external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge 1ae8e6fa33 into d885e1a016

pull/7565/merge
Jelte Fennema-Nio 2025-03-05 10:23:40 -08:00 committed by GitHub
parent d885e1a016 1ae8e6fa33
commit 5baa8fefb4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 27 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/backend/distributed/commands/role.c
View File

@ -562,12 +562,7 @@ GenerateCreateOrAlterRoleCommand(Oid roleOid)
if (EnableCreateRolePropagation) if (EnableCreateRolePropagation)
{ {
List *grantRoleStmts = GenerateGrantRoleStmtsOfRole(roleOid);
Node *stmt = NULL; Node *stmt = NULL;
foreach_ptr(stmt, grantRoleStmts)
{
completeRoleList = lappend(completeRoleList, DeparseTreeNode(stmt));
}
/* /*
* append SECURITY LABEL ON ROLE commands for this specific user * append SECURITY LABEL ON ROLE commands for this specific user

43
src/backend/distributed/metadata/dependency.c
View File

@ -460,6 +460,18 @@ DependencyDefinitionFromPgDepend(ObjectAddress target)
dependency->mode = DependencyPgDepend; dependency->mode = DependencyPgDepend;
dependency->data.pg_depend = *pg_depend; dependency->data.pg_depend = *pg_depend;
dependenyDefinitionList = lappend(dependenyDefinitionList, dependency); dependenyDefinitionList = lappend(dependenyDefinitionList, dependency);
if (pg_depend->classid == OCLASS_ROLE)
{
/*
* If the object is a role, we need to add the role's group
* memberships to the dependency list as well. We cannot make the
* role depend on the membership, because the role needs to be
* created before the memberships.
*/
dependenyDefinitionList = list_concat(dependenyDefinitionList,
GetAuthMemberEntries(pg_depend->objid));
}
} }
systable_endscan(depScan); systable_endscan(depScan);
@ -1539,13 +1551,22 @@ ExpandCitusSupportedTypes(ObjectAddressCollector *collector, ObjectAddress targe
switch (target.classId) switch (target.classId)
{ {
case AuthIdRelationId: case AuthMemRelationId:
{ {
/* /*
* Roles are members of other roles. These relations are not recorded directly * Add dependencies for:
* but can be deduced from pg_auth_members * 1. roles in member, roleid, and grantor.
*/ */
return ExpandRolesToGroups(target.objectId); List *dependencies = NULL;
dependencies = lappend(dependencies, authMember->member);
dependencies = lappend(dependencies, authMember->roleid);
dependencies = lappend(dependencies, authMember->grantor);
/*
* 2. AuthMemRelations for the roles in grantor and roleid.
*/
dependencies = FindAuthMemRelations(authMember->roleid);
dependencies = FindAuthMemRelations(authMember->grantor);
} }
case ExtensionRelationId: case ExtensionRelationId:
@ -1569,6 +1590,8 @@ ExpandCitusSupportedTypes(ObjectAddressCollector *collector, ObjectAddress targe
List *dependencies = List *dependencies =
CreateObjectAddressDependencyDefList(AuthIdRelationId, CreateObjectAddressDependencyDefList(AuthIdRelationId,
dependentRoleIds); dependentRoleIds);
dependencies = list_concat(dependencies, GetAuthMemberEntries(
dependentRoleIds));
result = list_concat(result, dependencies); result = list_concat(result, dependencies);
} }
@ -1818,18 +1841,6 @@ ExpandRolesToGroups(Oid roleid)
SysScanDesc scanDescriptor = systable_beginscan(pgAuthMembers, AuthMemMemRoleIndexId, SysScanDesc scanDescriptor = systable_beginscan(pgAuthMembers, AuthMemMemRoleIndexId,
true, NULL, scanKeyCount, scanKey); true, NULL, scanKeyCount, scanKey);
List *roles = NIL;
while ((tuple = systable_getnext(scanDescriptor)) != NULL)
{
Form_pg_auth_members membership = (Form_pg_auth_members) GETSTRUCT(tuple);
DependencyDefinition *definition = palloc0(sizeof(DependencyDefinition));
definition->mode = DependencyObjectAddress;
ObjectAddressSet(definition->data.address, AuthIdRelationId, membership->roleid);
roles = lappend(roles, definition);
}
systable_endscan(scanDescriptor); systable_endscan(scanDescriptor);
table_close(pgAuthMembers, AccessShareLock); table_close(pgAuthMembers, AccessShareLock);