Skip to content

postgresql: allow granting roles in ensurePermissions #204189

Open
Open
postgresql: allow granting roles in ensurePermissions#204189
Labels
2.status: stalehttps://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md6.topic: nixosIssues or PRs affecting NixOS modules, or package usability issues specific to NixOS
@leftshift

Description

@leftshift
leftshift
opened on Dec 2, 2022

Issue description

Currently, the postgresql module allows ensuring the presence of users through services.postgresql.ensureUsers.* and making sure a user has certain permissions through *.ensurePermissions.

However, this only supports granting permissions in the pattern GRANT ${perm} ON ${obj} TO ${user}.

Postgres also allows granting roles to users through the syntax GRANT ${role} TO ${user}.

This is especially useful when using the fairly recent builtin roles, which can for example be used to give a user for monitoring appropriate limited permissions.

Implementation ideas

The cleanest way I can think of doing this is adding services.postgresql.ensureUsers.*.ensureRoles as a list of strings. All role names specified will then be granted in a similar way as already happens for the permissions.

I'd be up for trying to submit a PR for this change myself, but it'd be my first time contributing to nix, so I'm happy about feedback.

Metadata

Metadata

Assignees

No one assigned

    Labels

    2.status: stalehttps://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md6.topic: nixosIssues or PRs affecting NixOS modules, or package usability issues specific to NixOS

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions