Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: usage of net schema when the postgres role misses privileges #129

Closed
wants to merge 1 commit into from
Closed

fix: usage of net schema when the postgres role misses privileges #129

wants to merge 1 commit into from

Conversation

steve-chavez
Copy link
Member

@steve-chavez steve-chavez commented Mar 14, 2024
edited
Loading

Related to https://github.com/orgs/supabase/discussions/21450.

Notes

steve-chavez
steve-chavez commented Mar 14, 2024
View reviewed changes
test/test_privileges.py
Comment on lines +74 to +92
def test_net_fails_when_postgres_unprivileged(sess):
"""If the postgres role is unprivileged (no superuser + no privileges), the request will fail. This can happen on cloud databases where postgres is no superuser and the initial pg_net postgres privileges are revoked (can happen when upgrading)."""

with pytest.raises(Exception) as execinfo:
sess.execute(text("""
set local role postgres;

-- assume postgres is no superuser and has lost explicit privileges
alter role postgres nosuperuser;
revoke all on all tables in schema net from postgres;

-- still, assume postgres has grant usage on the schema net
grant usage on schema net to postgres;

select net.http_get(
'http://localhost:8080/anything'
);
""")).fetchone()
assert "permission denied for table http_request_queue" in str(execinfo)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here's a repro of https://github.com/orgs/supabase/discussions/21450

@steve-chavez steve-chavez changed the title fix: privileges on different roles fix: usage of net schema when the postgres role misses privileges Mar 14, 2024
@soedirgo
Copy link
Member

Is this ready for review? There's no code/SQL changes

@steve-chavez steve-chavez marked this pull request as draft March 15, 2024 14:42
@ahanusek ahanusek mentioned this pull request Mar 22, 2024
Closed
@steve-chavez
Copy link
Member Author

Follow up on #158

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@steve-chavez @soedirgo