diff --git a/Dockerfile-15 b/Dockerfile-15 index 8d9dfd8f8..fa60d89c9 100644 --- a/Dockerfile-15 +++ b/Dockerfile-15 @@ -214,12 +214,13 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh -RUN sed -i \ - -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ +RUN \ + echo "unix_socket_directories = '/var/run/postgresql'" >> /etc/postgresql/postgresql.conf && \ + #echo "pljava.libjvm_location = '/usr/lib/jvm/java-11-openjdk-${TARGETARCH}/lib/server/libjvm.so'" >> /etc/postgresql/postgresql.conf && \ + sed -i \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ diff --git a/Dockerfile-17 b/Dockerfile-17 index cb2a38809..ea8273bb9 100644 --- a/Dockerfile-17 +++ b/Dockerfile-17 @@ -218,12 +218,13 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh -RUN sed -i \ - -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ +RUN \ + echo "unix_socket_directories = '/var/run/postgresql'" >> /etc/postgresql/postgresql.conf && \ + #echo "pljava.libjvm_location = '/usr/lib/jvm/java-11-openjdk-${TARGETARCH}/lib/server/libjvm.so'" >> /etc/postgresql/postgresql.conf && \ + sed -i \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ @@ -236,7 +237,7 @@ RUN sed -i \ RUN sed -i 's/ timescaledb,//g;' "/etc/postgresql/postgresql.conf" #as of pg 16.4 + this db_user_namespace totally deprecated and will break the server if setting is present RUN sed -i 's/db_user_namespace = off/#db_user_namespace = off/g;' "/etc/postgresql/postgresql.conf" -RUN sed -i 's/ timescaledb,//g; s/ plv8,//g' "/etc/postgresql-custom/supautils.conf" +RUN sed -i 's/ timescaledb,//g; s/ plv8,//g' "/etc/postgresql-custom/conf.d/supautils.conf" diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17 index e7f5b5f7f..5ff555005 100644 --- a/Dockerfile-orioledb-17 +++ b/Dockerfile-orioledb-17 @@ -218,12 +218,13 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh -RUN sed -i \ - -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ +RUN \ + echo "unix_socket_directories = '/var/run/postgresql'" >> /etc/postgresql/postgresql.conf && \ + #echo "pljava.libjvm_location = '/usr/lib/jvm/java-11-openjdk-${TARGETARCH}/lib/server/libjvm.so'" >> /etc/postgresql/postgresql.conf && \ + sed -i \ -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ diff --git a/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh b/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh index 446cd2797..262472fe1 100755 --- a/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh +++ b/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh @@ -516,11 +516,11 @@ EOF mkdir -p "$MOUNT_POINT/conf" cp -R /etc/postgresql-custom/* "$MOUNT_POINT/conf/" # removing supautils config as to allow the latest one provided by the latest image to be used - rm -f "$MOUNT_POINT/conf/supautils.conf" || true + rm -f "$MOUNT_POINT/conf/conf.d/supautils.conf" || true rm -rf "$MOUNT_POINT/conf/extension-custom-scripts" || true # removing wal-g config as to allow it to be explicitly enabled on the new instance - rm -f "$MOUNT_POINT/conf/wal-g.conf" + rm -f "$MOUNT_POINT/conf/conf.d/wal-g.conf" # copy sql files generated by pg_upgrade echo "12. Copying sql files generated by pg_upgrade" diff --git a/ansible/files/database-optimizations.service.j2 b/ansible/files/database-optimizations.service.j2 index f25fc09c6..9f55f42c4 100644 --- a/ansible/files/database-optimizations.service.j2 +++ b/ansible/files/database-optimizations.service.j2 @@ -4,7 +4,7 @@ Description=Postgresql optimizations [Service] Type=oneshot # we do not want failures from these commands to cause downstream service startup to fail -ExecStart=-/opt/supabase-admin-api optimize db --destination-config-file-path /etc/postgresql-custom/generated-optimizations.conf +ExecStart=-/opt/supabase-admin-api optimize db --destination-config-file-path /etc/postgresql-custom/conf.d/generated-optimizations.conf ExecStart=-/opt/supabase-admin-api optimize pgbouncer --destination-config-file-path /etc/pgbouncer-custom/generated-optimizations.ini User=adminapi diff --git a/ansible/files/postgres_prestart.sh.j2 b/ansible/files/postgres_prestart.sh.j2 index cc8ff53c6..7e3c61d15 100644 --- a/ansible/files/postgres_prestart.sh.j2 +++ b/ansible/files/postgres_prestart.sh.j2 @@ -15,7 +15,7 @@ check_orioledb_enabled() { } get_shared_buffers() { - local opt_conf="/etc/postgresql-custom/generated-optimizations.conf" + local opt_conf="/etc/postgresql-custom/conf.d/generated-optimizations.conf" if [ ! -f "$opt_conf" ]; then return 0 fi @@ -134,4 +134,4 @@ if [ $(locale -a | grep -c en_US.utf8) -eq 0 ]; then locale-gen fi -main \ No newline at end of file +main diff --git a/ansible/files/postgresql_config/conf.d/autoexplain.conf b/ansible/files/postgresql_config/conf.d/autoexplain.conf new file mode 100644 index 000000000..c95c01e2a --- /dev/null +++ b/ansible/files/postgresql_config/conf.d/autoexplain.conf @@ -0,0 +1 @@ +auto_explain.log_min_duration = 10s diff --git a/ansible/files/postgresql_config/conf.d/logging.conf b/ansible/files/postgresql_config/conf.d/logging.conf new file mode 100644 index 000000000..24a2eb7a5 --- /dev/null +++ b/ansible/files/postgresql_config/conf.d/logging.conf @@ -0,0 +1 @@ +logging_collector = on # Enable capturing of stderr and csvlog into log files. Required to be on for csvlogs. (change requires restart) diff --git a/ansible/files/postgresql_config/conf.d/pgcron.conf b/ansible/files/postgresql_config/conf.d/pgcron.conf new file mode 100644 index 000000000..e5848e50e --- /dev/null +++ b/ansible/files/postgresql_config/conf.d/pgcron.conf @@ -0,0 +1 @@ +cron.database_name = 'postgres' diff --git a/ansible/files/postgresql_config/supautils.conf.j2 b/ansible/files/postgresql_config/conf.d/supautils.conf similarity index 66% rename from ansible/files/postgresql_config/supautils.conf.j2 rename to ansible/files/postgresql_config/conf.d/supautils.conf index c503b01a5..8f7500775 100644 --- a/ansible/files/postgresql_config/supautils.conf.j2 +++ b/ansible/files/postgresql_config/conf.d/supautils.conf @@ -1,15 +1,31 @@ +session_preload_libraries = 'supautils' + +# supautils.disable_program = 'true' + +supautils.drop_trigger_grants = '{"postgres":["auth.audit_log_entries","auth.flow_state","auth.identities","auth.instances","auth.mfa_amr_claims","auth.mfa_challenges","auth.mfa_factors","auth.oauth_clients","auth.one_time_tokens","auth.refresh_tokens","auth.saml_providers","auth.saml_relay_states","auth.sessions","auth.sso_domains","auth.sso_providers","auth.users","realtime.messages","realtime.subscription","storage.buckets","storage.buckets_analytics","storage.objects","storage.prefixes","storage.s3_multipart_uploads","storage.s3_multipart_uploads_parts"]}' + +supautils.extension_custom_scripts_path = '/etc/postgresql-custom/extension-custom-scripts' supautils.extensions_parameter_overrides = '{"pg_cron":{"schema":"pg_catalog"}}' + supautils.policy_grants = '{"postgres":["auth.audit_log_entries","auth.flow_state","auth.identities","auth.instances","auth.mfa_amr_claims","auth.mfa_challenges","auth.mfa_factors","auth.oauth_clients","auth.one_time_tokens","auth.refresh_tokens","auth.saml_providers","auth.saml_relay_states","auth.sessions","auth.sso_domains","auth.sso_providers","auth.users","realtime.messages","realtime.subscription","storage.buckets","storage.buckets_analytics","storage.objects","storage.prefixes","storage.s3_multipart_uploads","storage.s3_multipart_uploads_parts"]}' -supautils.drop_trigger_grants = '{"postgres":["auth.audit_log_entries","auth.flow_state","auth.identities","auth.instances","auth.mfa_amr_claims","auth.mfa_challenges","auth.mfa_factors","auth.oauth_clients","auth.one_time_tokens","auth.refresh_tokens","auth.saml_providers","auth.saml_relay_states","auth.sessions","auth.sso_domains","auth.sso_providers","auth.users","realtime.messages","realtime.subscription","storage.buckets","storage.buckets_analytics","storage.objects","storage.prefixes","storage.s3_multipart_uploads","storage.s3_multipart_uploads_parts"]}' -# full list: address_standardizer, address_standardizer_data_us, adminpack, amcheck, autoinc, bloom, btree_gin, btree_gist, citext, cube, dblink, dict_int, dict_xsyn, earthdistance, file_fdw, fuzzystrmatch, hstore, http, hypopg, index_advisor, insert_username, intagg, intarray, isn, lo, ltree, moddatetime, old_snapshot, orioledb, pageinspect, pg_buffercache, pg_cron, pg_freespacemap, pg_graphql, pg_hashids, pg_jsonschema, pg_net, pg_prewarm, pg_repack, pg_stat_monitor, pg_stat_statements, pg_surgery, pg_tle, pg_trgm, pg_visibility, pg_walinspect, pgaudit, pgcrypto, pgjwt, pgmq, pgroonga, pgroonga_database, pgrouting, pgrowlocks, pgsodium, pgstattuple, pgtap, plcoffee, pljava, plls, plpgsql, plpgsql_check, plv8, postgis, postgis_raster, postgis_sfcgal, postgis_tiger_geocoder, postgis_topology, postgres_fdw, refint, rum, seg, sslinfo, supabase_vault, supautils, tablefunc, tcn, timescaledb, tsm_system_rows, tsm_system_time, unaccent, uuid-ossp, vector, wrappers, xml2 -# omitted because may be unsafe: adminpack, amcheck, file_fdw, lo, old_snapshot, pageinspect, pg_freespacemap, pg_surgery, pg_visibility -# omitted because deprecated: intagg, xml2 -# omitted because doesn't require superuser: pgmq -# omitted because protected: plpgsql + +# full list: +# address_standardizer, address_standardizer_data_us, adminpack, amcheck, autoinc, bloom, btree_gin, btree_gist, citext, cube, dblink, dict_int, dict_xsyn, earthdistance, file_fdw, fuzzystrmatch, hstore, http, hypopg, index_advisor, insert_username, intagg, intarray, isn, lo, ltree, moddatetime, old_snapshot, orioledb, pageinspect, pg_buffercache, pg_cron, pg_freespacemap, pg_graphql, pg_hashids, pg_jsonschema, pg_net, pg_prewarm, pg_repack, pg_stat_monitor, pg_stat_statements, pg_surgery, pg_tle, pg_trgm, pg_visibility, pg_walinspect, pgaudit, pgcrypto, pgjwt, pgmq, pgroonga, pgroonga_database, pgrouting, pgrowlocks, pgsodium, pgstattuple, pgtap, plcoffee, pljava, plls, plpgsql, plpgsql_check, plv8, postgis, postgis_raster, postgis_sfcgal, postgis_tiger_geocoder, postgis_topology, postgres_fdw, refint, rum, seg, sslinfo, supabase_vault, supautils, tablefunc, tcn, timescaledb, tsm_system_rows, tsm_system_time, unaccent, uuid-ossp, vector, wrappers, xml2 +# omitted because may be unsafe: +# adminpack, amcheck, file_fdw, lo, old_snapshot, pageinspect, pg_freespacemap, pg_surgery, pg_visibility +# omitted because deprecated: +# intagg, xml2 +# omitted because doesn't require superuser: +# pgmq +# omitted because protected: +# plpgsql supautils.privileged_extensions = 'address_standardizer, address_standardizer_data_us, autoinc, bloom, btree_gin, btree_gist, citext, cube, dblink, dict_int, dict_xsyn, earthdistance, fuzzystrmatch, hstore, http, hypopg, index_advisor, insert_username, intarray, isn, ltree, moddatetime, orioledb, pg_buffercache, pg_cron, pg_graphql, pg_hashids, pg_jsonschema, pg_net, pg_prewarm, pg_repack, pg_stat_monitor, pg_stat_statements, pg_tle, pg_trgm, pg_walinspect, pgaudit, pgcrypto, pgjwt, pgroonga, pgroonga_database, pgrouting, pgrowlocks, pgsodium, pgstattuple, pgtap, plcoffee, pljava, plls, plpgsql_check, plv8, postgis, postgis_raster, postgis_sfcgal, postgis_tiger_geocoder, postgis_topology, postgres_fdw, refint, rum, seg, sslinfo, supabase_vault, supautils, tablefunc, tcn, timescaledb, tsm_system_rows, tsm_system_time, unaccent, uuid-ossp, vector, wrappers' -supautils.extension_custom_scripts_path = '/etc/postgresql-custom/extension-custom-scripts' + supautils.privileged_extensions_superuser = 'supabase_admin' + supautils.privileged_role = 'postgres' + supautils.privileged_role_allowed_configs = 'auto_explain.*, log_lock_waits, log_min_duration_statement, log_min_messages, log_parameter_max_length, log_replication_commands, log_statement, log_temp_files, pg_net.batch_size, pg_net.ttl, pg_stat_statements.*, pgaudit.log, pgaudit.log_catalog, pgaudit.log_client, pgaudit.log_level, pgaudit.log_relation, pgaudit.log_rows, pgaudit.log_statement, pgaudit.log_statement_once, pgaudit.role, pgrst.*, plan_filter.*, safeupdate.enabled, session_replication_role, track_io_timing, wal_compression' + supautils.reserved_memberships = 'pg_read_server_files, pg_write_server_files, pg_execute_server_program, supabase_admin, supabase_auth_admin, supabase_storage_admin, supabase_read_only_user, supabase_realtime_admin, supabase_replication_admin, supabase_etl_admin, dashboard_user, pgbouncer, authenticator' -supautils.reserved_roles = 'supabase_admin, supabase_auth_admin, supabase_storage_admin, supabase_read_only_user, supabase_realtime_admin, supabase_replication_admin, supabase_etl_admin, dashboard_user, pgbouncer, service_role*, authenticator*, authenticated*, anon*' + diff --git a/ansible/files/postgresql_config/custom_walg.conf.j2 b/ansible/files/postgresql_config/conf.d/wal-g.conf similarity index 75% rename from ansible/files/postgresql_config/custom_walg.conf.j2 rename to ansible/files/postgresql_config/conf.d/wal-g.conf index 7ef7256d8..7f17f43f6 100644 --- a/ansible/files/postgresql_config/custom_walg.conf.j2 +++ b/ansible/files/postgresql_config/conf.d/wal-g.conf @@ -1,21 +1,13 @@ -# - Archiving - - #archive_mode = on #archive_command = '/usr/bin/admin-mgr wal-push %p >> /var/log/wal-g/wal-push.log 2>&1' #archive_timeout = 120 +hot_standby = off -# - Archive Recovery - - -#restore_command = '/usr/bin/admin-mgr wal-fetch %f %p >> /var/log/wal-g/wal-fetch.log 2>&1' - -# - Recovery Target - - -#recovery_target_lsn = '' -#recovery_target_time = '' #recovery_target_action = 'promote' -#recovery_target_timeline = 'current' #recovery_target_inclusive = off +#recovery_target_lsn = '' +#recovery_target_time = '' +#recovery_target_timeline = 'latest' -# - Hot Standby - -hot_standby = off +#restore_command = '/usr/bin/admin-mgr wal-fetch %f %p >> /var/log/wal-g/wal-fetch.log 2>&1' diff --git a/ansible/files/postgresql_config/postgresql-stdout-log.conf b/ansible/files/postgresql_config/postgresql-stdout-log.conf deleted file mode 100644 index 6ae4ff456..000000000 --- a/ansible/files/postgresql_config/postgresql-stdout-log.conf +++ /dev/null @@ -1,4 +0,0 @@ -logging_collector = off # Enable capturing of stderr and csvlog - # into log files. Required to be on for - # csvlogs. - # (change requires restart) diff --git a/ansible/files/postgresql_config/postgresql.conf.j2 b/ansible/files/postgresql_config/postgresql.conf.j2 index 04378c3a4..f1e49b77c 100644 --- a/ansible/files/postgresql_config/postgresql.conf.j2 +++ b/ansible/files/postgresql_config/postgresql.conf.j2 @@ -1,55 +1,15 @@ # ----------------------------- # PostgreSQL configuration file # ----------------------------- -# -# This file consists of lines of the form: -# -# name = value -# -# (The "=" is optional.) Whitespace may be used. Comments are introduced with -# "#" anywhere on a line. The complete list of parameter names and allowed -# values can be found in the PostgreSQL documentation. -# -# The commented-out settings shown in this file represent the default values. -# Re-commenting a setting is NOT sufficient to revert it to the default value; -# you need to reload the server. -# -# This file is read on server startup and when the server receives a SIGHUP -# signal. If you edit the file on a running system, you have to SIGHUP the -# server for the changes to take effect, run "pg_ctl reload", or execute -# "SELECT pg_reload_conf()". Some parameters, which are marked below, -# require a server shutdown and restart to take effect. -# -# Any parameter can also be given as a command-line option to the server, e.g., -# "postgres -c log_connections=on". Some parameters can be changed at run time -# with the "SET" SQL command. -# -# Memory units: B = bytes Time units: us = microseconds -# kB = kilobytes ms = milliseconds -# MB = megabytes s = seconds -# GB = gigabytes min = minutes -# TB = terabytes h = hours -# d = days #------------------------------------------------------------------------------ # FILE LOCATIONS #------------------------------------------------------------------------------ -# The default values of these variables are driven from the -D command-line -# option or PGDATA environment variable, represented here as ConfigDir. - -data_directory = '/var/lib/postgresql/data' # use data in another directory - # (change requires restart) -hba_file = '/etc/postgresql/pg_hba.conf' # host-based authentication file - # (change requires restart) -ident_file = '/etc/postgresql/pg_ident.conf' # ident configuration file - # (change requires restart) - -# If external_pid_file is not explicitly set, no extra PID file is written. -#external_pid_file = '' # write an extra PID file - # (change requires restart) - +data_directory = '/var/lib/postgresql/data' # use data in another directory (change requires restart) +hba_file = '/etc/postgresql/pg_hba.conf' # host-based authentication file (change requires restart) +ident_file = '/etc/postgresql/pg_ident.conf' # ident configuration file (change requires restart) #------------------------------------------------------------------------------ # CONNECTIONS AND AUTHENTICATION @@ -57,48 +17,12 @@ ident_file = '/etc/postgresql/pg_ident.conf' # ident configuration file # - Connection Settings - -listen_addresses = '*' # what IP address(es) to listen on; - # comma-separated list of addresses; - # defaults to 'localhost'; use '*' for all - # (change requires restart) -#port = 5432 # (change requires restart) -#max_connections = 100 # (change requires restart) -#superuser_reserved_connections = 3 # (change requires restart) -#unix_socket_directories = '/tmp' # comma-separated list of directories - # (change requires restart) -#unix_socket_group = '' # (change requires restart) -#unix_socket_permissions = 0777 # begin with 0 to use octal notation - # (change requires restart) -#bonjour = off # advertise server via Bonjour - # (change requires restart) -#bonjour_name = '' # defaults to the computer name - # (change requires restart) - -# - TCP settings - -# see "man tcp" for details - -#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; - # 0 selects the system default -#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; - # 0 selects the system default -#tcp_keepalives_count = 0 # TCP_KEEPCNT; - # 0 selects the system default -#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; - # 0 selects the system default - -#client_connection_check_interval = 0 # time between checks for client - # disconnection while running queries; - # 0 for never +listen_addresses = '*' # what IP address(es) to listen on; comma-separated list of addresses; defaults to 'localhost'; use '*' for all (change requires restart) # - Authentication - authentication_timeout = 1min # 1s-600s password_encryption = scram-sha-256 # scram-sha-256 or md5 -db_user_namespace = off - -# GSSAPI using Kerberos -#krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab' -#krb_caseins_users = off # - SSL - @@ -124,77 +48,7 @@ ssl_passphrase_command_supports_reload = off # - Memory - -shared_buffers = 128MB # min 128kB - # (change requires restart) -#huge_pages = try # on, off, or try - # (change requires restart) -#huge_page_size = 0 # zero for system default - # (change requires restart) -#temp_buffers = 8MB # min 800kB -#max_prepared_transactions = 0 # zero disables the feature - # (change requires restart) -# Caution: it is not advisable to set max_prepared_transactions nonzero unless -# you actively intend to use prepared transactions. -#work_mem = 4MB # min 64kB -#hash_mem_multiplier = 1.0 # 1-1000.0 multiplier on hash table work_mem -#maintenance_work_mem = 64MB # min 1MB -#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem -#logical_decoding_work_mem = 64MB # min 64kB -#max_stack_depth = 2MB # min 100kB -#shared_memory_type = mmap # the default is the first option - # supported by the operating system: - # mmap - # sysv - # windows - # (change requires restart) -#dynamic_shared_memory_type = posix # the default is the first option - # supported by the operating system: - # posix - # sysv - # windows - # mmap - # (change requires restart) -#min_dynamic_shared_memory = 0MB # (change requires restart) - -# - Disk - - -#temp_file_limit = -1 # limits per-process temp file space - # in kilobytes, or -1 for no limit - -# - Kernel Resources - - -#max_files_per_process = 1000 # min 64 - # (change requires restart) - -# - Cost-Based Vacuum Delay - - -#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) -#vacuum_cost_page_hit = 1 # 0-10000 credits -#vacuum_cost_page_miss = 2 # 0-10000 credits -#vacuum_cost_page_dirty = 20 # 0-10000 credits -#vacuum_cost_limit = 200 # 1-10000 credits - -# - Background Writer - - -#bgwriter_delay = 200ms # 10-10000ms between rounds -#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables -#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round -#bgwriter_flush_after = 0 # measured in pages, 0 disables - -# - Asynchronous Behavior - - -#backend_flush_after = 0 # measured in pages, 0 disables -#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching -#maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching -#max_worker_processes = 8 # (change requires restart) -#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers -#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers -#max_parallel_workers = 8 # maximum number of max_worker_processes that - # can be used in parallel operations -#parallel_leader_participation = on -#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate - # (change requires restart) - +shared_buffers = 128MB # min 128kB (change requires restart) #------------------------------------------------------------------------------ # WRITE-AHEAD LOG @@ -202,90 +56,12 @@ shared_buffers = 128MB # min 128kB # - Settings - -wal_level = logical # minimal, replica, or logical - # (change requires restart) -#fsync = on # flush data to disk for crash safety - # (turning this off can cause - # unrecoverable data corruption) -#synchronous_commit = on # synchronization level; - # off, local, remote_write, remote_apply, or on -#wal_sync_method = fsync # the default is the first option - # supported by the operating system: - # open_datasync - # fdatasync (default on Linux and FreeBSD) - # fsync - # fsync_writethrough - # open_sync -#full_page_writes = on # recover from partial page writes -#wal_log_hints = off # also do full page writes of non-critical updates - # (change requires restart) -#wal_compression = off # enable compression of full-page writes -#wal_init_zero = on # zero-fill new WAL files -#wal_recycle = on # recycle WAL files -#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers - # (change requires restart) -#wal_writer_delay = 200ms # 1-10000 milliseconds -#wal_writer_flush_after = 1MB # measured in pages, 0 disables -#wal_skip_threshold = 2MB - -#commit_delay = 0 # range 0-100000, in microseconds -#commit_siblings = 5 # range 1-1000 +wal_level = logical # minimal, replica, or logical (change requires restart) # - Checkpoints - -#checkpoint_timeout = 5min # range 30s-1d checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 -checkpoint_flush_after = 256kB # measured in pages, 0 disables -#checkpoint_warning = 30s # 0 disables -#max_wal_size = 1GB -#min_wal_size = 80MB - -# - Archiving - - -#archive_mode = off # enables archiving; off, on, or always - # (change requires restart) -#archive_command = '' # command to use to archive a logfile segment - # placeholders: %p = path of file to archive - # %f = file name only - # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' -#archive_timeout = 0 # force a logfile segment switch after this - # number of seconds; 0 disables - -# - Archive Recovery - - -# These are only used in recovery mode. - -#restore_command = '' # command to use to restore an archived logfile segment - # placeholders: %p = path of file to restore - # %f = file name only - # e.g. 'cp /mnt/server/archivedir/%f %p' -#archive_cleanup_command = '' # command to execute at every restartpoint -#recovery_end_command = '' # command to execute at completion of recovery - -# - Recovery Target - - -# Set these only when performing a targeted recovery. - -#recovery_target = '' # 'immediate' to end recovery as soon as a - # consistent state is reached - # (change requires restart) -#recovery_target_name = '' # the named restore point to which recovery will proceed - # (change requires restart) -#recovery_target_time = '' # the time stamp up to which recovery will proceed - # (change requires restart) -#recovery_target_xid = '' # the transaction ID up to which recovery will proceed - # (change requires restart) -#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed - # (change requires restart) -#recovery_target_inclusive = on # Specifies whether to stop: - # just after the specified recovery target (on) - # just before the recovery target (off) - # (change requires restart) -#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID - # (change requires restart) -#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' - # (change requires restart) - +checkpoint_flush_after = 32 # measured in 8k pages, 0 disables #------------------------------------------------------------------------------ # REPLICATION @@ -295,218 +71,24 @@ checkpoint_flush_after = 256kB # measured in pages, 0 disables # Set these on the primary and on any standby that will send replication data. -max_wal_senders = 10 # max number of walsender processes - # (change requires restart) -max_replication_slots = 5 # max number of replication slots - # (change requires restart) -#wal_keep_size = 0 # in megabytes; 0 disables +max_wal_senders = 10 # max number of walsender processes (change requires restart) +max_replication_slots = 5 # max number of replication slots (change requires restart) max_slot_wal_keep_size = 4096 # in megabytes; -1 disables -#wal_sender_timeout = 60s # in milliseconds; 0 disables -#track_commit_timestamp = off # collect timestamp of transaction commit - # (change requires restart) - -# - Primary Server - - -# These settings are ignored on a standby server. - -#synchronous_standby_names = '' # standby servers that provide sync rep - # method to choose sync standbys, number of sync standbys, - # and comma-separated list of application_name - # from standby(s); '*' = all -#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed - -# - Standby Servers - - -# These settings are ignored on a primary server. - -#primary_conninfo = '' # connection string to sending server -#primary_slot_name = '' # replication slot on sending server -#promote_trigger_file = '' # file name whose presence ends recovery -#hot_standby = on # "off" disallows queries during recovery - # (change requires restart) -#max_standby_archive_delay = 30s # max delay before canceling queries - # when reading WAL from archive; - # -1 allows indefinite delay -#max_standby_streaming_delay = 30s # max delay before canceling queries - # when reading streaming WAL; - # -1 allows indefinite delay -#wal_receiver_create_temp_slot = off # create temp slot if primary_slot_name - # is not set -#wal_receiver_status_interval = 10s # send replies at least this often - # 0 disables -#hot_standby_feedback = off # send info from standby to prevent - # query conflicts -#wal_receiver_timeout = 60s # time that receiver waits for - # communication from primary - # in milliseconds; 0 disables -#wal_retrieve_retry_interval = 5s # time to wait before retrying to - # retrieve WAL after a failed attempt -#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery - -# - Subscribers - - -# These settings are ignored on a publisher. - -#max_logical_replication_workers = 4 # taken from max_worker_processes - # (change requires restart) -#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers - #------------------------------------------------------------------------------ # QUERY TUNING #------------------------------------------------------------------------------ -# - Planner Method Configuration - - -#enable_async_append = on -#enable_bitmapscan = on -#enable_gathermerge = on -#enable_hashagg = on -#enable_hashjoin = on -#enable_incremental_sort = on -#enable_indexscan = on -#enable_indexonlyscan = on -#enable_material = on -#enable_resultcache = on -#enable_mergejoin = on -#enable_nestloop = on -#enable_parallel_append = on -#enable_parallel_hash = on -#enable_partition_pruning = on -#enable_partitionwise_join = off -#enable_partitionwise_aggregate = off -#enable_seqscan = on -#enable_sort = on -#enable_tidscan = on - # - Planner Cost Constants - -#seq_page_cost = 1.0 # measured on an arbitrary scale -#random_page_cost = 4.0 # same scale as above -#cpu_tuple_cost = 0.01 # same scale as above -#cpu_index_tuple_cost = 0.005 # same scale as above -#cpu_operator_cost = 0.0025 # same scale as above -#parallel_setup_cost = 1000.0 # same scale as above -#parallel_tuple_cost = 0.1 # same scale as above -#min_parallel_table_scan_size = 8MB -#min_parallel_index_scan_size = 512kB effective_cache_size = 128MB -#jit_above_cost = 100000 # perform JIT compilation if available - # and query more expensive than this; - # -1 disables -#jit_inline_above_cost = 500000 # inline small functions if query is - # more expensive than this; -1 disables -#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if - # query is more expensive than this; - # -1 disables - -# - Genetic Query Optimizer - - -#geqo = on -#geqo_threshold = 12 -#geqo_effort = 5 # range 1-10 -#geqo_pool_size = 0 # selects default based on effort -#geqo_generations = 0 # selects default based on effort -#geqo_selection_bias = 2.0 # range 1.5-2.0 -#geqo_seed = 0.0 # range 0.0-1.0 - -# - Other Planner Options - - -#default_statistics_target = 100 # range 1-10000 -#constraint_exclusion = partition # on, off, or partition -#cursor_tuple_fraction = 0.1 # range 0.0-1.0 -#from_collapse_limit = 8 -#jit = on # allow JIT compilation -#join_collapse_limit = 8 # 1 disables collapsing of explicit - # JOIN clauses -#plan_cache_mode = auto # auto, force_generic_plan or - # force_custom_plan - - #------------------------------------------------------------------------------ # REPORTING AND LOGGING #------------------------------------------------------------------------------ -include = '/etc/postgresql/logging.conf' - -# These are relevant when logging to syslog: -#syslog_facility = 'LOCAL0' -#syslog_ident = 'postgres' -#syslog_sequence_numbers = on -#syslog_split_messages = on - -# This is only relevant when logging to eventlog (Windows): -# (change requires restart) -#event_source = 'PostgreSQL' - -# - When to Log - - -#log_min_messages = warning # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # info - # notice - # warning - # error - # log - # fatal - # panic - -#log_min_error_statement = error # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # info - # notice - # warning - # error - # log - # fatal - # panic (effectively off) - -#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements - # and their durations, > 0 logs only - # statements running at least this number - # of milliseconds - -#log_min_duration_sample = -1 # -1 is disabled, 0 logs a sample of statements - # and their durations, > 0 logs only a sample of - # statements running at least this number - # of milliseconds; - # sample fraction is determined by log_statement_sample_rate - -#log_statement_sample_rate = 1.0 # fraction of logged statements exceeding - # log_min_duration_sample to be logged; - # 1.0 logs all such statements, 0.0 never logs - - -#log_transaction_sample_rate = 0.0 # fraction of transactions whose statements - # are logged regardless of their duration; 1.0 logs all - # statements from all transactions, 0.0 never logs - # - What to Log - -#debug_print_parse = off -#debug_print_rewritten = off -#debug_print_plan = off -#debug_pretty_print = on -#log_autovacuum_min_duration = -1 # log autovacuum activity; - # -1 disables, 0 logs all actions and - # their durations, > 0 logs only - # actions running at least this number - # of milliseconds. -#log_checkpoints = off -#log_connections = off -#log_disconnections = off -#log_duration = off -#log_error_verbosity = default # terse, default, or verbose messages -#log_hostname = off log_line_prefix = '%h %m [%p] %q%u@%d ' # special values: # %a = application name # %u = user name @@ -531,86 +113,14 @@ log_line_prefix = '%h %m [%p] %q%u@%d ' # special values: # processes # %% = '%' # e.g. '<%u%%%d> ' -#log_lock_waits = off # log lock waits >= deadlock_timeout -#log_recovery_conflict_waits = off # log standby recovery conflict waits - # >= deadlock_timeout -#log_parameter_max_length = -1 # when logging statements, limit logged - # bind-parameter values to N bytes; - # -1 means print in full, 0 disables -#log_parameter_max_length_on_error = 0 # when logging an error, limit logged - # bind-parameter values to N bytes; - # -1 means print in full, 0 disables log_statement = 'ddl' # none, ddl, mod, all -#log_replication_commands = off -#log_temp_files = -1 # log temporary files equal or larger - # than the specified size in kilobytes; - # -1 disables, 0 logs all temp files log_timezone = 'UTC' #------------------------------------------------------------------------------ # PROCESS TITLE #------------------------------------------------------------------------------ -cluster_name = 'main' # added to process titles if nonempty - # (change requires restart) -#update_process_title = on - - -#------------------------------------------------------------------------------ -# STATISTICS -#------------------------------------------------------------------------------ - -# - Query and Index Statistics Collector - - -#track_activities = on -#track_activity_query_size = 1024 # (change requires restart) -#track_counts = on -#track_io_timing = off -#track_wal_io_timing = off -#track_functions = none # none, pl, all -#stats_temp_directory = 'pg_stat_tmp' - - -# - Monitoring - - -#compute_query_id = auto -#log_statement_stats = off -#log_parser_stats = off -#log_planner_stats = off -#log_executor_stats = off - - -#------------------------------------------------------------------------------ -# AUTOVACUUM -#------------------------------------------------------------------------------ - -#autovacuum = on # Enable autovacuum subprocess? 'on' - # requires track_counts to also be on. -#autovacuum_max_workers = 3 # max number of autovacuum subprocesses - # (change requires restart) -#autovacuum_naptime = 1min # time between autovacuum runs -#autovacuum_vacuum_threshold = 50 # min number of row updates before - # vacuum -#autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts - # before vacuum; -1 disables insert - # vacuums -#autovacuum_analyze_threshold = 50 # min number of row updates before - # analyze -#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum -#autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table - # size before insert vacuum -#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze -#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum - # (change requires restart) -#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age - # before forced vacuum - # (change requires restart) -#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for - # autovacuum, in milliseconds; - # -1 means use vacuum_cost_delay -#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for - # autovacuum, -1 means use - # vacuum_cost_limit +cluster_name = 'main' # added to process titles if nonempty (change requires restart) #------------------------------------------------------------------------------ @@ -619,63 +129,15 @@ cluster_name = 'main' # added to process titles if nonempty # - Statement Behavior - -#client_min_messages = notice # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # log - # notice - # warning - # error -#search_path = '"$user", public' # schema names row_security = on -#default_table_access_method = 'heap' -#default_tablespace = '' # a tablespace name, '' uses the default -#default_toast_compression = 'pglz' # 'pglz' or 'lz4' -#temp_tablespaces = '' # a list of tablespace names, '' uses - # only default tablespace -#check_function_bodies = on -#default_transaction_isolation = 'read committed' -#default_transaction_read_only = off -#default_transaction_deferrable = off -#session_replication_role = 'origin' -#statement_timeout = 0 # in milliseconds, 0 is disabled -#lock_timeout = 0 # in milliseconds, 0 is disabled -#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled -#idle_session_timeout = 0 # in milliseconds, 0 is disabled -#vacuum_freeze_table_age = 150000000 -#vacuum_freeze_min_age = 50000000 -#vacuum_failsafe_age = 1600000000 -#vacuum_multixact_freeze_table_age = 150000000 -#vacuum_multixact_freeze_min_age = 5000000 -#vacuum_multixact_failsafe_age = 1600000000 -#bytea_output = 'hex' # hex, escape -#xmlbinary = 'base64' -#xmloption = 'content' -#gin_pending_list_limit = 4MB # - Locale and Formatting - -#datestyle = 'iso, mdy' -#intervalstyle = 'postgres' timezone = 'UTC' -#timezone_abbreviations = 'Default' # Select the set of available time zone - # abbreviations. Currently, there are - # Default - # Australia (historical usage) - # India - # You can create your own file in - # share/timezonesets/. -extra_float_digits = 0 # min -15, max 3; any value >0 actually - # selects precise output mode -#client_encoding = sql_ascii # actually, defaults to database - # encoding +extra_float_digits = 0 # min -15, max 3; any value >0 actually selects precise output mode # These settings are initialized by initdb, but they can be changed. -lc_messages = 'en_US.UTF-8' # locale for system error message - # strings +lc_messages = 'en_US.UTF-8' # locale for system error message strings lc_monetary = 'en_US.UTF-8' # locale for monetary formatting lc_numeric = 'en_US.UTF-8' # locale for number formatting lc_time = 'en_US.UTF-8' # locale for time formatting @@ -685,63 +147,9 @@ default_text_search_config = 'pg_catalog.english' # - Shared Library Preloading - -#local_preload_libraries = '' -#session_preload_libraries = '' - shared_preload_libraries = 'pg_stat_statements, pgaudit, plpgsql, plpgsql_check, pg_cron, pg_net, pgsodium, timescaledb, auto_explain, pg_tle, plan_filter, supabase_vault' # (change requires restart) jit_provider = 'llvmjit' # JIT library to use -# - Other Defaults - - -#dynamic_library_path = '$libdir' -#gin_fuzzy_search_limit = 0 - -#------------------------------------------------------------------------------ -# LOCK MANAGEMENT -#------------------------------------------------------------------------------ - -#deadlock_timeout = 1s -#max_locks_per_transaction = 64 # min 10 - # (change requires restart) -#max_pred_locks_per_transaction = 64 # min 10 - # (change requires restart) -#max_pred_locks_per_relation = -2 # negative values mean - # (max_pred_locks_per_transaction - # / -max_pred_locks_per_relation) - 1 -#max_pred_locks_per_page = 2 # min 0 - - -#------------------------------------------------------------------------------ -# VERSION AND PLATFORM COMPATIBILITY -#------------------------------------------------------------------------------ - -# - Previous PostgreSQL Versions - - -#array_nulls = on -#backslash_quote = safe_encoding # on, off, or safe_encoding -#escape_string_warning = on -#lo_compat_privileges = off -#quote_all_identifiers = off -#standard_conforming_strings = on -#synchronize_seqscans = on - -# - Other Platforms and Clients - - -#transform_null_equals = off - - -#------------------------------------------------------------------------------ -# ERROR HANDLING -#------------------------------------------------------------------------------ - -#exit_on_error = off # terminate session on any error? -#restart_after_crash = on # reinitialize after backend crash? -#data_sync_retry = off # retry or panic on failure to fsync - # data? - # (change requires restart) -#recovery_init_sync_method = fsync # fsync, syncfs (Linux 5.8+) - - #------------------------------------------------------------------------------ # CONFIG FILE INCLUDES #------------------------------------------------------------------------------ @@ -765,8 +173,3 @@ jit_provider = 'llvmjit' # JIT library to use #include = '/etc/postgresql-custom/supautils.conf' include_dir = '/etc/postgresql-custom/conf.d' # include files ending in '.conf' from a directory, e.g., 'conf.d' -#------------------------------------------------------------------------------ -# CUSTOMIZED OPTIONS -#------------------------------------------------------------------------------ - -# Add settings for extensions here diff --git a/ansible/tasks/finalize-ami.yml b/ansible/tasks/finalize-ami.yml index a02333e7d..df6a52315 100644 --- a/ansible/tasks/finalize-ami.yml +++ b/ansible/tasks/finalize-ami.yml @@ -1,6 +1,6 @@ - name: PG logging conf - ansible.builtin.template: - dest: '/etc/postgresql/logging.conf' + ansible.builtin.copy: + dest: '/etc/postgresql-custom/conf.d/logging.conf' group: 'postgres' src: 'files/postgresql_config/postgresql-csvlog.conf' @@ -8,7 +8,7 @@ ansible.builtin.template: dest: "/etc/postgresql-custom/conf.d/{{ ext_item }}.conf" group: 'postgres' - src: "files/postgresql_config/conf.d/{{ ext_item }}.conf" + src: "files/postgresql_config/conf.d/{{ ext_item | split('_') | join('') }}.conf" loop: - auto_explain - pg_cron diff --git a/ansible/tasks/internal/supautils.yml b/ansible/tasks/internal/supautils.yml index 33811b5ac..bf04af603 100644 --- a/ansible/tasks/internal/supautils.yml +++ b/ansible/tasks/internal/supautils.yml @@ -32,17 +32,10 @@ target: install become: yes -- name: supautils - add supautils to session_preload_libraries - become: yes - replace: - path: /etc/postgresql/postgresql.conf - regexp: "#session_preload_libraries = ''" - replace: session_preload_libraries = 'supautils' - - name: supautils - write custom