CLAassistant
commented
1 year ago
All committers have signed the CLA.
Closed waipeng closed 9 months ago
CLAassistant
commented
1 year ago
All committers have signed the CLA.
waipeng
commented
1 year ago There are no tests, but I can confirm this works.
I am checking out the situation with the tests.
smortex
commented
1 year ago Out of curiosity, I do not alter the default roles and have not hit this issue. Can you share the configuration you use that trigger the issue?
waipeng
commented
1 year ago Out of curiosity, I do not alter the default roles and have not hit this issue. Can you share the configuration you use that trigger the issue?
We are seeing this on Ubuntu 22.04, Puppet Agent 7.26.0, Puppet Server 7.13.0.
Node hiera is pretty simple
puppetdb::listen_address: '0.0.0.0'
puppetdb::postgres_version: '12'
postgresql::server::contrib::package_name: 'postgresql-contrib'
puppetdb::java_args:
'-Xmx': '2g'A puppet run with -d shows the following:
Debug: Executing with uid=postgres gid=postgres: 'psql -d puppetdb -t -X -c "SELECT COUNT(*) FROM (SELECT
ns.nspname,
acl.defaclobjtype,
acl.defaclacl
FROM pg_default_acl acl
JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid
WHERE acl.defaclacl::text ~ '.*\\\"puppetdb-read\\\"=r/puppetdb\\".*'
AND nspname = 'public') count"'
Error: /Stage[main]/Puppetdb::Database::Postgresql/Puppetdb::Database::Read_only_user[puppetdb-read]/Puppetdb::Database::Default_read_grant[puppetdb grant read permission on new objects from puppetdb to puppetdb-read]/Postgresql_psql[grant default select permission for puppetdb-read]: Could not evaluate: Error evaluating 'unless' clause, returned pid 11837 exit 2: 'sh: 8: Syntax error: Unterminated quoted string
' Please let me know if you need more information on replicating this. Thanks for your help!
smortex
commented
1 year ago lol, I was forgetting that the unbalanced quote was the reason for this PR :facepalm:. In our infra, we have manage_dbserver => false, that's why we never hit this issue…
The file was introduced with the mismatch in #330. The lack of unit tests seems to allow a broken default config for 5 minor releases in a row… Let's fix the code at least, can you check the suggested regexp changes I proposed and if they work as expected adjust the PR?
waipeng
commented
1 year ago I have replied on the suggestions you gave, and added a commit with your change. Thanks for looking at this.
I have taken a look at the tests and #344 was done some time ago and the logs are lost. If you can resurrect it, maybe we can all chip in to get tests working again.
smortex
commented
1 year ago lol
So I should adjust my comment https://github.com/puppetlabs/puppetlabs-puppetdb/pull/371#issuecomment-1742376786
The file was introduced with the mismatch in #330. The lack of unit tests seems to allow a broken default config for 5 minor releases in a row… Let's fix the code at least, can you check the suggested regexp changes I proposed and if they work as expected adjust the PR?
s/5 minor releases in a row/6 minor releases in a row/ :upside_down_face:
Cc @austb. I feel like you are a bit alone to try to do something with this module, I am working on fixing CI, I'll at-you to be sure you not miss it.
waipeng
commented
1 year ago @smortex your suggestions are good. I've added them to the PR.
smortex
commented
1 year ago Hey @waipeng! I see you replaced <SPACE>+<SPACE> with @ in all fragments but one. Was it on purpose of just missing? I think it's better to use the same construct each time for consistency.
waipeng
commented
1 year ago My fault due to inexperience with Github PR.
Do you have preference on keeping the commits you suggested, or is it OK if I squash them all into one commit and put you as co-author? I am having a hard time tracing through the commits in the current form.
smortex
commented
1 year ago Feel free to squash everything ;-)
waipeng
commented
12 months ago Hi, can this be merged and a new version be cut please? Right now it is broken in default config which is not very healthy.
alaunay
commented
10 months ago Hello, no news on this ? permissions are checked every time without this patch. Thanks !
h0tw1r3
commented
9 months ago @waipeng can you rebase on main please?
smortex
commented
9 months ago Somebody fixed the test suite :scream:. We need to update the tests according to the code changes :grin:
@waipeng the "Files changed" tab shows the offending tests (beware, the view lacks some ... symbols so the diff is not really readable around the failures context), this should help adjusting the test suite to make sure we have the expected code.
Thanks!
h0tw1r3
commented
9 months ago @waipeng tests are failing due to unrelated CI changes. Rebase on main again should get past that.
puppetdb in default config will create a read-only user, however there is a bug[1] with the syntax to set the default read grant.
Fix it with help from comments[2].
[1] https://github.com/puppetlabs/puppetlabs-puppetdb/pull/330#issuecomment-935496488 [2] https://github.com/puppetlabs/puppetlabs-puppetdb/pull/339#issuecomment-1163552126