From f26d826df1767e367d207f90a73e19faa7d377b7 Mon Sep 17 00:00:00 2001 From: Jake Yip Date: Fri, 1 Sep 2023 21:34:55 +1000 Subject: [PATCH] Fix: Unterminated quoted string when creating read user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit puppetdb in default config will create a read-only user, however there is a bug[1] with the syntax to set the default read grant. Fix it with help from comments[2]. [1] https://github.com/puppetlabs/puppetlabs-puppetdb/pull/330#issuecomment-935496488 [2] https://github.com/puppetlabs/puppetlabs-puppetdb/pull/339#issuecomment-1163552126 Co-authored-by: Romain Tartière Signed-off-by: Jake Yip --- manifests/database/default_read_grant.pp | 6 +++--- spec/support/unit/shared/database.rb | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifests/database/default_read_grant.pp b/manifests/database/default_read_grant.pp index b0d52d57..f11e40c5 100644 --- a/manifests/database/default_read_grant.pp +++ b/manifests/database/default_read_grant.pp @@ -20,7 +20,7 @@ acl.defaclacl FROM pg_default_acl acl JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid - WHERE acl.defaclacl::text ~ '.*\\\\\"${database_read_only_username}\\\\\"=r/${database_username}\\\".*' + WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)${database_read_only_username}\\1=r/(\"?)${database_username}\\2@' AND nspname = '${schema}'", } @@ -37,7 +37,7 @@ acl.defaclacl FROM pg_default_acl acl JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid - WHERE acl.defaclacl::text ~ '.*\\\\\"${database_read_only_username}\\\\\"=U/${database_username}\\\".*' + WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)${database_read_only_username}\\1=U/(\"?)${database_username}\\2@' AND nspname = '${schema}'", } @@ -54,7 +54,7 @@ acl.defaclacl FROM pg_default_acl acl JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid - WHERE acl.defaclacl::text ~ '.*\\\\\"${database_read_only_username}\\\\\"=X/${database_username}\\\".*' + WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)${database_read_only_username}\\1=X/(\"?)${database_username}\\2@' AND nspname = '${schema}'", } } diff --git a/spec/support/unit/shared/database.rb b/spec/support/unit/shared/database.rb index eaf605a2..5be30e9a 100644 --- a/spec/support/unit/shared/database.rb +++ b/spec/support/unit/shared/database.rb @@ -72,7 +72,7 @@ acl.defaclacl FROM pg_default_acl acl JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid - WHERE acl.defaclacl::text ~ '.*\\\\\"#{with[:database_read_only_username]}\\\\\"=r/#{with[:database_username]}\\\".*' + WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)#{with[:database_read_only_username]}\\1=r/(\"?)#{with[:database_username]}\\2@' AND nspname = 'public'", ) } @@ -92,7 +92,7 @@ acl.defaclacl FROM pg_default_acl acl JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid - WHERE acl.defaclacl::text ~ '.*\\\\\"#{with[:database_read_only_username]}\\\\\"=U/#{with[:database_username]}\\\".*' + WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)#{with[:database_read_only_username]}\\1=U/(\"?)#{with[:database_username]}\\2@' AND nspname = 'public'", ) } @@ -112,7 +112,7 @@ acl.defaclacl FROM pg_default_acl acl JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid - WHERE acl.defaclacl::text ~ '.*\\\\\"#{with[:database_read_only_username]}\\\\\"=X/#{with[:database_username]}\\\".*' + WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)#{with[:database_read_only_username]}\\1=X/(\"?)#{with[:database_username]}\\2@' AND nspname = 'public'", ) }