supautils.conf - template: - src: "files/postgresql_config/supautils.conf.j2" - dest: /etc/postgresql-custom/supautils.conf + copy: + src: "files/postgresql_config/conf.d/supautils.conf" + dest: /etc/postgresql-custom/conf.d/supautils.conf mode: 0664 owner: postgres group: postgres @@ -62,13 +55,6 @@ recurse: yes become: yes -- name: supautils - include /etc/postgresql-custom/supautils.conf in postgresql.conf - become: yes - replace: - path: /etc/postgresql/postgresql.conf - regexp: "#include = '/etc/postgresql-custom/supautils.conf'" - replace: "include = '/etc/postgresql-custom/supautils.conf'" - - name: supautils - remove build dependencies apt: pkg: diff --git a/ansible/tasks/setup-docker.yml b/ansible/tasks/setup-docker.yml index 6a3a12cc4..ea0494763 100644 --- a/ansible/tasks/setup-docker.yml +++ b/ansible/tasks/setup-docker.yml @@ -38,30 +38,23 @@ become: true - name: debpkg_mode or stage2_nix actions + become: true when: - - (debpkg_mode or stage2_nix) + - (debpkg_mode or stage2_nix or nixpkg_mode) block: # supautils - - name: supautils - add supautils to session_preload_libraries - ansible.builtin.replace: - path: '/etc/postgresql/postgresql.conf' - regexp: "#session_preload_libraries = ''" - replace: "session_preload_libraries = 'supautils'" - become: true - - name: supautils - write custom supautils.conf - ansible.builtin.template: - dest: '/etc/postgresql-custom/supautils.conf' + ansible.builtin.copy: + dest: '/etc/postgresql-custom/conf.d/supautils.conf' mode: '0664' group: 'postgres' owner: 'postgres' - src: 'files/postgresql_config/supautils.conf.j2' + src: 'files/postgresql_config/conf.d/supautils.conf' - name: supautils - copy extension custom scripts ansible.builtin.copy: dest: '/etc/postgresql-custom/extension-custom-scripts' src: 'files/postgresql_extension_custom_scripts/' - become: true - name: supautils - chown extension custom scripts ansible.builtin.file: @@ -70,14 +63,6 @@ owner: 'postgres' path: '/etc/postgresql-custom/extension-custom-scripts' recurse: true - become: true - - - name: supautils - include /etc/postgresql-custom/supautils.conf in postgresql.conf - ansible.builtin.replace: - path: '/etc/postgresql/postgresql.conf' - regexp: "#include = '/etc/postgresql-custom/supautils.conf'" - replace: "include = '/etc/postgresql-custom/supautils.conf'" - become: true - name: Cleanup - extension packages ansible.builtin.file: diff --git a/ansible/tasks/setup-postgres.yml b/ansible/tasks/setup-postgres.yml index 465117031..e23c0445a 100644 --- a/ansible/tasks/setup-postgres.yml +++ b/ansible/tasks/setup-postgres.yml @@ -175,12 +175,40 @@ group: 'postgres' src: 'files/postgresql_config/conf.d/read_replica.conf' -# Install extensions before init -- name: Install Postgres extensions - ansible.builtin.import_tasks: - file: 'tasks/setup-docker.yml' - when: - - (debpkg_mode or stage2_nix) + - name: create placeholder config files + ansible.builtin.file: + group: postgres + mode: 0664 + owner: postgres + path: '/etc/postgresql-custom/conf.d/{{ item }}' + state: touch + with_items: + - 'generated-optimizations.conf' + - 'custom-overrides.conf' + + - name: import postgresql.conf, pg_hba.conf, and pg_ident.conf + ansible.builtin.template: + dest: /etc/postgresql/{{ conf_item }} + group: postgres + src: files/postgresql_config/{{ conf_item }}.j2 + loop: + - postgresql.conf + - pg_hba.conf + - pg_ident.conf + loop_control: + loop_var: conf_item + + - name: Move custom read-replica.conf file to /etc/postgresql-custom/conf.d/read-replica.conf + ansible.builtin.copy: + dest: /etc/postgresql-custom/conf.d/read-replica.conf + group: postgres + mode: 0664 + owner: postgres + src: "files/postgresql_config/conf.d/read-replica.conf" + + - name: Install Postgres extensions + ansible.builtin.import_tasks: + file: 'tasks/setup-docker.yml' #stage 2 postgres tasks - name: stage2 postgres tasks @@ -210,11 +238,22 @@ src: '/data/pgdata' state: 'link' + - command: ls -ld /var/lib/postgresql/data + register: pgdata + - debug: + msg: "{{ pgdata.stdout }}" - name: Initialize the database become: true become_user: 'postgres' ansible.builtin.command: - cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data initdb -o "--allow-group-access" -o "--data-checksums" -o "--username=supabase_admin" + argv: + - /var/lib/postgresql/.nix-profile/bin/initdb + - -D /var/lib/postgresql/data + - --allow-group-access + - --data-checksums + - --username=supabase_admin + args: + creates: /var/lib/postgresql/data/PG_VERSION vars: ansible_command_timeout: 60 when: @@ -229,7 +268,7 @@ when: - nixpkg_mode -- name: Check psql_version and modify supautils.conf and postgresql.conf if necessary +- name: Check psql_version and call initdb appropriately when: - stage2_nix block: @@ -238,11 +277,22 @@ is_psql_17: "{{ psql_version in ['psql_17'] }}" is_psql_oriole: "{{ psql_version in ['psql_orioledb-17'] }}" + - command: ls -ld /var/lib/postgresql/data + register: pgdata + - debug: + msg: "{{ pgdata.stdout }}" - name: Initialize the database stage2_nix (non-orioledb) become: true become_user: 'postgres' ansible.builtin.command: - cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data initdb -o "--allow-group-access" -o "--username=supabase_admin" + argv: + - /var/lib/postgresql/.nix-profile/bin/initdb + - -D /var/lib/postgresql/data + - --allow-group-access + - --data-checksums + - --username=supabase_admin + args: + creates: /var/lib/postgresql/data/PG_VERSION environment: LANG: en_US.UTF-8 LANGUAGE: en_US.UTF-8 @@ -259,7 +309,17 @@ become: true become_user: 'postgres' ansible.builtin.command: - cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data initdb -o "--allow-group-access" -o "--username=supabase_admin" -o "--locale-provider=icu" -o "--encoding=UTF-8" -o "--icu-locale=en_US.UTF-8" + argv: + - /var/lib/postgresql/.nix-profile/bin/initdb + - -D /var/lib/postgresql/data + - --allow-group-access + - --data-checksums + - --username=supabase_admin + - --locale-provider=icu + - --encoding=UTF-8 + - --icu-locale=en_US.UTF-8 + args: + creates: /var/lib/postgresql/data/PG_VERSION environment: LANG: en_US.UTF-8 LANGUAGE: en_US.UTF-8 @@ -294,6 +354,19 @@ - stage2_nix - qemu_mode is defined +- name: Symlink the conf files in PGDATA to the actually-in-use conf files + ansible.builtin.file: + force: true + path: /var/lib/postgresql/data/{{ conf_item }} + src: /etc/postgresql/{{ conf_item }} + state: link + loop: + - pg_hba.conf + - pg_ident.conf + - postgresql.conf + loop_control: + loop_var: conf_item + - name: Restart Postgres Database without Systemd become: true become_user: 'postgres' diff --git a/ansible/tasks/setup-supabase-internal.yml b/ansible/tasks/setup-supabase-internal.yml index d59062012..7650d42b5 100644 --- a/ansible/tasks/setup-supabase-internal.yml +++ b/ansible/tasks/setup-supabase-internal.yml @@ -75,20 +75,6 @@ state: 'directory' become: true -- name: Include file for generated optimizations in postgresql.conf - ansible.builtin.replace: - path: '/etc/postgresql/postgresql.conf' - regexp: "#include = '/etc/postgresql-custom/generated-optimizations.conf'" - replace: "include = '/etc/postgresql-custom/generated-optimizations.conf'" - become: true - -- name: Include file for custom overrides in postgresql.conf - ansible.builtin.replace: - path: '/etc/postgresql/postgresql.conf' - regexp: "#include = '/etc/postgresql-custom/custom-overrides.conf'" - replace: "include = '/etc/postgresql-custom/custom-overrides.conf'" - become: true - - name: Install Postgres exporter ansible.builtin.import_tasks: file: internal/postgres-exporter.yml diff --git a/ansible/tasks/setup-wal-g.yml b/ansible/tasks/setup-wal-g.yml index 7f8048f90..43af3803e 100644 --- a/ansible/tasks/setup-wal-g.yml +++ b/ansible/tasks/setup-wal-g.yml @@ -54,14 +54,6 @@ path: '/etc/wal-g/config.json' state: 'touch' - - name: Move custom wal-g.conf file to /etc/postgresql-custom/wal-g.conf - ansible.builtin.template: - dest: '/etc/postgresql-custom/wal-g.conf' - group: 'postgres' - mode: '0664' - owner: 'postgres' - src: 'files/postgresql_config/custom_walg.conf.j2' - - name: Add script to be run for restore_command ansible.builtin.template: dest: '/home/postgres/wal_fetch.sh' @@ -77,9 +69,10 @@ owner: 'root' src: 'files/walg_helper_scripts/wal_change_ownership.sh' - - name: Include /etc/postgresql-custom/wal-g.conf in postgresql.conf - ansible.builtin.replace: - path: '/etc/postgresql/postgresql.conf' - regexp: "#include = '/etc/postgresql-custom/wal-g.conf'" - replace: "include = '/etc/postgresql-custom/wal-g.conf'" - become: true + - name: Move custom wal-g.conf file to /etc/postgresql-custom/conf.d/wal-g.conf + ansible.builtin.copy: + dest: '/etc/postgresql-custom/conf.d/wal-g.conf' + group: 'postgres' + mode: '0664' + owner: 'postgres' + src: 'files/postgresql_config/conf.d/wal-g.conf' diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml index 862fe9260..3a1565e01 100644 --- a/ansible/tasks/stage2-setup-postgres.yml +++ b/ansible/tasks/stage2-setup-postgres.yml @@ -20,7 +20,7 @@ - name: Remove specified extensions from supautils.conf if orioledb-17 or 17 build ansible.builtin.replace: - path: '/etc/postgresql-custom/supautils.conf' + path: '/etc/postgresql-custom/conf.d/supautils.conf' regexp: "{{ regex_item }}" loop: - '\ timescaledb,' diff --git a/logfile b/logfile new file mode 100644 index 000000000..1e642ed23 --- /dev/null +++ b/logfile @@ -0,0 +1,29 @@ +2025-12-01 11:36:04.870 EST [4403] LOG: starting PostgreSQL 18.1 (Homebrew) on aarch64-apple-darwin25.1.0, compiled by Apple clang version 17.0.0 (clang-1700.4.4.1), 64-bit +2025-12-01 11:36:04.871 EST [4403] LOG: listening on IPv6 address "::1", port 5432 +2025-12-01 11:36:04.871 EST [4403] LOG: listening on IPv4 address "127.0.0.1", port 5432 +2025-12-01 11:36:04.872 EST [4403] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432" +2025-12-01 11:36:04.874 EST [4409] LOG: database system was shut down at 2025-12-01 11:35:52 EST +2025-12-01 11:36:04.875 EST [4403] LOG: database system is ready to accept connections +2025-12-01 11:36:11.129 EST [4438] FATAL: database "doug" does not exist +2025-12-01 11:37:27.997 EST [4403] LOG: received fast shutdown request +2025-12-01 11:37:27.997 EST [4403] LOG: aborting any active transactions +2025-12-01 11:37:27.999 EST [4403] LOG: background worker "logical replication launcher" (PID 4412) exited with exit code 1 +2025-12-01 11:37:27.999 EST [4407] LOG: shutting down +2025-12-01 11:37:27.999 EST [4407] LOG: checkpoint starting: shutdown immediate +2025-12-01 11:37:28.002 EST [4407] LOG: checkpoint complete: wrote 30 buffers (0.2%), wrote 3 SLRU buffers; 0 WAL file(s) added, 0 removed, 0 recycled; write=0.002 s, sync=0.001 s, total=0.004 s; sync files=31, longest=0.001 s, average=0.001 s; distance=136 kB, estimate=136 kB; lsn=0/17AD1B8, redo lsn=0/17AD1B8 +2025-12-01 11:37:28.004 EST [4403] LOG: database system is shut down +2025-12-01 11:37:42.780 EST [4532] LOG: starting PostgreSQL 18.1 (Homebrew) on aarch64-apple-darwin25.1.0, compiled by Apple clang version 17.0.0 (clang-1700.4.4.1), 64-bit +2025-12-01 11:37:42.781 EST [4532] LOG: listening on IPv6 address "::1", port 5432 +2025-12-01 11:37:42.781 EST [4532] LOG: listening on IPv4 address "127.0.0.1", port 5432 +2025-12-01 11:37:42.782 EST [4532] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432" +2025-12-01 11:37:42.784 EST [4538] LOG: database system was shut down at 2025-12-01 11:37:28 EST +2025-12-01 11:37:42.786 EST [4532] LOG: database system is ready to accept connections +2025-12-01 11:42:42.783 EST [4536] LOG: checkpoint starting: time +2025-12-01 11:42:47.440 EST [4536] LOG: checkpoint complete: wrote 46 buffers (0.3%), wrote 3 SLRU buffers; 0 WAL file(s) added, 0 removed, 0 recycled; write=4.653 s, sync=0.002 s, total=4.658 s; sync files=13, longest=0.001 s, average=0.001 s; distance=350 kB, estimate=350 kB; lsn=0/1804BC8, redo lsn=0/1804B70 +2025-12-02 08:51:19.515 EST [4532] LOG: received fast shutdown request +2025-12-02 08:51:19.516 EST [4532] LOG: aborting any active transactions +2025-12-02 08:51:19.561 EST [4532] LOG: background worker "logical replication launcher" (PID 4541) exited with exit code 1 +2025-12-02 08:51:19.580 EST [4536] LOG: shutting down +2025-12-02 08:51:19.581 EST [4536] LOG: checkpoint starting: shutdown immediate +2025-12-02 08:51:19.583 EST [4536] LOG: checkpoint complete: wrote 0 buffers (0.0%), wrote 0 SLRU buffers; 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s, sync=0.001 s, total=0.003 s; sync files=0, longest=0.000 s, average=0.000 s; distance=0 kB, estimate=315 kB; lsn=0/1804C78, redo lsn=0/1804C78 +2025-12-02 08:51:19.590 EST [4532] LOG: database system is shut down diff --git a/migrations/tests/extensions/01-postgis.sql b/migrations/tests/extensions/01-postgis.sql index 6c3e154e3..703e892b4 100644 --- a/migrations/tests/extensions/01-postgis.sql +++ b/migrations/tests/extensions/01-postgis.sql @@ -2,6 +2,10 @@ begin; do $_$ begin if not exists (select 1 from pg_extension where extname = 'orioledb') then + -- create address_standardizer and dependencies first to ensure correct schema placement + create extension if not exists address_standardizer with schema extensions; + create extension if not exists address_standardizer_data_us with schema extensions; + -- create postgis tiger as supabase_admin create extension if not exists postgis_tiger_geocoder cascade; diff --git a/nix/checks.nix b/nix/checks.nix index 81e0b4117..828cd397b 100644 --- a/nix/checks.nix +++ b/nix/checks.nix @@ -341,9 +341,8 @@ check_postgres_ready - log info "Loading prime SQL file" - if ! log_cmd psql -p ${pgPort} -h localhost --no-password --username=supabase_admin -d postgres -v ON_ERROR_STOP=1 -Xf ${./tests/prime.sql} 2>&1; then - log error "Error executing SQL file" + if ! psql -p ${pgPort} -h ${self.supabase.defaults.host} --no-password --username=supabase_admin -d postgres -v ON_ERROR_STOP=1 -Xf ${./tests/prime-production.sql}; then + echo "Error executing SQL file" exit 1 fi diff --git a/nix/tests/expected/evtrigs.out b/nix/tests/expected/evtrigs.out index 3e3f523fc..fa155774c 100644 --- a/nix/tests/expected/evtrigs.out +++ b/nix/tests/expected/evtrigs.out @@ -1,3 +1,5 @@ +BEGIN; +set client_min_messages = warning; select e.evtname, e.evtowner::regrole as evtowner, @@ -10,19 +12,19 @@ join pg_proc p join pg_namespace n_func on p.pronamespace = n_func.oid where p.prorettype = 'event_trigger'::regtype; - evtname | evtowner | evtfunction_schema | evtfunction | function_owner -----------------------------------------+----------------+--------------------+------------------------------------+---------------- - issue_pg_graphql_access | supabase_admin | extensions | grant_pg_graphql_access | supabase_admin - issue_graphql_placeholder | supabase_admin | extensions | set_graphql_placeholder | supabase_admin - pgrst_ddl_watch | supabase_admin | extensions | pgrst_ddl_watch | supabase_admin - pgrst_drop_watch | supabase_admin | extensions | pgrst_drop_watch | supabase_admin - graphql_watch_ddl | supabase_admin | graphql | graphql.increment_schema_version | supabase_admin - graphql_watch_drop | supabase_admin | graphql | graphql.increment_schema_version | supabase_admin - issue_pg_cron_access | supabase_admin | extensions | grant_pg_cron_access | supabase_admin - issue_pg_net_access | supabase_admin | extensions | grant_pg_net_access | supabase_admin - pg_tle_event_trigger_for_drop_function | supabase_admin | pgtle | pgtle.pg_tle_feature_info_sql_drop | supabase_admin - pgaudit_ddl_command_end | supabase_admin | public | pgaudit_ddl_command_end | supabase_admin - pgaudit_sql_drop | supabase_admin | public | pgaudit_sql_drop | supabase_admin - pgsodium_trg_mask_update | supabase_admin | pgsodium | pgsodium.trg_mask_update | supabase_admin -(12 rows) + evtname | evtowner | evtfunction_schema | evtfunction | function_owner +---------------------------+----------------+--------------------+----------------------------------+---------------- + issue_pg_graphql_access | supabase_admin | extensions | grant_pg_graphql_access | supabase_admin + issue_graphql_placeholder | supabase_admin | extensions | set_graphql_placeholder | supabase_admin + pgrst_ddl_watch | supabase_admin | extensions | pgrst_ddl_watch | supabase_admin + pgrst_drop_watch | supabase_admin | extensions | pgrst_drop_watch | supabase_admin + graphql_watch_ddl | supabase_admin | graphql | graphql.increment_schema_version | supabase_admin + graphql_watch_drop | supabase_admin | graphql | graphql.increment_schema_version | supabase_admin + issue_pg_cron_access | supabase_admin | extensions | grant_pg_cron_access | supabase_admin + issue_pg_net_access | supabase_admin | extensions | grant_pg_net_access | supabase_admin + pgaudit_ddl_command_end | supabase_admin | extensions | pgaudit_ddl_command_end | supabase_admin + pgaudit_sql_drop | supabase_admin | extensions | pgaudit_sql_drop | supabase_admin + pgsodium_trg_mask_update | supabase_admin | pgsodium | pgsodium.trg_mask_update | supabase_admin +(11 rows) +ROLLBACK; diff --git a/nix/tests/expected/extensions_schema.out b/nix/tests/expected/extensions_schema.out index 7d3dffa95..483f543f2 100644 --- a/nix/tests/expected/extensions_schema.out +++ b/nix/tests/expected/extensions_schema.out @@ -1,3 +1,5 @@ +BEGIN; +set client_min_messages = warning; -- all default extensions are installed in a schema "extensions" -- we don't include the version as that will break often, we only care about -- ensuring these extensions are present @@ -15,8 +17,13 @@ order by e.extname; extension_name | schema_name | extension_owner --------------------+-------------+----------------- + dblink | extensions | supabase_admin + pg_repack | extensions | supabase_admin pg_stat_statements | extensions | supabase_admin + pgaudit | extensions | supabase_admin pgcrypto | extensions | supabase_admin + postgis | extensions | supabase_admin uuid-ossp | extensions | supabase_admin -(3 rows) +(7 rows) +ROLLBACK; diff --git a/nix/tests/expected/http.out b/nix/tests/expected/http.out index d83488006..1550966c0 100644 --- a/nix/tests/expected/http.out +++ b/nix/tests/expected/http.out @@ -1,5 +1,8 @@ -- Test for http extension -- Basic HTTP functionality tests +BEGIN; +set client_min_messages = warning; +create extension if not exists http with schema extensions; -- Test basic HTTP GET request SELECT status FROM http_get('http://localhost:' || (SELECT value FROM test_config WHERE key = 'http_mock_port') || '/get'); status @@ -103,3 +106,4 @@ SELECT status FROM http_get('http://localhost:' || (SELECT value FROM test_confi 200 (1 row) +ROLLBACK; diff --git a/nix/tests/expected/hypopg.out b/nix/tests/expected/hypopg.out index 35c8a5b2d..48bd03deb 100644 --- a/nix/tests/expected/hypopg.out +++ b/nix/tests/expected/hypopg.out @@ -1,3 +1,6 @@ +BEGIN; +set client_min_messages = warning; +create extension if not exists hypopg with schema extensions; create schema v; create table v.samp( id int @@ -11,4 +14,4 @@ $$); (1 row) drop schema v cascade; -NOTICE: drop cascades to table v.samp +ROLLBACK; diff --git a/nix/tests/expected/index_advisor.out b/nix/tests/expected/index_advisor.out index 5a269ba54..0bb29e29b 100644 --- a/nix/tests/expected/index_advisor.out +++ b/nix/tests/expected/index_advisor.out @@ -1,3 +1,7 @@ +BEGIN; +set client_min_messages = warning; +create extension if not exists hypopg with schema extensions; +create extension if not exists index_advisor with schema extensions; create schema v; create table v.book( id int primary key, @@ -13,4 +17,4 @@ from (1 row) drop schema v cascade; -NOTICE: drop cascades to table v.book +ROLLBACK; diff --git a/nix/tests/expected/pg_hashids.out b/nix/tests/expected/pg_hashids.out index 393218e93..a572fcc6c 100644 --- a/nix/tests/expected/pg_hashids.out +++ b/nix/tests/expected/pg_hashids.out @@ -1,3 +1,6 @@ +BEGIN; +set client_min_messages = warning; +create extension if not exists pg_hashids with schema extensions; select id_encode(1001); -- Result: jNl id_encode ----------- @@ -34,3 +37,4 @@ select id_decode('3GJ956J9B9', 'This is my salt', 10, 'abcdefghijABCDxFGHIJ12345 {1234567} (1 row) +ROLLBACK; diff --git a/nix/tests/expected/pg_jsonschema.out b/nix/tests/expected/pg_jsonschema.out index c291141ac..4870d9fab 100644 --- a/nix/tests/expected/pg_jsonschema.out +++ b/nix/tests/expected/pg_jsonschema.out @@ -1,4 +1,6 @@ begin; +set client_min_messages = warning; +create extension if not exists pg_jsonschema with schema extensions; -- Test json_matches_schema create table customer( id serial primary key, diff --git a/nix/tests/expected/pg_net.out b/nix/tests/expected/pg_net.out index 6b3ca5b4b..0c5b52982 100644 --- a/nix/tests/expected/pg_net.out +++ b/nix/tests/expected/pg_net.out @@ -1,3 +1,6 @@ +BEGIN; +set client_min_messages = warning; +create extension if not exists pg_net with schema extensions; -- This is a very basic test because you can't get the