From b8af70d405905565ba0502905c358a6fdd3781fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Mar 2024 09:27:19 +0000 Subject: [PATCH] build(deps): bump github.com/aiven/go-api-schemas from 1.64.0 to 1.65.0 (#667) --- CHANGELOG.md | 1 + api/v1alpha1/userconfig/service/pg/pg.go | 53 ++++++++++ .../service/pg/zz_generated.deepcopy.go | 90 +++++++++++++++++ .../templates/aiven.io_postgresqls.yaml | 98 +++++++++++++++++++ config/crd/bases/aiven.io_postgresqls.yaml | 98 +++++++++++++++++++ docs/docs/api-reference/postgresql.md | 24 +++++ go.mod | 2 +- go.sum | 4 +- 8 files changed, 367 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 19b3cca0..df35198e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -45,6 +45,7 @@ Enable or disable filtering of alerting by backend roles. Requires Security plugin - Change `Redis` field `userConfig.redis_notify_keyspace_events`: pattern ~~`^[KEg\$lshzxeA]*$`~~ → `^[KEg\$lshzxentdmA]*$` +- Add `PostgreSQL` field `userConfig.pgaudit`, type `object`: System-wide settings for the pgaudit extension ## v0.17.0 - 2024-02-01 diff --git a/api/v1alpha1/userconfig/service/pg/pg.go b/api/v1alpha1/userconfig/service/pg/pg.go index 3257b1c5..b2dd637a 100644 --- a/api/v1alpha1/userconfig/service/pg/pg.go +++ b/api/v1alpha1/userconfig/service/pg/pg.go @@ -309,6 +309,56 @@ type PgQualstats struct { TrackPgCatalog *bool `groups:"create,update" json:"track_pg_catalog,omitempty"` } +// System-wide settings for the pgaudit extension +type Pgaudit struct { + // Enable pgaudit extension. When enabled, pgaudit extension will be automatically installed.Otherwise, extension will be uninstalled but auditing configurations will be preserved. + FeatureEnabled *bool `groups:"create,update" json:"feature_enabled,omitempty"` + + // Specifies which classes of statements will be logged by session audit logging. + Log []string `groups:"create,update" json:"log,omitempty"` + + // Specifies that session logging should be enabled in the casewhere all relations in a statement are in pg_catalog. + LogCatalog *bool `groups:"create,update" json:"log_catalog,omitempty"` + + // Specifies whether log messages will be visible to a client process such as psql. + LogClient *bool `groups:"create,update" json:"log_client,omitempty"` + + // +kubebuilder:validation:Enum="debug1";"debug2";"debug3";"debug4";"debug5";"info";"notice";"warning";"log" + // Specifies the log level that will be used for log entries. + LogLevel *string `groups:"create,update" json:"log_level,omitempty"` + + // +kubebuilder:validation:Minimum=-1 + // +kubebuilder:validation:Maximum=102400 + // Crop parameters representation and whole statements if they exceed this threshold. A (default) value of -1 disable the truncation. + LogMaxStringLength *int `groups:"create,update" json:"log_max_string_length,omitempty"` + + // This GUC allows to turn off logging nested statements, that is, statements that are executed as part of another ExecutorRun. + LogNestedStatements *bool `groups:"create,update" json:"log_nested_statements,omitempty"` + + // Specifies that audit logging should include the parameters that were passed with the statement. + LogParameter *bool `groups:"create,update" json:"log_parameter,omitempty"` + + // Specifies that parameter values longer than this setting (in bytes) should not be logged, but replaced with . + LogParameterMaxSize *int `groups:"create,update" json:"log_parameter_max_size,omitempty"` + + // Specifies whether session audit logging should create a separate log entry for each relation (TABLE, VIEW, etc.) referenced in a SELECT or DML statement. + LogRelation *bool `groups:"create,update" json:"log_relation,omitempty"` + + // Specifies that audit logging should include the rows retrieved or affected by a statement. When enabled the rows field will be included after the parameter field. + LogRows *bool `groups:"create,update" json:"log_rows,omitempty"` + + // Specifies whether logging will include the statement text and parameters (if enabled). + LogStatement *bool `groups:"create,update" json:"log_statement,omitempty"` + + // Specifies whether logging will include the statement text and parameters with the first log entry for a statement/substatement combination or with every entry. + LogStatementOnce *bool `groups:"create,update" json:"log_statement_once,omitempty"` + + // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$` + // Specifies the master role to use for object audit logging. + Role *string `groups:"create,update" json:"role,omitempty"` +} + // PGBouncer connection pooling settings type Pgbouncer struct { // +kubebuilder:validation:Minimum=0 @@ -464,6 +514,9 @@ type PgUserConfig struct { // PostgreSQL major version PgVersion *string `groups:"create,update" json:"pg_version,omitempty"` + // System-wide settings for the pgaudit extension + Pgaudit *Pgaudit `groups:"create,update" json:"pgaudit,omitempty"` + // PGBouncer connection pooling settings Pgbouncer *Pgbouncer `groups:"create,update" json:"pgbouncer,omitempty"` diff --git a/api/v1alpha1/userconfig/service/pg/zz_generated.deepcopy.go b/api/v1alpha1/userconfig/service/pg/zz_generated.deepcopy.go index 3cfaad69..bb937f68 100644 --- a/api/v1alpha1/userconfig/service/pg/zz_generated.deepcopy.go +++ b/api/v1alpha1/userconfig/service/pg/zz_generated.deepcopy.go @@ -451,6 +451,11 @@ func (in *PgUserConfig) DeepCopyInto(out *PgUserConfig) { *out = new(string) **out = **in } + if in.Pgaudit != nil { + in, out := &in.Pgaudit, &out.Pgaudit + *out = new(Pgaudit) + (*in).DeepCopyInto(*out) + } if in.Pgbouncer != nil { in, out := &in.Pgbouncer, &out.Pgbouncer *out = new(Pgbouncer) @@ -538,6 +543,91 @@ func (in *PgUserConfig) DeepCopy() *PgUserConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Pgaudit) DeepCopyInto(out *Pgaudit) { + *out = *in + if in.FeatureEnabled != nil { + in, out := &in.FeatureEnabled, &out.FeatureEnabled + *out = new(bool) + **out = **in + } + if in.Log != nil { + in, out := &in.Log, &out.Log + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.LogCatalog != nil { + in, out := &in.LogCatalog, &out.LogCatalog + *out = new(bool) + **out = **in + } + if in.LogClient != nil { + in, out := &in.LogClient, &out.LogClient + *out = new(bool) + **out = **in + } + if in.LogLevel != nil { + in, out := &in.LogLevel, &out.LogLevel + *out = new(string) + **out = **in + } + if in.LogMaxStringLength != nil { + in, out := &in.LogMaxStringLength, &out.LogMaxStringLength + *out = new(int) + **out = **in + } + if in.LogNestedStatements != nil { + in, out := &in.LogNestedStatements, &out.LogNestedStatements + *out = new(bool) + **out = **in + } + if in.LogParameter != nil { + in, out := &in.LogParameter, &out.LogParameter + *out = new(bool) + **out = **in + } + if in.LogParameterMaxSize != nil { + in, out := &in.LogParameterMaxSize, &out.LogParameterMaxSize + *out = new(int) + **out = **in + } + if in.LogRelation != nil { + in, out := &in.LogRelation, &out.LogRelation + *out = new(bool) + **out = **in + } + if in.LogRows != nil { + in, out := &in.LogRows, &out.LogRows + *out = new(bool) + **out = **in + } + if in.LogStatement != nil { + in, out := &in.LogStatement, &out.LogStatement + *out = new(bool) + **out = **in + } + if in.LogStatementOnce != nil { + in, out := &in.LogStatementOnce, &out.LogStatementOnce + *out = new(bool) + **out = **in + } + if in.Role != nil { + in, out := &in.Role, &out.Role + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Pgaudit. +func (in *Pgaudit) DeepCopy() *Pgaudit { + if in == nil { + return nil + } + out := new(Pgaudit) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Pgbouncer) DeepCopyInto(out *Pgbouncer) { *out = *in diff --git a/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml b/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml index 9d2020f3..19f1a16e 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml @@ -774,6 +774,104 @@ spec: - "15" - "16" type: string + pgaudit: + description: System-wide settings for the pgaudit extension + properties: + feature_enabled: + description: + Enable pgaudit extension. When enabled, pgaudit + extension will be automatically installed.Otherwise, extension + will be uninstalled but auditing configurations will be + preserved. + type: boolean + log: + description: + Specifies which classes of statements will be + logged by session audit logging. + items: + type: string + type: array + log_catalog: + description: + Specifies that session logging should be enabled + in the casewhere all relations in a statement are in pg_catalog. + type: boolean + log_client: + description: + Specifies