25 lines
1.1 KiB
Bash
25 lines
1.1 KiB
Bash
#!/bin/sh
|
|
set -eu
|
|
|
|
GRAFANA_USER="${GRAFANA_DB_USER:-dawarich_grafana_ro}"
|
|
GRAFANA_PASSWORD="$(cat /run/secrets/dawarich_grafana_ro_password)"
|
|
export GRAFANA_USER GRAFANA_PASSWORD
|
|
|
|
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<'EOSQL'
|
|
\set grafana_user `printf %s "$GRAFANA_USER"`
|
|
\set grafana_password `printf %s "$GRAFANA_PASSWORD"`
|
|
|
|
SELECT format('CREATE ROLE %I LOGIN PASSWORD %L', :'grafana_user', :'grafana_password')
|
|
WHERE NOT EXISTS (SELECT 1 FROM pg_catalog.pg_roles WHERE rolname = :'grafana_user')
|
|
\gexec
|
|
|
|
SELECT format('ALTER ROLE %I WITH LOGIN PASSWORD %L', :'grafana_user', :'grafana_password')
|
|
WHERE EXISTS (SELECT 1 FROM pg_catalog.pg_roles WHERE rolname = :'grafana_user')
|
|
\gexec
|
|
|
|
SELECT format('GRANT CONNECT ON DATABASE %I TO %I', current_database(), :'grafana_user')\gexec
|
|
SELECT format('GRANT USAGE ON SCHEMA public TO %I', :'grafana_user')\gexec
|
|
SELECT format('GRANT SELECT ON ALL TABLES IN SCHEMA public TO %I', :'grafana_user')\gexec
|
|
SELECT format('ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO %I', :'grafana_user')\gexec
|
|
EOSQL
|