Skip to content

[DPE-8318] Predefined roles docs #1107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: 16/edge
Choose a base branch
from
Open

[DPE-8318] Predefined roles docs #1107

wants to merge 8 commits into from

Conversation

marceloneppel
Copy link
Member

@marceloneppel marceloneppel commented Sep 24, 2025
edited
Loading

Issue

There is no documentation for the new predefined roles.

Solution

Document those roles, as it was done for the PG 16 VM charm (canonical/postgresql-operator#1054).

Update the users' documentation to reflect the new roles structure (removing the admin extra user role, which exists only for the PG 14 charm).

Also, fix the toctree from docs/explanation/index.md based on the approach suggested on https://github.com/canonical/postgresql-operator/pull/1084/files/3359f0ab7338cee122a4e3215ec4f1ac350a9b4a#r2259899679 and fix some Juju anchors.

Checklist

  • I have added or updated any relevant documentation.
  • I have cleaned any remaining cloud resources from my accounts.

@marceloneppel marceloneppel added the not bug or enhancement PR is not 'bug' or 'enhancement'. For release notes label Sep 24, 2025
@marceloneppel marceloneppel marked this pull request as ready for review September 24, 2025 18:42
taurus-forever
taurus-forever approved these changes Sep 26, 2025
View reviewed changes
Copy link
Contributor

@taurus-forever taurus-forever left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, can you please add description about the proper way of escalating the privileges?

docs/explanation/roles.md
test123=> SELECT * FROM pg_roles WHERE rolname LIKE 'charmed_test_%';
rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolconnlimit | rolpassword | rolvaliduntil | rolbypassrls | rolconfig | oid
--------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+-------------+---------------+--------------+-----------+-------
charmed_test_owner | f | t | f | f | f | f | -1 | ******** | | f | | 16396
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens when I request database databases, re: charmed_databases_owner in line 61?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The charm will throw an error. I'm currently working on fixing that. Thanks for catching this.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed on canonical/postgresql-single-kernel-library#18 (there are two follow-up PRs in the operators repositories).

@marceloneppel
Add text to 'seealso' section
426e8a7 
Signed-off-by: Marcelo Henrique Neppel <[email protected]>
a-velasco
a-velasco approved these changes Sep 30, 2025
View reviewed changes
Copy link
Contributor

@a-velasco a-velasco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @marceloneppel!

@marceloneppel marceloneppel mentioned this pull request Oct 2, 2025
Merged
2 tasks
@marceloneppel
Copy link
Member Author

LGTM, can you please add description about the proper way of escalating the privileges?

Apologies, Alex! I missed your request about escalation. I updated the PR on e2a92e4 with that.

Could you review it again, @taurus-forever and @a-velasco? Thanks!

taurus-forever
taurus-forever reviewed Oct 7, 2025
View reviewed changes
docs/explanation/roles.md Outdated
Regular relation users can temporarily escalate their privileges to other predefined roles using PostgreSQL's role-switching features. There are two approaches:

- SET ROLE / RESET ROLE (standard, built-in)
- The `set_user`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe The set_user/reset_user` to mimic line above.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated on 02e634a.

@marceloneppel
Fix user allowed to call set_user
1f91124 
Signed-off-by: Marcelo Henrique Neppel <[email protected]>
@marceloneppel
Add reset_user to approach description
02e634a 
Signed-off-by: Marcelo Henrique Neppel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@taurus-forever taurus-forever taurus-forever approved these changes

@a-velasco a-velasco a-velasco approved these changes

@7annaba3l 7annaba3l Awaiting requested review from 7annaba3l

Assignees

No one assigned

Labels

not bug or enhancement PR is not 'bug' or 'enhancement'. For release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marceloneppel @taurus-forever @a-velasco