external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes create_role_propagation

granted_by_propagation
gurkanindibay 2024-03-11 12:17:57 +03:00
parent 93c140a913
commit 154dfeed49
1 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/test/regress/expected/create_role_propagation.out
View File

@ -225,6 +225,10 @@ SET citus.enable_create_role_propagation TO ON;
grant dist_role_3,dist_role_1 to test_admin_role with admin option; grant dist_role_3,dist_role_1 to test_admin_role with admin option;
SET ROLE dist_role_1; SET ROLE dist_role_1;
GRANT non_dist_role_1 TO non_dist_role_2; GRANT non_dist_role_1 TO non_dist_role_2;
NOTICE: not propagating GRANT command to other nodes
HINT: Since no grantees are distributed, the GRANT command will not be propagated to other nodes.
NOTICE: not propagating GRANT command to other nodes
HINT: Since no granted roles are distributed, the GRANT command will not be propagated to other nodes.
SET citus.enable_create_role_propagation TO OFF; SET citus.enable_create_role_propagation TO OFF;
grant dist_role_1 to non_dist_role_1 with admin option; grant dist_role_1 to non_dist_role_1 with admin option;
SET ROLE non_dist_role_1; SET ROLE non_dist_role_1;
@ -232,7 +236,11 @@ GRANT dist_role_1 TO dist_role_2 granted by non_dist_role_1;
RESET ROLE; RESET ROLE;
SET citus.enable_create_role_propagation TO ON; SET citus.enable_create_role_propagation TO ON;
GRANT dist_role_3 TO non_dist_role_3 granted by test_admin_role; GRANT dist_role_3 TO non_dist_role_3 granted by test_admin_role;
NOTICE: not propagating GRANT command to other nodes
HINT: Since no grantees are distributed, the GRANT command will not be propagated to other nodes.
GRANT non_dist_role_4 TO dist_role_4; GRANT non_dist_role_4 TO dist_role_4;
NOTICE: not propagating GRANT command to other nodes
HINT: Since no granted roles are distributed, the GRANT command will not be propagated to other nodes.
GRANT dist_role_3 TO dist_role_4 granted by test_admin_role; GRANT dist_role_3 TO dist_role_4 granted by test_admin_role;
SELECT 1 FROM master_add_node('localhost', :worker_2_port); SELECT 1 FROM master_add_node('localhost', :worker_2_port);
?column? ?column?
@ -300,6 +308,8 @@ SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::
(5 rows) (5 rows)
REVOKE dist_role_3 from non_dist_role_3 granted by test_admin_role cascade; REVOKE dist_role_3 from non_dist_role_3 granted by test_admin_role cascade;
NOTICE: not propagating GRANT command to other nodes
HINT: Since no grantees are distributed, the GRANT command will not be propagated to other nodes.
SELECT result FROM run_command_on_all_nodes( SELECT result FROM run_command_on_all_nodes(
$$ $$
SELECT json_agg(q.* ORDER BY member) FROM ( SELECT json_agg(q.* ORDER BY member) FROM (
@ -322,8 +332,7 @@ drop role test_admin_role;
SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%dist\_%' ORDER BY 1, 2; SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%dist\_%' ORDER BY 1, 2;
role | member | grantor | admin_option role | member | grantor | admin_option
--------------------------------------------------------------------- ---------------------------------------------------------------------
non_dist_role_4 | dist_role_4 | postgres | f (0 rows)
(1 row)
SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist\_%' ORDER BY 1; SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist\_%' ORDER BY 1;
rolname rolname
@ -441,9 +450,7 @@ SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::t
dist_mixed_1 | dist_mixed_4 | postgres | f dist_mixed_1 | dist_mixed_4 | postgres | f
dist_mixed_2 | dist_mixed_3 | postgres | f dist_mixed_2 | dist_mixed_3 | postgres | f
dist_mixed_2 | dist_mixed_4 | postgres | f dist_mixed_2 | dist_mixed_4 | postgres | f
nondist_mixed_1 | dist_mixed_3 | postgres | f (4 rows)
nondist_mixed_1 | dist_mixed_4 | postgres | f
(6 rows)
SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist\_mixed%' ORDER BY 1; SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist\_mixed%' ORDER BY 1;
rolname rolname
@ -571,7 +578,15 @@ HINT: Connect to other nodes directly to manually create all necessary users an
SET citus.enable_create_role_propagation TO ON; SET citus.enable_create_role_propagation TO ON;
CREATE ROLE dist_cascade; CREATE ROLE dist_cascade;
GRANT nondist_cascade_1 TO nondist_cascade_2; GRANT nondist_cascade_1 TO nondist_cascade_2;
NOTICE: not propagating GRANT command to other nodes
HINT: Since no grantees are distributed, the GRANT command will not be propagated to other nodes.
NOTICE: not propagating GRANT command to other nodes
HINT: Since no granted roles are distributed, the GRANT command will not be propagated to other nodes.
GRANT nondist_cascade_2 TO nondist_cascade_3; GRANT nondist_cascade_2 TO nondist_cascade_3;
NOTICE: not propagating GRANT command to other nodes
HINT: Since no grantees are distributed, the GRANT command will not be propagated to other nodes.
NOTICE: not propagating GRANT command to other nodes
HINT: Since no granted roles are distributed, the GRANT command will not be propagated to other nodes.
SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text LIKE '%cascade%' ORDER BY 1; SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text LIKE '%cascade%' ORDER BY 1;
objid objid
--------------------------------------------------------------------- ---------------------------------------------------------------------
@ -605,6 +620,8 @@ SELECT master_remove_node('localhost', :worker_2_port);
(1 row) (1 row)
GRANT nondist_cascade_3 TO dist_cascade; GRANT nondist_cascade_3 TO dist_cascade;
NOTICE: not propagating GRANT command to other nodes
HINT: Since no granted roles are distributed, the GRANT command will not be propagated to other nodes.
SELECT 1 FROM master_add_node('localhost', :worker_2_port); SELECT 1 FROM master_add_node('localhost', :worker_2_port);
?column? ?column?
--------------------------------------------------------------------- ---------------------------------------------------------------------
@ -643,8 +660,7 @@ SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::t
--------------------------------------------------------------------- ---------------------------------------------------------------------
nondist_cascade_1 | nondist_cascade_2 | postgres | f nondist_cascade_1 | nondist_cascade_2 | postgres | f
nondist_cascade_2 | nondist_cascade_3 | postgres | f nondist_cascade_2 | nondist_cascade_3 | postgres | f
nondist_cascade_3 | dist_cascade | postgres | f (2 rows)
(3 rows)
\c - - - :worker_2_port \c - - - :worker_2_port
SELECT rolname FROM pg_authid WHERE rolname LIKE '%cascade%' ORDER BY 1; SELECT rolname FROM pg_authid WHERE rolname LIKE '%cascade%' ORDER BY 1;
@ -675,7 +691,7 @@ SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::t
(0 rows) (0 rows)
GRANT existing_role_1, nonexisting_role_1 TO existing_role_2, nonexisting_role_2; GRANT existing_role_1, nonexisting_role_1 TO existing_role_2, nonexisting_role_2;
ERROR: role "nonexisting_role_2" does not exist ERROR: role "nonexisting_role_1" does not exist
SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%existing%' ORDER BY 1, 2; SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%existing%' ORDER BY 1, 2;
role | member | grantor | admin_option role | member | grantor | admin_option
--------------------------------------------------------------------- ---------------------------------------------------------------------