Update PostGIS base Docker image for Azure mock database: 12-3.1 -> 15-3.5

jarkkoka · jarkkoka · commit 002527227b32 · 2025-02-18T12:54:00.000+02:00
In PostgreSQL 15, full schema privileges must be separately granted to users
performing database migrations.

Make the JORE4 administrator role the owner of the public schema for all
databases. In PostgreSQL 12, this was the default.
diff --git a/azuredbmock/Dockerfile b/azuredbmock/Dockerfile
@@ -1,5 +1,5 @@
-# Builder docker image.
-FROM postgis/postgis:12-3.1
+# base Docker image
+FROM postgis/postgis:15-3.5
 
 # fix collations to use fi_FI
 RUN localedef -i fi_FI -c -f UTF-8 -A /usr/share/locale/locale.alias fi_FI.UTF-8
diff --git a/azuredbmock/migrations/02-create-network-database.sql b/azuredbmock/migrations/02-create-network-database.sql
@@ -1,3 +1,6 @@
+-- Make the JORE4 admin user the owner of the public schema.
+ALTER SCHEMA public OWNER TO CURRENT_USER;
+
 -- Create the extensions used, see https://hasura.io/docs/latest/graphql/core/deployment/postgres-requirements.html
 -- Create the extensions in the public schema, since we'd need to give additional privileges ("use schema") to any
 -- user who wishes to use these in the future. Also, Hasura would require additional setup to be able to use the
@@ -8,3 +11,13 @@ CREATE EXTENSION IF NOT EXISTS btree_gist WITH SCHEMA public;
 
 -- Allow Hasura to create new schemas.
 GRANT CREATE ON DATABASE xxx_db_hasura_name_xxx TO xxx_db_hasura_username_xxx;
+
+-- Grant select permissions on information_schema and pg_catalog to the Hasura
+-- user.
+GRANT SELECT ON ALL TABLES IN SCHEMA information_schema TO xxx_db_hasura_username_xxx;
+GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog TO xxx_db_hasura_username_xxx;
+
+-- Grant required privileges in the public schema to the Hasura user.
+GRANT ALL ON SCHEMA public TO xxx_db_hasura_username_xxx;
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO xxx_db_hasura_username_xxx;
+GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO xxx_db_hasura_username_xxx;
diff --git a/azuredbmock/migrations/03-create-auth-database.sql b/azuredbmock/migrations/03-create-auth-database.sql
@@ -1,3 +1,11 @@
--- Create database and give ALL privileges to the auth user.
+-- Create database and allow the auth user to create new schemas in it.
 CREATE DATABASE xxx_db_auth_name_xxx;
 GRANT ALL ON DATABASE xxx_db_auth_name_xxx TO xxx_db_auth_username_xxx;
+
+\connect xxx_db_auth_name_xxx;
+
+-- Make the JORE4 admin user the owner of the public schema.
+ALTER SCHEMA public OWNER TO CURRENT_USER;
+
+-- Grant full schema access to the public schema to the auth user.
+GRANT ALL ON SCHEMA public TO xxx_db_auth_username_xxx;
diff --git a/azuredbmock/migrations/04-create-jore3importer-database.sql b/azuredbmock/migrations/04-create-jore3importer-database.sql
@@ -1,3 +1,13 @@
--- Create database and give ALL privileges to the jore3importer user.
+-- Create database and allow the jore3importer user to create new schemas in it.
 CREATE DATABASE xxx_db_jore3importer_name_xxx;
 GRANT ALL ON DATABASE xxx_db_jore3importer_name_xxx TO xxx_db_jore3importer_username_xxx;
+
+\connect xxx_db_jore3importer_name_xxx;
+
+-- Make the JORE4 admin user the owner of the public schema.
+ALTER SCHEMA public OWNER TO CURRENT_USER;
+
+-- Grant privileges in the public schema to the jore3importer user.
+GRANT USAGE ON SCHEMA public TO xxx_db_jore3importer_username_xxx;
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO xxx_db_jore3importer_username_xxx;
+GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO xxx_db_jore3importer_username_xxx;
diff --git a/azuredbmock/migrations/05-create-timetables-database.sql b/azuredbmock/migrations/05-create-timetables-database.sql
@@ -9,5 +9,17 @@ ALTER DATABASE xxx_db_timetables_name_xxx SET intervalstyle = 'iso_8601';
 -- Switch database context to be able to add extensions there.
 \connect xxx_db_timetables_name_xxx;
 
+-- Make the JORE4 admin user the owner of the public schema.
+ALTER SCHEMA public OWNER TO CURRENT_USER;
+
 CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA public;
 CREATE EXTENSION IF NOT EXISTS btree_gist WITH SCHEMA public;
+
+-- Grant select permissions on information_schema and pg_catalog to Hasura.
+GRANT SELECT ON ALL TABLES IN SCHEMA information_schema TO xxx_db_hasura_username_xxx;
+GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog TO xxx_db_hasura_username_xxx;
+
+-- Grant required privileges in the public schema to Hasura.
+GRANT ALL ON SCHEMA public TO xxx_db_hasura_username_xxx;
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO xxx_db_hasura_username_xxx;
+GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO xxx_db_hasura_username_xxx;
diff --git a/azuredbmock/migrations/06-create-stopregistry-database.sql b/azuredbmock/migrations/06-create-stopregistry-database.sql
@@ -1,14 +1,22 @@
--- Create database and give ALL privileges to Tiamat in it.
+-- Create database and allow Tiamat to create new schemas in it.
 CREATE DATABASE xxx_db_tiamat_name_xxx;
 GRANT ALL ON DATABASE xxx_db_tiamat_name_xxx TO xxx_db_tiamat_username_xxx;
 
 -- Switch database context to initialise it to the state where Tiamat can use
 -- it.
 \connect xxx_db_tiamat_name_xxx;
 
+-- Make the JORE4 admin user the owner of the public schema.
+ALTER SCHEMA public OWNER TO CURRENT_USER;
+
 CREATE EXTENSION IF NOT EXISTS pg_trgm WITH SCHEMA public;
 CREATE EXTENSION IF NOT EXISTS postgis WITH SCHEMA public;
 
+-- Grant required privileges in the public schema to Tiamat.
+GRANT ALL ON SCHEMA public TO xxx_db_tiamat_username_xxx;
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO xxx_db_tiamat_username_xxx;
+GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO xxx_db_tiamat_username_xxx;
+
 CREATE SCHEMA IF NOT EXISTS topology AUTHORIZATION xxx_db_tiamat_username_xxx;
 CREATE EXTENSION IF NOT EXISTS postgis_topology WITH SCHEMA topology;
 -- The postgis_topology creates two tables.
