Generating A Spec¶
The pgbedrock generate
command creates a spec given a database’s current state, printing its
results to STDOUT
. As a result, one can create a spec with:
docker run -it \ quay.io/squarespace/pgbedrock generate \ -h myhost.mynetwork.net \ -p 5432 \ -d mydatabase \ -U mysuperuser \ -w supersecret > path/to/spec.yml
Alternatively, if you’d prefer to use the Python command-line interface instead, pip install
pgbedrock and run the above command starting from pgbedrock generate
. The rest of the command
is identical.
Note that a generated spec may differ from reality due to simplifications that pgbedrock makes. For
an example, see the “pgbedrock simplifies permissions down to read vs. write” bullet in the
Notable Functionality And Caveats. As a result, after generating a spec it is recommended
to run pgbedrock configure
against it right away in check mode to see what differences exist.
In addition to roles being granted various missing write privileges, another common change seen
after running pgbedrock generate
is various default privilege grants occurring. If within the
database there is currently a default privilege granted to a role within a schema, pgbedrock assumes
that the grantee is intended to have this default privilege regardless of who creates the future
object. To do this in Postgres correctly, pgbedrock needs to grant that default privileges from all
roles that could create new objects (see the “Default privileges are granted for permissions like
myschema.*
” bullet in the Notable Functionality And Caveats section for more details).