{
"info": {
"author": "GoPythonGo.com",
"author_email": "info@gopythongo.com",
"bugtrack_url": null,
"classifiers": [
"Development Status :: 5 - Production/Stable",
"Intended Audience :: Developers",
"Intended Audience :: System Administrators",
"License :: OSI Approved :: BSD License",
"Operating System :: POSIX",
"Programming Language :: Python :: 3 :: Only"
],
"description": "django-postgresql-setrole27\n===========================\n\nThis is a Python 2.7 port of Jonas Maurus' django-postgresql-setrole\npackage.\n\nA Django application that executes `SET ROLE` on every connection to PostgreSQL\nopened by Django. This is useful if you're using external authentication\nmanagers like `Hashicorp Vault `__\\ .\n\nPostgreSQL's user model (\"roles\") assigns every object created in a database/\ntablespace/schema an \"owner\". Said owner is the *only* user that can modify or\ndrop the object. This means that user credentials leased from Vault which\nexpire after some time, can't be used to create or migrate tables unless you \nuse the same user name every time (which would defeat the purpose).\n\nThe solution is to create an \"owner role\". In layman's terms \"a group that has\nall necessary permissions on the database and the INHERIT attribute and will\nact as the 'sudo' user for leased users from the authentication manager\". All\nusers created by the authentication manager will then be assigned this group\nand when they connect to the database execute \"SET ROLE \", thereby\nmaking all objects created owned by the owner role.\n\n\nHow do I use this Django application?\n-------------------------------------\nAdd `postgresql_setrole27` to `INSTALLED_APPS`. Then in `settings.DATABASES` add\n\n.. code-block:: python\n\n DATABASES = {\n \"default\": {\n ..., # other settings\n \"SET_ROLE\": \"mydatabaseowner\",\n }\n }\n\n\nWhy is SET ROLE necessary?\n--------------------------\nThe `INHERIT` attribute is not bidirectional. So if a (user) role is assigned\na (group) role it inherits the group's permissions, but the group does not\ngain any rights on objects created by the user role.\n\nSo what you want is the (group) owner role to own everything.\n\n\nHow do I set this up?\n---------------------\nOn your shell as the `postgres` superuser:\n\n.. code-block:: shell\n\n # --- create an admin role for Vault\n # no create database\n # encrypt password\n # do not inherit rights\n # can create roles\n # not a superuser\n createuser -D -E -I -l -r -S vaultadmin\n\n # --- create an owner role for your database\n # no create database\n # encrypt password\n # do not inherit rights\n # can't create roles\n # not a superuser\n createuser -D -E -I -L -R -S mydatabaseowner\n createdb -E utf8 -O mydatabaseowner mydatabase\n\nThen configure Vault to create roles like this:\n\n.. code-block:: shell\n\n $ vault mount -path=mydatabase-auth postgresql\n $ vault write mydatabase-auth/roles/fullaccess -\n {\n \"sql\": \"CREATE ROLE \\\"{{name}}\\\" WITH LOGIN ENCRYPTED PASSWORD '{{password}}' VALID UNTIL '{{expiration}}' IN ROLE \\\"mydatabaseowner\\\" INHERIT NOCREATEROLE NOCREATEDB NOSUPERUSER NOREPLICATION NOBYPASSRLS;\",\n \"revocation_sql\": \"DROP ROLE \\\"{{name}}\\\";\"\n }\n\nThen users created by Vault when they log in must run\n\n.. code-block:: sql\n\n SET ROLE \"mydatabaseowner\";\n\nThis ensures that all created tables and other objects belong to\n`mydatabaseowner`.\n\n\nLicense\n=======\n\nCopyright (c) 2016, Jonas Maurus\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\n1. Redistributions of source code must retain the above copyright notice, this\n list of conditions and the following disclaimer.\n\n2. Redistributions in binary form must reproduce the above copyright notice,\n this list of conditions and the following disclaimer in the documentation\n and/or other materials provided with the distribution.\n\n3. Neither the name of the copyright holder nor the names of its contributors\n may be used to endorse or promote products derived from this software\n without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\nANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\nWARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\nFOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\nOR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n\n",
"description_content_type": null,
