Home > mailing lists

Today's Postgres Releases break login roles - Mailing list pgsql-bugs

From	Etienne LAFARGE
Subject	Today's Postgres Releases break login roles
Date	November 15 20:47:26
Msg-id	CADOZwSb0UsEr4_UTFXC5k7=fyyK8uKXekucd+-uuGjJsGBfxgw@mail.gmail.com Whole thread Raw
Responses	Re: Today's Postgres Releases break login roles Re: Today's Postgres Releases break login roles
List	pgsql-bugs

Tree view

Hello,

Today, when upgrading from Postgres 15.8 to 15.9, we realized that the login role set for a user (with ALTER USER my_user SET ROLE my_role) was not automatically set upon login any more.

This is particularly problematic for users of HashiCorp Vault's dynamic users (like us), who often rely on ALTER ROLE xxx SET ROLE yyy to make sure that dynamic & short-lived users created by vault create postgres resources as a long-lived role, and not as themselves.

We suspect this commit to be the one that introduced this behavioral change.

I made a little testbench with docker compose so that the problem can be reproduced easily and quickly (with comprehensive reproduction steps in the README): https://github.com/elafarge/pg_role_bug_reproduction_testbench (feel free to change the

I'm at your disposal if you have any questions.

Kind Regards,

-Étienne

pgsql-bugs by date:

From: Aleksander Alekseev
Date: 15 November, 18:53:36
Subject: Re: BUG #18708: regex problem: (?:[^\d\D]){0} asserts with "lp->nouts == 0 && rp->nins == 0"

From: Tomas Vondra
Date: 15 November, 21:38:45
Subject: Re: BUG #18705: Segmentation fault when create brin index on user-defined type.

Today's Postgres Releases break login roles - Mailing list pgsql-bugs

Previous

Next