Skip to content

Restrict DROP USER/ROLE from non-dbo user #15238

Restrict DROP USER/ROLE from non-dbo user

Restrict DROP USER/ROLE from non-dbo user #15238

name: Major Version Upgrade Tests for empty database
on: [push, pull_request]
jobs:
run-babelfish-mvu-tests:
env:
OLD_INSTALL_DIR: psql_source
NEW_INSTALL_DIR: psql_target
ENGINE_BRANCH_FROM: BABEL_2_9_STABLE__PG_14_12
EXTENSION_BRANCH_FROM: BABEL_2_9_STABLE
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Install Dependencies
id: install-dependencies
if: always()
uses: ./.github/composite-actions/install-dependencies
- name: Build Modified Postgres using ${{env.ENGINE_BRANCH_FROM}}
id: build-modified-postgres-old
if: always() && steps.install-dependencies.outcome == 'success'
run: |
cd ..
git clone --branch ${{env.ENGINE_BRANCH_FROM}} https://github.com/babelfish-for-postgresql/postgresql_modified_for_babelfish.git
cd postgresql_modified_for_babelfish
./configure --prefix=$HOME/${{env.OLD_INSTALL_DIR}} --with-python PYTHON=/usr/bin/python3.8 --enable-cassert CFLAGS="-ggdb" --with-libxml --with-uuid=ossp --with-icu
make clean
make -j 4 2>error.txt
make install
make check
cd contrib && make && sudo make install
shell: bash
- name: Compile ANTLR
id: compile-antlr
if: always() && steps.build-modified-postgres-old.outcome == 'success'
uses: ./.github/composite-actions/compile-antlr
with:
install_dir: ${{env.OLD_INSTALL_DIR}}
- uses: actions/checkout@v2
with:
repository: babelfish-for-postgresql/babelfish_extensions
ref: ${{env.EXTENSION_BRANCH_FROM}}
- name: Build PostGIS Extension using ${{env.EXTENSION_BRANCH_FROM}}
id: build-postgis-extension-old
if: always() && steps.compile-antlr.outcome == 'success'
run: |
cd ..
export CC='ccache gcc'
export CMAKE_C_COMPILER_LAUNCHER=ccache
export CMAKE_CXX_COMPILER_LAUNCHER=ccache
sudo apt-get install wget
max_retries=20
retries=0
until [ $retries -ge $max_retries ]
do
wget http://postgis.net/stuff/postgis-3.4.0.tar.gz && break
retries=$((retries+1))
done
tar -xvzf postgis-3.4.0.tar.gz
retries1=0
until [ $retries1 -ge $max_retries ]
do
wget https://download.osgeo.org/proj/proj-9.2.1.tar.gz && break
retries1=$((retries1+1))
done
tar -xvzf proj-9.2.1.tar.gz
cd proj-9.2.1
if [ ! -d "build" ]; then
mkdir build
fi
cd build
cmake -DCMAKE_INSTALL_LIBDIR="lib/x86_64-linux-gnu" -DCMAKE_INSTALL_PREFIX="/usr" ..
cmake --build .
