From 172f866ba60607b097555ff94bef8ff7007f3ddf Mon Sep 17 00:00:00 2001
From: gurkanindibay <gindibay@microsoft.com>
Date: Fri, 26 Jan 2024 19:14:30 +0300
Subject: [PATCH] Adds command propagation

---
 .../distributed/commands/utility_hook.c       |  2 +
 .../regress/expected/role_operations_2pc.out  | 98 +++++++++++++++++++
 src/test/regress/multi_1_schedule             |  1 +
 src/test/regress/sql/role_operations_2pc.sql  | 92 +++++++++++++++++
 4 files changed, 193 insertions(+)
 create mode 100644 src/test/regress/expected/role_operations_2pc.out
 create mode 100644 src/test/regress/sql/role_operations_2pc.sql

diff --git a/src/backend/distributed/commands/utility_hook.c b/src/backend/distributed/commands/utility_hook.c
index 203518605..32373e216 100644
--- a/src/backend/distributed/commands/utility_hook.c
+++ b/src/backend/distributed/commands/utility_hook.c
@@ -118,6 +118,8 @@ ObjectType supportedObjectTypesForGrantStmt[] = { OBJECT_DATABASE };
 TwoPcStatementInfo twoPcSupportedStatements[] = {
 	{ T_GrantRoleStmt, NULL, 0, false },
 	{ T_CreateRoleStmt, NULL, 0, true },
+	{ T_DropRoleStmt, NULL, 0, true },
+	{ T_AlterRoleStmt, NULL, 0, false },
 	{ T_GrantStmt, supportedObjectTypesForGrantStmt,
 	  sizeof(supportedObjectTypesForGrantStmt) / sizeof(ObjectType), true }
 };
diff --git a/src/test/regress/expected/role_operations_2pc.out b/src/test/regress/expected/role_operations_2pc.out
new file mode 100644
index 000000000..6cd845274
--- /dev/null
+++ b/src/test/regress/expected/role_operations_2pc.out
@@ -0,0 +1,98 @@
+-- Create a new database
+set citus.enable_create_database_propagation to on;
+CREATE DATABASE test_db;
+-- Connect to the new database
+\c test_db
+-- Test CREATE ROLE with various options
+CREATE ROLE test_role1 WITH LOGIN PASSWORD 'password1';
+\c test_db - - :worker_1_port
+CREATE USER "test_role2-needs\!escape"
+WITH
+    SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN REPLICATION BYPASSRLS CONNECTION
+LIMIT 10 VALID UNTIL '2023-01-01' IN ROLE test_role1;
+\c regression - - :master_port
+select result FROM run_command_on_all_nodes($$
+    SELECT array_to_json(array_agg(row_to_json(t)))
+    FROM (
+        SELECT rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb,
+        rolcanlogin, rolreplication, rolbypassrls, rolconnlimit,
+        (rolpassword != '') as pass_not_empty, rolvaliduntil
+        FROM pg_authid
+        WHERE rolname in ('test_role1', 'test_role2-needs\!escape')
+        ORDER BY rolname
+    ) t
+$$);
+                                                                                                                                                                                                                                                 result
+---------------------------------------------------------------------
+ [{"rolname":"test_role1","rolsuper":false,"rolinherit":true,"rolcreaterole":false,"rolcreatedb":false,"rolcanlogin":true,"rolreplication":false,"rolbypassrls":false,"rolconnlimit":-1,"pass_not_empty":true,"rolvaliduntil":null},{"rolname":"test_role2-needs\\!escape","rolsuper":true,"rolinherit":true,"rolcreaterole":true,"rolcreatedb":true,"rolcanlogin":true,"rolreplication":true,"rolbypassrls":true,"rolconnlimit":10,"pass_not_empty":null,"rolvaliduntil":"2023-01-01T00:00:00+03:00"}]
+ [{"rolname":"test_role1","rolsuper":false,"rolinherit":true,"rolcreaterole":false,"rolcreatedb":false,"rolcanlogin":true,"rolreplication":false,"rolbypassrls":false,"rolconnlimit":-1,"pass_not_empty":true,"rolvaliduntil":null},{"rolname":"test_role2-needs\\!escape","rolsuper":true,"rolinherit":true,"rolcreaterole":true,"rolcreatedb":true,"rolcanlogin":true,"rolreplication":true,"rolbypassrls":true,"rolconnlimit":10,"pass_not_empty":null,"rolvaliduntil":"2023-01-01T11:00:00+03:00"}]
