external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes test outputs

granted_by_propagation_non_filter
gurkanindibay 2024-03-13 12:15:13 +03:00
parent 029b0e1697
commit 632a8613c8
4 changed files with 118 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

199
src/test/regress/expected/create_role_propagation.out
View File

@ -225,10 +225,7 @@ SET citus.enable_create_role_propagation TO ON;
grant dist_role_3,dist_role_1 to test_admin_role with admin option; grant dist_role_3,dist_role_1 to test_admin_role with admin option;
SET ROLE dist_role_1; SET ROLE dist_role_1;
GRANT non_dist_role_1 TO non_dist_role_2; GRANT non_dist_role_1 TO non_dist_role_2;
NOTICE: not propagating GRANT command to other nodes ERROR: connection to the remote node dist_role_1@localhost:xxxxx failed with the following error: FATAL: role "dist_role_1" is not permitted to log in
HINT: Since no grantees are distributed, the GRANT command will not be propagated to other nodes.
NOTICE: not propagating GRANT command to other nodes
HINT: Since no granted roles are distributed, the GRANT command will not be propagated to other nodes.
SET citus.enable_create_role_propagation TO OFF; SET citus.enable_create_role_propagation TO OFF;
grant dist_role_1 to non_dist_role_1 with admin option; grant dist_role_1 to non_dist_role_1 with admin option;
SET ROLE non_dist_role_1; SET ROLE non_dist_role_1;
@ -236,12 +233,17 @@ GRANT dist_role_1 TO dist_role_2 granted by non_dist_role_1;
RESET ROLE; RESET ROLE;
SET citus.enable_create_role_propagation TO ON; SET citus.enable_create_role_propagation TO ON;
GRANT dist_role_3 TO non_dist_role_3 granted by test_admin_role; GRANT dist_role_3 TO non_dist_role_3 granted by test_admin_role;
NOTICE: not propagating GRANT command to other nodes ERROR: role "non_dist_role_3" does not exist
HINT: Since no grantees are distributed, the GRANT command will not be propagated to other nodes. CONTEXT: while executing command on localhost:xxxxx
GRANT non_dist_role_4 TO dist_role_4; GRANT non_dist_role_4 TO dist_role_4;
NOTICE: not propagating GRANT command to other nodes
HINT: Since no granted roles are distributed, the GRANT command will not be propagated to other nodes.
GRANT dist_role_3 TO dist_role_4 granted by test_admin_role; GRANT dist_role_3 TO dist_role_4 granted by test_admin_role;
SELECT 1 FROM master_add_node('localhost', :worker_2_port);
WARNING: role "non_dist_role_1" does not exist
CONTEXT: while executing command on localhost:xxxxx
ERROR: failure on connection marked as essential: localhost:xxxxx
\c - - - :worker_2_port
create role non_dist_role_1;
\c - - - :master_port
SELECT 1 FROM master_add_node('localhost', :worker_2_port); SELECT 1 FROM master_add_node('localhost', :worker_2_port);
?column? ?column?
