From dcc020760519edda38753d176ff3c9ac718640cf Mon Sep 17 00:00:00 2001
From: Onur Tirtir <onurcantirtir@gmail.com>
Date: Fri, 26 Feb 2021 11:39:02 +0300
Subject: [PATCH 1/2] Add 10.0-2 schema version

---
 .../distributed/sql/citus--10.0-1--10.0-2.sql |  1 +
 ...--10.1-1.sql => citus--10.0-2--10.1-1.sql} |  2 +-
 .../sql/downgrades/citus--10.0-2--10.0-1.sql  |  1 +
 .../sql/downgrades/citus--10.1-1--10.0-1.sql  |  3 ---
 .../sql/downgrades/citus--10.1-1--10.0-2.sql  |  3 +++
 src/test/regress/expected/multi_extension.out | 20 +++++++++++++++++--
 .../regress/expected/multi_extension_0.out    | 20 +++++++++++++++++--
 src/test/regress/sql/multi_extension.sql      | 14 +++++++++++--
 8 files changed, 54 insertions(+), 10 deletions(-)
 create mode 100644 src/backend/distributed/sql/citus--10.0-1--10.0-2.sql
 rename src/backend/distributed/sql/{citus--10.0-1--10.1-1.sql => citus--10.0-2--10.1-1.sql} (52%)
 create mode 100644 src/backend/distributed/sql/downgrades/citus--10.0-2--10.0-1.sql
 delete mode 100644 src/backend/distributed/sql/downgrades/citus--10.1-1--10.0-1.sql
 create mode 100644 src/backend/distributed/sql/downgrades/citus--10.1-1--10.0-2.sql

diff --git a/src/backend/distributed/sql/citus--10.0-1--10.0-2.sql b/src/backend/distributed/sql/citus--10.0-1--10.0-2.sql
new file mode 100644
index 000000000..de58cdebc
--- /dev/null
+++ b/src/backend/distributed/sql/citus--10.0-1--10.0-2.sql
@@ -0,0 +1 @@
+-- citus--10.0-1--10.0-2
diff --git a/src/backend/distributed/sql/citus--10.0-1--10.1-1.sql b/src/backend/distributed/sql/citus--10.0-2--10.1-1.sql
similarity index 52%
rename from src/backend/distributed/sql/citus--10.0-1--10.1-1.sql
rename to src/backend/distributed/sql/citus--10.0-2--10.1-1.sql
index 56bf57db9..81ed2427a 100644
--- a/src/backend/distributed/sql/citus--10.0-1--10.1-1.sql
+++ b/src/backend/distributed/sql/citus--10.0-2--10.1-1.sql
@@ -1,4 +1,4 @@
--- citus--10.0-1--10.1-1
+-- citus--10.0-2--10.1-1
 
 -- bump version to 10.1-1
 
diff --git a/src/backend/distributed/sql/downgrades/citus--10.0-2--10.0-1.sql b/src/backend/distributed/sql/downgrades/citus--10.0-2--10.0-1.sql
new file mode 100644
index 000000000..711c46691
--- /dev/null
+++ b/src/backend/distributed/sql/downgrades/citus--10.0-2--10.0-1.sql
@@ -0,0 +1 @@
+/* citus--10.0-2--10.0-1.sql */
diff --git a/src/backend/distributed/sql/downgrades/citus--10.1-1--10.0-1.sql b/src/backend/distributed/sql/downgrades/citus--10.1-1--10.0-1.sql
deleted file mode 100644
index a7acf77fd..000000000
--- a/src/backend/distributed/sql/downgrades/citus--10.1-1--10.0-1.sql
+++ /dev/null
@@ -1,3 +0,0 @@
--- citus--10.1-1--10.0-1
--- this is an empty downgrade path since citus--10.0-1--10.1-1.sql is empty for now
-
diff --git a/src/backend/distributed/sql/downgrades/citus--10.1-1--10.0-2.sql b/src/backend/distributed/sql/downgrades/citus--10.1-1--10.0-2.sql
new file mode 100644
index 000000000..1e45067f9
--- /dev/null
+++ b/src/backend/distributed/sql/downgrades/citus--10.1-1--10.0-2.sql
@@ -0,0 +1,3 @@
+-- citus--10.1-1--10.0-2
+-- this is an empty downgrade path since citus--10.0-2--10.1-1.sql is empty for now
+
diff --git a/src/test/regress/expected/multi_extension.out b/src/test/regress/expected/multi_extension.out
index bbfd313be..15cd6da2d 100644
--- a/src/test/regress/expected/multi_extension.out
+++ b/src/test/regress/expected/multi_extension.out
@@ -515,8 +515,8 @@ SELECT * FROM print_extension_changes();
                                                                                  | view time_partitions
 (67 rows)
 
--- Test downgrade to 10.0-1 from 10.1-1
-ALTER EXTENSION citus UPDATE TO '10.1-1';
+-- Test downgrade to 10.0-1 from 10.0-2
+ALTER EXTENSION citus UPDATE TO '10.0-2';
 ALTER EXTENSION citus UPDATE TO '10.0-1';
 -- Should be empty result since upgrade+downgrade should be a no-op
 SELECT * FROM print_extension_changes();
@@ -524,6 +524,22 @@ SELECT * FROM print_extension_changes();
 ---------------------------------------------------------------------
 (0 rows)
 
+-- Snapshot of state at 10.0-2
+ALTER EXTENSION citus UPDATE TO '10.0-2';
+SELECT * FROM print_extension_changes();
+ previous_object | current_object
+---------------------------------------------------------------------
+(0 rows)
+
+-- Test downgrade to 10.0-2 from 10.1-1
+ALTER EXTENSION citus UPDATE TO '10.1-1';
+ALTER EXTENSION citus UPDATE TO '10.0-2';
+-- Should be empty result since upgrade+downgrade should be a no-op
+SELECT * FROM print_extension_changes();
+ previous_object | current_object
+---------------------------------------------------------------------
+(0 rows)
+
 -- Snapshot of state at 10.1-1
 ALTER EXTENSION citus UPDATE TO '10.1-1';
 SELECT * FROM print_extension_changes();
diff --git a/src/test/regress/expected/multi_extension_0.out b/src/test/regress/expected/multi_extension_0.out
index 8982708b9..30d27b7b7 100644
--- a/src/test/regress/expected/multi_extension_0.out
+++ b/src/test/regress/expected/multi_extension_0.out
@@ -511,8 +511,8 @@ SELECT * FROM print_extension_changes();
                                                                                  | view time_partitions
 (63 rows)
 
--- Test downgrade to 10.0-1 from 10.1-1
-ALTER EXTENSION citus UPDATE TO '10.1-1';
+-- Test downgrade to 10.0-1 from 10.0-2
+ALTER EXTENSION citus UPDATE TO '10.0-2';
 ALTER EXTENSION citus UPDATE TO '10.0-1';
 -- Should be empty result since upgrade+downgrade should be a no-op
 SELECT * FROM print_extension_changes();
@@ -520,6 +520,22 @@ SELECT * FROM print_extension_changes();
 ---------------------------------------------------------------------
 (0 rows)
 
+-- Snapshot of state at 10.0-2
+ALTER EXTENSION citus UPDATE TO '10.0-2';
+SELECT * FROM print_extension_changes();
+ previous_object | current_object
+---------------------------------------------------------------------
+(0 rows)
+
+-- Test downgrade to 10.0-2 from 10.1-1
+ALTER EXTENSION citus UPDATE TO '10.1-1';
+ALTER EXTENSION citus UPDATE TO '10.0-2';
+-- Should be empty result since upgrade+downgrade should be a no-op
+SELECT * FROM print_extension_changes();
+ previous_object | current_object
+---------------------------------------------------------------------
+(0 rows)
+
 -- Snapshot of state at 10.1-1
 ALTER EXTENSION citus UPDATE TO '10.1-1';
 SELECT * FROM print_extension_changes();
diff --git a/src/test/regress/sql/multi_extension.sql b/src/test/regress/sql/multi_extension.sql
index 17856dd26..86aae4a55 100644
--- a/src/test/regress/sql/multi_extension.sql
+++ b/src/test/regress/sql/multi_extension.sql
@@ -198,12 +198,22 @@ SELECT * FROM print_extension_changes();
 ALTER EXTENSION citus UPDATE TO '10.0-1';
 SELECT * FROM print_extension_changes();
 
