Skip to content

Commit f54094e

Browse files
bitnerbitner
authored
stage release for v0.8.4 (#236)
1 parent 20b00f7 commit f54094e

File tree

7 files changed

+4680
-4
lines changed

7 files changed

+4680
-4
lines changed

CHANGELOG.md

+7
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,13 @@ All notable changes to this project will be documented in this file.
33

44
The format is based on [Keep a Changelog](http://keepachangelog.com/)
55
and this project adheres to [Semantic Versioning](http://semver.org/).
6+
## [v0.8.4]
7+
8+
### Fixed
9+
- Make release deployment use postgres images without plrust
10+
- Update versions of plrust in dockerfile (used for development, there is no plrust code yet)
11+
- Update incremental migration tests to start at v0.3.0 rather than v0.1.9 due to a breaking change in pg_partman at version 5 that has no ability to pin a version. Migrating from prior to v0.3.0 should still work fine as long as pg_partman has not been updated on the database.
12+
613
## [v0.8.3]
714

815
### Added

src/pgstac/migrations/pgstac.0.8.3-0.8.4.sql

+280
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,280 @@
1+
SET client_min_messages TO WARNING;
2+
SET SEARCH_PATH to pgstac, public;
3+
RESET ROLE;
4+
DO $$
5+
DECLARE
6+
BEGIN
7+
IF NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname='postgis') THEN
8+
CREATE EXTENSION IF NOT EXISTS postgis;
9+
END IF;
10+
IF NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname='btree_gist') THEN
11+
CREATE EXTENSION IF NOT EXISTS btree_gist;
12+
END IF;
13+
END;
14+
$$ LANGUAGE PLPGSQL;
15+
16+
DO $$
17+
BEGIN
18+
CREATE ROLE pgstac_admin;
19+
EXCEPTION WHEN duplicate_object THEN
20+
RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE;
21+
END
22+
$$;
23+
24+
DO $$
25+
BEGIN
26+
CREATE ROLE pgstac_read;
27+
EXCEPTION WHEN duplicate_object THEN
28+
RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE;
29+
END
30+
$$;
31+
32+
DO $$
33+
BEGIN
34+
CREATE ROLE pgstac_ingest;
35+
EXCEPTION WHEN duplicate_object THEN
36+
RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE;
37+
END
38+
$$;
39+
40+
41+
GRANT pgstac_admin TO current_user;
42+
43+
-- Function to make sure pgstac_admin is the owner of items
44+
CREATE OR REPLACE FUNCTION pgstac_admin_owns() RETURNS VOID AS $$
45+
DECLARE
46+
f RECORD;
47+
BEGIN
48+
FOR f IN (
49+
SELECT
50+
concat(
51+
oid::regproc::text,
52+
'(',
53+
coalesce(pg_get_function_identity_arguments(oid),''),
54+
')'
55+
) AS name,
56+
CASE prokind WHEN 'f' THEN 'FUNCTION' WHEN 'p' THEN 'PROCEDURE' WHEN 'a' THEN 'AGGREGATE' END as typ
57+
FROM pg_proc
58+
WHERE
59+
pronamespace=to_regnamespace('pgstac')
60+
AND proowner != to_regrole('pgstac_admin')
61+
AND proname NOT LIKE 'pg_stat%'
62+
)
63+
LOOP
64+
BEGIN
65+
EXECUTE format('ALTER %s %s OWNER TO pgstac_admin;', f.typ, f.name);
66+
EXCEPTION WHEN others THEN
67+
RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE;
68+
END;
69+
END LOOP;
70+
FOR f IN (
71+
SELECT
72+
oid::regclass::text as name,
73+
CASE relkind
74+
WHEN 'i' THEN 'INDEX'
75+
WHEN 'I' THEN 'INDEX'
76+
WHEN 'p' THEN 'TABLE'
77+
WHEN 'r' THEN 'TABLE'
78+
WHEN 'v' THEN 'VIEW'
79+
WHEN 'S' THEN 'SEQUENCE'
80+
ELSE NULL
81+
END as typ
82+
FROM pg_class
83+
WHERE relnamespace=to_regnamespace('pgstac') and relowner != to_regrole('pgstac_admin') AND relkind IN ('r','p','v','S') AND relname NOT LIKE 'pg_stat'
84+
)
85+
LOOP
86+
BEGIN
87+
EXECUTE format('ALTER %s %s OWNER TO pgstac_admin;', f.typ, f.name);
88+
EXCEPTION WHEN others THEN
89+
RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE;
90+
END;
91+
END LOOP;
92+
RETURN;
93+
END;
94+
$$ LANGUAGE PLPGSQL;
95+
SELECT pgstac_admin_owns();
96+
97+
CREATE SCHEMA IF NOT EXISTS pgstac AUTHORIZATION pgstac_admin;
98+
99+
GRANT ALL ON ALL FUNCTIONS IN SCHEMA pgstac to pgstac_admin;
100+
GRANT ALL ON ALL TABLES IN SCHEMA pgstac to pgstac_admin;
101+
GRANT ALL ON ALL SEQUENCES IN SCHEMA pgstac to pgstac_admin;
102+
103+
ALTER ROLE pgstac_admin SET SEARCH_PATH TO pgstac, public;
104+
ALTER ROLE pgstac_read SET SEARCH_PATH TO pgstac, public;
105+
ALTER ROLE pgstac_ingest SET SEARCH_PATH TO pgstac, public;
106+
107+
GRANT USAGE ON SCHEMA pgstac to pgstac_read;
108+
ALTER DEFAULT PRIVILEGES IN SCHEMA pgstac GRANT SELECT ON TABLES TO pgstac_read;
109+
ALTER DEFAULT PRIVILEGES IN SCHEMA pgstac GRANT USAGE ON TYPES TO pgstac_read;
110+
ALTER DEFAULT PRIVILEGES IN SCHEMA pgstac GRANT ALL ON SEQUENCES TO pgstac_read;
111+
112+
GRANT pgstac_read TO pgstac_ingest;
113+
GRANT ALL ON SCHEMA pgstac TO pgstac_ingest;
114+
ALTER DEFAULT PRIVILEGES IN SCHEMA pgstac GRANT ALL ON TABLES TO pgstac_ingest;
115+
ALTER DEFAULT PRIVILEGES IN SCHEMA pgstac GRANT ALL ON FUNCTIONS TO pgstac_ingest;
116+
117+
ALTER DEFAULT PRIVILEGES FOR ROLE pgstac_admin IN SCHEMA pgstac GRANT SELECT ON TABLES TO pgstac_read;
118+
ALTER DEFAULT PRIVILEGES FOR ROLE pgstac_admin IN SCHEMA pgstac GRANT USAGE ON TYPES TO pgstac_read;
119+
ALTER DEFAULT PRIVILEGES FOR ROLE pgstac_admin IN SCHEMA pgstac GRANT ALL ON SEQUENCES TO pgstac_read;
120+
ALTER DEFAULT PRIVILEGES FOR ROLE pgstac_admin IN SCHEMA pgstac GRANT ALL ON TABLES TO pgstac_ingest;
121+
ALTER DEFAULT PRIVILEGES FOR ROLE pgstac_admin IN SCHEMA pgstac GRANT ALL ON FUNCTIONS TO pgstac_ingest;
122+
123+
ALTER DEFAULT PRIVILEGES FOR ROLE pgstac_ingest IN SCHEMA pgstac GRANT SELECT ON TABLES TO pgstac_read;
124+
ALTER DEFAULT PRIVILEGES FOR ROLE pgstac_ingest IN SCHEMA pgstac GRANT USAGE ON TYPES TO pgstac_read;
125+
ALTER DEFAULT PRIVILEGES FOR ROLE pgstac_ingest IN SCHEMA pgstac GRANT ALL ON SEQUENCES TO pgstac_read;
126+
ALTER DEFAULT PRIVILEGES FOR ROLE pgstac_ingest IN SCHEMA pgstac GRANT ALL ON TABLES TO pgstac_ingest;
127+
ALTER DEFAULT PRIVILEGES FOR ROLE pgstac_ingest IN SCHEMA pgstac GRANT ALL ON FUNCTIONS TO pgstac_ingest;
128+
129+
SET SEARCH_PATH TO pgstac, public;
130+
SET ROLE pgstac_admin;
131+
132+
DO $$
133+
BEGIN
134+
DROP FUNCTION IF EXISTS analyze_items;
135+
EXCEPTION WHEN others THEN
136+
RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE;
137+
END
138+
$$;
139+
DO $$
140+
BEGIN
141+
DROP FUNCTION IF EXISTS validate_constraints;
142+
EXCEPTION WHEN others THEN
143+
RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE;
144+
END
145+
$$;
146+
147+
-- Install these idempotently as migrations do not put them before trying to modify the collections table
148+
149+
150+
CREATE OR REPLACE FUNCTION collection_geom(content jsonb)
151+
RETURNS geometry AS $$
152+
WITH box AS (SELECT content->'extent'->'spatial'->'bbox'->0 as box)
153+
SELECT
154+
st_makeenvelope(
155+
(box->>0)::float,
156+
(box->>1)::float,
157+
(box->>2)::float,
158+
(box->>3)::float,
159+
4326
160+
)
161+
FROM box;
162+
$$ LANGUAGE SQL IMMUTABLE STRICT;
163+
164+
CREATE OR REPLACE FUNCTION collection_datetime(content jsonb)
165+
RETURNS timestamptz AS $$
166+
SELECT
167+
CASE
168+
WHEN
169+
(content->'extent'->'temporal'->'interval'->0->>0) IS NULL
170+
THEN '-infinity'::timestamptz
171+
ELSE
172+
(content->'extent'->'temporal'->'interval'->0->>0)::timestamptz
173+
END
174+
;
175+
$$ LANGUAGE SQL IMMUTABLE STRICT;
176+
177+
CREATE OR REPLACE FUNCTION collection_enddatetime(content jsonb)
178+
RETURNS timestamptz AS $$
179+
SELECT
180+
CASE
181+
WHEN
182+
(content->'extent'->'temporal'->'interval'->0->>1) IS NULL
183+
THEN 'infinity'::timestamptz
184+
ELSE
185+
(content->'extent'->'temporal'->'interval'->0->>1)::timestamptz
186+
END
187+
;
188+
$$ LANGUAGE SQL IMMUTABLE STRICT;
189+
-- BEGIN migra calculated SQL
190+
-- END migra calculated SQL
191+
DO $$
192+
BEGIN
193+
INSERT INTO queryables (name, definition, property_wrapper, property_index_type) VALUES
194+
('id', '{"title": "Item ID","description": "Item identifier","$ref": "https://schemas.stacspec.org/v1.0.0/item-spec/json-schema/item.json#/definitions/core/allOf/2/properties/id"}', null, null);
195+
EXCEPTION WHEN unique_violation THEN
196+
RAISE NOTICE '%', SQLERRM USING ERRCODE = SQLSTATE;
197+
END
198+
$$;
199+
200+
DO $$
201+
BEGIN
202+
INSERT INTO queryables (name, definition, property_wrapper, property_index_type) VALUES
203+
('geometry', '{"title": "Item Geometry","description": "Item Geometry","$ref": "https://geojson.org/schema/Feature.json"}', null, null);
204+
EXCEPTION WHEN unique_violation THEN
205+
RAISE NOTICE '%', SQLERRM USING ERRCODE = SQLSTATE;
206+
END
207+
$$;
208+
209+
DO $$
210+
BEGIN
211+
INSERT INTO queryables (name, definition, property_wrapper, property_index_type) VALUES
212+
('datetime','{"description": "Datetime","type": "string","title": "Acquired","format": "date-time","pattern": "(\\+00:00|Z)$"}', null, null);