--------------------------------------------------------------------- ---------------------------------------------------------------------
@ -256,14 +258,13 @@ SELECT result FROM run_command_on_all_nodes(
) q; ) q;
$$ $$
); );
result result
--------------------------------------------------------------------- ---------------------------------------------------------------------
[{"member":"dist_role_4","role":"dist_role_3","grantor":"test_admin_role","admin_option":false}, + [{"member":"dist_role_4","role":"dist_role_3","grantor":"test_admin_role","admin_option":false}, +
{"member":"non_dist_role_3","role":"dist_role_3","grantor":"test_admin_role","admin_option":false}, +
{"member":"test_admin_role","role":"dist_role_3","grantor":"postgres","admin_option":true}] {"member":"test_admin_role","role":"dist_role_3","grantor":"postgres","admin_option":true}]
[{"member":"dist_role_4","role":"dist_role_3","grantor":"test_admin_role","admin_option":false}, + [{"member":"dist_role_4","role":"dist_role_3","grantor":"test_admin_role","admin_option":false}, +
{"member":"test_admin_role","role":"dist_role_3","grantor":"postgres","admin_option":true}] {"member":"test_admin_role","role":"dist_role_3","grantor":"postgres","admin_option":true}]
[{"member":"dist_role_4","role":"dist_role_3","grantor":"test_admin_role","admin_option":false}, + [{"member":"dist_role_4","role":"dist_role_3","grantor":"test_admin_role","admin_option":false}, +
{"member":"test_admin_role","role":"dist_role_3","grantor":"postgres","admin_option":true}] {"member":"test_admin_role","role":"dist_role_3","grantor":"postgres","admin_option":true}]
(3 rows) (3 rows)
@ -277,10 +278,9 @@ SELECT result FROM run_command_on_all_nodes(
) q; ) q;
$$ $$
); );
result result
--------------------------------------------------------------------- ---------------------------------------------------------------------
[{"member":"non_dist_role_3","role":"dist_role_3","grantor":"test_admin_role","admin_option":false}, + [{"member":"test_admin_role","role":"dist_role_3","grantor":"postgres","admin_option":true}]
{"member":"test_admin_role","role":"dist_role_3","grantor":"postgres","admin_option":true}]
[{"member":"test_admin_role","role":"dist_role_3","grantor":"postgres","admin_option":true}] [{"member":"test_admin_role","role":"dist_role_3","grantor":"postgres","admin_option":true}]
[{"member":"test_admin_role","role":"dist_role_3","grantor":"postgres","admin_option":true}] [{"member":"test_admin_role","role":"dist_role_3","grantor":"postgres","admin_option":true}]
(3 rows) (3 rows)
@ -291,11 +291,9 @@ SELECT roleid::regrole::text AS role, member::regrole::text, (grantor::regrole::
dist_role_1 | dist_role_2 | t | f dist_role_1 | dist_role_2 | t | f
dist_role_1 | non_dist_role_1 | t | t dist_role_1 | non_dist_role_1 | t | t
dist_role_1 | test_admin_role | t | t dist_role_1 | test_admin_role | t | t
dist_role_3 | non_dist_role_3 | t | f
dist_role_3 | test_admin_role | t | t dist_role_3 | test_admin_role | t | t
non_dist_role_1 | non_dist_role_2 | t | f
non_dist_role_4 | dist_role_4 | t | f non_dist_role_4 | dist_role_4 | t | f
(7 rows) (5 rows)
SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text LIKE '%dist\_%' ORDER BY 1; SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text LIKE '%dist\_%' ORDER BY 1;
objid objid
@ -304,12 +302,14 @@ SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::
dist_role_2 dist_role_2
dist_role_3 dist_role_3
dist_role_4 dist_role_4
non_dist_role_1
non_dist_role_4 non_dist_role_4
(5 rows) (6 rows)
REVOKE dist_role_3 from non_dist_role_3 granted by test_admin_role cascade; REVOKE dist_role_3 from non_dist_role_3 granted by test_admin_role cascade;
NOTICE: not propagating GRANT command to other nodes WARNING: role "non_dist_role_3" has not been granted membership in role "dist_role_3" by role "test_admin_role"
HINT: Since no grantees are distributed, the GRANT command will not be propagated to other nodes. ERROR: role "non_dist_role_3" does not exist
CONTEXT: while executing command on localhost:xxxxx
SELECT result FROM run_command_on_all_nodes( SELECT result FROM run_command_on_all_nodes(
$$ $$
SELECT json_agg(q.* ORDER BY member) FROM ( SELECT json_agg(q.* ORDER BY member) FROM (
@ -329,22 +329,6 @@ SELECT result FROM run_command_on_all_nodes(
revoke dist_role_3,dist_role_1 from test_admin_role cascade; revoke dist_role_3,dist_role_1 from test_admin_role cascade;
drop role test_admin_role; drop role test_admin_role;
