Launchpad itself

Merge ~ines-almeida/launchpad:add-missing-webhook-table-permissions into launchpad:master

  1. Git
  2. lp:~ines-almeida/launchpad
  3. add-missing-webhook-table-permissions
  4. Merge into master
Proposed by Ines Almeida
Status: Merged
Approved by: Ines Almeida
Approved revision: 03c7cd32ca70761e4dc2a1c22e5cbf796e7d92e5
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~ines-almeida/launchpad:add-missing-webhook-table-permissions
Merge into: launchpad:master
Diff against target: 39 lines (+8/-0)
1 file modified
database/schema/security.cfg (+8/-0)
Reviewer Review Type Date Requested Status
Colin Watson (community) Approve
Review via email: mp+445653@code.launchpad.net

Commit message

Add missing permissions to the webhook and webhookjob tables

Description of the change

As described in https://wiki.canonical.com/InformationInfrastructure/OSA/LP/DeploymentIssues/2023-06-28-database-permissions-missing, there were some missing permissions that some scripts had to access the `webhook` and the `webhookjob` tables, which led to failures when updating bugs because they couldn't query the `webhook` table.

This should add all the missing permissions.

I will later open a second MP that will ensure unit tests run with the bug webhooks enabled so can actually verify we are not missing any more permissions.

To post a comment you must log in.
Revision history for this message
Colin Watson (cjwatson) wrote :

I'd normally want unit tests for this sort of thing, but this appears to match what was already cowboyed on production, and the plan we've discussed for catching this systematically seems reasonable.

review: Approve
Revision history for this message
Ines Almeida (ines-almeida) wrote :

> I'd normally want unit tests for this sort of thing

I agree, and I did start writing a couple of unit tests before realizing I was just duplicating existing tests but with the feature flag on.

The second MP I just opened is the missing piece here: https://code.launchpad.net/~ines-almeida/launchpad/+git/launchpad/+merge/445657

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/database/schema/security.cfg b/database/schema/security.cfg
2index c48a956..c882f43 100644
3--- a/database/schema/security.cfg
4+++ b/database/schema/security.cfg
5@@ -698,6 +698,8 @@ public.teammembership = SELECT
6 public.teamparticipation = SELECT, INSERT
7 public.validpersoncache = SELECT
8 public.validpersonorteamcache = SELECT
9+public.webhook = SELECT
10+public.webhookjob = SELECT, INSERT
11 public.wikiname = SELECT, INSERT
12 public.xref = SELECT, INSERT
13 type=user
14@@ -1004,6 +1006,8 @@ public.structuralsubscription = SELECT
15 public.translationgroup = SELECT
16 public.validpersoncache = SELECT
17 public.validpersonorteamcache = SELECT
18+public.webhook = SELECT
19+public.webhookjob = SELECT, INSERT
20 public.xref = SELECT, INSERT
21 type=user
22
23@@ -1763,6 +1767,8 @@ public.teammembership = SELECT
24 public.teamparticipation = SELECT
25 public.validpersoncache = SELECT
26 public.validpersonorteamcache = SELECT
27+public.webhook = SELECT
28+public.webhookjob = SELECT, INSERT
29 public.xref = SELECT
30 type=user
31
32@@ -1977,6 +1983,8 @@ public.teammembership = SELECT
33 public.teamparticipation = SELECT
34 public.validpersoncache = SELECT
35 public.validpersonorteamcache = SELECT
36+public.webhook = SELECT
37+public.webhookjob = SELECT, INSERT
38 public.xref = SELECT, INSERT
39 type=user
40

Subscribers

People subscribed via source and target branches

to status/vote changes: