALTER TABLE fqdn OWNER TO contactdb_owner;
247256

248257
CREATE INDEX IF NOT EXISTS fqdn_fqdn_idx ON fqdn (fqdn);
249258

@@ -255,6 +264,7 @@ CREATE TABLE IF NOT EXISTS fqdn_automatic (
255264

256265
UNIQUE (fqdn, import_source)
257266
);
267+
ALTER TABLE fqdn_automatic OWNER TO contactdb_owner;
258268

259269

260270
CREATE TABLE IF NOT EXISTS fqdn_annotation (
@@ -264,6 +274,7 @@ CREATE TABLE IF NOT EXISTS fqdn_annotation (
264274

265275
FOREIGN KEY (fqdn_id) REFERENCES fqdn(fqdn_id)
266276
);
277+
ALTER TABLE fqdn_annotation OWNER TO contactdb_owner;
267278

268279
CREATE INDEX IF NOT EXISTS fqdn_annotation_fqdn_idx
269280
ON fqdn_annotation (fqdn_id);
@@ -291,6 +302,7 @@ CREATE TABLE IF NOT EXISTS national_cert (
291302

292303
FOREIGN KEY (organisation_id) REFERENCES organisation (organisation_id)
293304
);
305+
ALTER TABLE national_cert OWNER TO contactdb_owner;
294306

295307
CREATE INDEX IF NOT EXISTS national_cert_country_code_idx
296308
ON national_cert (country_code);
@@ -308,6 +320,7 @@ CREATE TABLE IF NOT EXISTS national_cert_automatic (
308320
FOREIGN KEY (organisation_automatic_id)
309321
REFERENCES organisation_automatic (organisation_automatic_id)
310322
);
323+
ALTER TABLE national_cert_automatic OWNER TO contactdb_owner;
311324

312325
CREATE INDEX IF NOT EXISTS national_cert_automatic_country_code_idx
313326
ON national_cert_automatic (country_code);
@@ -326,6 +339,7 @@ CREATE TABLE IF NOT EXISTS organisation_to_asn (
326339

327340
FOREIGN KEY (organisation_id) REFERENCES organisation (organisation_id)
328341
);
342+
ALTER TABLE organisation_to_asn OWNER TO contactdb_owner;
329343

330344
CREATE INDEX IF NOT EXISTS organisation_to_asn_asn_idx
331345
ON organisation_to_asn (asn);
@@ -340,6 +354,7 @@ CREATE TABLE IF NOT EXISTS organisation_to_asn_automatic (
340354
FOREIGN KEY (organisation_automatic_id)
341355
REFERENCES organisation_automatic (organisation_automatic_id)
342356
);
357+
ALTER TABLE organisation_to_asn_automatic OWNER TO contactdb_owner;
343358

344359
CREATE INDEX IF NOT EXISTS organisation_to_asn_automatic_asn_idx
345360
ON organisation_to_asn_automatic (asn);
@@ -354,6 +369,7 @@ CREATE TABLE IF NOT EXISTS organisation_to_network (
354369
FOREIGN KEY (organisation_id) REFERENCES organisation (organisation_id),
355370
FOREIGN KEY (network_id) REFERENCES network (network_id)
356371
);
372+
ALTER TABLE organisation_to_network OWNER TO contactdb_owner;
357373

358374
CREATE TABLE IF NOT EXISTS organisation_to_network_automatic (
359375
organisation_automatic_id INTEGER,
@@ -367,6 +383,7 @@ CREATE TABLE IF NOT EXISTS organisation_to_network_automatic (
367383
FOREIGN KEY (network_automatic_id)
368384
REFERENCES network_automatic (network_automatic_id)
369385
);
386+
ALTER TABLE organisation_to_network_automatic OWNER TO contactdb_owner;
370387

371388

372389
CREATE TABLE IF NOT EXISTS organisation_to_fqdn (
@@ -378,6 +395,7 @@ CREATE TABLE IF NOT EXISTS organisation_to_fqdn (
378395
FOREIGN KEY (organisation_id) REFERENCES organisation (organisation_id),
379396
FOREIGN KEY (fqdn_id) REFERENCES fqdn (fqdn_id)
380397
);
398+
ALTER TABLE organisation_to_fqdn OWNER TO contactdb_owner;
381399

382400
CREATE TABLE IF NOT EXISTS organisation_to_fqdn_automatic (
383401
organisation_automatic_id INTEGER,
@@ -391,6 +409,7 @@ CREATE TABLE IF NOT EXISTS organisation_to_fqdn_automatic (
391409
FOREIGN KEY (fqdn_automatic_id)
392410
REFERENCES fqdn_automatic (fqdn_automatic_id)
393411
);
412+
ALTER TABLE organisation_to_fqdn_automatic OWNER TO contactdb_owner;
394413

395414

396415

@@ -402,6 +421,7 @@ CREATE TABLE IF NOT EXISTS email_status (
402421
enabled BOOLEAN NOT NULL,
403422
added TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP
404423
);
424+
ALTER TABLE email_status OWNER TO contactdb_owner;
405425

406426

407427
-- Tags for email addresses. These apply to any email address, including
@@ -414,6 +434,7 @@ CREATE TABLE IF NOT EXISTS tag_name (
414434

415435
UNIQUE (tag_name)
416436
);
437+
ALTER TABLE tag_name OWNER TO contactdb_owner;
417438

418439
CREATE TABLE IF NOT EXISTS tag (
419440
tag_id SERIAL PRIMARY KEY,
@@ -425,6 +446,7 @@ CREATE TABLE IF NOT EXISTS tag (
425446
UNIQUE (tag_name_id, tag_value),
426447
FOREIGN KEY (tag_name_id) REFERENCES tag_name (tag_name_id)
427448
);
449+
ALTER TABLE tag OWNER TO contactdb_owner;
428450

429451
-- Unique index to ensure that for each tag_name, there's at most one
430452
-- tag marked as default.
@@ -441,6 +463,7 @@ CREATE TABLE IF NOT EXISTS email_tag (
441463

442464
FOREIGN KEY (tag_id) REFERENCES tag (tag_id)
443465
);
466+
ALTER TABLE email_tag OWNER TO contactdb_owner;
444467

445468

446469
CREATE INDEX IF NOT EXISTS email_tag_email_idx
@@ -455,6 +478,7 @@ CREATE OR REPLACE VIEW email_annotation (email, annotation)
455478
FROM email_tag
456479
JOIN tag USING (tag_id)
457480
JOIN tag_name USING (tag_name_id);
481+
ALTER VIEW email_annotation OWNER TO contactdb_owner;
458482

459483

460484
CREATE OR REPLACE FUNCTION email_annotations(email_address VARCHAR(100))
@@ -493,6 +517,7 @@ SELECT json_agg(COALESCE(annotation, default_annotation))
493517
RETURN coalesce(annotations, '[]'::JSONB);
494518
END;
495519
$$ LANGUAGE plpgsql STABLE;
520+
ALTER FUNCTION email_annotations(VARCHAR(100)) OWNER TO contactdb_owner;
496521

497522

498523
-- Audit log table for all changes made in fody or other scripts changing the database
@@ -507,6 +532,7 @@ CREATE TABLE IF NOT EXISTS audit_log (
507532
"before" JSONB,
508533
"after" JSONB
509534
);
535+
ALTER TABLE audit_log OWNER TO contactdb_owner;
510536

511537
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO contactdb_rw;
512538
GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO contactdb_rw;

0 commit comments

Comments
 (0)