[DPE-1454] Update database ownership #287
Conversation
| self.charm.backend.postgres.create_database( | ||
| database, user, client_relations=self.charm.client_relations | ||
| ) |
There was a problem hiding this comment.
Copied from the PG charm. This can potentially cause issues if both PG and PGB are related on the same database, as both will think they own it.
There was a problem hiding this comment.
I think it may happen only when we change the PgBouncer extra user roles from SUPERUSER to fewer privileges.
| dbs = self.charm.get_relation_databases() | ||
| database = dbs.pop(str(broken_event.relation.id), {}).get("name") |
There was a problem hiding this comment.
We need the db name to remove the auth function.
| @@ -270,6 +271,7 @@ def _on_relation_joined(self, join_event: RelationJoinedEvent): | |||
| return | |||
|
|
|||
| # set up auth function | |||
| self.charm.backend.remove_auth_function(dbs=[database]) | |||
There was a problem hiding this comment.
If the auth_function was not removed, create_database() will change ownership and initialise_auth_function() will not recreate it.
dragomirp
requested review from
marceloneppel,
lucasgameiroborges and
taurus-forever
src/relations/db.py
Outdated
| delete_db = database not in dbs.values() | ||
| if database and delete_db: | ||
| self.charm.backend.remove_auth_function(dbs=[database]) |
There was a problem hiding this comment.
Only delete the auth query if no other relations use the same db.
src/relations/pgbouncer_provider.py
Outdated
| delete_db = database not in dbs.values() | ||
| if database and delete_db: | ||
| self.charm.backend.remove_auth_function(dbs=[database]) |
There was a problem hiding this comment.
I think the auth_function is not being correctly created/removed correctly.
By running the following commands, I lost the connection through app1 credentials (data-integrator) when I removed only the relation between app2 (another data-integrator) and pgbouncer-k8s.
juju deploy postgresql-k8s --channel 14/edge --trust
juju deploy ./pgbouncer-k8s_ubuntu-22.04-amd64.charm --resource pgbouncer-image=ghcr.io/canonical/charmed-postgresql@sha256:31cf150b4523481202c1ff9b7b5d7f0b36729edad89d61242d8f1eb56b2912c0 --trust
juju deploy data-integrator app1
juju deploy data-integrator app2
juju relate pgbouncer-k8s postgresql-k8s
juju config app1 database-name=test
juju config app2 database-name=test
juju relate app1 pgbouncer-k8s
juju relate app2 pgbouncer-k8s
juju run postgresql-k8s/leader get-password
psql "host={postgresql-unit-ip} user=operator dbname=test password={password}”
# Run SELECT specific_schema FROM information_schema.routines WHERE routine_name='get_auth'; which outputs only pgbouncer_auth_relation_id_7.
juju run app1/leader get-credentials
psql "host={ip-from-get-credentials} user={user-from-get-credentials} dbname={database-name-from-get-credentials} password={password-from-get-credentials}”
# The connection works.
juju remove-relation app2 pgbouncer-k8s
psql "host={postgresql-unit-ip} user=operator dbname=test password={password}”
# Run SELECT specific_schema FROM information_schema.routines WHERE routine_name='get_auth'; which outputs nothing.
juju run app1/leader get-credentials # To check that the same credentials from before are shown.
psql "host={ip-from-get-credentials} user={user-from-get-credentials} dbname={database-name-from-get-credentials} password={password-from-get-credentials}”
# The connection doesn’t work.There was a problem hiding this comment.
dbs.values() are dicts so delete_db was always true. Nice catch.
| self.charm.backend.postgres.create_database( | ||
| database, user, client_relations=self.charm.client_relations | ||
| ) |
There was a problem hiding this comment.
I think it may happen only when we change the PgBouncer extra user roles from SUPERUSER to fewer privileges.
Issue
Cannot drop db objects when rerelating to pgbouncer
Solution