CloudSQL table ownership in Pre and ops is incorrect
Summary
The ownership of objects in the pre
database are incorrect and need to be fixed.
During the investigation of production#7769 (closed), I discovered that the permissions on many of the tables are wrong. I suspect this came from us importing the original data as the cloudsqlsuperuser
role and from then on using the gitlab
role. I think we may want to recursively set the owner of things to the gitlab
role.
A sampling of the incorrect permissions:
Schema | Name | Type | Owner
------------+------------------------------------------------------+-------------------+-------------------
pg_temp_28 | test | table | gitlab
public | abuse_reports | table | cloudsqlsuperuser
public | agent_activity_events | table | gitlab
public | agent_group_authorizations | table | gitlab
public | agent_project_authorizations | table | gitlab
public | alert_management_alert_assignees | table | cloudsqlsuperuser
public | alert_management_alert_metric_images | table | gitlab
public | alert_management_alert_user_mentions | table | cloudsqlsuperuser
This caused problems with a postdeploy migration that threatened the timeliness of the release on the 22nd.
Related Incident(s)
Originating issue(s): production#7769 (closed)
Desired Outcome/Acceptance Criteria
All of the objects in the CloudSQL database should be owned by the gitlab
Postgres role.
Associated Services
ServiceCloudSQL environmentpre
Corrective Action Issue Checklist
-
Link the incident(s) this corrective action arose out of -
Give context for what problem this corrective action is trying to prevent from re-occurring -
Assign a severity label (this is the highest sev of related incidents, defaults to 'severity::4') -
Assign a priority (this will default to 'Reliability::P4')
Edited by Alex Hanselka