mirror of
https://github.com/neondatabase/neon.git
synced 2025-12-22 21:59:59 +00:00
dd7fff655a
## Problem Currently `neon_superuser` is hardcoded in many places. It makes it harder to reuse the same code in different envs. ## Summary of changes Parametrize `neon_superuser` in `compute_ctl` via `--privileged-role-name` and in `neon` extensions via `neon.privileged_role_name`, so it's now possible to use different 'superuser' role names if needed. Everything still defaults to `neon_superuser`, so no control plane code changes are needed and I intentionally do not touch regression and migrations tests. Postgres PRs: - https://github.com/neondatabase/postgres/pull/674 - https://github.com/neondatabase/postgres/pull/675 - https://github.com/neondatabase/postgres/pull/676 - https://github.com/neondatabase/postgres/pull/677 Cloud PR: - https://github.com/neondatabase/cloud/pull/31138
53 lines
2.2 KiB
Diff
53 lines
2.2 KiB
Diff
diff --git a/contrib/pg_stat_statements/pg_stat_statements--1.10--1.11.sql b/contrib/pg_stat_statements/pg_stat_statements--1.10--1.11.sql
|
|
index 0bb2c397711..32764db1d8b 100644
|
|
--- a/contrib/pg_stat_statements/pg_stat_statements--1.10--1.11.sql
|
|
+++ b/contrib/pg_stat_statements/pg_stat_statements--1.10--1.11.sql
|
|
@@ -80,3 +80,12 @@ LANGUAGE C STRICT PARALLEL SAFE;
|
|
|
|
-- Don't want this to be available to non-superusers.
|
|
REVOKE ALL ON FUNCTION pg_stat_statements_reset(Oid, Oid, bigint, boolean) FROM PUBLIC;
|
|
+
|
|
+DO $$
|
|
+DECLARE
|
|
+ privileged_role_name text;
|
|
+BEGIN
|
|
+ privileged_role_name := current_setting('neon.privileged_role_name');
|
|
+
|
|
+ EXECUTE format('GRANT EXECUTE ON FUNCTION pg_stat_statements_reset(Oid, Oid, bigint, boolean) TO %I', privileged_role_name);
|
|
+END $$;
|
|
\ No newline at end of file
|
|
diff --git a/contrib/pg_stat_statements/pg_stat_statements--1.4.sql b/contrib/pg_stat_statements/pg_stat_statements--1.4.sql
|
|
index 58cdf600fce..8be57a996f6 100644
|
|
--- a/contrib/pg_stat_statements/pg_stat_statements--1.4.sql
|
|
+++ b/contrib/pg_stat_statements/pg_stat_statements--1.4.sql
|
|
@@ -46,3 +46,12 @@ GRANT SELECT ON pg_stat_statements TO PUBLIC;
|
|
|
|
-- Don't want this to be available to non-superusers.
|
|
REVOKE ALL ON FUNCTION pg_stat_statements_reset() FROM PUBLIC;
|
|
+
|
|
+DO $$
|
|
+DECLARE
|
|
+ privileged_role_name text;
|
|
+BEGIN
|
|
+ privileged_role_name := current_setting('neon.privileged_role_name');
|
|
+
|
|
+ EXECUTE format('GRANT EXECUTE ON FUNCTION pg_stat_statements_reset() TO %I', privileged_role_name);
|
|
+END $$;
|
|
diff --git a/contrib/pg_stat_statements/pg_stat_statements--1.6--1.7.sql b/contrib/pg_stat_statements/pg_stat_statements--1.6--1.7.sql
|
|
index 6fc3fed4c93..256345a8f79 100644
|
|
--- a/contrib/pg_stat_statements/pg_stat_statements--1.6--1.7.sql
|
|
+++ b/contrib/pg_stat_statements/pg_stat_statements--1.6--1.7.sql
|
|
@@ -20,3 +20,12 @@ LANGUAGE C STRICT PARALLEL SAFE;
|
|
|
|
-- Don't want this to be available to non-superusers.
|
|
REVOKE ALL ON FUNCTION pg_stat_statements_reset(Oid, Oid, bigint) FROM PUBLIC;
|
|
+
|
|
+DO $$
|
|
+DECLARE
|
|
+ privileged_role_name text;
|
|
+BEGIN
|
|
+ privileged_role_name := current_setting('neon.privileged_role_name');
|
|
+
|
|
+ EXECUTE format('GRANT EXECUTE ON FUNCTION pg_stat_statements_reset(Oid, Oid, bigint) TO %I', privileged_role_name);
|
|
+END $$;
|