supabase · soedirgo · Apr 2, 2025 · Apr 4, 2025 · Apr 4, 2025 · Apr 4, 2025
@@ -9,9 +9,9 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.0.1.59-orioledb"
-  postgres17: "17.4.1.009"
-  postgres15: "15.8.1.066"
+  postgresorioledb-17: "17.0.1.56-orioledb-evttrig-4"
+  postgres17: "17.4.1.006-evttrig-4"
+  postgres15: "15.8.1.063-evttrig-4"
 
 # Non Postgres Extensions
 pgbouncer_release: "1.19.0"

@@ -38,6 +38,7 @@ BEGIN
   END IF;
 END;
 $$;
+alter function extensions.grant_pg_cron_access owner to supabase_admin;
 
 drop event trigger if exists issue_pg_cron_access;
 CREATE EVENT TRIGGER issue_pg_cron_access ON ddl_command_end

@@ -0,0 +1,95 @@
+-- migrate:up
+drop event trigger if exists issue_pg_cron_access;
+drop event trigger if exists issue_pg_net_access;
+drop function if exists extensions.grant_pg_cron_access;
+drop function if exists extensions.grant_pg_net_access;
+
+CREATE OR REPLACE FUNCTION extensions.grant_pg_cron_access()
+ RETURNS event_trigger
+ LANGUAGE plpgsql
+AS $function$
+BEGIN
+  IF EXISTS (
+    SELECT
+    FROM pg_event_trigger_ddl_commands() AS ev
+    JOIN pg_extension AS ext
+    ON ev.objid = ext.oid
+    WHERE ext.extname = 'pg_cron'
+  )
+  THEN
+    grant usage on schema cron to postgres with grant option;
+
+    alter default privileges in schema cron grant all on tables to postgres with grant option;
+    alter default privileges in schema cron grant all on functions to postgres with grant option;
+    alter default privileges in schema cron grant all on sequences to postgres with grant option;
+
+    alter default privileges for user supabase_admin in schema cron grant all
+        on sequences to postgres with grant option;
+    alter default privileges for user supabase_admin in schema cron grant all
+        on tables to postgres with grant option;
+    alter default privileges for user supabase_admin in schema cron grant all
+        on functions to postgres with grant option;
+
+    grant all privileges on all tables in schema cron to postgres with grant option;
+    revoke all on table cron.job from postgres;
+    grant select on table cron.job to postgres with grant option;
+  END IF;
+END;
+$function$;
+
+CREATE OR REPLACE FUNCTION extensions.grant_pg_net_access()
+ RETURNS event_trigger
+ LANGUAGE plpgsql
+AS $function$
+BEGIN
+  IF EXISTS (
+    SELECT 1
+    FROM pg_event_trigger_ddl_commands() AS ev
+    JOIN pg_extension AS ext
+    ON ev.objid = ext.oid
+    WHERE ext.extname = 'pg_net'
+  )
+  THEN
+    IF NOT EXISTS (
+      SELECT 1
+      FROM pg_roles
+      WHERE rolname = 'supabase_functions_admin'
+    )
+    THEN
+      CREATE USER supabase_functions_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION;
+    END IF;
+
+    GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role;
+
+    IF EXISTS (
+      SELECT FROM pg_extension
+      WHERE extname = 'pg_net'
+      -- all versions in use on existing projects as of 2025-02-20
+      -- version 0.12.0 onwards don't need these applied
+      AND extversion IN ('0.2', '0.6', '0.7', '0.7.1', '0.8', '0.10.0', '0.11.0')
+    ) THEN
+      ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
+      ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
+
+      ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
+      ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
+
+      REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
+      REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
+
+      GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
+      GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
+    END IF;
+  END IF;
+END;
+$function$;
+
+CREATE EVENT TRIGGER issue_pg_cron_access ON ddl_command_end
+  WHEN TAG IN ('CREATE EXTENSION')
+  EXECUTE FUNCTION extensions.grant_pg_cron_access();
+
+CREATE EVENT TRIGGER issue_pg_net_access ON ddl_command_end
+  WHEN TAG IN ('CREATE EXTENSION')
+  EXECUTE FUNCTION extensions.grant_pg_net_access();
+
+-- migrate:down
@@ -2,21 +2,21 @@
 
 stdenv.mkDerivation rec {
   pname = "supautils";
-  version = "2.6.0";
+  version = "2.7.3";
 
   buildInputs = [ postgresql ];
 
   src = fetchFromGitHub {
     owner = "supabase";
     repo = pname;
     rev = "refs/tags/v${version}";
-    hash = "sha256-QNfUpQjqHNzbNqBvjb5a3GtNH9hjbBMDUK19xUU3LpI=";
+    hash = "sha256-QKQQUz6ObzqINTLZaMQtocOkYX0Rh61fBLoB+rZ64UM=";
   };
 
   installPhase = ''
     mkdir -p $out/lib
 
-    install -D *${postgresql.dlSuffix} -t $out/lib
+    install -D build/*${postgresql.dlSuffix} -t $out/lib
   '';
 
   meta = with lib; {
-Original file line number
+Diff line change
@@ Expand Up / @@ -38,6 +38,7 @@ BEGIN @@
       END IF;
     END;
     $$;
+    alter function extensions.grant_pg_cron_access owner to supabase_admin;
     drop event trigger if exists issue_pg_cron_access;
     CREATE EVENT TRIGGER issue_pg_cron_access ON ddl_command_end
@@ Expand Down @@