From d8c6c417fd8784c925f4cc5bbf57730459bfbbc8 Mon Sep 17 00:00:00 2001 From: TheOtherBrian1 <91111415+TheOtherBrian1@users.noreply.github.com> Date: Tue, 23 Jul 2024 15:54:09 -0400 Subject: [PATCH 1/2] Update supautils.conf.j2 | exempted net and logging variables --- ansible/files/postgresql_config/supautils.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/files/postgresql_config/supautils.conf.j2 b/ansible/files/postgresql_config/supautils.conf.j2 index e86c4db09..fb69fe36d 100644 --- a/ansible/files/postgresql_config/supautils.conf.j2 +++ b/ansible/files/postgresql_config/supautils.conf.j2 @@ -7,6 +7,6 @@ supautils.privileged_extensions = 'address_standardizer, address_standardizer_da supautils.privileged_extensions_custom_scripts_path = '/etc/postgresql-custom/extension-custom-scripts' supautils.privileged_extensions_superuser = 'supabase_admin' supautils.privileged_role = 'postgres' -supautils.privileged_role_allowed_configs = 'auto_explain.log_min_duration, auto_explain.log_nested_statements, log_min_messages, pgaudit.log, pgaudit.log_catalog, pgaudit.log_client, pgaudit.log_level, pgaudit.log_relation, pgaudit.log_rows, pgaudit.log_statement, pgaudit.log_statement_once, pgaudit.role, pgrst.*, plan_filter.*, safeupdate.enabled, session_replication_role, track_io_timing' +supautils.privileged_role_allowed_configs = 'auto_explain.log_min_duration, auto_explain.log_nested_statements, log_min_messages, pgaudit.log, pgaudit.log_catalog, pgaudit.log_client, pgaudit.log_level, pgaudit.log_relation, pgaudit.log_rows, pgaudit.log_statement, pgaudit.log_statement_once, pgaudit.role, pgrst.*, plan_filter.*, safeupdate.enabled, session_replication_role, track_io_timing, pg_net.batch_size, pg_net.ttl, log_lock_waits' supautils.reserved_memberships = 'pg_read_server_files, pg_write_server_files, pg_execute_server_program, authenticator' supautils.reserved_roles = 'supabase_admin, supabase_auth_admin, supabase_storage_admin, supabase_read_only_user, supabase_replication_admin, dashboard_user, pgbouncer, service_role*, authenticator*, authenticated*, anon*' From 2c5175202bdb050569bc7ce17fd3dc1a799231e8 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 14 Aug 2024 21:15:29 +0000 Subject: [PATCH 2/2] test: include supautils conf --- flake.nix | 21 ++++++++++++++++----- nix/tests/postgresql.conf.in | 4 ++-- nix/tools/run-server.sh.in | 4 +++- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/flake.nix b/flake.nix index 1ced4ab06..b5a4648b9 100644 --- a/flake.nix +++ b/flake.nix @@ -407,18 +407,29 @@ # Start a version of the server. start-server = let - configFile = ./nix/tests/postgresql.conf.in; + pgconfigFile = ./nix/tests/postgresql.conf.in; + supautilsConfigFile = builtins.path { + name = "supautils.conf"; + path = ./ansible/files/postgresql_config/supautils.conf.j2; + }; getkeyScript = ./nix/tests/util/pgsodium_getkey.sh; in pkgs.runCommand "start-postgres-server" { } '' - mkdir -p $out/bin + mkdir -p $out/bin $out/etc/postgresql-custom + echo "Copying from: ${supautilsConfigFile}" + echo "Copying to: $out/etc/postgresql-custom/supautils.conf" + cp ${supautilsConfigFile} $out/etc/postgresql-custom/supautils.conf || { echo "Failed to copy supautils.conf"; exit 1; } + echo "Copy operation completed" + chmod 644 $out/etc/postgresql-custom/supautils.conf + cat $out/etc/postgresql-custom/supautils.conf substitute ${./nix/tools/run-server.sh.in} $out/bin/start-postgres-server \ --subst-var-by 'PGSQL_DEFAULT_PORT' '${pgsqlDefaultPort}' \ --subst-var-by 'PGSQL_SUPERUSER' '${pgsqlSuperuser}' \ --subst-var-by 'PSQL15_BINDIR' '${basePackages.psql_15.bin}' \ - --subst-var-by 'PSQL_CONF_FILE' '${configFile}' \ - --subst-var-by 'PGSODIUM_GETKEY' '${getkeyScript}' - + --subst-var-by 'PSQL_CONF_FILE' '${pgconfigFile}' \ + --subst-var-by 'PGSODIUM_GETKEY' '${getkeyScript}' \ + --subst-var-by 'SUPAUTILS_CONF_FILE' "$out/etc/postgresql-custom/supautils.conf" + chmod +x $out/bin/start-postgres-server ''; diff --git a/nix/tests/postgresql.conf.in b/nix/tests/postgresql.conf.in index 4c5075aa1..f188e953b 100644 --- a/nix/tests/postgresql.conf.in +++ b/nix/tests/postgresql.conf.in @@ -717,7 +717,7 @@ default_text_search_config = 'pg_catalog.english' #local_preload_libraries = '' #session_preload_libraries = '' -shared_preload_libraries = 'auto_explain,pgsodium' +shared_preload_libraries = 'pg_stat_statements, pg_stat_monitor, pgaudit, plpgsql, plpgsql_check, pg_cron, pg_net, pgsodium, timescaledb, auto_explain, pg_tle, plan_filter' #jit_provider = 'llvmjit' # JIT library to use # - Other Defaults - @@ -791,5 +791,5 @@ shared_preload_libraries = 'auto_explain,pgsodium' #------------------------------------------------------------------------------ # Add settings for extensions here - +include = '@SUPAUTILS_CONFIG_FILE@' pgsodium.getkey_script = '@PGSODIUM_GETKEY_SCRIPT@' diff --git a/nix/tools/run-server.sh.in b/nix/tools/run-server.sh.in index b620a0f15..676df3c3c 100644 --- a/nix/tools/run-server.sh.in +++ b/nix/tools/run-server.sh.in @@ -28,6 +28,7 @@ PSQL_CONF_FILE=@PSQL_CONF_FILE@ PGSODIUM_GETKEY_SCRIPT=@PGSODIUM_GETKEY@ PORTNO="${2:-@PGSQL_DEFAULT_PORT@}" PLJAVA_LIBJVM_LOCATION=@LIBJVM_LOCATION@ +SUPAUTILS_CONFIG_FILE=@SUPAUTILS_CONF_FILE@ DATDIR=$(mktemp -d) mkdir -p "$DATDIR" @@ -42,6 +43,7 @@ echo "NOTE: patching postgresql.conf files" echo "pljava libjvm location: $PLJAVA_LIBJVM_LOCATION" sed -e "s#@PGSODIUM_GETKEY_SCRIPT@#$PGSODIUM_GETKEY_SCRIPT#g" \ -e "s#@PLJAVA_LIBJVM_LOCATION@#$PLJAVA_LIBJVM_LOCATION#g" \ + -e "s#@SUPAUTILS_CONFIG_FILE@#$SUPAUTILS_CONFIG_FILE#g" \ $PSQL_CONF_FILE > "$DATDIR/postgresql.conf" - +cat $DATDIR/postgresql.conf exec postgres -p "$PORTNO" -D "$DATDIR" -k /tmp