external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes review issues

grant_database_2pc_onur_1
gurkanindibay 2024-01-10 22:07:57 +03:00
parent 665c65cf0e
commit 6d259d5941
3 changed files with 149 additions and 309 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/backend/distributed/commands/utility_hook.c
View File

@ -95,13 +95,23 @@
#define MARK_OBJECT_DISTRIBUTED \
"SELECT citus_internal.mark_object_distributed(%d, %s, %d)"
/*
* TwoPcStatementInfo is used to determine whether a statement is supported in 2PC
* and whether it should be marked as distributed in 2PC.
*/
typedef struct TwoPcStatementInfo
{
int statementType;
bool markAsDistributed;
} TwoPcStatementInfo;
/*
* twoPcSupportedStatements is a list of statements that are supported in 2PC.
* The list is used to determine whether a statement is supported in 2PC and
* whether it should be marked as distributed in 2PC.
* We use this array to avoid hardcoding the list of supported statements in
* multiple places.
*/
const TwoPcStatementInfo twoPcSupportedStatements[] = {
{ T_GrantRoleStmt, false },
{ T_CreateRoleStmt, true }
@ -137,8 +147,8 @@ static bool IsDropSchemaOrDB(Node *parsetree);
static bool ShouldCheckUndistributeCitusLocalTables(void);
static void RunPreprocessMainDBCommand(Node *parsetree, const char *queryString);
static void RunPostprocessMainDBCommand(Node *parsetree);
static bool IsStatementSupportedIn2Pc(Node *parsetree);
static bool IsStatementMarkDistributedFor2PC(Node *parsetree);
static bool IsStatementSupportedIn2PC(Node *parsetree);
static bool DoesStatementRequireMarkDistributedFor2PC(Node *parsetree);
/*
* ProcessUtilityParseTree is a convenience method to create a PlannedStmt out of
@ -1618,7 +1628,7 @@ DropSchemaOrDBInProgress(void)
static void
RunPreprocessMainDBCommand(Node *parsetree, const char *queryString)
{
if (!IsStatementSupportedIn2Pc(parsetree))
if (!IsStatementSupportedIn2PC(parsetree))
{
return;
}
@ -1644,8 +1654,8 @@ RunPreprocessMainDBCommand(Node *parsetree, const char *queryString)
static void
RunPostprocessMainDBCommand(Node *parsetree)
{
if (!IsStatementSupportedIn2Pc(parsetree) ||
!IsStatementMarkDistributedFor2PC(parsetree))
if (!IsStatementSupportedIn2PC(parsetree) ||
!DoesStatementRequireMarkDistributedFor2PC(parsetree))
{
return;
}
@ -1669,7 +1679,7 @@ RunPostprocessMainDBCommand(Node *parsetree)
* IsStatementSupportedIn2Pc returns true if the statement is supported in 2pc
*/
static bool
IsStatementSupportedIn2Pc(Node *parsetree)
IsStatementSupportedIn2PC(Node *parsetree)
{
NodeTag type = nodeTag(parsetree);
@ -1687,11 +1697,11 @@ IsStatementSupportedIn2Pc(Node *parsetree)
/*
* IsStatementMarkDistributedFor2PC returns true if the statement should be marked
* DoesStatementRequireMarkDistributedFor2PC returns true if the statement should be marked
* as distributed in 2pc
*/
static bool
IsStatementMarkDistributedFor2PC(Node *parsetree)
DoesStatementRequireMarkDistributedFor2PC(Node *parsetree)
{
NodeTag type = nodeTag(parsetree);

346
src/test/regress/expected/grant_role_2pc.out
View File

@ -12,9 +12,6 @@ SHOW citus.main_db;
-- check that empty citus.superuser gives error
SET citus.superuser TO '';
CREATE USER empty_superuser;
ERROR: No superuser role is given for Citus main database connection
HINT: Set citus.superuser to a superuser role name
SET citus.superuser TO 'postgres';
CREATE USER grant_role2pc_user1;
CREATE USER grant_role2pc_user2;
@ -23,44 +20,34 @@ CREATE USER grant_role2pc_user4;
CREATE USER grant_role2pc_user5;
CREATE USER grant_role2pc_user6;
CREATE USER grant_role2pc_user7;
\c regression
SELECT * FROM public.check_database_privileges('grant_role2pc_user2', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
---------------------------------------------------------------------
