[v15] Fix database user auto-provisioning#52106
Merged
GavinFrazar merged 1 commit intobranch/v15from Feb 16, 2025
Merged
Conversation
github-actions
Bot
added
database-access
GavinFrazar
force-pushed
the
gavinfrazar/v15-fix-db-auto-user-bugs
branch
from
a90c7c6 to
69144da
Compare
Tener
approved these changes
Feb 13, 2025
avatus
approved these changes
Feb 13, 2025
public-teleport-github-review-bot
Bot
removed the request for review
from greedy52
GavinFrazar
force-pushed
the
gavinfrazar/v15-fix-db-auto-user-bugs
branch
2 times, most recently
from
7893295 to
7b29328
Compare
* Use a custom query to find user db privileges on tables to avoid the "grantor" filter condition in the information_schema.tables_privileges view. This fixes the cases where the grantor for a privilege is set to the table owner rather than the user (teleport) who issued the grant. Most notably, this happens when a superuser grants privileges on a table they do not own to a user. * Grant USAGE on schemas that contain tables where we intend to grant table privileges. This is necessary to use the table privileges we grant. * Wrap all remaining plpgsql procedure creation/calls with retries. * Add a db permissions e2e test for RDS * Expand e2e tests to test with and without a superuser db admin * Significantly speed up the RDS e2e tests by wrapping EventuallyWithT in a helper func that tries the condition func immediately rather than waiting for the first tick duration.
GavinFrazar
force-pushed
the
gavinfrazar/v15-fix-db-auto-user-bugs
branch
from
7b29328 to
49b380b
Compare
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changelog: Fixed Postgres database access control privileges auto-provisioning to grant USAGE on schemas as needed for table privileges and fixed an issue that prevented user privileges from being revoked at the end of their session in some cases.
Backports #51945 to branch/v15.
edit: Also backports with the small patch from #52104 to branch/v15.