From a28304bbc1309ed7311c71bfa86d6c7c2cd50b38 Mon Sep 17 00:00:00 2001
From: "Christian R. Garcia" <christian.g21@gmail.com>
Date: Wed, 5 Apr 2023 07:52:24 -0700
Subject: [PATCH 1/5] Making role create fail softer

---
 pgrest/utils.py | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/pgrest/utils.py b/pgrest/utils.py
index 7c2f6e2..3983648 100644
--- a/pgrest/utils.py
+++ b/pgrest/utils.py
@@ -281,15 +281,18 @@ def grant_role(tenant, username, role):
 
     for a in admins:
         for tn in role_tenants:
-            grant_role(tn, a, 'PGREST_ADMIN')
+            try:
+                grant_role(tn, a, 'PGREST_ADMIN')
+            except:
+                pass
 
     # additional roles by tenant
-        grant_role('a2cps', 'ctjordan', 'PGREST_ADMIN')
-        grant_role('a2cps', 'pscherer', 'PGREST_ADMIN')
-        grant_role('a2cps', 'vaughn', 'PGREST_ADMIN')
+    grant_role('a2cps', 'ctjordan', 'PGREST_ADMIN')
+    grant_role('a2cps', 'pscherer', 'PGREST_ADMIN')
+    grant_role('a2cps', 'vaughn', 'PGREST_ADMIN')
 
-        grant_role('cii', 'ctjordan', 'PGREST_ADMIN')
-        grant_role('cii', 'pscherer', 'PGREST_ADMIN')
-        grant_role('cii', 'waller', 'PGREST_ADMIN')
+    grant_role('cii', 'ctjordan', 'PGREST_ADMIN')
+    grant_role('cii', 'pscherer', 'PGREST_ADMIN')
+    grant_role('cii', 'waller', 'PGREST_ADMIN')
 except Exception as e:
     logger.info("Issue setting roles, probably because you're not using 'tacc' site. This is not an issue, service should be good.")
\ No newline at end of file

From f91e03ac42e0aca80c94ec1e2171851da4c28ede Mon Sep 17 00:00:00 2001
From: "Christian R. Garcia" <christian.g21@gmail.com>
Date: Wed, 5 Apr 2023 07:59:13 -0700
Subject: [PATCH 2/5] Making PgREST fail softer-er

---
 pgrest/utils.py | 38 ++++++++++++++++++++++----------------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/pgrest/utils.py b/pgrest/utils.py
index 3983648..69cd276 100644
--- a/pgrest/utils.py
+++ b/pgrest/utils.py
@@ -221,22 +221,28 @@ def create_roles(tenants=[]):
     Creates the basic set of roles required by PgREST in SK for a given set of tenants.
     """
     for tn in tenants:
-        t.sk.createRole(roleName='PGREST_READ',
-                        roleTenant=tn,
-                        description='Role granting read access to all tables in the PgREST API.',
-                        _tapis_set_x_headers_from_service=True)
-        t.sk.createRole(roleName='PGREST_WRITE',
-                        roleTenant=tn,
-                        description='Role granting write access to all tables in the PgREST API.',
-                        _tapis_set_x_headers_from_service=True)
-        t.sk.createRole(roleName='PGREST_ADMIN',
-                        roleTenant=tn,
-                        description='Role granting admin rights to all tables in the PgREST API.',
-                        _tapis_set_x_headers_from_service=True)
-        t.sk.createRole(roleName='PGREST_ROLE_ADMIN',
-                        roleTenant=tn,
-                        description='Role granting ability to use PgREST Role endpoints.',
-                        _tapis_set_x_headers_from_service=True)
+        try:
+            t.sk.createRole(roleName='PGREST_READ',
+                            roleTenant=tn,
+                            description='Role granting read access to all tables in the PgREST API.',
+                            _tapis_set_x_headers_from_service=True)
+            t.sk.createRole(roleName='PGREST_WRITE',
+                            roleTenant=tn,
+                            description='Role granting write access to all tables in the PgREST API.',
+                            _tapis_set_x_headers_from_service=True)
+            t.sk.createRole(roleName='PGREST_ADMIN',
+                            roleTenant=tn,
+                            description='Role granting admin rights to all tables in the PgREST API.',
+                            _tapis_set_x_headers_from_service=True)
+            t.sk.createRole(roleName='PGREST_ROLE_ADMIN',
+                            roleTenant=tn,
+                            description='Role granting ability to use PgREST Role endpoints.',
+                            _tapis_set_x_headers_from_service=True)
+        except common_errors.UnauthorizedError as e:
+            logger.warning(f"Unauthorized error creating roles for tenant {tn}. PgREST probably cannot",
+                           f"act on behalf of users of this tenant. e: {e}")
+            pass
+
         # This doesn't really belong, but we need to delete our PGREST_TEST role because the testsuite
         # creates it and uses it, but we need to delete it each run. There's no delete role endpoint
         # though. Also we need to "reserve" the role between running the tests. So we delete it now.