213+
EXCEPTION WHEN unique_violation THEN
214+
RAISE NOTICE '%', SQLERRM USING ERRCODE = SQLSTATE;
215+
END
216+
$$;
217+
218+
DELETE FROM queryables a USING queryables b
219+
WHERE a.name = b.name AND a.collection_ids IS NOT DISTINCT FROM b.collection_ids AND a.id > b.id;
220+
221+
222+
INSERT INTO pgstac_settings (name, value) VALUES
223+
('context', 'off'),
224+
('context_estimated_count', '100000'),
225+
('context_estimated_cost', '100000'),
226+
('context_stats_ttl', '1 day'),
227+
('default_filter_lang', 'cql2-json'),
228+
('additional_properties', 'true'),
229+
('use_queue', 'false'),
230+
('queue_timeout', '10 minutes'),
231+
('update_collection_extent', 'false'),
232+
('format_cache', 'false'),
233+
('readonly', 'false')
234+
ON CONFLICT DO NOTHING
235+
;
236+
237+
ALTER FUNCTION to_text COST 5000;
238+
ALTER FUNCTION to_float COST 5000;
239+
ALTER FUNCTION to_int COST 5000;
240+
ALTER FUNCTION to_tstz COST 5000;
241+
ALTER FUNCTION to_text_array COST 5000;
242+
243+
ALTER FUNCTION update_partition_stats SECURITY DEFINER;
244+
ALTER FUNCTION partition_after_triggerfunc SECURITY DEFINER;
245+
ALTER FUNCTION drop_table_constraints SECURITY DEFINER;
246+
ALTER FUNCTION create_table_constraints SECURITY DEFINER;
247+
ALTER FUNCTION check_partition SECURITY DEFINER;
248+
ALTER FUNCTION repartition SECURITY DEFINER;
249+
ALTER FUNCTION where_stats SECURITY DEFINER;
250+
ALTER FUNCTION search_query SECURITY DEFINER;
251+
ALTER FUNCTION format_item SECURITY DEFINER;
252+
ALTER FUNCTION maintain_index SECURITY DEFINER;
253+
254+
GRANT USAGE ON SCHEMA pgstac to pgstac_read;
255+
GRANT ALL ON SCHEMA pgstac to pgstac_ingest;
256+
GRANT ALL ON SCHEMA pgstac to pgstac_admin;
257+
258+
-- pgstac_read role limited to using function apis
259+
GRANT EXECUTE ON FUNCTION search TO pgstac_read;
260+
GRANT EXECUTE ON FUNCTION search_query TO pgstac_read;
261+
GRANT EXECUTE ON FUNCTION item_by_id TO pgstac_read;
262+
GRANT EXECUTE ON FUNCTION get_item TO pgstac_read;
263+
GRANT SELECT ON ALL TABLES IN SCHEMA pgstac TO pgstac_read;
264+
265+
266+
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA pgstac to pgstac_ingest;
267+
GRANT ALL ON ALL TABLES IN SCHEMA pgstac to pgstac_ingest;
268+
GRANT USAGE ON ALL SEQUENCES IN SCHEMA pgstac to pgstac_ingest;
269+
270+
REVOKE ALL PRIVILEGES ON PROCEDURE run_queued_queries FROM public;
271+
GRANT ALL ON PROCEDURE run_queued_queries TO pgstac_admin;
272+
273+
REVOKE ALL PRIVILEGES ON FUNCTION run_queued_queries_intransaction FROM public;
274+
GRANT ALL ON FUNCTION run_queued_queries_intransaction TO pgstac_admin;
275+
276+
RESET ROLE;
277+
278+
SET ROLE pgstac_ingest;
279+
SELECT update_partition_stats_q(partition) FROM partitions_view;
280+
SELECT set_version('0.8.4');

0 commit comments

Comments
 (0)