value returned -- by a pg_net request in the same transaction that created it; select @@ -9,3 +12,4 @@ select 1 (1 row) +ROLLBACK; diff --git a/nix/tests/expected/pg_tle.out b/nix/tests/expected/pg_tle.out index 387e63e03..724084a3f 100644 --- a/nix/tests/expected/pg_tle.out +++ b/nix/tests/expected/pg_tle.out @@ -1,4 +1,7 @@ +BEGIN; set client_min_messages = warning; +create schema if not exists pgtle; +create extension if not exists pg_tle with schema pgtle; select pgtle.install_extension( 'pg_distance', @@ -87,6 +90,4 @@ select t (1 row) --- Restore original state if any of the above fails -drop extension pg_tle cascade; -create extension pg_tle; +ROLLBACK; diff --git a/nix/tests/expected/pgmq.out b/nix/tests/expected/pgmq.out index 5314e226c..c0f82997a 100644 --- a/nix/tests/expected/pgmq.out +++ b/nix/tests/expected/pgmq.out @@ -1,3 +1,6 @@ +BEGIN; +set client_min_messages = warning; +create extension if not exists pgmq; -- pgmq is non-relocatable (schema = 'pgmq') -- Test the standard flow select pgmq.create('Foo'); @@ -121,24 +124,33 @@ select ); */ -- Make sure SQLI enabling characters are blocked +-- Use savepoints to test error conditions without aborting the transaction +SAVEPOINT test_invalid_names_1; select pgmq.create('F--oo'); ERROR: queue name contains invalid characters: $, ;, --, or \' CONTEXT: PL/pgSQL function pgmq.format_table_name(text,text) line 5 at RAISE PL/pgSQL function pgmq.create_non_partitioned(text) line 3 during statement block local variable initialization SQL statement "SELECT pgmq.create_non_partitioned(queue_name)" PL/pgSQL function pgmq."create"(text) line 3 at PERFORM +ROLLBACK TO SAVEPOINT test_invalid_names_1; +SAVEPOINT test_invalid_names_2; select pgmq.create('F$oo'); ERROR: queue name contains invalid characters: $, ;, --, or \' CONTEXT: PL/pgSQL function pgmq.format_table_name(text,text) line 5 at RAISE +SQL expression "pgmq.format_table_name(queue_name, 'q')" PL/pgSQL function pgmq.create_non_partitioned(text) line 3 during statement block local variable initialization SQL statement "SELECT pgmq.create_non_partitioned(queue_name)" PL/pgSQL function pgmq."create"(text) line 3 at PERFORM +ROLLBACK TO SAVEPOINT test_invalid_names_2; +SAVEPOINT test_invalid_names_3; select pgmq.create($$F'oo$$); ERROR: queue name contains invalid characters: $, ;, --, or \' CONTEXT: PL/pgSQL function pgmq.format_table_name(text,text) line 5 at RAISE +SQL expression "pgmq.format_table_name(queue_name, 'q')" PL/pgSQL function pgmq.create_non_partitioned(text) line 3 during statement block local variable initialization SQL statement "SELECT pgmq.create_non_partitioned(queue_name)" PL/pgSQL function pgmq."create"(text) line 3 at PERFORM +ROLLBACK TO SAVEPOINT test_invalid_names_3; \echo -- pgmq schema functions with owners (ownership is modified on ansible/files/postgresql_extension_custom_scripts/pgmq/after-create.sql) @@ -207,3 +219,4 @@ show search_path; "$user", public, auth, extensions (1 row) +ROLLBACK; diff --git a/nix/tests/expected/pgroonga.out b/nix/tests/expected/pgroonga.out index 5ceeed254..c649e1da0 100644 --- a/nix/tests/expected/pgroonga.out +++ b/nix/tests/expected/pgroonga.out @@ -1,3 +1,8 @@ +BEGIN; +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists pgroonga with schema extensions; +create extension if not exists pgroonga_database with schema extensions; create schema v; create table v.roon( id serial primary key, @@ -73,4 +78,4 @@ select * from v.roon where content &@~ 'supports'; (1 row) drop schema v cascade; -NOTICE: drop cascades to table v.roon +ROLLBACK; diff --git a/nix/tests/expected/pgrouting.out b/nix/tests/expected/pgrouting.out index 2362a72ed..cf7a012e5 100644 --- a/nix/tests/expected/pgrouting.out +++ b/nix/tests/expected/pgrouting.out @@ -1,3 +1,7 @@ +BEGIN; +set client_min_messages = warning; +create extension if not exists pgrouting with schema extensions; +create extension if not exists postgis with schema extensions; create schema v; -- create the roads table create table v.roads ( @@ -28,4 +32,4 @@ select * from pgr_dijkstra( (4 rows) drop schema v cascade; -NOTICE: drop cascades to table v.roads +ROLLBACK; diff --git a/nix/tests/expected/pgtap.out b/nix/tests/expected/pgtap.out index 272d8387d..ad5fc1890 100644 --- a/nix/tests/expected/pgtap.out +++ b/nix/tests/expected/pgtap.out @@ -1,4 +1,6 @@ begin; +set client_min_messages = warning; +create extension if not exists pgtap with schema extensions; select plan(1); plan ------ diff --git a/nix/tests/expected/plpgsql-check.out b/nix/tests/expected/plpgsql-check.out index 2b5bf8287..120128ae0 100644 --- a/nix/tests/expected/plpgsql-check.out +++ b/nix/tests/expected/plpgsql-check.out @@ -1,3 +1,6 @@ +BEGIN; +set client_min_messages = warning; +create extension if not exists plpgsql_check with schema extensions; create schema v; create table v.t1( a int, @@ -30,6 +33,4 @@ select * from plpgsql_check_function('v.f1()'); (2 rows) drop schema v cascade; -NOTICE: drop cascades to 2 other objects -DETAIL: drop cascades to table v.t1 -drop cascades to function v.f1() +ROLLBACK; diff --git a/nix/tests/expected/postgres_fdw.out b/nix/tests/expected/postgres_fdw.out index 40019e95d..b8062dd4f 100644 --- a/nix/tests/expected/postgres_fdw.out +++ b/nix/tests/expected/postgres_fdw.out @@ -10,6 +10,8 @@ https://github.com/supabase/postgres/blob/a638c6fce0baf90b654e762eddcdac1bc8df01 */ begin; +-- Create the extension within the test (matches production pattern) +create extension if not exists postgres_fdw with schema extensions; -- Switch to the postgres role (non-superuser) to test supautils behavior set role postgres; -- postgres_fdw should be owned by the superuser diff --git a/nix/tests/expected/roles.out b/nix/tests/expected/roles.out index 9c5a47a71..3fef8e2a0 100644 --- a/nix/tests/expected/roles.out +++ b/nix/tests/expected/roles.out @@ -41,17 +41,15 @@ order by rolname; pgsodium_keyholder | f | f | f | t | f | f | -1 | f | pgsodium_keyiduser | f | f | f | t | f | f | -1 | f | pgsodium_keymaker | f | f | f | t | f | f | -1 | f | - pgtle_admin | f | f | f | t | f | f | -1 | f | postgres | t | t | f | t | t | t | -1 | t | service_role | f | f | f | t | f | f | -1 | t | supabase_admin | t | t | t | t | t | t | -1 | t | supabase_auth_admin | t | t | f | f | f | f | -1 | f | supabase_etl_admin | f | t | f | t | f | t | -1 | f | - supabase_functions_admin | t | t | f | f | f | f | -1 | f | supabase_read_only_user | f | t | f | t | f | f | -1 | t | supabase_replication_admin | f | t | f | t | f | t | -1 | f | supabase_storage_admin | t | t | f | f | f | f | -1 | f | -(30 rows) +(28 rows) select rolname, @@ -81,17 +79,15 @@ order by rolname; pgsodium_keyholder | pgsodium_keyiduser | pgsodium_keymaker | - pgtle_admin | postgres | {"search_path=\"\\$user\", public, extensions"} service_role | supabase_admin | {"search_path=\"$user\", public, auth, extensions",log_statement=none} supabase_auth_admin | {search_path=auth,idle_in_transaction_session_timeout=60000,log_statement=none} supabase_etl_admin | - supabase_functions_admin | supabase_read_only_user | {default_transaction_read_only=on} supabase_replication_admin | supabase_storage_admin | {search_path=storage,log_statement=none} -(30 rows) +(28 rows) -- Check all privileges of the roles on the schemas select schema_name, privilege_type, grantee, default_for @@ -130,398 +126,380 @@ from ( a.privilege_type in ('CREATE', 'USAGE') ) sub order by schema_order, schema_name, privilege_type, grantee, default_for; - schema_name | privilege_type | grantee | default_for ---------------------+----------------+--------------------------+--------------------- - public | CREATE | pg_database_owner | pg_database_owner - public | DELETE | anon | supabase_admin - public | DELETE | anon | postgres - public | DELETE | authenticated | supabase_admin - public | DELETE | authenticated | postgres - public | DELETE | postgres | supabase_admin - public | DELETE | postgres | postgres - public | DELETE | service_role | supabase_admin - public | DELETE | service_role | postgres - public | EXECUTE | anon | supabase_admin - public | EXECUTE | anon | postgres - public | EXECUTE | authenticated | supabase_admin - public | EXECUTE | authenticated | postgres - public | EXECUTE | postgres | supabase_admin - public | EXECUTE | postgres | postgres - public | EXECUTE | service_role | supabase_admin - public | EXECUTE | service_role | postgres - public | INSERT | anon | supabase_admin - public | INSERT | anon | postgres - public | INSERT | authenticated | supabase_admin - public | INSERT | authenticated | postgres - public | INSERT | postgres | supabase_admin - public | INSERT | postgres | postgres - public | INSERT | service_role | supabase_admin - public | INSERT | service_role | postgres - public | REFERENCES | anon | supabase_admin - public | REFERENCES | anon | postgres - public | REFERENCES | authenticated | supabase_admin - public | REFERENCES | authenticated | postgres - public | REFERENCES | postgres | supabase_admin - public | REFERENCES | postgres | postgres - public | REFERENCES | service_role | supabase_admin - public | REFERENCES | service_role | postgres - public | SELECT | anon | supabase_admin - public | SELECT | anon | supabase_admin - public | SELECT | anon | postgres - public | SELECT | anon | postgres - public | SELECT | authenticated | supabase_admin - public | SELECT | authenticated | supabase_admin - public | SELECT | authenticated | postgres - public | SELECT | authenticated | postgres - public | SELECT | postgres | supabase_admin - public | SELECT | postgres | supabase_admin - public | SELECT | postgres | postgres - public | SELECT | postgres | postgres - public | SELECT | service_role | supabase_admin - public | SELECT | service_role | supabase_admin - public | SELECT | service_role | postgres - public | SELECT | service_role | postgres - public | TRIGGER | anon | supabase_admin - public | TRIGGER | anon | postgres - public | TRIGGER | authenticated | supabase_admin - public | TRIGGER | authenticated | postgres - public | TRIGGER | postgres | supabase_admin - public | TRIGGER | postgres | postgres - public | TRIGGER | service_role | supabase_admin - public | TRIGGER | service_role | postgres - public | TRUNCATE | anon | supabase_admin - public | TRUNCATE | anon | postgres - public | TRUNCATE | authenticated | supabase_admin - public | TRUNCATE | authenticated | postgres - public | TRUNCATE | postgres | supabase_admin - public | TRUNCATE | postgres | postgres - public | TRUNCATE | service_role | supabase_admin - public | TRUNCATE | service_role | postgres - public | UPDATE | anon | supabase_admin - public | UPDATE | anon | supabase_admin - public | UPDATE | anon | postgres - public | UPDATE | anon | postgres - public | UPDATE | authenticated | supabase_admin - public | UPDATE | authenticated | supabase_admin - public | UPDATE | authenticated | postgres - public | UPDATE | authenticated | postgres - public | UPDATE | postgres | supabase_admin - public | UPDATE | postgres | supabase_admin - public | UPDATE | postgres | postgres - public | UPDATE | postgres | postgres - public | UPDATE | service_role | supabase_admin - public | UPDATE | service_role | supabase_admin - public | UPDATE | service_role | postgres - public | UPDATE | service_role | postgres - public | USAGE | anon | supabase_admin - public | USAGE | anon | pg_database_owner - public | USAGE | anon | postgres - public | USAGE | authenticated | supabase_admin - public | USAGE | authenticated | pg_database_owner - public | USAGE | authenticated | postgres - public | USAGE | pg_database_owner | pg_database_owner - public | USAGE | postgres | supabase_admin - public | USAGE | postgres | pg_database_owner - public | USAGE | postgres | postgres - public | USAGE | service_role | supabase_admin - public | USAGE | service_role | pg_database_owner - public | USAGE | service_role | postgres - auth | CREATE | dashboard_user | supabase_admin - auth | CREATE | supabase_admin | supabase_admin - auth | CREATE | supabase_auth_admin | supabase_admin - auth | DELETE | dashboard_user | supabase_auth_admin - auth | DELETE | postgres | supabase_auth_admin - auth | EXECUTE | dashboard_user | supabase_auth_admin - auth | EXECUTE | postgres | supabase_auth_admin - auth | INSERT | dashboard_user | supabase_auth_admin - auth | INSERT | postgres | supabase_auth_admin - auth | REFERENCES | dashboard_user | supabase_auth_admin - auth | REFERENCES | postgres | supabase_auth_admin - auth | SELECT | dashboard_user | supabase_auth_admin - auth | SELECT | dashboard_user | supabase_auth_admin - auth | SELECT | postgres | supabase_auth_admin - auth | SELECT | postgres | supabase_auth_admin - auth | TRIGGER | dashboard_user | supabase_auth_admin - auth | TRIGGER | postgres | supabase_auth_admin - auth | TRUNCATE | dashboard_user | supabase_auth_admin - auth | TRUNCATE | postgres | supabase_auth_admin - auth | UPDATE | dashboard_user | supabase_auth_admin - auth | UPDATE | dashboard_user | supabase_auth_admin - auth | UPDATE | postgres | supabase_auth_admin - auth | UPDATE | postgres | supabase_auth_admin - auth | USAGE | anon | supabase_admin - auth | USAGE | authenticated | supabase_admin - auth | USAGE | dashboard_user | supabase_admin - auth | USAGE | dashboard_user | supabase_auth_admin - auth | USAGE | postgres | supabase_admin - auth | USAGE | postgres | supabase_auth_admin - auth | USAGE | service_role | supabase_admin - auth | USAGE | supabase_admin | supabase_admin - auth | USAGE | supabase_auth_admin | supabase_admin - extensions | CREATE | dashboard_user | postgres - extensions | CREATE | postgres | postgres - extensions | DELETE | postgres | supabase_admin - extensions | EXECUTE | postgres | supabase_admin - extensions | INSERT | postgres | supabase_admin - extensions | REFERENCES | postgres | supabase_admin - extensions | SELECT | postgres | supabase_admin - extensions | SELECT | postgres | supabase_admin - extensions | TRIGGER | postgres | supabase_admin - extensions | TRUNCATE | postgres | supabase_admin - extensions | UPDATE | postgres | supabase_admin - extensions | UPDATE | postgres | supabase_admin - extensions | USAGE | anon | postgres - extensions | USAGE | authenticated | postgres - extensions | USAGE | dashboard_user | postgres - extensions | USAGE | postgres | supabase_admin - extensions | USAGE | postgres | postgres - extensions | USAGE | service_role | postgres - graphql | CREATE | supabase_admin | supabase_admin - graphql | DELETE | anon | supabase_admin - graphql | DELETE | authenticated | supabase_admin - graphql | DELETE | postgres | supabase_admin - graphql | DELETE | service_role | supabase_admin - graphql | EXECUTE | anon | supabase_admin - graphql | EXECUTE | authenticated | supabase_admin - graphql | EXECUTE | postgres | supabase_admin - graphql | EXECUTE | service_role | supabase_admin - graphql | INSERT | anon | supabase_admin - graphql | INSERT | authenticated | supabase_admin - graphql | INSERT | postgres | supabase_admin - graphql | INSERT | service_role | supabase_admin - graphql | REFERENCES | anon | supabase_admin - graphql | REFERENCES | authenticated | supabase_admin - graphql | REFERENCES | postgres | supabase_admin - graphql | REFERENCES | service_role | supabase_admin - graphql | SELECT | anon | supabase_admin - graphql | SELECT | anon | supabase_admin - graphql | SELECT | authenticated | supabase_admin - graphql | SELECT | authenticated | supabase_admin - graphql | SELECT | postgres | supabase_admin - graphql | SELECT | postgres | supabase_admin - graphql | SELECT | service_role | supabase_admin - graphql | SELECT | service_role | supabase_admin - graphql | TRIGGER | anon | supabase_admin - graphql | TRIGGER | authenticated | supabase_admin - graphql | TRIGGER | postgres | supabase_admin - graphql | TRIGGER | service_role | supabase_admin - graphql | TRUNCATE | anon | supabase_admin - graphql | TRUNCATE | authenticated | supabase_admin - graphql | TRUNCATE | postgres | supabase_admin - graphql | TRUNCATE | service_role | supabase_admin - graphql | UPDATE | anon | supabase_admin - graphql | UPDATE | anon | supabase_admin - graphql | UPDATE | authenticated | supabase_admin - graphql | UPDATE | authenticated | supabase_admin - graphql | UPDATE | postgres | supabase_admin - graphql | UPDATE | postgres | supabase_admin - graphql | UPDATE | service_role | supabase_admin - graphql | UPDATE | service_role | supabase_admin - graphql | USAGE | anon | supabase_admin - graphql | USAGE | anon | supabase_admin - graphql | USAGE | authenticated | supabase_admin - graphql | USAGE | authenticated | supabase_admin - graphql | USAGE | postgres | supabase_admin - graphql | USAGE | postgres | supabase_admin - graphql | USAGE | service_role | supabase_admin - graphql | USAGE | service_role | supabase_admin - graphql | USAGE | supabase_admin | supabase_admin - graphql_public | CREATE | supabase_admin | supabase_admin - graphql_public | DELETE | anon | supabase_admin - graphql_public | DELETE | authenticated | supabase_admin - graphql_public | DELETE | postgres | supabase_admin - graphql_public | DELETE | service_role | supabase_admin - graphql_public | EXECUTE | anon | supabase_admin - graphql_public | EXECUTE | authenticated | supabase_admin - graphql_public | EXECUTE | postgres | supabase_admin - graphql_public | EXECUTE | service_role | supabase_admin - graphql_public | INSERT | anon | supabase_admin - graphql_public | INSERT | authenticated | supabase_admin - graphql_public | INSERT | postgres | supabase_admin - graphql_public | INSERT | service_role | supabase_admin - graphql_public | REFERENCES | anon | supabase_admin - graphql_public | REFERENCES | authenticated | supabase_admin - graphql_public | REFERENCES | postgres | supabase_admin - graphql_public | REFERENCES | service_role | supabase_admin - graphql_public | SELECT | anon | supabase_admin - graphql_public | SELECT | anon | supabase_admin - graphql_public | SELECT | authenticated | supabase_admin - graphql_public | SELECT | authenticated | supabase_admin - graphql_public | SELECT | postgres | supabase_admin - graphql_public | SELECT | postgres | supabase_admin - graphql_public | SELECT | service_role | supabase_admin - graphql_public | SELECT | service_role | supabase_admin - graphql_public | TRIGGER | anon | supabase_admin - graphql_public | TRIGGER | authenticated | supabase_admin - graphql_public | TRIGGER | postgres | supabase_admin - graphql_public | TRIGGER | service_role | supabase_admin - graphql_public | TRUNCATE | anon | supabase_admin - graphql_public | TRUNCATE | authenticated | supabase_admin - graphql_public | TRUNCATE | postgres | supabase_admin - graphql_public | TRUNCATE | service_role | supabase_admin - graphql_public | UPDATE | anon | supabase_admin - graphql_public | UPDATE | anon | supabase_admin - graphql_public | UPDATE | authenticated | supabase_admin - graphql_public | UPDATE | authenticated | supabase_admin - graphql_public | UPDATE | postgres | supabase_admin - graphql_public | UPDATE | postgres | supabase_admin - graphql_public | UPDATE | service_role | supabase_admin - graphql_public | UPDATE | service_role | supabase_admin - graphql_public | USAGE | anon | supabase_admin - graphql_public | USAGE | anon | supabase_admin - graphql_public | USAGE | authenticated | supabase_admin - graphql_public | USAGE | authenticated | supabase_admin - graphql_public | USAGE | postgres | supabase_admin - graphql_public | USAGE | postgres | supabase_admin - graphql_public | USAGE | service_role | supabase_admin - graphql_public | USAGE | service_role | supabase_admin - graphql_public | USAGE | supabase_admin | supabase_admin - information_schema | CREATE | supabase_admin | supabase_admin - information_schema | USAGE | supabase_admin | supabase_admin - net | CREATE | supabase_admin | supabase_admin - net | USAGE | anon | supabase_admin - net | USAGE | authenticated | supabase_admin - net | USAGE | postgres | supabase_admin - net | USAGE | service_role | supabase_admin - net | USAGE | supabase_admin | supabase_admin - net | USAGE | supabase_functions_admin | supabase_admin - pg_catalog | CREATE | supabase_admin | supabase_admin - pg_catalog | USAGE | supabase_admin | supabase_admin - pgmq | CREATE | supabase_admin | supabase_admin - pgmq | SELECT | pg_monitor | supabase_admin - pgmq | SELECT | pg_monitor | supabase_admin - pgmq | USAGE | pg_monitor | supabase_admin - pgmq | USAGE | supabase_admin | supabase_admin - pgsodium | CREATE | supabase_admin | supabase_admin - pgsodium | DELETE | pgsodium_keyholder | supabase_admin - pgsodium | INSERT | pgsodium_keyholder | supabase_admin - pgsodium | REFERENCES | pgsodium_keyholder | supabase_admin - pgsodium | SELECT | pgsodium_keyholder | supabase_admin - pgsodium | SELECT | pgsodium_keyholder | supabase_admin - pgsodium | TRIGGER | pgsodium_keyholder | supabase_admin - pgsodium | TRUNCATE | pgsodium_keyholder | supabase_admin - pgsodium | UPDATE | pgsodium_keyholder | supabase_admin - pgsodium | UPDATE | pgsodium_keyholder | supabase_admin - pgsodium | USAGE | pgsodium_keyholder | supabase_admin - pgsodium | USAGE | supabase_admin | supabase_admin - pgsodium_masks | CREATE | supabase_admin | supabase_admin - pgsodium_masks | DELETE | pgsodium_keyiduser | supabase_admin - pgsodium_masks | EXECUTE | pgsodium_keyiduser | supabase_admin - pgsodium_masks | INSERT | pgsodium_keyiduser | supabase_admin - pgsodium_masks | REFERENCES | pgsodium_keyiduser | supabase_admin - pgsodium_masks | SELECT | pgsodium_keyiduser | supabase_admin - pgsodium_masks | SELECT | pgsodium_keyiduser | supabase_admin - pgsodium_masks | TRIGGER | pgsodium_keyiduser | supabase_admin - pgsodium_masks | TRUNCATE | pgsodium_keyiduser | supabase_admin - pgsodium_masks | UPDATE | pgsodium_keyiduser | supabase_admin - pgsodium_masks | UPDATE | pgsodium_keyiduser | supabase_admin - pgsodium_masks | USAGE | pgsodium_keyiduser | supabase_admin - pgsodium_masks | USAGE | pgsodium_keyiduser | supabase_admin - pgsodium_masks | USAGE | supabase_admin | supabase_admin - pgtle | CREATE | pgtle_admin | supabase_admin - pgtle | CREATE | supabase_admin | supabase_admin - pgtle | USAGE | pgtle_admin | supabase_admin - pgtle | USAGE | supabase_admin | supabase_admin - realtime | CREATE | supabase_admin | supabase_admin - realtime | DELETE | dashboard_user | supabase_admin - realtime | DELETE | postgres | supabase_admin - realtime | EXECUTE | dashboard_user | supabase_admin - realtime | EXECUTE | postgres | supabase_admin - realtime | INSERT | dashboard_user | supabase_admin - realtime | INSERT | postgres | supabase_admin - realtime | REFERENCES | dashboard_user | supabase_admin - realtime | REFERENCES | postgres | supabase_admin - realtime | SELECT | dashboard_user | supabase_admin - realtime | SELECT | dashboard_user | supabase_admin - realtime | SELECT | postgres | supabase_admin - realtime | SELECT | postgres | supabase_admin - realtime | TRIGGER | dashboard_user | supabase_admin - realtime | TRIGGER | postgres | supabase_admin - realtime | TRUNCATE | dashboard_user | supabase_admin - realtime | TRUNCATE | postgres | supabase_admin - realtime | UPDATE | dashboard_user | supabase_admin - realtime | UPDATE | dashboard_user | supabase_admin - realtime | UPDATE | postgres | supabase_admin - realtime | UPDATE | postgres | supabase_admin - realtime | USAGE | dashboard_user | supabase_admin - realtime | USAGE | postgres | supabase_admin - realtime | USAGE | postgres | supabase_admin - realtime | USAGE | supabase_admin | supabase_admin - repack | CREATE | postgres | supabase_admin - repack | CREATE | supabase_admin | supabase_admin - repack | DELETE | postgres | supabase_admin - repack | INSERT | postgres | supabase_admin - repack | REFERENCES | postgres | supabase_admin - repack | SELECT | postgres | supabase_admin - repack | SELECT | postgres | supabase_admin - repack | TRIGGER | postgres | supabase_admin - repack | TRUNCATE | postgres | supabase_admin - repack | UPDATE | postgres | supabase_admin - repack | UPDATE | postgres | supabase_admin - repack | USAGE | postgres | supabase_admin - repack | USAGE | postgres | supabase_admin - repack | USAGE | supabase_admin | supabase_admin - storage | CREATE | dashboard_user | supabase_admin - storage | CREATE | supabase_admin | supabase_admin - storage | CREATE | supabase_storage_admin | supabase_admin - storage | DELETE | anon | postgres - storage | DELETE | authenticated | postgres - storage | DELETE | postgres | postgres - storage | DELETE | service_role | postgres - storage | EXECUTE | anon | postgres - storage | EXECUTE | authenticated | postgres - storage | EXECUTE | postgres | postgres - storage | EXECUTE | service_role | postgres - storage | INSERT | anon | postgres - storage | INSERT | authenticated | postgres - storage | INSERT | postgres | postgres - storage | INSERT | service_role | postgres - storage | REFERENCES | anon | postgres - storage | REFERENCES | authenticated | postgres - storage | REFERENCES | postgres | postgres - storage | REFERENCES | service_role | postgres - storage | SELECT | anon | postgres - storage | SELECT | anon | postgres - storage | SELECT | authenticated | postgres - storage | SELECT | authenticated | postgres - storage | SELECT | postgres | postgres - storage | SELECT | postgres | postgres - storage | SELECT | service_role | postgres - storage | SELECT | service_role | postgres - storage | TRIGGER | anon | postgres - storage | TRIGGER | authenticated | postgres - storage | TRIGGER | postgres | postgres - storage | TRIGGER | service_role | postgres - storage | TRUNCATE | anon | postgres - storage | TRUNCATE | authenticated | postgres - storage | TRUNCATE | postgres | postgres - storage | TRUNCATE | service_role | postgres - storage | UPDATE | anon | postgres - storage | UPDATE | anon | postgres - storage | UPDATE | authenticated | postgres - storage | UPDATE | authenticated | postgres - storage | UPDATE | postgres | postgres - storage | UPDATE | postgres | postgres - storage | UPDATE | service_role | postgres - storage | UPDATE | service_role | postgres - storage | USAGE | anon | supabase_admin - storage | USAGE | anon | postgres - storage | USAGE | authenticated | supabase_admin - storage | USAGE | authenticated | postgres - storage | USAGE | dashboard_user | supabase_admin - storage | USAGE | postgres | supabase_admin - storage | USAGE | postgres | postgres - storage | USAGE | service_role | supabase_admin - storage | USAGE | service_role | postgres - storage | USAGE | supabase_admin | supabase_admin - storage | USAGE | supabase_storage_admin | supabase_admin - topology | CREATE | supabase_admin | supabase_admin - topology | USAGE | supabase_admin | supabase_admin - vault | CREATE | supabase_admin | supabase_admin - vault | USAGE | postgres | supabase_admin - vault | USAGE | service_role | supabase_admin - vault | USAGE | supabase_admin | supabase_admin -(389 rows) + schema_name | privilege_type | grantee | default_for +--------------------+----------------+------------------------+--------------------- + public | CREATE | pg_database_owner | pg_database_owner + public | DELETE | anon | supabase_admin + public | DELETE | anon | postgres + public | DELETE | authenticated | supabase_admin + public | DELETE | authenticated | postgres + public | DELETE | postgres | supabase_admin + public | DELETE | postgres | postgres + public | DELETE | service_role | supabase_admin + public | DELETE | service_role | postgres + public | EXECUTE | anon | supabase_admin + public | EXECUTE | anon | postgres + public | EXECUTE | authenticated | supabase_admin + public | EXECUTE | authenticated | postgres + public | EXECUTE | postgres | supabase_admin + public | EXECUTE | postgres | postgres + public | EXECUTE | service_role | supabase_admin + public | EXECUTE | service_role | postgres + public | INSERT | anon | supabase_admin + public | INSERT | anon | postgres + public | INSERT | authenticated | supabase_admin + public | INSERT | authenticated | postgres + public | INSERT | postgres | supabase_admin + public | INSERT | postgres | postgres + public | INSERT | service_role | supabase_admin + public | INSERT | service_role | postgres + public | REFERENCES | anon | supabase_admin + public | REFERENCES | anon | postgres + public | REFERENCES | authenticated | supabase_admin + public | REFERENCES | authenticated | postgres + public | REFERENCES | postgres | supabase_admin + public | REFERENCES | postgres | postgres + public | REFERENCES | service_role | supabase_admin + public | REFERENCES | service_role | postgres + public | SELECT | anon | supabase_admin + public | SELECT | anon | supabase_admin + public | SELECT | anon | postgres + public | SELECT | anon | postgres + public | SELECT | authenticated | supabase_admin + public | SELECT | authenticated | supabase_admin + public | SELECT | authenticated | postgres + public | SELECT | authenticated | postgres + public | SELECT | postgres | supabase_admin + public | SELECT | postgres | supabase_admin + public | SELECT | postgres | postgres + public | SELECT | postgres | postgres + public | SELECT | service_role | supabase_admin + public | SELECT | service_role | supabase_admin + public | SELECT | service_role | postgres + public | SELECT | service_role | postgres + public | TRIGGER | anon | supabase_admin + public | TRIGGER | anon | postgres + public | TRIGGER | authenticated | supabase_admin + public | TRIGGER | authenticated | postgres + public | TRIGGER | postgres | supabase_admin + public | TRIGGER | postgres | postgres + public | TRIGGER | service_role | supabase_admin + public | TRIGGER | service_role | postgres + public | TRUNCATE | anon | supabase_admin + public | TRUNCATE | anon | postgres + public | TRUNCATE | authenticated | supabase_admin + public | TRUNCATE | authenticated | postgres + public | TRUNCATE | postgres | supabase_admin + public | TRUNCATE | postgres | postgres + public | TRUNCATE | service_role | supabase_admin + public | TRUNCATE | service_role | postgres + public | UPDATE | anon | supabase_admin + public | UPDATE | anon | supabase_admin + public | UPDATE | anon | postgres + public | UPDATE | anon | postgres + public | UPDATE | authenticated | supabase_admin + public | UPDATE | authenticated | supabase_admin + public | UPDATE | authenticated | postgres + public | UPDATE | authenticated | postgres + public | UPDATE | postgres | supabase_admin + public | UPDATE | postgres | supabase_admin + public | UPDATE | postgres | postgres + public | UPDATE | postgres | postgres + public | UPDATE | service_role | supabase_admin + public | UPDATE | service_role | supabase_admin + public | UPDATE | service_role | postgres + public | UPDATE | service_role | postgres + public | USAGE | anon | supabase_admin + public | USAGE | anon | pg_database_owner + public | USAGE | anon | postgres + public | USAGE | authenticated | supabase_admin + public | USAGE | authenticated | pg_database_owner + public | USAGE | authenticated | postgres + public | USAGE | pg_database_owner | pg_database_owner + public | USAGE | postgres | supabase_admin + public | USAGE | postgres | pg_database_owner + public | USAGE | postgres | postgres + public | USAGE | service_role | supabase_admin + public | USAGE | service_role | pg_database_owner + public | USAGE | service_role | postgres + auth | CREATE | dashboard_user | supabase_admin + auth | CREATE | supabase_admin | supabase_admin + auth | CREATE | supabase_auth_admin | supabase_admin + auth | DELETE | dashboard_user | supabase_auth_admin + auth | DELETE | postgres | supabase_auth_admin + auth | EXECUTE | dashboard_user | supabase_auth_admin + auth | EXECUTE | postgres | supabase_auth_admin + auth | INSERT | dashboard_user | supabase_auth_admin + auth | INSERT | postgres | supabase_auth_admin + auth | REFERENCES | dashboard_user | supabase_auth_admin + auth | REFERENCES | postgres | supabase_auth_admin + auth | SELECT | dashboard_user | supabase_auth_admin + auth | SELECT | dashboard_user | supabase_auth_admin + auth | SELECT | postgres | supabase_auth_admin + auth | SELECT | postgres | supabase_auth_admin + auth | TRIGGER | dashboard_user | supabase_auth_admin + auth | TRIGGER | postgres | supabase_auth_admin + auth | TRUNCATE | dashboard_user | supabase_auth_admin + auth | TRUNCATE | postgres | supabase_auth_admin + auth | UPDATE | dashboard_user | supabase_auth_admin + auth | UPDATE | dashboard_user | supabase_auth_admin + auth | UPDATE | postgres | supabase_auth_admin + auth | UPDATE | postgres | supabase_auth_admin + auth | USAGE | anon | supabase_admin + auth | USAGE | authenticated | supabase_admin + auth | USAGE | dashboard_user | supabase_admin + auth | USAGE | dashboard_user | supabase_auth_admin + auth | USAGE | postgres | supabase_admin + auth | USAGE | postgres | supabase_auth_admin + auth | USAGE | service_role | supabase_admin + auth | USAGE | supabase_admin | supabase_admin + auth | USAGE | supabase_auth_admin | supabase_admin + extensions | CREATE | dashboard_user | postgres + extensions | CREATE | postgres | postgres + extensions | DELETE | postgres | supabase_admin + extensions | EXECUTE | postgres | supabase_admin + extensions | INSERT | postgres | supabase_admin + extensions | REFERENCES | postgres | supabase_admin + extensions | SELECT | postgres | supabase_admin + extensions | SELECT | postgres | supabase_admin + extensions | TRIGGER | postgres | supabase_admin + extensions | TRUNCATE | postgres | supabase_admin + extensions | UPDATE | postgres | supabase_admin + extensions | UPDATE | postgres | supabase_admin + extensions | USAGE | anon | postgres + extensions | USAGE | authenticated | postgres + extensions | USAGE | dashboard_user | postgres + extensions | USAGE | postgres | supabase_admin + extensions | USAGE | postgres | postgres + extensions | USAGE | service_role | postgres + graphql | CREATE | supabase_admin | supabase_admin + graphql | DELETE | anon | supabase_admin + graphql | DELETE | authenticated | supabase_admin + graphql | DELETE | postgres | supabase_admin + graphql | DELETE | service_role | supabase_admin + graphql | EXECUTE | anon | supabase_admin + graphql | EXECUTE | authenticated | supabase_admin + graphql | EXECUTE | postgres | supabase_admin + graphql | EXECUTE | service_role | supabase_admin + graphql | INSERT | anon | supabase_admin + graphql | INSERT | authenticated | supabase_admin + graphql | INSERT | postgres | supabase_admin + graphql | INSERT | service_role | supabase_admin + graphql | REFERENCES | anon | supabase_admin + graphql | REFERENCES | authenticated | supabase_admin + graphql | REFERENCES | postgres | supabase_admin + graphql | REFERENCES | service_role | supabase_admin + graphql | SELECT | anon | supabase_admin + graphql | SELECT | anon | supabase_admin + graphql | SELECT | authenticated | supabase_admin + graphql | SELECT | authenticated | supabase_admin + graphql | SELECT | postgres | supabase_admin + graphql | SELECT | postgres | supabase_admin + graphql | SELECT | service_role | supabase_admin + graphql | SELECT | service_role | supabase_admin + graphql | TRIGGER | anon | supabase_admin + graphql | TRIGGER | authenticated | supabase_admin + graphql | TRIGGER | postgres | supabase_admin + graphql | TRIGGER | service_role | supabase_admin + graphql | TRUNCATE | anon | supabase_admin + graphql | TRUNCATE | authenticated | supabase_admin + graphql | TRUNCATE | postgres | supabase_admin + graphql | TRUNCATE | service_role | supabase_admin + graphql | UPDATE | anon | supabase_admin + graphql | UPDATE | anon | supabase_admin + graphql | UPDATE | authenticated | supabase_admin + graphql | UPDATE | authenticated | supabase_admin + graphql | UPDATE | postgres | supabase_admin + graphql | UPDATE | postgres | supabase_admin + graphql | UPDATE | service_role | supabase_admin + graphql | UPDATE | service_role | supabase_admin + graphql | USAGE | anon | supabase_admin + graphql | USAGE | anon | supabase_admin + graphql | USAGE | authenticated | supabase_admin + graphql | USAGE | authenticated | supabase_admin + graphql | USAGE | postgres | supabase_admin + graphql | USAGE | postgres | supabase_admin + graphql | USAGE | service_role | supabase_admin + graphql | USAGE | service_role | supabase_admin + graphql | USAGE | supabase_admin | supabase_admin + graphql_public | CREATE | supabase_admin | supabase_admin + graphql_public | DELETE | anon | supabase_admin + graphql_public | DELETE | authenticated | supabase_admin + graphql_public | DELETE | postgres | supabase_admin + graphql_public | DELETE | service_role | supabase_admin + graphql_public | EXECUTE | anon | supabase_admin + graphql_public | EXECUTE | authenticated | supabase_admin + graphql_public | EXECUTE | postgres | supabase_admin + graphql_public | EXECUTE | service_role | supabase_admin + graphql_public | INSERT | anon | supabase_admin + graphql_public | INSERT | authenticated | supabase_admin + graphql_public | INSERT | postgres | supabase_admin + graphql_public | INSERT | service_role | supabase_admin + graphql_public | REFERENCES | anon | supabase_admin + graphql_public | REFERENCES | authenticated | supabase_admin + graphql_public | REFERENCES | postgres | supabase_admin + graphql_public | REFERENCES | service_role | supabase_admin + graphql_public | SELECT | anon | supabase_admin + graphql_public | SELECT | anon | supabase_admin + graphql_public | SELECT | authenticated | supabase_admin + graphql_public | SELECT | authenticated | supabase_admin + graphql_public | SELECT | postgres | supabase_admin + graphql_public | SELECT | postgres | supabase_admin + graphql_public | SELECT | service_role | supabase_admin + graphql_public | SELECT | service_role | supabase_admin + graphql_public | TRIGGER | anon | supabase_admin + graphql_public | TRIGGER | authenticated | supabase_admin + graphql_public | TRIGGER | postgres | supabase_admin + graphql_public | TRIGGER | service_role | supabase_admin + graphql_public | TRUNCATE | anon | supabase_admin + graphql_public | TRUNCATE | authenticated | supabase_admin + graphql_public | TRUNCATE | postgres | supabase_admin + graphql_public | TRUNCATE | service_role | supabase_admin + graphql_public | UPDATE | anon | supabase_admin + graphql_public | UPDATE | anon | supabase_admin + graphql_public | UPDATE | authenticated | supabase_admin + graphql_public | UPDATE | authenticated | supabase_admin + graphql_public | UPDATE | postgres | supabase_admin + graphql_public | UPDATE | postgres | supabase_admin + graphql_public | UPDATE | service_role | supabase_admin + graphql_public | UPDATE | service_role | supabase_admin + graphql_public | USAGE | anon | supabase_admin + graphql_public | USAGE | anon | supabase_admin + graphql_public | USAGE | authenticated | supabase_admin + graphql_public | USAGE | authenticated | supabase_admin + graphql_public | USAGE | postgres | supabase_admin + graphql_public | USAGE | postgres | supabase_admin + graphql_public | USAGE | service_role | supabase_admin + graphql_public | USAGE | service_role | supabase_admin + graphql_public | USAGE | supabase_admin | supabase_admin + information_schema | CREATE | supabase_admin | supabase_admin + information_schema | USAGE | supabase_admin | supabase_admin + pg_catalog | CREATE | supabase_admin | supabase_admin + pg_catalog | USAGE | supabase_admin | supabase_admin + pgsodium | CREATE | supabase_admin | supabase_admin + pgsodium | DELETE | pgsodium_keyholder | supabase_admin + pgsodium | INSERT | pgsodium_keyholder | supabase_admin + pgsodium | REFERENCES | pgsodium_keyholder | supabase_admin + pgsodium | SELECT | pgsodium_keyholder | supabase_admin + pgsodium | SELECT | pgsodium_keyholder | supabase_admin + pgsodium | TRIGGER | pgsodium_keyholder | supabase_admin + pgsodium | TRUNCATE | pgsodium_keyholder | supabase_admin + pgsodium | UPDATE | pgsodium_keyholder | supabase_admin + pgsodium | UPDATE | pgsodium_keyholder | supabase_admin + pgsodium | USAGE | pgsodium_keyholder | supabase_admin + pgsodium | USAGE | supabase_admin | supabase_admin + pgsodium_masks | CREATE | supabase_admin | supabase_admin + pgsodium_masks | DELETE | pgsodium_keyiduser | supabase_admin + pgsodium_masks | EXECUTE | pgsodium_keyiduser | supabase_admin + pgsodium_masks | INSERT | pgsodium_keyiduser | supabase_admin + pgsodium_masks | REFERENCES | pgsodium_keyiduser | supabase_admin + pgsodium_masks | SELECT | pgsodium_keyiduser | supabase_admin + pgsodium_masks | SELECT | pgsodium_keyiduser | supabase_admin + pgsodium_masks | TRIGGER | pgsodium_keyiduser | supabase_admin + pgsodium_masks | TRUNCATE | pgsodium_keyiduser | supabase_admin + pgsodium_masks | UPDATE | pgsodium_keyiduser | supabase_admin + pgsodium_masks | UPDATE | pgsodium_keyiduser | supabase_admin + pgsodium_masks | USAGE | pgsodium_keyiduser | supabase_admin + pgsodium_masks | USAGE | pgsodium_keyiduser | supabase_admin + pgsodium_masks | USAGE | supabase_admin | supabase_admin + realtime | CREATE | supabase_admin | supabase_admin + realtime | DELETE | dashboard_user | supabase_admin + realtime | DELETE | postgres | supabase_admin + realtime | EXECUTE | dashboard_user | supabase_admin + realtime | EXECUTE | postgres | supabase_admin + realtime | INSERT | dashboard_user | supabase_admin + realtime | INSERT | postgres | supabase_admin + realtime | REFERENCES | dashboard_user | supabase_admin + realtime | REFERENCES | postgres | supabase_admin + realtime | SELECT | dashboard_user | supabase_admin + realtime | SELECT | dashboard_user | supabase_admin + realtime | SELECT | postgres | supabase_admin + realtime | SELECT | postgres | supabase_admin + realtime | TRIGGER | dashboard_user | supabase_admin + realtime | TRIGGER | postgres | supabase_admin + realtime | TRUNCATE | dashboard_user | supabase_admin + realtime | TRUNCATE | postgres | supabase_admin + realtime | UPDATE | dashboard_user | supabase_admin + realtime | UPDATE | dashboard_user | supabase_admin + realtime | UPDATE | postgres | supabase_admin + realtime | UPDATE | postgres | supabase_admin + realtime | USAGE | dashboard_user | supabase_admin + realtime | USAGE | postgres | supabase_admin + realtime | USAGE | postgres | supabase_admin + realtime | USAGE | supabase_admin | supabase_admin + repack | CREATE | postgres | supabase_admin + repack | CREATE | supabase_admin | supabase_admin + repack | DELETE | postgres | supabase_admin + repack | INSERT | postgres | supabase_admin + repack | REFERENCES | postgres | supabase_admin + repack | SELECT | postgres | supabase_admin + repack | SELECT | postgres | supabase_admin + repack | TRIGGER | postgres | supabase_admin + repack | TRUNCATE | postgres | supabase_admin + repack | UPDATE | postgres | supabase_admin + repack | UPDATE | postgres | supabase_admin + repack | USAGE | postgres | supabase_admin + repack | USAGE | postgres | supabase_admin + repack | USAGE | supabase_admin | supabase_admin + storage | CREATE | dashboard_user | supabase_admin + storage | CREATE | supabase_admin | supabase_admin + storage | CREATE | supabase_storage_admin | supabase_admin + storage | DELETE | anon | postgres + storage | DELETE | authenticated | postgres + storage | DELETE | postgres | postgres + storage | DELETE | service_role | postgres + storage | EXECUTE | anon | postgres + storage | EXECUTE | authenticated | postgres + storage | EXECUTE | postgres | postgres + storage | EXECUTE | service_role | postgres + storage | INSERT | anon | postgres + storage | INSERT | authenticated | postgres + storage | INSERT | postgres | postgres + storage | INSERT | service_role | postgres + storage | REFERENCES | anon | postgres + storage | REFERENCES | authenticated | postgres + storage | REFERENCES | postgres | postgres + storage | REFERENCES | service_role | postgres + storage | SELECT | anon | postgres + storage | SELECT | anon | postgres + storage | SELECT | authenticated | postgres + storage | SELECT | authenticated | postgres + storage | SELECT | postgres | postgres + storage | SELECT | postgres | postgres + storage | SELECT | service_role | postgres + storage | SELECT | service_role | postgres + storage | TRIGGER | anon | postgres + storage | TRIGGER | authenticated | postgres + storage | TRIGGER | postgres | postgres + storage | TRIGGER | service_role | postgres + storage | TRUNCATE | anon | postgres + storage | TRUNCATE | authenticated | postgres + storage | TRUNCATE | postgres | postgres + storage | TRUNCATE | service_role | postgres + storage | UPDATE | anon | postgres + storage | UPDATE | anon | postgres + storage | UPDATE | authenticated | postgres + storage | UPDATE | authenticated | postgres + storage | UPDATE | postgres | postgres + storage | UPDATE | postgres | postgres + storage | UPDATE | service_role | postgres + storage | UPDATE | service_role | postgres + storage | USAGE | anon | supabase_admin + storage | USAGE | anon | postgres + storage | USAGE | authenticated | supabase_admin + storage | USAGE | authenticated | postgres + storage | USAGE | dashboard_user | supabase_admin + storage | USAGE | postgres | supabase_admin + storage | USAGE | postgres | postgres + storage | USAGE | service_role | supabase_admin + storage | USAGE | service_role | postgres + storage | USAGE | supabase_admin | supabase_admin + storage | USAGE | supabase_storage_admin | supabase_admin + vault | CREATE | supabase_admin | supabase_admin + vault | USAGE | postgres | supabase_admin + vault | USAGE | service_role | supabase_admin + vault | USAGE | supabase_admin | supabase_admin +(371 rows) -- postgres can alter API roles' timeout set role postgres; diff --git a/nix/tests/expected/security.out b/nix/tests/expected/security.out index 81b6b8705..5ee79170b 100644 --- a/nix/tests/expected/security.out +++ b/nix/tests/expected/security.out @@ -7,27 +7,27 @@ from pg_catalog.pg_proc p where p.proowner = (select oid from pg_catalog.pg_roles where rolname = 'supabase_admin') and p.prosecdef = true order by 1,2; - nspname | proname ------------+-------------------------------- - graphql | get_schema_version - graphql | increment_schema_version - pgbouncer | get_auth - pgsodium | disable_security_label_trigger - pgsodium | enable_security_label_trigger - pgsodium | get_key_by_id - pgsodium | get_key_by_name - pgsodium | get_named_keys - pgsodium | mask_role - pgsodium | update_mask - public | dblink_connect_u - public | dblink_connect_u - public | pgaudit_ddl_command_end - public | pgaudit_sql_drop - public | st_estimatedextent - public | st_estimatedextent - public | st_estimatedextent - repack | repack_trigger - vault | create_secret - vault | update_secret + nspname | proname +------------+-------------------------------- + extensions | dblink_connect_u + extensions | dblink_connect_u + extensions | pgaudit_ddl_command_end + extensions | pgaudit_sql_drop + extensions | st_estimatedextent + extensions | st_estimatedextent + extensions | st_estimatedextent + graphql | get_schema_version + graphql | increment_schema_version + pgbouncer | get_auth + pgsodium | disable_security_label_trigger + pgsodium | enable_security_label_trigger + pgsodium | get_key_by_id + pgsodium | get_key_by_name + pgsodium | get_named_keys + pgsodium | mask_role + pgsodium | update_mask + repack | repack_trigger + vault | create_secret + vault | update_secret (20 rows) diff --git a/nix/tests/expected/z_15_pg_stat_monitor.out b/nix/tests/expected/z_15_pg_stat_monitor.out index f4d906932..b650fd1ee 100644 --- a/nix/tests/expected/z_15_pg_stat_monitor.out +++ b/nix/tests/expected/z_15_pg_stat_monitor.out @@ -1,3 +1,7 @@ +BEGIN; +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists pg_stat_monitor with schema extensions; select * from @@ -8,3 +12,4 @@ where --------+-------------------+--------+----------+------+---------+-----------+---------------+---------+----------+-------------+-------+----------+--------+------------+-----------+------------------+-----------+----------+---------------+--------+---------+---------+-------+-----------------+---------------+---------------+----------------+------------------+------+-----------------+------------------+---------------------+---------------------+----------------+-----------------+--------------------+--------------------+----------------+-------------------+---------------+----------------+--------------------+---------------------+------------+---------------+--------------+-------------+---------+-----------+-------------+-------+-----------------+---------------+---------------+----------------+------------------+---------------+---------------------+--------------------+-------------------+------------------------+-----------------------+--------------------+------------------- (0 rows) +ROLLBACK; diff --git a/nix/tests/expected/z_15_pgjwt.out b/nix/tests/expected/z_15_pgjwt.out index 8ccdce1d1..163ede6b6 100644 --- a/nix/tests/expected/z_15_pgjwt.out +++ b/nix/tests/expected/z_15_pgjwt.out @@ -1,3 +1,8 @@ +BEGIN; +set client_min_messages = warning; +create schema if not exists extensions; +-- pgjwt depends on pgcrypto for hmac functions +CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA extensions; -- Install pgjwt in extensions schema CREATE EXTENSION IF NOT EXISTS pgjwt WITH SCHEMA extensions; -- Set search path to include extensions schema @@ -24,3 +29,4 @@ select ("{""alg"":""HS256"",""typ"":""JWT""}","{""name"":""Foo""}",t) (1 row) +ROLLBACK; diff --git a/nix/tests/expected/z_15_pgroonga.out b/nix/tests/expected/z_15_pgroonga.out index 5ceeed254..c649e1da0 100644 --- a/nix/tests/expected/z_15_pgroonga.out +++ b/nix/tests/expected/z_15_pgroonga.out @@ -1,3 +1,8 @@ +BEGIN; +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists pgroonga with schema extensions; +create extension if not exists pgroonga_database with schema extensions; create schema v; create table v.roon( id serial primary key, @@ -73,4 +78,4 @@ select * from v.roon where content &@~ 'supports'; (1 row) drop schema v cascade; -NOTICE: drop cascades to table v.roon +ROLLBACK; diff --git a/nix/tests/expected/z_15_pgvector.out b/nix/tests/expected/z_15_pgvector.out index 6564be5f4..770754cb2 100644 --- a/nix/tests/expected/z_15_pgvector.out +++ b/nix/tests/expected/z_15_pgvector.out @@ -1,3 +1,7 @@ +BEGIN; +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists vector with schema extensions; create schema v; create table v.items( id serial primary key, @@ -11,25 +15,13 @@ create index on v.items using hnsw (embedding vector_l2_ops); create index on v.items using hnsw (embedding vector_cosine_ops); create index on v.items using hnsw (embedding vector_l1_ops); create index on v.items using ivfflat (embedding vector_l2_ops); -NOTICE: ivfflat index created with little data -DETAIL: This will cause low recall. -HINT: Drop the index until the table has more data. create index on v.items using ivfflat (embedding vector_cosine_ops); -NOTICE: ivfflat index created with little data -DETAIL: This will cause low recall. -HINT: Drop the index until the table has more data. -- halfvec ops create index on v.items using hnsw (half_embedding halfvec_l2_ops); create index on v.items using hnsw (half_embedding halfvec_cosine_ops); create index on v.items using hnsw (half_embedding halfvec_l1_ops); create index on v.items using ivfflat (half_embedding halfvec_l2_ops); -NOTICE: ivfflat index created with little data -DETAIL: This will cause low recall. -HINT: Drop the index until the table has more data. create index on v.items using ivfflat (half_embedding halfvec_cosine_ops); -NOTICE: ivfflat index created with little data -DETAIL: This will cause low recall. -HINT: Drop the index until the table has more data. -- sparsevec create index on v.items using hnsw (sparse_embedding sparsevec_l2_ops); create index on v.items using hnsw (sparse_embedding sparsevec_cosine_ops); @@ -37,9 +29,6 @@ create index on v.items using hnsw (sparse_embedding sparsevec_l1_ops); -- bit ops create index on v.items using hnsw (bit_embedding bit_hamming_ops); create index on v.items using ivfflat (bit_embedding bit_hamming_ops); -NOTICE: ivfflat index created with little data -DETAIL: This will cause low recall. -HINT: Drop the index until the table has more data. -- Populate some records insert into v.items( embedding, @@ -87,4 +76,4 @@ from -- Cleanup drop schema v cascade; -NOTICE: drop cascades to table v.items +ROLLBACK; diff --git a/nix/tests/expected/z_15_plv8.out b/nix/tests/expected/z_15_plv8.out index bf909f0a8..ea18bea16 100644 --- a/nix/tests/expected/z_15_plv8.out +++ b/nix/tests/expected/z_15_plv8.out @@ -2,8 +2,9 @@ This test is excluded from the Postgres 17 suite because it does not ship with the Supabase PG17 image */ +BEGIN; +set client_min_messages = warning; create extension if not exists plv8; -NOTICE: extension "plv8" already exists, skipping create schema v; -- create a function to perform some JavaScript operations create function v.multiply_numbers(a integer, b integer) @@ -20,4 +21,4 @@ select (1 row) drop schema v cascade; -NOTICE: drop cascades to function v.multiply_numbers(integer,integer) +ROLLBACK; diff --git a/nix/tests/expected/z_15_roles.out b/nix/tests/expected/z_15_roles.out index 1f967bd9a..a8129126e 100644 --- a/nix/tests/expected/z_15_roles.out +++ b/nix/tests/expected/z_15_roles.out @@ -27,14 +27,13 @@ order by postgres | pg_monitor | f postgres | pg_read_all_data | f postgres | pg_signal_backend | f - postgres | pgtle_admin | f postgres | service_role | f supabase_etl_admin | pg_monitor | f supabase_etl_admin | pg_read_all_data | f supabase_read_only_user | pg_monitor | f supabase_read_only_user | pg_read_all_data | f supabase_storage_admin | authenticator | f -(21 rows) +(20 rows) -- Check all privileges of non-superuser roles on functions select diff --git a/nix/tests/expected/z_15_rum.out b/nix/tests/expected/z_15_rum.out index 1296befa7..05d4b5eca 100644 --- a/nix/tests/expected/z_15_rum.out +++ b/nix/tests/expected/z_15_rum.out @@ -1,6 +1,10 @@ /* This extension is excluded from oriole-17 because it uses an unsupported index type */ +BEGIN; +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists rum with schema extensions; create schema v; create table v.test_rum( t text, @@ -38,4 +42,4 @@ order by (3 rows) drop schema v cascade; -NOTICE: drop cascades to table v.test_rum +ROLLBACK; diff --git a/nix/tests/expected/z_15_timescale.out b/nix/tests/expected/z_15_timescale.out index d0c0f2fcb..e72ef3da1 100644 --- a/nix/tests/expected/z_15_timescale.out +++ b/nix/tests/expected/z_15_timescale.out @@ -2,8 +2,9 @@ This test is excluded from the Postgres 17 suite because it does not ship with the Supabase PG17 image */ +BEGIN; +set client_min_messages = warning; create extension if not exists timescaledb; -NOTICE: extension "timescaledb" already exists, skipping -- Confirm we're running the apache version show timescaledb.license; timescaledb.license @@ -47,7 +48,4 @@ from -- Drop schema v and all its entities drop schema v cascade; -NOTICE: drop cascades to 3 other objects -DETAIL: drop cascades to table v.sensor_data -drop cascades to table _timescaledb_internal._hyper_1_1_chunk -drop cascades to table _timescaledb_internal._hyper_1_2_chunk +ROLLBACK; diff --git a/nix/tests/expected/z_17_pg_stat_monitor.out b/nix/tests/expected/z_17_pg_stat_monitor.out index 8b90c12fc..b6c7f680f 100644 --- a/nix/tests/expected/z_17_pg_stat_monitor.out +++ b/nix/tests/expected/z_17_pg_stat_monitor.out @@ -1,10 +1,15 @@ +BEGIN; +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists pg_stat_monitor with schema extensions; select * from - pg_stat_monitor + extensions.pg_stat_monitor where false; bucket | bucket_start_time | userid | username | dbid | datname | client_ip | pgsm_query_id | queryid | toplevel | top_queryid | query | comments | planid | query_plan | top_query | application_name | relations | cmd_type | cmd_type_text | elevel | sqlcode | message | calls | total_exec_time | min_exec_time | max_exec_time | mean_exec_time | stddev_exec_time | rows | shared_blks_hit | shared_blks_read | shared_blks_dirtied | shared_blks_written | local_blks_hit | local_blks_read | local_blks_dirtied | local_blks_written | temp_blks_read | temp_blks_written | shared_blk_read_time | shared_blk_write_time | local_blk_read_time | local_blk_write_time | temp_blk_read_time | temp_blk_write_time | resp_calls | cpu_user_time | cpu_sys_time | wal_records | wal_fpi | wal_bytes | bucket_done | plans | total_plan_time | min_plan_time | max_plan_time | mean_plan_time | stddev_plan_time | jit_functions | jit_generation_time | jit_inlining_count | jit_inlining_time | jit_optimization_count | jit_optimization_time | jit_emission_count | jit_emission_time | jit_deform_count | jit_deform_time | stats_since | minmax_stats_since --------+-------------------+--------+----------+------+---------+-----------+---------------+---------+----------+-------------+-------+----------+--------+------------+-----------+------------------+-----------+----------+---------------+--------+---------+---------+-------+-----------------+---------------+---------------+----------------+------------------+------+-----------------+------------------+---------------------+---------------------+----------------+-----------------+--------------------+--------------------+----------------+-------------------+----------------------+-----------------------+---------------------+----------------------+--------------------+---------------------+------------+---------------+--------------+-------------+---------+-----------+-------------+-------+-----------------+---------------+---------------+----------------+------------------+---------------+---------------------+--------------------+-------------------+------------------------+-----------------------+--------------------+-------------------+------------------+-----------------+-------------+-------------------- (0 rows) +ROLLBACK; diff --git a/nix/tests/expected/z_17_pgvector.out b/nix/tests/expected/z_17_pgvector.out index 2c1cb1007..fbae83063 100644 --- a/nix/tests/expected/z_17_pgvector.out +++ b/nix/tests/expected/z_17_pgvector.out @@ -1,6 +1,10 @@ /* This test excludes indexes shipped with pgvector because orioledb doesn't support them yet */ +BEGIN; +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists vector with schema extensions; create schema v; create table v.items( id serial primary key, @@ -56,4 +60,4 @@ from -- Cleanup drop schema v cascade; -NOTICE: drop cascades to table v.items +ROLLBACK; diff --git a/nix/tests/expected/z_17_roles.out b/nix/tests/expected/z_17_roles.out index 5f598da16..66d4b8a81 100644 --- a/nix/tests/expected/z_17_roles.out +++ b/nix/tests/expected/z_17_roles.out @@ -1,3 +1,10 @@ +-- Create pg_tle to ensure pgtle_admin role exists +-- This matches production where users can create pg_tle extension +BEGIN; +set client_min_messages = warning; +create schema if not exists extensions; +-- pg_tle is non-relocatable and automatically creates the pgtle schema +create extension if not exists pg_tle; -- version-specific roles and attributes select rolname, @@ -195,3 +202,5 @@ order by object_name, grantee, privilege_type; pg_catalog | pg_reload_conf | postgres | EXECUTE (13 rows) +-- Rollback to clean up pg_tle extension +ROLLBACK; diff --git a/nix/tests/expected/z_17_rum.out b/nix/tests/expected/z_17_rum.out index 1296befa7..05d4b5eca 100644 --- a/nix/tests/expected/z_17_rum.out +++ b/nix/tests/expected/z_17_rum.out @@ -1,6 +1,10 @@ /* This extension is excluded from oriole-17 because it uses an unsupported index type */ +BEGIN; +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists rum with schema extensions; create schema v; create table v.test_rum( t text, @@ -38,4 +42,4 @@ order by (3 rows) drop schema v cascade; -NOTICE: drop cascades to table v.test_rum +ROLLBACK; diff --git a/nix/tests/expected/z_orioledb-17_pg_stat_monitor.out b/nix/tests/expected/z_orioledb-17_pg_stat_monitor.out index 8b90c12fc..b6c7f680f 100644 --- a/nix/tests/expected/z_orioledb-17_pg_stat_monitor.out +++ b/nix/tests/expected/z_orioledb-17_pg_stat_monitor.out @@ -1,10 +1,15 @@ +BEGIN; +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists pg_stat_monitor with schema extensions; select * from - pg_stat_monitor + extensions.pg_stat_monitor where false; bucket | bucket_start_time | userid | username | dbid | datname | client_ip | pgsm_query_id | queryid | toplevel | top_queryid | query | comments | planid | query_plan | top_query | application_name | relations | cmd_type | cmd_type_text | elevel | sqlcode | message | calls | total_exec_time | min_exec_time | max_exec_time | mean_exec_time | stddev_exec_time | rows | shared_blks_hit | shared_blks_read | shared_blks_dirtied | shared_blks_written | local_blks_hit | local_blks_read | local_blks_dirtied | local_blks_written | temp_blks_read | temp_blks_written | shared_blk_read_time | shared_blk_write_time | local_blk_read_time | local_blk_write_time | temp_blk_read_time | temp_blk_write_time | resp_calls | cpu_user_time | cpu_sys_time | wal_records | wal_fpi | wal_bytes | bucket_done | plans | total_plan_time | min_plan_time | max_plan_time | mean_plan_time | stddev_plan_time | jit_functions | jit_generation_time | jit_inlining_count | jit_inlining_time | jit_optimization_count | jit_optimization_time | jit_emission_count | jit_emission_time | jit_deform_count | jit_deform_time | stats_since | minmax_stats_since --------+-------------------+--------+----------+------+---------+-----------+---------------+---------+----------+-------------+-------+----------+--------+------------+-----------+------------------+-----------+----------+---------------+--------+---------+---------+-------+-----------------+---------------+---------------+----------------+------------------+------+-----------------+------------------+---------------------+---------------------+----------------+-----------------+--------------------+--------------------+----------------+-------------------+----------------------+-----------------------+---------------------+----------------------+--------------------+---------------------+------------+---------------+--------------+-------------+---------+-----------+-------------+-------+-----------------+---------------+---------------+----------------+------------------+---------------+---------------------+--------------------+-------------------+------------------------+-----------------------+--------------------+-------------------+------------------+-----------------+-------------+-------------------- (0 rows) +ROLLBACK; diff --git a/nix/tests/expected/z_orioledb-17_pgvector.out b/nix/tests/expected/z_orioledb-17_pgvector.out index 2c1cb1007..fbae83063 100644 --- a/nix/tests/expected/z_orioledb-17_pgvector.out +++ b/nix/tests/expected/z_orioledb-17_pgvector.out @@ -1,6 +1,10 @@ /* This test excludes indexes shipped with pgvector because orioledb doesn't support them yet */ +BEGIN; +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists vector with schema extensions; create schema v; create table v.items( id serial primary key, @@ -56,4 +60,4 @@ from -- Cleanup drop schema v cascade; -NOTICE: drop cascades to table v.items +ROLLBACK; diff --git a/nix/tests/prime-production.sql b/nix/tests/prime-production.sql new file mode 100644 index 000000000..7de1cf839 --- /dev/null +++ b/nix/tests/prime-production.sql @@ -0,0 +1,30 @@ +-- Prime script for production-like setup (Phase 2: pg_regress tests) +-- This matches the initial state of a production Supabase instance +-- Only the default extensions that are enabled on project deployment are created here +-- All other extensions are created by individual test files within BEGIN/ROLLBACK blocks + +-- disable notice messages because they differ between 15 and 17 +set client_min_messages = warning; + +-- Production default extensions (enabled on every new Supabase project) +-- These match what customers see when their project is first deployed + +create extension if not exists "uuid-ossp" with schema extensions; +create extension if not exists pgcrypto with schema extensions; +create extension if not exists pg_graphql with schema graphql; +create extension if not exists pg_stat_statements with schema extensions; + +-- Additional extensions commonly used in production that need security vetting +-- These create SECURITY DEFINER functions that must be validated by the security test +create extension if not exists dblink with schema extensions; +create extension if not exists pgaudit with schema extensions; +create extension if not exists postgis with schema extensions; +create extension if not exists pg_repack with schema extensions; + +-- pgsodium is non-relocatable (schema = pgsodium) and creates SECURITY DEFINER functions +-- Note: vault 0.3.0+ removed pgsodium dependency, so migration only creates pgsodium for vault 0.2.8 +-- We create it here explicitly for testing pgsodium's SECURITY DEFINER functions +create extension if not exists pgsodium; + +-- Note: plpgsql is already installed by default in PostgreSQL (pg_catalog schema) +-- Note: supabase_vault is created by migrations (20221207154255_create_pgsodium_and_vault.sql) diff --git a/nix/tests/prime.sql b/nix/tests/prime.sql index 5ae47444e..119cdf71c 100644 --- a/nix/tests/prime.sql +++ b/nix/tests/prime.sql @@ -1,4 +1,4 @@ --- disable notice messages becuase they differ between 15 and 17 +-- disable notice messages because they differ between 15 and 17 set client_min_messages = warning; -- CREATE ROLE anon; -- CREATE ROLE authenticated; diff --git a/nix/tests/sql/evtrigs.sql b/nix/tests/sql/evtrigs.sql index cfbb201aa..78895693d 100644 --- a/nix/tests/sql/evtrigs.sql +++ b/nix/tests/sql/evtrigs.sql @@ -1,3 +1,7 @@ +BEGIN; + +set client_min_messages = warning; + select e.evtname, e.evtowner::regrole as evtowner, @@ -10,3 +14,4 @@ join pg_proc p join pg_namespace n_func on p.pronamespace = n_func.oid where p.prorettype = 'event_trigger'::regtype; +ROLLBACK; diff --git a/nix/tests/sql/extensions_schema.sql b/nix/tests/sql/extensions_schema.sql index f3d0b3528..d49d9c904 100644 --- a/nix/tests/sql/extensions_schema.sql +++ b/nix/tests/sql/extensions_schema.sql @@ -1,3 +1,7 @@ +BEGIN; + +set client_min_messages = warning; + -- all default extensions are installed in a schema "extensions" -- we don't include the version as that will break often, we only care about -- ensuring these extensions are present @@ -13,3 +17,4 @@ where n.nspname = 'extensions' and e.extname != 'pgjwt' order by e.extname; +ROLLBACK; diff --git a/nix/tests/sql/http.sql b/nix/tests/sql/http.sql index df80feb52..a384b405f 100644 --- a/nix/tests/sql/http.sql +++ b/nix/tests/sql/http.sql @@ -1,6 +1,11 @@ -- Test for http extension -- Basic HTTP functionality tests +BEGIN; + +set client_min_messages = warning; +create extension if not exists http with schema extensions; + -- Test basic HTTP GET request SELECT status FROM http_get('http://localhost:' || (SELECT value FROM test_config WHERE key = 'http_mock_port') || '/get'); @@ -63,3 +68,5 @@ SELECT status FROM http(( -- Test URL encoding SELECT status FROM http_get('http://localhost:' || (SELECT value FROM test_config WHERE key = 'http_mock_port') || '/anything?param=value%20with%20spaces&another=123'); + +ROLLBACK; diff --git a/nix/tests/sql/hypopg.sql b/nix/tests/sql/hypopg.sql index 6aabb6950..3be1912dc 100644 --- a/nix/tests/sql/hypopg.sql +++ b/nix/tests/sql/hypopg.sql @@ -1,3 +1,8 @@ +BEGIN; + +set client_min_messages = warning; +create extension if not exists hypopg with schema extensions; + create schema v; create table v.samp( @@ -10,4 +15,6 @@ $$); drop schema v cascade; +ROLLBACK; + diff --git a/nix/tests/sql/index_advisor.sql b/nix/tests/sql/index_advisor.sql index 3911d6eb5..40b15ce51 100644 --- a/nix/tests/sql/index_advisor.sql +++ b/nix/tests/sql/index_advisor.sql @@ -1,3 +1,9 @@ +BEGIN; + +set client_min_messages = warning; +create extension if not exists hypopg with schema extensions; +create extension if not exists index_advisor with schema extensions; + create schema v; create table v.book( @@ -11,3 +17,5 @@ from index_advisor('select id from v.book where title = $1'); drop schema v cascade; + +ROLLBACK; diff --git a/nix/tests/sql/pg_hashids.sql b/nix/tests/sql/pg_hashids.sql index 1b82eeead..1488f8704 100644 --- a/nix/tests/sql/pg_hashids.sql +++ b/nix/tests/sql/pg_hashids.sql @@ -1,6 +1,13 @@ +BEGIN; + +set client_min_messages = warning; +create extension if not exists pg_hashids with schema extensions; + select id_encode(1001); -- Result: jNl select id_encode(1234567, 'This is my salt'); -- Result: Pdzxp select id_encode(1234567, 'This is my salt', 10); -- Result: PlRPdzxpR7 select id_encode(1234567, 'This is my salt', 10, 'abcdefghijABCDxFGHIJ1234567890'); -- Result: 3GJ956J9B9 select id_decode('PlRPdzxpR7', 'This is my salt', 10); -- Result: 1234567 select id_decode('3GJ956J9B9', 'This is my salt', 10, 'abcdefghijABCDxFGHIJ1234567890'); -- Result: 1234567 + +ROLLBACK; diff --git a/nix/tests/sql/pg_jsonschema.sql b/nix/tests/sql/pg_jsonschema.sql index f5d7c8c77..67e70c18b 100644 --- a/nix/tests/sql/pg_jsonschema.sql +++ b/nix/tests/sql/pg_jsonschema.sql @@ -1,5 +1,8 @@ begin; +set client_min_messages = warning; +create extension if not exists pg_jsonschema with schema extensions; + -- Test json_matches_schema create table customer( id serial primary key, diff --git a/nix/tests/sql/pg_net.sql b/nix/tests/sql/pg_net.sql index bf44db5a3..339628018 100644 --- a/nix/tests/sql/pg_net.sql +++ b/nix/tests/sql/pg_net.sql @@ -1,3 +1,8 @@ +BEGIN; + +set client_min_messages = warning; +create extension if not exists pg_net with schema extensions; + -- This is a very basic test because you can't get the value returned -- by a pg_net request in the same transaction that created it; @@ -5,3 +10,5 @@ select net.http_get ( 'https://postman-echo.com/get?foo1=bar1&foo2=bar2' ) as request_id; + +ROLLBACK; diff --git a/nix/tests/sql/pg_tle.sql b/nix/tests/sql/pg_tle.sql index 2f6d71a05..6c4019e29 100644 --- a/nix/tests/sql/pg_tle.sql +++ b/nix/tests/sql/pg_tle.sql @@ -1,4 +1,8 @@ +BEGIN; + set client_min_messages = warning; +create schema if not exists pgtle; +create extension if not exists pg_tle with schema pgtle; select pgtle.install_extension( @@ -67,7 +71,4 @@ drop extension pg_distance; select pgtle.uninstall_extension('pg_distance'); --- Restore original state if any of the above fails -drop extension pg_tle cascade; - -create extension pg_tle; +ROLLBACK; diff --git a/nix/tests/sql/pgmq.sql b/nix/tests/sql/pgmq.sql index ef2d6d31d..b003d7fa7 100644 --- a/nix/tests/sql/pgmq.sql +++ b/nix/tests/sql/pgmq.sql @@ -1,3 +1,8 @@ +BEGIN; + +set client_min_messages = warning; +create extension if not exists pgmq; -- pgmq is non-relocatable (schema = 'pgmq') + -- Test the standard flow select pgmq.create('Foo'); @@ -81,9 +86,18 @@ select -- Make sure SQLI enabling characters are blocked +-- Use savepoints to test error conditions without aborting the transaction +SAVEPOINT test_invalid_names_1; select pgmq.create('F--oo'); +ROLLBACK TO SAVEPOINT test_invalid_names_1; + +SAVEPOINT test_invalid_names_2; select pgmq.create('F$oo'); +ROLLBACK TO SAVEPOINT test_invalid_names_2; + +SAVEPOINT test_invalid_names_3; select pgmq.create($$F'oo$$); +ROLLBACK TO SAVEPOINT test_invalid_names_3; \echo -- pgmq schema functions with owners (ownership is modified on ansible/files/postgresql_extension_custom_scripts/pgmq/after-create.sql) @@ -104,3 +118,5 @@ order by -- assert search_path is preserved after after-create script is run show search_path; + +ROLLBACK; \ No newline at end of file diff --git a/nix/tests/sql/pgroonga.sql b/nix/tests/sql/pgroonga.sql index 503f2665c..9890cc893 100644 --- a/nix/tests/sql/pgroonga.sql +++ b/nix/tests/sql/pgroonga.sql @@ -1,3 +1,10 @@ +BEGIN; + +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists pgroonga with schema extensions; +create extension if not exists pgroonga_database with schema extensions; + create schema v; create table v.roon( @@ -46,3 +53,5 @@ select * from v.roon where content &@~ 'supports'; drop schema v cascade; + +ROLLBACK; diff --git a/nix/tests/sql/pgrouting.sql b/nix/tests/sql/pgrouting.sql index e3af5621c..61052ff33 100644 --- a/nix/tests/sql/pgrouting.sql +++ b/nix/tests/sql/pgrouting.sql @@ -1,3 +1,9 @@ +BEGIN; + +set client_min_messages = warning; +create extension if not exists pgrouting with schema extensions; +create extension if not exists postgis with schema extensions; + create schema v; -- create the roads table @@ -24,4 +30,4 @@ select * from pgr_dijkstra( ); drop schema v cascade; - +ROLLBACK; diff --git a/nix/tests/sql/pgtap.sql b/nix/tests/sql/pgtap.sql index b99976a25..aecf00930 100644 --- a/nix/tests/sql/pgtap.sql +++ b/nix/tests/sql/pgtap.sql @@ -1,5 +1,8 @@ begin; +set client_min_messages = warning; +create extension if not exists pgtap with schema extensions; + select plan(1); -- Run the tests. diff --git a/nix/tests/sql/plpgsql-check.sql b/nix/tests/sql/plpgsql-check.sql index d54d2c45e..7c2bac76e 100644 --- a/nix/tests/sql/plpgsql-check.sql +++ b/nix/tests/sql/plpgsql-check.sql @@ -1,3 +1,8 @@ +BEGIN; + +set client_min_messages = warning; +create extension if not exists plpgsql_check with schema extensions; + create schema v; create table v.t1( @@ -24,3 +29,4 @@ select * from v.f1(); select * from plpgsql_check_function('v.f1()'); drop schema v cascade; +ROLLBACK; diff --git a/nix/tests/sql/postgres_fdw.sql b/nix/tests/sql/postgres_fdw.sql index 9cacd7d5e..ba3a0debb 100644 --- a/nix/tests/sql/postgres_fdw.sql +++ b/nix/tests/sql/postgres_fdw.sql @@ -12,6 +12,9 @@ https://github.com/supabase/postgres/blob/a638c6fce0baf90b654e762eddcdac1bc8df01 begin; +-- Create the extension within the test (matches production pattern) +create extension if not exists postgres_fdw with schema extensions; + -- Switch to the postgres role (non-superuser) to test supautils behavior set role postgres; diff --git a/nix/tests/sql/z_15_ext_interface.sql b/nix/tests/sql/z_15_ext_interface.sql index 187d3e374..26b3e56e8 100644 --- a/nix/tests/sql/z_15_ext_interface.sql +++ b/nix/tests/sql/z_15_ext_interface.sql @@ -6,12 +6,108 @@ that emerge as versions change. */ +-- Create all extensions within a transaction +-- This matches production behavior where users create extensions as needed +-- Supautils will automatically enforce schema rules and run after-create scripts + +BEGIN; + +-- disable notice messages because they differ between 15 and 17 +set client_min_messages = warning; + +-- Create required schemas for relocatable extensions +-- Non-relocatable extensions (pg_tle, pgsodium, supabase_vault, pg_graphql) +-- automatically create their own schemas +create schema if not exists extensions; +create schema if not exists topology; +create schema if not exists tiger; + +-- Privileged extensions -> extensions schema (enforced by supautils) +create extension if not exists address_standardizer with schema extensions; +create extension if not exists address_standardizer_data_us with schema extensions; +create extension if not exists autoinc with schema extensions; +create extension if not exists bloom with schema extensions; +create extension if not exists btree_gin with schema extensions; +create extension if not exists btree_gist with schema extensions; +create extension if not exists citext with schema extensions; +create extension if not exists cube with schema extensions; +create extension if not exists dblink with schema extensions; +create extension if not exists dict_int with schema extensions; +create extension if not exists dict_xsyn with schema extensions; +create extension if not exists earthdistance with schema extensions; +create extension if not exists fuzzystrmatch with schema extensions; +create extension if not exists http with schema extensions; +create extension if not exists hstore with schema extensions; +create extension if not exists hypopg with schema extensions; +create extension if not exists index_advisor with schema extensions; +create extension if not exists insert_username with schema extensions; +create extension if not exists intarray with schema extensions; +create extension if not exists isn with schema extensions; +create extension if not exists ltree with schema extensions; +create extension if not exists moddatetime with schema extensions; +create extension if not exists pg_buffercache with schema extensions; +create extension if not exists pg_net with schema extensions; +create extension if not exists pg_hashids with schema extensions; +create extension if not exists pg_prewarm with schema extensions; +create extension if not exists pg_jsonschema with schema extensions; +create extension if not exists pg_repack with schema extensions; +create extension if not exists pg_stat_monitor with schema extensions; +create extension if not exists pg_tle; +create extension if not exists pg_trgm with schema extensions; +create extension if not exists pg_walinspect with schema extensions; +create extension if not exists pgaudit with schema extensions; +create extension if not exists pgtap with schema extensions; +create extension if not exists pgroonga with schema extensions; +create extension if not exists pgroonga_database with schema extensions; +create extension if not exists pgsodium; +create extension if not exists pgrowlocks with schema extensions; +create extension if not exists pgstattuple with schema extensions; +create extension if not exists plpgsql_check with schema extensions; +create extension if not exists postgis with schema extensions; +create extension if not exists postgis_raster with schema extensions; +create extension if not exists postgis_sfcgal with schema extensions; +create extension if not exists postgis_topology with schema topology; +create extension if not exists pgrouting with schema extensions; +create extension if not exists postgres_fdw with schema extensions; +create extension if not exists rum with schema extensions; +create extension if not exists refint with schema extensions; +create extension if not exists seg with schema extensions; +create extension if not exists sslinfo with schema extensions; +create extension if not exists supabase_vault; +create extension if not exists tablefunc with schema extensions; +create extension if not exists tcn with schema extensions; +create extension if not exists tsm_system_rows with schema extensions; +create extension if not exists unaccent with schema extensions; +create extension if not exists vector with schema extensions; +create extension if not exists wrappers with schema extensions; + +-- Non-privileged extensions (use their natural default schemas) +create extension if not exists amcheck; +create extension if not exists file_fdw; +create extension if not exists intagg; +create extension if not exists lo; +create extension if not exists pageinspect; +create extension if not exists pg_freespacemap; +create extension if not exists pgmq; +create extension if not exists pg_surgery with schema pg_catalog; -- non-relocatable +create extension if not exists pg_visibility; +create extension if not exists xml2; + +-- PG15-specific extensions +create extension if not exists adminpack; +create extension if not exists plv8; -- plv8 is non-relocatable (schema = 'pg_catalog') +create extension if not exists plcoffee; -- plcoffee is non-relocatable (schema = 'pg_catalog') +create extension if not exists plls; -- plls is non-relocatable (schema = 'pg_catalog') +create extension if not exists old_snapshot; +create extension if not exists timescaledb with schema extensions; +create extension if not exists postgis_tiger_geocoder with schema tiger; +create extension if not exists pgjwt with schema extensions; /* List all extensions that are not enabled If a new entry shows up in this list, that means a new extension has been -added and you should `create extension ...` to enable it in ./nix/tests/prime +added and you should create extension above */ create extension if not exists adminpack; @@ -120,3 +216,6 @@ order by n.nspname, pc.relname, pa.attname; + +-- Rollback to clean up all extensions created in this test +ROLLBACK; diff --git a/nix/tests/sql/z_15_pg_stat_monitor.sql b/nix/tests/sql/z_15_pg_stat_monitor.sql index 69d996be8..d2ce3f0d1 100644 --- a/nix/tests/sql/z_15_pg_stat_monitor.sql +++ b/nix/tests/sql/z_15_pg_stat_monitor.sql @@ -1,6 +1,14 @@ +BEGIN; + +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists pg_stat_monitor with schema extensions; + select * from pg_stat_monitor where false; + +ROLLBACK; diff --git a/nix/tests/sql/z_15_pgjwt.sql b/nix/tests/sql/z_15_pgjwt.sql index d6b488635..43d84305f 100644 --- a/nix/tests/sql/z_15_pgjwt.sql +++ b/nix/tests/sql/z_15_pgjwt.sql @@ -1,3 +1,11 @@ +BEGIN; + +set client_min_messages = warning; +create schema if not exists extensions; + +-- pgjwt depends on pgcrypto for hmac functions +CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA extensions; + -- Install pgjwt in extensions schema CREATE EXTENSION IF NOT EXISTS pgjwt WITH SCHEMA extensions; @@ -17,3 +25,5 @@ select secret := 'secret', algorithm := 'HS256' ); + +ROLLBACK; diff --git a/nix/tests/sql/z_15_pgvector.sql b/nix/tests/sql/z_15_pgvector.sql index f2de30572..4a2cbe100 100644 --- a/nix/tests/sql/z_15_pgvector.sql +++ b/nix/tests/sql/z_15_pgvector.sql @@ -1,3 +1,9 @@ +BEGIN; + +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists vector with schema extensions; + create schema v; create table v.items( @@ -70,3 +76,5 @@ from -- Cleanup drop schema v cascade; + +ROLLBACK; diff --git a/nix/tests/sql/z_15_plv8.sql b/nix/tests/sql/z_15_plv8.sql index 044d69cf9..cf7743348 100644 --- a/nix/tests/sql/z_15_plv8.sql +++ b/nix/tests/sql/z_15_plv8.sql @@ -2,6 +2,9 @@ This test is excluded from the Postgres 17 suite because it does not ship with the Supabase PG17 image */ +BEGIN; + +set client_min_messages = warning; create extension if not exists plv8; create schema v; @@ -18,3 +21,5 @@ select v.multiply_numbers(3, 4); drop schema v cascade; + +ROLLBACK; diff --git a/nix/tests/sql/z_15_rum.sql b/nix/tests/sql/z_15_rum.sql index 6ae945975..94e930d3e 100644 --- a/nix/tests/sql/z_15_rum.sql +++ b/nix/tests/sql/z_15_rum.sql @@ -1,6 +1,12 @@ /* This extension is excluded from oriole-17 because it uses an unsupported index type */ +BEGIN; + +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists rum with schema extensions; + create schema v; create table v.test_rum( @@ -38,3 +44,5 @@ order by drop schema v cascade; + +ROLLBACK; diff --git a/nix/tests/sql/z_15_timescale.sql b/nix/tests/sql/z_15_timescale.sql index fd29bb17c..be396d9e7 100644 --- a/nix/tests/sql/z_15_timescale.sql +++ b/nix/tests/sql/z_15_timescale.sql @@ -2,6 +2,9 @@ This test is excluded from the Postgres 17 suite because it does not ship with the Supabase PG17 image */ +BEGIN; + +set client_min_messages = warning; create extension if not exists timescaledb; -- Confirm we're running the apache version @@ -37,3 +40,5 @@ from -- Drop schema v and all its entities drop schema v cascade; +ROLLBACK; + diff --git a/nix/tests/sql/z_17_ext_interface.sql b/nix/tests/sql/z_17_ext_interface.sql index a9d44c2ab..65e6f7052 100644 --- a/nix/tests/sql/z_17_ext_interface.sql +++ b/nix/tests/sql/z_17_ext_interface.sql @@ -6,12 +6,97 @@ that emerge as versions change. */ +-- Create all extensions within a transaction +-- This matches production behavior where users create extensions as needed +-- Supautils will automatically enforce schema rules and run after-create scripts + +BEGIN; + +-- disable notice messages because they differ between 15 and 17 +set client_min_messages = warning; + +-- Create required schemas