CREATE | f
CREATE | f
CREATE | f
CONNECT | f
CONNECT | f
CONNECT | f
TEMP | f
TEMP | f
TEMP | f
TEMPORARY | f
TEMPORARY | f
TEMPORARY | f
(12 rows)
grant create,connect,temporary,temp on database grant_role2pc_db to grant_role2pc_user1;
\c grant_role2pc_db
--test with empty superuser
SET citus.superuser TO '';
grant grant_role2pc_user1 to grant_role2pc_user2;
ERROR: No superuser role is given for Citus main database connection
HINT: Set citus.superuser to a superuser role name
SET citus.superuser TO 'postgres';
grant grant_role2pc_user1 to grant_role2pc_user2 with admin option granted by CURRENT_USER;
\c regression
SELECT * FROM public.check_database_privileges('grant_role2pc_user2', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
select result FROM run_command_on_all_nodes(
$$
SELECT array_to_json(array_agg(row_to_json(t)))
FROM (
SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option
FROM pg_auth_members m
JOIN pg_roles r ON r.oid = m.roleid
JOIN pg_roles g ON g.oid = m.member
JOIN pg_roles a ON a.oid = m.grantor
WHERE g.rolname = 'grant_role2pc_user2'
) t
$$
);
result
---------------------------------------------------------------------
CREATE | t
CREATE | t
CREATE | t
CONNECT | t
CONNECT | t
CONNECT | t
TEMP | t
TEMP | t
TEMP | t
TEMPORARY | t
TEMPORARY | t
TEMPORARY | t
(12 rows)
[{"role":"grant_role2pc_user1","group":"grant_role2pc_user2","grantor":"postgres","admin_option":true}]
[{"role":"grant_role2pc_user1","group":"grant_role2pc_user2","grantor":"postgres","admin_option":true}]
[{"role":"grant_role2pc_user1","group":"grant_role2pc_user2","grantor":"postgres","admin_option":true}]
(3 rows)
\c grant_role2pc_db
--test grant under transactional context with multiple operations
@ -78,147 +65,47 @@ SELECT 1/0;
ERROR: division by zero
commit;
\c regression
SELECT * FROM public.check_database_privileges('grant_role2pc_user3', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
select result FROM run_command_on_all_nodes($$
SELECT array_to_json(array_agg(row_to_json(t)))
FROM (
SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option
FROM pg_auth_members m
JOIN pg_roles r ON r.oid = m.roleid
JOIN pg_roles g ON g.oid = m.member
JOIN pg_roles a ON a.oid = m.grantor
WHERE g.rolname in ('grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7')
) t
$$);
result
---------------------------------------------------------------------
CREATE | t
CREATE | t
CREATE | t
CONNECT | t
CONNECT | t
CONNECT | t
TEMP | t
TEMP | t
TEMP | t
TEMPORARY | t
TEMPORARY | t
TEMPORARY | t
(12 rows)
SELECT * FROM public.check_database_privileges('grant_role2pc_user4', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
---------------------------------------------------------------------
CREATE | t
CREATE | t
CREATE | t
CONNECT | t
CONNECT | t
CONNECT | t
TEMP | t
TEMP | t
TEMP | t
TEMPORARY | t
TEMPORARY | t
TEMPORARY | t
(12 rows)
SELECT * FROM public.check_database_privileges('grant_role2pc_user5', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
---------------------------------------------------------------------
CREATE | f
CREATE | f
CREATE | f
CONNECT | f
CONNECT | f
CONNECT | f
TEMP | f
TEMP | f
TEMP | f
TEMPORARY | f
TEMPORARY | f
TEMPORARY | f
(12 rows)
SELECT * FROM public.check_database_privileges('grant_role2pc_user6', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
---------------------------------------------------------------------
CREATE | f
CREATE | f
CREATE | f
CONNECT | f
CONNECT | f
CONNECT | f
TEMP | f
TEMP | f
TEMP | f
TEMPORARY | f
TEMPORARY | f
TEMPORARY | f
(12 rows)
SELECT * FROM public.check_database_privileges('grant_role2pc_user7', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
---------------------------------------------------------------------
CREATE | f
CREATE | f
CREATE | f
CONNECT | f
CONNECT | f
CONNECT | f
TEMP | f
TEMP | f
TEMP | f
TEMPORARY | f
TEMPORARY | f
TEMPORARY | f
(12 rows)
[{"role":"grant_role2pc_user1","group":"grant_role2pc_user4","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user3","grantor":"postgres","admin_option":false}]
[{"role":"grant_role2pc_user1","group":"grant_role2pc_user4","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user3","grantor":"postgres","admin_option":false}]
[{"role":"grant_role2pc_user1","group":"grant_role2pc_user4","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user3","grantor":"postgres","admin_option":false}]
(3 rows)
\c grant_role2pc_db
grant grant_role2pc_user1 to grant_role2pc_user5,grant_role2pc_user6,grant_role2pc_user7;
grant grant_role2pc_user1,grant_role2pc_user2 to grant_role2pc_user5,grant_role2pc_user6,grant_role2pc_user7;
\c regression
SELECT * FROM public.check_database_privileges('grant_role2pc_user5', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
select result FROM run_command_on_all_nodes($$
SELECT array_to_json(array_agg(row_to_json(t)))
FROM (
SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option
FROM pg_auth_members m
JOIN pg_roles r ON r.oid = m.roleid
JOIN pg_roles g ON g.oid = m.member
JOIN pg_roles a ON a.oid = m.grantor
WHERE g.rolname in ('grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7')
) t
$$);
result
---------------------------------------------------------------------
CREATE | t
CREATE | t
CREATE | t
CONNECT | t
CONNECT | t
CONNECT | t
TEMP | t
TEMP | t
TEMP | t
TEMPORARY | t
TEMPORARY | t
TEMPORARY | t
(12 rows)
SELECT * FROM public.check_database_privileges('grant_role2pc_user6', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
---------------------------------------------------------------------
CREATE | t
CREATE | t
CREATE | t
CONNECT | t
CONNECT | t
CONNECT | t
TEMP | t
TEMP | t
TEMP | t
TEMPORARY | t
TEMPORARY | t
TEMPORARY | t
(12 rows)
SELECT * FROM public.check_database_privileges('grant_role2pc_user7', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
---------------------------------------------------------------------
CREATE | t
CREATE | t
CREATE | t
CONNECT | t
CONNECT | t
CONNECT | t
TEMP | t
TEMP | t
TEMP | t
TEMPORARY | t
TEMPORARY | t
TEMPORARY | t
(12 rows)
[{"role":"grant_role2pc_user1","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false}]
[{"role":"grant_role2pc_user1","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false}]
[{"role":"grant_role2pc_user1","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false}]
(3 rows)
\c grant_role2pc_db
revoke grant_role2pc_user1 from grant_role2pc_user2;
revoke admin option for grant_role2pc_user1 from grant_role2pc_user2 granted by CURRENT_USER;
--test revoke under transactional context with multiple operations
BEGIN;
revoke grant_role2pc_user1 from grant_role2pc_user3;
@ -229,110 +116,25 @@ revoke grant_role2pc_user1 from grant_role2pc_user5,grant_role2pc_user6;
revoke grant_role2pc_user1 from grant_role2pc_user7;
COMMIT;
\c regression
SELECT * FROM public.check_database_privileges('grant_role2pc_user2', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
select result FROM run_command_on_all_nodes($$
SELECT array_to_json(array_agg(row_to_json(t)))
FROM (
SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option
FROM pg_auth_members m
JOIN pg_roles r ON r.oid = m.roleid
JOIN pg_roles g ON g.oid = m.member
JOIN pg_roles a ON a.oid = m.grantor
WHERE g.rolname in ('grant_role2pc_user2','grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7')
) t
$$);
result
---------------------------------------------------------------------
CREATE | f
CREATE | f
CREATE | f
CONNECT | f
CONNECT | f
CONNECT | f
TEMP | f
TEMP | f
TEMP | f
TEMPORARY | f
TEMPORARY | f
TEMPORARY | f
(12 rows)
SELECT * FROM public.check_database_privileges('grant_role2pc_user3', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
---------------------------------------------------------------------
CREATE | f
CREATE | f
CREATE | f
CONNECT | f
CONNECT | f
CONNECT | f
TEMP | f
TEMP | f
TEMP | f
TEMPORARY | f
TEMPORARY | f
TEMPORARY | f
(12 rows)
SELECT * FROM public.check_database_privileges('grant_role2pc_user4', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
---------------------------------------------------------------------
CREATE | f
CREATE | f
CREATE | f
CONNECT | f
CONNECT | f
CONNECT | f
TEMP | f
TEMP | f
TEMP | f
TEMPORARY | f
TEMPORARY | f
TEMPORARY | f
(12 rows)
SELECT * FROM public.check_database_privileges('grant_role2pc_user5', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
---------------------------------------------------------------------
CREATE | f
CREATE | f
CREATE | f
CONNECT | f
CONNECT | f
CONNECT | f
TEMP | f
TEMP | f
TEMP | f
TEMPORARY | f
TEMPORARY | f
TEMPORARY | f
(12 rows)
SELECT * FROM public.check_database_privileges('grant_role2pc_user6', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
---------------------------------------------------------------------
CREATE | f
CREATE | f
CREATE | f
CONNECT | f
CONNECT | f
CONNECT | f
TEMP | f
TEMP | f
TEMP | f
TEMPORARY | f
TEMPORARY | f
TEMPORARY | f
(12 rows)
SELECT * FROM public.check_database_privileges('grant_role2pc_user7', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
permission | result
---------------------------------------------------------------------
CREATE | f
CREATE | f
CREATE | f
CONNECT | f
CONNECT | f
CONNECT | f
TEMP | f
TEMP | f
TEMP | f
TEMPORARY | f
TEMPORARY | f
TEMPORARY | f
(12 rows)
[{"role":"grant_role2pc_user1","group":"grant_role2pc_user2","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false}]
[{"role":"grant_role2pc_user1","group":"grant_role2pc_user2","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false}]
[{"role":"grant_role2pc_user1","group":"grant_role2pc_user2","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false}]
(3 rows)
DROP SCHEMA grant_role2pc;
REVOKE ALL PRIVILEGES ON DATABASE grant_role2pc_db FROM grant_role2pc_user1;
set citus.enable_create_database_propagation to on;
DROP DATABASE grant_role2pc_db;
drop user grant_role2pc_user2,grant_role2pc_user3,grant_role2pc_user4,grant_role2pc_user5,grant_role2pc_user6,grant_role2pc_user7;

84
src/test/regress/sql/grant_role_2pc.sql
View File

@ -16,7 +16,6 @@ SHOW citus.main_db;
-- check that empty citus.superuser gives error
SET citus.superuser TO '';
CREATE USER empty_superuser;
SET citus.superuser TO 'postgres';
CREATE USER grant_role2pc_user1;
@ -27,22 +26,30 @@ CREATE USER grant_role2pc_user5;
CREATE USER grant_role2pc_user6;
CREATE USER grant_role2pc_user7;
\c regression
SELECT * FROM public.check_database_privileges('grant_role2pc_user2', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
grant create,connect,temporary,temp on database grant_role2pc_db to grant_role2pc_user1;
\c grant_role2pc_db
--test with empty superuser
SET citus.superuser TO '';
grant grant_role2pc_user1 to grant_role2pc_user2;
SET citus.superuser TO 'postgres';
grant grant_role2pc_user1 to grant_role2pc_user2 with admin option granted by CURRENT_USER;
\c regression
SELECT * FROM public.check_database_privileges('grant_role2pc_user2', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
select result FROM run_command_on_all_nodes(
$$
SELECT array_to_json(array_agg(row_to_json(t)))
FROM (
SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option
FROM pg_auth_members m
JOIN pg_roles r ON r.oid = m.roleid
JOIN pg_roles g ON g.oid = m.member
JOIN pg_roles a ON a.oid = m.grantor
WHERE g.rolname = 'grant_role2pc_user2'
) t
$$
);
\c grant_role2pc_db
--test grant under transactional context with multiple operations
@ -66,23 +73,39 @@ commit;
\c regression
SELECT * FROM public.check_database_privileges('grant_role2pc_user3', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
SELECT * FROM public.check_database_privileges('grant_role2pc_user4', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
SELECT * FROM public.check_database_privileges('grant_role2pc_user5', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
SELECT * FROM public.check_database_privileges('grant_role2pc_user6', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
SELECT * FROM public.check_database_privileges('grant_role2pc_user7', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
select result FROM run_command_on_all_nodes($$
SELECT array_to_json(array_agg(row_to_json(t)))
FROM (
SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option
FROM pg_auth_members m
JOIN pg_roles r ON r.oid = m.roleid
JOIN pg_roles g ON g.oid = m.member
JOIN pg_roles a ON a.oid = m.grantor
WHERE g.rolname in ('grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7')
) t
$$);
\c grant_role2pc_db
grant grant_role2pc_user1 to grant_role2pc_user5,grant_role2pc_user6,grant_role2pc_user7;
grant grant_role2pc_user1,grant_role2pc_user2 to grant_role2pc_user5,grant_role2pc_user6,grant_role2pc_user7;
\c regression
SELECT * FROM public.check_database_privileges('grant_role2pc_user5', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
SELECT * FROM public.check_database_privileges('grant_role2pc_user6', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
SELECT * FROM public.check_database_privileges('grant_role2pc_user7', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
select result FROM run_command_on_all_nodes($$
SELECT array_to_json(array_agg(row_to_json(t)))
FROM (
SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option
FROM pg_auth_members m
JOIN pg_roles r ON r.oid = m.roleid
JOIN pg_roles g ON g.oid = m.member
JOIN pg_roles a ON a.oid = m.grantor
WHERE g.rolname in ('grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7')
) t
$$);
\c grant_role2pc_db
revoke grant_role2pc_user1 from grant_role2pc_user2;
revoke admin option for grant_role2pc_user1 from grant_role2pc_user2 granted by CURRENT_USER;
--test revoke under transactional context with multiple operations
BEGIN;
@ -97,16 +120,21 @@ COMMIT;
\c regression
SELECT * FROM public.check_database_privileges('grant_role2pc_user2', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
SELECT * FROM public.check_database_privileges('grant_role2pc_user3', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
SELECT * FROM public.check_database_privileges('grant_role2pc_user4', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
SELECT * FROM public.check_database_privileges('grant_role2pc_user5', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
SELECT * FROM public.check_database_privileges('grant_role2pc_user6', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
SELECT * FROM public.check_database_privileges('grant_role2pc_user7', 'grant_role2pc_db', ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']);
select result FROM run_command_on_all_nodes($$
SELECT array_to_json(array_agg(row_to_json(t)))
FROM (
SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option
FROM pg_auth_members m
JOIN pg_roles r ON r.oid = m.roleid
JOIN pg_roles g ON g.oid = m.member
JOIN pg_roles a ON a.oid = m.grantor
WHERE g.rolname in ('grant_role2pc_user2','grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7')
) t
$$);
DROP SCHEMA grant_role2pc;
REVOKE ALL PRIVILEGES ON DATABASE grant_role2pc_db FROM grant_role2pc_user1;
set citus.enable_create_database_propagation to on;
DROP DATABASE grant_role2pc_db;