+ [{"rolname":"test_role1","rolsuper":false,"rolinherit":true,"rolcreaterole":false,"rolcreatedb":false,"rolcanlogin":true,"rolreplication":false,"rolbypassrls":false,"rolconnlimit":-1,"pass_not_empty":true,"rolvaliduntil":null},{"rolname":"test_role2-needs\\!escape","rolsuper":true,"rolinherit":true,"rolcreaterole":true,"rolcreatedb":true,"rolcanlogin":true,"rolreplication":true,"rolbypassrls":true,"rolconnlimit":10,"pass_not_empty":null,"rolvaliduntil":"2023-01-01T00:00:00+03:00"}]
+(3 rows)
+
+select result FROM run_command_on_all_nodes($$
+    SELECT array_to_json(array_agg(row_to_json(t)))
+    FROM (
+        SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option
+        FROM pg_auth_members
+        WHERE member::regrole::text in ('test_role1', 'test_role2-needs\!escape')
+        ORDER BY member::regrole::text
+    ) t
+$$);
+ result
+---------------------------------------------------------------------
+
+
+
+(3 rows)
+
+\c test_db - - :master_port
+-- Test ALTER ROLE with various options
+ALTER ROLE test_role1 WITH PASSWORD 'new_password1';
+\c test_db - - :worker_1_port
+ALTER USER "test_role2-needs\!escape"
+WITH
+    NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOLOGIN NOREPLICATION NOBYPASSRLS CONNECTION
+LIMIT 5 VALID UNTIL '2024-01-01';
+\c regression - - :master_port
+select result FROM run_command_on_all_nodes($$
+    SELECT array_to_json(array_agg(row_to_json(t)))
+    FROM (
+        SELECT rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb,
+        rolcanlogin, rolreplication, rolbypassrls, rolconnlimit,
+        (rolpassword != '') as pass_not_empty, rolvaliduntil
+        FROM pg_authid
+        WHERE rolname in ('test_role1', 'test_role2-needs\!escape')
+        ORDER BY rolname
+    ) t
+$$);
+                                                                                                                                                                                                                                                    result
+---------------------------------------------------------------------
+ [{"rolname":"test_role1","rolsuper":false,"rolinherit":true,"rolcreaterole":false,"rolcreatedb":false,"rolcanlogin":true,"rolreplication":false,"rolbypassrls":false,"rolconnlimit":-1,"pass_not_empty":true,"rolvaliduntil":null},{"rolname":"test_role2-needs\\!escape","rolsuper":false,"rolinherit":false,"rolcreaterole":false,"rolcreatedb":false,"rolcanlogin":false,"rolreplication":false,"rolbypassrls":false,"rolconnlimit":5,"pass_not_empty":null,"rolvaliduntil":"2024-01-01T00:00:00+03:00"}]
+ [{"rolname":"test_role1","rolsuper":false,"rolinherit":true,"rolcreaterole":false,"rolcreatedb":false,"rolcanlogin":true,"rolreplication":false,"rolbypassrls":false,"rolconnlimit":-1,"pass_not_empty":true,"rolvaliduntil":null},{"rolname":"test_role2-needs\\!escape","rolsuper":false,"rolinherit":false,"rolcreaterole":false,"rolcreatedb":false,"rolcanlogin":false,"rolreplication":false,"rolbypassrls":false,"rolconnlimit":5,"pass_not_empty":null,"rolvaliduntil":"2024-01-01T11:00:00+03:00"}]
+ [{"rolname":"test_role1","rolsuper":false,"rolinherit":true,"rolcreaterole":false,"rolcreatedb":false,"rolcanlogin":true,"rolreplication":false,"rolbypassrls":false,"rolconnlimit":-1,"pass_not_empty":true,"rolvaliduntil":null},{"rolname":"test_role2-needs\\!escape","rolsuper":false,"rolinherit":false,"rolcreaterole":false,"rolcreatedb":false,"rolcanlogin":false,"rolreplication":false,"rolbypassrls":false,"rolconnlimit":5,"pass_not_empty":null,"rolvaliduntil":"2024-01-01T00:00:00+03:00"}]
+(3 rows)
+
+select result FROM run_command_on_all_nodes($$
+    SELECT array_to_json(array_agg(row_to_json(t)))
+    FROM (
+        SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option
+        FROM pg_auth_members
+        WHERE member::regrole::text in ('test_role1', 'test_role2-needs\!escape')
+        ORDER BY member::regrole::text
