-
Notifications
You must be signed in to change notification settings - Fork 978
chore: add prebuilds system user #16916
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 1 commit
Commits
Show all changes
28 commits
Select commit
Hold shift + click to select a range
300e80f
add prebuilds system user database changes and associated changes
SasSwart b788237
optionally prevent system users from counting to user count
dannykopping 8122595
appease the linter
dannykopping bfb7c28
add unit test for system user behaviour
dannykopping 6639167
reverting RBAC changes; not relevant here
dannykopping 769ae1d
removing unnecessary changes
dannykopping e7e9c27
exclude system user db tests from non-linux OSs
dannykopping 3936047
Rename prebuild system user reference
SasSwart 8bdcafb
ensure that users.IsSystem is not nullable
SasSwart 324fde2
Fixes
dannykopping 81d9dfa
Merge remote-tracking branch 'origin/main' into prebuilds-system-user
SasSwart 896c881
renumber migrations
SasSwart de4fb8a
ensure that system users are filtered and returned consistently
SasSwart 2751d5b
make -B lint
SasSwart 1042c39
rewrite prebuilds system user tests in our usual style
SasSwart f9e9d11
add support for prebuilds user to dbmem
SasSwart 7492965
appease the linter
SasSwart 29e2020
add support for the prebuilds system user to dbmem
SasSwart 8c51585
linter
SasSwart cdc5c71
fix dbmem tests
SasSwart 0d4813a
remove restriction on modifying system users for now
SasSwart 95d70a3
remove system user index
SasSwart 8f1d71c
Merge remote-tracking branch 'origin/main' into prebuilds-system-user
SasSwart 7e009e5
invert tests that check for system user update protection
SasSwart addd7c6
lint
SasSwart 7a4ef24
Allow TestUpdateSystemUser to run against dbmem
SasSwart f30ce72
Merge remote-tracking branch 'origin/main' into prebuilds-system-user
SasSwart 5f0ae5e
Renumber migrations
SasSwart File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next
Next commit
add prebuilds system user database changes and associated changes
Signed-off-by: Danny Kopping <dannykopping@gmail.com>
- Loading branch information
commit 300e80f1f8922c6e373858789530048b903da11c
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
-- Remove system user from organizations | ||
DELETE FROM organization_members | ||
WHERE user_id = 'c42fdf75-3097-471c-8c33-fb52454d81c0'; | ||
|
||
-- Drop triggers first | ||
DROP TRIGGER IF EXISTS prevent_system_user_updates ON users; | ||
DROP TRIGGER IF EXISTS prevent_system_user_deletions ON users; | ||
|
||
-- Drop function | ||
DROP FUNCTION IF EXISTS prevent_system_user_changes(); | ||
|
||
-- Delete system user | ||
DELETE FROM users | ||
WHERE id = 'c42fdf75-3097-471c-8c33-fb52454d81c0'; | ||
|
||
-- Drop index | ||
DROP INDEX IF EXISTS user_is_system_idx; | ||
|
||
-- Drop column | ||
ALTER TABLE users DROP COLUMN IF EXISTS is_system; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
ALTER TABLE users | ||
ADD COLUMN is_system bool DEFAULT false; | ||
|
||
CREATE INDEX user_is_system_idx ON users USING btree (is_system); | ||
|
||
COMMENT ON COLUMN users.is_system IS 'Determines if a user is a system user, and therefore cannot login or perform normal actions'; | ||
|
||
-- TODO: tried using "none" for login type, but the migration produced this error: 'unsafe use of new value "none" of enum type login_type' | ||
-- -> not sure why though? it exists on the login_type enum. | ||
SasSwart marked this conversation as resolved.
Show resolved
Hide resolved
|
||
INSERT INTO users (id, email, username, name, created_at, updated_at, status, rbac_roles, hashed_password, is_system, login_type) | ||
VALUES ('c42fdf75-3097-471c-8c33-fb52454d81c0', 'prebuilds@system', 'prebuilds', 'Prebuilds Owner', now(), now(), | ||
SasSwart marked this conversation as resolved.
Show resolved
Hide resolved
|
||
'active', '{}', 'none', true, 'password'::login_type); | ||
SasSwart marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
-- Create function to check system user modifications | ||
CREATE OR REPLACE FUNCTION prevent_system_user_changes() | ||
RETURNS TRIGGER AS | ||
$$ | ||
BEGIN | ||
IF OLD.is_system = true THEN | ||
RAISE EXCEPTION 'Cannot modify or delete system users'; | ||
END IF; | ||
RETURN OLD; | ||
END; | ||
$$ LANGUAGE plpgsql; | ||
|
||
-- Create trigger to prevent updates to system users | ||
CREATE TRIGGER prevent_system_user_updates | ||
SasSwart marked this conversation as resolved.
Show resolved
Hide resolved
|
||
BEFORE UPDATE ON users | ||
FOR EACH ROW | ||
WHEN (OLD.is_system = true) | ||
EXECUTE FUNCTION prevent_system_user_changes(); | ||
|
||
-- Create trigger to prevent deletion of system users | ||
CREATE TRIGGER prevent_system_user_deletions | ||
BEFORE DELETE ON users | ||
FOR EACH ROW | ||
WHEN (OLD.is_system = true) | ||
EXECUTE FUNCTION prevent_system_user_changes(); | ||
|
||
-- TODO: do we *want* to use the default org here? how do we handle multi-org? | ||
SasSwart marked this conversation as resolved.
Show resolved
Hide resolved
|
||
WITH default_org AS (SELECT id | ||
FROM organizations | ||
WHERE is_default = true | ||
LIMIT 1) | ||
INSERT | ||
INTO organization_members (organization_id, user_id, created_at, updated_at) | ||
SELECT default_org.id, | ||
'c42fdf75-3097-471c-8c33-fb52454d81c0', -- The system user responsible for prebuilds. | ||
NOW(), | ||
NOW() | ||
FROM default_org; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.