Skip to content

fix: pgsodium extension custom script #454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 16, 2022
Merged

fix: pgsodium extension custom script #454

merged 1 commit into from
Dec 16, 2022

Conversation

@soedirgo
Copy link
Member

@soedirgo soedirgo commented Dec 16, 2022
edited
Loading

Add back tests and address build failures.

@soedirgo soedirgo requested review from a team as code owners December 16, 2022 11:31
soedirgo
soedirgo commented Dec 16, 2022
View reviewed changes
ansible/files/postgresql_extension_custom_scripts/pgsodium/after-create.sql
grant execute on function pgsodium.crypto_aead_det_decrypt(bytea, bytea, uuid, bytea) to service_role;
grant execute on function pgsodium.crypto_aead_det_encrypt(bytea, bytea, uuid, bytea) to service_role;
grant execute on function pgsodium.crypto_aead_det_keygen to service_role;
grant execute on function pgsodium.crypto_aead_det_noncegen to service_role;
Copy link
Member Author

@soedirgo soedirgo Dec 16, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is granted to public, so no need for the grant

soedirgo
soedirgo commented Dec 16, 2022
View reviewed changes
migrations/db/migrations/20221207154255_create_pgsodium_and_vault.sql
Comment on lines +9 to +11
grant execute on function pgsodium.crypto_aead_det_decrypt(bytea, bytea, uuid, bytea) to service_role;
grant execute on function pgsodium.crypto_aead_det_encrypt(bytea, bytea, uuid, bytea) to service_role;
grant execute on function pgsodium.crypto_aead_det_keygen to service_role;
Copy link
Member Author

@soedirgo soedirgo Dec 16, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no idea why, but pgsodium/after-create.sql are not run during create extension pgsodium above, but it's run if I recreate the extension (tested on staging). This was the cause of the build failures.

I'll just add these since the grants are supposed to be idempotent.

@soedirgo
Copy link
Member Author

soedirgo commented Dec 16, 2022

Build seems to run fine: https://github.com/supabase/postgres/actions/runs/3712752347/jobs/6294627349

@pcnc
Copy link
Member

pcnc commented Dec 16, 2022
edited
Loading

Looks good - let's merge then roll it on staging to check if it's stable and all good and then we can promote it to a non-rc release.
We can revert to the Vault image on staging afterwards if needed

@pcnc pcnc merged commit ae4f6b6 into develop Dec 16, 2022
@pcnc pcnc deleted the fix/extension-custom-scripts branch December 16, 2022 13:36
damonrand pushed a commit to cepro/postgres that referenced this pull request Jun 15, 2025
@soedirgo
fix: pgsodium extension custom script (supabase#454)
ae8b5dc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pcnc pcnc pcnc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@soedirgo @pcnc