sudo cmake --build . --target install
cd ../../postgis-3.4.0
./configure --without-protobuf --without-raster --with-pgconfig=$HOME/psql_source/bin/pg_config
make USE_PGXS=1 PG_CONFIG=~/psql_source/bin/pg_config
sudo make USE_PGXS=1 PG_CONFIG=~/psql_source/bin/pg_config install
shell: bash
- name: Build Extensions using ${{env.EXTENSION_BRANCH_FROM}}
id: build-extensions-old
if: always() && steps.build-postgis-extension-old.outcome == 'success'
run: |
export PG_CONFIG=~/${{env.OLD_INSTALL_DIR}}/bin/pg_config
export PG_SRC=~/work/babelfish_extensions/postgresql_modified_for_babelfish
export cmake=$(which cmake)
cd contrib/babelfishpg_money
make && make install
cd ../babelfishpg_common
make && make install
cd ../babelfishpg_tds
make && make install
cd ../babelfishpg_tsql
make && make install
- name: Install Extensions using ${{env.EXTENSION_BRANCH_FROM}}
id: install-extensions-old
if: always() && steps.build-extensions-old.outcome == 'success'
run: |
ulimit -c unlimited
cd ~
export PATH=/opt/mssql-tools/bin:$PATH
~/${{env.OLD_INSTALL_DIR}}/bin/initdb -D ~/${{env.OLD_INSTALL_DIR}}/data
~/${{env.OLD_INSTALL_DIR}}/bin/pg_ctl -c -D ~/${{env.OLD_INSTALL_DIR}}/data -l ~/${{env.OLD_INSTALL_DIR}}/data/logfile start
cd ${{env.OLD_INSTALL_DIR}}/data
sudo sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/g" postgresql.conf
sudo sed -i "s/#shared_preload_libraries = ''/shared_preload_libraries = 'babelfishpg_tds, pg_stat_statements'/g" postgresql.conf
ipaddress=$(ifconfig eth0 | grep 'inet ' | cut -d: -f2 | awk '{ print $2}')
# Allow only runner to have trust authentication, all other users must provide a password
{
sudo echo "local all runner trust"
sudo echo "local all all md5"
sudo echo "host all runner 127.0.0.1/32 trust"
sudo echo "host all runner $ipaddress/32 trust"
sudo echo "host all all 0.0.0.0/0 md5"
sudo echo "host all all ::/0 md5"
} > pg_hba.conf
~/${{env.OLD_INSTALL_DIR}}/bin/pg_ctl -c -D ~/${{env.OLD_INSTALL_DIR}}/data -l ~/${{env.OLD_INSTALL_DIR}}/data/logfile restart
cd ~/work/babelfish_extensions/babelfish_extensions/
sudo ~/${{env.OLD_INSTALL_DIR}}/bin/psql -v ON_ERROR_STOP=1 -d postgres -U runner -v user="jdbc_user" -v db="jdbc_testdb" -v migration_mode="single-db" -v tsql_port="1433" -f .github/scripts/create_extension.sql
sqlcmd -S localhost -U jdbc_user -P 12345678 -Q "SELECT @@version GO"
shell: bash
- uses: actions/checkout@v2
- name: Build Modified Postgres using latest version
id: build-modified-postgres-new
if: always() && steps.install-extensions-old.outcome == 'success'
uses: ./.github/composite-actions/build-modified-postgres
with:
install_dir: ${{env.NEW_INSTALL_DIR}}
release_mode: 'yes'
- name: Copy ANTLR
run: cp "/usr/local/lib/libantlr4-runtime.so.4.9.3" ~/${{env.NEW_INSTALL_DIR}}/lib/
- name: Build Extensions using latest version
id: build-extensions-new
if: always() && steps.build-modified-postgres-new.outcome == 'success'
uses: ./.github/composite-actions/build-extensions
with:
install_dir: ${{env.NEW_INSTALL_DIR}}
- name: Build tds_fdw Extension
id: build-tds_fdw-extension
if: always() && steps.build-extensions-new.outcome == 'success'
uses: ./.github/composite-actions/build-tds_fdw-extension
with:
install_dir: ${{env.NEW_INSTALL_DIR}}
- name: Build vector Extension
id: build-vector-extension
if: always() && steps.build-tds_fdw-extension.outcome == 'success'
uses: ./.github/composite-actions/build-vector-extension
with:
install_dir: ${{env.NEW_INSTALL_DIR}}
- name: Build PostGIS Extension
id: build-postgis-extension
