make failed_authentication reflect log files rotation

zalando · Sep 16, 2024 · ee46fcd · ee46fcd
1 parent c04fd5f
commit ee46fcd
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 13 deletions.
diff --git a/postgres-appliance/scripts/configure_spilo.py b/postgres-appliance/scripts/configure_spilo.py
@@ -772,7 +772,6 @@ def write_log_environment(placeholders):
     log_s3_key = 'spilo/{LOG_BUCKET_SCOPE_PREFIX}{SCOPE}{LOG_BUCKET_SCOPE_SUFFIX}/log/'.format(**log_env)
     if os.getenv('LOG_GROUP_BY_DATE'):
         log_s3_key += '{DATE}/'
-
     log_s3_key += placeholders['instance_data']['id']
     log_env['LOG_S3_KEY'] = log_s3_key
 

diff --git a/postgres-appliance/scripts/post_init.sh b/postgres-appliance/scripts/post_init.sh
@@ -152,24 +152,30 @@ for i in $(seq 0 7); do
     if [ "$LOG_SHIP_HOURLY" != "true" ]; then
         echo "CREATE FOREIGN TABLE IF NOT EXISTS public.postgres_log_${i} () INHERITS (public.postgres_log) SERVER pglog
         OPTIONS (filename '../pg_log/postgresql-${i}.csv', format 'csv', header 'false');
-        GRANT SELECT ON public.postgres_log_${i} TO admin;"
+        GRANT SELECT ON public.postgres_log_${i} TO admin;
+
+        CREATE OR REPLACE VIEW public.failed_authentication_${i} WITH (security_barrier) AS
+        SELECT *
+          FROM public.postgres_log_${i}
+         WHERE command_tag = 'authentication'
+           AND error_severity = 'FATAL';
+        ALTER VIEW public.failed_authentication_${i} OWNER TO postgres;
+        GRANT SELECT ON TABLE public.failed_authentication_${i} TO robot_zmon;"
     else
         for h in $(seq 0 23); do
             echo "CREATE FOREIGN TABLE IF NOT EXISTS public.postgres_log_${i}_${h} () INHERITS (public.postgres_log) SERVER pglog
             OPTIONS (filename '../pg_log/postgresql-${i}-${h}.csv', format 'csv', header 'false');
-            GRANT SELECT ON public.postgres_log_${i}_${h} TO admin;"
+            GRANT SELECT ON public.postgres_log_${i}_${h} TO admin;
+
+            CREATE OR REPLACE VIEW public.failed_authentication_${i}_${h} WITH (security_barrier) AS
+            SELECT *
+              FROM public.postgres_log_${i}_${h}
+             WHERE command_tag = 'authentication'
+               AND error_severity = 'FATAL';
+            ALTER VIEW public.failed_authentication_${i}_${h} OWNER TO postgres;
+            GRANT SELECT ON TABLE public.failed_authentication_${i}_${h} TO robot_zmon;"
         done
     fi
-
-    echo "
-CREATE OR REPLACE VIEW public.failed_authentication_${i} WITH (security_barrier) AS
-SELECT *
-  FROM public.postgres_log_${i}
- WHERE command_tag = 'authentication'
-   AND error_severity = 'FATAL';
-ALTER VIEW public.failed_authentication_${i} OWNER TO postgres;
-GRANT SELECT ON TABLE public.failed_authentication_${i} TO robot_zmon;
-"
 done
 
 cat _zmon_schema.dump