| From: | Etienne LAFARGE <etienne(dot)lafarge(at)gmail(dot)com> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Today's Postgres Releases break login roles |
| Date: | 2024-11-15 14:47:26 |
| Message-ID: | CADOZwSb0UsEr4_UTFXC5k7=fyyK8uKXekucd+-uuGjJsGBfxgw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hello,
Today, when upgrading from Postgres 15.8 to 15.9, we realized that the
login role set for a user (with ALTER USER my_user SET ROLE my_role) was
not automatically set upon login any more.
This is particularly problematic for users of HashiCorp Vault's dynamic
users (like us), who often rely on ALTER ROLE xxx SET ROLE yyy to make sure
that dynamic & short-lived users created by vault create postgres resources
as a long-lived role, and not as themselves.
We suspect this commit
<https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=a5d2e6205>
to be the one that introduced this behavioral change.
I made a little testbench with docker compose so that the problem can be
reproduced easily and quickly (with comprehensive reproduction steps in the
README): https://github.com/elafarge/pg_role_bug_reproduction_testbench
(feel free to change the
I'm at your disposal if you have any questions.
Kind Regards,
-Étienne
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2024-11-15 15:38:45 | Re: BUG #18705: Segmentation fault when create brin index on user-defined type. |
| Previous Message | Aleksander Alekseev | 2024-11-15 12:53:36 | Re: BUG #18708: regex problem: (?:[^\d\D]){0} asserts with "lp->nouts == 0 && rp->nins == 0" |