feat: add pgaudit extension (#1)

Closes #22

Signed-off-by: Husn E Rabbi <[email protected]>
Signed-off-by: Niccolò Fei <[email protected]>
Signed-off-by: Gabriele Bartolini <[email protected]>
Co-authored-by: Niccolò Fei <[email protected]>
Co-authored-by: Gabriele Bartolini <[email protected]>

Author: 3 people

.github/workflows/bake.yml

@@ -11,6 +11,7 @@ on:
         options:
           - pgvector
           - postgis
+          - pgaudit
 
 defaults:
   run:
@@ -41,6 +42,8 @@ jobs:
               - 'pgvector/**'
             postgis:
               - 'postgis/**'
+            pgaudit:
+              - 'pgaudit/**'
 
       # Compute a matrix containing the list of all extensions that have been modified
       - name: Compute matrix

README.md

@@ -22,8 +22,9 @@ For detailed instructions on building the images, see the [BUILD.md file](BUILD.
 
 ## Supported Extensions
 
-- [pgvector](pgvector) - Open-source vector similarity search for PostgreSQL
-- [PostGIS](postgis) - Open-source geospatial database extension for PostgreSQL
+- [pgvector](pgvector) - Vector similarity search for PostgreSQL
+- [PostGIS](postgis) - Geospatial database extension for PostgreSQL
+- [pgAudit](pgaudit) - PostgreSQL Audit Extension
 
 ---
 

pgaudit/Dockerfile

@@ -0,0 +1,26 @@
+ARG BASE=ghcr.io/cloudnative-pg/postgresql:18-minimal-trixie
+FROM $BASE AS builder
+
+ARG PG_MAJOR
+ARG EXT_VERSION
+
+USER 0
+
+RUN set -eux; \
+    apt-get update; \
+	apt-get install -y --no-install-recommends "postgresql-${PG_MAJOR}-pgaudit=${EXT_VERSION}"
+
+FROM scratch
+ARG PG_MAJOR
+
+# Licenses
+COPY --from=builder /usr/share/doc/postgresql-${PG_MAJOR}-pgaudit/copyright /licenses/postgresql-${PG_MAJOR}-pgaudit/
+
+# Libraries
+COPY --from=builder /usr/lib/postgresql/${PG_MAJOR}/lib/pgaudit* /lib/
+COPY --from=builder /usr/lib/postgresql/${PG_MAJOR}/lib/bitcode/ /lib/bitcode/
+
+# Share
+COPY --from=builder /usr/share/postgresql/${PG_MAJOR}/extension/pgaudit* /share/extension/
+
+USER 65532:65532

pgaudit/README.md

@@ -0,0 +1,67 @@
+# pgAudit Extension
+
+[pgAudit](https://github.com/pgaudit/pgaudit) is an open-source extension
+that provides detailed session and/or object audit logging for PostgreSQL.
+
+## Usage
+
+### 1. Add the pgAudit extension image to your Cluster
+
+Define the `pgaudit` extension under the `postgresql.extensions` section of
+your `Cluster` resource. For example:
+
+```yaml
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: cluster-pgaudit
+spec:
+  imageName: ghcr.io/cloudnative-pg/postgresql:18-minimal-trixie
+  instances: 1
+
+  storage:
+    size: 1Gi
+
+  postgresql:
+    shared_preload_libraries:
+      - "pgaudit"
+    parameters:
+      pgaudit.log: "all, -misc"
+      pgaudit.log_catalog: "off"
+      pgaudit.log_parameter: "on"
+      pgaudit.log_relation: "on"
+
+    extensions:
+    - name: pgaudit
+      image:
+        reference: ghcr.io/cloudnative-pg/pgaudit:18.0-18-trixie
+```
+
+### 2. Enable the extension in a database
+
+You can install `pgaudit` in a specific database by creating or updating a
+`Database` resource. For example, to enable it in the `app` database:
+
+```yaml
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: cluster-pgaudit-app
+spec:
+  name: app
+  owner: app
+  cluster:
+    name: cluster-pgaudit
+  extensions:
+  - name: pgaudit
+```
+
+### 3. Verify installation
+
+Once the database is ready, connect to it with `psql` and run:
+
+```sql
+\dx
+```
+
+You should see `pgaudit` listed among the installed extensions.

pgaudit/metadata.hcl

@@ -0,0 +1,20 @@
+metadata = {
+  name                     = "pgaudit"
+  sql_name                 = "pgaudit"
+  image_name               = "pgaudit"
+  shared_preload_libraries = ["pgaudit"]
+  extension_control_path   = []
+  dynamic_library_path     = []
+  ld_library_path          = []
+
+  versions = {
+    bookworm = {
+      // renovate: suite=bookworm-pgdg depName=postgresql-18-pgaudit
+      "18" = "18.0-2.pgdg12+1"
+    }
+    trixie = {
+      // renovate: suite=trixie-pgdg depName=postgresql-18-pgaudit
+      "18" = "18.0-2.pgdg13+1"
+    }
+  }
+}