From 69a3ebea5f15b1a8ddbe15b92167ffa934cd9df2 Mon Sep 17 00:00:00 2001 From: Marco Slot Date: Tue, 10 Jul 2018 18:07:30 +0200 Subject: [PATCH] Ensure StartPlacementListConnection connects with username supplied by the caller --- .../connection/placement_connection.c | 9 ++++++--- src/test/regress/expected/multi_multiuser_0.out | 17 +++++++++++++++++ src/test/regress/sql/multi_multiuser.sql | 6 ++++++ 3 files changed, 29 insertions(+), 3 deletions(-) diff --git a/src/backend/distributed/connection/placement_connection.c b/src/backend/distributed/connection/placement_connection.c index f3b49a4a1..df2d8b0db 100644 --- a/src/backend/distributed/connection/placement_connection.c +++ b/src/backend/distributed/connection/placement_connection.c @@ -311,7 +311,8 @@ StartPlacementListConnection(uint32 flags, List *placementAccessList, * No suitable connection in the placement->connection mapping, get one from * the node->connection pool. */ - chosenConnection = StartNodeConnection(flags, nodeName, nodePort); + chosenConnection = StartNodeUserDatabaseConnection(flags, nodeName, nodePort, + userName, NULL); if (flags & CONNECTION_PER_PLACEMENT && ConnectionAccessedDifferentPlacement(chosenConnection, placement)) @@ -328,8 +329,10 @@ StartPlacementListConnection(uint32 flags, List *placementAccessList, * ID as the current placement, then we'd no longer able to write to * placement B later in the COPY. */ - chosenConnection = StartNodeConnection(flags | FORCE_NEW_CONNECTION, nodeName, - nodePort); + chosenConnection = StartNodeUserDatabaseConnection(flags | + FORCE_NEW_CONNECTION, + nodeName, nodePort, + userName, NULL); Assert(!ConnectionAccessedDifferentPlacement(chosenConnection, placement)); } diff --git a/src/test/regress/expected/multi_multiuser_0.out b/src/test/regress/expected/multi_multiuser_0.out index 8b4b72872..037a31381 100644 --- a/src/test/regress/expected/multi_multiuser_0.out +++ b/src/test/regress/expected/multi_multiuser_0.out @@ -212,7 +212,24 @@ ERROR: permission denied for relation test ABORT; SELECT * FROM citus_stat_statements_reset(); ERROR: permission denied for function citus_stat_statements_reset +-- table owner should be the same on the shards, even when distributing the table as superuser +SET ROLE full_access; +CREATE TABLE my_table (id integer, val integer); RESET ROLE; +SELECT create_distributed_table('my_table', 'id'); + create_distributed_table +-------------------------- + +(1 row) + +SELECT result FROM run_command_on_workers($$SELECT tableowner FROM pg_tables WHERE tablename LIKE 'my_table_%' LIMIT 1$$); + result +------------- + full_access + full_access +(2 rows) + +DROP TABLE my_table; DROP TABLE test; DROP USER full_access; DROP USER read_access; diff --git a/src/test/regress/sql/multi_multiuser.sql b/src/test/regress/sql/multi_multiuser.sql index cf434d238..43306f09c 100644 --- a/src/test/regress/sql/multi_multiuser.sql +++ b/src/test/regress/sql/multi_multiuser.sql @@ -138,8 +138,14 @@ ABORT; SELECT * FROM citus_stat_statements_reset(); +-- table owner should be the same on the shards, even when distributing the table as superuser +SET ROLE full_access; +CREATE TABLE my_table (id integer, val integer); RESET ROLE; +SELECT create_distributed_table('my_table', 'id'); +SELECT result FROM run_command_on_workers($$SELECT tableowner FROM pg_tables WHERE tablename LIKE 'my_table_%' LIMIT 1$$); +DROP TABLE my_table; DROP TABLE test; DROP USER full_access; DROP USER read_access;