-
Notifications
You must be signed in to change notification settings - Fork 612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support target_role in default_privileges #1297
Support target_role in default_privileges #1297
Conversation
postgresql::server::default_privileges is a typethat may have no external impact to Forge modules. This module is declared in 70 of 578 indexed public
|
25c1dca
to
b9d9407
Compare
@fish-face Everything looks good at a first glance, but I would prefer an acceptance test be added for this as my PostgreSQL knowledge is not the best and thus would like the actual functionality to be checked. |
@david22swan I'd be happy to add an acceptance test, but was unable to run the suite. The only instructions in the
I guess I can try as root, but I am a bit wary that this might be trying to run commands that should be executing in a VM on the my actual machine. Is there anything beyond involving vagrant and virtualbox that needs to be done to set things up? |
One other question about your and the other maintainers' workload at the moment - do you know how soon you are able to look at this and the other two PRs I created (or how often, if they need some iteration). I ask because we need to make some decisions about sequencing things which might be different depending on whether we anticipate these changes being in the official module or only on my fork at the start of next month. I understand if this isn't really predictable but thought I'd ask in case it was :) |
@fish-face Apologies, the test instructions are out of date and need to be updated. To properly run the test use the following set of commands:
In regards to your question, we have a community day where we go through all current PRs every monday, outside of that it can be more spotty as we have internal work to do but we will try to look in and respond when we can. |
7493437
to
58618d2
Compare
Hi @david22swan thanks for the help there. This and the other two PRs about default privileges now have acceptance tests. There'll be some conflicts between this and the other two (but the third is based on the second so will be fine). It should be easy to resolve though! BTW I had to fiddle a little to get the instructions to work: it runs out that the ubuntu image doesn't work on my Fedora machine, I think due to cgroups stuff (that image mounts some cgroups file from |
@fish-face Hy, sorry but we've got a small error with your change. It's not a big thing but you are failing a rubocop syntex check: |
I was just trying to get to the test logs from the email so thanks for
that! I should be able to fix it up quickly.
…On Mon, 4 Oct 2021, 09:46 david22swan, ***@***.***> wrote:
@fish-face <https://github.com/fish-face> Hy, sorry but we've got a small
error with your change. It's not a big thing but you are failing a rubocop
syntex check:
spec/acceptance/server/default_privileges_spec.rb:177:1: C: [Correctable]
Layout/TrailingWhitespace: Trailing whitespace detected.
To run this check yourself just do: bundle exec rake rubocop
Sorry for not mentioning it with the other test instructions.
Other than that everything look's fine so far. A good few of the
acceptance blocks have passed and the remaining ones are looking good.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1297 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA7SILR3C6ZAOB36VJSKTJ3UFFSUXANCNFSM5ECQ2W3Q>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
|
58618d2
to
1f2b118
Compare
Should be fixed now (also ran rubocop on the other PR branches) |
@fish-face Seeing some failures on Debian OS's, they seem to be working fine on all other platforms. If you could get these fixed then I would be happy to merge.
|
1f2b118
to
a111737
Compare
Damn, looks like this was masked by another test creating the user and not removing it again. I have pushed the following change to the acceptance test: @@ -84,6 +84,10 @@ describe 'postgresql::server::default_privileges:' do
$target_user = #{target_user}
$target_password = #{target_password}
+ user {$user:
+ ensure => present,
+ }
+
class { 'postgresql::server': }
postgresql::server::role { $user:
@@ -120,6 +124,10 @@ describe 'postgresql::server::default_privileges:' do
$target_user = #{target_user}
$target_password = #{target_password}
+ user {$user:
+ ensure => present,
+ }
+
class { 'postgresql::server': }
postgresql::server::role { $user: which fixes the broken test, although it propagates the issue of leaving a user around. I noticed there's another test isolation issue: if I run this spec file on its own on a freshly provisioned target, |
ALTER DEFAULT PRIVILEGES supports the FOR ROLE <target_role> argument, without which the statement applies only to objects created by the *current* role, which may not be most useful. Support specifying the target role.
a111737
to
64a7753
Compare
And that didn't work but hopefully this will (the issue is compounded because if I try to run just the one acceptance test on a freshly provisioned container, they fail because |
@fish-face Thank's for getting those fixed, the current failures are unrelated to your changes so I feel good about going ahead and merging them. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
…target_role Support target_role in default_privileges
ALTER DEFAULT PRIVILEGES supports the FOR ROLE <target_role> argument,
without which the statement applies only to objects created by the
current role, which may not be most useful.
Support specifying the target role.
Includes a unit test (but no integration test) and updates the inline docs - it looks like you only update
REFERENCE.md
for release?