datacube.drivers.common_psql.UserRoleBase#

class datacube.drivers.common_psql.UserRoleBase(new_class_name, /, names, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]#

Base class for representing user types.

Should be subclassed by index drivers with their own user type hierarchy, e.g.

from datacube.drivers.common_psql import UserRoleBase

class UserRole(UserRoleBase):
    # Enumerate supported user type names
    # Should contain a driver specific prefix, in this example 'drv_'.
    USER = "drv_user"
    ADVANCED = drv_advanced"
    MANAGE = "drv_manage"
    ADMIN = "drv_admin"

    ...  # Implement remaining abstract methods as discussed below

The standard expected user types would be "user" for regular read-only users,
"manage" for index-maintenance/read-write users, and "admin" for
schema-owner/maintainer users, but index drivers may add additional user types.
A linear hierarchy is assumed.
__init__(*args, **kwds)#

Methods

to_pg_role(role_str)

Converts convert user-facing user type names to internal database names

simple_str()

Returns the user-facing user type name for this UserRole.

all_role_names()

Returns all user-facing user type names

higher_roles()

Returns all roles that have more privileges than this one.

lower_roles()

Returns all roles that have fewer privileges than this one.

inherits_from()

Returns the role immediately below this one in the hierarchy, or None if this is the most privileged role.

can_create_user()

Returns True if this role can create new users (typically only the most privileged role).
classmethod all_role_names()[source]#

Returns all user-facing user type names

Return type:

Generator[str]

abstractmethod can_create_user()[source]#

Returns True if this role can create new users (typically only the most privileged role).

Note that the following additional restriction always applies and is not checked or enforced by this method:

  • A user in a user group can only ever create users with a less privileged role than them. This means that only a user who is PostgreSQL superuser can create users in the most privileged role.

Return type:

bool

abstractmethod higher_roles()[source]#

Returns all roles that have more privileges than this one.

Return type:

list[Self]

abstractmethod inherits_from()[source]#

Returns the role immediately below this one in the hierarchy, or None if this is the most privileged role.

Return type:

Optional[Self]

lower_roles()[source]#

Returns all roles that have fewer privileges than this one.

Return type:

list[Self]

simple_str()[source]#

Returns the user-facing user type name for this UserRole.

Default implementation splits on underscore. Will need to be overridden if the driver’s mapping doesn’t conform to this pattern.

Return type:

str

abstractmethod classmethod to_pg_role(role_str)[source]#

Converts convert user-facing user type names to internal database names

Should be implemented by adding a driver-specific prefix.

Parameters:

role_str (str) – User-facing role name (e.g. “user”, “manage”, “admin”)

Return type:

Self

Returns:

DB-facing role name (e.g. “odc_user”, “drv_manage”, “agdc_admin”)