Cleanup and use new postgres prefixed db role name

2025-03-11 15:01:48 +01:00
parent 0614ccb8e4
commit 521867e125
5 changed files with 5 additions and 10 deletions
--- a/example/images/cloudbeaver/Dockerfile
+++ b/example/images/cloudbeaver/Dockerfile
@@ -1,4 +1,4 @@
-FROM danielberteaud/java:21-25.3-1
+FROM danielberteaud/java:21-25.3-2
 LABEL maintainer="Daniel Berteaud <dbd@ehtrace.com>"

 ENV CLOUDBEAVER_WEB_CONFIG=/opt/cloudbeaver/conf/cloudbeaver.conf
--- a/example/init/cloudbeaver-vault-database
+++ b/example/init/cloudbeaver-vault-database
@@ -2,7 +2,7 @@

 set -euo pipefail

-vault write database/roles/cloudbeaver \
+vault write database/roles/postgres-cloudbeaver \
    db_name="postgres" \
    creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
        GRANT \"cloudbeaver\" TO \"{{name}}\"; \
--- a/example/vault/policies/cloudbeaver.hcl
+++ b/example/vault/policies/cloudbeaver.hcl
@@ -2,6 +2,6 @@ path "kv/data/service/cloudbeaver" {
  capabilities = ["read"]
 }

-path "database/creds/cloudbeaver" {
+path "database/creds/postgres-cloudbeaver" {
  capabilities = ["read"]
 }
--- a/variables.yml
+++ b/variables.yml
@@ -79,12 +79,7 @@ cloudbeaver:
  # Proxmox Backup
  proxmox_backup:
    user: 8978:8978
-    env:
-      PGHOST: '[[ (merge .cloudbeaver .).postgres.host ]]'
-      PGPORT: '[[ (merge .cloudbeaver .).postgres.port ]]'
-      PGDATABASE: '[[ (merge .cloudbeaver .).postgres.database ]]'
-      PGUSER: '[[ (merge .cloudbeaver .).postgres.user ]]'
-      PGPASSWORD: '[[ (merge .cloudbeaver .).postgres.password ]]'
+    postgres: true
    hooks:
      cloudbeaver:
        type: template
--- a/vault/policies/cloudbeaver.hcl
+++ b/vault/policies/cloudbeaver.hcl
@@ -2,6 +2,6 @@ path "[[ .vault.root ]]kv/data/service/[[ .instance ]]" {
  capabilities = ["read"]
 }

-path "[[ .vault.root ]]database/creds/[[ .instance ]]" {
+path "[[ .vault.root ]]database/creds/postgres-[[ .vault.database.role ]]" {
  capabilities = ["read"]
 }