feat: update migrations to include role creation and permissions mana…

…gement, with support for privileged user migration execution

kolomoni_migrations/migrations/M0001_prepare-database/down.sql

@@ -0,0 +1,27 @@
+DROP SCHEMA kolomoni CASCADE;
+DROP SCHEMA migrations CASCADE;
+
+GRANT
+    ALL PRIVILEGES
+    ON SCHEMA public
+    TO PUBLIC;
+
+
+REVOKE
+    CONNECT, TEMPORARY
+    ON DATABASE stari_kolomoni
+    FROM kolomoni_backend;
+
+REVOKE
+    ALL PRIVILEGES
+    ON DATABASE stari_kolomoni
+    FROM kolomoni_migrator;
+
+GRANT
+    ALL PRIVILEGES
+    ON DATABASE stari_kolomoni
+    TO PUBLIC;
+
+
+DROP ROLE kolomoni_backend;
+DROP ROLE kolomoni_migrator;

kolomoni_migrations/migrations/M0001_prepare-database/migration.toml

@@ -0,0 +1,38 @@
+###
+# Migration
+#   version 0001
+#   name    prepare-database
+#
+# Created on: 2024-09-01T14:20:11Z
+###
+#
+# Note that it is impossible to modify the version or name of the migration in 
+# this configuration file *by design*. Both the version and name are 
+# *always* parsed from the parent directory name for consistency.
+#
+
+
+# Whether to run the migration (up and down) as a privileged user instead of the normal user.
+# Depending on setup, this might be required for things like creating databases and granting permissions.
+run_as_privileged_user = true
+
+
+##
+# Configuration that impacts the up.sql migration script.
+##
+[up]
+# Certain statements, such as CREATE INDEX CONCURRENTLY, cannot be run inside a transaction.
+# Using those statements in your migration script will require you to run the migration
+# without a transaction.
+run_inside_transaction = true
+
+
+
+##
+# Configuration that impacts the down.sql rollback script.
+##
+[down]
+# Certain statements, such as CREATE INDEX CONCURRENTLY, cannot be run inside a transaction.
+# Using those statements in your migration script will require you to run the migration
+# without a transaction.
+run_inside_transaction = true

kolomoni_migrations/migrations/M0001_prepare-database/up.sql

@@ -0,0 +1,78 @@
+CREATE
+    ROLE kolomoni_migrator
+    LOGIN
+    PASSWORD 'kolomoni_migrator';
+
+CREATE
+    ROLE kolomoni_backend
+    LOGIN
+    PASSWORD 'kolomoni_backend';
+
+
+REVOKE
+    ALL PRIVILEGES
+    ON DATABASE stari_kolomoni
+    FROM PUBLIC;
+
+GRANT
+    ALL PRIVILEGES
+    ON DATABASE stari_kolomoni
+    TO kolomoni_migrator;
+
+GRANT
+    CONNECT, TEMPORARY
+    ON DATABASE stari_kolomoni
+    TO kolomoni_backend;
+
+
+
+REVOKE
+    ALL PRIVILEGES
+    ON SCHEMA public
+    FROM PUBLIC;
+
+
+
+CREATE
+    SCHEMA migrations
+    AUTHORIZATION kolomoni_migrator;
+
+GRANT
+    ALL PRIVILEGES
+    ON SCHEMA migrations
+    TO kolomoni_migrator;
+
+
+
+CREATE
+    SCHEMA kolomoni
+    AUTHORIZATION kolomoni_migrator;
+
+GRANT
+    ALL PRIVILEGES
+    ON SCHEMA kolomoni
+    TO kolomoni_migrator;
+
+GRANT
+    USAGE
+    ON SCHEMA kolomoni
+    TO kolomoni_backend;
+
+
+
+ALTER DEFAULT PRIVILEGES
+    FOR ROLE postgres
+    IN SCHEMA migrations
+    GRANT
+        ALL PRIVILEGES
+        ON TABLES
+        TO kolomoni_migrator;
+
+
+ALTER DEFAULT PRIVILEGES
+    FOR ROLE kolomoni_migrator
+    IN SCHEMA kolomoni
+    GRANT
+        SELECT, INSERT, UPDATE, DELETE
+        ON TABLES
+        TO kolomoni_backend;

kolomoni_migrations/migrations/M0001_set-up-basic-database/migration.toml → kolomoni_migrations/migrations/M0002_set-up-tables/migration.toml

@@ -1,6 +1,6 @@
 ###
 # Migration
-#   version 0001
+#   version 0002
 #   name    initialize-database
 #
 # Created on: 2024-08-24
@@ -12,6 +12,11 @@
 #
 
 
+# Whether to run the migration (up and down) as a privileged user instead of the normal user.
+# Depending on setup, this might be required for things like creating databases and granting permissions.
+run_as_privileged_user = false
+
+
 ##
 # Configuration that impacts the up.sql migration script.
 ##