Juju Charms Collection
postgresql package

Merge lp:~stub/charms/trusty/postgresql/unrestricted-admin into lp:charms/trusty/postgresql

  1. Trusty Tahr (14.04)
  2. unrestricted-admin
  3. Merge into trunk
Proposed by Stuart Bishop
Status: Merged
Merged at revision: 133
Proposed branch: lp:~stub/charms/trusty/postgresql/unrestricted-admin
Merge into: lp:charms/trusty/postgresql
Diff against target: 78 lines (+21/-7)
3 files modified
hooks/service.py (+5/-3)
tests/test_integration.py (+15/-3)
tests/test_pg_hba_conf.py (+1/-1)
To merge this branch: bzr merge lp:~stub/charms/trusty/postgresql/unrestricted-admin
Reviewer Review Type Date Requested Status
Chris Glass (community) Approve
Review Queue (community) automated testing Approve
Review via email: mp+278770@code.launchpad.net

Description of the change

This was a regression in the recent rewrite.

Clients connected by a db-admin relation need to be able to connect as any valid user, not just the one they were provided with. This is used by charms such as pgbouncer.

To post a comment you must log in.
Revision history for this message
Review Queue (review-queue) wrote :

The results (PASS) are in and available here: http://juju-ci.vapour.ws:8080/job/charm-bundle-test-lxc/1577/

review: Approve (automated testing)
Revision history for this message
Review Queue (review-queue) wrote :

The results (PASS) are in and available here: http://juju-ci.vapour.ws:8080/job/charm-bundle-test-aws/1560/

review: Approve (automated testing)
Revision history for this message
Chris Glass (tribaal) wrote :

This was confirmed to work by relating the newest revision with the landscape server charm. The previous revision fails for the same relation.

+1

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'hooks/service.py'
2--- hooks/service.py 2015-11-19 21:14:49 +0000
3+++ hooks/service.py 2015-11-27 07:59:08 +0000
4@@ -390,13 +390,15 @@
5 postgresql.quote_identifier(addr),
6 'md5', '# {}'.format(relinfo))
7
8- # Admin clients need access to all databases as the relation users.
9+ # Admin clients need access to all databases as any user, not just the
10+ # relation user. Most clients will just use the user provided them,
11+ # but proxies such as pgbouncer need to open connections as the accounts
12+ # it creates.
13 for rel in rels['db-admin'].values():
14 if 'user' in rel.local:
15 for relinfo in rel.values():
16 addr = postgresql.addr_to_range(relinfo['private-address'])
17- add('host', 'all',
18- postgresql.quote_identifier(rel.local['user']),
19+ add('host', 'all', 'all',
20 postgresql.quote_identifier(addr),
21 'md5', '# {}'.format(relinfo))
22
23
24=== modified file 'tests/test_integration.py'
25--- tests/test_integration.py 2015-11-02 12:12:14 +0000
26+++ tests/test_integration.py 2015-11-27 07:59:08 +0000
27@@ -203,7 +203,8 @@
28 status = self.deployment.get_status()
29 return set(status['services']['postgresql']['units'].keys())
30
31- def connect(self, unit=None, admin=False, database=None):
32+ def connect(self, unit=None, admin=False, database=None,
33+ user=None, password=None):
34 '''
35 A psycopg2 connection to a PostgreSQL unit via our client.
36
37@@ -266,7 +267,8 @@
38
39 return psycopg2.connect(
40 port=local_port, host='localhost', database=database,
41- user=relinfo['user'], password=relinfo['password'])
42+ user=user or relinfo['user'],
43+ password=password or relinfo['password'])
44
45 def test_db_relation(self):
46 for unit in self.units:
47@@ -287,7 +289,17 @@
48 # db-admin relations can connect to any database.
49 con = self.connect(unit, admin=True, database='postgres')
50 cur = con.cursor()
51- cur.execute('SELECT * FROM pg_stat_activity')
52+ newuser = str(uuid.uuid1())
53+ newpass = str(uuid.uuid1())
54+ cur.execute("""CREATE USER "{}" SUPERUSER PASSWORD '{}'"""
55+ .format(newuser, newpass))
56+ con.commit()
57+
58+ # db-admin relations can connect as any user to any database.
59+ con = self.connect(unit, admin=True, database='postgres',
60+ user=newuser, password=newpass)
61+ cur = con.cursor()
62+ cur.execute('select * from pg_stat_activity')
63 cur.fetchone()
64
65 def test_admin_addresses(self):
66
67=== modified file 'tests/test_pg_hba_conf.py'
68--- tests/test_pg_hba_conf.py 2015-11-19 21:24:47 +0000
69+++ tests/test_pg_hba_conf.py 2015-11-27 07:59:08 +0000
70@@ -82,7 +82,7 @@
71 rels = Relations()
72 rels['db-admin'].add_unit('unit/1', local=({'user': 'user'}))
73 content = generate_pg_hba_conf('', defaultdict(str), rels)
74- self.assertIn('host all "user" "1.2.3.4/32" md5', content)
75+ self.assertIn('host all all "1.2.3.4/32" md5', content)
76
77 def test_master_relation(self):
78 rels = Relations()

Subscribers

People subscribed via source and target branches

to all changes: