Merge remote-tracking branch 'origin' into INDATA-152

hunleyd · hunleyd · commit 6124db19c5d3 · 2025-11-13T13:45:54.000-05:00
* origin: Revert "feat: update supautils (#1879)" (#1912)
diff --git a/ansible/files/postgresql_config/conf.d/supautils.conf b/ansible/files/postgresql_config/conf.d/supautils.conf
@@ -1,6 +1,6 @@
 session_preload_libraries = 'supautils'
 
-supautils.disable_program = 'true'
+# supautils.disable_program = 'true'
 
 supautils.drop_trigger_grants = '{"postgres":["auth.audit_log_entries","auth.flow_state","auth.identities","auth.instances","auth.mfa_amr_claims","auth.mfa_challenges","auth.mfa_factors","auth.oauth_clients","auth.one_time_tokens","auth.refresh_tokens","auth.saml_providers","auth.saml_relay_states","auth.sessions","auth.sso_domains","auth.sso_providers","auth.users","realtime.messages","realtime.subscription","storage.buckets","storage.buckets_analytics","storage.objects","storage.prefixes","storage.s3_multipart_uploads","storage.s3_multipart_uploads_parts"]}'
 
@@ -29,4 +29,3 @@ supautils.privileged_role_allowed_configs = 'auto_explain.*, log_lock_waits, log
 
 supautils.reserved_memberships = 'pg_read_server_files, pg_write_server_files, pg_execute_server_program, supabase_admin, supabase_auth_admin, supabase_storage_admin, supabase_read_only_user, supabase_realtime_admin, supabase_replication_admin, supabase_etl_admin, dashboard_user, pgbouncer, authenticator'
 
-supautils.reserved_roles = 'supabase_admin, supabase_auth_admin, supabase_storage_admin, supabase_read_only_user, supabase_realtime_admin, supabase_replication_admin, supabase_etl_admin, dashboard_user, pgbouncer, service_role*, authenticator*, authenticated*, anon*'
diff --git a/ansible/vars.yml b/ansible/vars.yml
@@ -10,9 +10,9 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.5.1.068-orioledb-INDATA152-1"
-  postgres17: "17.6.1.047-INDATA152-1"
-  postgres15: "15.14.1.047-INDATA152-1"
+  postgresorioledb-17: "17.5.1.069-orioledb-INDATA152-1"
+  postgres17: "17.6.1.048-INDATA152-1"
+  postgres15: "15.14.1.048-INDATA152-1"
 
 # Non Postgres Extensions
 pgbouncer_release: 1.19.0
diff --git a/nix/ext/supautils.nix b/nix/ext/supautils.nix
@@ -7,15 +7,15 @@
 
 stdenv.mkDerivation rec {
   pname = "supautils";
-  version = "3.0.2";
+  version = "3.0.1";
 
   buildInputs = [ postgresql ];
 
   src = fetchFromGitHub {
     owner = "supabase";
     repo = pname;
     rev = "refs/tags/v${version}";
-    hash = "sha256-WTLZShBFVgb18vVi15TSZvtJrNUFgQa6mBkavvRSoUE=";
+    hash = "sha256-j0iASDzmcZRLbHaS9ZNRWwzii7mcC+8wYHM0/mOLkbs=";
   };
 
   installPhase = ''
diff --git a/nix/tests/expected/security.out b/nix/tests/expected/security.out
@@ -31,7 +31,3 @@ order by 1,2;
  vault      | update_secret
 (20 rows)
 
--- supautils disables copy ... program
-copy (select '') to program 'id';
-ERROR:  COPY TO/FROM PROGRAM not allowed
-DETAIL:  The copy to/from program utility statement is disabled
diff --git a/nix/tests/sql/security.sql b/nix/tests/sql/security.sql
@@ -7,6 +7,3 @@ from pg_catalog.pg_proc p
 where p.proowner = (select oid from pg_catalog.pg_roles where rolname = 'supabase_admin')
         and p.prosecdef = true
 order by 1,2;
-
--- supautils disables copy ... program
-copy (select '') to program 'id';
