From db66f4e65dfb73caadade66719642b5aa7120f72 Mon Sep 17 00:00:00 2001 From: David Steele Date: Thu, 1 Aug 2024 15:16:14 +0700 Subject: [PATCH 01/13] Tests from pgaudit. --- test/Dockerfile.debian | 39 +++++++++++++++++++++++++++++++++++++++ test/README.md | 14 ++++++++++++++ test/test.sh | 14 ++++++++++++++ 3 files changed, 67 insertions(+) create mode 100644 test/Dockerfile.debian create mode 100644 test/README.md create mode 100755 test/test.sh diff --git a/test/Dockerfile.debian b/test/Dockerfile.debian new file mode 100644 index 0000000..d1f1e17 --- /dev/null +++ b/test/Dockerfile.debian @@ -0,0 +1,39 @@ +FROM ubuntu:jammy + +# Install packages +RUN apt-get update +RUN DEBIAN_FRONTEND=noninteractive apt-get install -y sudo wget gnupg tzdata locales lsb-release apt-utils make gcc libssl-dev \ + libkrb5-dev + +# Create postgres user/group with specific IDs +ARG UID=1000 +ARG GID=1000 + +RUN groupadd -g $GID -o postgres +RUN useradd -m -u $UID -g $GID -o -s /bin/bash postgres + +# Add PostgreSQL repository +RUN RELEASE_CODENAME=`lsb_release -c | awk '{print $2}'` && \ + echo 'deb http://apt.postgresql.org/pub/repos/apt/ '${RELEASE_CODENAME?}'-pgdg main' | \ + tee -a /etc/apt/sources.list.d/pgdg.list +RUN APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 && \ + wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - +RUN apt-get update + +# Install PostgreSQL +ENV PGVERSION=12 + +RUN apt-get install -y postgresql-${PGVERSION?} postgresql-server-dev-${PGVERSION?} + +# Create PostgreSQL cluster +ENV PGBIN=/usr/lib/postgresql/${PGVERSION}/bin +ENV PGDATA="/var/lib/postgresql/${PGVERSION}/test" +ENV PATH="${PATH}:${PGBIN}" + +RUN sudo -u postgres ${PGBIN?}/initdb -A trust -k ${PGDATA?} +RUN echo "shared_preload_libraries = 'set_user'" >> ${PGDATA}/postgresql.conf + +# Configure sudo +RUN echo 'postgres ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers + +USER postgres diff --git a/test/README.md b/test/README.md new file mode 100644 index 0000000..aa489e9 --- /dev/null +++ b/test/README.md @@ -0,0 +1,14 @@ +# Testing + +Testing is performed using a Docker container. First build the container: +``` +docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) -f test/Dockerfile.debian -t set_user-test . +``` +or +``` +docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) -f test/Dockerfile.rhel -t set_user-test . +``` +Then run the test: +``` +docker run --rm -v $(pwd):/set_user set_user-test /set_user/test/test.sh +``` diff --git a/test/test.sh b/test/test.sh new file mode 100755 index 0000000..11cd771 --- /dev/null +++ b/test/test.sh @@ -0,0 +1,14 @@ +#!/bin/bash +set -e + +# Clean and build set_user +make -C /set_user clean all USE_PGXS=1 + +# Install set_user so postgres will start with shared_preload_libraries set +sudo bash -c "PATH=${PATH?} make -C /set_user install USE_PGXS=1" + +# Start postgres +${PGBIN}/pg_ctl -w start -D ${PGDATA} + +# Test set_user +make -C /set_user installcheck USE_PGXS=1 From ef4c750524af59de97439fce9efeb02f582bcf6e Mon Sep 17 00:00:00 2001 From: David Steele Date: Mon, 5 Aug 2024 10:22:09 +0700 Subject: [PATCH 02/13] Try 4.1.0. --- set_user.control | 2 +- updates/set_user--4.0.1--4.1.0.sql | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 updates/set_user--4.0.1--4.1.0.sql diff --git a/set_user.control b/set_user.control index 20acd5c..446d26c 100644 --- a/set_user.control +++ b/set_user.control @@ -1,5 +1,5 @@ # set_user extension comment = 'similar to SET ROLE but with added logging' -default_version = '4.0.1' +default_version = '4.1.0' module_pathname = '$libdir/set_user' relocatable = false diff --git a/updates/set_user--4.0.1--4.1.0.sql b/updates/set_user--4.0.1--4.1.0.sql new file mode 100644 index 0000000..164b3ca --- /dev/null +++ b/updates/set_user--4.0.1--4.1.0.sql @@ -0,0 +1,6 @@ +/* set-user--4.0.1--4.1.0.sql */ + +-- complain if script is sourced in psql, rather than via ALTER EXTENSION +\echo Use "ALTER EXTENSION set_user UPDATE" to load this file. \quit + +-- just bumping our version to 4.1.0. no new SQL features here, so nothing to do. From 896ca6392ce35a38b161156c2eb90489738d5cbb Mon Sep 17 00:00:00 2001 From: David Steele Date: Mon, 5 Aug 2024 10:30:09 +0700 Subject: [PATCH 