RHINENG-21445: drop inventory schema

Author: TenSt

database_admin/migrations/148_drop_inventory_schema.down.sql

@@ -0,0 +1,29 @@
+CREATE SCHEMA IF NOT EXISTS inventory;
+
+-- The admin ROLE that allows the inventory schema to be managed
+DO $$
+BEGIN
+  CREATE ROLE cyndi_admin;
+  EXCEPTION WHEN DUPLICATE_OBJECT THEN
+    RAISE NOTICE 'cyndi_admin already exists';
+END
+$$;
+GRANT ALL PRIVILEGES ON SCHEMA inventory TO cyndi_admin;
+
+-- The reader ROLE that provides SELECT access to the inventory.hosts view
+DO $$
+BEGIN
+  CREATE ROLE cyndi_reader;
+  EXCEPTION WHEN DUPLICATE_OBJECT THEN
+    RAISE NOTICE 'cyndi_reader already exists';
+END
+$$;
+GRANT USAGE ON SCHEMA inventory TO cyndi_reader;
+
+-- The application user is granted the reader role only to eliminate any interference with Cyndi
+GRANT cyndi_reader to listener;
+GRANT cyndi_reader to evaluator;
+GRANT cyndi_reader to manager;
+GRANT cyndi_reader TO vmaas_sync;
+
+GRANT cyndi_admin to cyndi;

database_admin/migrations/148_drop_inventory_schema.up.sql

@@ -0,0 +1,58 @@
+DO $$
+BEGIN
+  REVOKE cyndi_reader FROM listener; 
+  EXCEPTION WHEN undefined_object THEN NULL; 
+END
+$$;
+
+DO $$
+BEGIN
+  REVOKE cyndi_reader FROM evaluator; 
+  EXCEPTION WHEN undefined_object THEN NULL; 
+END
+$$;
+
+DO $$
+BEGIN
+  REVOKE cyndi_reader FROM manager; 
+  EXCEPTION WHEN undefined_object THEN NULL; 
+END
+$$;
+
+DO $$
+BEGIN
+  REVOKE cyndi_reader FROM vmaas_sync; 
+  EXCEPTION WHEN undefined_object THEN NULL; 
+END
+$$;
+
+DO $$
+BEGIN
+  REVOKE cyndi_admin FROM cyndi; 
+  EXCEPTION WHEN undefined_object THEN NULL; 
+END
+$$;
+
+DO $$
+BEGIN
+  IF EXISTS (SELECT 1 FROM pg_namespace WHERE nspname = 'inventory') THEN
+    EXECUTE 'REVOKE ALL PRIVILEGES ON SCHEMA inventory FROM cyndi_admin';
+  END IF;
+END
+$$;
+
+DO $$
+BEGIN
+  IF EXISTS (SELECT 1 FROM pg_namespace WHERE nspname = 'inventory') THEN
+    EXECUTE 'REVOKE USAGE ON SCHEMA inventory FROM cyndi_reader';
+  END IF;
+END
+$$;
+
+DROP ROLE IF EXISTS cyndi_admin;
+
+DROP ROLE IF EXISTS cyndi_reader;
+
+DROP SCHEMA IF EXISTS inventory CASCADE;
+
+DROP USER IF EXISTS cyndi;

database_admin/schema/create_schema.sql

@@ -7,7 +7,7 @@ CREATE TABLE IF NOT EXISTS schema_migrations
 
 
 INSERT INTO schema_migrations
-VALUES (147, false);
+VALUES (148, false);
 
 -- ---------------------------------------------------------------------------
 -- Functions

database_admin/schema/create_users.sql

@@ -5,7 +5,7 @@ $$
     BEGIN
         FOR usr IN
             SELECT name
-            FROM (VALUES ('evaluator'), ('listener'), ('manager'), ('vmaas_sync'), ('cyndi')) users (name)
+            FROM (VALUES ('evaluator'), ('listener'), ('manager'), ('vmaas_sync')) users (name)
             WHERE name NOT IN (SELECT rolname FROM pg_catalog.pg_roles)
             LOOP
                 execute 'CREATE USER ' || usr || ';';

dev/create_inventory_hosts.sql

@@ -36,3 +36,5 @@ CREATE OR REPLACE VIEW inventory.hosts AS SELECT
 	org_id,
 	groups
 FROM inventory.hosts_v1_0;
+
+CREATE USER cyndi;

tasks/vmaas_sync/metrics_db_test.go

@@ -17,8 +17,8 @@ func TestTableSizes(t *testing.T) {
 	for _, item := range tableSizes {
 		uniqueTables[item.Key] = true
 	}
-	assert.Equal(t, 231, len(tableSizes))
-	assert.Equal(t, 231, len(uniqueTables))
+	assert.Equal(t, 230, len(tableSizes))
+	assert.Equal(t, 230, len(uniqueTables))
 	assert.True(t, uniqueTables["public.system_inventory"]) // check whether table names were loaded
 	assert.True(t, uniqueTables["public.system_patch"])     // check whether table names were loaded
 	assert.True(t, uniqueTables["public.package"])