feat: setup supabase_realtime_admin#1852
Conversation
|
Coverage is 91.325% — lp-revoke-supabase_realtime_admin into main. No base build found for |
leandrocp
force-pushed
the
lp-revoke-supabase_realtime_admin
branch
from
d3573fe to
2b98f96
Compare
leandrocp
changed the title
supabase_realtime_admin
leandrocp
force-pushed
the
lp-revoke-supabase_realtime_admin
branch
3 times, most recently
from
72e61c1 to
c3a692e
Compare
| name: Tests PG15 (Partition ${{ matrix.partition }}) | ||
| runs-on: blacksmith-8vcpu-ubuntu-2404 | ||
| env: | ||
| POSTGRES_IMAGE: supabase/postgres:15.14.1.113 |
There was a problem hiding this comment.
Minimum PG15 version that grants policy on realtime.subscription via supautils.
There was a problem hiding this comment.
Previous function required grant usage because of ::regclass casting, see test "subscription works when role lacks usage permission".
leandrocp
force-pushed
the
lp-revoke-supabase_realtime_admin
branch
from
c3a692e to
9353942
Compare
| _ -> raise "Running Migrations failed" | ||
| end | ||
|
|
||
| Tenants.Migrations.run_migrations(tenant) |
There was a problem hiding this comment.
This seems redundant so I removed it but not sure about this change.
| name: coverage-partition-${{ matrix.partition }} | ||
| path: cover/lcov.info | ||
|
|
||
| tests-pg15: |
There was a problem hiding this comment.
We could execute this test only on main or when some specific files changes if running on every branch is too expensive.
There was a problem hiding this comment.
New test module to verify permissions, ie: restrict what must be restricted without breaking the system.
This comment has been minimized.
This comment has been minimized.
…altime_admin # Conflicts: # priv/repo/dev_seeds.exs
edgurgel
left a comment
edgurgel
left a comment
There was a problem hiding this comment.
Great tests on schema_test.exs
useful for debugging
This comment has been minimized.
This comment has been minimized.
|
|
||
| case Postgrex.query(conn, query, []) do | ||
| {:ok, _} -> Logger.debug("Partition #{partition_name} created") | ||
| alter_owner = "ALTER TABLE realtime.#{partition_name} OWNER TO supabase_realtime_admin" |
There was a problem hiding this comment.
oh so we always need to change this?
There was a problem hiding this comment.
Yes and also new objects created through migrations (sorry I forgot to mention this). The reason is because we can't switch to supabase_realtime_admin on all projects, really only supabase/postgres >= 15.14.1.018 will work.
3 participants
Part of project Migrations v2.
The main change is connecting tenants using
supabase_realtime_admininstead ofsupabase_admin. Related to https://github.com/orgs/supabase/discussions/34270TLDR:
realtime.subscriptionsupabase_realtime_adminwithREPLICATIONandsupautilsmanaging policies.The complexity of this PR is because we need to handle existing tenants running with
supabase_adminand new projects that should start withsupabase_realtime_admin, running from PG14 to 17. This is done mostly by executing the migrationsetup_supabase_realtime_admin.exthat is gated behind the feature flaguse_supabase_realtime_admin(disabled by default).Review
Start on
## Postgres compatibilityinREADME.mdas it sets the expectations and limitations, thenschema_test.exsalong with changes intests.ymlandintegration_tests.ymlthat shows what is expected to work on each PG version.Tasks
Closes REAL-25
Closes REAL-377
Closes REAL-527
Closes REAL-630
Closes REAL-778
Closes REAL-781
Closes REAL-816
Closes SEC-562