Add PostgreSQL auto-user deletion#32792
Merged
gabrielcorado merged 13 commits intomasterfrom Oct 16, 2023
Merged
Conversation
github-actions
Bot
added
database-access
greedy52
reviewed
Sep 29, 2023
| // function to make sure no 2 processes run user activation simultaneously. | ||
| func (a *UserProvisioner) Activate(ctx context.Context, sessionCtx *Session) (func(), error) { | ||
| if !sessionCtx.AutoCreateUser { | ||
| if !services.IsCreateDatabaseUserEnabled(sessionCtx.AutoCreateUserMode) { |
Contributor
There was a problem hiding this comment.
I would throw errors if the Backend doesn't support the new mode yet (somewhere in this function). IMO, it's better to alert the user the mode configuration is wrong than silently falling back to another mode. But certainly up for discussion.
greedy52
approved these changes
Oct 10, 2023
Contributor
greedy52
left a comment
greedy52
left a comment
There was a problem hiding this comment.
LGTM, assuming a debug log will be added somewhere to show if the user is actually deleted or a fallback is done.
| func (e *Engine) DeleteUser(ctx context.Context, sessionCtx *common.Session) error { | ||
| // TODO(gabrielcorado): implement delete database user. for now, just | ||
| // fallback to deactivate user. | ||
| return e.DeactivateUser(ctx, sessionCtx) |
Contributor
There was a problem hiding this comment.
nit: I am adding Redshift (postgres engine) auto-user provisioning so there is a chance Redshift will start with only keep mode too. I am wondering if it would be easier to return not implemented in backend.DeleteUser and let common.UserProvisioner to do the fallback. Probably the same thing either way.
smallinsky
approved these changes
Oct 13, 2023
Contributor
Author
|
@greedy52 @smallinsky FYI, I've made the following updates:
|
greedy52
approved these changes
Oct 16, 2023
greedy52
approved these changes
Oct 16, 2023
gabrielcorado
added a commit
that referenced
this pull request
Oct 17, 2023
* feat: add auto-user deletion postgres * refactor: change to IsEnabled func to check auto-user * test: fix linting and test * refactor(db): code review suggestions * refactor: rename option to best effort drop * refactor(api): rename createa database user mode property * refactor(services): review suggestions * feat(postgres): add log for user deletion result * refactor(integrations): regenerate crd manifests * feat(examples): update operator role spec * refactor(db): use common sql state codes
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Oct 19, 2023
* feat: add auto-user deletion postgres * refactor: change to IsEnabled func to check auto-user * test: fix linting and test * refactor(db): code review suggestions * refactor: rename option to best effort drop * refactor(api): rename createa database user mode property * refactor(services): review suggestions * feat(postgres): add log for user deletion result * refactor(integrations): regenerate crd manifests * feat(examples): update operator role spec * refactor(db): use common sql state codes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related to #31199 and #29731
Adds a create database user mode (similar to what is done for host and desktop users), where:
off: Disables user creation. (same ascreate_database_user: false).keep: Creates the user but deactivates it when the session ends (keeps the user but removes its roles assignments). This is the current default behavior.best_effort_drop: Tries to drop the database user. If it fails, it returns tokeepmode, deactivating the user.For backward compatibility, the
create_database_user: truerole option is kept, and set the mode value tokeepif it is set totrue.