Skip to content

Commit 98e9cc5

Browse files
pcncpcnc
committed
fix: account for procedures
1 parent 99be145 commit 98e9cc5

File tree

1 file changed

+22
-3
lines changed
  • ansible/files/admin_api_scripts/pg_upgrade_scripts

1 file changed

+22
-3
lines changed

ansible/files/admin_api_scripts/pg_upgrade_scripts/common.sh

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -164,7 +164,7 @@ declare
164164
)
165165
);
166166
functions jsonb[] := (
167-
select coalesce(array_agg(jsonb_build_object('oid', p.oid, 'owner', a.rolname, 'acl', p.proacl::text)), '{}')
167+
select coalesce(array_agg(jsonb_build_object('oid', p.oid, 'owner', a.rolname, 'kind', p.prokind, 'acl', p.proacl::text)), '{}')
168168
from pg_proc p
169169
join pg_namespace n on n.oid = p.pronamespace
170170
join pg_authid a on a.oid = p.proowner
@@ -428,7 +428,16 @@ begin
428428
from aclexplode((obj->>'acl')::aclitem[])
429429
where grantee::regrole in ('postgres', 'supabase_admin')
430430
loop
431-
execute(format('revoke %s on function %s(%s) from %I', rec.privilege_type, (obj->>'oid')::regproc, pg_get_function_identity_arguments((obj->>'oid')::regproc), case when rec.grantee = 'postgres'::regrole then 'supabase_admin' else 'postgres' end));
431+
execute(format('revoke %s on %s %s(%s) from %I'
432+
, rec.privilege_type
433+
, case
434+
when obj->>'kind' = 'p' then 'procedure'
435+
else 'function'
436+
end
437+
, (obj->>'oid')::regproc
438+
, pg_get_function_identity_arguments((obj->>'oid')::regproc)
439+
, case when rec.grantee = 'postgres'::regrole then 'supabase_admin' else 'postgres' end
440+
));
432441
end loop;
433442
end loop;
434443
foreach obj in array functions
@@ -438,7 +447,17 @@ begin
438447
from aclexplode((obj->>'acl')::aclitem[])
439448
where grantee::regrole in ('postgres', 'supabase_admin')
440449
loop
441-
execute(format('grant %s on function %s(%s) to %I %s', rec.privilege_type, (obj->>'oid')::regproc, pg_get_function_identity_arguments((obj->>'oid')::regproc), rec.grantee::regrole, case when rec.is_grantable then 'with grant option' else '' end));
450+
execute(format('grant %s on %s %s(%s) to %I %s'
451+
, rec.privilege_type
452+
, case
453+
when obj->>'kind' = 'p' then 'procedure'
454+
else 'function'
455+
end
456+
, (obj->>'oid')::regproc
457+
, pg_get_function_identity_arguments((obj->>'oid')::regproc)
458+
, rec.grantee::regrole
459+
, case when rec.is_grantable then 'with grant option' else '' end
460+
));
442461
end loop;
443462
end loop;
444463

0 commit comments

Comments
 (0)