Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The admin extra-user-role via data-integrator doesn't allow creating roles #698

Open
hloeung opened this issue Dec 11, 2024 · 5 comments
Open

The admin extra-user-role via data-integrator doesn't allow creating roles #698

hloeung opened this issue Dec 11, 2024 · 5 comments
Labels
bug Something isn't working as expected

Comments

@hloeung
Copy link
Contributor

hloeung commented Dec 11, 2024
edited
Loading

Steps to reproduce

  1. juju deploy postgresql --channel 14/stable
  2. juju deploy data-integrator
  3. juju config data-integrator database-name='mydatabase' extra-user-roles='admin'
  4. juju integrate data-integrator postgresql
  5. juju run data-integrator/leader get-credentials
  6. juju ssh --container postgresql postgresql/leader bash
  7. psql --host=10.146.64.52 --username=operator --password postgres
  8. \du

Expected behavior

postgres=# \du
                                                  List of roles
  Role name  |                         Attributes                         |              Member of
-------------+------------------------------------------------------------+--------------------------------------
...
 relation-27 | Create DB, Create role                                     | {admin}

Actual behavior

postgres=# \du
                                                  List of roles
  Role name  |                         Attributes                         |              Member of
-------------+------------------------------------------------------------+--------------------------------------
...
 relation-27 | Create DB                                                  | {admin}

Versions

Operating system: ubuntu@22.04

Juju CLI: 3.5.3

Juju agent: 3.5.3

Charm revision: postgresql 14.12 active 3 postgresql 14/stable 468 yes

Log output

Additional context

Creating an admin user, one would expect it to have access to create roles in addition to creating databases. Unfortunately, that is not the case and it seems restricted to only being allowed to create dateabases.

To work around this, I've had to run:

ALTER USER "relation-27" CREATEROLE;
@hloeung hloeung added the bug Something isn't working as expected label Dec 11, 2024
@syncronize-issues-to-jira Syncronize issues to Jira
Copy link

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/DPE-6182.

This message was autogenerated

@marceloneppel
Copy link
Member

Hi, @hloeung! I'll discuss this in this week's Data Platform Office Hours meeting.

@hloeung
Copy link
Contributor Author

hloeung commented Jan 13, 2025

@marceloneppel any updates on this?

@hloeung
Copy link
Contributor Author

hloeung commented Feb 9, 2025

Any updates here? Even if it's an additional role would be helpful for us, especially since we're getting more and more requests for this from the release of the DBaaS product offering.

Something like extra-user-roles='admin,createrole,createuser' or similar.

@marceloneppel
Copy link
Member

Hi, @hloeung! Apologies. After discussing with the team, unfortunately, the Data Platform charms won't have a special role that allows the user to create new roles.

One alternative is to deploy a data-integrator charm for each new user you need.

Another option is to use the identity platform to create new users. In this cycle, we're implementing the LDAP integration in the PostgreSQL charm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working as expected
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hloeung @marceloneppel