Make citus_internal schema public (#7450)

DESCRIPTION: Makes citus_internal schema public #7405
2024-01-24 17:11:10 +03:00 · 2024-01-24 17:11:10 +03:00 · 542212c3d8
parent 3de5601bcc
commit 542212c3d8
6 changed files with 36 additions and 2 deletions
--- a/src/backend/distributed/sql/citus--12.1-1--12.2-1.sql
+++ b/src/backend/distributed/sql/citus--12.1-1--12.2-1.sql
@ -12,3 +12,16 @@
 ALTER TABLE pg_catalog.pg_dist_transaction ADD COLUMN outer_xid xid8;
 #include "udfs/citus_internal_acquire_citus_advisory_object_class_lock/12.2-1.sql"
 GRANT USAGE ON SCHEMA citus_internal TO PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.commit_management_command_2pc FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.execute_command_on_remote_nodes_as_user FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.find_groupid_for_node FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.mark_object_distributed FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.pg_dist_node_trigger_func FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.pg_dist_rebalance_strategy_trigger_func FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.pg_dist_shard_placement_trigger_func FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.refresh_isolation_tester_prepared_statement FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.replace_isolation_tester_func FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.restore_isolation_tester_func FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.start_management_transaction FROM PUBLIC;
--- a/src/backend/distributed/sql/downgrades/citus--12.2-1--12.1-1.sql
+++ b/src/backend/distributed/sql/downgrades/citus--12.2-1--12.1-1.sql
@ -21,3 +21,4 @@ DROP FUNCTION citus_internal.mark_object_distributed(
 DROP FUNCTION citus_internal.commit_management_command_2pc();
 ALTER TABLE pg_catalog.pg_dist_transaction DROP COLUMN outer_xid;
 REVOKE USAGE ON SCHEMA citus_internal FROM PUBLIC;
--- a/src/test/regress/expected/citus_internal_access.out
+++ b/src/test/regress/expected/citus_internal_access.out
@ -0,0 +1,10 @@
 --- Create a non-superuser role and check if it can access citus_internal schema functions
 CREATE USER nonsuperuser CREATEROLE;
 SET ROLE nonsuperuser;
 --- The non-superuser role should not be able to access citus_internal functions
 SELECT citus_internal.commit_management_command_2pc();
 ERROR:  permission denied for function commit_management_command_2pc
 SELECT citus_internal.replace_isolation_tester_func();
 ERROR:  permission denied for function replace_isolation_tester_func
 RESET ROLE;
 DROP USER nonsuperuser;
--- a/src/test/regress/expected/other_databases.out
+++ b/src/test/regress/expected/other_databases.out
@ -68,8 +68,7 @@ CREATE USER nonsuperuser CREATEROLE;
 GRANT ALL ON SCHEMA citus_internal TO nonsuperuser;
 SET ROLE nonsuperuser;
 SELECT citus_internal.execute_command_on_remote_nodes_as_user($$SELECT 'dangerous query'$$, 'postgres');
-ERROR:  operation is not allowed
+ERROR:  permission denied for function execute_command_on_remote_nodes_as_user
 HINT:  Run the command with a superuser.
 \c other_db1
 SET citus.local_hostname TO '127.0.0.1';
 SET ROLE nonsuperuser;
--- a/src/test/regress/multi_schedule
+++ b/src/test/regress/multi_schedule
@ -109,6 +109,7 @@ test: undistribute_table
 test: run_command_on_all_nodes
 test: background_task_queue_monitor
 test: other_databases
 test: citus_internal_access
 # Causal clock test
 test: clock
--- a/src/test/regress/sql/citus_internal_access.sql
+++ b/src/test/regress/sql/citus_internal_access.sql
@ -0,0 +1,10 @@
 --- Create a non-superuser role and check if it can access citus_internal schema functions
 CREATE USER nonsuperuser CREATEROLE;
 SET ROLE nonsuperuser;
 --- The non-superuser role should not be able to access citus_internal functions
 SELECT citus_internal.commit_management_command_2pc();
 SELECT citus_internal.replace_isolation_tester_func();
 RESET ROLE;
 DROP USER nonsuperuser;