From 00cabe85cdceba7d576989bf8095659554ab4b5a Mon Sep 17 00:00:00 2001
From: "Karl O. Pinc" <kop@karlpinc.com>
Date: Tue, 12 Sep 2023 12:34:55 -0500
Subject: [PATCH] Make all the group-ish roles during cluster setup

---
 db/creategroups.m4    |  1 +
 make_files/make_db.mk | 24 +++++++++++-------------
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/db/creategroups.m4 b/db/creategroups.m4
index 1ca6a0c..f13a00d 100644
--- a/db/creategroups.m4
+++ b/db/creategroups.m4
@@ -29,5 +29,6 @@ include(`copyright.m4')
 include(`constants.m4')
 dnl
 
+CREATE ROLE sdb_admin_group NOLOGIN CREATEDB CREATEROLE;
 CREATE ROLE sdb_reader NOLOGIN;
 CREATE ROLE sdb_writer NOLOGIN;
diff --git a/make_files/make_db.mk b/make_files/make_db.mk
index 0bb8ca6..2f91eda 100644
--- a/make_files/make_db.mk
+++ b/make_files/make_db.mk
@@ -380,7 +380,7 @@ db/schemas/createindexes.sql db/schemas/dropindexes.sql:
 ##   db/creategroups.sql
 ##                      Build file of sql which creates the groups (roles)
 ##                      expected by SokweDB
-$(DB_TARGETS): %.sql: %.m4 $(DB_DEPENDS)
+$(DB_TARGETS) db/creategroups.sql: %.sql: %.m4 $(DB_DEPENDS)
 	m4 $(M4_DB_INCLUDE_ARGS) $< > $@
 
 # It'd be nice to be able to empty the db of all data, but there's
@@ -461,8 +461,8 @@ $(DB_TARGETS): %.sql: %.m4 $(DB_DEPENDS)
 ##  user.  Otherwise, first create an administrative user with
 ##  "create-adminuser".
 ##
-##  2) Use the administrative user to create the the "admin" group/role
-##  ("create-admingroup") and then the database ("init-database").
+##  2) Use the administrative user to create the "group" roles
+##  ("create-groups") and then the database ("init-database").
 ##  Hint: Use TARGET_DB=postgres for all of this, since your new database
 ##  won't yet exist.
 ##
@@ -500,7 +500,6 @@ CREATE_SUPERUSER := CREATE ROLE $(TARGET_ROLE) LOGIN SUPERUSER \
                     PASSWORD '$(NEW_PASSWORD)';
 CREATE_ADMINUSER := CREATE ROLE $(TARGET_ROLE) LOGIN CREATEDB CREATEROLE \
                     PASSWORD '$(NEW_PASSWORD)';
-CREATE_ADMINGROUP := CREATE ROLE $(ADMIN_GROUP) NOLOGIN CREATEDB CREATEROLE;
 SET_PASSWORD := ALTER ROLE $(TARGET_ROLE) PASSWORD '$(NEW_PASSWORD)'
 
 ## The available targets for make (make TARGET) are:
@@ -528,15 +527,14 @@ create-adminuser:
 	  ) \
 	  | su postgres -c 'psql -h $(HOST) -d postgres -U postgres'
 
-##   create-admingroup  Create the role expected to own all objects
-##                      in the database.  (See the db/README.)  Note that
-##                      this role has permission to create databases and
-##                      create new users (roles). The ADMINUSER is used
-##                      to create the new role.
-.PHONY: create-admingroup
-create-admingroup:
-	( printf "$(CREATE_ADMINGROUP)\n" ; \
-	  ) \
+##   create-groups      Create the roles SokweDB uses for permission groups.
+##                      (See the db/README.)  Note that the "admin" role has
+##                      permission to create databases and create new users
+##                      (roles). The ADMINUSER is used to create the new
+##                      roles.
+.PHONY: create-groups
+create-groups: db/creategroups.sql
+	cat db/creategroups.sql \
 	  | psql $(PSQL_ARGS) $(PSQL_SINGLE_TRANS) --set=ON_ERROR_STOP=y
 
 ##   init-database      Create and initialize the database named by the
-- 
2.34.1