Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/postgresql: allow specifying multiple databases in ensureDBOwnership #287788

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

nixos/postgresql: allow specifying multiple databases in ensureDBOwnership #287788

wants to merge 2 commits into from
+21 −10

Conversation

icewind1991
Copy link
Contributor

@icewind1991 icewind1991 commented Feb 10, 2024
edited
Loading

Description of changes

Allow settings services.postgresql.ensureUsers.*.ensureDBOwnership to a list of database names instead of only booleans.

This allows using it for setups where the database name doesn't match the user name or there are multiple databases accessed by a single db user.

This should make ensureDBOwnership able to cover more use cases from the deprecated ensurePermissions option.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Feb 10, 2024
@jian-lin
Copy link
Contributor

FYI, there are related discussions in #266270 and you can request people interested to review this PR.

@icewind1991 icewind1991 mentioned this pull request Feb 11, 2024
Merged
7 tasks
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Feb 11, 2024
ambroisie
ambroisie requested changes Feb 11, 2024
View reviewed changes
Copy link
Contributor

@ambroisie ambroisie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what I had in mind, so let me approve the PR :-).

Tiny nit to DRY it up.

nixos/modules/services/databases/postgresql.nix
assertions = map ({ name, ensureDBOwnership, ... }: {
assertion = ensureDBOwnership -> builtins.elem name cfg.ensureDatabases;
assertions = map ({ name, ensureDBOwnership, ... }: let
dbOwnershipList = if builtins.isList ensureDBOwnership then ensureDBOwnership else if ensureDBOwnership then [name] else [];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rather than repeat this multiple time, you can use apply in the option definition to tranform a true into a singleton list [ name ].

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried that but couldn't figure out how to use the value of name within the apply function

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

types.submodule can use an argument list which would allow you to get at the name IIRC.

Currently on my phone so it's difficult to check.

@icewind1991 icewind1991 force-pushed the postgres-ensureDBOwnership-list branch from 4fa080e to 2e12bca Compare February 11, 2024 21:24
@Ma27
Copy link
Member

Ma27 commented Feb 12, 2024

I still don't think we should expand the features that pretend to be declarative, but in fact aren't.
Instead I'd prefer to see a solution as described in #206467 / #252071 instead of another ad-hoc mechanism like this.

👎 from me.

@cmm
Copy link
Member

cmm commented Mar 11, 2024

So I happen to have a database owned by a differently-named user and the database has data in it.
I'm not a Postgres expert by any stretch and find the ensurePermissions migration instructions in the manual pretty scary.

Now I understand that I can just comment out the whole bit and the existing database will not be impacted, but I'd rather modernize the config properly, so: what's up with this PR? It's been quiet for a month, how do the prospects look?

@wegank wegank added the 2.status: merge conflict This PR has merge conflicts with the target branch label Mar 20, 2024
@icewind1991 icewind1991 force-pushed the postgres-ensureDBOwnership-list branch from 2e12bca to 59aabe8 Compare April 9, 2024 13:41
@ofborg ofborg bot removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Apr 9, 2024
Tom-Hubrecht
Tom-Hubrecht reviewed May 1, 2024
View reviewed changes
nixos/modules/services/databases/postgresql.nix
Comment on lines +569 to +570
in concatStringsSep "\n"
(builtins.map (db: ''$PSQL -tAc 'ALTER DATABASE "${db}" OWNER TO "${user.name}";' '') dbOwnershipList);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
in concatStringsSep "\n"
(builtins.map (db: ''$PSQL -tAc 'ALTER DATABASE "${db}" OWNER TO "${user.name}";' '') dbOwnershipList);
in concatMapStringsSep "\n"
(db: ''$PSQL -tAc 'ALTER DATABASE "${db}" OWNER TO "${user.name}";' '') dbOwnershipList;

@wegank wegank added the 2.status: merge conflict This PR has merge conflicts with the target branch label May 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dantefromhell dantefromhell dantefromhell left review comments

@Tom-Hubrecht Tom-Hubrecht Tom-Hubrecht left review comments

@ambroisie ambroisie ambroisie requested changes

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

@thoughtpolice thoughtpolice Awaiting requested review from thoughtpolice

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
2.status: merge conflict This PR has merge conflicts with the target branch 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog 8.has: documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@icewind1991 @jian-lin @Ma27 @cmm @SuperSandro2000 @ambroisie @Tom-Hubrecht @dantefromhell @wegank