Skip to content

Commit 11181b7

Browse files
authored
Don't pass roles to alter user (#92)
1 parent c69cc29 commit 11181b7

4 files changed

Lines changed: 35 additions & 13 deletions

File tree

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
[project]
55
name = "postgresql-charms-single-kernel"
66
description = "Shared and reusable code for PostgreSQL-related charms"
7-
version = "16.1.8"
7+
version = "16.1.9"
88
readme = "README.md"
99
license = {file = "LICENSE"}
1010
authors = [

single_kernel_postgresql/utils/postgresql.py

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -412,16 +412,22 @@ def create_user(
412412
)
413413
if cursor.fetchone() is not None:
414414
user_definition = "ALTER ROLE {} "
415+
altering = True
415416
else:
416417
user_definition = "CREATE ROLE {} "
418+
altering = False
417419
user_definition += f"WITH LOGIN{' SUPERUSER' if admin else ''}{' REPLICATION' if replication else ''} ENCRYPTED PASSWORD '{password}'"
418-
user_definition, connect_statements = self._adjust_user_definition(
419-
user, roles, database, user_definition
420-
)
421-
if can_create_database:
422-
user_definition += " CREATEDB"
423-
if privileges:
424-
user_definition += f" {' '.join(privileges)}"
420+
if not altering:
421+
user_definition, connect_statements = self._adjust_user_definition(
422+
user, roles, database, user_definition
423+
)
424+
if can_create_database:
425+
user_definition += " CREATEDB"
426+
if privileges:
427+
user_definition += f" {' '.join(privileges)}"
428+
else:
429+
db_roles, connect_statements = self._adjust_user_roles(user, roles, database)
430+
roles = [*db_roles, *roles]
425431
cursor.execute(SQL("RESET ROLE;"))
426432
cursor.execute(SQL("BEGIN;"))
427433
cursor.execute(SQL("SET LOCAL log_statement = 'none';"))

tests/unit/test_postgresql.py

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -752,7 +752,7 @@ def test_create_user():
752752
pg.create_user("username", "password", True, True, ["role3"], "db1", True)
753753

754754
_process_extra_user_roles.assert_called_once_with("username", ["role3"])
755-
assert _cursor.execute.call_count == 8
755+
assert _cursor.execute.call_count == 10
756756
_cursor.execute.assert_any_call(
757757
Composed([
758758
SQL("SELECT TRUE FROM pg_roles WHERE rolname="),
@@ -767,12 +767,28 @@ def test_create_user():
767767
Composed([
768768
SQL("ALTER ROLE "),
769769
Identifier("username"),
770-
SQL(
771-
' WITH LOGIN SUPERUSER REPLICATION ENCRYPTED PASSWORD \'password\' IN ROLE "charmed_db1_admin", "charmed_db1_dml" CREATEDB priv1 priv2;'
772-
),
770+
SQL(" WITH LOGIN SUPERUSER REPLICATION ENCRYPTED PASSWORD 'password';"),
773771
])
774772
)
775773
_cursor.execute.assert_any_call(SQL("COMMIT;"))
774+
_cursor.execute.assert_any_call(
775+
Composed([
776+
SQL("GRANT "),
777+
Identifier("charmed_db1_admin"),
778+
SQL(" TO "),
779+
Identifier("username"),
780+
SQL(";"),
781+
])
782+
)
783+
_cursor.execute.assert_any_call(
784+
Composed([
785+
SQL("GRANT "),
786+
Identifier("charmed_db1_dml"),
787+
SQL(" TO "),
788+
Identifier("username"),
789+
SQL(";"),
790+
])
791+
)
776792
_cursor.execute.assert_any_call(
777793
Composed([
778794
SQL("GRANT "),

uv.lock

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)