Merge pull request #1062 from citusdata/grant_public_select_access_to_metadata_tables

GRANT SELECT access for metadata tables to public
2016-12-23 16:43:15 +03:00 · 2016-12-23 16:43:15 +03:00 · 5cd21771a9
parent d608ef3311 0851fd2f0b
commit 5cd21771a9
9 changed files with 71 additions and 3 deletions
--- a/src/backend/distributed/Makefile
+++ b/src/backend/distributed/Makefile
@ -9,7 +9,7 @@ EXTVERSIONS = 5.0 5.0-1 5.0-2  \
 	5.1-1 5.1-2 5.1-3 5.1-4 5.1-5 5.1-6 5.1-7 5.1-8 \
 	5.2-1 5.2-2 5.2-3 5.2-4 \
 	6.0-1 6.0-2 6.0-3 6.0-4 6.0-5 6.0-6 6.0-7 6.0-8 6.0-9 6.0-10 6.0-11 6.0-12 6.0-13 6.0-14 6.0-15 6.0-16 6.0-17 6.0-18 \
-	6.1-1 6.1-2 6.1-3 6.1-4 6.1-5 6.1-6 6.1-7 6.1-8 6.1-9
+	6.1-1 6.1-2 6.1-3 6.1-4 6.1-5 6.1-6 6.1-7 6.1-8 6.1-9 6.1-10
 # All citus--*.sql files in the source directory
 DATA = $(patsubst $(citus_abs_srcdir)/%.sql,%.sql,$(wildcard $(citus_abs_srcdir)/$(EXTENSION)--*--*.sql))
@ -113,6 +113,8 @@ $(EXTENSION)--6.1-8.sql: $(EXTENSION)--6.1-7.sql $(EXTENSION)--6.1-7--6.1-8.sql
 	cat $^ > $@
 $(EXTENSION)--6.1-9.sql: $(EXTENSION)--6.1-8.sql $(EXTENSION)--6.1-8--6.1-9.sql
 	cat $^ > $@
 $(EXTENSION)--6.1-10.sql: $(EXTENSION)--6.1-9.sql $(EXTENSION)--6.1-9--6.1-10.sql
 	cat $^ > $@
 NO_PGXS = 1
--- a/src/backend/distributed/citus--6.1-8--6.1-9.sql
+++ b/src/backend/distributed/citus--6.1-8--6.1-9.sql
@ -86,4 +86,4 @@ $cdbdt$;
 COMMENT ON FUNCTION citus_drop_trigger()
    IS 'perform checks and actions at the end of DROP actions';
-RESET search_path;
+RESET search_path;
--- a/src/backend/distributed/citus--6.1-9--6.1-10.sql
+++ b/src/backend/distributed/citus--6.1-9--6.1-10.sql
@ -0,0 +1,10 @@
 /* citus--6.1-9--6.1-10.sql */
 GRANT SELECT ON pg_catalog.pg_dist_node TO public;
 GRANT SELECT ON pg_catalog.pg_dist_colocation TO public;
 GRANT SELECT ON pg_catalog.pg_dist_colocationid_seq TO public;
 GRANT SELECT ON pg_catalog.pg_dist_groupid_seq TO public;
 GRANT SELECT ON pg_catalog.pg_dist_node_nodeid_seq TO public;
 GRANT SELECT ON pg_catalog.pg_dist_shard_placement_placementid_seq TO public;
 GRANT SELECT ON pg_catalog.pg_dist_shardid_seq TO public;
 GRANT SELECT ON pg_catalog.pg_dist_jobid_seq TO public;
--- a/src/backend/distributed/citus.control
+++ b/src/backend/distributed/citus.control
@ -1,6 +1,6 @@
 # Citus extension
 comment = 'Citus distributed database'
-default_version = '6.1-9'
+default_version = '6.1-10'
 module_pathname = '$libdir/citus'
 relocatable = false
 schema = pg_catalog
--- a/src/test/regress/expected/multi_extension.out
+++ b/src/test/regress/expected/multi_extension.out
@ -67,6 +67,7 @@ ALTER EXTENSION citus UPDATE TO '6.1-6';
 ALTER EXTENSION citus UPDATE TO '6.1-7';
 ALTER EXTENSION citus UPDATE TO '6.1-8';
 ALTER EXTENSION citus UPDATE TO '6.1-9';
 ALTER EXTENSION citus UPDATE TO '6.1-10';
 -- ensure no objects were created outside pg_catalog
 SELECT COUNT(*)
 FROM pg_depend AS pgd,
--- a/src/test/regress/expected/multi_metadata_access.out
+++ b/src/test/regress/expected/multi_metadata_access.out
@ -0,0 +1,27 @@
 --
 -- MULTI_METADATA_ACCESS
 --
 ALTER SEQUENCE pg_catalog.pg_dist_shardid_seq RESTART 1360000;
 ALTER SEQUENCE pg_catalog.pg_dist_jobid_seq RESTART 1360000;
 CREATE USER no_access;
 NOTICE:  not propagating CREATE ROLE/USER commands to worker nodes
 HINT:  Connect to worker nodes directly to manually create all necessary users and roles.
