Skip to content

Update teleport_deactivate_user to use pg_auth_members#60190

Merged
Tener merged 1 commit intomasterfrom
tener/pg-inherited-roles
Oct 15, 2025
Merged

Update teleport_deactivate_user to use pg_auth_members#60190
Tener merged 1 commit intomasterfrom
tener/pg-inherited-roles

Conversation

@Tener
Copy link
Copy Markdown
Contributor

@Tener Tener commented Oct 13, 2025
edited
Loading

Moving away from pg_has_role, which matches inherited roles, to pg_auth_members that only contains direct assignements.

I considered changing e2e tests to cover this case, but the isolated character of databases makes it difficult to observe meaningful differences in behaviour.

I ended up testing it manually in different scenarios.

Closes #55395

Changelog: Fixed issue with inherited roles interfering with auto role provisioning cleanup in Postgres

@Tener Tener requested review from GavinFrazar and greedy52 October 13, 2025 12:14
@github-actions github-actions bot added the database-access Database access related issues and PRs label Oct 13, 2025
greedy52
greedy52 approved these changes Oct 14, 2025
View reviewed changes
Comment thread lib/srv/db/postgres/sql/deactivate-user.sql
GavinFrazar
GavinFrazar approved these changes Oct 14, 2025
View reviewed changes
Comment thread lib/srv/db/postgres/sql/deactivate-user.sql
@Tener Tener enabled auto-merge October 15, 2025 15:04
@Tener Tener added this pull request to the merge queue Oct 15, 2025
Merged via the queue into master with commit 849f40a Oct 15, 2025
42 of 43 checks passed
@Tener Tener deleted the tener/pg-inherited-roles branch October 15, 2025 15:21
@backport-bot-workflows
Copy link
Copy Markdown
Contributor

backport-bot-workflows bot commented Oct 15, 2025

@Tener See the table below for backport results.

Branch Result
branch/v18 Create PR

@Tener Tener mentioned this pull request Oct 17, 2025
Merged
mmcallister pushed a commit that referenced this pull request Nov 6, 2025
@Tener @mmcallister
Update teleport_deactivate_user to use pg_auth_members (#60190)
749a7d5
@greedy52 greedy52 mentioned this pull request Nov 18, 2025
Closed
mmcallister pushed a commit that referenced this pull request Nov 19, 2025
@Tener @mmcallister
Update teleport_deactivate_user to use pg_auth_members (#60190)
90dbf9a
mmcallister pushed a commit that referenced this pull request Nov 20, 2025
@Tener @mmcallister
Update teleport_deactivate_user to use pg_auth_members (#60190)
24ba020
BennettKnapek

This comment was marked as off-topic.

Sign in to view

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greedy52 greedy52 greedy52 approved these changes

@GavinFrazar GavinFrazar GavinFrazar approved these changes

+1 more reviewer

@BennettKnapek BennettKnapek BennettKnapek left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport/branch/v18 database-access Database access related issues and PRs size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Postgres user provisioning mishandles inherited roles

4 participants

@Tener @greedy52 @GavinFrazar @BennettKnapek