Skip to content

Commit 6ae2c3b

Browse files
soedirgosoedirgo
authored
fix: pg_net event trigger (#1457)
* fix: pg_net event trigger * chore: bump version * chore: update schema files
1 parent 4066b0d commit 6ae2c3b

File tree

4 files changed

+87
-71
lines changed

4 files changed

+87
-71
lines changed

ansible/vars.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,8 @@ postgres_major:
88

99
# Full version strings for each major version
1010
postgres_release:
11-
postgresorioledb-17: "17.0.1.037-orioledb"
12-
postgres15: "15.8.1.042"
11+
postgresorioledb-17: "17.0.1.038-orioledb"
12+
postgres15: "15.8.1.043"
1313

1414
# Non Postgres Extensions
1515
pgbouncer_release: "1.19.0"

migrations/db/migrations/20250220051611_pg_net_perms_fix.sql

Lines changed: 47 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -1,55 +1,55 @@
11
-- migrate:up
2+
CREATE OR REPLACE FUNCTION extensions.grant_pg_net_access()
3+
RETURNS event_trigger
4+
LANGUAGE plpgsql
5+
AS $$
6+
BEGIN
7+
IF EXISTS (
8+
SELECT 1
9+
FROM pg_event_trigger_ddl_commands() AS ev
10+
JOIN pg_extension AS ext
11+
ON ev.objid = ext.oid
12+
WHERE ext.extname = 'pg_net'
13+
)
14+
THEN
15+
IF NOT EXISTS (
16+
SELECT 1
17+
FROM pg_roles
18+
WHERE rolname = 'supabase_functions_admin'
19+
)
20+
THEN
21+
CREATE USER supabase_functions_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION;
22+
END IF;
23+
24+
GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role;
25+
26+
IF EXISTS (
27+
SELECT FROM pg_extension
28+
WHERE extname = 'pg_net'
29+
-- all versions in use on existing projects as of 2025-02-20
30+
-- version 0.12.0 onwards don't need these applied
31+
AND extversion IN ('0.2', '0.6', '0.7', '0.7.1', '0.8', '0.10.0', '0.11.0')
32+
) THEN
33+
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
34+
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
35+
36+
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
37+
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
38+
39+
REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
40+
REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
41+
42+
GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
43+
GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
44+
END IF;
45+
END IF;
46+
END;
47+
$$;
48+
249
DO $$
350
BEGIN
451
IF EXISTS (SELECT FROM pg_extension WHERE extname = 'pg_net')
552
THEN
6-
CREATE OR REPLACE FUNCTION extensions.grant_pg_net_access()
7-
RETURNS event_trigger
8-
LANGUAGE plpgsql
9-
AS $func$
10-
BEGIN
11-
IF EXISTS (
12-
SELECT 1
13-
FROM pg_event_trigger_ddl_commands() AS ev
14-
JOIN pg_extension AS ext
15-
ON ev.objid = ext.oid
16-
WHERE ext.extname = 'pg_net'
17-
)
18-
THEN
19-
IF NOT EXISTS (
20-
SELECT 1
21-
FROM pg_roles
22-
WHERE rolname = 'supabase_functions_admin'
23-
)
24-
THEN
25-
CREATE USER supabase_functions_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION;
26-
END IF;
27-
28-
GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role;
29-
30-
IF EXISTS (
31-
SELECT FROM pg_extension
32-
WHERE extname = 'pg_net'
33-
-- all versions in use on existing projects as of 2025-02-20
34-
-- version 0.12.0 onwards don't need these applied
35-
AND extversion IN ('0.2', '0.6', '0.7', '0.7.1', '0.8', '0.10.0', '0.11.0')
36-
) THEN
37-
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
38-
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
39-
40-
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
41-
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
42-
43-
REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
44-
REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
45-
46-
GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
47-
GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
48-
END IF;
49-
END IF;
50-
END;
51-
$func$;
52-
5353
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY INVOKER;
5454
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY INVOKER;
5555

migrations/schema-15.sql

Lines changed: 19 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -339,17 +339,25 @@ BEGIN
339339

340340
GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role;
341341

342-
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
343-
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
344-
345-
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
346-
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
347-
348-
REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
349-
REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
350-
351-
GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
352-
GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
342+
IF EXISTS (
343+
SELECT FROM pg_extension
344+
WHERE extname = 'pg_net'
345+
-- all versions in use on existing projects as of 2025-02-20
346+
-- version 0.12.0 onwards don't need these applied
347+
AND extversion IN ('0.2', '0.6', '0.7', '0.7.1', '0.8', '0.10.0', '0.11.0')
348+
) THEN
349+
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
350+
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
351+
352+
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
353+
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
354+
355+
REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
356+
REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
357+
358+
GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
359+
GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
360+
END IF;
353361
END IF;
354362
END;
355363
$$;

migrations/schema-orioledb-17.sql

Lines changed: 19 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -354,17 +354,25 @@ BEGIN
354354

355355
GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role;
356356

357-
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
358-
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
359-
360-
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
361-
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
362-
363-
REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
364-
REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
365-
366-
GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
367-
GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
357+
IF EXISTS (
358+
SELECT FROM pg_extension
359+
WHERE extname = 'pg_net'
360+
-- all versions in use on existing projects as of 2025-02-20
361+
-- version 0.12.0 onwards don't need these applied
362+
AND extversion IN ('0.2', '0.6', '0.7', '0.7.1', '0.8', '0.10.0', '0.11.0')
363+
) THEN
364+
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
365+
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
366+
367+
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
368+
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
369+
370+
REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
371+
REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
372+
373+
GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
374+
GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
375+
END IF;
368376
END IF;
369377
END;
370378
$$;

0 commit comments

Comments
 (0)