Merge branch 'develop' into bo/dataeng-873-upgrade-wrappers-to-v045

Author: burmecia

ebssurrogate/scripts/qemu-bootstrap-nix.sh

@@ -143,4 +143,6 @@ function clean_system {
 
 install_nix
 execute_stage2_playbook
+# we do not want to ship an initialized DB as this is performed as needed
+rm -rf /data/pgdata
 cloud-init clean --logs

nix/tests/expected/security.out

@@ -0,0 +1,30 @@
+-- get a list of security definer functions owned by supabase_admin
+-- this list should be vetted to ensure the functions are safe to use as security definer
+select
+    n.nspname, p.proname
+from pg_catalog.pg_proc p
+    left join pg_catalog.pg_namespace n ON n.oid = p.pronamespace
+where p.proowner = (select oid from pg_catalog.pg_roles where rolname = 'supabase_admin')
+        and p.prosecdef = true
+order by 1,2;
+ nspname  |            proname             
+----------+--------------------------------
+ graphql  | get_schema_version
+ graphql  | increment_schema_version
+ pgsodium | disable_security_label_trigger
+ pgsodium | enable_security_label_trigger
+ pgsodium | get_key_by_id
+ pgsodium | get_key_by_name
+ pgsodium | get_named_keys
+ pgsodium | mask_role
+ pgsodium | update_mask
+ public   | dblink_connect_u
+ public   | dblink_connect_u
+ public   | pgaudit_ddl_command_end
+ public   | pgaudit_sql_drop
+ public   | st_estimatedextent
+ public   | st_estimatedextent
+ public   | st_estimatedextent
+ repack   | repack_trigger
+(17 rows)
+

nix/tests/sql/security.sql

@@ -0,0 +1,9 @@
+-- get a list of security definer functions owned by supabase_admin
+-- this list should be vetted to ensure the functions are safe to use as security definer
+select
+    n.nspname, p.proname
+from pg_catalog.pg_proc p
+    left join pg_catalog.pg_namespace n ON n.oid = p.pronamespace
+where p.proowner = (select oid from pg_catalog.pg_roles where rolname = 'supabase_admin')
+        and p.prosecdef = true
+order by 1,2;