fix: only grant pg_read_all_data if it exists #1242
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pcnc
approved these changes
Sep 30, 2024
pcnc
pushed a commit
that referenced
this pull request
Oct 1, 2024
* fix: only grant pg_read_all_data if it exists * fix: prevent `public` from being casted into `regrole`
pcnc
pushed a commit
that referenced
this pull request
Oct 1, 2024
* fix: only grant pg_read_all_data if it exists * fix: prevent `public` from being casted into `regrole`
pcnc
added a commit
that referenced
this pull request
Oct 15, 2024
…aming fix (#1259) Co-authored-by: Bobbie Soedirgo <[email protected]> Co-authored-by: Bobbie Soedirgo <[email protected]> Co-authored-by: Kang Ming <[email protected]> Co-authored-by: Stojan Dimitrovski <[email protected]> Co-authored-by: Sam Rose <[email protected]> fix(ci): respect postgresVersion input (#1237) fix: only grant pg_read_all_data if it exists (#1242) fix(15.6): disable pg_stat_monitor (#1260)
pcnc
added a commit
that referenced
this pull request
Nov 14, 2024
* fix: account for `public` grantee * fix(ci): respect postgresVersion input (#1237) * feat: bump gotrue version to v2.162.0 (#1241) * fix: only grant pg_read_all_data if it exists (#1242) * fix: only grant pg_read_all_data if it exists * fix: prevent `public` from being casted into `regrole` * fix(15.6): account for pg_stat_monitor major version upgrade (#1247) * chore: release updates to run physical backup as a service to 15.6 image (#1248) * chore: updates to run physical backups as a service (#1235) * chore: init commence-backup service * chore: bump adminapi and adminmgr * chore: bump version * fix: provide correct filename * chore: bump postgres version * fix(15.6/pg_upgrade): retry commands within the cleanup step; wait until PG is ready to accept connections (#1250) * fix(15.6/upgrades): collision when patching wrappers lib locations for upgrades (#1252) * feat: bump auth 2.162.1 on 15.6 (#1256) * fix(15.6): disable pg_stat_monitor (#1260) * fix: disable pg_stat_monitor * chore: bump version * fix(15.6): disable pg_stat_monitor (#1262) * fix: disable pg_stat_monitor * chore: bump version * feat: bump gotrue to v2.162.2 (#1264) * chore: add timescaledb 2.9.1; wrappers upgrade fix; wrappers & plv8 naming fix (#1259) Co-authored-by: Bobbie Soedirgo <[email protected]> Co-authored-by: Bobbie Soedirgo <[email protected]> Co-authored-by: Kang Ming <[email protected]> Co-authored-by: Stojan Dimitrovski <[email protected]> Co-authored-by: Sam Rose <[email protected]> fix(ci): respect postgresVersion input (#1237) fix: only grant pg_read_all_data if it exists (#1242) fix(15.6): disable pg_stat_monitor (#1260) * chore(15.6): bump pg version (#1273) * feat: bump auth to v2.163.0 on 15.6 (#1275) * fix: restart PG during pre-upgrade steps to shed hanging connections (#1271) * fix(upgrades): wrappers 4.2.0 -> wrappers 4.2.0 (#1278) * fix: handle supabase_admin authenticator membership snowflake * feat: add auth v2.163.1 to 15.6 (#1283) * feat: bump gotrue to v2.163.2 (#1287) * pg_net 0.11 on 15.6 release branch (#1290) * bump pg_net to 0.11.0 * bump image to 15.6.1.135 * fix: don't copy custom extension scripts during pg_upgrade (#1291) * fix: add recursive flag to custom extension script directory delete (#1292) * [GEN-11027] chore: reserve a fixed amount of blocks for the data volume; remove ansible pkg + ppa (#1295) * fix: grant predefined roles post-upgrade * fix: add more roles to reserved_roles & reserved_memberships (#1303) * fix: add more roles to reserved_roles & reserved_memberships * Update common-nix.vars.pkr.hcl * feat: update envoy lds config with auth jwks, oidc URLs, strip `sb-opk` header (#1296) * chore: udpate package repo for salt (#1307) * fix: use sudo for apt-get commands * Update pg net to 0.13.0 on pg 15.6 branch (#1315) * upgrade pg_net to 0.13.0 on 15.6 * bump postgres-version * chore: cleanup pgbouncer.get_auth ownership accordingly * chore: standardize * feat: filter timescaledb to only be included on v15 (#1321) * feat: filter timescaledb to only be included on v15 * chore: shuffle a bit to match what is needed for various versions * chore: small fixes on sb wrappers and plv8 to merge in all needed install function --------- Co-authored-by: Bobbie Soedirgo <[email protected]> Co-authored-by: Bobbie Soedirgo <[email protected]> Co-authored-by: Kang Ming <[email protected]> Co-authored-by: angelico <[email protected]> Co-authored-by: Stojan Dimitrovski <[email protected]> Co-authored-by: Sam Rose <[email protected]> Co-authored-by: Oliver Rice <[email protected]>
samrose
added a commit
that referenced
this pull request
Dec 12, 2024
