feat: add read only pguser in build and volume plugins

CentroGeo · Feb 4, 2025 · 6e31626 · 6e31626
1 parent 9b1140f
commit 6e31626
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 1 deletion.
diff --git a/.env_idegeo_local b/.env_idegeo_local
@@ -28,6 +28,8 @@ GEONODE_DATABASE_PASSWORD=geonode
 GEONODE_GEODATABASE=geonode_data
 GEONODE_GEODATABASE_USER=geonode_data
 GEONODE_GEODATABASE_PASSWORD=geonode_data
+PG_READ_ONLY_USERNAME=read_geonode
+PG_READ_ONLY_PASSWORD=read_geonode
 GEONODE_DATABASE_SCHEMA=public
 GEONODE_GEODATABASE_SCHEMA=public
 DATABASE_HOST=db

diff --git a/.env_idegeo_prod b/.env_idegeo_prod
@@ -28,6 +28,8 @@ GEONODE_DATABASE_PASSWORD=geonode
 GEONODE_GEODATABASE=geonode_data
 GEONODE_GEODATABASE_USER=geonode_data
 GEONODE_GEODATABASE_PASSWORD=geonode_data
+PG_READ_ONLY_USERNAME=read_geonode
+PG_READ_ONLY_PASSWORD=read_geonode
 GEONODE_DATABASE_SCHEMA=public
 GEONODE_GEODATABASE_SCHEMA=public
 DATABASE_HOST=db

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -107,6 +107,7 @@ services:
     volumes:
       - statics:/mnt/volumes/statics
       - geoserver-data-dir:/geoserver_data/data
+      - geoserver-plugins:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib
       - backup-restore:/backup_restore
       - data:/data
       - tmp:/tmp
@@ -130,7 +131,13 @@ services:
   # PostGIS database.
   db:
     # use geonode official postgis 15 image
-    image: geonode/postgis:15.3-latest
+    image: ${COMPOSE_PROJECT_NAME}/postgis:15.3-latest
+    build:
+      context: ./docker/postgresql
+      dockerfile: Dockerfile
+      args:
+        - PG_READ_ONLY_USERNAME=${PG_READ_ONLY_USERNAME}
+        - PG_READ_ONLY_PASSWORD=${PG_READ_ONLY_PASSWORD}
     command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
     container_name: db4${COMPOSE_PROJECT_NAME}
     env_file:
@@ -154,6 +161,8 @@ services:
     restart: unless-stopped
 
 volumes:
+  geoserver-plugins:
+    name: ${COMPOSE_PROJECT_NAME}-gsplugins
   statics:
     name: ${COMPOSE_PROJECT_NAME}-statics
   nginx-confd:

diff --git a/docker/postgresql/Dockerfile b/docker/postgresql/Dockerfile
@@ -0,0 +1,14 @@
+ARG PG_READ_ONLY_USERNAME
+ARG PG_READ_ONLY_PASSWORD
+FROM geonode/postgis:15.3-latest
+
+
+RUN /bin/sh -c "DO \$\$ \
+BEGIN \
+    IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '${PG_READ_ONLY_USERNAME}') THEN \
+        CREATE ROLE ${PG_READ_ONLY_USERNAME} WITH LOGIN PASSWORD '${PG_READ_ONLY_PASSWORD}'; \
+    END IF; \
+END \
+\$\$;" | psql -U postgres
+
+RUN psql -U postgres -c "GRANT pg_read_all_data TO ${PG_READ_ONLY_USERNAME};"