for relocatable extensions +-- Non-relocatable extensions (pg_tle, pgsodium, supabase_vault, pg_graphql) +-- automatically create their own schemas +create schema if not exists extensions; +create schema if not exists topology; + +-- Privileged extensions -> extensions schema (enforced by supautils) +create extension if not exists address_standardizer with schema extensions; +create extension if not exists address_standardizer_data_us with schema extensions; +create extension if not exists autoinc with schema extensions; +create extension if not exists bloom with schema extensions; +create extension if not exists btree_gin with schema extensions; +create extension if not exists btree_gist with schema extensions; +create extension if not exists citext with schema extensions; +create extension if not exists cube with schema extensions; +create extension if not exists dblink with schema extensions; +create extension if not exists dict_int with schema extensions; +create extension if not exists dict_xsyn with schema extensions; +create extension if not exists earthdistance with schema extensions; +create extension if not exists fuzzystrmatch with schema extensions; +create extension if not exists http with schema extensions; +create extension if not exists hstore with schema extensions; +create extension if not exists hypopg with schema extensions; +create extension if not exists index_advisor with schema extensions; +create extension if not exists insert_username with schema extensions; +create extension if not exists intarray with schema extensions; +create extension if not exists isn with schema extensions; +create extension if not exists ltree with schema extensions; +create extension if not exists moddatetime with schema extensions; +create extension if not exists pg_buffercache with schema extensions; +create extension if not exists pg_net with schema extensions; +create extension if not exists pg_hashids with schema extensions; +create extension if not exists pg_prewarm with schema extensions; +create extension if not exists pg_jsonschema with schema extensions; +create extension if not exists pg_repack with schema extensions; +create extension if not exists pg_stat_monitor with schema extensions; +create extension if not exists pg_tle; +create extension if not exists pg_trgm with schema extensions; +create extension if not exists pg_walinspect with schema extensions; +create extension if not exists pgaudit with schema extensions; +create extension if not exists pgtap with schema extensions; +create extension if not exists pgroonga with schema extensions; +create extension if not exists pgroonga_database with schema extensions; +create extension if not exists pgsodium; +create extension if not exists pgrowlocks with schema extensions; +create extension if not exists pgstattuple with schema extensions; +create extension if not exists plpgsql_check with schema extensions; +create extension if not exists postgis with schema extensions; +create extension if not exists postgis_raster with schema extensions; +create extension if not exists postgis_sfcgal with schema extensions; +create extension if not exists postgis_topology with schema topology; +create extension if not exists pgrouting with schema extensions; +create extension if not exists postgres_fdw with schema extensions; +create extension if not exists rum with schema extensions; +create extension if not exists refint with schema extensions; +create extension if not exists seg with schema extensions; +create extension if not exists sslinfo with schema extensions; +create extension if not exists supabase_vault; +create extension if not exists tablefunc with schema extensions; +create extension if not exists tcn with schema extensions; +create extension if not exists tsm_system_rows with schema extensions; +create extension if not exists unaccent with schema extensions; +create extension if not exists vector with schema extensions; +create extension if not exists wrappers with schema extensions; + +-- Non-privileged extensions (use their natural default schemas) +create extension if not exists amcheck; +create extension if not exists file_fdw; +create extension if not exists intagg; +create extension if not exists lo; +create extension if not exists pageinspect; +create extension if not exists pg_freespacemap; +create extension if not exists pgmq; +create extension if not exists pg_surgery with schema pg_catalog; -- non-relocatable +create extension if not exists pg_visibility; +create extension if not exists xml2; /* List all extensions that are not enabled If a new entry shows up in this list, that means a new extension has been -added and you should `create extension ...` to enable it in ./nix/tests/prime +added and you should create extension above */ @@ -112,3 +197,6 @@ order by n.nspname, pc.relname, pa.attname; + +-- Rollback to clean up all extensions created in this test +ROLLBACK; diff --git a/nix/tests/sql/z_17_pg_stat_monitor.sql b/nix/tests/sql/z_17_pg_stat_monitor.sql index 69d996be8..0bc926e56 100644 --- a/nix/tests/sql/z_17_pg_stat_monitor.sql +++ b/nix/tests/sql/z_17_pg_stat_monitor.sql @@ -1,6 +1,14 @@ +BEGIN; + +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists pg_stat_monitor with schema extensions; + select * from - pg_stat_monitor + extensions.pg_stat_monitor where false; + +ROLLBACK; diff --git a/nix/tests/sql/z_17_pgvector.sql b/nix/tests/sql/z_17_pgvector.sql index c90219ca5..2aeebaf42 100644 --- a/nix/tests/sql/z_17_pgvector.sql +++ b/nix/tests/sql/z_17_pgvector.sql @@ -1,6 +1,12 @@ /* This test excludes indexes shipped with pgvector because orioledb doesn't support them yet */ +BEGIN; + +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists vector with schema extensions; + create schema v; create table v.items( @@ -50,3 +56,5 @@ from -- Cleanup drop schema v cascade; + +ROLLBACK; diff --git a/nix/tests/sql/z_17_roles.sql b/nix/tests/sql/z_17_roles.sql index 86229c63e..ae1e62338 100644 --- a/nix/tests/sql/z_17_roles.sql +++ b/nix/tests/sql/z_17_roles.sql @@ -1,3 +1,12 @@ +-- Create pg_tle to ensure pgtle_admin role exists +-- This matches production where users can create pg_tle extension +BEGIN; + +set client_min_messages = warning; +create schema if not exists extensions; +-- pg_tle is non-relocatable and automatically creates the pgtle schema +create extension if not exists pg_tle; + -- version-specific roles and attributes select rolname, @@ -84,3 +93,7 @@ cross join lateral pg_catalog.aclexplode(p.proacl) as acl where p.pronamespace::regnamespace::text = 'pg_catalog' and acl.grantee::regrole::text != 'supabase_admin' order by object_name, grantee, privilege_type; + +-- Rollback to clean up pg_tle extension +ROLLBACK; + diff --git a/nix/tests/sql/z_17_rum.sql b/nix/tests/sql/z_17_rum.sql index 6ae945975..94e930d3e 100644 --- a/nix/tests/sql/z_17_rum.sql +++ b/nix/tests/sql/z_17_rum.sql @@ -1,6 +1,12 @@ /* This extension is excluded from oriole-17 because it uses an unsupported index type */ +BEGIN; + +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists rum with schema extensions; + create schema v; create table v.test_rum( @@ -38,3 +44,5 @@ order by drop schema v cascade; + +ROLLBACK; diff --git a/nix/tests/sql/z_orioledb-17_ext_interface.sql b/nix/tests/sql/z_orioledb-17_ext_interface.sql index a9d44c2ab..65e6f7052 100644 --- a/nix/tests/sql/z_orioledb-17_ext_interface.sql +++ b/nix/tests/sql/z_orioledb-17_ext_interface.sql @@ -6,12 +6,97 @@ that emerge as versions change. */ +-- Create all extensions within a transaction +-- This matches production behavior where users create extensions as needed +-- Supautils will automatically enforce schema rules and run after-create scripts + +BEGIN; + +-- disable notice messages because they differ between 15 and 17 +set client_min_messages = warning; + +-- Create required schemas for relocatable extensions +-- Non-relocatable extensions (pg_tle, pgsodium, supabase_vault, pg_graphql) +-- automatically create their own schemas +create schema if not exists extensions; +create schema if not exists topology; + +-- Privileged extensions -> extensions schema (enforced by supautils) +create extension if not exists address_standardizer with schema extensions; +create extension if not exists address_standardizer_data_us with schema extensions; +create extension if not exists autoinc with schema extensions; +create extension if not exists bloom with schema extensions; +create extension if not exists btree_gin with schema extensions; +create extension if not exists btree_gist with schema extensions; +create extension if not exists citext with schema extensions; +create extension if not exists cube with schema extensions; +create extension if not exists dblink with schema extensions; +create extension if not exists dict_int with schema extensions; +create extension if not exists dict_xsyn with schema extensions; +create extension if not exists earthdistance with schema extensions; +create extension if not exists fuzzystrmatch with schema extensions; +create extension if not exists http with schema extensions; +create extension if not exists hstore with schema extensions; +create extension if not exists hypopg with schema extensions; +create extension if not exists index_advisor with schema extensions; +create extension if not exists insert_username with schema extensions; +create extension if not exists intarray with schema extensions; +create extension if not exists isn with schema extensions; +create extension if not exists ltree with schema extensions; +create extension if not exists moddatetime with schema extensions; +create extension if not exists pg_buffercache with schema extensions; +create extension if not exists pg_net with schema extensions; +create extension if not exists pg_hashids with schema extensions; +create extension if not exists pg_prewarm with schema extensions; +create extension if not exists pg_jsonschema with schema extensions; +create extension if not exists pg_repack with schema extensions; +create extension if not exists pg_stat_monitor with schema extensions; +create extension if not exists pg_tle; +create extension if not exists pg_trgm with schema extensions; +create extension if not exists pg_walinspect with schema extensions; +create extension if not exists pgaudit with schema extensions; +create extension if not exists pgtap with schema extensions; +create extension if not exists pgroonga with schema extensions; +create extension if not exists pgroonga_database with schema extensions; +create extension if not exists pgsodium; +create extension if not exists pgrowlocks with schema extensions; +create extension if not exists pgstattuple with schema extensions; +create extension if not exists plpgsql_check with schema extensions; +create extension if not exists postgis with schema extensions; +create extension if not exists postgis_raster with schema extensions; +create extension if not exists postgis_sfcgal with schema extensions; +create extension if not exists postgis_topology with schema topology; +create extension if not exists pgrouting with schema extensions; +create extension if not exists postgres_fdw with schema extensions; +create extension if not exists rum with schema extensions; +create extension if not exists refint with schema extensions; +create extension if not exists seg with schema extensions; +create extension if not exists sslinfo with schema extensions; +create extension if not exists supabase_vault; +create extension if not exists tablefunc with schema extensions; +create extension if not exists tcn with schema extensions; +create extension if not exists tsm_system_rows with schema extensions; +create extension if not exists unaccent with schema extensions; +create extension if not exists vector with schema extensions; +create extension if not exists wrappers with schema extensions; + +-- Non-privileged extensions (use their natural default schemas) +create extension if not exists amcheck; +create extension if not exists file_fdw; +create extension if not exists intagg; +create extension if not exists lo; +create extension if not exists pageinspect; +create extension if not exists pg_freespacemap; +create extension if not exists pgmq; +create extension if not exists pg_surgery with schema pg_catalog; -- non-relocatable +create extension if not exists pg_visibility; +create extension if not exists xml2; /* List all extensions that are not enabled If a new entry shows up in this list, that means a new extension has been -added and you should `create extension ...` to enable it in ./nix/tests/prime +added and you should create extension above */ @@ -112,3 +197,6 @@ order by n.nspname, pc.relname, pa.attname; + +-- Rollback to clean up all extensions created in this test +ROLLBACK; diff --git a/nix/tests/sql/z_orioledb-17_pg_stat_monitor.sql b/nix/tests/sql/z_orioledb-17_pg_stat_monitor.sql index 69d996be8..0bc926e56 100644 --- a/nix/tests/sql/z_orioledb-17_pg_stat_monitor.sql +++ b/nix/tests/sql/z_orioledb-17_pg_stat_monitor.sql @@ -1,6 +1,14 @@ +BEGIN; + +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists pg_stat_monitor with schema extensions; + select * from - pg_stat_monitor + extensions.pg_stat_monitor where false; + +ROLLBACK; diff --git a/nix/tests/sql/z_orioledb-17_pgvector.sql b/nix/tests/sql/z_orioledb-17_pgvector.sql index c90219ca5..2aeebaf42 100644 --- a/nix/tests/sql/z_orioledb-17_pgvector.sql +++ b/nix/tests/sql/z_orioledb-17_pgvector.sql @@ -1,6 +1,12 @@ /* This test excludes indexes shipped with pgvector because orioledb doesn't support them yet */ +BEGIN; + +set client_min_messages = warning; +create schema if not exists extensions; +create extension if not exists vector with schema extensions; + create schema v; create table v.items( @@ -50,3 +56,5 @@ from -- Cleanup drop schema v cascade; + +ROLLBACK; diff --git a/nix/tools/run-server.sh.in b/nix/tools/run-server.sh.in index 5cd86fe31..5b05bba24 100644 --- a/nix/tools/run-server.sh.in +++ b/nix/tools/run-server.sh.in @@ -163,9 +163,6 @@ export PATH=$BINDIR/bin:$PATH PGSQL_SUPERUSER=@PGSQL_SUPERUSER@ PSQL_CONF_FILE=@PSQL_CONF_FILE@ PORTNO="${PORTNO:-@PGSQL_DEFAULT_PORT@}" -SUPAUTILS_CONFIG_FILE=@SUPAUTILS_CONF_FILE@ -LOGGING_CONFIG_FILE=@LOGGING_CONF_FILE@ -READREPL_CONFIG_FILE=@READREPL_CONF_FILE@ PG_HBA_FILE=@PG_HBA@ PG_IDENT_FILE=@PG_IDENT@ EXTENSION_CUSTOM_SCRIPTS=@EXTENSION_CUSTOM_SCRIPTS_DIR@ @@ -226,22 +223,42 @@ cp "$READREPL_CONFIG_FILE" "$DATDIR/read-replica.conf" mkdir -p "$DATDIR/extension-custom-scripts" cp -r "$EXTENSION_CUSTOM_SCRIPTS"/* "$DATDIR/extension-custom-scripts" -# Configure supautils -sed "s|supautils.extension_custom_scripts_path = '/etc/postgresql-custom/extension-custom-scripts'|supautils.extension_custom_scripts_path = '$DATDIR/extension-custom-scripts'|" "$SUPAUTILS_CONFIG_FILE" > "$DATDIR/supautils.conf" +# Update the supautils.conf to point to the correct extension custom scripts path +# AND temporarily comment out reserved_roles to allow role creation during migrations +if [[ "$CURRENT_SYSTEM" = "aarch64-darwin" ]]; then + # macOS requires a backup extension for -i + sed -i.bak \ + -e "s|supautils.extension_custom_scripts_path = '/etc/postgresql-custom/extension-custom-scripts'|supautils.extension_custom_scripts_path = '$DATDIR/extension-custom-scripts'|" \ + -e "s|^supautils.reserved_roles|#supautils.reserved_roles|" \ + "$DATDIR/conf.d/supautils.conf" + rm -f "$DATDIR/conf.d/supautils.conf.bak" +else + # Linux doesn't require a backup extension + sed -i \ + -e "s|supautils.extension_custom_scripts_path = '/etc/postgresql-custom/extension-custom-scripts'|supautils.extension_custom_scripts_path = '$DATDIR/extension-custom-scripts'|" \ + -e "s|^supautils.reserved_roles|#supautils.reserved_roles|" \ + "$DATDIR/conf.d/supautils.conf" +fi # Configure PostgreSQL -sed -e "1i\\ -include = '$DATDIR/supautils.conf'" \ --e "\$a\\ +sed -e "\$a\\ pgsodium.getkey_script = '$PGSODIUM_GETKEY_SCRIPT'" \ -e "\$a\\ vault.getkey_script = '$PGSODIUM_GETKEY_SCRIPT'" \ -e "s|data_directory = '/var/lib/postgresql/data'|data_directory = '$DATDIR'|" \ -e "s|hba_file = '/etc/postgresql/pg_hba.conf'|hba_file = '$DATDIR/pg_hba.conf'|" \ -e "s|ident_file = '/etc/postgresql/pg_ident.conf'|ident_file = '$DATDIR/pg_ident.conf'|" \ +<<<<<<< HEAD +||||||| 1e598fb38 +-e "s|include = '/etc/postgresql/logging.conf'|#&|" \ +-e "\$a\\ +session_preload_libraries = 'supautils'" \ +======= -e "s|include = '/etc/postgresql/logging.conf'|#&|" \ +-e "s|include = '/etc/postgresql-custom/read-replica.conf'|include = '$DATDIR/read-replica.conf'|" \ -e "\$a\\ session_preload_libraries = 'supautils'" \ +>>>>>>> origin/develop -e "s|include_dir = '/etc/postgresql-custom/conf.d'|include_dir = '$DATDIR/conf.d'|" \ "$PSQL_CONF_FILE" > "$DATDIR/postgresql.conf" @@ -252,7 +269,7 @@ orioledb_config_items() { echo "non-macos oriole conf" sed -i 's/ timescaledb,//g;' "$DATDIR/postgresql.conf" sed -i 's/db_user_namespace = off/#db_user_namespace = off/g;' "$DATDIR/postgresql.conf" - sed -i 's/ timescaledb,//g; s/ plv8,//g; s/ pgjwt,//g;' "$DATDIR/supautils.conf" + sed -i 's/ timescaledb,//g; s/ plv8,//g; s/ pgjwt,//g;' "$DATDIR/conf.d/supautils.conf" sed -i 's/\(shared_preload_libraries.*\)'\''\(.*\)$/\1, orioledb'\''\2/' "$DATDIR/postgresql.conf" echo "default_table_access_method = 'orioledb'" >> "$DATDIR/postgresql.conf" # OrioleDB rewind configuration (20 minute window, 10MB buffer) @@ -264,16 +281,16 @@ orioledb_config_items() { # macOS specific configuration echo "macOS detected, applying macOS specific configuration" ls -la "$DATDIR" - + # Use perl instead of sed for macOS perl -pi -e 's/ timescaledb,//g' "$DATDIR/postgresql.conf" perl -pi -e 's/db_user_namespace = off/#db_user_namespace = off/g' "$DATDIR/postgresql.conf" - - perl -pi -e 's/ timescaledb,//g' "$DATDIR/supautils.conf" - perl -pi -e 's/ plv8,//g' "$DATDIR/supautils.conf" - perl -pi -e 's/ pgjwt,//g' "$DATDIR/supautils.conf" + + perl -pi -e 's/ timescaledb,//g' "$DATDIR/conf.d/supautils.conf" + perl -pi -e 's/ plv8,//g' "$DATDIR/conf.d/supautils.conf" + perl -pi -e 's/ pgjwt,//g' "$DATDIR/conf.d/supautils.conf" perl -pi -e 's/(shared_preload_libraries\s*=\s*'\''.*?)'\''/\1, orioledb'\''/' "$DATDIR/postgresql.conf" - + echo "default_table_access_method = 'orioledb'" >> "$DATDIR/postgresql.conf" # OrioleDB rewind configuration (20 minute window, 10MB buffer) echo "orioledb.enable_rewind = true" >> "$DATDIR/postgresql.conf" @@ -284,12 +301,12 @@ orioledb_config_items() { echo "non-macos pg 17 conf" sed -i 's/ timescaledb,//g;' "$DATDIR/postgresql.conf" sed -i 's/db_user_namespace = off/#db_user_namespace = off/g;' "$DATDIR/postgresql.conf" - sed -i 's/ timescaledb,//g; s/ plv8,//g;' "$DATDIR/supautils.conf" + sed -i 's/ timescaledb,//g; s/ plv8,//g;' "$DATDIR/conf.d/supautils.conf" elif [[ "$VERSION" == "17" && "$CURRENT_SYSTEM" = "aarch64-darwin" ]]; then perl -pi -e 's/db_user_namespace = off/#db_user_namespace = off/g;' "$DATDIR/postgresql.conf" perl -pi -e 's/ timescaledb,//g' "$DATDIR/postgresql.conf" - perl -pi -e 's/ timescaledb,//g' "$DATDIR/supautils.conf" - perl -pi -e 's/ plv8,//g;' "$DATDIR/supautils.conf" + perl -pi -e 's/ timescaledb,//g' "$DATDIR/conf.d/supautils.conf" + perl -pi -e 's/ plv8,//g;' "$DATDIR/conf.d/supautils.conf" fi } @@ -373,6 +390,27 @@ EOSQL fi fi fi + +# Restore full supautils configuration now that migrations are complete +# Uncomment reserved_roles that was disabled during migrations +echo "Restoring full supautils configuration after migrations" +if [[ "$CURRENT_SYSTEM" = "aarch64-darwin" ]]; then + # macOS requires a backup extension for -i + sed -i.bak "s|^#supautils.reserved_roles|supautils.reserved_roles|" "$DATDIR/conf.d/supautils.conf" + rm -f "$DATDIR/conf.d/supautils.conf.bak" +else + # Linux doesn't require a backup extension + sed -i "s|^#supautils.reserved_roles|supautils.reserved_roles|" "$DATDIR/conf.d/supautils.conf" +fi + +# Run after-create scripts for extensions that are not managed by supautils privileged_extensions +# pgmq is not in the privileged_extensions list, so we need to run its after-create script manually +echo "Running after-create scripts for non-privileged extensions" +if psql -v ON_ERROR_STOP=0 --no-password --no-psqlrc -U "$PGSQL_SUPERUSER" -p "$PORTNO" -h localhost -d postgres -c "SELECT 1 FROM pg_extension WHERE extname = 'pgmq'" | grep -q 1; then + echo "Running pgmq after-create script" + psql -v ON_ERROR_STOP=1 --no-password --no-psqlrc -U "$PGSQL_SUPERUSER" -p "$PORTNO" -h localhost -d postgres -f "$DATDIR/extension-custom-scripts/pgmq/after-create.sql" +fi + echo "Shutting down PostgreSQL..." stop_postgres @@ -380,6 +418,6 @@ stop_postgres # Step 4: Restart PostgreSQL in the foreground (with log output visible) or as a daemon if [ "$DAEMONIZE" = true ]; then start_postgres "daemon" -else +else start_postgres "foreground" fi