Files
apf_portal/infra/local/init
Julien Gautier 44deeab35d
CI / commits (pull_request) Successful in 1m10s
CI / check (pull_request) Successful in 1m15s
CI / scan (pull_request) Successful in 1m20s
CI / a11y (pull_request) Successful in 1m22s
CI / perf (pull_request) Successful in 2m59s
fix(infra): grant audit roles to current_user, not hardcoded portal
The bootstrap SQL ended with:

    GRANT audit_owner, audit_writer, audit_reader, audit_archiver TO portal;

which assumed POSTGRES_USER is `portal`. The compose file (and the
.env.example) document POSTGRES_USER as overridable — anyone who
changed it to something else (e.g. `apf_portal`) hit:

    ERROR: role "portal" does not exist
    psql: .../01-init.sql:48: ERROR: role "portal" does not exist

`current_user` resolves at script execution to whoever is running
the init SQL — that is, the superuser Postgres just created from
POSTGRES_USER, regardless of its name. Use it instead of hard-coding
`portal`.

Recovery for anyone hit by the original bug:

    cd infra/local
    docker compose -f dev.compose.yml down -v   # wipes the
                                                # half-initialised
                                                # postgres-data volume
    docker compose -f dev.compose.yml up -d     # bootstrap re-runs
                                                # cleanly
2026-05-08 20:55:55 +02:00
..