From 368343cfa95dc2bfdb3a51b46328b1b01f6e9233 Mon Sep 17 00:00:00 2001 From: Bobbie Soedirgo Date: Mon, 23 Jun 2025 21:25:38 +0800 Subject: [PATCH 1/3] fix: allow postgres to grant storage privs to other roles Temporary fix until STORAGE-211 is completed --- ansible/vars.yml | 6 ++-- ...e_tables_to_postgres_with_grant_option.sql | 6 ++++ nix/tests/expected/storage.out | 28 +++++++++---------- 3 files changed, 23 insertions(+), 17 deletions(-) create mode 100644 migrations/db/migrations/20250623125453_tmp_grant_storage_tables_to_postgres_with_grant_option.sql diff --git a/ansible/vars.yml b/ansible/vars.yml index 2838d6f92..f23aaf2ab 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -9,9 +9,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.0.1.093-orioledb" - postgres17: "17.4.1.043" - postgres15: "15.8.1.100" + postgresorioledb-17: "17.0.1.094-orioledb" + postgres17: "17.4.1.044" + postgres15: "15.8.1.101" # Non Postgres Extensions pgbouncer_release: "1.19.0" diff --git a/migrations/db/migrations/20250623125453_tmp_grant_storage_tables_to_postgres_with_grant_option.sql b/migrations/db/migrations/20250623125453_tmp_grant_storage_tables_to_postgres_with_grant_option.sql new file mode 100644 index 000000000..465aee226 --- /dev/null +++ b/migrations/db/migrations/20250623125453_tmp_grant_storage_tables_to_postgres_with_grant_option.sql @@ -0,0 +1,6 @@ +-- migrate:up +-- TODO: remove this migration once STORAGE-211 is completed +-- DRI: bobbie +grant all on storage.buckets, storage.objects to postgres with grant option; + +-- migrate:down diff --git a/nix/tests/expected/storage.out b/nix/tests/expected/storage.out index 353604ec8..fc1882923 100644 --- a/nix/tests/expected/storage.out +++ b/nix/tests/expected/storage.out @@ -81,13 +81,13 @@ order by storage | buckets | authenticated | TRIGGER | f storage | buckets | authenticated | TRUNCATE | f storage | buckets | authenticated | UPDATE | f - storage | buckets | postgres | DELETE | f - storage | buckets | postgres | INSERT | f - storage | buckets | postgres | REFERENCES | f - storage | buckets | postgres | SELECT | f - storage | buckets | postgres | TRIGGER | f - storage | buckets | postgres | TRUNCATE | f - storage | buckets | postgres | UPDATE | f + storage | buckets | postgres | DELETE | t + storage | buckets | postgres | INSERT | t + storage | buckets | postgres | REFERENCES | t + storage | buckets | postgres | SELECT | t + storage | buckets | postgres | TRIGGER | t + storage | buckets | postgres | TRUNCATE | t + storage | buckets | postgres | UPDATE | t storage | buckets | service_role | DELETE | f storage | buckets | service_role | INSERT | f storage | buckets | service_role | REFERENCES | f @@ -123,13 +123,13 @@ order by storage | objects | authenticated | TRIGGER | f storage | objects | authenticated | TRUNCATE | f storage | objects | authenticated | UPDATE | f - storage | objects | postgres | DELETE | f - storage | objects | postgres | INSERT | f - storage | objects | postgres | REFERENCES | f - storage | objects | postgres | SELECT | f - storage | objects | postgres | TRIGGER | f - storage | objects | postgres | TRUNCATE | f - storage | objects | postgres | UPDATE | f + storage | objects | postgres | DELETE | t + storage | objects | postgres | INSERT | t + storage | objects | postgres | REFERENCES | t + storage | objects | postgres | SELECT | t + storage | objects | postgres | TRIGGER | t + storage | objects | postgres | TRUNCATE | t + storage | objects | postgres | UPDATE | t storage | objects | service_role | DELETE | f storage | objects | service_role | INSERT | f storage | objects | service_role | REFERENCES | f From f9b274543f57e2633887b738ed55f95b2f5f18f8 Mon Sep 17 00:00:00 2001 From: Bobbie Soedirgo Date: Wed, 25 Jun 2025 23:06:19 +0800 Subject: [PATCH 2/3] chore: bump AMI versions --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 939c892d1..27bc40e96 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -9,9 +9,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.0.1.096-orioledb" - postgres17: "17.4.1.046" - postgres15: "15.8.1.103" + postgresorioledb-17: "17.0.1.097-orioledb" + postgres17: "17.4.1.047" + postgres15: "15.8.1.104" # Non Postgres Extensions pgbouncer_release: "1.19.0" From d53119d647244f25490594414e8b7c455f1bac04 Mon Sep 17 00:00:00 2001 From: Bobbie Soedirgo Date: Thu, 26 Jun 2025 17:11:24 +0800 Subject: [PATCH 3/3] chore: bump AMI versions --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 446bf6be7..7a7147353 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -9,9 +9,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.0.1.097-orioledb" - postgres17: "17.4.1.47" - postgres15: "15.8.1.104" + postgresorioledb-17: "17.0.1.098-orioledb" + postgres17: "17.4.1.048" + postgres15: "15.8.1.105" # Non Postgres Extensions pgbouncer_release: "1.19.0"