[v15] Use pg_temp to store PostgreSQL auto provisioning procedures

* refactor(postgres): use pg_temp to store auto user procedures * refactor(postgres): code review suggestions * test(postgres): replace logrus with slog * chore(postgres): move switch statement to a map * test(postgres): with wrong slog call * test(postgres): use slog context functions
gravitational · Feb 13, 2025 · 96bcbc2 · 96bcbc2
1 parent 4df9ee6
commit 96bcbc2
Show file tree

Hide file tree

Showing 5 changed files with 273 additions and 128 deletions.
diff --git a/lib/srv/db/postgres/sql/activate-user.sql b/lib/srv/db/postgres/sql/activate-user.sql
@@ -1,4 +1,4 @@
-CREATE OR REPLACE PROCEDURE teleport_activate_user(username varchar, roles varchar[])
+CREATE OR REPLACE PROCEDURE pg_temp.teleport_activate_user(username varchar, roles varchar[])
 LANGUAGE plpgsql
 AS $$
 DECLARE
@@ -22,7 +22,7 @@ BEGIN
         -- Otherwise reactivate the user, but first strip if of all roles to
         -- account for scenarios with left-over roles if database agent crashed
         -- and failed to cleanup upon session termination.
-        CALL teleport_deactivate_user(username);
+        CALL pg_temp.teleport_deactivate_user(username);
         EXECUTE FORMAT('ALTER USER %I WITH LOGIN', username);
     ELSE
         EXECUTE FORMAT('CREATE USER %I IN ROLE "teleport-auto-user"', username);

diff --git a/lib/srv/db/postgres/sql/deactivate-user.sql b/lib/srv/db/postgres/sql/deactivate-user.sql
@@ -1,4 +1,4 @@
-CREATE OR REPLACE PROCEDURE teleport_deactivate_user(username varchar)
+CREATE OR REPLACE PROCEDURE pg_temp.teleport_deactivate_user(username varchar)
 LANGUAGE plpgsql
 AS $$
 DECLARE

diff --git a/lib/srv/db/postgres/sql/delete-user.sql b/lib/srv/db/postgres/sql/delete-user.sql
@@ -1,4 +1,4 @@
-CREATE OR REPLACE PROCEDURE teleport_delete_user(username varchar, inout state varchar default 'TP003')
+CREATE OR REPLACE PROCEDURE pg_temp.teleport_delete_user(username varchar, inout state varchar default 'TP003')
 LANGUAGE plpgsql
 AS $$
 DECLARE
@@ -15,7 +15,7 @@ BEGIN
                 state := 'TP004';
                 -- Drop user/role will fail if user has dependent objects.
                 -- In this scenario, fallback into disabling the user.
-                CALL teleport_deactivate_user(username);
+                CALL pg_temp.teleport_deactivate_user(username);
         END;
     END IF;
 END;$$;