From 94eac422419c64b27c9cecc2e856c16d80b3bace Mon Sep 17 00:00:00 2001 From: Bobbie Soedirgo Date: Fri, 5 Sep 2025 18:04:05 +0800 Subject: [PATCH 1/2] feat: enable pg_visibility --- ansible/files/postgresql_config/supautils.conf.j2 | 6 +++--- nix/tests/expected/pg_visibility.out | 5 +++++ nix/tests/sql/pg_visibility.sql | 5 +++++ 3 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 nix/tests/expected/pg_visibility.out create mode 100644 nix/tests/sql/pg_visibility.sql diff --git a/ansible/files/postgresql_config/supautils.conf.j2 b/ansible/files/postgresql_config/supautils.conf.j2 index a3456f699..1f31c3066 100644 --- a/ansible/files/postgresql_config/supautils.conf.j2 +++ b/ansible/files/postgresql_config/supautils.conf.j2 @@ -1,12 +1,12 @@ -supautils.extensions_parameter_overrides = '{"pg_cron":{"schema":"pg_catalog"}}' +supautils.extensions_parameter_overrides = '{"pg_cron":{"schema":"pg_catalog"},"pg_visibility":{"schema":"pg_catalog"}}' supautils.policy_grants = '{"postgres":["auth.audit_log_entries","auth.identities","auth.mfa_factors","auth.refresh_tokens","auth.sessions","auth.users","realtime.messages","storage.buckets","storage.migrations","storage.objects","storage.s3_multipart_uploads","storage.s3_multipart_uploads_parts"]}' supautils.drop_trigger_grants = '{"postgres":["auth.audit_log_entries","auth.identities","auth.mfa_factors","auth.refresh_tokens","auth.sessions","auth.users","realtime.messages","storage.buckets","storage.migrations","storage.objects","storage.s3_multipart_uploads","storage.s3_multipart_uploads_parts"]}' # full list: address_standardizer, address_standardizer_data_us, adminpack, amcheck, autoinc, bloom, btree_gin, btree_gist, citext, cube, dblink, dict_int, dict_xsyn, earthdistance, file_fdw, fuzzystrmatch, hstore, http, hypopg, index_advisor, insert_username, intagg, intarray, isn, lo, ltree, moddatetime, old_snapshot, orioledb, pageinspect, pg_buffercache, pg_cron, pg_freespacemap, pg_graphql, pg_hashids, pg_jsonschema, pg_net, pg_prewarm, pg_repack, pg_stat_monitor, pg_stat_statements, pg_surgery, pg_tle, pg_trgm, pg_visibility, pg_walinspect, pgaudit, pgcrypto, pgjwt, pgmq, pgroonga, pgroonga_database, pgrouting, pgrowlocks, pgsodium, pgstattuple, pgtap, plcoffee, pljava, plls, plpgsql, plpgsql_check, plv8, postgis, postgis_raster, postgis_sfcgal, postgis_tiger_geocoder, postgis_topology, postgres_fdw, refint, rum, seg, sslinfo, supabase_vault, supautils, tablefunc, tcn, timescaledb, tsm_system_rows, tsm_system_time, unaccent, uuid-ossp, vector, wrappers, xml2 -# omitted because may be unsafe: adminpack, amcheck, file_fdw, lo, old_snapshot, pageinspect, pg_freespacemap, pg_surgery, pg_visibility +# omitted because may be unsafe: adminpack, amcheck, file_fdw, lo, old_snapshot, pageinspect, pg_freespacemap, pg_surgery # omitted because deprecated: intagg, xml2 # omitted because doesn't require superuser: pgmq # omitted because protected: plpgsql -supautils.privileged_extensions = 'address_standardizer, address_standardizer_data_us, autoinc, bloom, btree_gin, btree_gist, citext, cube, dblink, dict_int, dict_xsyn, earthdistance, fuzzystrmatch, hstore, http, hypopg, index_advisor, insert_username, intarray, isn, ltree, moddatetime, orioledb, pg_buffercache, pg_cron, pg_graphql, pg_hashids, pg_jsonschema, pg_net, pg_prewarm, pg_repack, pg_stat_monitor, pg_stat_statements, pg_tle, pg_trgm, pg_walinspect, pgaudit, pgcrypto, pgjwt, pgroonga, pgroonga_database, pgrouting, pgrowlocks, pgsodium, pgstattuple, pgtap, plcoffee, pljava, plls, plpgsql_check, plv8, postgis, postgis_raster, postgis_sfcgal, postgis_tiger_geocoder, postgis_topology, postgres_fdw, refint, rum, seg, sslinfo, supabase_vault, supautils, tablefunc, tcn, timescaledb, tsm_system_rows, tsm_system_time, unaccent, uuid-ossp, vector, wrappers' +supautils.privileged_extensions = 