03/13] Updates. --- test/README.md | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/test/README.md b/test/README.md index aa489e9..ab80e93 100644 --- a/test/README.md +++ b/test/README.md @@ -2,7 +2,7 @@ Testing is performed using a Docker container. First build the container: ``` -docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) -f test/Dockerfile.debian -t set_user-test . +podman build --build-arg UID=$(id -u) --build-arg GID=$(id -g) -f test/Dockerfile.debian -t set_user-test . ``` or ``` @@ -12,3 +12,26 @@ Then run the test: ``` docker run --rm -v $(pwd):/set_user set_user-test /set_user/test/test.sh ``` + +HOST: docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) -f test/Dockerfile.debian -t set_user-test . +HOST: docker run --rm -v $(pwd):/set_user set_user-test /set_user/test/test.sh +HOST: podman run -it --rm -v $(pwd):/set_user set_user-test bash + +CHECKOUT: PRIOR VERSION + +DOCKER: make -C /set_user clean all USE_PGXS=1 +DOCKER: sudo bash -c "PATH=${PATH?} make -C /set_user install USE_PGXS=1" +DOCKER: ${PGBIN}/pg_ctl -w start -D ${PGDATA} +DOCKER: psql -c 'create extension set_user' +DOCKER: psql -c 'select * from pg_extension' +DOCKER: ${PGBIN}/pg_ctl -w stop -D ${PGDATA} + +CHECKOUT: NEW VERSION + +DOCKER: make -C /set_user clean all USE_PGXS=1 +DOCKER: sudo bash -c "PATH=${PATH?} make -C /set_user install USE_PGXS=1" +DOCKER: ${PGBIN}/pg_ctl -w start -D ${PGDATA} +DOCKER: psql -c "alter extension set_user update to '1.2.4'" +DOCKER: psql -c 'select * from pg_extension' + +DOCKER: exit From 42233e30e608d968d9b6b96eca47b529a06fb5ed Mon Sep 17 00:00:00 2001 From: David Steele Date: Mon, 19 May 2025 13:12:48 -0400 Subject: [PATCH 04/13] Update for new version. --- test/Dockerfile.debian | 4 ++-- test/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/Dockerfile.debian b/test/Dockerfile.debian index d1f1e17..533f319 100644 --- a/test/Dockerfile.debian +++ b/test/Dockerfile.debian @@ -14,14 +14,14 @@ RUN useradd -m -u $UID -g $GID -o -s /bin/bash postgres # Add PostgreSQL repository RUN RELEASE_CODENAME=`lsb_release -c | awk '{print $2}'` && \ - echo 'deb http://apt.postgresql.org/pub/repos/apt/ '${RELEASE_CODENAME?}'-pgdg main' | \ + echo 'deb http://apt.postgresql.org/pub/repos/apt/ '${RELEASE_CODENAME?}'-pgdg main 18' | \ tee -a /etc/apt/sources.list.d/pgdg.list RUN APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 && \ wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - RUN apt-get update # Install PostgreSQL -ENV PGVERSION=12 +ENV PGVERSION=18 RUN apt-get install -y postgresql-${PGVERSION?} postgresql-server-dev-${PGVERSION?} diff --git a/test/README.md b/test/README.md index ab80e93..f484dae 100644 --- a/test/README.md +++ b/test/README.md @@ -2,7 +2,7 @@ Testing is performed using a Docker container. First build the container: ``` -podman build --build-arg UID=$(id -u) --build-arg GID=$(id -g) -f test/Dockerfile.debian -t set_user-test . +docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) -f test/Dockerfile.debian -t set_user-test . ``` or ``` From 921ca7c2d0fcb98f2552068213776198d4b331d1 Mon Sep 17 00:00:00 2001 From: David Steele Date: Tue, 20 May 2025 18:50:59 -0400 Subject: [PATCH 05/13] New tests. --- .github/docker/Dockerfile | 14 ------ .github/resources/scripts/healthcheck.sh | 64 ------------------------ .github/resources/set_user.yml | 12 ----- .github/test.yml | 38 ++++++++++++++ .github/workflows/regression-tests.yml | 58 --------------------- .gitignore | 1 + test/Dockerfile.debian | 15 +++--- test/README.md | 31 +----------- 8 files changed, 49 insertions(+), 184 deletions(-) delete mode 100644 .github/docker/Dockerfile delete mode 100644 .github/resources/scripts/healthcheck.sh delete mode 100644 .github/resources/set_user.yml create mode 100644 .github/test.yml delete mode 100644 .github/workflows/regression-tests.yml diff --git a/.github/docker/Dockerfile b/.github/docker/Dockerfile deleted file mode 100644 index ea80612..0000000 --- a/.github/docker/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -# set_user Docker image -# This image is used for testing the set_user build process -ARG PGVER -FROM postgres:${PGVER} -ARG PGVER -ARG DEVPKG -ENV DEBIAN_FRONTEND=noninteractive - -COPY . /src/set_user -WORKDIR /src/set_user -RUN apt-get update && \ - apt-get -y upgrade && \ - apt-get -y install postgresql-server-dev-${DEVPKG} make gcc -RUN make install diff --git a/.github/resources/scripts/healthcheck.sh b/.github/resources/scripts/healthcheck.sh deleted file mode 100644 index ddde581..0000000 --- a/.github/resources/scripts/healthcheck.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env bash -# Modified from https://github.com/jordyv/wait-for-healthy-container -container_name=$1 -shift -timeout=$1 - -default_timeout=120 - -if [ -z ${timeout} ]; then - timeout=${default_timeout} -fi - -RETURN_HEALTHY=0 -RETURN_STARTING=1 -RETURN_UNHEALTHY=2 -RETURN_UNKNOWN=3 -RETURN_ERROR=99 - -function usage() { - echo " - Usage: healthcheck.sh [timeout] - " - return -} - -function get_health_state { - state=$(docker inspect -f '{{ .State.Health.Status }}' ${container_name}) - return_code=$? - if [ ! ${return_code} -eq 0 ]; then - exit ${RETURN_ERROR} - fi - if [[ "${state}" == "healthy" ]]; then - return ${RETURN_HEALTHY} - elif [[ "${state}" == "unhealthy" ]]; then - return ${RETURN_UNHEALTHY} - elif [[ "${state}" == "starting" ]]; then - return ${RETURN_STARTING} - else - return ${RETURN_UNKNOWN} - fi -} - -function wait_for() { - echo "Wait for container '$container_name' to be healthy for max $timeout seconds..." - for i in `seq ${timeout}`; do - get_health_state - state=$? - if [ ${state} -eq 0 ]; then - echo "Container is healthy after ${i} seconds." - exit 0 - fi - sleep 1 - done - - echo "Timeout exceeded. Health status returned: $(docker inspect -f '{{ .State.Health.Status }}' ${container_name})" - exit 1 -} - -if [ -z ${container_name} ]; then - usage - exit 1 -else - wait_for -fi \ No newline at end of file diff --git a/.github/resources/set_user.yml b/.github/resources/set_user.yml deleted file mode 100644 index 2b8ebd2..0000000 --- a/.github/resources/set_user.yml +++ /dev/null @@ -1,12 +0,0 @@ -# Custom service that contains the postgres with the installed set_user extension -version: '3' -services: - set_user: - container_name: set_user - image: set_user:latest - environment: - POSTGRES_HOST_AUTH_METHOD: "trust" - healthcheck: - test: ["CMD", "pg_isready"] - interval: 10s - timeout: 5s diff --git a/.github/test.yml b/.github/test.yml new file mode 100644 index 0000000..eb207e1 --- /dev/null +++ b/.github/test.yml @@ -0,0 +1,38 @@ +on: + push: + branches: + - integration + - '**-ci' + pull_request: + branches: + - master + - integration + +jobs: + test: + runs-on: ubuntu-latest + + strategy: + # Let all the jobs run to completion even if one fails + fail-fast: false + + # Test all supported versions + matrix: + pgver: [12, 13, 14, 15, 16, 17] + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + with: + path: set_user + + - name: Build Test Container + run: docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) --build-arg PGVER={{matrix.pgver}} -f ${GITHUB_WORKSPACE?}/pgaudit/test/Dockerfile.debian -t set_user-test ${GITHUB_WORKSPACE?}/set_user + + - name: Run Test + run: docker run -v ${GITHUB_WORKSPACE?}/set_user:/set_user set_user-test /set_user/test/test.sh + + - name: Show Any Regression Diffs + if: ${{ failure() }} + run: | + cat ${GITHUB_WORKSPACE?}/set_user/regression.diffs diff --git a/.github/workflows/regression-tests.yml b/.github/workflows/regression-tests.yml deleted file mode 100644 index 3575c6f..0000000 --- a/.github/workflows/regression-tests.yml +++ /dev/null @@ -1,58 +0,0 @@ -# CI for set_user Pull Requests and pushes to the cicd branch. -# Runs regression tests against all supported versions of postgres. -on: - push: - branches: - - integration - - '**-ci' - pull_request: - branches: - - master - - integration - -jobs: - regression-tests: - runs-on: ubuntu-latest - env: - DOCKER_DIR: ${{ github.workspace }}/.github/docker - RESOURCE_DIR: ${{ github.workspace }}/.github/resources - SCRIPT_DIR: ${{ github.workspace }}/.github/resources/scripts - DEVPKG: ${{ matrix.devpkg }} - strategy: - fail-fast: false - matrix: - pgver: [12, 13, 14, 15, 16, 17beta2] - - steps: - - name: Checkout set_user repo - uses: actions/checkout@v4 - - - name: Set DEVPKG to pgver if unset - if: ${{ env.DEVPKG == '' }} - run: | - # Cut off label and leave only major version number (17beta2 -> 17) - DEVPKG=$(echo ${{ matrix.pgver }} | sed 's/^\([0-9]\{2\}\).