Juju Charms Collection
postgresql package

Merge lp:~stub/charms/trusty/postgresql/unrestricted-admin into lp:charms/trusty/postgresql

  1. Trusty Tahr (14.04)
  2. unrestricted-admin
  3. Merge into trunk
Proposed by Stuart Bishop
Status: Merged
Merged at revision: 133
Proposed branch: lp:~stub/charms/trusty/postgresql/unrestricted-admin
Merge into: lp:charms/trusty/postgresql
Diff against target: 78 lines (+21/-7)
3 files modified
hooks/service.py (+5/-3)
tests/test_integration.py (+15/-3)
tests/test_pg_hba_conf.py (+1/-1)
To merge this branch: bzr merge lp:~stub/charms/trusty/postgresql/unrestricted-admin
Reviewer Review Type Date Requested Status
Chris Glass (community) Approve
Review Queue (community) automated testing Approve
Review via email: mp+278770@code.launchpad.net

Description of the change

This was a regression in the recent rewrite.

Clients connected by a db-admin relation need to be able to connect as any valid user, not just the one they were provided with. This is used by charms such as pgbouncer.

To post a comment you must log in.
Revision history for this message
Review Queue (review-queue) wrote :

The results (PASS) are in and available here: http://juju-ci.vapour.ws:8080/job/charm-bundle-test-lxc/1577/

review: Approve (automated testing)
Revision history for this message
Review Queue (review-queue) wrote :

The results (PASS) are in and available here: http://juju-ci.vapour.ws:8080/job/charm-bundle-test-aws/1560/

review: Approve (automated testing)
Revision history for this message
Chris Glass (tribaal) wrote :

This was confirmed to work by relating the newest revision with the landscape server charm. The previous revision fails for the same relation.

+1

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'hooks/service.py'
--- hooks/service.py 2015-11-19 21:14:49 +0000
+++ hooks/service.py 2015-11-27 07:59:08 +0000
@@ -390,13 +390,15 @@
390 postgresql.quote_identifier(addr),390 postgresql.quote_identifier(addr),
391 'md5', '# {}'.format(relinfo))391 'md5', '# {}'.format(relinfo))
392392
393 # Admin clients need access to all databases as the relation users.393 # Admin clients need access to all databases as any user, not just the
394 # relation user. Most clients will just use the user provided them,
395 # but proxies such as pgbouncer need to open connections as the accounts
396 # it creates.
394 for rel in rels['db-admin'].values():397 for rel in rels['db-admin'].values():
395 if 'user' in rel.local:398 if 'user' in rel.local:
396 for relinfo in rel.values():399 for relinfo in rel.values():
397 addr = postgresql.addr_to_range(relinfo['private-address'])400 addr = postgresql.addr_to_range(relinfo['private-address'])
398 add('host', 'all',401 add('host', 'all', 'all',
399 postgresql.quote_identifier(rel.local['user']),
400 postgresql.quote_identifier(addr),402 postgresql.quote_identifier(addr),
401 'md5', '# {}'.format(relinfo))403 'md5', '# {}'.format(relinfo))
402404
403405
=== modified file 'tests/test_integration.py'
--- tests/test_integration.py 2015-11-02 12:12:14 +0000
+++ tests/test_integration.py 2015-11-27 07:59:08 +0000
@@ -203,7 +203,8 @@
203 status = self.deployment.get_status()203 status = self.deployment.get_status()
204 return set(status['services']['postgresql']['units'].keys())204 return set(status['services']['postgresql']['units'].keys())
205205
206 def connect(self, unit=None, admin=False, database=None):206 def connect(self, unit=None, admin=False, database=None,
207 user=None, password=None):
207 '''208 '''
208 A psycopg2 connection to a PostgreSQL unit via our client.209 A psycopg2 connection to a PostgreSQL unit via our client.
209210
@@ -266,7 +267,8 @@
266267
267 return psycopg2.connect(268 return psycopg2.connect(
268 port=local_port, host='localhost', database=database,269 port=local_port, host='localhost', database=database,
269 user=relinfo['user'], password=relinfo['password'])270 user=user or relinfo['user'],
271 password=password or relinfo['password'])
270272
271 def test_db_relation(self):273 def test_db_relation(self):
272 for unit in self.units:274 for unit in self.units:
@@ -287,7 +289,17 @@
287 # db-admin relations can connect to any database.289 # db-admin relations can connect to any database.
288 con = self.connect(unit, admin=True, database='postgres')290 con = self.connect(unit, admin=True, database='postgres')
289 cur = con.cursor()291 cur = con.cursor()
290 cur.execute('SELECT * FROM pg_stat_activity')292 newuser = str(uuid.uuid1())
293 newpass = str(uuid.uuid1())
294 cur.execute("""CREATE USER "{}" SUPERUSER PASSWORD '{}'"""
295 .format(newuser, newpass))
296 con.commit()
297
298 # db-admin relations can connect as any user to any database.
299 con = self.connect(unit, admin=True, database='postgres',
300 user=newuser, password=newpass)
301 cur = con.cursor()
302 cur.execute('select * from pg_stat_activity')
291 cur.fetchone()303 cur.fetchone()
292304
293 def test_admin_addresses(self):305 def test_admin_addresses(self):
294306
=== modified file 'tests/test_pg_hba_conf.py'
--- tests/test_pg_hba_conf.py 2015-11-19 21:24:47 +0000
+++ tests/test_pg_hba_conf.py 2015-11-27 07:59:08 +0000
@@ -82,7 +82,7 @@
82 rels = Relations()82 rels = Relations()
83 rels['db-admin'].add_unit('unit/1', local=({'user': 'user'}))83 rels['db-admin'].add_unit('unit/1', local=({'user': 'user'}))
84 content = generate_pg_hba_conf('', defaultdict(str), rels)84 content = generate_pg_hba_conf('', defaultdict(str), rels)
85 self.assertIn('host all "user" "1.2.3.4/32" md5', content)85 self.assertIn('host all all "1.2.3.4/32" md5', content)
8686
87 def test_master_relation(self):87 def test_master_relation(self):
88 rels = Relations()88 rels = Relations()

Subscribers

People subscribed via source and target branches

to all changes: