fix: address PostgREST PR review feedback (PLAT-499/500/501/502/503)

Move credential handling out of container env vars into postgrest.conf
via db-uri. Environment variables are visible to all users on the host
via docker inspect and /proc; the config file is restricted to the
service user (mode 0600).

Move config file generation to PostgRESTServiceConfig.GenerateConf in
the database package, where it belongs alongside the type it serializes.
PostgRESTConnParams carries the runtime connection details (host, port,
credentials) separately from the user-supplied PostgRESTServiceConfig.

Fix merge conflict resolution in service_user_role.go: remove the
duplicate MCP code block that was left in and drop DBOwner: false to
align with the upstream change in main.

Implement Update() for PostgREST ServiceUserRole to reconcile DBAnonRole
changes at runtime. Queries pg_auth_members for stale role memberships,
revokes them, and re-applies the desired grants idempotently. Without
this, a DBAnonRole change would leave the authenticator role unable to
SET ROLE to the new anon role.

Add REVOKE CONNECT ON DATABASE before DROP ROLE in Delete() for PostgREST
service users. PostgreSQL refuses to drop a role that holds database
privileges, causing the DROP to fail silently. Revoking first ensures
clean deletion.

Author: moizpgedge

.circleci/config.yml

@@ -42,7 +42,7 @@ commands:
   common_setup:
     steps:
       - go/install:
-          version: '1.25.5'
+          version: '1.25.8'
       - checkout
       - use_mod_cache
       - run:

.gitignore

@@ -21,5 +21,6 @@ docs/plans
 *-results.xml
 dist
 control-plane
+pgedge-control-plane
 !docker/control-plane
 e2e/debug

.goreleaser.yaml

@@ -1,8 +1,8 @@
 version: 2
-project_name: control-plane
+project_name: pgedge-control-plane
 builds:
   - main: ./server
-    binary: control-plane
+    binary: pgedge-control-plane
     env:
       - CGO_ENABLED=0
     goos:

.trivyignore

@@ -0,0 +1,4 @@
+# Docker client SDK v27 — these CVEs are in the Docker daemon, not the
+# Go client library. No Docker plugins are used in this project.
+CVE-2026-34040
+CVE-2026-33997

Makefile

@@ -7,6 +7,7 @@ LOG_LEVEL ?= info
 DEV_IMAGE_REPO ?= ghcr.io/pgedge
 CONTROL_PLANE_IMAGE_REPO ?= host.docker.internal:5000/control-plane
 TEST_RERUN_FAILS ?= 0
+TEST_DISABLE_CACHE ?= 0
 E2E_FIXTURE ?=
 E2E_PARALLEL ?= 8
 E2E_RUN ?=
@@ -23,9 +24,10 @@ CLUSTER_TEST_SKIP_CLEANUP ?= 0
 CLUSTER_TEST_IMAGE_TAG ?=
 CLUSTER_TEST_DATA_DIR ?=
 
+ci_enabled=$(filter true,$(CI))
 docker_swarm_state=$(shell docker info --format '{{.Swarm.LocalNodeState}}')
-buildx_builder=$(if $(CI),"control-plane-ci","control-plane")
-buildx_config=$(if $(CI),"./buildkit.ci.toml","./buildkit.toml")
+buildx_builder=$(if $(ci_enabled),"control-plane-ci","control-plane")
+buildx_config=$(if $(ci_enabled),"./buildkit.ci.toml","./buildkit.toml")
 docker_compose_dev=WORKSPACE_DIR=$(shell pwd) \
 		DEBUG=$(DEBUG) \
 		LOG_LEVEL=$(LOG_LEVEL) \
@@ -50,13 +52,16 @@ cluster_test_args=-tags=cluster_test -count=1 -timeout=10m \
 	$(if $(CLUSTER_TEST_IMAGE_TAG),-image-tag $(CLUSTER_TEST_IMAGE_TAG)) \
 	$(if $(CLUSTER_TEST_DATA_DIR),-data-dir $(CLUSTER_TEST_DATA_DIR))
 
+test_disable_cache=$(if $(filter 1,$(TEST_DISABLE_CACHE)),-count=1)
+workflows_backend_skip=-skip=Test_EtcdBackendE2E/AutoExpiration/StartsWorkflowAndRemoves
+
 # Automatically adds junit output named after the rule, e.g.
 # 'test-e2e-results.xml' in CI environment.
 gotestsum=$(gobin)/gotestsum \
-	$(if $(filter true,$(CI)),--junitfile $@-results.xml)
+	$(if $(ci_enabled),--junitfile $@-results.xml)
 
 golangci-lint=$(gobin)/golangci-lint \
-	$(if $(filter true,$(CI)),--output.text.path stdout --output.junit-xml.path $@-results.xml)
+	$(if $(ci_enabled),--output.text.path stdout --output.junit-xml.path $@-results.xml)
 
 .DEFAULT_GOAL := build
 
@@ -69,7 +74,9 @@ test:
 	$(gotestsum) \
 		--format-hide-empty-pkg \
 		--rerun-fails=$(TEST_RERUN_FAILS) \
-		--packages='./...'
+		--packages='./...' \
+		-- \
+		$(test_disable_cache)
 
 .PHONY: test-etcd
 test-etcd-lifecycle:
@@ -78,16 +85,25 @@ test-etcd-lifecycle:
 		--rerun-fails=$(TEST_RERUN_FAILS) \
 		--packages='./server/internal/etcd/...' \
 		-- \
+		$(test_disable_cache) \
 		-tags=etcd_lifecycle_test
 
+# We skip StartsWorkflowAndRemoves because it contains a race condition that's
+# much more prevalent now that we're executing workflows more quickly. This test
+# uses the "autoexpire" feature to remove workflows that are older than 1
+# millisecond. It starts a workflow, waits for the result, and then waits for
+# the workflow to be removed. Occasionally, the workflow gets removed while the
+# "waiting for result" step is still polling the workflow status.
 .PHONY: test-workflows-backend
 test-workflows-backend:
 	$(gotestsum) \
 		--format-hide-empty-pkg \
 		--rerun-fails=$(TEST_RERUN_FAILS) \
 		--packages='./server/internal/workflows/backend/etcd/...' \
 		-- \
-		-tags=workflows_backend_test
+		$(test_disable_cache) \
+		-tags=workflows_backend_test \
+		$(workflows_backend_skip)
 
 .PHONY: test-ci
 test-ci:
@@ -97,7 +113,9 @@ test-ci:
 		--rerun-fails=$(TEST_RERUN_FAILS) \
 		--packages='./...' \
 		-- \
-		-tags=workflows_backend_test,etcd_lifecycle_test
+		-count=1 \
+		-tags=workflows_backend_test,etcd_lifecycle_test \
+		$(workflows_backend_skip)
 
 .PHONY: test-e2e
 test-e2e:
@@ -257,12 +275,12 @@ control-plane-images:
 goreleaser-build:
 	GORELEASER_CURRENT_TAG=$(CONTROL_PLANE_VERSION) \
 	$(goreleaser) build --snapshot --clean
-	tar -C dist/control-plane_linux_amd64_v1 -c -z \
-		-f dist/control-plane_$(CONTROL_PLANE_VERSION:v%=%)_linux_amd64.tar.gz \
-		control-plane
-	tar -C dist/control-plane_linux_arm64_v8.0 -c -z \
-		-f dist/control-plane_$(CONTROL_PLANE_VERSION:v%=%)_linux_arm64.tar.gz \
-		control-plane
+	tar -C dist/pgedge-control-plane_linux_amd64_v1 -c -z \
+		-f dist/pgedge-control-plane_$(CONTROL_PLANE_VERSION:v%=%)_linux_amd64.tar.gz \
+		pgedge-control-plane
+	tar -C dist/pgedge-control-plane_linux_arm64_v8.0 -c -z \
+		-f dist/pgedge-control-plane_$(CONTROL_PLANE_VERSION:v%=%)_linux_arm64.tar.gz \
+		pgedge-control-plane
 
 goreleaser-test-release:
 	GORELEASER_CURRENT_TAG=$(CONTROL_PLANE_VERSION) \
@@ -331,7 +349,7 @@ build: dev-build
 dev-build: 
 	GOOS=linux go build \
 		-gcflags "all=-N -l" \
-		-o docker/control-plane-dev/control-plane \
+		-o docker/control-plane-dev/pgedge-control-plane \
 		$(shell pwd)/server
 
 .PHONY: docker-swarm-init
@@ -396,7 +414,7 @@ api-docs:
 ci-compose-build: 
 	GOOS=linux go build \
 		-gcflags "all=-N -l" \
-		-o docker/control-plane-ci/control-plane \
+		-o docker/control-plane-ci/pgedge-control-plane \
 		$(shell pwd)/server
 
 .PHONY: ci-compose-detached

NOTICE.txt

@@ -436,8 +436,8 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 ## github.com/containerd/containerd/pkg/userns
 
 * Name: github.com/containerd/containerd/pkg/userns
-* Version: v1.7.27
-* License: [Apache-2.0](https://github.com/containerd/containerd/blob/v1.7.27/LICENSE)
+* Version: v1.7.29
+* License: [Apache-2.0](https://github.com/containerd/containerd/blob/v1.7.29/LICENSE)
 
 ```
 
@@ -12557,8 +12557,8 @@ Exhibit B - "Incompatible With Secondary Licenses" Notice
 ## go.opentelemetry.io/otel
 
 * Name: go.opentelemetry.io/otel
-* Version: v1.38.0
-* License: [Apache-2.0](https://github.com/open-telemetry/opentelemetry-go/blob/v1.38.0/LICENSE)
+* Version: v1.40.0
+* License: [Apache-2.0](https://github.com/open-telemetry/opentelemetry-go/blob/v1.40.0/LICENSE)
 
 ```
                                  Apache License
@@ -12797,8 +12797,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ## go.opentelemetry.io/otel
 