From 0c892c1a59f2caf5f6c3be46718aaaf252664779 Mon Sep 17 00:00:00 2001
From: "Christian R. Garcia" <christian.g21@gmail.com>
Date: Wed, 5 Apr 2023 08:04:59 -0700
Subject: [PATCH 3/5] Change error type

---
 pgrest/utils.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pgrest/utils.py b/pgrest/utils.py
index 69cd276..efc3b16 100644
--- a/pgrest/utils.py
+++ b/pgrest/utils.py
@@ -8,6 +8,7 @@
 from pgrest.__init__ import t
 from tapisservice.config import conf
 from tapisservice.logs import get_logger
+from tapipy.errors import UnauthorizedError
 
 logger = get_logger(__name__)
 
@@ -238,7 +239,7 @@ def create_roles(tenants=[]):
                             roleTenant=tn,
                             description='Role granting ability to use PgREST Role endpoints.',
                             _tapis_set_x_headers_from_service=True)
-        except common_errors.UnauthorizedError as e:
+        except UnauthorizedError as e:
             logger.warning(f"Unauthorized error creating roles for tenant {tn}. PgREST probably cannot",
                            f"act on behalf of users of this tenant. e: {e}")
             pass

From ccfa119e2dcd1d9ff739a4b9f67dc78966f72f09 Mon Sep 17 00:00:00 2001
From: "Christian R. Garcia" <christian.g21@gmail.com>
Date: Wed, 5 Apr 2023 08:16:22 -0700
Subject: [PATCH 4/5] Logging formatting

---
 pgrest/utils.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pgrest/utils.py b/pgrest/utils.py
index efc3b16..1eaa9b5 100644
--- a/pgrest/utils.py
+++ b/pgrest/utils.py
@@ -240,8 +240,8 @@ def create_roles(tenants=[]):
                             description='Role granting ability to use PgREST Role endpoints.',
                             _tapis_set_x_headers_from_service=True)
         except UnauthorizedError as e:
-            logger.warning(f"Unauthorized error creating roles for tenant {tn}. PgREST probably cannot",
-                           f"act on behalf of users of this tenant. e: {e}")
+            logger.warning((f"Unauthorized error creating roles for tenant {tn}. PgREST probably cannot",
+                            f"act on behalf of users of this tenant. e: {e}"))
             pass
 
         # This doesn't really belong, but we need to delete our PGREST_TEST role because the testsuite

From a7d78a72898f94fa692b0330b02110909e6f9fcd Mon Sep 17 00:00:00 2001
From: "Christian R. Garcia" <Christian.G21@gmail.com>
Date: Wed, 5 Apr 2023 08:39:03 -0700
Subject: [PATCH 5/5] Update CHANGELOG.md

---
 CHANGELOG.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 332bfa8..f36aa56 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,15 @@
 
 All notable changes to this project will be documented in this file.
 
+## 1.3.0 - 2023-03-09
+### Breaking Changes:
+- No Change.
+
+### New features:
+- No Change.
+
+### Bug fixes:
+- Initialization creates roles, when trying to create roles for other tenants we would crash. Now we have a soft fail with better logging.
 
 ## 1.2.3 - 2023-02-09
 ### Breaking Changes: