Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: pgmq ownership #1362

Merged
merged 3 commits into from
Dec 9, 2024
Merged

fix: pgmq ownership #1362

merged 3 commits into from
Dec 9, 2024

Conversation

soedirgo
Copy link
Member

@soedirgo soedirgo commented Dec 9, 2024
edited by olirice
Loading

Automatically assigns ownership of the pgmq extension and associated entities to postgres from supabase_admin.

This is already the case by default. However, when projects are paused and restored, they are restored with supabase_admin, which alters their ownership and makes the extension inoperable.

@soedirgo soedirgo changed the base branch from develop to release/15.6 December 9, 2024 09:18
@samrose
Copy link
Contributor

samrose commented Dec 9, 2024

@soedirgo is there a way for us to keep adding to our tests we run here, to test for these kinds of corrections? There is probably some point in that file where the appropriate configurations are run, that could then let us verify that permissions etc are the way they need to be. We could start out by testing this, and then eventually test many other permissions if they are not already tested.

@olirice olirice marked this pull request as ready for review December 9, 2024 19:14
@olirice olirice requested a review from a team as a code owner December 9, 2024 19:14
@olirice olirice merged commit 8b3db2e into release/15.6 Dec 9, 2024
8 checks passed
@olirice olirice deleted the fix/pgmq-ownership branch December 9, 2024 21:56
@soedirgo
Copy link
Member Author

@samrose yeah I'll see if I can add that test; it should be something simple like:

  • create extension pgmq
  • check if pgmq tables, functions, etc. are owned by postgres

samrose added a commit that referenced this pull request Dec 12, 2024
@pcnc @soedirgo
@kangmingtay @dragarcia @hf @samrose @olirice @pashkinelfe @J0 @cstockton
chore: merge 15.6 changes into develop (#1368)
c45336c 
* fix: account for `public` grantee

* fix(ci): respect postgresVersion input (#1237)

* feat: bump gotrue version to v2.162.0 (#1241)

* fix: only grant pg_read_all_data if it exists (#1242)

* fix: only grant pg_read_all_data if it exists

* fix: prevent `public` from being casted into `regrole`

* fix(15.6): account for pg_stat_monitor major version upgrade (#1247)

* chore: release updates to run physical backup as a service to 15.6 image (#1248)

* chore: updates to run physical backups as a service (#1235)

* chore: init commence-backup service

* chore: bump adminapi and adminmgr

* chore: bump version

* fix: provide correct filename

* chore: bump postgres version

* fix(15.6/pg_upgrade): retry commands within the cleanup step; wait until PG is ready to accept connections (#1250)

* fix(15.6/upgrades): collision when patching wrappers lib locations for upgrades (#1252)

* feat: bump auth 2.162.1 on 15.6 (#1256)

* fix(15.6): disable pg_stat_monitor (#1260)

* fix: disable pg_stat_monitor

* chore: bump version

* fix(15.6): disable pg_stat_monitor (#1262)

* fix: disable pg_stat_monitor

* chore: bump version

* feat: bump gotrue to v2.162.2 (#1264)

* chore: add timescaledb 2.9.1; wrappers upgrade fix; wrappers & plv8 naming fix (#1259)

Co-authored-by: Bobbie Soedirgo <[email protected]>
Co-authored-by: Bobbie Soedirgo <[email protected]>
Co-authored-by: Kang Ming <[email protected]>
Co-authored-by: Stojan Dimitrovski <[email protected]>
Co-authored-by: Sam Rose <[email protected]>
fix(ci): respect postgresVersion input (#1237)
fix: only grant pg_read_all_data if it exists (#1242)
fix(15.6): disable pg_stat_monitor (#1260)

* chore(15.6): bump pg version (#1273)

* feat: bump auth to v2.163.0 on 15.6 (#1275)

* fix: restart PG during pre-upgrade steps to shed hanging connections (#1271)

* fix(upgrades): wrappers 4.2.0 -> wrappers 4.2.0 (#1278)

* fix: handle supabase_admin authenticator membership snowflake

* feat: add auth v2.163.1 to 15.6 (#1283)

* feat: bump gotrue to v2.163.2 (#1287)

* pg_net 0.11 on 15.6 release branch (#1290)

* bump pg_net to 0.11.0

* bump image to 15.6.1.135

* fix: don't copy custom extension scripts during pg_upgrade (#1291)

* fix: add recursive flag to custom extension script directory delete (#1292)

* [GEN-11027] chore: reserve a fixed amount of blocks for the data volume; remove ansible pkg + ppa (#1295)

* fix: grant predefined roles post-upgrade

* fix: add more roles to reserved_roles & reserved_memberships (#1303)

* fix: add more roles to reserved_roles & reserved_memberships

* Update common-nix.vars.pkr.hcl

* feat: update envoy lds config with auth jwks, oidc URLs, strip `sb-opk` header (#1296)

* chore: udpate package repo for salt (#1307)

* fix: use sudo for apt-get commands

* Update pg net to 0.13.0 on pg 15.6 branch (#1315)

* upgrade pg_net to 0.13.0 on 15.6

* bump postgres-version

* chore: cleanup pgbouncer.get_auth ownership accordingly

* chore: standardize

* Upgrade pgvector to 0.8.0

* Update common-nix.vars.pkr.hcl

Bump version to 15.6.1.140

* feat: upgrade to auth v2.164.0 (#1329)

* fix: update auth to v2.164.0

* fix: upgrade version

* fix: bump nix instead

* fix: replace `alter routine` with `alter function|procedure` (#1333)

* fix: pg_upgrade_script (#1336)

* feat: supautils v2.5.0

* pgmq in 15.6 image (#1337)

* pick pgmq to 15.6

* update extension interface test output

* bump image version

* fix: upload gotrue binary to internal-artifacts as a gz file (#1340)

* feat: upgrade to auth v2.165.0 (#1357)

Upgrade Auth version to v2.165.0

supabase/auth#1846

Co-authored-by: Chris Stockton <[email protected]>

* feat: bump gotrue to v2.165.1 (#1358)

* feat: build and cache debug and src on this branch (#1360)

* fix: pgmq ownership (#1362)

* fix: pgmq ownership

* tmp

* bump version for production release

---------

Co-authored-by: Oliver Rice <[email protected]>

* fix: remove duplicate pgmq in test

* chore: filter timescale 2.9.1 on pg 16 and oriole17

* chore: bumping versions (#1370)

---------

Co-authored-by: Bobbie Soedirgo <[email protected]>
Co-authored-by: Bobbie Soedirgo <[email protected]>
Co-authored-by: Kang Ming <[email protected]>
Co-authored-by: angelico <[email protected]>
Co-authored-by: Stojan Dimitrovski <[email protected]>
Co-authored-by: Sam Rose <[email protected]>
Co-authored-by: Oliver Rice <[email protected]>
Co-authored-by: Pavel Borisov <[email protected]>
Co-authored-by: Pavel Borisov <[email protected]>
Co-authored-by: Joel Lee <[email protected]>
Co-authored-by: Chris Stockton <[email protected]>
Co-authored-by: Chris Stockton <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Crispy1975 Crispy1975 Crispy1975 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@soedirgo @samrose @Crispy1975 @olirice