Different postgres user per application

[maartenweyns]

For security purposes, different applications should use different users in our Google Cloud postgres instance. The users should have the minimal required privileges within their database.

Before merging this PR, it should be verified that the users in the google cloud postgres instance have the correct permissions!

Tasks:

• Create new users in Google Cloud postgres instance
  • events
  • dienst2
  • choice
  • listmonk
  • mand
  • areafiftylan
  • areafiftylan-legacy
• Update credentials in the application's secret file
• Update (reduce) permissions of the new user in the postgres instance
• Merge and pray everything works? :)

[maartenweyns]

By default, Google Cloud creates new users with the cloudsqlsuperuser role, basically meaning root access. These roles should be changed by hand per user with a psql client.

[dsluijk]

I dove into this today, and it is a bit of a rabbit hole. It is not clear in the docs, but there is a massive difference between standard and IAM users. Standard users are basically superusers, but IAM users have no permissions at all. So we should instead migrate to IAM authentication with cloud-sql-proxy for all applications. This way we need to grand access to specific actions on specific databases on an account basis. We are using this proxy already, but that is just for the connection and does not handle authentication.

We can also phase out password authentication completely this way, as there is no need to pass around passwords with IAM. They are automagically fetched by the proxy when using the --auto-iam-authn flag.

For more information, take a look here as well as the shuttr application on this repo.