\c - - - :worker_1_port \c - - - :worker_1_port
SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%dist\_%' ORDER BY 1, 2;
role | member | grantor | admin_option
---------------------------------------------------------------------
(0 rows)
SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist\_%' ORDER BY 1;
rolname
---------------------------------------------------------------------
dist_role_1
dist_role_2
dist_role_3
dist_role_4
non_dist_role_4
(5 rows)
\c - - - :worker_2_port
SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%dist\_%' ORDER BY 1, 2; SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%dist\_%' ORDER BY 1, 2;
role | member | grantor | admin_option role | member | grantor | admin_option
--------------------------------------------------------------------- ---------------------------------------------------------------------
@ -358,8 +342,29 @@ SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist\_%' ORDER BY 1;
dist_role_2 dist_role_2
dist_role_3 dist_role_3
dist_role_4 dist_role_4
non_dist_role_1
non_dist_role_4 non_dist_role_4
(5 rows) (6 rows)
\c - - - :worker_2_port
SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%dist\_%' ORDER BY 1, 2;
role | member | grantor | admin_option
---------------------------------------------------------------------
dist_role_1 | dist_role_2 | non_dist_role_1 | f
dist_role_1 | non_dist_role_1 | postgres | t
non_dist_role_4 | dist_role_4 | postgres | f
(3 rows)
SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist\_%' ORDER BY 1;
rolname
---------------------------------------------------------------------
dist_role_1
dist_role_2
dist_role_3
dist_role_4
non_dist_role_1
non_dist_role_4
(6 rows)
\c - - - :master_port \c - - - :master_port
DROP ROLE dist_role_3, non_dist_role_3, dist_role_4, non_dist_role_4; DROP ROLE dist_role_3, non_dist_role_3, dist_role_4, non_dist_role_4;
@ -412,6 +417,8 @@ SELECT master_remove_node('localhost', :worker_2_port);
(1 row) (1 row)
GRANT dist_mixed_1, dist_mixed_2, nondist_mixed_1 TO dist_mixed_3, dist_mixed_4, nondist_mixed_2; GRANT dist_mixed_1, dist_mixed_2, nondist_mixed_1 TO dist_mixed_3, dist_mixed_4, nondist_mixed_2;
ERROR: role "nondist_mixed_2" does not exist
CONTEXT: while executing command on localhost:xxxxx
SELECT 1 FROM master_add_node('localhost', :worker_2_port); SELECT 1 FROM master_add_node('localhost', :worker_2_port);
?column? ?column?
--------------------------------------------------------------------- ---------------------------------------------------------------------
@ -419,38 +426,24 @@ SELECT 1 FROM master_add_node('localhost', :worker_2_port);
(1 row) (1 row)
SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%dist\_mixed%' ORDER BY 1, 2; SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%dist\_mixed%' ORDER BY 1, 2;
role | member | grantor | admin_option role | member | grantor | admin_option
--------------------------------------------------------------------- ---------------------------------------------------------------------
dist_mixed_1 | dist_mixed_3 | postgres | f (0 rows)
dist_mixed_1 | dist_mixed_4 | postgres | f
dist_mixed_1 | nondist_mixed_2 | postgres | f
dist_mixed_2 | dist_mixed_3 | postgres | f
dist_mixed_2 | dist_mixed_4 | postgres | f
dist_mixed_2 | nondist_mixed_2 | postgres | f
nondist_mixed_1 | dist_mixed_3 | postgres | f
nondist_mixed_1 | dist_mixed_4 | postgres | f
nondist_mixed_1 | nondist_mixed_2 | postgres | f
(9 rows)
SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text LIKE '%dist\_mixed%' ORDER BY 1; SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text LIKE '%dist\_mixed%' ORDER BY 1;
objid objid
--------------------------------------------------------------------- ---------------------------------------------------------------------
dist_mixed_1 dist_mixed_1
dist_mixed_2 dist_mixed_2
dist_mixed_3 dist_mixed_3
dist_mixed_4 dist_mixed_4
nondist_mixed_1 (4 rows)
(5 rows)
\c - - - :worker_1_port \c - - - :worker_1_port
SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%dist\_mixed%' ORDER BY 1, 2; SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%dist\_mixed%' ORDER BY 1, 2;
role | member | grantor | admin_option role | member | grantor | admin_option
--------------------------------------------------------------------- ---------------------------------------------------------------------
dist_mixed_1 | dist_mixed_3 | postgres | f (0 rows)
dist_mixed_1 | dist_mixed_4 | postgres | f
dist_mixed_2 | dist_mixed_3 | postgres | f
