Ysql database plugin #2
Conversation
…t-integrations into ysql-database
| ImageRepo: "yugabytedb/yugabyte", | ||
| Cmd: []string{"./bin/yugabyted", "start", "--daemon=false"}, | ||
| ImageTag: version, | ||
| Env: []string{"YSQL_DB=database", "YSQL_PASSWORD=secret"}, |
There was a problem hiding this comment.
How about naming the default database as something like testdb?
There was a problem hiding this comment.
Is this referring to ConatinerName? @jayant07-yb
There was a problem hiding this comment.
The database name in this line
Env: []string{"YSQL_DB=database", "YSQL_PASSWORD=secret"},
needs to be changed to
Env: []string{"YSQL_DB= testdb", "YSQL_PASSWORD=secret"},
| defaultExpirationStatement = ` | ||
| ALTER ROLE "{{name}}" VALID UNTIL '{{expiration}}'; | ||
| ` |
There was a problem hiding this comment.
Nit: Can't we keep the entire string on the same line?
defaultExpirationStatement = `ALTER ROLE ...`
Same for the statement on line 24?
| connProducer.Type = yugabyteDBType | ||
|
|
||
| yugabyte := &ysql{ | ||
| YugabyteConnectionProducer: connProducer, |
There was a problem hiding this comment.
The connProducer object (that has lock object inside it) is being copied here. This is not recommended. Consider making the named YugabyteConnectionProducer a pointer field.
| // the role | ||
| // This isn't done in a transaction because even if we fail along the way, | ||
| // we want to remove as much access as possible | ||
| stmt, err := db.PrepareContext(ctx, "SELECT DISTINCT table_schema FROM information_schema.role_column_grants WHERE grantee=$1;") |
There was a problem hiding this comment.
Replace the query with
SELECT schema_name FROM information_schema.schemata;
Ysql database plugin will allow users for managing the roles for yugabyteDB(ysql) database via the HashiCorp Vault.
Details regarding the implementation are provided here
Details regarding using the plugin are provided here