*/\1/') - echo "DEVPKG=$DEVPKG" >> $GITHUB_ENV; - - - name: Build set_user - run: | - sudo apt-get install -y docker-compose - docker build -t set_user:latest \ - --build-arg PGVER=${{ matrix.pgver }} \ - --build-arg DEVPKG=${{ env.DEVPKG }} \ - -f ${{ env.DOCKER_DIR }}/Dockerfile . - - - name: Run PG set_user - run: | - docker-compose -f ${{ env.RESOURCE_DIR }}/set_user.yml up -d - /bin/bash ${{ env.SCRIPT_DIR }}/healthcheck.sh set_user 60 - - - name: Run tests - run: | - docker exec set_user make -C /src/set_user USE_PGXS=1 REGRESS_OPTS='--user=postgres' installcheck - - - name: Show any regression diffs - if: ${{ failure() }} - run: | - docker cp set_user:/src/set_user/regression.diffs ./regression.diffs - cat ./regression.diffs diff --git a/.gitignore b/.gitignore index f186ce4..c90e638 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ # Derived objects set_user.o set_user.so +set_user.bc results # Generated documentation diff --git a/test/Dockerfile.debian b/test/Dockerfile.debian index 533f319..f707ebe 100644 --- a/test/Dockerfile.debian +++ b/test/Dockerfile.debian @@ -1,10 +1,13 @@ -FROM ubuntu:jammy +FROM ubuntu:latest # Install packages RUN apt-get update RUN DEBIAN_FRONTEND=noninteractive apt-get install -y sudo wget gnupg tzdata locales lsb-release apt-utils make gcc libssl-dev \ libkrb5-dev +# PostgreSQL version +ARG PGVER=18 + # Create postgres user/group with specific IDs ARG UID=1000 ARG GID=1000 @@ -14,20 +17,18 @@ RUN useradd -m -u $UID -g $GID -o -s /bin/bash postgres # Add PostgreSQL repository RUN RELEASE_CODENAME=`lsb_release -c | awk '{print $2}'` && \ - echo 'deb http://apt.postgresql.org/pub/repos/apt/ '${RELEASE_CODENAME?}'-pgdg main 18' | \ + echo 'deb http://apt.postgresql.org/pub/repos/apt/ '${RELEASE_CODENAME?}'-pgdg main '${PGVER?} | \ tee -a /etc/apt/sources.list.d/pgdg.list RUN APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 && \ wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - RUN apt-get update # Install PostgreSQL -ENV PGVERSION=18 - -RUN apt-get install -y postgresql-${PGVERSION?} postgresql-server-dev-${PGVERSION?} +RUN apt-get install -y postgresql-${PGVER?} postgresql-server-dev-${PGVER?} # Create PostgreSQL cluster -ENV PGBIN=/usr/lib/postgresql/${PGVERSION}/bin -ENV PGDATA="/var/lib/postgresql/${PGVERSION}/test" +ENV PGBIN=/usr/lib/postgresql/${PGVER}/bin +ENV PGDATA="/var/lib/postgresql/${PGVER}/test" ENV PATH="${PATH}:${PGBIN}" RUN sudo -u postgres ${PGBIN?}/initdb -A trust -k ${PGDATA?} diff --git a/test/README.md b/test/README.md index f484dae..69d4ce2 100644 --- a/test/README.md +++ b/test/README.md @@ -1,37 +1,10 @@ # Testing -Testing is performed using a Docker container. First build the container: +Testing is performed using a Docker container. First build the container with the desired PostgreSQL version: ``` -docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) -f test/Dockerfile.debian -t set_user-test . -``` -or -``` -docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) -f test/Dockerfile.rhel -t set_user-test . +docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) --build-arg PGVER=18 -f test/Dockerfile.debian -t set_user-test . ``` Then run the test: ``` docker run --rm -v $(pwd):/set_user set_user-test /set_user/test/test.sh ``` - -HOST: docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) -f test/Dockerfile.debian -t set_user-test . -HOST: docker run --rm -v $(pwd):/set_user set_user-test /set_user/test/test.sh -HOST: podman run -it --rm -v $(pwd):/set_user set_user-test bash - -CHECKOUT: PRIOR VERSION - -DOCKER: make -C /set_user clean all USE_PGXS=1 -DOCKER: sudo bash -c "PATH=${PATH?} make -C /set_user install USE_PGXS=1" -DOCKER: ${PGBIN}/pg_ctl -w start -D ${PGDATA} -DOCKER: psql -c 'create extension set_user' -DOCKER: psql -c 'select * from pg_extension' -DOCKER: ${PGBIN}/pg_ctl -w stop -D ${PGDATA} - -CHECKOUT: NEW VERSION - -DOCKER: make -C /set_user clean all USE_PGXS=1 -DOCKER: sudo bash -c "PATH=${PATH?