--- Test downgrade to 10.0-1 from 10.1-1
-ALTER EXTENSION citus UPDATE TO '10.1-1';
+-- Test downgrade to 10.0-1 from 10.0-2
+ALTER EXTENSION citus UPDATE TO '10.0-2';
 ALTER EXTENSION citus UPDATE TO '10.0-1';
 -- Should be empty result since upgrade+downgrade should be a no-op
 SELECT * FROM print_extension_changes();
 
+-- Snapshot of state at 10.0-2
+ALTER EXTENSION citus UPDATE TO '10.0-2';
+SELECT * FROM print_extension_changes();
+
+-- Test downgrade to 10.0-2 from 10.1-1
+ALTER EXTENSION citus UPDATE TO '10.1-1';
+ALTER EXTENSION citus UPDATE TO '10.0-2';
+-- Should be empty result since upgrade+downgrade should be a no-op
+SELECT * FROM print_extension_changes();
+
 -- Snapshot of state at 10.1-1
 ALTER EXTENSION citus UPDATE TO '10.1-1';
 SELECT * FROM print_extension_changes();

From 54ac924bef5df2cba4c0a1d7f90073f68523a478 Mon Sep 17 00:00:00 2001
From: Onur Tirtir <onurcantirtir@gmail.com>
Date: Fri, 26 Feb 2021 11:39:19 +0300
Subject: [PATCH 2/2] Grant read access for columnar metadata tables to
 unprivileged user

---
 .../columnar/sql/columnar--10.0-1--10.0-2.sql |  5 +++
 .../downgrades/columnar--10.0-2--10.0-1.sql   |  5 +++
 .../distributed/sql/citus--10.0-1--10.0-2.sql |  2 ++
 .../sql/downgrades/citus--10.0-2--10.0-1.sql  |  1 +
 src/test/regress/expected/multi_multiuser.out | 31 +++++++++++++++++++
 src/test/regress/sql/multi_multiuser.sql      | 28 +++++++++++++++++
 6 files changed, 72 insertions(+)
 create mode 100644 src/backend/columnar/sql/columnar--10.0-1--10.0-2.sql
 create mode 100644 src/backend/columnar/sql/downgrades/columnar--10.0-2--10.0-1.sql

diff --git a/src/backend/columnar/sql/columnar--10.0-1--10.0-2.sql b/src/backend/columnar/sql/columnar--10.0-1--10.0-2.sql
new file mode 100644
index 000000000..ca5dc1cd1
--- /dev/null
+++ b/src/backend/columnar/sql/columnar--10.0-1--10.0-2.sql
@@ -0,0 +1,5 @@
+/* columnar--10.0-1--10.0-2.sql */
+
+-- grant read access for columnar metadata tables to unprivileged user
+GRANT USAGE ON SCHEMA columnar TO PUBLIC;
+GRANT SELECT ON ALL tables IN SCHEMA columnar TO PUBLIC ;
diff --git a/src/backend/columnar/sql/downgrades/columnar--10.0-2--10.0-1.sql b/src/backend/columnar/sql/downgrades/columnar--10.0-2--10.0-1.sql
new file mode 100644
index 000000000..e82d21f79
--- /dev/null
+++ b/src/backend/columnar/sql/downgrades/columnar--10.0-2--10.0-1.sql
@@ -0,0 +1,5 @@
+/* columnar--10.0-2--10.0-1.sql */
+
+-- revoke read access for columnar metadata tables from unprivileged user
+REVOKE USAGE ON SCHEMA columnar FROM PUBLIC;
+REVOKE SELECT ON ALL tables IN SCHEMA columnar FROM PUBLIC;
diff --git a/src/backend/distributed/sql/citus--10.0-1--10.0-2.sql b/src/backend/distributed/sql/citus--10.0-1--10.0-2.sql
index de58cdebc..813591cd3 100644
--- a/src/backend/distributed/sql/citus--10.0-1--10.0-2.sql
+++ b/src/backend/distributed/sql/citus--10.0-1--10.0-2.sql
@@ -1 +1,3 @@
 -- citus--10.0-1--10.0-2
+
+#include "../../columnar/sql/columnar--10.0-1--10.0-2.sql"
diff --git a/src/backend/distributed/sql/downgrades/citus--10.0-2--10.0-1.sql b/src/backend/distributed/sql/downgrades/citus--10.0-2--10.0-1.sql
index 711c46691..c418000fd 100644
--- a/src/backend/distributed/sql/downgrades/citus--10.0-2--10.0-1.sql
+++ b/src/backend/distributed/sql/downgrades/citus--10.0-2--10.0-1.sql
@@ -1 +1,2 @@
 /* citus--10.0-2--10.0-1.sql */
+#include "../../../columnar/sql/downgrades/columnar--10.0-2--10.0-1.sql"
diff --git a/src/test/regress/expected/multi_multiuser.out b/src/test/regress/expected/multi_multiuser.out
index a0480d8a0..32c14b06f 100644
--- a/src/test/regress/expected/multi_multiuser.out
+++ b/src/test/regress/expected/multi_multiuser.out
@@ -256,6 +256,37 @@ SELECT lock_relation_if_exists('test', 'ACCESS SHARE');
 SELECT lock_relation_if_exists('test', 'EXCLUSIVE');
 ERROR:  permission denied for table test
 ABORT;
+-- test creating columnar tables and accessing to columnar metadata tables via unprivileged user
+-- all below 5 commands should throw no permission errors
+-- read columnar metadata table
+SELECT * FROM columnar.stripe;
+ storage_id | stripe_num | file_offset | data_length | column_count | chunk_row_count | row_count | chunk_group_count
+---------------------------------------------------------------------
+(0 rows)
+
+-- alter a columnar setting
+SET columnar.chunk_group_row_limit = 1050;
+DO $proc$
+BEGIN
+IF substring(current_Setting('server_version'), '\d+')::int >= 12 THEN
+  EXECUTE $$
+    -- create columnar table
+    CREATE TABLE columnar_table (a int) USING columnar;
+    -- alter a columnar table that is created by that unprivileged user
+    SELECT alter_columnar_table_set('columnar_table', chunk_group_row_limit => 100);
+    -- and drop it
+    DROP TABLE columnar_table;
+  $$;
+END IF;
+END$proc$;
+-- cannot modify columnar metadata table as unprivileged user
+INSERT INTO columnar.stripe VALUES(99);
+ERROR:  permission denied for table stripe
+-- Cannot drop columnar metadata table as unprivileged user.
+-- Privileged user also cannot drop but with a different error message.
+-- (since citus extension has a dependency to it)
+DROP TABLE columnar.chunk;
+ERROR:  must be owner of table chunk
 -- check no permission
 SET ROLE no_access;
 EXECUTE prepare_insert(1);
diff --git a/src/test/regress/sql/multi_multiuser.sql b/src/test/regress/sql/multi_multiuser.sql
index b88fadb03..576728e91 100644
--- a/src/test/regress/sql/multi_multiuser.sql
+++ b/src/test/regress/sql/multi_multiuser.sql
@@ -155,6 +155,34 @@ SELECT lock_relation_if_exists('test', 'ACCESS SHARE');
 SELECT lock_relation_if_exists('test', 'EXCLUSIVE');
 ABORT;
 
+-- test creating columnar tables and accessing to columnar metadata tables via unprivileged user
+
+-- all below 5 commands should throw no permission errors
+-- read columnar metadata table
+SELECT * FROM columnar.stripe;
+-- alter a columnar setting
+SET columnar.chunk_group_row_limit = 1050;
+
+DO $proc$
+BEGIN
+IF substring(current_Setting('server_version'), '\d+')::int >= 12 THEN
+  EXECUTE $$
+    -- create columnar table
+    CREATE TABLE columnar_table (a int) USING columnar;
+    -- alter a columnar table that is created by that unprivileged user
+    SELECT alter_columnar_table_set('columnar_table', chunk_group_row_limit => 100);
+    -- and drop it
+    DROP TABLE columnar_table;
+  $$;
+END IF;
+END$proc$;
+
+-- cannot modify columnar metadata table as unprivileged user
+INSERT INTO columnar.stripe VALUES(99);
+-- Cannot drop columnar metadata table as unprivileged user.
+-- Privileged user also cannot drop but with a different error message.
+-- (since citus extension has a dependency to it)
+DROP TABLE columnar.chunk;
 
 -- check no permission
 SET ROLE no_access;