whether log messages will be visible + to a client process such as psql. + type: boolean + log_level: + description: + Specifies the log level that will be used for + log entries. + enum: + - debug1 + - debug2 + - debug3 + - debug4 + - debug5 + - info + - notice + - warning + - log + type: string + log_max_string_length: + description: + Crop parameters representation and whole statements + if they exceed this threshold. A (default) value of -1 disable + the truncation. + maximum: 102400 + minimum: -1 + type: integer + log_nested_statements: + description: + This GUC allows to turn off logging nested statements, + that is, statements that are executed as part of another + ExecutorRun. + type: boolean + log_parameter: + description: + Specifies that audit logging should include the + parameters that were passed with the statement. + type: boolean + log_parameter_max_size: + description: + Specifies that parameter values longer than this + setting (in bytes) should not be logged, but replaced with + . + type: integer + log_relation: + description: + Specifies whether session audit logging should + create a separate log entry for each relation (TABLE, VIEW, + etc.) referenced in a SELECT or DML statement. + type: boolean + log_rows: + description: + Specifies that audit logging should include the + rows retrieved or affected by a statement. When enabled + the rows field will be included after the parameter field. + type: boolean + log_statement: + description: + Specifies whether logging will include the statement + text and parameters (if enabled). + type: boolean + log_statement_once: + description: + Specifies whether logging will include the statement + text and parameters with the first log entry for a statement/substatement + combination or with every entry. + type: boolean + role: + description: + Specifies the master role to use for object audit + logging. + maxLength: 64 + pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$ + type: string + type: object pgbouncer: description: PGBouncer connection pooling settings properties: diff --git a/config/crd/bases/aiven.io_postgresqls.yaml b/config/crd/bases/aiven.io_postgresqls.yaml index 9d2020f3..19f1a16e 100644 --- a/config/crd/bases/aiven.io_postgresqls.yaml +++ b/config/crd/bases/aiven.io_postgresqls.yaml @@ -774,6 +774,104 @@ spec: - "15" - "16" type: string + pgaudit: + description: System-wide settings for the pgaudit extension + properties: + feature_enabled: + description: + Enable pgaudit extension. When enabled, pgaudit + extension will be automatically installed.Otherwise, extension + will be uninstalled but auditing configurations will be + preserved. + type: boolean + log: + description: + Specifies which classes of statements will be + logged by session audit logging. + items: + type: string + type: array + log_catalog: + description: + Specifies that session logging should be enabled + in the casewhere all relations in a statement are in pg_catalog. + type: boolean + log_client: + description: + Specifies whether log messages will be visible + to a client process such as psql. + type: boolean + log_level: + description: + Specifies the log level that will be used for + log entries. + enum: + - debug1 + - debug2 + - debug3 + - debug4 + - debug5 + - info + - notice + - warning + - log + type: string + log_max_string_length: + description: + Crop parameters representation and whole statements + if they exceed this threshold. A (default) value of -1 disable + the truncation. + maximum: 102400 + minimum: -1 + type: integer + log_nested_statements: + description: + This GUC allows to turn off logging nested statements, + that is, statements that are executed as part of another + ExecutorRun. + type: boolean + log_parameter: + description: + Specifies that audit logging should include the + parameters that were passed with the statement. + type: boolean + log_parameter_max_size: + description: + Specifies that parameter values longer than this + setting (in bytes) should not be logged, but replaced with + . + type: integer + log_relation: + description: + Specifies whether session audit logging should + create a separate log entry for each relation (TABLE, VIEW, + etc.) referenced in a SELECT or DML statement. + type: boolean + log_rows: + description: + Specifies that audit logging should include the + rows retrieved or affected by a statement. When enabled + the rows field will be included after the parameter field. + type: boolean + log_statement: + description: + Specifies whether logging will include the statement + text and parameters (if enabled). + type: boolean + log_statement_once: + description: + Specifies whether logging will include the statement + text and parameters with the first log entry for a statement/substatement + combination or with every entry. + type: boolean + role: + description: + Specifies the master role to use for object audit + logging. + maxLength: 64 + pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$ + type: string + type: object pgbouncer: description: PGBouncer connection pooling settings properties: diff --git a/docs/docs/api-reference/postgresql.md b/docs/docs/api-reference/postgresql.md index db775bf9..b967bb00 100644 --- a/docs/docs/api-reference/postgresql.md +++ b/docs/docs/api-reference/postgresql.md @@ -156,6 +156,7 @@ PostgreSQL specific user configuration options. - [`pg_service_to_fork_from`](#spec.userConfig.pg_service_to_fork_from-property){: name='spec.userConfig.pg_service_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 64). Name of the PG Service from which to fork (deprecated, use service_to_fork_from). This has effect only when a new service is being created. - [`pg_stat_monitor_enable`](#spec.userConfig.pg_stat_monitor_enable-property){: name='spec.userConfig.pg_stat_monitor_enable-property'} (boolean). Enable the pg_stat_monitor extension. Enabling this extension will cause the cluster to be restarted.When this extension is enabled, pg_stat_statements results for utility commands are unreliable. - [`pg_version`](#spec.userConfig.pg_version-property){: name='spec.userConfig.pg_version-property'} (string, Enum: `12`, `13`, `14`, `15`, `16`). PostgreSQL major version. +- [`pgaudit`](#spec.userConfig.pgaudit-property){: name='spec.userConfig.pgaudit-property'} (object). System-wide settings for the pgaudit extension. See below for [nested schema](#spec.userConfig.pgaudit). - [`pgbouncer`](#spec.userConfig.pgbouncer-property){: name='spec.userConfig.pgbouncer-property'} (object). PGBouncer connection pooling settings. See below for [nested schema](#spec.userConfig.pgbouncer). - [`pglookout`](#spec.userConfig.pglookout-property){: name='spec.userConfig.pglookout-property'} (object). System-wide settings for pglookout. See below for [nested schema](#spec.userConfig.pglookout). - [`private_access`](#spec.userConfig.private_access-property){: name='spec.userConfig.private_access-property'} (object). Allow access to selected service ports from private networks. See below for [nested schema](#spec.userConfig.private_access). @@ -278,6 +279,29 @@ Deprecated. System-wide settings for the pg_qualstats extension. - [`track_constants`](#spec.userConfig.pg_qualstats.track_constants-property){: name='spec.userConfig.pg_qualstats.track_constants-property'} (boolean). Deprecated. Enable / Disable pg_qualstats constants tracking. - [`track_pg_catalog`](#spec.userConfig.pg_qualstats.track_pg_catalog-property){: name='spec.userConfig.pg_qualstats.track_pg_catalog-property'} (boolean). Deprecated. Track quals on system catalogs too. +### pgaudit {: #spec.userConfig.pgaudit } + +_Appears on [`spec.userConfig`](#spec.userConfig)._ + +System-wide settings for the pgaudit extension. + +**Optional** + +- [`feature_enabled`](#spec.userConfig.pgaudit.feature_enabled-property){: name='spec.userConfig.pgaudit.feature_enabled-property'} (boolean). Enable pgaudit extension. When enabled, pgaudit extension will be automatically installed.Otherwise, extension will be uninstalled but auditing configurations will be preserved. +- [`log`](#spec.userConfig.pgaudit.log-property){: name='spec.userConfig.pgaudit.log-property'} (array of strings). Specifies which classes of statements will be logged by session audit logging. +- [`log_catalog`](#spec.userConfig.pgaudit.log_catalog-property){: name='spec.userConfig.pgaudit.log_catalog-property'} (boolean). Specifies that session logging should be enabled in the casewhere all relations in a statement are in pg_catalog. +- [`log_client`](#spec.userConfig.pgaudit.log_client-property){: name='spec.userConfig.pgaudit.log_client-property'} (boolean). Specifies whether log messages will be visible to a client process such as psql. +- [`log_level`](#spec.userConfig.pgaudit.log_level-property){: name='spec.userConfig.pgaudit.log_level-property'} (string, Enum: `debug1`, `debug2`, `debug3`, `debug4`, `debug5`, `info`, `notice`, `warning`, `log`). Specifies the log level that will be used for log entries. +- [`log_max_string_length`](#spec.userConfig.pgaudit.log_max_string_length-property){: name='spec.userConfig.pgaudit.log_max_string_length-property'} (integer, Minimum: -1, Maximum: 102400). Crop parameters representation and whole statements if they exceed this threshold. A (default) value of -1 disable the truncation. +- [`log_nested_statements`](#spec.userConfig.pgaudit.log_nested_statements-property){: name='spec.userConfig.pgaudit.log_nested_statements-property'} (boolean). This GUC allows to turn off logging nested statements, that is, statements that are executed as part of another ExecutorRun. +- [`log_parameter`](#spec.userConfig.pgaudit.log_parameter-property){: name='spec.userConfig.pgaudit.log_parameter-property'} (boolean). Specifies that audit logging should include the parameters that were passed with the statement. +- [`log_parameter_max_size`](#spec.userConfig.pgaudit.log_parameter_max_size-property){: name='spec.userConfig.pgaudit.log_parameter_max_size-property'} (integer). Specifies that parameter values longer than this setting (in bytes) should not be logged, but replaced with . +- [`log_relation`](#spec.userConfig.pgaudit.log_relation-property){: name='spec.userConfig.pgaudit.log_relation-property'} (boolean). Specifies whether session audit logging should create a separate log entry for each relation (TABLE, VIEW, etc.) referenced in a SELECT or DML statement. +- [`log_rows`](#spec.userConfig.pgaudit.log_rows-property){: name='spec.userConfig.pgaudit.log_rows-property'} (boolean). Specifies that audit logging should include the rows retrieved or affected by a statement. When enabled the rows field will be included after the parameter field. +- [`log_statement`](#spec.userConfig.pgaudit.log_statement-property){: name='spec.userConfig.pgaudit.log_statement-property'} (boolean). Specifies whether logging will include the statement text and parameters (if enabled). +- [`log_statement_once`](#spec.userConfig.pgaudit.log_statement_once-property){: name='spec.userConfig.pgaudit.log_statement_once-property'} (boolean). Specifies whether logging will include the statement text and parameters with the first log entry for a statement/substatement combination or with every entry. +- [`role`](#spec.userConfig.pgaudit.role-property){: name='spec.userConfig.pgaudit.role-property'} (string, Pattern: `^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$`, MaxLength: 64). Specifies the master role to use for object audit logging. + ### pgbouncer {: #spec.userConfig.pgbouncer } _Appears on [`spec.userConfig`](#spec.userConfig)._ diff --git a/go.mod b/go.mod index e9f61d1a..e2cb7d88 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.21 require ( github.com/aiven/aiven-go-client/v2 v2.12.0 - github.com/aiven/go-api-schemas v1.64.0 + github.com/aiven/go-api-schemas v1.65.0 github.com/aiven/go-client-codegen v0.2.0 github.com/dave/jennifer v1.7.0 github.com/docker/go-units v0.5.0 diff --git a/go.sum b/go.sum index 7e1d1c23..bc1e3e08 100644 --- a/go.sum +++ b/go.sum @@ -35,8 +35,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/aiven/aiven-go-client/v2 v2.12.0 h1:VxOfn61AtfLjy2B+DdXF2/7OHyyFZ1aQaIlE3TOyIsE= github.com/aiven/aiven-go-client/v2 v2.12.0/go.mod h1:x0xhzxWEKAwKv0xY5FvECiI6tesWshcPHvjwl0B/1SU= -github.com/aiven/go-api-schemas v1.64.0 h1:A9SQp27LZGtXv3+HITTXUgORjtWmJgM/SrOH+Vf0VRo= -github.com/aiven/go-api-schemas v1.64.0/go.mod h1:/bPxBUHza/2Aeer6hIIdB++GxKiw9K1KCBtRa2rtZ5I= +github.com/aiven/go-api-schemas v1.65.0 h1:r4ooY83kWwkQQPCq55W4oHitNv+SZ2fzVDxuY3KwU28= +github.com/aiven/go-api-schemas v1.65.0/go.mod h1:/bPxBUHza/2Aeer6hIIdB++GxKiw9K1KCBtRa2rtZ5I= github.com/aiven/go-client-codegen v0.2.0 h1:f82CHhXCBbrBIUa3yworytXjiolp/Q73epnbRjQIwBk= github.com/aiven/go-client-codegen v0.2.0/go.mod h1:qQ5dwRfNnGS4eAYk7JdC5htQI85g7eA/e71ZLyY8pQw= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=