"docs_url": null,
"download_url": "",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "https://github.com/jdelic/django-postgresql-setrole/",
"keywords": "",
"license": "",
"maintainer": "",
"maintainer_email": "",
"name": "django-postgresql-setrole27",
"package_url": "https://pypi.org/project/django-postgresql-setrole27/",
"platform": "",
"project_url": "https://pypi.org/project/django-postgresql-setrole27/",
"project_urls": {
"Homepage": "https://github.com/jdelic/django-postgresql-setrole/"
},
"release_url": "https://pypi.org/project/django-postgresql-setrole27/1.0.10/",
"requires_dist": null,
"requires_python": "",
"summary": "Execute SET ROLE on every PostgreSQL connection in the Django ORM",
"version": "1.0.10"
},
"last_serial": 3185348,
"releases": {
"1.0.10": [
{
"comment_text": "",
"digests": {
"md5": "90fedc957a27ffe1033a77677cb4966e",
"sha256": "4084a2456a883d9d2b8b3ab484dca39b6f8fb159fb34c269c09bdafcb7abe36e"
},
"downloads": -1,
"filename": "django_postgresql_setrole27-1.0.10-py2-none-any.whl",
"has_sig": false,
"md5_digest": "90fedc957a27ffe1033a77677cb4966e",
"packagetype": "bdist_wheel",
"python_version": "py2",
"requires_python": null,
"size": 7214,
"upload_time": "2017-09-19T12:53:42",
"url": "https://files.pythonhosted.org/packages/dd/d7/71cb50aefd34576e7fb1cea0993c6ac2013d4d6dab27df033e6da0e23e99/django_postgresql_setrole27-1.0.10-py2-none-any.whl"
}
],
"1.0.8": [
{
"comment_text": "",
"digests": {
"md5": "9550b385a35ec888e821d10c5bd9eaa4",
"sha256": "66f18ead2aea19facff6d04de509309d75478955d367340eaebe93ea283e6fc1"
},
"downloads": -1,
"filename": "django_postgresql_setrole27-1.0.8-py2-none-any.whl",
"has_sig": false,
"md5_digest": "9550b385a35ec888e821d10c5bd9eaa4",
"packagetype": "bdist_wheel",
"python_version": "py2",
"requires_python": null,
"size": 7221,
"upload_time": "2017-09-19T08:55:14",
"url": "https://files.pythonhosted.org/packages/f9/f0/63cb54bc329a0a27a07c9c2b5da6eacac0abfd1a074ab4407681d9faef5f/django_postgresql_setrole27-1.0.8-py2-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "ba996721df82428e660b76acf30d71c7",
"sha256": "7c4e58892f1d24953b3e5fab2f4c560b7f56cb7ebbc4bc9f374f8114d79ec942"
},
"downloads": -1,
"filename": "django-postgresql-setrole27-1.0.8.tar.gz",
"has_sig": false,
"md5_digest": "ba996721df82428e660b76acf30d71c7",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 4230,
"upload_time": "2017-09-19T08:55:15",
"url": "https://files.pythonhosted.org/packages/ae/48/e2cc19aedb77d1a61a856837b60594d7a3167e3efaccb55aeff19290215c/django-postgresql-setrole27-1.0.8.tar.gz"
}
],
"1.0.9": [
{
"comment_text": "",
"digests": {
"md5": "12152a50348f8f2311ac409ad9dedc1d",
"sha256": "938d750895fedeb0d8683ccf8ea419ffe4dd545fe6dab36aded74334eaac14e9"
},
"downloads": -1,
"filename": "django_postgresql_setrole27-1.0.9-py2-none-any.whl",
"has_sig": false,
"md5_digest": "12152a50348f8f2311ac409ad9dedc1d",
"packagetype": "bdist_wheel",
"python_version": "py2",
"requires_python": null,
"size": 7197,
"upload_time": "2017-09-19T12:38:46",
"url": "https://files.pythonhosted.org/packages/f4/c3/10ea32e8bddd4deb279e581fafc15d5ffe65e9bef8b021b09f852eb8f6d6/django_postgresql_setrole27-1.0.9-py2-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "0308ccec504860906cd769e49b2debbe",
"sha256": "7c8af138ecfbdd5c5d799a3883a4615d879fbc00d409ec5a209f1bf883914157"
},
"downloads": -1,
"filename": "django-postgresql-setrole27-1.0.9.tar.gz",
"has_sig": false,
"md5_digest": "0308ccec504860906cd769e49b2debbe",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 4220,
"upload_time": "2017-09-19T12:38:49",
"url": "https://files.pythonhosted.org/packages/c4/ac/24bc542940acce33e9c7ceff81754fd0cd47a80cc7d6b31161c920eb82c9/django-postgresql-setrole27-1.0.9.tar.gz"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "90fedc957a27ffe1033a77677cb4966e",
"sha256": "4084a2456a883d9d2b8b3ab484dca39b6f8fb159fb34c269c09bdafcb7abe36e"
},
"downloads": -1,
"filename": "django_postgresql_setrole27-1.0.10-py2-none-any.whl",
"has_sig": false,
"md5_digest": "90fedc957a27ffe1033a77677cb4966e",
"packagetype": "bdist_wheel",
"python_version": "py2",
"requires_python": null,
"size": 7214,
"upload_time": "2017-09-19T12:53:42",
"url": "https://files.pythonhosted.org/packages/dd/d7/71cb50aefd34576e7fb1cea0993c6ac2013d4d6dab27df033e6da0e23e99/django_postgresql_setrole27-1.0.10-py2-none-any.whl"
}
]
}