+    ) t
+$$);
+ result
+---------------------------------------------------------------------
+
+
+
+(3 rows)
+
+\c test_db - - :master_port
+-- Test DROP ROLE
+DROP ROLE IF EXISTS test_role1, "test_role2-needs\!escape";
+-- Clean up: drop the database
+\c regression - - :master_port
+set citus.enable_create_database_propagation to on;
+DROP DATABASE test_db;
+reset citus.enable_create_database_propagation;
diff --git a/src/test/regress/multi_1_schedule b/src/test/regress/multi_1_schedule
index e7c3f7d98..1d3d21f48 100644
--- a/src/test/regress/multi_1_schedule
+++ b/src/test/regress/multi_1_schedule
@@ -64,6 +64,7 @@ test: alter_database_propagation
 
 test: citus_shards
 test: reassign_owned
+test: role_operations_2pc
 
 # ----------
 # multi_citus_tools tests utility functions written for citus tools
diff --git a/src/test/regress/sql/role_operations_2pc.sql b/src/test/regress/sql/role_operations_2pc.sql
new file mode 100644
index 000000000..4150389ef
--- /dev/null
+++ b/src/test/regress/sql/role_operations_2pc.sql
@@ -0,0 +1,92 @@
+-- Create a new database
+
+set citus.enable_create_database_propagation to on;
+
+CREATE DATABASE test_db;
+
+-- Connect to the new database
+\c test_db
+-- Test CREATE ROLE with various options
+CREATE ROLE test_role1 WITH LOGIN PASSWORD 'password1';
+
+\c test_db - - :worker_1_port
+
+CREATE USER "test_role2-needs\!escape"
+WITH
+    SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN REPLICATION BYPASSRLS CONNECTION
+LIMIT 10 VALID UNTIL '2023-01-01' IN ROLE test_role1;
+
+\c regression - - :master_port
+
+select result FROM run_command_on_all_nodes($$
+    SELECT array_to_json(array_agg(row_to_json(t)))
+    FROM (
+        SELECT rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb,
+        rolcanlogin, rolreplication, rolbypassrls, rolconnlimit,
+        (rolpassword != '') as pass_not_empty, rolvaliduntil
+        FROM pg_authid
+        WHERE rolname in ('test_role1', 'test_role2-needs\!escape')
+        ORDER BY rolname
+    ) t
+$$);
+
+
+select result FROM run_command_on_all_nodes($$
+    SELECT array_to_json(array_agg(row_to_json(t)))
+    FROM (
+        SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option
+        FROM pg_auth_members
+        WHERE member::regrole::text in ('test_role1', 'test_role2-needs\!escape')
+        ORDER BY member::regrole::text
+    ) t
+$$);
+
+\c test_db - - :master_port
+-- Test ALTER ROLE with various options
+ALTER ROLE test_role1 WITH PASSWORD 'new_password1';
+
+\c test_db - - :worker_1_port
+ALTER USER "test_role2-needs\!escape"
+WITH
+    NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOLOGIN NOREPLICATION NOBYPASSRLS CONNECTION
+LIMIT 5 VALID UNTIL '2024-01-01';
+
+
+\c regression - - :master_port
+
+select result FROM run_command_on_all_nodes($$
+    SELECT array_to_json(array_agg(row_to_json(t)))
+    FROM (
+        SELECT rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb,
+        rolcanlogin, rolreplication, rolbypassrls, rolconnlimit,
+        (rolpassword != '') as pass_not_empty, rolvaliduntil
+        FROM pg_authid
+        WHERE rolname in ('test_role1', 'test_role2-needs\!escape')
+        ORDER BY rolname
+    ) t
+$$);
+
+
+select result FROM run_command_on_all_nodes($$
+    SELECT array_to_json(array_agg(row_to_json(t)))
+    FROM (
+        SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option
+        FROM pg_auth_members
+        WHERE member::regrole::text in ('test_role1', 'test_role2-needs\!escape')
+        ORDER BY member::regrole::text
+    ) t
+$$);
+
+\c test_db - - :master_port
+
+-- Test DROP ROLE
+DROP ROLE IF EXISTS test_role1, "test_role2-needs\!escape";
+
+-- Clean up: drop the database
+
+\c regression - - :master_port
+set citus.enable_create_database_propagation to on;
+
+DROP DATABASE test_db;
+
+reset citus.enable_create_database_propagation;