[MISC] Sanitize PostgreSQL extra-user-roles arg #876
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sinclert-canonical
added
the
not bug or enhancement
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #876 +/- ##
==========================================
+ Coverage 75.18% 75.21% +0.02%
==========================================
Files 12 12
Lines 3184 3187 +3
Branches 477 477
==========================================
+ Hits 2394 2397 +3
+ Misses 644 643 -1
- Partials 146 147 +1 ☔ View full report in Codecov by Sentry. |
sinclert-canonical
requested review from
dragomirp,
marceloneppel,
taurus-forever and
shayancanonical
|
Added Alex and Shayan as additional reviewers, due to lack of enough reviewers to reach a minimum of 2 approvals. |
dragomirp
approved these changes
Mar 4, 2025
dragomirp
added a commit
that referenced
this pull request
Mar 19, 2025
* try using pg 16 rock * try fix integration tests * remove argument on helper * more fixes * fix test issues * REVERT LATER: Adapt build_charm function * remove base=CHARM_BASE from deploy * remove juju 2.9 tests * grat permissions to public schema * fix linting and unit test * try refactor the permissions change * Update dependency uv to v0.5.27 (#847) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * grant public access to public schemas * [DPE-6053] Fix ports (#846) * Fix ports Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Remove unused import Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Remove unused charm library and fix unit tests Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Fix identation Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Bump libs * Conditional set_ports logic * Unit test * Don't expect juju managed resources --------- Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> Co-authored-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * mark smoke test as unstable * test release charm to 16/edge * fix test release workflow * fix typo * Sync docs from Discourse (#801) Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> * Update dependency uv to v0.5.29 (#848) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Define charm utility properties (#842) * Update data-platform-workflows to v29.1.0 (#849) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * revert metadata.yaml * nits * Use `charmcraft test` & concierge (#852) * [MISC] Split topology script (#853) * Update charmcraft.yaml build tools (#851) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency uv to v0.5.31 (#858) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v30 (#859) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Use _promote_charm.yaml (#860) Use `charmcraft promote` and auto-generate release notes * Update dependency cryptography to v44.0.1 [SECURITY] (#855) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Sync docs from Discourse (#854) Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> * Update data-platform-workflows to v30.0.2 (#863) * Update canonical/has-signed-canonical-cla action to v2 (#865) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [DPE-5827] Set all nodes to synchronous replicas (#784) * Update patroni configuration * Update test assertion * Copy update_synchronous_node_count from VM * Add unit test * Set sync node count during upgrade * Fix tls test * Switchover primary * Add different helper to get leader * Add config boilerplate * Use config value when setting sync node count * Escape tuple * Add policy values * Add integration test * Fix casting * Fix test * Update to spec * Bump retry timout * Switch to planned units * Fix generator * Update conf description * Spread task * Pass the charm * [DPE-6484] Add scope to promote to primary (#850) * Promote unit action * Tweaks for failing REST calls * VM parity * [MISC] Enable RBAC in tests (#861) * Enable RBAC * Bump cosl * Add trust * Bump libs * [MISC] Define charm constants (#862) * Lock file maintenance Python dependencies (#835) * Lock file maintenance Python dependencies * Backoff boto3 1.36 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dragomir Penev <dragomir.penev@canonical.com> * Update canonical/data-platform-workflows action to v30.1.3 (#856) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update charmcraft.yaml build tools (#868) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Handle missing stanza output (#866) * Update ghcr.io/canonical/charmed-postgresql:14.15-22.04_edge Docker digest to 71d49b6 (#870) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Disable storage test on arm (#872) * Disable storage test on Arm * Bump libs * Correct import path * Update charmcraft.yaml build tools (#871) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Add degraded status to primary message (#874) * Add degraded status on to primary message * Use const running tests * [MISC] Sanitize PostgreSQL extra-user-roles arg (#876) * [MISC] Fix PostgreSQL lib function signature (#879) * [MISC] Skip backup tests without creds (#884) * Bump libs * Skip backups tests if no creds are set * Check that the cloud config is set to a value * Typo * Update tests/integration/conftest.py Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> * Switch all checks to gets * Typo --------- Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> * [DPE-6679] PostgreSQL Config Improvement (#867) * config improvement * config improvement * config improvement * config improvement * config improvement * config improvement * config improvement * config improvement * config improvement * config improvement * Update dependency jinja2 to v3.1.6 [SECURITY] (#882) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v30.2.0 (#887) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Reduce required approvals on Renovate pull requests by 1 (#880) * Update dependency uv to v0.6.5 (#878) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Don't run juju2 and legacy tests * Use correct charm * Dual branch config * Remove 14 specific tests * Remove eer data secrets * Skip upgrade from stable * Upgrade on Noble * Build and deploy noble * Linting * Disable pgaudit during tests * Linting * Use common deploy for smoke test * Tweaks * Remove legacy rels * Tweak tests * Cleanup markers * Deploy without pgaudit in plugin tests * Update ghcr.io/canonical/charmed-postgresql Docker tag to v14.17 (#877) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Correct remove relation * Bump rock * Remove check for port forwarding --------- Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> Co-authored-by: Lucas Gameiro Borges <lucas.borges@canonical.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dragomir Penev <6687393+dragomirp@users.noreply.github.com> Co-authored-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Sinclert Pérez <sinclert.perez@canonical.com> Co-authored-by: lucas.gameiro-borges <lucas.gameiro-borges@student-cs.fr> Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> Co-authored-by: Dragomir Penev <dragomir.penev@canonical.com> Co-authored-by: Danylo Bereznenko <pepsiqqfanta@gmail.com>