* fix: account for `public` grantee * fix(ci): respect postgresVersion input (#1237) * feat: bump gotrue version to v2.162.0 (#1241) * fix: only grant pg_read_all_data if it exists (#1242) * fix: only grant pg_read_all_data if it exists * fix: prevent `public` from being casted into `regrole` * fix(15.6): account for pg_stat_monitor major version upgrade (#1247) * chore: release updates to run physical backup as a service to 15.6 image (#1248) * chore: updates to run physical backups as a service (#1235) * chore: init commence-backup service * chore: bump adminapi and adminmgr * chore: bump version * fix: provide correct filename * chore: bump postgres version * fix(15.6/pg_upgrade): retry commands within the cleanup step; wait until PG is ready to accept connections (#1250) * fix(15.6/upgrades): collision when patching wrappers lib locations for upgrades (#1252) * feat: bump auth 2.162.1 on 15.6 (#1256) * fix(15.6): disable pg_stat_monitor (#1260) * fix: disable pg_stat_monitor * chore: bump version * fix(15.6): disable pg_stat_monitor (#1262) * fix: disable pg_stat_monitor * chore: bump version * feat: bump gotrue to v2.162.2 (#1264) * chore: add timescaledb 2.9.1; wrappers upgrade fix; wrappers & plv8 naming fix (#1259) Co-authored-by: Bobbie Soedirgo <[email protected]> Co-authored-by: Bobbie Soedirgo <[email protected]> Co-authored-by: Kang Ming <[email protected]> Co-authored-by: Stojan Dimitrovski <[email protected]> Co-authored-by: Sam Rose <[email protected]> fix(ci): respect postgresVersion input (#1237) fix: only grant pg_read_all_data if it exists (#1242) fix(15.6): disable pg_stat_monitor (#1260) * chore(15.6): bump pg version (#1273) * feat: bump auth to v2.163.0 on 15.6 (#1275) * fix: restart PG during pre-upgrade steps to shed hanging connections (#1271) * fix(upgrades): wrappers 4.2.0 -> wrappers 4.2.0 (#1278) * fix: handle supabase_admin authenticator membership snowflake * feat: add auth v2.163.1 to 15.6 (#1283) * feat: bump gotrue to v2.163.2 (#1287) * pg_net 0.11 on 15.6 release branch (#1290) * bump pg_net to 0.11.0 * bump image to 15.6.1.135 * fix: don't copy custom extension scripts during pg_upgrade (#1291) * fix: add recursive flag to custom extension script directory delete (#1292) * [GEN-11027] chore: reserve a fixed amount of blocks for the data volume; remove ansible pkg + ppa (#1295) * fix: grant predefined roles post-upgrade * fix: add more roles to reserved_roles & reserved_memberships (#1303) * fix: add more roles to reserved_roles & reserved_memberships * Update common-nix.vars.pkr.hcl * feat: update envoy lds config with auth jwks, oidc URLs, strip `sb-opk` header (#1296) * chore: udpate package repo for salt (#1307) * fix: use sudo for apt-get commands * Update pg net to 0.13.0 on pg 15.6 branch (#1315) * upgrade pg_net to 0.13.0 on 15.6 * bump postgres-version * chore: cleanup pgbouncer.get_auth ownership accordingly * chore: standardize * Upgrade pgvector to 0.8.0 * Update common-nix.vars.pkr.hcl Bump version to 15.6.1.140 * feat: upgrade to auth v2.164.0 (#1329) * fix: update auth to v2.164.0 * fix: upgrade version * fix: bump nix instead * fix: replace `alter routine` with `alter function|procedure` (#1333) * fix: pg_upgrade_script (#1336) * feat: supautils v2.5.0 * pgmq in 15.6 image (#1337) * pick pgmq to 15.6 * update extension interface test output * bump image version * fix: upload gotrue binary to internal-artifacts as a gz file (#1340) * feat: upgrade to auth v2.165.0 (#1357) Upgrade Auth version to v2.165.0 supabase/auth#1846 Co-authored-by: Chris Stockton <[email protected]> * feat: bump gotrue to v2.165.1 (#1358) * feat: build and cache debug and src on this branch (#1360) * fix: pgmq ownership (#1362) * fix: pgmq ownership * tmp * bump version for production release --------- Co-authored-by: Oliver Rice <[email protected]> * fix: remove duplicate pgmq in test * chore: filter timescale 2.9.1 on pg 16 and oriole17 * chore: bumping versions (#1370) --------- Co-authored-by: Bobbie Soedirgo <[email protected]> Co-authored-by: Bobbie Soedirgo <[email protected]> Co-authored-by: Kang Ming <[email protected]> Co-authored-by: angelico <[email protected]> Co-authored-by: Stojan Dimitrovski <[email protected]> Co-authored-by: Sam Rose <[email protected]> Co-authored-by: Oliver Rice <[email protected]> Co-authored-by: Pavel Borisov <[email protected]> Co-authored-by: Pavel Borisov <[email protected]> Co-authored-by: Joel Lee <[email protected]> Co-authored-by: Chris Stockton <[email protected]> Co-authored-by: Chris Stockton <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
pg_read_all_data only exists on PG14+
Also fixes a regression from #1236 where
'public'is being casted intoregrole