dist_mixed_2 | dist_mixed_4 | postgres | f
(4 rows)
SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist\_mixed%' ORDER BY 1; SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist\_mixed%' ORDER BY 1;
rolname rolname
@ -464,35 +457,29 @@ SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist\_mixed%' ORDER BY 1;
\c - - - :worker_2_port \c - - - :worker_2_port
SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%dist\_mixed%' ORDER BY 1, 2; SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%dist\_mixed%' ORDER BY 1, 2;
role | member | grantor | admin_option role | member | grantor | admin_option
--------------------------------------------------------------------- ---------------------------------------------------------------------
dist_mixed_1 | dist_mixed_3 | postgres | f (0 rows)
dist_mixed_1 | dist_mixed_4 | postgres | f
dist_mixed_2 | dist_mixed_3 | postgres | f
dist_mixed_2 | dist_mixed_4 | postgres | f
nondist_mixed_1 | dist_mixed_3 | postgres | f
nondist_mixed_1 | dist_mixed_4 | postgres | f
(6 rows)
SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist\_mixed%' ORDER BY 1; SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist\_mixed%' ORDER BY 1;
rolname rolname
--------------------------------------------------------------------- ---------------------------------------------------------------------
dist_mixed_1 dist_mixed_1
dist_mixed_2 dist_mixed_2
dist_mixed_3 dist_mixed_3
dist_mixed_4 dist_mixed_4
nondist_mixed_1 (4 rows)
(5 rows)
\c - - - :master_port \c - - - :master_port
DROP ROLE dist_mixed_1, dist_mixed_2, dist_mixed_3, dist_mixed_4, nondist_mixed_1, nondist_mixed_2; DROP ROLE dist_mixed_1, dist_mixed_2, dist_mixed_3, dist_mixed_4, nondist_mixed_1, nondist_mixed_2;
-- test drop multiple roles with non-distributed roles -- test drop multiple roles with non-distributed roles
SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text LIKE '%dist%' ORDER BY 1; SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text LIKE '%dist%' ORDER BY 1;
objid objid
--------------------------------------------------------------------- ---------------------------------------------------------------------
dist_role_1 dist_role_1
dist_role_2 dist_role_2
(2 rows) non_dist_role_1
(3 rows)
SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist%' ORDER BY 1; SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist%' ORDER BY 1;
rolname rolname
@ -505,11 +492,13 @@ SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist%' ORDER BY 1;
\c - - - :worker_1_port \c - - - :worker_1_port
SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist%' ORDER BY 1; SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist%' ORDER BY 1;
rolname rolname
--------------------------------------------------------------------- ---------------------------------------------------------------------
dist_role_1 dist_role_1
dist_role_2 dist_role_2
(2 rows) non_dist_role_1
nondist_mixed_1
(4 rows)
\c - - - :master_port \c - - - :master_port
DROP ROLE dist_role_1, non_dist_role_1, dist_role_2, non_dist_role_2; DROP ROLE dist_role_1, non_dist_role_1, dist_role_2, non_dist_role_2;
@ -525,9 +514,10 @@ SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist%' ORDER BY 1;
\c - - - :worker_1_port \c - - - :worker_1_port
SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist%' ORDER BY 1; SELECT rolname FROM pg_authid WHERE rolname LIKE '%dist%' ORDER BY 1;
rolname rolname
--------------------------------------------------------------------- ---------------------------------------------------------------------
(0 rows) nondist_mixed_1
(1 row)
\c - - - :master_port \c - - - :master_port
-- test alter part of create or alter role -- test alter part of create or alter role
@ -578,15 +568,11 @@ HINT: Connect to other nodes directly to manually create all necessary users an
SET citus.enable_create_role_propagation TO ON; SET citus.enable_create_role_propagation TO ON;
CREATE ROLE dist_cascade; CREATE ROLE dist_cascade;
GRANT nondist_cascade_1 TO nondist_cascade_2; GRANT nondist_cascade_1 TO nondist_cascade_2;
NOTICE: not propagating GRANT command to other nodes ERROR: role "nondist_cascade_2" does not exist
HINT: Since no grantees are distributed, the GRANT command will not be propagated to other nodes. CONTEXT: while executing command on localhost:xxxxx
NOTICE: not propagating GRANT command to other nodes
HINT: Since no granted roles are distributed, the GRANT command will not be propagated to other nodes.
