pull/7565/merge
Jelte Fennema-Nio 2025-03-05 10:23:40 -08:00 committed by GitHub
commit 5baa8fefb4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 27 additions and 21 deletions

View File

@ -562,12 +562,7 @@ GenerateCreateOrAlterRoleCommand(Oid roleOid)
if (EnableCreateRolePropagation)
{
List *grantRoleStmts = GenerateGrantRoleStmtsOfRole(roleOid);
Node *stmt = NULL;
foreach_ptr(stmt, grantRoleStmts)
{
completeRoleList = lappend(completeRoleList, DeparseTreeNode(stmt));
}
/*
* append SECURITY LABEL ON ROLE commands for this specific user

View File

@ -460,6 +460,18 @@ DependencyDefinitionFromPgDepend(ObjectAddress target)
dependency->mode = DependencyPgDepend;
dependency->data.pg_depend = *pg_depend;
dependenyDefinitionList = lappend(dependenyDefinitionList, dependency);
if (pg_depend->classid == OCLASS_ROLE)
{
/*
* If the object is a role, we need to add the role's group
* memberships to the dependency list as well. We cannot make the
* role depend on the membership, because the role needs to be
* created before the memberships.
*/
dependenyDefinitionList = list_concat(dependenyDefinitionList,
GetAuthMemberEntries(pg_depend->objid));
}
}
systable_endscan(depScan);
@ -1539,13 +1551,22 @@ ExpandCitusSupportedTypes(ObjectAddressCollector *collector, ObjectAddress targe
switch (target.classId)
{
case AuthIdRelationId:
case AuthMemRelationId:
{
/*
* Roles are members of other roles. These relations are not recorded directly
* but can be deduced from pg_auth_members
* Add dependencies for:
* 1. roles in member, roleid, and grantor.
*/
return ExpandRolesToGroups(target.objectId);
List *dependencies = NULL;
dependencies = lappend(dependencies, authMember->member);
dependencies = lappend(dependencies, authMember->roleid);
dependencies = lappend(dependencies, authMember->grantor);
/*
* 2. AuthMemRelations for the roles in grantor and roleid.
*/
dependencies = FindAuthMemRelations(authMember->roleid);
dependencies = FindAuthMemRelations(authMember->grantor);
}
case ExtensionRelationId:
@ -1569,6 +1590,8 @@ ExpandCitusSupportedTypes(ObjectAddressCollector *collector, ObjectAddress targe
List *dependencies =
CreateObjectAddressDependencyDefList(AuthIdRelationId,
dependentRoleIds);
dependencies = list_concat(dependencies, GetAuthMemberEntries(
dependentRoleIds));
result = list_concat(result, dependencies);
}
@ -1818,18 +1841,6 @@ ExpandRolesToGroups(Oid roleid)
SysScanDesc scanDescriptor = systable_beginscan(pgAuthMembers, AuthMemMemRoleIndexId,
true, NULL, scanKeyCount, scanKey);
List *roles = NIL;
while ((tuple = systable_getnext(scanDescriptor)) != NULL)
{
Form_pg_auth_members membership = (Form_pg_auth_members) GETSTRUCT(tuple);
DependencyDefinition *definition = palloc0(sizeof(DependencyDefinition));
definition->mode = DependencyObjectAddress;
ObjectAddressSet(definition->data.address, AuthIdRelationId, membership->roleid);
roles = lappend(roles, definition);
}
systable_endscan(scanDescriptor);
table_close(pgAuthMembers, AccessShareLock);