if: always() && steps.build-vector-extension.outcome == 'success'
uses: ./.github/composite-actions/build-postgis-extension
with:
install_dir: ${{env.NEW_INSTALL_DIR}}
- name: Setup new data directory
id: setup-new-datadir
if: always() && steps.build-postgis-extension.outcome == 'success'
run: |
cd ~
~/${{env.NEW_INSTALL_DIR}}/bin/initdb -D ~/${{env.NEW_INSTALL_DIR}}/data
cd ~/${{env.NEW_INSTALL_DIR}}/data
sudo sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/g" postgresql.conf
sudo sed -i "s/#shared_preload_libraries = ''/shared_preload_libraries = 'babelfishpg_tds, pg_stat_statements'/g" postgresql.conf
ipaddress=$(ifconfig eth0 | grep 'inet ' | cut -d: -f2 | awk '{ print $2}')
# Allow only runner to have trust authentication, all other users must provide a password
{
sudo echo "local all runner trust"
sudo echo "local all all md5"
sudo echo "host all runner 127.0.0.1/32 trust"
sudo echo "host all runner $ipaddress/32 trust"
sudo echo "host all all 0.0.0.0/0 md5"
sudo echo "host all all ::/0 md5"
} > pg_hba.conf
shell: bash
- name: Check Babelfish metadata inconsistency before Major Version Upgrade
id: check-babelfish-inconsistency
if: always() && steps.setup-new-datadir.outcome == 'success'
uses: ./.github/composite-actions/check-babelfish-inconsistency
- name: Run pg_upgrade
id: run-pg_upgrade
if: |
always() && steps.setup-new-datadir.outcome == 'success'
&& steps.check-babelfish-inconsistency.outcome == 'success'
uses: ./.github/composite-actions/run-pg-upgrade
- name: Disable TDS fault injection tests in release mode
id: disable-fault-injection
if: |
always() && steps.setup-new-datadir.outcome == 'success'
&& steps.check-babelfish-inconsistency.outcome == 'success'
&& steps.check-babelfish-inconsistency.outputs.check_result == 0
run: |
cd test/JDBC/
echo 'ignore#!#babel_tds_fault_injection' >> jdbc_schedule
echo 'ignore#!#tds_faultinjection' >> jdbc_schedule
echo jdbc_schedule
- name: Run JDBC Tests
id: jdbc
timeout-minutes: 60
if: always() && steps.run-pg_upgrade.outcome == 'success'
run: |
export PATH=~/${{env.NEW_INSTALL_DIR}}/bin:$PATH
export PG_SRC=~/work/babelfish_extensions/postgresql_modified_for_babelfish
cd test/JDBC/
# temporarily ignore test BABEL-2086
echo 'ignore#!#BABEL-2086' >> jdbc_schedule
mvn test
- name: Upload Postgres log
if: always() && steps.jdbc.outcome == 'failure'
uses: actions/upload-artifact@v2
with:
name: postgres-log
path: ~/${{env.NEW_INSTALL_DIR}}/data/logfile
- name: Upload upgrade Log
if: always() && steps.run-pg_upgrade.outcome == 'failure'
uses: actions/upload-artifact@v2
with:
name: upgrade-logs
path: |
~/upgrade/*.log
~/${{env.NEW_INSTALL_DIR}}/data/pg_upgrade_output.d/*
# The test summary files contain paths with ':' characters, which is not allowed with the upload-artifact actions
- name: Rename Test Summary Files
id: test-file-rename
if: always() && steps.jdbc.outcome == 'failure'
run: |
cd test/JDBC/Info
timestamp=`ls -Art | tail -n 1`
cd $timestamp
mv $timestamp.diff ../output-diff.diff
mv "$timestamp"_runSummary.log ../run-summary.log
- name: Upload Run Summary
if: always() && steps.test-file-rename.outcome == 'success'
uses: actions/upload-artifact@v2
with:
name: run-summary.log
path: test/JDBC/Info/run-summary.log
- name: Upload Output Diff
if: always() && steps.test-file-rename.outcome == 'success'
uses: actions/upload-artifact@v2
with:
name: output-diff.diff
path: test/JDBC/Info/output-diff.diff
- name: Check and upload coredumps
if: always() && steps.jdbc.outcome == 'failure'
uses: ./.github/composite-actions/upload-coredump