GRANT nondist_cascade_2 TO nondist_cascade_3; GRANT nondist_cascade_2 TO nondist_cascade_3;
NOTICE: not propagating GRANT command to other nodes ERROR: role "nondist_cascade_3" does not exist
HINT: Since no grantees are distributed, the GRANT command will not be propagated to other nodes. CONTEXT: while executing command on localhost:xxxxx
NOTICE: not propagating GRANT command to other nodes
HINT: Since no granted roles are distributed, the GRANT command will not be propagated to other nodes.
SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text LIKE '%cascade%' ORDER BY 1; SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text LIKE '%cascade%' ORDER BY 1;
objid objid
--------------------------------------------------------------------- ---------------------------------------------------------------------
@ -594,11 +580,9 @@ SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::
(1 row) (1 row)
SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%cascade%' ORDER BY 1, 2; SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%cascade%' ORDER BY 1, 2;
role | member | grantor | admin_option role | member | grantor | admin_option
--------------------------------------------------------------------- ---------------------------------------------------------------------
nondist_cascade_1 | nondist_cascade_2 | postgres | f (0 rows)
nondist_cascade_2 | nondist_cascade_3 | postgres | f
(2 rows)
\c - - - :worker_1_port \c - - - :worker_1_port
SELECT rolname FROM pg_authid WHERE rolname LIKE '%cascade%' ORDER BY 1; SELECT rolname FROM pg_authid WHERE rolname LIKE '%cascade%' ORDER BY 1;
@ -620,8 +604,6 @@ SELECT master_remove_node('localhost', :worker_2_port);
(1 row) (1 row)
GRANT nondist_cascade_3 TO dist_cascade; GRANT nondist_cascade_3 TO dist_cascade;
NOTICE: not propagating GRANT command to other nodes
HINT: Since no granted roles are distributed, the GRANT command will not be propagated to other nodes.
SELECT 1 FROM master_add_node('localhost', :worker_2_port); SELECT 1 FROM master_add_node('localhost', :worker_2_port);
?column? ?column?
--------------------------------------------------------------------- ---------------------------------------------------------------------
@ -631,54 +613,43 @@ SELECT 1 FROM master_add_node('localhost', :worker_2_port);
SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text LIKE '%cascade%' ORDER BY 1; SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text LIKE '%cascade%' ORDER BY 1;
objid objid
--------------------------------------------------------------------- ---------------------------------------------------------------------
nondist_cascade_1
nondist_cascade_2
nondist_cascade_3 nondist_cascade_3
dist_cascade dist_cascade
(4 rows) (2 rows)
SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%cascade%' ORDER BY 1, 2; SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%cascade%' ORDER BY 1, 2;
role | member | grantor | admin_option role | member | grantor | admin_option
--------------------------------------------------------------------- ---------------------------------------------------------------------
nondist_cascade_1 | nondist_cascade_2 | postgres | f nondist_cascade_3 | dist_cascade | postgres | f
nondist_cascade_2 | nondist_cascade_3 | postgres | f (1 row)
nondist_cascade_3 | dist_cascade | postgres | f
(3 rows)
\c - - - :worker_1_port \c - - - :worker_1_port
SELECT rolname FROM pg_authid WHERE rolname LIKE '%cascade%' ORDER BY 1; SELECT rolname FROM pg_authid WHERE rolname LIKE '%cascade%' ORDER BY 1;
rolname rolname
--------------------------------------------------------------------- ---------------------------------------------------------------------
dist_cascade dist_cascade
nondist_cascade_1
nondist_cascade_2
nondist_cascade_3 nondist_cascade_3
(4 rows) (2 rows)
SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%cascade%' ORDER BY 1, 2; SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%cascade%' ORDER BY 1, 2;
role | member | grantor | admin_option role | member | grantor | admin_option
--------------------------------------------------------------------- ---------------------------------------------------------------------
nondist_cascade_1 | nondist_cascade_2 | postgres | f nondist_cascade_3 | dist_cascade | postgres | f
nondist_cascade_2 | nondist_cascade_3 | postgres | f (1 row)