'address_standardizer, address_standardizer_data_us, autoinc, bloom, btree_gin, btree_gist, citext, cube, dblink, dict_int, dict_xsyn, earthdistance, fuzzystrmatch, hstore, http, hypopg, index_advisor, insert_username, intarray, isn, ltree, moddatetime, orioledb, pg_buffercache, pg_cron, pg_graphql, pg_hashids, pg_jsonschema, pg_net, pg_prewarm, pg_repack, pg_stat_monitor, pg_stat_statements, pg_tle, pg_trgm, pg_visibility, pg_walinspect, pgaudit, pgcrypto, pgjwt, pgroonga, pgroonga_database, pgrouting, pgrowlocks, pgsodium, pgstattuple, pgtap, plcoffee, pljava, plls, plpgsql_check, plv8, postgis, postgis_raster, postgis_sfcgal, postgis_tiger_geocoder, postgis_topology, postgres_fdw, refint, rum, seg, sslinfo, supabase_vault, supautils, tablefunc, tcn, timescaledb, tsm_system_rows, tsm_system_time, unaccent, uuid-ossp, vector, wrappers' supautils.extension_custom_scripts_path = '/etc/postgresql-custom/extension-custom-scripts' supautils.privileged_extensions_superuser = 'supabase_admin' supautils.privileged_role = 'postgres' diff --git a/nix/tests/expected/pg_visibility.out b/nix/tests/expected/pg_visibility.out new file mode 100644 index 000000000..18f21294d --- /dev/null +++ b/nix/tests/expected/pg_visibility.out @@ -0,0 +1,5 @@ +-- can create the extension +set role postgres; +drop extension if exists pg_visibility; +create extension pg_visibility; +reset role; diff --git a/nix/tests/sql/pg_visibility.sql b/nix/tests/sql/pg_visibility.sql new file mode 100644 index 000000000..18f21294d --- /dev/null +++ b/nix/tests/sql/pg_visibility.sql @@ -0,0 +1,5 @@ +-- can create the extension +set role postgres; +drop extension if exists pg_visibility; +create extension pg_visibility; +reset role; From 57864296c8625a865c7306ef2caaede2a101f054 Mon Sep 17 00:00:00 2001 From: Bobbie Soedirgo Date: Fri, 5 Sep 2025 18:23:54 +0800 Subject: [PATCH 2/2] test: update snapshots --- nix/tests/expected/z_15_ext_interface.out | 16 ++++++++-------- nix/tests/expected/z_17_ext_interface.out | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/nix/tests/expected/z_15_ext_interface.out b/nix/tests/expected/z_15_ext_interface.out index d3d9f7c4f..e1bd87bb5 100644 --- a/nix/tests/expected/z_15_ext_interface.out +++ b/nix/tests/expected/z_15_ext_interface.out @@ -1269,14 +1269,14 @@ order by pg_trgm | public | word_similarity_dist_commutator_op | text, text | real pg_trgm | public | word_similarity_dist_op | text, text | real pg_trgm | public | word_similarity_op | text, text | boolean - pg_visibility | public | pg_check_frozen | regclass, OUT t_ctid tid | SETOF tid - pg_visibility | public | pg_check_visible | regclass, OUT t_ctid tid | SETOF tid - pg_visibility | public | pg_truncate_visibility_map | regclass | void - pg_visibility | public | pg_visibility | regclass, OUT blkno bigint, OUT all_visible boolean, OUT all_frozen boolean, OUT pd_all_visible boolean | SETOF record - pg_visibility | public | pg_visibility | regclass, blkno bigint, OUT all_visible boolean, OUT all_frozen boolean, OUT pd_all_visible boolean | record - pg_visibility | public | pg_visibility_map | regclass, blkno bigint, OUT all_visible boolean, OUT all_frozen boolean | record - pg_visibility | public | pg_visibility_map | regclass, OUT blkno bigint, OUT all_visible boolean, OUT all_frozen boolean | SETOF record - pg_visibility | public | pg_visibility_map_summary | regclass, OUT all_visible bigint, OUT all_frozen bigint | record + pg_visibility | pg_catalog | pg_check_frozen | regclass, OUT t_ctid tid | SETOF tid + pg_visibility | pg_catalog | pg_check_visible | regclass, OUT t_ctid tid | SETOF tid + pg_visibility | pg_catalog | pg_truncate_visibility_map | regclass | void + pg_visibility | pg_catalog | pg_visibility | regclass, OUT blkno bigint, OUT all_visible boolean, OUT all_frozen boolean, OUT pd_all_visible boolean | SETOF record + pg_visibility | pg_catalog | pg_visibility | regclass, blkno bigint, OUT all_visible boolean, OUT all_frozen boolean, OUT pd_all_visible boolean | record + pg_visibility | pg_catalog | pg_visibility_map | regclass, blkno bigint, OUT all_visible boolean, OUT all_frozen boolean | record + pg_visibility | pg_catalog | pg_visibility_map | regclass, OUT blkno bigint, OUT all_visible boolean, OUT all_frozen boolean | SETOF record + pg_visibility | pg_catalog | pg_visibility_map_summary | regclass, OUT all_visible bigint, OUT all_frozen bigint | record pg_walinspect | public | pg_get_wal_record_info | in_lsn pg_lsn, OUT start_lsn pg_lsn, OUT end_lsn pg_lsn, OUT prev_lsn pg_lsn, OUT xid xid, OUT resource_manager text, OUT record_type text, OUT record_length integer, OUT main_data_length integer, OUT fpi_length integer, OUT