diff --git a/src/test/regress/expected/granted_by_support.out b/src/test/regress/expected/granted_by_support.out index 2ab0e6c7b..9c76c88fe 100644 --- a/src/test/regress/expected/granted_by_support.out +++ b/src/test/regress/expected/granted_by_support.out @@ -29,21 +29,48 @@ grant dist_role3 to dist_role4 with admin option; -- To test non-distributed grantor, set this option off for some roles. set citus.enable_create_role_propagation to off; grant non_dist_role1 to dist_role1 with admin option; -reset citus.enable_create_role_propagation; -SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text= 'non_dist_role1' ORDER BY 1; - objid ---------------------------------------------------------------------- -(0 rows) - grant dist_role2 to non_dist_role1 with admin option; +grant dist_role2 to dist_role4 granted by non_dist_role1 ; +reset citus.enable_create_role_propagation; +grant dist_role2 to "dist_role5'_test" granted by non_dist_role1;--will fail since non_dist_role1 does not exist on worker_1 ERROR: role "non_dist_role1" does not exist CONTEXT: while executing command on localhost:xxxxx +\c - - - :master_port grant dist_role3 to "dist_role5'_test" granted by dist_role4; grant dist_role2 to "dist_role5'_test" granted by dist_role3; -grant dist_role2 to dist_role4 granted by non_dist_role1 ;--will not be propagated since grantor is non-distributed -ERROR: permission denied to grant privileges as role "non_dist_role1" -DETAIL: The grantor must have the ADMIN option on role "dist_role2". +--will fail since non_dist_role2 does not exist in worker_1 +grant dist_role2 to non_dist_role2 with admin option; +ERROR: role "non_dist_role2" does not exist +grant dist_role2 to dist_role4 granted by non_dist_role2 ; +ERROR: role "non_dist_role2" does not exist +grant non_dist_role2 to "dist_role5'_test"; +ERROR: role "non_dist_role2" does not exist +\c - - - :worker_1_port +create role non_dist_role2; +\c - - - :master_port +--will be successful since non_dist_role has been created on worker_1 +grant dist_role2 to non_dist_role2 with admin option; +grant dist_role2 to dist_role4 granted by non_dist_role2 ; +grant non_dist_role2 to "dist_role5'_test"; grant dist_role4 to "dist_role5'_test" with admin option; +select result FROM run_command_on_all_nodes( + $$ + SELECT array_to_json(array_agg(row_to_json(t))) + FROM ( + SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option + FROM pg_auth_members + WHERE member::regrole::text in + ('dist_role1','non_dist_role1') + order by member::regrole::text, roleid::regrole::text + ) t + $$ +); + result +--------------------------------------------------------------------- + [{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"non_dist_role1","grantor":"postgres","admin_option":true},{"member":"non_dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true}] + [{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true}] +(2 rows) + --below command propagates the non_dist_role1 since non_dist_role1 is already granted to dist_role1 --and citus sees granted roles as a dependency and citus propagates the dependent roles grant dist_role4 to dist_role1 with admin option GRANTED BY "dist_role5'_test"; @@ -65,175 +92,19 @@ grant dist_role3 to dist_role1 with admin option GRANTED BY dist_role4; grant "dist_role5'_test" to dist_role1 with admin option; grant "dist_role5'_test" to dist_role3 with admin option GRANTED BY dist_role1;--fails since already dist_role3 granted to "dist_role5'_test" ERROR: role "dist_role5'_test" is a member of role "dist_role3" -select result FROM run_command_on_all_nodes( - $$ - SELECT array_to_json(array_agg(row_to_json(t))) - FROM ( - SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option - FROM pg_auth_members - WHERE member::regrole::text in - ('dist_role1','dist_role2','dist_role3','dist_role4','"role5''_test"') - order by member::regrole::text, roleid::regrole::text - ) t - $$ -); - result ---------------------------------------------------------------------- - [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role1","role":"non_dist_role1","grantor":"postgres","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true}] - [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true}] -(2 rows) - -select 1 from citus_add_node ('localhost',:worker_2_port); - ?column? ---------------------------------------------------------------------- - 1 -(1 row) - -select result FROM run_command_on_all_nodes( - $$ - SELECT array_to_json(array_agg(row_to_json(t))) - FROM ( - SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option - FROM pg_auth_members - WHERE member::regrole::text in - ('dist_role1','dist_role2','dist_role3','dist_role4','"role5''_test"') - order by member::regrole::text, roleid::regrole::text - ) t - $$ -); - result ---------------------------------------------------------------------- - [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role1","role":"non_dist_role1","grantor":"postgres","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true}] - [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true}] - [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role1","role":"non_dist_role1","grantor":"postgres","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true}] -(3 rows) - ---clean all resources -drop role dist_role1,dist_role2,dist_role3,dist_role4,"dist_role5'_test"; -drop role non_dist_role1; -SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text= 'non_dist_role1' ORDER BY 1; - objid ---------------------------------------------------------------------- -(0 rows) - -reset citus.enable_create_role_propagation; -select result FROM run_command_on_all_nodes( - $$ - SELECT array_to_json(array_agg(row_to_json(t))) - FROM ( - SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option - FROM pg_auth_members - WHERE member::regrole::text in - ('dist_role1','dist_role2','dist_role3','dist_role4','"role5''_test"') - order by member::regrole::text, roleid::regrole::text - ) t - $$ -); - result ---------------------------------------------------------------------- - - - -(3 rows) - ---- Test 2: Tests from non-main database -set citus.enable_create_database_propagation to on; -create database test_granted_by_support; -select 1 from citus_remove_node ('localhost',:worker_2_port); - ?column? ---------------------------------------------------------------------- - 1 -(1 row) - -SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text= 'non_dist_role1' ORDER BY 1; - objid ---------------------------------------------------------------------- -(0 rows) - -\c test_granted_by_support ---here in below block since 'citus.enable_create_role_propagation to off ' is not effective, ---non_dist_role1 is being propagated to dist_role1 unlike main db scenario ---non_dist_role1 will be used for the test scenarios in this section set citus.enable_create_role_propagation to off; -create role non_dist_role1; -reset citus.enable_create_role_propagation; ---dropping since it isn't non-distributed as intended -drop role non_dist_role1; ---creating non_dist_role1 again in main database ---This is actually non-distributed role -\c regression -set citus.enable_create_role_propagation to off; -create role non_dist_role1; +create role non_dist_role_for_mds; NOTICE: not propagating CREATE ROLE/USER commands to other nodes HINT: Connect to other nodes directly to manually create all necessary users and roles. +grant dist_role3 to non_dist_role_for_mds with admin option; +grant non_dist_role_for_mds to dist_role1 with admin option; +grant dist_role3 to dist_role4 with admin option GRANTED BY non_dist_role_for_mds; reset citus.enable_create_role_propagation; -\c test_granted_by_support -create role dist_role1; -create role dist_role1; -ERROR: role "dist_role1" already exists -create role dist_role2; -create role dist_role3; -create role dist_role4; -create role "dist_role5'_test"; -\c regression - - :master_port -SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text= 'non_dist_role1' ORDER BY 1; +SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text= 'non_dist_role_for_mds' ORDER BY 1; objid --------------------------------------------------------------------- (0 rows) -\c test_granted_by_support -grant dist_role2 to dist_role1 with admin option; -grant dist_role2 to dist_role3 with admin option granted by dist_role1; -grant dist_role3 to dist_role4 with admin option; --- With enable_create_role_propagation on, all grantees are propagated. --- To test non-distributed grantor, set this option off for some roles. -\c regression -set citus.enable_create_role_propagation to off; -grant non_dist_role1 to dist_role1 with admin option; -reset citus.enable_create_role_propagation; -\c test_granted_by_support -grant dist_role2 to non_dist_role1 with admin option; -ERROR: failure on connection marked as essential: localhost:xxxxx -CONTEXT: while executing command on localhost:xxxxx -\c test_granted_by_support - - :worker_1_port -grant dist_role3 to "dist_role5'_test" granted by dist_role4; -grant dist_role2 to "dist_role5'_test" granted by dist_role3; -grant dist_role2 to dist_role4 granted by non_dist_role1 ;--will not be propagated since grantor is non-distributed -ERROR: role "non_dist_role1" does not exist -\c regression - - :master_port -SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text= 'non_dist_role1' ORDER BY 1; - objid ---------------------------------------------------------------------- -(0 rows) - -\c test_granted_by_support - - :worker_1_port -grant dist_role4 to "dist_role5'_test" with admin option; -\c regression - - :master_port -SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text= 'non_dist_role1' ORDER BY 1; - objid ---------------------------------------------------------------------- -(0 rows) - -\c test_granted_by_support --- Unlike maindb scenario, non-maindb scenario doesn't propagate 'create non_dist_role1' to ---workers as it doesn't create dependency objects for non-distributed roles. -grant dist_role4 to dist_role1 with admin option GRANTED BY "dist_role5'_test"; -\c regression - - :master_port -SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text= 'non_dist_role1' ORDER BY 1; - objid ---------------------------------------------------------------------- -(0 rows) - -\c test_granted_by_support - - :worker_1_port -grant dist_role4 to dist_role3 with admin option GRANTED BY dist_role1; --fails since already dist_role3 granted to dist_role4 -ERROR: role "dist_role4" is a member of role "dist_role3" -grant non_dist_role1 to dist_role4 granted by dist_role1; -ERROR: role "non_dist_role1" does not exist -grant dist_role3 to dist_role1 with admin option GRANTED BY dist_role4; -grant "dist_role5'_test" to dist_role1 with admin option; -grant "dist_role5'_test" to dist_role3 with admin option GRANTED BY dist_role1;--fails since already dist_role3 granted to "dist_role5'_test" -ERROR: role "dist_role5'_test" is a member of role "dist_role3" -\c regression - - :master_port select result FROM run_command_on_all_nodes( $$ SELECT array_to_json(array_agg(row_to_json(t))) @@ -241,17 +112,33 @@ select result FROM run_command_on_all_nodes( SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option FROM pg_auth_members WHERE member::regrole::text in - ('dist_role1','dist_role2','dist_role3','dist_role4','"role5''_test"') + ('dist_role1','dist_role2','dist_role3','dist_role4','"role5''_test"', 'non_dist_role_for_mds','non_dist_role1','non_dist_role2') order by member::regrole::text, roleid::regrole::text ) t $$ ); - result + result --------------------------------------------------------------------- - [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role1","role":"non_dist_role1","grantor":"postgres","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true}] - [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true}] + [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role1","role":"non_dist_role1","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"non_dist_role_for_mds","grantor":"postgres","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role4","role":"dist_role2","grantor":"non_dist_role2","admin_option":false},{"member":"dist_role4","role":"dist_role2","grantor":"non_dist_role1","admin_option":false},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true},{"member":"dist_role4","role":"dist_role3","grantor":"non_dist_role_for_mds","admin_option":true},{"member":"non_dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"non_dist_role2","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"non_dist_role_for_mds","role":"dist_role3","grantor":"postgres","admin_option":true}] + [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role4","role":"dist_role2","grantor":"non_dist_role2","admin_option":false},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true},{"member":"non_dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"non_dist_role2","role":"dist_role2","grantor":"postgres","admin_option":true}] (2 rows) +set citus.enable_create_role_propagation to off; +create role non_dist_role_mds_fail; +NOTICE: not propagating CREATE ROLE/USER commands to other nodes +HINT: Connect to other nodes directly to manually create all necessary users and roles. +grant dist_role2 to non_dist_role_mds_fail with admin option; +grant dist_role2 to non_dist_role_for_mds GRANTED BY non_dist_role_mds_fail; +reset citus.enable_create_role_propagation; +--will fail since non_dist_role_for_mds is not in dependency resolution +select 1 from citus_add_node ('localhost',:worker_2_port); +WARNING: role "non_dist_role_mds_fail" does not exist +CONTEXT: while executing command on localhost:xxxxx +ERROR: failure on connection marked as essential: localhost:xxxxx +--this grant statement will add non_dist_role_mds_fail to dist_role3 dependencies +grant non_dist_role_mds_fail to dist_role3; +--will be successful since non_dist_role_mds_fail is in dependency resolution of dist_role3 +-- and will be created in metadata sync phase select 1 from citus_add_node ('localhost',:worker_2_port); ?column? --------------------------------------------------------------------- @@ -265,25 +152,27 @@ select result FROM run_command_on_all_nodes( SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option FROM pg_auth_members WHERE member::regrole::text in - ('dist_role1','dist_role2','dist_role3','dist_role4','"role5''_test"') + ('dist_role1','dist_role2','dist_role3','dist_role4','"role5''_test"','non_dist_role_for_mds','non_dist_role1','non_dist_role2') order by member::regrole::text, roleid::regrole::text ) t $$ ); - result + result --------------------------------------------------------------------- - [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role1","role":"non_dist_role1","grantor":"postgres","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true}] - [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true}] - [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true}] + [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role1","role":"non_dist_role1","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"non_dist_role_for_mds","grantor":"postgres","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role3","role":"non_dist_role_mds_fail","grantor":"postgres","admin_option":false},{"member":"dist_role4","role":"dist_role2","grantor":"non_dist_role2","admin_option":false},{"member":"dist_role4","role":"dist_role2","grantor":"non_dist_role1","admin_option":false},{"member":"dist_role4","role":"dist_role3","grantor":"non_dist_role_for_mds","admin_option":true},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true},{"member":"non_dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"non_dist_role2","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"non_dist_role_for_mds","role":"dist_role2","grantor":"non_dist_role_mds_fail","admin_option":false},{"member":"non_dist_role_for_mds","role":"dist_role3","grantor":"postgres","admin_option":true}] + [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role3","role":"non_dist_role_mds_fail","grantor":"postgres","admin_option":false},{"member":"dist_role4","role":"dist_role2","grantor":"non_dist_role2","admin_option":false},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true},{"member":"non_dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"non_dist_role2","role":"dist_role2","grantor":"postgres","admin_option":true}] + [{"member":"dist_role1","role":"\"dist_role5'_test\"","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"dist_role3","grantor":"dist_role4","admin_option":true},{"member":"dist_role1","role":"dist_role4","grantor":"\"dist_role5'_test\"","admin_option":true},{"member":"dist_role1","role":"non_dist_role1","grantor":"postgres","admin_option":true},{"member":"dist_role1","role":"non_dist_role_for_mds","grantor":"postgres","admin_option":true},{"member":"dist_role3","role":"dist_role2","grantor":"dist_role1","admin_option":true},{"member":"dist_role3","role":"non_dist_role_mds_fail","grantor":"postgres","admin_option":false},{"member":"dist_role4","role":"dist_role2","grantor":"non_dist_role2","admin_option":false},{"member":"dist_role4","role":"dist_role2","grantor":"non_dist_role1","admin_option":false},{"member":"dist_role4","role":"dist_role3","grantor":"postgres","admin_option":true},{"member":"dist_role4","role":"dist_role3","grantor":"non_dist_role_for_mds","admin_option":true},{"member":"non_dist_role1","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"non_dist_role2","role":"dist_role2","grantor":"postgres","admin_option":true},{"member":"non_dist_role_for_mds","role":"dist_role2","grantor":"non_dist_role_mds_fail","admin_option":false},{"member":"non_dist_role_for_mds","role":"dist_role3","grantor":"postgres","admin_option":true}] (3 rows) --clean all resources -set citus.enable_create_database_propagation to on; -drop database test_granted_by_support; drop role dist_role1,dist_role2,dist_role3,dist_role4,"dist_role5'_test"; -drop role non_dist_role1; -drop role if exists non_dist_role1; -NOTICE: role "non_dist_role1" does not exist, skipping +drop role non_dist_role1,non_dist_role2,non_dist_role_for_mds,non_dist_role_mds_fail; +SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text= 'non_dist_role1' ORDER BY 1; + objid +--------------------------------------------------------------------- +(0 rows) + +reset citus.enable_create_role_propagation; select result FROM run_command_on_all_nodes( $$ SELECT array_to_json(array_agg(row_to_json(t))) @@ -291,7 +180,7 @@ select result FROM run_command_on_all_nodes( SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option FROM pg_auth_members WHERE member::regrole::text in - ('dist_role1','dist_role2','dist_role3','dist_role4','"role5''_test"') + ('dist_role1','dist_role2','dist_role3','dist_role4','"role5''_test"','non_dist_role_for_mds','non_dist_role1','non_dist_role2') order by member::regrole::text, roleid::regrole::text ) t $$ @@ -303,4 +192,3 @@ select result FROM run_command_on_all_nodes( (3 rows) -reset citus.enable_create_database_propagation; diff --git a/src/test/regress/sql/granted_by_support.sql b/src/test/regress/sql/granted_by_support.sql index d111feeb9..e0d742a3e 100644 --- a/src/test/regress/sql/granted_by_support.sql +++ b/src/test/regress/sql/granted_by_support.sql @@ -146,7 +146,7 @@ select result FROM run_command_on_all_nodes( --clean all resources drop role dist_role1,dist_role2,dist_role3,dist_role4,"dist_role5'_test"; -drop role non_dist_role1,non_dist_role2,non_dist_role_for_mds; +drop role non_dist_role1,non_dist_role2,non_dist_role_for_mds,non_dist_role_mds_fail; SELECT objid::regrole FROM pg_catalog.pg_dist_object WHERE classid='pg_authid'::regclass::oid AND objid::regrole::text= 'non_dist_role1' ORDER BY 1; reset citus.enable_create_role_propagation;