 * Name: go.opentelemetry.io/otel
-* Version: v1.38.0
-* License: [BSD-3-Clause](https://github.com/open-telemetry/opentelemetry-go/blob/v1.38.0/LICENSE)
+* Version: v1.40.0
+* License: [BSD-3-Clause](https://github.com/open-telemetry/opentelemetry-go/blob/v1.40.0/LICENSE)
 
 ```
                                  Apache License
@@ -13459,8 +13459,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ## go.opentelemetry.io/otel/metric
 
 * Name: go.opentelemetry.io/otel/metric
-* Version: v1.38.0
-* License: [Apache-2.0](https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.38.0/metric/LICENSE)
+* Version: v1.40.0
+* License: [Apache-2.0](https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.40.0/metric/LICENSE)
 
 ```
                                  Apache License
@@ -13699,8 +13699,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ## go.opentelemetry.io/otel/metric
 
 * Name: go.opentelemetry.io/otel/metric
-* Version: v1.38.0
-* License: [BSD-3-Clause](https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.38.0/metric/LICENSE)
+* Version: v1.40.0
+* License: [BSD-3-Clause](https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.40.0/metric/LICENSE)
 
 ```
                                  Apache License
@@ -13939,8 +13939,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ## go.opentelemetry.io/otel/sdk
 
 * Name: go.opentelemetry.io/otel/sdk
-* Version: v1.38.0
-* License: [Apache-2.0](https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.38.0/sdk/LICENSE)
+* Version: v1.40.0
+* License: [Apache-2.0](https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.40.0/sdk/LICENSE)
 
 ```
                                  Apache License
@@ -14179,8 +14179,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ## go.opentelemetry.io/otel/sdk
 
 * Name: go.opentelemetry.io/otel/sdk
-* Version: v1.38.0
-* License: [BSD-3-Clause](https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.38.0/sdk/LICENSE)
+* Version: v1.40.0
+* License: [BSD-3-Clause](https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.40.0/sdk/LICENSE)
 
 ```
                                  Apache License
@@ -14419,8 +14419,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ## go.opentelemetry.io/otel/trace
 
 * Name: go.opentelemetry.io/otel/trace
-* Version: v1.38.0
-* License: [Apache-2.0](https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.38.0/trace/LICENSE)
+* Version: v1.40.0
+* License: [Apache-2.0](https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.40.0/trace/LICENSE)
 
 ```
                                  Apache License
@@ -14659,8 +14659,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ## go.opentelemetry.io/otel/trace
 
 * Name: go.opentelemetry.io/otel/trace
-* Version: v1.38.0
-* License: [BSD-3-Clause](https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.38.0/trace/LICENSE)
+* Version: v1.40.0
+* License: [BSD-3-Clause](https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.40.0/trace/LICENSE)
 
 ```
                                  Apache License
@@ -15376,8 +15376,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ## golang.org/x/sys/unix
 
 * Name: golang.org/x/sys/unix
-* Version: v0.39.0
-* License: [BSD-3-Clause](https://cs.opensource.google/go/x/sys/+/v0.39.0:LICENSE)
+* Version: v0.40.0
+* License: [BSD-3-Clause](https://cs.opensource.google/go/x/sys/+/v0.40.0:LICENSE)
 
 ```
 Copyright 2009 The Go Authors.
@@ -15450,8 +15450,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ## golang.org/x/time/rate
 
 * Name: golang.org/x/time/rate
-* Version: v0.9.0
-* License: [BSD-3-Clause](https://cs.opensource.google/go/x/time/+/v0.9.0:LICENSE)
+* Version: v0.12.0
+* License: [BSD-3-Clause](https://cs.opensource.google/go/x/time/+/v0.12.0:LICENSE)
 
 ```
 Copyright 2009 The Go Authors.
@@ -15556,8 +15556,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ## google.golang.org/genproto/googleapis/api
 
 * Name: google.golang.org/genproto/googleapis/api
-* Version: v0.0.0-20251022142026-3a174f9686a8
-* License: [Apache-2.0](https://github.com/googleapis/go-genproto/blob/3a174f9686a8/googleapis/api/LICENSE)
+* Version: v0.0.0-20251202230838-ff82c1b0f217
+* License: [Apache-2.0](https://github.com/googleapis/go-genproto/blob/ff82c1b0f217/googleapis/api/LICENSE)
 
 ```
 
@@ -15980,8 +15980,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ## google.golang.org/grpc
 
 * Name: google.golang.org/grpc
-* Version: v1.77.0
-* License: [Apache-2.0](https://github.com/grpc/grpc-go/blob/v1.77.0/LICENSE)
+* Version: v1.79.3
+* License: [Apache-2.0](https://github.com/grpc/grpc-go/blob/v1.79.3/LICENSE)
 
 ```
 

api/apiv1/design/database.go

@@ -670,7 +670,6 @@ var Database = g.Type("Database", func() {
 			"deleting",
 			"degraded",
 			"failed",
-			"backing_up",
 			"restoring",
 			"unknown",
 		)