10000 fix: grant pgsodium functions to service_role by soedirgo · Pull Request #443 · supabase/postgres · GitHub
[go: up one dir, main page]
Skip to content
10000

fix: grant pgsodium functions to service_role #443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Dec 15, 2022
Merged

fix: grant pgsodium functions to service_role #443

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ba8ec72
fix: grant pgsodium functions to service_role
soedirgo Dec 15, 2022
6eb4729
test: service_role can execute certain pgsodium functions
soedirgo Dec 15, 2022
a59aded
chore: update schema.sql
soedirgo Dec 15, 2022
06316e0
chore: bump postgres version
pcnc Dec 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
chore: update schema.sql
  • Loading branch information
@soedirgo
soedirgo committed Dec 15, 2022
commit a59adeddc58896e22bff6f5df72b73c14424eeca
48 changes: 0 additions & 48 deletions migrations/schema.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -510,25 +510,6 @@ END;
$$;


--
-- Name: key_encrypt_secret(); Type: FUNCTION; Schema: pgsodium; Owner: -
--

CREATE FUNCTION pgsodium.key_encrypt_secret() RETURNS trigger
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The schema test has been failing for a while, so I guess this just reflects the latest pgsodium version.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/michelp/pgsodium/blob/060e27fc93a53999d94c58170627a443f0eb8d0c/sql/pgsodium--3.1.0--3.1.1.sql#L178

LANGUAGE plpgsql
AS $$
BEGIN
new.raw_key = CASE WHEN new.raw_key IS NULL THEN NULL ELSE
CASE WHEN new.parent_key IS NULL THEN NULL ELSE
pgsodium.crypto_aead_det_encrypt(new.raw_key::bytea, pg_catalog.convert_to((new.id::text || new.associated_data::text)::text, 'utf8'),
new.parent_key::uuid,
new.raw_key_nonce
) END END;
RETURN new;
END;
$$;


--
-- Name: extension(text); Type: FUNCTION; Schema: storage; Owner: -
--
Expand Down Expand Up @@ -754,35 +735,6 @@ CREATE TABLE auth.users (
COMMENT ON TABLE auth.users IS 'Auth: Stores user login data within a secure schema.';


--
-- Name: decrypted_key; Type: VIEW; Schema: pgsodium; Owner: -
--

CREATE VIEW pgsodium.decrypted_key AS
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michelp do you know why this got dropped now? If I recreate pgsodium it gets dumped again.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I got it - this was fixed in pgsodium 3.1.1 but now this issue is back, so we need to revert the migration.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(I'll hold off on reverting it until Michel's done with the pgsodium fixes)

SELECT key.id,
key.status,
key.created,
key.expires,
key.key_type,
key.key_id,
key.key_context,
key.name,
key.associated_data,
key.raw_key,
CASE
WHEN (key.raw_key IS NULL) THEN NULL::bytea
ELSE
CASE
WHEN (key.parent_key IS NULL) THEN NULL::bytea
ELSE pgsodium.crypto_aead_det_decrypt(key.raw_key, convert_to(((key.id)::text || key.associated_data), 'utf8'::name), key.parent_key, key.raw_key_nonce)
END
END AS decrypted_raw_key,
key.raw_key_nonce,
key.parent_key,
key.comment
FROM pgsodium.key;


--
-- Name: schema_migrations; Type: TABLE; Schema: public; Owner: -
--
Expand Down
0