Skip to content

Commit 2d8d597

Browse files
waipengsmortex
waipeng
and
smortex
committed
Fix: Unterminated quoted string when creating read user
puppetdb in default config will create a read-only user, however there is a bug[1] with the syntax to set the default read grant. Fix it with help from comments[2]. [1] #330 (comment) [2] #339 (comment) Co-authored-by: Romain Tartière <[email protected]> Signed-off-by: Jake Yip <[email protected]>
1 parent b8c1ec1 commit 2d8d597

File tree

2 files changed

+6
-6
lines changed

2 files changed

+6
-6
lines changed

manifests/database/default_read_grant.pp

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
acl.defaclacl
2020
FROM pg_default_acl acl
2121
JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid
22-
WHERE acl.defaclacl::text ~ '.*\\\\\"${database_read_only_username}\\\\\"=r/${database_username}\\\".*'
22+
WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)${database_read_only_username}\\1=r/(\"?)${database_username}\\2@'
2323
AND nspname = '${schema}'",
2424
}
2525

@@ -36,7 +36,7 @@
3636
acl.defaclacl
3737
FROM pg_default_acl acl
3838
JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid
39-
WHERE acl.defaclacl::text ~ '.*\\\\\"${database_read_only_username}\\\\\"=U/${database_username}\\\".*'
39+
WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)${database_read_only_username}\\1=U/(\"?)${database_username}\\2@'
4040
AND nspname = '${schema}'",
4141
}
4242

@@ -53,7 +53,7 @@
5353
acl.defaclacl
5454
FROM pg_default_acl acl
5555
JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid
56-
WHERE acl.defaclacl::text ~ '.*\\\\\"${database_read_only_username}\\\\\"=X/${database_username}\\\".*'
56+
WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)${database_read_only_username}\\1=X/(\"?)${database_username}\\2@'
5757
AND nspname = '${schema}'",
5858
}
5959
}

spec/support/unit/shared/database.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,7 @@
7272
acl.defaclacl
7373
FROM pg_default_acl acl
7474
JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid
75-
WHERE acl.defaclacl::text ~ '.*\\\\\"#{with[:database_read_only_username]}\\\\\"=r/#{with[:database_username]}\\\".*'
75+
WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)${database_read_only_username}\\1=r/(\"?)${database_username}\\2@'
7676
AND nspname = 'public'",
7777
)
7878
}
@@ -92,7 +92,7 @@
9292
acl.defaclacl
9393
FROM pg_default_acl acl
9494
JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid
95-
WHERE acl.defaclacl::text ~ '.*\\\\\"#{with[:database_read_only_username]}\\\\\"=U/#{with[:database_username]}\\\".*'
95+
WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)${database_read_only_username}\\1=U/(\"?)${database_username}\\2@'
9696
AND nspname = 'public'",
9797
)
9898
}
@@ -112,7 +112,7 @@
112112
acl.defaclacl
113113
FROM pg_default_acl acl
114114
JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid
115-
WHERE acl.defaclacl::text ~ '.*\\\\\"#{with[:database_read_only_username]}\\\\\"=X/#{with[:database_username]}\\\".*'
115+
WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)${database_read_only_username}\\1=X/(\"?)${database_username}\\2@'
116116
AND nspname = 'public'",
117117
)
118118
}

0 commit comments

Comments
 (0)