(2 rows)
\c - - - :worker_2_port \c - - - :worker_2_port
SELECT rolname FROM pg_authid WHERE rolname LIKE '%cascade%' ORDER BY 1; SELECT rolname FROM pg_authid WHERE rolname LIKE '%cascade%' ORDER BY 1;
rolname rolname
--------------------------------------------------------------------- ---------------------------------------------------------------------
dist_cascade dist_cascade
nondist_cascade_1
nondist_cascade_2
nondist_cascade_3 nondist_cascade_3
(4 rows) (2 rows)
SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%cascade%' ORDER BY 1, 2; SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%cascade%' ORDER BY 1, 2;
role | member | grantor | admin_option role | member | grantor | admin_option
--------------------------------------------------------------------- ---------------------------------------------------------------------
nondist_cascade_1 | nondist_cascade_2 | postgres | f nondist_cascade_3 | dist_cascade | postgres | f
nondist_cascade_2 | nondist_cascade_3 | postgres | f (1 row)
nondist_cascade_3 | dist_cascade | postgres | f
(3 rows)
\c - - - :master_port \c - - - :master_port
DROP ROLE create_role, create_role_2, create_group, create_group_2, create_user, create_user_2, create_role_with_nothing, create_role_sysid, "create_role'edge", "create_role""edge"; DROP ROLE create_role, create_role_2, create_group, create_group_2, create_user, create_user_2, create_role_with_nothing, create_role_sysid, "create_role'edge", "create_role""edge";
@ -691,7 +662,7 @@ SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::t
(0 rows) (0 rows)
GRANT existing_role_1, nonexisting_role_1 TO existing_role_2, nonexisting_role_2; GRANT existing_role_1, nonexisting_role_1 TO existing_role_2, nonexisting_role_2;
ERROR: role "nonexisting_role_1" does not exist ERROR: role "nonexisting_role_2" does not exist
SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%existing%' ORDER BY 1, 2; SELECT roleid::regrole::text AS role, member::regrole::text, grantor::regrole::text, admin_option FROM pg_auth_members WHERE roleid::regrole::text LIKE '%existing%' ORDER BY 1, 2;
role | member | grantor | admin_option role | member | grantor | admin_option
--------------------------------------------------------------------- ---------------------------------------------------------------------

18
src/test/regress/expected/pg16.out
View File

@ -1032,14 +1032,14 @@ WHERE roleid::regrole::text = 'role1' ORDER BY 1, 2;
-- Set GUCs to log remote commands and filter on REVOKE commands -- Set GUCs to log remote commands and filter on REVOKE commands
SET citus.log_remote_commands TO on; SET citus.log_remote_commands TO on;
SET citus.grep_remote_commands = '%REVOKE%'; SET citus.grep_remote_commands = '%REVOKE%';
-- test REVOKES as well -- test REVOKES as well
GRANT role1 TO role2; GRANT role1 TO role2;
REVOKE SET OPTION FOR role1 FROM role2; REVOKE SET OPTION FOR role1 FROM role2;
NOTICE: issuing REVOKE SET OPTION FOR role1 FROM role2 RESTRICT; NOTICE: issuing REVOKE SET OPTION FOR role1 FROM role2 RESTRICT;
DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx
NOTICE: issuing REVOKE SET OPTION FOR role1 FROM role2 RESTRICT; NOTICE: issuing REVOKE SET OPTION FOR role1 FROM role2 RESTRICT;
DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx
REVOKE INHERIT OPTION FOR role1 FROM role2; REVOKE INHERIT OPTION FOR role1 FROM role2;
NOTICE: issuing REVOKE INHERIT OPTION FOR role1 FROM role2 RESTRICT; NOTICE: issuing REVOKE INHERIT OPTION FOR role1 FROM role2 RESTRICT;
DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx
NOTICE: issuing REVOKE INHERIT OPTION FOR role1 FROM role2 RESTRICT; NOTICE: issuing REVOKE INHERIT OPTION FOR role1 FROM role2 RESTRICT;
@ -1053,15 +1053,7 @@ CREATE ROLE role5;
RESET citus.enable_ddl_propagation; RESET citus.enable_ddl_propagation;
-- by default, admin option is false, inherit is true, set is true -- by default, admin option is false, inherit is true, set is true
GRANT role3 TO role4; GRANT role3 TO role4;
NOTICE: not propagating GRANT command to other nodes
HINT: Since no grantees are distributed, the GRANT command will not be propagated to other nodes.
NOTICE: not propagating GRANT command to other nodes
HINT: Since no granted roles are distributed, the GRANT command will not be propagated to other nodes.
GRANT role3 TO role5 WITH ADMIN TRUE, INHERIT FALSE, SET FALSE; GRANT role3 TO role5 WITH ADMIN TRUE, INHERIT FALSE, SET FALSE;
NOTICE: not propagating GRANT command to other nodes
HINT: Since no grantees are distributed, the GRANT command will not be propagated to other nodes.
NOTICE: not propagating GRANT command to other nodes
HINT: Since no granted roles are distributed, the GRANT command will not be propagated to other nodes.
SELECT roleid::regrole::text AS role, member::regrole::text, admin_option, inherit_option, set_option FROM pg_auth_members SELECT roleid::regrole::text AS role, member::regrole::text, admin_option, inherit_option, set_option FROM pg_auth_members
WHERE roleid::regrole::text = 'role3' ORDER BY 1, 2; WHERE roleid::regrole::text = 'role3' ORDER BY 1, 2;
role | member | admin_option | inherit_option | set_option role | member | admin_option | inherit_option | set_option
@ -1148,7 +1140,7 @@ DROP ROLE role6, role7, role8, role9, role10, role11, role12,
-- when adding a new node. -- when adding a new node.
-- First, we need to remove the node: -- First, we need to remove the node:
SELECT 1 FROM citus_remove_node('localhost', :worker_2_port); SELECT 1 FROM citus_remove_node('localhost', :worker_2_port);
?column? ?column?
--------------------------------------------------------------------- ---------------------------------------------------------------------
1 1
(1 row) (1 row)

7
src/test/regress/sql/create_role_propagation.sql
View File

@ -121,6 +121,13 @@ GRANT non_dist_role_4 TO dist_role_4;
GRANT dist_role_3 TO dist_role_4 granted by test_admin_role; GRANT dist_role_3 TO dist_role_4 granted by test_admin_role;
SELECT 1 FROM master_add_node('localhost', :worker_2_port);
\c - - - :worker_2_port
create role non_dist_role_1;
\c - - - :master_port
SELECT 1 FROM master_add_node('localhost', :worker_2_port); SELECT 1 FROM master_add_node('localhost', :worker_2_port);
SELECT result FROM run_command_on_all_nodes( SELECT result FROM run_command_on_all_nodes(

21
src/test/regress/sql/granted_by_support.sql
View File

@ -94,6 +94,8 @@ grant non_dist_role_for_mds to dist_role1 with admin option;
grant dist_role3 to dist_role4 with admin option GRANTED BY non_dist_role_for_mds; grant dist_role3 to dist_role4 with admin option GRANTED BY non_dist_role_for_mds;
reset citus.enable_create_role_propagation; reset citus.enable_create_role_propagation;
SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text= 'non_dist_role_for_mds' ORDER BY 1;
select result FROM run_command_on_all_nodes( select result FROM run_command_on_all_nodes(
$$ $$
@ -108,6 +110,24 @@ select result FROM run_command_on_all_nodes(
$$ $$
); );
set citus.enable_create_role_propagation to off;
create role non_dist_role_mds_fail;
grant dist_role2 to non_dist_role_mds_fail with admin option;
grant dist_role2 to non_dist_role_for_mds GRANTED BY non_dist_role_mds_fail;
reset citus.enable_create_role_propagation;
--will fail since non_dist_role_for_mds is not in dependency resolution
select 1 from citus_add_node ('localhost',:worker_2_port);
--this grant statement will add non_dist_role_mds_fail to dist_role3 dependencies
grant non_dist_role_mds_fail to dist_role3;
--will be successful since non_dist_role_mds_fail is in dependency resolution of dist_role3
-- and will be created in metadata sync phase
select 1 from citus_add_node ('localhost',:worker_2_port); select 1 from citus_add_node ('localhost',:worker_2_port);
select result FROM run_command_on_all_nodes( select result FROM run_command_on_all_nodes(
@ -123,6 +143,7 @@ select result FROM run_command_on_all_nodes(
$$ $$
); );
--clean all resources --clean all resources
drop role dist_role1,dist_role2,dist_role3,dist_role4,"dist_role5'_test"; drop role dist_role1,dist_role2,dist_role3,dist_role4,"dist_role5'_test";
drop role non_dist_role1,non_dist_role2,non_dist_role_for_mds; drop role non_dist_role1,non_dist_role2,non_dist_role_for_mds;