diff --git a/.changeset/small-hills-earn.md b/.changeset/small-hills-earn.md new file mode 100644 index 00000000000..70fc3fad3b5 --- /dev/null +++ b/.changeset/small-hills-earn.md @@ -0,0 +1,5 @@ +--- +"chainlink": patch +--- + +#bugfix Fixed permissions in test db setup script (grant CREATEROLE and repair leftover NOLOGIN pgtdbuser for pgtestdb) diff --git a/core/scripts/setup_testdb.sh b/core/scripts/setup_testdb.sh index cdaf3547ece..e3a80a1b473 100755 --- a/core/scripts/setup_testdb.sh +++ b/core/scripts/setup_testdb.sh @@ -28,6 +28,18 @@ WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$database')\gexec ALTER DATABASE $database OWNER TO $username; GRANT ALL PRIVILEGES ON DATABASE "$database" TO "$username"; ALTER USER $username CREATEDB; +-- CREATEROLE is required by pgtestdb, which provisions an isolated role (pgtdbuser) per test run. +ALTER USER $username CREATEROLE; + +-- Repair a leftover pgtdbuser from an earlier run that lacks LOGIN. pgtestdb only sets +-- LOGIN when it first creates the role, so a pre-existing NOLOGIN role stays broken and +-- tests fail with: role "pgtdbuser" is not permitted to log in (SQLSTATE 28000). +DO \$\$ +BEGIN + IF EXISTS (SELECT FROM pg_roles WHERE rolname = 'pgtdbuser' AND NOT rolcanlogin) THEN + ALTER ROLE pgtdbuser WITH LOGIN PASSWORD 'pgtdbpass'; + END IF; +END \$\$; EOF