Created
May 25, 2023 21:10
-
-
Save dbones/978a49722c03cce2936f84f3133be031 to your computer and use it in GitHub Desktop.
postgres KubeOps Api RFC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ops API Tech RFC: postgres | |
| # connection is a secret (default pg-connection, in the same namepace, or a configfile which has the location of the connection)) | |
| # database | |
| # schema | |
| # security label | |
| # role | |
| # grant(s) | |
| apiVersion: postgres.tech.lab.dev/v1 | |
| kind: Database | |
| metadata: | |
| annotation: | |
| lab.dev/sync: 60 | |
| name: | |
| namespace: | |
| spec: | |
| connection: pg-connection | |
| name: calculated | |
| ownerReference: | |
| name: | |
| namespace: | |
| encoding: utf8 | |
| template: null | |
| tablespace: null | |
| collation: null | |
| characterType: null | |
| connectionLimit: -1 | |
| comment: | |
| --- | |
| apiVersion: postgres.tech.lab.dev/v1 | |
| kind: Schema | |
| metadata: | |
| name: | |
| namespace: | |
| spec: | |
| connection: | |
| databaseReference: | |
| name: | |
| namespace: | |
| ownerReference: | |
| name: | |
| namespace: | |
| comment: null | |
| --- | |
| apiVersion: postgres.tech.lab.dev/v1 | |
| kind: SecurityLabel | |
| metadata: | |
| name: | |
| namespace: | |
| spec: | |
| connection: | |
| provider: | |
| label: | |
| onType: Database | Schema | Role | Grant | |
| onReference: | |
| name: | |
| namespace: | |
| --- | |
| apiVersion: postgres.tech.lab.dev/v1 | |
| kind: Role | |
| metadata: | |
| name: | |
| namespace: | |
| spec: | |
| connection: | |
| name: calculated | |
| comments: null | |
| password: null | |
| connectionLimit: -1 | |
| canLogin: false | |
| superuser: false | |
| createRoles: false | |
| createDatabases: false | |
| updateCatalog: false | |
| inheritRights: true | |
| replication: false | |
| --- | |
| # add a role to a role (aka membership) | |
| apiVersion: postgres.tech.lab.dev/v1 | |
| kind: GrantRole | |
| metadata: | |
| name: | |
| namespace: | |
| spec: | |
| connection: | |
| AssignRoleReference: #the role to assign | |
| name: | |
| namespace: | |
| ToRoleReference: # the role that we want to assign it to | |
| name: | |
| namespace: | |
| withAdmin: false | |
| --- | |
| # role to schema with permission | |
| apiVersion: postgres.tech.lab.dev/v1 | |
| kind: GrantDefault | |
| metadata: | |
| name: | |
| namespace: | |
| spec: | |
| connection: | |
| Privileges: # leave empty to revoke all default roles | |
| - All | |
| - Insert # Tables | |
| - Select # Tables, Sequences | |
| - Update # Tables, Sequences | |
| - Delete # Tables | |
| - Truncate # Tables | |
| - Trigger # Tables | |
| - Useage # Sequences, Types | |
| - Execute # Functions | |
| inReference: # schema ref | |
| type: Tables | Sequences | Functions | Types | |
| ToRoleReference: # the role that we want to assign it to | |
| withGrant: false | |
| --- | |
| # role to table with permission | |
| apiVersion: postgres.tech.lab.dev/v1 | |
| kind: Grant | |
| metadata: | |
| name: | |
| namespace: | |
| spec: | |
| connection: | |
| AssignRoleReference: #the role to assign | |
| ToRoleReference: # the role that we want to assign it to | |
| withAdmin: false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WIP