Merge pull request #4747 from citusdata/col/grant-access

src/backend/columnar/sql/columnar--10.0-1--10.0-2.sql

@@ -0,0 +1,5 @@
+/* columnar--10.0-1--10.0-2.sql */
+
+-- grant read access for columnar metadata tables to unprivileged user
+GRANT USAGE ON SCHEMA columnar TO PUBLIC;
+GRANT SELECT ON ALL tables IN SCHEMA columnar TO PUBLIC ;

src/backend/columnar/sql/downgrades/columnar--10.0-2--10.0-1.sql

@@ -0,0 +1,5 @@
+/* columnar--10.0-2--10.0-1.sql */
+
+-- revoke read access for columnar metadata tables from unprivileged user
+REVOKE USAGE ON SCHEMA columnar FROM PUBLIC;
+REVOKE SELECT ON ALL tables IN SCHEMA columnar FROM PUBLIC;

src/backend/distributed/sql/citus--10.0-1--10.0-2.sql

@@ -0,0 +1,3 @@
+-- citus--10.0-1--10.0-2
+
+#include "../../columnar/sql/columnar--10.0-1--10.0-2.sql"

src/backend/distributed/sql/citus--10.0-2--10.1-1.sql

@@ -1,4 +1,4 @@
--- citus--10.0-1--10.1-1
+-- citus--10.0-2--10.1-1
 
 -- bump version to 10.1-1
 

src/backend/distributed/sql/downgrades/citus--10.0-2--10.0-1.sql

@@ -0,0 +1,2 @@
+/* citus--10.0-2--10.0-1.sql */
+#include "../../../columnar/sql/downgrades/columnar--10.0-2--10.0-1.sql"

src/backend/distributed/sql/downgrades/citus--10.1-1--10.0-1.sql

@@ -1,3 +0,0 @@
--- citus--10.1-1--10.0-1
--- this is an empty downgrade path since citus--10.0-1--10.1-1.sql is empty for now
-

src/backend/distributed/sql/downgrades/citus--10.1-1--10.0-2.sql

@@ -0,0 +1,3 @@
+-- citus--10.1-1--10.0-2
+-- this is an empty downgrade path since citus--10.0-2--10.1-1.sql is empty for now
+

src/test/regress/expected/multi_extension.out

@@ -515,8 +515,8 @@ SELECT * FROM print_extension_changes();
                                                                                  | view time_partitions
 (67 rows)
 
--- Test downgrade to 10.0-1 from 10.1-1
-ALTER EXTENSION citus UPDATE TO '10.1-1';
+-- Test downgrade to 10.0-1 from 10.0-2
+ALTER EXTENSION citus UPDATE TO '10.0-2';
 ALTER EXTENSION citus UPDATE TO '10.0-1';
 -- Should be empty result since upgrade+downgrade should be a no-op
 SELECT * FROM print_extension_changes();
@@ -524,6 +524,22 @@ SELECT * FROM print_extension_changes();
 ---------------------------------------------------------------------
 (0 rows)
 
+-- Snapshot of state at 10.0-2
+ALTER EXTENSION citus UPDATE TO '10.0-2';
+SELECT * FROM print_extension_changes();
+ previous_object | current_object
+---------------------------------------------------------------------
+(0 rows)
+
+-- Test downgrade to 10.0-2 from 10.1-1
+ALTER EXTENSION citus UPDATE TO '10.1-1';
+ALTER EXTENSION citus UPDATE TO '10.0-2';
+-- Should be empty result since upgrade+downgrade should be a no-op
+SELECT * FROM print_extension_changes();
+ previous_object | current_object
+---------------------------------------------------------------------
+(0 rows)
+
 -- Snapshot of state at 10.1-1
 ALTER EXTENSION citus UPDATE TO '10.1-1';
 SELECT * FROM print_extension_changes();

src/test/regress/expected/multi_extension_0.out

@@ -511,8 +511,8 @@ SELECT * FROM print_extension_changes();
                                                                                  | view time_partitions
 (63 rows)
 
--- Test downgrade to 10.0-1 from 10.1-1
-ALTER EXTENSION citus UPDATE TO '10.1-1';
+-- Test downgrade to 10.0-1 from 10.0-2
+ALTER EXTENSION citus UPDATE TO '10.0-2';
 ALTER EXTENSION citus UPDATE TO '10.0-1';
 -- Should be empty result since upgrade+downgrade should be a no-op
 SELECT * FROM print_extension_changes();
@@ -520,6 +520,22 @@ SELECT * FROM print_extension_changes();
 ---------------------------------------------------------------------
 (0 rows)
 
+-- Snapshot of state at 10.0-2
+ALTER EXTENSION citus UPDATE TO '10.0-2';
+SELECT * FROM print_extension_changes();
+ previous_object | current_object
+---------------------------------------------------------------------
+(0 rows)
+
+-- Test downgrade to 10.0-2 from 10.1-1
+ALTER EXTENSION citus UPDATE TO '10.1-1';
+ALTER EXTENSION citus UPDATE TO '10.0-2';
+-- Should be empty result since upgrade+downgrade should be a no-op
+SELECT * FROM print_extension_changes();
+ previous_object | current_object
+---------------------------------------------------------------------
+(0 rows)
+
 -- Snapshot of state at 10.1-1
 ALTER EXTENSION citus UPDATE TO '10.1-1';
 SELECT * FROM print_extension_changes();

src/test/regress/expected/multi_multiuser.out

@@ -256,6 +256,37 @@ SELECT lock_relation_if_exists('test', 'ACCESS SHARE');
 SELECT lock_relation_if_exists('test', 'EXCLUSIVE');
 ERROR:  permission denied for table test
 ABORT;
+-- test creating columnar tables and accessing to columnar metadata tables via unprivileged user
+-- all below 5 commands should throw no permission errors
+-- read columnar metadata table
+SELECT * FROM columnar.stripe;
+ storage_id | stripe_num | file_offset | data_length | column_count | chunk_row_count | row_count | chunk_group_count
+---------------------------------------------------------------------
+(0 rows)
+
+-- alter a columnar setting
+SET columnar.chunk_group_row_limit = 1050;
+DO $proc$
+BEGIN
+IF substring(current_Setting('server_version'), '\d+')::int >= 12 THEN
+  EXECUTE $$
+    -- create columnar table
+    CREATE TABLE columnar_table (a int) USING columnar;
+    -- alter a columnar table that is created by that unprivileged user
+    SELECT alter_columnar_table_set('columnar_table', chunk_group_row_limit => 100);
+    -- and drop it
+    DROP TABLE columnar_table;
+  $$;
+END IF;
+END$proc$;
+-- cannot modify columnar metadata table as unprivileged user
+INSERT INTO columnar.stripe VALUES(99);
+ERROR:  permission denied for table stripe
+-- Cannot drop columnar metadata table as unprivileged user.
+-- Privileged user also cannot drop but with a different error message.
+-- (since citus extension has a dependency to it)
+DROP TABLE columnar.chunk;
+ERROR:  must be owner of table chunk
 -- check no permission
 SET ROLE no_access;
 EXECUTE prepare_insert(1);

src/test/regress/sql/multi_extension.sql

@@ -198,12 +198,22 @@ SELECT * FROM print_extension_changes();
 ALTER EXTENSION citus UPDATE TO '10.0-1';
 SELECT * FROM print_extension_changes();
 
--- Test downgrade to 10.0-1 from 10.1-1
-ALTER EXTENSION citus UPDATE TO '10.1-1';
+-- Test downgrade to 10.0-1 from 10.0-2
+ALTER EXTENSION citus UPDATE TO '10.0-2';
 ALTER EXTENSION citus UPDATE TO '10.0-1';
 -- Should be empty result since upgrade+downgrade should be a no-op
 SELECT * FROM print_extension_changes();
 
+-- Snapshot of state at 10.0-2
+ALTER EXTENSION citus UPDATE TO '10.0-2';
+SELECT * FROM print_extension_changes();
+
+-- Test downgrade to 10.0-2 from 10.1-1
+ALTER EXTENSION citus UPDATE TO '10.1-1';
+ALTER EXTENSION citus UPDATE TO '10.0-2';
+-- Should be empty result since upgrade+downgrade should be a no-op
+SELECT * FROM print_extension_changes();
+
 -- Snapshot of state at 10.1-1
 ALTER EXTENSION citus UPDATE TO '10.1-1';
 SELECT * FROM print_extension_changes();

src/test/regress/sql/multi_multiuser.sql

@@ -155,6 +155,34 @@ SELECT lock_relation_if_exists('test', 'ACCESS SHARE');
 SELECT lock_relation_if_exists('test', 'EXCLUSIVE');
 ABORT;
 
+-- test creating columnar tables and accessing to columnar metadata tables via unprivileged user
+
+-- all below 5 commands should throw no permission errors
+-- read columnar metadata table
+SELECT * FROM columnar.stripe;
+-- alter a columnar setting
+SET columnar.chunk_group_row_limit = 1050;
+
+DO $proc$
+BEGIN
+IF substring(current_Setting('server_version'), '\d+')::int >= 12 THEN
+  EXECUTE $$
+    -- create columnar table
+    CREATE TABLE columnar_table (a int) USING columnar;
+    -- alter a columnar table that is created by that unprivileged user
+    SELECT alter_columnar_table_set('columnar_table', chunk_group_row_limit => 100);
+    -- and drop it
+    DROP TABLE columnar_table;
+  $$;
+END IF;
+END$proc$;
+
+-- cannot modify columnar metadata table as unprivileged user
+INSERT INTO columnar.stripe VALUES(99);
+-- Cannot drop columnar metadata table as unprivileged user.
+-- Privileged user also cannot drop but with a different error message.
+-- (since citus extension has a dependency to it)
+DROP TABLE columnar.chunk;
 
 -- check no permission
 SET ROLE no_access;