 SET ROLE no_access;
 -- list relations in the citus extension without sufficient privileges
 SELECT pg_class.oid::regclass
 FROM pg_class
    JOIN pg_namespace nsp ON (pg_class.relnamespace = nsp.oid)
    JOIN pg_depend dep ON(objid = pg_class.oid)
    JOIN pg_extension ext ON (ext.oid = dep.refobjid)
 WHERE
    refclassid = 'pg_extension'::regclass
    AND classid ='pg_class'::regclass
    AND ext.extname = 'citus'
    AND nsp.nspname = 'pg_catalog'
    AND NOT has_table_privilege(pg_class.oid, 'select');
 oid 
 -----
 (0 rows)
 RESET role;
 DROP USER no_access;
--- a/src/test/regress/multi_schedule
+++ b/src/test/regress/multi_schedule
@ -19,6 +19,7 @@ test: multi_extension
 test: multi_cluster_management
 test: multi_table_ddl
 test: multi_name_lengths
 test: multi_metadata_access
 # ----------
 # The following distributed tests depend on creating a partitioned table and
--- a/src/test/regress/sql/multi_extension.sql
+++ b/src/test/regress/sql/multi_extension.sql
@ -67,6 +67,7 @@ ALTER EXTENSION citus UPDATE TO '6.1-6';
 ALTER EXTENSION citus UPDATE TO '6.1-7';
 ALTER EXTENSION citus UPDATE TO '6.1-8';
 ALTER EXTENSION citus UPDATE TO '6.1-9';
 ALTER EXTENSION citus UPDATE TO '6.1-10';
 -- ensure no objects were created outside pg_catalog
 SELECT COUNT(*)
--- a/src/test/regress/sql/multi_metadata_access.sql
+++ b/src/test/regress/sql/multi_metadata_access.sql
@ -0,0 +1,26 @@
 --
 -- MULTI_METADATA_ACCESS
 --
 ALTER SEQUENCE pg_catalog.pg_dist_shardid_seq RESTART 1360000;
 ALTER SEQUENCE pg_catalog.pg_dist_jobid_seq RESTART 1360000;
 CREATE USER no_access;
 SET ROLE no_access;
 -- list relations in the citus extension without sufficient privileges
 SELECT pg_class.oid::regclass
 FROM pg_class
    JOIN pg_namespace nsp ON (pg_class.relnamespace = nsp.oid)
    JOIN pg_depend dep ON(objid = pg_class.oid)
    JOIN pg_extension ext ON (ext.oid = dep.refobjid)
 WHERE
    refclassid = 'pg_extension'::regclass
    AND classid ='pg_class'::regclass
    AND ext.extname = 'citus'
    AND nsp.nspname = 'pg_catalog'
    AND NOT has_table_privilege(pg_class.oid, 'select');
 RESET role;
 DROP USER no_access;