Allow cgimap to read issues and reports

[chef.git] / cookbooks / db / recipes / master.rb

diff --git a/cookbooks/db/recipes/master.rb b/cookbooks/db/recipes/master.rb
index 6ba23cb50a1fab486cedeafa81b61a905564a578..58e0be741caba8c3c0f8fded7c4253913534dd3e 100644 (file)
--- a/cookbooks/db/recipes/master.rb
+++ b/cookbooks/db/recipes/master.rb
@@ -100,6 +100,7 @@ CGIMAP_PERMISSIONS = {
   "current_way_tags" => [:select, :insert, :delete],
   "current_ways" => [:select, :insert, :update],
   "current_ways_id_seq" => [:update],
+  "issues" => [:select],
   "node_tags" => [:select, :insert],
   "nodes" => [:select, :insert],
   "oauth_access_grants" => [:select],
@@ -111,19 +112,20 @@ CGIMAP_PERMISSIONS = {
   "relation_members" => [:select, :insert],
   "relation_tags" => [:select, :insert],
   "relations" => [:select, :insert],
+  "reports" => [:select],
   "user_blocks" => [:select],
   "user_roles" => [:select],
   "users" => [:select],
   "way_nodes" => [:select, :insert],
   "way_tags" => [:select, :insert],
   "ways" => [:select, :insert]
-}
+}.freeze
 
 PLANETDUMP_PERMISSIONS = {
   "note_comments" => :select,
   "notes" => :select,
   "users" => :select
-}
+}.freeze
 
 PLANETDIFF_PERMISSIONS = {
   "changeset_comments" => :select,
@@ -138,7 +140,11 @@ PLANETDIFF_PERMISSIONS = {
   "way_nodes" => :select,
   "way_tags" => :select,
   "ways" => :select
-}
+}.freeze
+
+PROMETHEUS_PERMISSIONS = {
+  "delayed_jobs" => :select
+}.freeze
 
 %w[
   acls
@@ -205,6 +211,7 @@ PLANETDIFF_PERMISSIONS = {
                 "cgimap" => CGIMAP_PERMISSIONS[table],
                 "planetdump" => PLANETDUMP_PERMISSIONS[table],
                 "planetdiff" => PLANETDIFF_PERMISSIONS[table],
+                "prometheus" => PROMETHEUS_PERMISSIONS[table],
                 "backup" => [:select]
   end
 end
@@ -267,6 +274,7 @@ systemd_service "monthly-reindex" do
   user "postgres"
   sandbox true
   restrict_address_families "AF_UNIX"
+  remove_ipc false
 end
 
 systemd_timer "monthly-reindex" do
@@ -290,6 +298,7 @@ systemd_service "yearly-reindex" do
   user "postgres"
   sandbox true
   restrict_address_families "AF_UNIX"
+  remove_ipc false
 end
 
 systemd_timer "yearly-reindex" do
@@ -300,3 +309,10 @@ end
 service "yearly-reindex.timer" do
   action [:enable, :start]
 end
+
+template "/etc/prometheus/exporters/sql_rails.collector.yml" do
+  source "sql_rails.yml.erb"
+  owner "root"
+  group "root"
+  mode "0644"
+end