description text, OUT block_ref text | record pg_walinspect | public | pg_get_wal_records_info | start_lsn pg_lsn, end_lsn pg_lsn, OUT start_lsn pg_lsn, OUT end_lsn pg_lsn, OUT prev_lsn pg_lsn, OUT xid xid, OUT resource_manager text, OUT record_type text, OUT record_length integer, OUT main_data_length integer, OUT fpi_length integer, OUT description text, OUT block_ref text | SETOF record pg_walinspect | public | pg_get_wal_stats | start_lsn pg_lsn, end_lsn pg_lsn, per_record boolean, OUT "resource_manager/record_type" text, OUT count bigint, OUT count_percentage double precision, OUT record_size bigint, OUT record_size_percentage double precision, OUT fpi_size bigint, OUT fpi_size_percentage double precision, OUT combined_size bigint, OUT combined_size_percentage double precision | SETOF record diff --git a/nix/tests/expected/z_17_ext_interface.out b/nix/tests/expected/z_17_ext_interface.out index 46792e48f..f2c929fdc 100644 --- a/nix/tests/expected/z_17_ext_interface.out +++ b/nix/tests/expected/z_17_ext_interface.out @@ -1254,14 +1254,14 @@ order by pg_trgm | public | word_similarity_dist_commutator_op | text, text | real pg_trgm | public | word_similarity_dist_op | text, text | real pg_trgm | public | word_similarity_op | text, text | boolean - pg_visibility | public | pg_check_frozen | regclass, OUT t_ctid tid | SETOF tid - pg_visibility | public | pg_check_visible | regclass, OUT t_ctid tid | SETOF tid - pg_visibility | public | pg_truncate_visibility_map | regclass | void - pg_visibility | public | pg_visibility | regclass, OUT blkno bigint, OUT all_visible boolean, OUT all_frozen boolean, OUT pd_all_visible boolean | SETOF record - pg_visibility | public | pg_visibility | regclass, blkno bigint, OUT all_visible boolean, OUT all_frozen boolean, OUT pd_all_visible boolean | record - pg_visibility | public | pg_visibility_map | regclass, blkno bigint, OUT all_visible boolean, OUT all_frozen boolean | record - pg_visibility | public | pg_visibility_map | regclass, OUT blkno bigint, OUT all_visible boolean, OUT all_frozen boolean | SETOF record - pg_visibility | public | pg_visibility_map_summary | regclass, OUT all_visible bigint, OUT all_frozen bigint | record + pg_visibility | pg_catalog | pg_check_frozen | regclass, OUT t_ctid tid | SETOF tid + pg_visibility | pg_catalog | pg_check_visible | regclass, OUT t_ctid tid | SETOF tid + pg_visibility | pg_catalog | pg_truncate_visibility_map | regclass | void + pg_visibility | pg_catalog | pg_visibility | regclass, OUT blkno bigint, OUT all_visible boolean, OUT all_frozen boolean, OUT pd_all_visible boolean | SETOF record + pg_visibility | pg_catalog | pg_visibility | regclass, blkno bigint, OUT all_visible boolean, OUT all_frozen boolean, OUT pd_all_visible boolean | record + pg_visibility | pg_catalog | pg_visibility_map | regclass, blkno bigint, OUT all_visible boolean, OUT all_frozen boolean | record + pg_visibility | pg_catalog | pg_visibility_map | regclass, OUT blkno bigint, OUT all_visible boolean, OUT all_frozen boolean | SETOF record + pg_visibility | pg_catalog | pg_visibility_map_summary | regclass, OUT all_visible bigint, OUT all_frozen bigint | record pg_walinspect | public | pg_get_wal_record_info | in_lsn pg_lsn, OUT start_lsn pg_lsn, OUT end_lsn pg_lsn, OUT prev_lsn pg_lsn, OUT xid xid, OUT resource_manager text, OUT record_type text, OUT record_length integer, OUT main_data_length integer, OUT fpi_length integer, OUT description text, OUT block_ref text | record pg_walinspect | public | pg_get_wal_records_info | start_lsn pg_lsn, end_lsn pg_lsn, OUT start_lsn pg_lsn, OUT end_lsn pg_lsn, OUT prev_lsn pg_lsn, OUT xid xid, OUT resource_manager text, OUT record_type text, OUT record_length integer, OUT main_data_length integer, OUT fpi_length integer, OUT description text, OUT block_ref text | SETOF record pg_walinspect | public | pg_get_wal_stats | start_lsn pg_lsn, end_lsn pg_lsn, per_record boolean, OUT "resource_manager/record_type" text, OUT count bigint, OUT count_percentage double precision, OUT record_size bigint, OUT record_size_percentage double precision, OUT fpi_size bigint, OUT fpi_size_percentage double precision, OUT combined_size bigint, OUT combined_size_percentage double precision | SETOF record