} make -C /set_user install USE_PGXS=1" -DOCKER: ${PGBIN}/pg_ctl -w start -D ${PGDATA} -DOCKER: psql -c "alter extension set_user update to '1.2.4'" -DOCKER: psql -c 'select * from pg_extension' - -DOCKER: exit From 88cb0d0ede3b47d9b91856ae899cd38b012dba81 Mon Sep 17 00:00:00 2001 From: David Steele Date: Tue, 20 May 2025 18:53:54 -0400 Subject: [PATCH 06/13] Move workflow. --- .github/{ => workflows}/test.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/{ => workflows}/test.yml (100%) diff --git a/.github/test.yml b/.github/workflows/test.yml similarity index 100% rename from .github/test.yml rename to .github/workflows/test.yml From 1eb8a90b13b9e3e3077327f76a20b620d8b3679d Mon Sep 17 00:00:00 2001 From: David Steele Date: Tue, 20 May 2025 18:54:48 -0400 Subject: [PATCH 07/13] Fix path. --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index eb207e1..80439ba 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -27,7 +27,7 @@ jobs: path: set_user - name: Build Test Container - run: docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) --build-arg PGVER={{matrix.pgver}} -f ${GITHUB_WORKSPACE?}/pgaudit/test/Dockerfile.debian -t set_user-test ${GITHUB_WORKSPACE?}/set_user + run: docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) --build-arg PGVER={{matrix.pgver}} -f ${GITHUB_WORKSPACE?}/set_user/test/Dockerfile.debian -t set_user-test ${GITHUB_WORKSPACE?}/set_user - name: Run Test run: docker run -v ${GITHUB_WORKSPACE?}/set_user:/set_user set_user-test /set_user/test/test.sh From 6e6a00633df9247b87a4938da1d1c7446ec8d4d3 Mon Sep 17 00:00:00 2001 From: David Steele Date: Tue, 20 May 2025 18:56:12 -0400 Subject: [PATCH 08/13] Fix matrix var. --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 80439ba..873e9fd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -27,7 +27,7 @@ jobs: path: set_user - name: Build Test Container - run: docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) --build-arg PGVER={{matrix.pgver}} -f ${GITHUB_WORKSPACE?}/set_user/test/Dockerfile.debian -t set_user-test ${GITHUB_WORKSPACE?}/set_user + run: docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) --build-arg PGVER=${{matrix.pgver}} -f ${GITHUB_WORKSPACE?}/set_user/test/Dockerfile.debian -t set_user-test ${GITHUB_WORKSPACE?}/set_user - name: Run Test run: docker run -v ${GITHUB_WORKSPACE?}/set_user:/set_user set_user-test /set_user/test/test.sh From 350f13cef97725cc4fbd840736183290bf2ad1cb Mon Sep 17 00:00:00 2001 From: David Steele Date: Tue, 20 May 2025 19:02:07 -0400 Subject: [PATCH 09/13] Try version 18. --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 873e9fd..f5aa096 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,7 +18,7 @@ jobs: # Test all supported versions matrix: - pgver: [12, 13, 14, 15, 16, 17] + pgver: [12, 13, 14, 15, 16, 17, 18] steps: - name: Checkout Code From 64a08d632943af66f5de6b0466010beca08b554e Mon Sep 17 00:00:00 2001 From: David Steele Date: Tue, 20 May 2025 19:10:30 -0400 Subject: [PATCH 10/13] See if broken out is logged. --- .github/workflows/test.yml | 2 +- expected/set_user.out | 94 +++++++++++++++++++------------------- 2 files changed, 48 insertions(+), 48 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f5aa096..873e9fd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,7 +18,7 @@ jobs: # Test all supported versions matrix: - pgver: [12, 13, 14, 15, 16, 17, 18] + pgver: [12, 13, 14, 15, 16, 17] steps: - name: Checkout Code diff --git a/expected/set_user.out b/expected/set_user.out index 8e9f6b4..4cc5cc6 100644 --- a/expected/set_user.out +++ b/expected/set_user.out @@ -22,7 +22,7 @@ GRANT su TO joe; GRANT postgres TO su; -- test reset_user with no initial set SELECT reset_user(); - reset_user + reset_user ------------ OK (1 row) @@ -30,7 +30,7 @@ SELECT reset_user(); -- test set_user SET SESSION AUTHORIZATION dba; SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) @@ -39,7 +39,7 @@ SELECT set_user('postgres'); ERROR: switching to superuser not allowed HINT: Use 'set_user_u' to escalate. SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) @@ -47,19 +47,19 @@ SELECT SESSION_USER, CURRENT_USER; -- test set_user_u SET SESSION AUTHORIZATION dba; SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) SELECT set_user_u('postgres'); - set_user_u + set_user_u ------------ OK (1 row) SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | postgres (1 row) @@ -101,32 +101,32 @@ RESET SESSION AUTHORIZATION; -- should fail ERROR: "SET/RESET SESSION AUTHORIZATION" blocked by set_user HINT: Use "SELECT set_user();" or "SELECT reset_user();" instead. SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | postgres (1 row) SELECT reset_user(); -- succeed - reset_user + reset_user ------------ OK (1 row) -- test set_user and reset_user with token SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) SELECT set_user('bob', 'secret'); - set_user + set_user ---------- OK (1 row) SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | bob (1 row) @@ -138,7 +138,7 @@ RESET SESSION AUTHORIZATION; -- should fail ERROR: "SET/RESET SESSION AUTHORIZATION" blocked by set_user HINT: Use "SELECT set_user();" or "SELECT reset_user();" instead. SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | bob (1 row) @@ -146,19 +146,19 @@ SELECT SESSION_USER, CURRENT_USER; SELECT reset_user(); -- should fail ERROR: reset token required but not provided SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | bob (1 row) SELECT reset_user('secret'); -- succeed - reset_user + reset_user ------------ OK (1 row) SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) @@ -175,7 +175,7 @@ END; $$ LANGUAGE plpgsql; SET SESSION AUTHORIZATION dba; SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) @@ -185,71 +185,71 @@ SELECT set_user_u('postgres'), bail(); ERROR: bailing out ! CONTEXT: PL/pgSQL function bail() line 3 at RAISE SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) SHOW log_statement; - log_statement + log_statement --------------- none (1 row) SHOW log_line_prefix; - log_line_prefix + log_line_prefix ----------------- - %m [%p] + %m [%p] (1 row) -- bail on reset after successful set_user_u SELECT set_user_u('postgres'); - set_user_u + set_user_u ------------ OK (1 row) SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | postgres (1 row) SHOW log_statement; - log_statement + log_statement --------------- all (1 row) SHOW log_line_prefix; - log_line_prefix + log_line_prefix ----------------- - %m [%p] AUDIT: + %m [%p] AUDIT: (1 row) SELECT reset_user(), bail(); ERROR: bailing out ! CONTEXT: PL/pgSQL function bail() line 3 at RAISE SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | postgres (1 row) SHOW log_statement; - log_statement + log_statement --------------- all (1 row) SHOW log_line_prefix; - log_line_prefix + log_line_prefix ----------------- - %m [%p] AUDIT: + %m [%p] AUDIT: (1 row) SELECT reset_user(); - reset_user + reset_user ------------ OK (1 row) @@ -259,21 +259,21 @@ SELECT set_user('bob'), bail(); ERROR: bailing out ! CONTEXT: PL/pgSQL function bail() line 3 at RAISE SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) SHOW log_statement; - log_statement + log_statement --------------- none (1 row) SHOW log_line_prefix; - log_line_prefix + log_line_prefix ----------------- - %m [%p] + %m [%p] (1 row) -- bail during set_user with token @@ -281,32 +281,32 @@ SELECT set_user('bob', 'secret'), bail(); ERROR: bailing out ! CONTEXT: PL/pgSQL function bail() line 3 at RAISE SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) SHOW log_statement; - log_statement + log_statement --------------- none (1 row) SHOW log_line_prefix; - log_line_prefix + log_line_prefix ----------------- - %m [%p] + %m [%p] (1 row) -- bail during reset_user with token SELECT set_user('bob', 'secret'); - set_user + set_user ---------- OK (1 row) SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | bob (1 row) @@ -315,13 +315,13 @@ SELECT reset_user('secret'), bail(); ERROR: bailing out ! CONTEXT: PL/pgSQL function bail() line 3 at RAISE SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | bob (1 row) SELECT reset_user('secret'); - reset_user + reset_user ------------ OK (1 row) @@ -330,13 +330,13 @@ RESET SESSION AUTHORIZATION; -- this is an example of how we might audit existing roles SET SESSION AUTHORIZATION dba; SELECT set_user_u('postgres'); - set_user_u + set_user_u ------------ OK (1 row) SELECT rolname FROM pg_authid WHERE rolsuper and rolcanlogin; - rolname + rolname ---------- postgres (1 row) @@ -395,7 +395,7 @@ OR AND ri.rolsuper ) ); - rolname | rolcanlogin | rolsuper | rolparents + rolname | rolcanlogin | rolsuper | rolparents ----------+-------------+----------+--------------- joe | t | f | {postgres,su} postgres | t | t | {} @@ -406,7 +406,7 @@ OR -- since we don't really want to make the postgres user -- nologin during regression testing BEGIN; -REVOKE postgres FROM su; +REVOKE postgress FROM su; ALTER USER postgres NOLOGIN; -- retest, this time successfully SELECT @@ -425,7 +425,7 @@ OR AND ri.rolsuper ) ); - rolname | rolcanlogin | rolsuper | rolparents + rolname | rolcanlogin | rolsuper | rolparents ---------+-------------+----------+------------ (0 rows) From 8c4c2a4849bd4256c49cc79ca9780ebff4e1bbb5 Mon Sep 17 00:00:00 2001 From: David Steele Date: Tue, 20 May 2025 19:13:08 -0400 Subject: [PATCH 11/13] Revert test munge. --- expected/set_user.out | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/expected/set_user.out b/expected/set_user.out index 4cc5cc6..6d14158 100644 --- a/expected/set_user.out +++ b/expected/set_user.out @@ -406,7 +406,7 @@ OR -- since we don't really want to make the postgres user -- nologin during regression testing BEGIN; -REVOKE postgress FROM su; +REVOKE postgres FROM su; ALTER USER postgres NOLOGIN; -- retest, this time successfully SELECT From e1784c335426ac17fd4297e2fd6f6a0f5d3129a3 Mon Sep 17 00:00:00 2001 From: David Steele Date: Tue, 20 May 2025 19:15:52 -0400 Subject: [PATCH 12/13] Really fix test out. --- expected/set_user.out | 92 +++++++++++++++++++++---------------------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/expected/set_user.out b/expected/set_user.out index 6d14158..8e9f6b4 100644 --- a/expected/set_user.out +++ b/expected/set_user.out @@ -22,7 +22,7 @@ GRANT su TO joe; GRANT postgres TO su; -- test reset_user with no initial set SELECT reset_user(); - reset_user + reset_user ------------ OK (1 row) @@ -30,7 +30,7 @@ SELECT reset_user(); -- test set_user SET SESSION AUTHORIZATION dba; SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) @@ -39,7 +39,7 @@ SELECT set_user('postgres'); ERROR: switching to superuser not allowed HINT: Use 'set_user_u' to escalate. SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) @@ -47,19 +47,19 @@ SELECT SESSION_USER, CURRENT_USER; -- test set_user_u SET SESSION AUTHORIZATION dba; SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) SELECT set_user_u('postgres'); - set_user_u + set_user_u ------------ OK (1 row) SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | postgres (1 row) @@ -101,32 +101,32 @@ RESET SESSION AUTHORIZATION; -- should fail ERROR: "SET/RESET SESSION AUTHORIZATION" blocked by set_user HINT: Use "SELECT set_user();" or "SELECT reset_user();" instead. SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | postgres (1 row) SELECT reset_user(); -- succeed - reset_user + reset_user ------------ OK (1 row) -- test set_user and reset_user with token SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) SELECT set_user('bob', 'secret'); - set_user + set_user ---------- OK (1 row) SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | bob (1 row) @@ -138,7 +138,7 @@ RESET SESSION AUTHORIZATION; -- should fail ERROR: "SET/RESET SESSION AUTHORIZATION" blocked by set_user HINT: Use "SELECT set_user();" or "SELECT reset_user();" instead. SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | bob (1 row) @@ -146,19 +146,19 @@ SELECT SESSION_USER, CURRENT_USER; SELECT reset_user(); -- should fail ERROR: reset token required but not provided SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | bob (1 row) SELECT reset_user('secret'); -- succeed - reset_user + reset_user ------------ OK (1 row) SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) @@ -175,7 +175,7 @@ END; $$ LANGUAGE plpgsql; SET SESSION AUTHORIZATION dba; SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) @@ -185,71 +185,71 @@ SELECT set_user_u('postgres'), bail(); ERROR: bailing out ! CONTEXT: PL/pgSQL function bail() line 3 at RAISE SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) SHOW log_statement; - log_statement + log_statement --------------- none (1 row) SHOW log_line_prefix; - log_line_prefix + log_line_prefix ----------------- - %m [%p] + %m [%p] (1 row) -- bail on reset after successful set_user_u SELECT set_user_u('postgres'); - set_user_u + set_user_u ------------ OK (1 row) SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | postgres (1 row) SHOW log_statement; - log_statement + log_statement --------------- all (1 row) SHOW log_line_prefix; - log_line_prefix + log_line_prefix ----------------- - %m [%p] AUDIT: + %m [%p] AUDIT: (1 row) SELECT reset_user(), bail(); ERROR: bailing out ! CONTEXT: PL/pgSQL function bail() line 3 at RAISE SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | postgres (1 row) SHOW log_statement; - log_statement + log_statement --------------- all (1 row) SHOW log_line_prefix; - log_line_prefix + log_line_prefix ----------------- - %m [%p] AUDIT: + %m [%p] AUDIT: (1 row) SELECT reset_user(); - reset_user + reset_user ------------ OK (1 row) @@ -259,21 +259,21 @@ SELECT set_user('bob'), bail(); ERROR: bailing out ! CONTEXT: PL/pgSQL function bail() line 3 at RAISE SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) SHOW log_statement; - log_statement + log_statement --------------- none (1 row) SHOW log_line_prefix; - log_line_prefix + log_line_prefix ----------------- - %m [%p] + %m [%p] (1 row) -- bail during set_user with token @@ -281,32 +281,32 @@ SELECT set_user('bob', 'secret'), bail(); ERROR: bailing out ! CONTEXT: PL/pgSQL function bail() line 3 at RAISE SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | dba (1 row) SHOW log_statement; - log_statement + log_statement --------------- none (1 row) SHOW log_line_prefix; - log_line_prefix + log_line_prefix ----------------- - %m [%p] + %m [%p] (1 row) -- bail during reset_user with token SELECT set_user('bob', 'secret'); - set_user + set_user ---------- OK (1 row) SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | bob (1 row) @@ -315,13 +315,13 @@ SELECT reset_user('secret'), bail(); ERROR: bailing out ! CONTEXT: PL/pgSQL function bail() line 3 at RAISE SELECT SESSION_USER, CURRENT_USER; - session_user | current_user + session_user | current_user --------------+-------------- dba | bob (1 row) SELECT reset_user('secret'); - reset_user + reset_user ------------ OK (1 row) @@ -330,13 +330,13 @@ RESET SESSION AUTHORIZATION; -- this is an example of how we might audit existing roles SET SESSION AUTHORIZATION dba; SELECT set_user_u('postgres'); - set_user_u + set_user_u ------------ OK (1 row) SELECT rolname FROM pg_authid WHERE rolsuper and rolcanlogin; - rolname + rolname ---------- postgres (1 row) @@ -395,7 +395,7 @@ OR AND ri.rolsuper ) ); - rolname | rolcanlogin | rolsuper | rolparents + rolname | rolcanlogin | rolsuper | rolparents ----------+-------------+----------+--------------- joe | t | f | {postgres,su} postgres | t | t | {} @@ -425,7 +425,7 @@ OR AND ri.rolsuper ) ); - rolname | rolcanlogin | rolsuper | rolparents + rolname | rolcanlogin | rolsuper | rolparents ---------+-------------+----------+------------ (0 rows) From a4c1068d4a5a1274e2875a779b335f592187c7a1 Mon Sep 17 00:00:00 2001 From: David Steele Date: Wed, 21 May 2025 10:51:34 -0400 Subject: [PATCH 13/13] Remove ubuntu user. --- test/Dockerfile.debian | 3 +++ test/README.md | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/test/Dockerfile.debian b/test/Dockerfile.debian index f707ebe..f16b145 100644 --- a/test/Dockerfile.debian +++ b/test/Dockerfile.debian @@ -8,6 +8,9 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get install -y sudo wget gnupg tzdata loc # PostgreSQL version ARG PGVER=18 +# Remove the default ubuntu user to reduce the chance of a conflict with the host user +RUN userdel ubuntu + # Create postgres user/group with specific IDs ARG UID=1000 ARG GID=1000 diff --git a/test/README.md b/test/README.md index 69d4ce2..fd779f5 100644 --- a/test/README.md +++ b/test/README.md @@ -2,7 +2,7 @@ Testing is performed using a Docker container. First build the container with the desired PostgreSQL version: ``` -docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) --build-arg PGVER=18 -f test/Dockerfile.debian -t set_user-test . +docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) --build-arg PGVER=17 -f test/Dockerfile.debian -t set_user-test . ``` Then run the test: ```