diff --git a/edb/buildmeta.py b/edb/buildmeta.py index d381e336b4b..7763df23efb 100644 --- a/edb/buildmeta.py +++ b/edb/buildmeta.py @@ -60,7 +60,7 @@ # The merge conflict there is a nice reminder that you probably need # to write a patch in edb/pgsql/patches.py, and then you should preserve # the old value. -EDGEDB_CATALOG_VERSION = 2024_11_15_00_00 +EDGEDB_CATALOG_VERSION = 2024_11_22_00_00 EDGEDB_MAJOR_VERSION = 6 diff --git a/edb/schema/defines.py b/edb/schema/defines.py index 81d448d0c2d..c03ea94a3f8 100644 --- a/edb/schema/defines.py +++ b/edb/schema/defines.py @@ -30,7 +30,8 @@ # Maximum number of arguments supported by SQL functions. MAX_FUNC_ARG_COUNT = 100 -EDGEDB_SUPERUSER = 'edgedb' +EDGEDB_SUPERUSER = 'admin' +EDGEDB_OLD_SUPERUSER = 'edgedb' EDGEDB_TEMPLATE_DB = '__edgedbtpl__' EDGEDB_SYSTEM_DB = '__edgedbsys__' diff --git a/edb/server/defines.py b/edb/server/defines.py index c612865cf1c..5199f8d481b 100644 --- a/edb/server/defines.py +++ b/edb/server/defines.py @@ -32,6 +32,7 @@ EDGEDB_REMOTE_COMPILER_PORT = 5660 EDGEDB_SUPERGROUP = 'edgedb_supergroup' EDGEDB_SUPERUSER = s_def.EDGEDB_SUPERUSER +EDGEDB_OLD_SUPERUSER = s_def.EDGEDB_OLD_SUPERUSER EDGEDB_TEMPLATE_DB = s_def.EDGEDB_TEMPLATE_DB EDGEDB_OLD_DEFAULT_DB = 'edgedb' EDGEDB_SUPERUSER_DB = 'main' diff --git a/edb/server/protocol/binary.pyx b/edb/server/protocol/binary.pyx index 6f23400bdeb..2bd518a7096 100644 --- a/edb/server/protocol/binary.pyx +++ b/edb/server/protocol/binary.pyx @@ -276,6 +276,7 @@ cdef class EdgeConnection(frontend.FrontendConnection): f'missing required connection parameter in ClientHandshake ' f'message: "user"' ) + user = self.tenant.resolve_user_name(user) database = params.get('database') branch = params.get('branch') diff --git a/edb/server/protocol/protocol.pyx b/edb/server/protocol/protocol.pyx index a0686a90264..3b1fe928050 100644 --- a/edb/server/protocol/protocol.pyx +++ b/edb/server/protocol/protocol.pyx @@ -895,6 +895,7 @@ cdef class HttpProtocol: request.authorization) username, opt_password = auth_helpers.extract_http_user( scheme, auth_payload, request.params) + username = self.tenant.resolve_user_name(username) # Fetch the configured auth methods authmethods = await self.tenant.get_auth_methods( diff --git a/edb/server/tenant.py b/edb/server/tenant.py index 64a346b8359..77047a6cd38 100644 --- a/edb/server/tenant.py +++ b/edb/server/tenant.py @@ -1393,6 +1393,15 @@ def resolve_branch_name( assert database is not None return database + def resolve_user_name(self, user: str) -> str: + if ( + user == defines.EDGEDB_OLD_SUPERUSER + and user not in self.get_roles() + ): + return defines.EDGEDB_SUPERUSER + else: + return user + async def get_auth_methods( self, user: str, diff --git a/edb/testbase/server.py b/edb/testbase/server.py index a234a6662fb..2d8a44c8bf3 100644 --- a/edb/testbase/server.py +++ b/edb/testbase/server.py @@ -2417,7 +2417,7 @@ async def __aenter__(self): else: password = secrets.token_urlsafe() bootstrap_command = f"""\ - ALTER ROLE edgedb {{ + ALTER ROLE admin {{ SET password := '{password}'; }}; """ diff --git a/tests/test_server_auth.py b/tests/test_server_auth.py index 0c48bf40c33..eeeeeefdd57 100644 --- a/tests/test_server_auth.py +++ b/tests/test_server_auth.py @@ -459,7 +459,7 @@ async def test_server_auth_jwt_1(self): good_keys = [ [], - [("roles", ["edgedb"])], + [("roles", ["admin"])], [("databases", ["main"])], [("instances", ["localtest"])], ] @@ -479,7 +479,7 @@ async def test_server_auth_jwt_1(self): bad_keys = { (("roles", ("bad-role",)),): 'secret key does not authorize access ' - + 'in role "edgedb"', + + 'in role "admin"', (("databases", ("bad-database",)),): 'secret key does not authorize access ' + 'to database "main"', diff --git a/tests/test_server_ops.py b/tests/test_server_ops.py index d8676304dde..694270eb67b 100644 --- a/tests/test_server_ops.py +++ b/tests/test_server_ops.py @@ -400,7 +400,7 @@ async def test_server_only_bootstraps_once(self): async with tb.start_edgedb_server( data_dir=temp_dir, default_auth_method=args.ServerAuthMethod.Scram, - bootstrap_command='ALTER ROLE edgedb SET password := "first";' + bootstrap_command='ALTER ROLE admin SET password := "first";' ) as sd: con = await sd.connect(password='first') try: @@ -412,7 +412,7 @@ async def test_server_only_bootstraps_once(self): async with tb.start_edgedb_server( data_dir=temp_dir, default_auth_method=args.ServerAuthMethod.Scram, - bootstrap_command='ALTER ROLE edgedb SET password := "second";' + bootstrap_command='ALTER ROLE admin SET password := "second";' ) as sd: con = await sd.connect(password='first') try: @@ -509,7 +509,7 @@ async def test(pgdata_path, tenant): databases = await con.query('SELECT sys::Branch.name') self.assertEqual(set(databases), {'main', tenant}) roles = await con.query('SELECT sys::Role.name') - self.assertEqual(set(roles), {'edgedb', tenant}) + self.assertEqual(set(roles), {'admin', tenant}) finally: await con.aclose() @@ -544,7 +544,7 @@ async def test(pgdata_path, tenant): databases = await con.query('SELECT sys::Branch.name') self.assertEqual(set(databases), {'main', tenant}) roles = await con.query('SELECT sys::Role.name') - self.assertEqual(set(roles), {'edgedb', tenant}) + self.assertEqual(set(roles), {'admin', tenant}) finally: await con.aclose()