fix: conditionally create roles in migration script

cds-snc · May 8, 2024 · 9f9f07d · 9f9f07d
1 parent 93b5eb3
commit 9f9f07d
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/migrations/versions/0449_set_pgaudit_config.py b/migrations/versions/0449_set_pgaudit_config.py
@@ -16,9 +16,27 @@
 
 def upgrade():
     for role in roles:
+        # Make sure the roles exist in test and local environments
+        op.execute(
+            f"""
+            DO
+            $do$
+            BEGIN
+               IF NOT EXISTS (
+                  SELECT FROM pg_catalog.pg_roles 
+                  WHERE  rolname = '{role}') THEN
+
+                  CREATE ROLE {role};
+               END IF;
+            END
+            $do$
+        """
+        )
         op.execute(f"ALTER ROLE {role} IN DATABASE {database_name} SET pgaudit.log TO 'NONE'")
 
 
 def downgrade():
+    # Reset the pgaudit.log setting, but do not remove the roles as they are managed
+    # outside of the API migrations.
     for role in roles:
         op.execute(f"ALTER ROLE {role} IN DATABASE {database_name} RESET pgaudit.log")
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -79,8 +79,6 @@ def grant_test_db(writer_uri, uri_db_reader):
         f"CREATE ROLE {db_reader} LOGIN PASSWORD '{db_reader_password}';",
         f"GRANT USAGE ON SCHEMA {db_schema} TO {db_reader};",
         f"GRANT SELECT ON ALL TABLES IN SCHEMA {db_schema} TO {db_reader};",
-        "CREATE ROLE app_db_user;",
-        "CREATE ROLE rdsproxyadmin;",
     ]
     for statement in statements:
         try: