Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow usage of PUBLIC role #1134

Merged
merged 3 commits into from
Jan 28, 2020
Merged

Allow usage of PUBLIC role #1134

merged 3 commits into from
Jan 28, 2020

Conversation

Vampouille
Copy link
Contributor

@Vampouille Vampouille commented Jan 24, 2020
edited by sanfrancrisko
Loading

Re-open #1003 with a new unit test

To generate this kind of query:

REVOKE CONNECT ON DATABASE database1 FROM PUBLIC;

I created following puppet code:

postgresql::server::database_grant { 'revoke connect on database1':
    ensure => 'absent',
    db => 'database1',
    privilege => 'CONNECT',
    role => 'PUBLIC',
}

This generate following error:

Error: /Stage[main]/Profile::Postgresql_gis/Postgresql::Server::Grant[revoke ALL on schema public to public:]/Postgresql_psql[grant:revoke ALL on schema public to public:]: Could not evaluate: Error evaluating 'unless' clause, returned pid 7360 exit 1: 'ERROR:  role "PUBLIC" does not exist

because PUBLIC is a "implicit" role and is not listed in pg_roles table.

To fix this I modify query that test if role exists.

Vampouille and others added 2 commits January 24, 2020 13:52
@Vampouille @raphink
Use 'public' instead of 'PUBLIC' in has_*_privilege() functions
59a1d7d 
When using System Information Functions like:
* has_database_privilege()
* has_table_privilege()

Allow usage of 'PUBLIC' in GRANT/REVOKE definition :

REVOKE CONNECT ON DATABASE database1 FROM PUBLIC;

postgresql::server::database_grant { 'revoke connect on database1':
    ensure => 'absent',
    db => 'database1',
    privilege => 'CONNECT',
    role => 'PUBLIC',
}
@raphink
server::grant: Add unit test for role=PUBLIC
5781e4c
@Vampouille Vampouille requested a review from a team as a code owner January 24, 2020 13:07
@puppet-community-rangefinder
Copy link

postgresql::server::grant is a type

The enclosing module is declared in 51 of 578 indexed public Puppetfiles.

Breaking changes to this file WILL impact these modules (exact match):

These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

@Vampouille
Copy link
Contributor Author

Vampouille commented Jan 24, 2020
edited
Loading

@david22swan @raphink helped me to add a unit test in this PR. Do you also need acceptance tests or is it ok for you ?

@Vampouille
Copy link
Contributor Author

Some tests are broken since the last commit, I will try to fix it.

@Vampouille
Copy link
Contributor Author

@david22swan Acceptance tests are fixed. Can you take a look at this PR ?

@sanfrancrisko sanfrancrisko merged commit 3ddfde0 into puppetlabs:master Jan 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sanfrancrisko sanfrancrisko sanfrancrisko approved these changes

Assignees
No one assigned
Labels
bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Vampouille @sanfrancrisko @raphink