poanetwork
/
amb-monitor
mirror of https://github.com/poanetwork/amb-monitor.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Read only DB role for grafana

This commit is contained in:
Kirill Fedoseev 2022-05-06 18:18:30 +02:00
parent fd1eba0367
commit d8a62ee722
4 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
db/migrations/000006_create_readonly_user.down.sql Normal file
View File

@ -0,0 +1,5 @@
DROP USER read_user;
REVOKE CONNECT ON DATABASE db FROM readonly;
REVOKE USAGE ON SCHEMA public FROM readonly;
REVOKE SELECT ON ALL TABLES IN SCHEMA public FROM readonly;
DROP ROLE readonly;

7
db/migrations/000006_create_readonly_user.up.sql Normal file
View File

@ -0,0 +1,7 @@
CREATE ROLE readonly;
GRANT CONNECT ON DATABASE db TO readonly;
GRANT USAGE ON SCHEMA public TO readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly;
CREATE USER read_user WITH PASSWORD 'read_user_pass';
GRANT readonly TO read_user;

4
docker-compose.dev.yml
View File

@ -26,8 +26,8 @@ services:
- grafana-storage:/var/lib/grafana - grafana-storage:/var/lib/grafana
environment: environment:
PG_HOST: 'postgres:5432' PG_HOST: 'postgres:5432'
PG_USER: 'postgres' PG_USER: 'read_user'
PG_PASSWORD: 'pass' PG_PASSWORD: 'read_user_pass'
PG_DB: 'db' PG_DB: 'db'
PROM_USER: 'admin' PROM_USER: 'admin'
PROM_HOST: 'http://prometheus:9090' PROM_HOST: 'http://prometheus:9090'

4
docker-compose.prod.yml
View File

@ -42,8 +42,8 @@ services:
- grafana-storage:/var/lib/grafana - grafana-storage:/var/lib/grafana
environment: environment:
PG_HOST: 'postgres:5432' PG_HOST: 'postgres:5432'
PG_USER: 'postgres' PG_USER: 'read_user'
PG_PASSWORD: 'pass' PG_PASSWORD: 'read_user_pass'
PG_DB: 'db' PG_DB: 'db'
PROM_USER: 'admin' PROM_USER: 'admin'
PROM_HOST: 'http://prometheus:9090' PROM_HOST: 'http://prometheus:9090'