dragomirp
added a commit
that referenced
this pull request
Mar 20, 2025
* Update dependency uv to v0.5.27 (#847) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [DPE-6053] Fix ports (#846) * Fix ports Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Remove unused import Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Remove unused charm library and fix unit tests Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Fix identation Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Bump libs * Conditional set_ports logic * Unit test * Don't expect juju managed resources --------- Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> Co-authored-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Sync docs from Discourse (#801) Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> * Update dependency uv to v0.5.29 (#848) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Define charm utility properties (#842) * Update data-platform-workflows to v29.1.0 (#849) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Use `charmcraft test` & concierge (#852) * [MISC] Split topology script (#853) * Update charmcraft.yaml build tools (#851) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency uv to v0.5.31 (#858) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v30 (#859) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Use _promote_charm.yaml (#860) Use `charmcraft promote` and auto-generate release notes * Update dependency cryptography to v44.0.1 [SECURITY] (#855) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Sync docs from Discourse (#854) Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> * Update data-platform-workflows to v30.0.2 (#863) * Update canonical/has-signed-canonical-cla action to v2 (#865) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [DPE-5827] Set all nodes to synchronous replicas (#784) * Update patroni configuration * Update test assertion * Copy update_synchronous_node_count from VM * Add unit test * Set sync node count during upgrade * Fix tls test * Switchover primary * Add different helper to get leader * Add config boilerplate * Use config value when setting sync node count * Escape tuple * Add policy values * Add integration test * Fix casting * Fix test * Update to spec * Bump retry timout * Switch to planned units * Fix generator * Update conf description * Spread task * Pass the charm * [DPE-6484] Add scope to promote to primary (#850) * Promote unit action * Tweaks for failing REST calls * VM parity * [MISC] Enable RBAC in tests (#861) * Enable RBAC * Bump cosl * Add trust * Bump libs * [MISC] Define charm constants (#862) * Lock file maintenance Python dependencies (#835) * Lock file maintenance Python dependencies * Backoff boto3 1.36 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dragomir Penev <dragomir.penev@canonical.com> * Update canonical/data-platform-workflows action to v30.1.3 (#856) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update charmcraft.yaml build tools (#868) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Handle missing stanza output (#866) * Update ghcr.io/canonical/charmed-postgresql:14.15-22.04_edge Docker digest to 71d49b6 (#870) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Disable storage test on arm (#872) * Disable storage test on Arm * Bump libs * Correct import path * Update charmcraft.yaml build tools (#871) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Add degraded status to primary message (#874) * Add degraded status on to primary message * Use const running tests * [MISC] Sanitize PostgreSQL extra-user-roles arg (#876) * [MISC] Fix PostgreSQL lib function signature (#879) * [MISC] Skip backup tests without creds (#884) * Bump libs * Skip backups tests if no creds are set * Check that the cloud config is set to a value * Typo * Update tests/integration/conftest.py Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> * Switch all checks to gets * Typo --------- Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> * [DPE-6679] PostgreSQL Config Improvement (#867) * config improvement * config improvement * config improvement * config improvement * config improvement * config improvement * config improvement * config improvement * config improvement * config improvement * Update dependency jinja2 to v3.1.6 [SECURITY] (#882) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v30.2.0 (#887) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Reduce required approvals on Renovate pull requests by 1 (#880) * Update dependency uv to v0.6.5 (#878) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update ghcr.io/canonical/charmed-postgresql Docker tag to v14.17 (#877) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency uv to v0.6.7 (#890) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v31 (#891) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Try the new timescale * Check PR on */edge * Enable cache, disable pgaudit * Use the right base * Arm tests --------- Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Sinclert Pérez <sinclert.perez@canonical.com> Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> Co-authored-by: Danylo Bereznenko <pepsiqqfanta@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains a slight refactor to make code more compatible with the upcoming LDAP integration.
In that effort, we would need to sanitise the list of
extra-user-rolesa Juju cluster administrator could provide via the data-integrator charm, so that none of the upcoming access groups (see spec for context) is provided as a security by-pass. With that in mind, some centralised place to perform this sanitisation is required, and such operation is easier to carry on considering the list of roles as alist, instead of a comma-separatedstr.