diff --git a/src/test/regress/expected/grant_role_2pc.out b/src/test/regress/expected/grant_role_2pc.out index c1c41be99..ab31fd6e3 100644 --- a/src/test/regress/expected/grant_role_2pc.out +++ b/src/test/regress/expected/grant_role_2pc.out @@ -10,8 +10,6 @@ SHOW citus.main_db; regression (1 row) --- check that empty citus.superuser gives error -SET citus.superuser TO ''; SET citus.superuser TO 'postgres'; CREATE USER grant_role2pc_user1; CREATE USER grant_role2pc_user2; @@ -33,31 +31,28 @@ select result FROM run_command_on_all_nodes( $$ SELECT array_to_json(array_agg(row_to_json(t))) FROM ( - SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option - FROM pg_auth_members m - JOIN pg_roles r ON r.oid = m.roleid - JOIN pg_roles g ON g.oid = m.member - JOIN pg_roles a ON a.oid = m.grantor - WHERE g.rolname = 'grant_role2pc_user2' - order by g.rolname + SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option + FROM pg_auth_members + WHERE member::regrole::text = 'grant_role2pc_user2' + order by member::regrole::text ) t $$ ); - result + result --------------------------------------------------------------------- - [{"role":"grant_role2pc_user1","group":"grant_role2pc_user2","grantor":"postgres","admin_option":true}] - [{"role":"grant_role2pc_user1","group":"grant_role2pc_user2","grantor":"postgres","admin_option":true}] - [{"role":"grant_role2pc_user1","group":"grant_role2pc_user2","grantor":"postgres","admin_option":true}] + [{"member":"grant_role2pc_user2","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true}] + [{"member":"grant_role2pc_user2","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true}] + [{"member":"grant_role2pc_user2","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true}] (3 rows) \c grant_role2pc_db --test grant under transactional context with multiple operations BEGIN; -grant grant_role2pc_user1 to grant_role2pc_user3; -grant grant_role2pc_user1 to grant_role2pc_user4; +grant grant_role2pc_user1,grant_role2pc_user2 to grant_role2pc_user3 WITH ADMIN OPTION; +grant grant_role2pc_user1 to grant_role2pc_user4 granted by grant_role2pc_user3 ; COMMIT; BEGIN; -grant grant_role2pc_user1 to grant_role2pc_user5; +grant grant_role2pc_user1 to grant_role2pc_user5 WITH ADMIN OPTION; grant grant_role2pc_user1 to grant_role2pc_user6; ROLLBACK; BEGIN; @@ -69,75 +64,101 @@ commit; select result FROM run_command_on_all_nodes($$ SELECT array_to_json(array_agg(row_to_json(t))) FROM ( - SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option - FROM pg_auth_members m - JOIN pg_roles r ON r.oid = m.roleid - JOIN pg_roles g ON g.oid = m.member - JOIN pg_roles a ON a.oid = m.grantor - WHERE g.rolname in ('grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') - order by g.rolname + SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option + FROM pg_auth_members + WHERE member::regrole::text in + ('grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') + order by member::regrole::text ) t $$); - result + result --------------------------------------------------------------------- - [{"role":"grant_role2pc_user1","group":"grant_role2pc_user3","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user4","grantor":"postgres","admin_option":false}] - [{"role":"grant_role2pc_user1","group":"grant_role2pc_user3","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user4","grantor":"postgres","admin_option":false}] - [{"role":"grant_role2pc_user1","group":"grant_role2pc_user3","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user4","grantor":"postgres","admin_option":false}] + [{"member":"grant_role2pc_user3","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user3","role":"grant_role2pc_user2","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user4","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false}] + [{"member":"grant_role2pc_user3","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user3","role":"grant_role2pc_user2","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user4","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false}] + [{"member":"grant_role2pc_user3","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user3","role":"grant_role2pc_user2","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user4","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false}] (3 rows) \c grant_role2pc_db -grant grant_role2pc_user1,grant_role2pc_user2 to grant_role2pc_user5,grant_role2pc_user6,grant_role2pc_user7; +grant grant_role2pc_user1,grant_role2pc_user2 to grant_role2pc_user5,grant_role2pc_user6,grant_role2pc_user7 granted by grant_role2pc_user3; \c regression select result FROM run_command_on_all_nodes($$ SELECT array_to_json(array_agg(row_to_json(t))) FROM ( - SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option - FROM pg_auth_members m - JOIN pg_roles r ON r.oid = m.roleid - JOIN pg_roles g ON g.oid = m.member - JOIN pg_roles a ON a.oid = m.grantor - WHERE g.rolname in ('grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') - order by g.rolname + SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option + FROM pg_auth_members + WHERE member::regrole::text in + ('grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') + order by member::regrole::text ) t $$); - result + result --------------------------------------------------------------------- - [{"role":"grant_role2pc_user1","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false}] - [{"role":"grant_role2pc_user1","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false}] - [{"role":"grant_role2pc_user1","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user1","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false}] + [{"member":"grant_role2pc_user5","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user7","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user7","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false}] + [{"member":"grant_role2pc_user5","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user7","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user7","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false}] + [{"member":"grant_role2pc_user5","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user7","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user7","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false}] (3 rows) \c grant_role2pc_db -revoke admin option for grant_role2pc_user1 from grant_role2pc_user2 granted by CURRENT_USER; +revoke admin option for grant_role2pc_user1 from grant_role2pc_user2 granted by grant_role2pc_user3; +WARNING: role "grant_role2pc_user2" has not been granted membership in role "grant_role2pc_user1" by role "grant_role2pc_user3" --test revoke under transactional context with multiple operations BEGIN; revoke grant_role2pc_user1 from grant_role2pc_user3; +ERROR: dependent privileges exist +HINT: Use CASCADE to revoke them too. revoke grant_role2pc_user1 from grant_role2pc_user4; +ERROR: current transaction is aborted, commands ignored until end of transaction block COMMIT; BEGIN; revoke grant_role2pc_user1 from grant_role2pc_user5,grant_role2pc_user6; +WARNING: role "grant_role2pc_user5" has not been granted membership in role "grant_role2pc_user1" by role "postgres" +WARNING: role "grant_role2pc_user6" has not been granted membership in role "grant_role2pc_user1" by role "postgres" revoke grant_role2pc_user1 from grant_role2pc_user7; +WARNING: role "grant_role2pc_user7" has not been granted membership in role "grant_role2pc_user1" by role "postgres" COMMIT; \c regression select result FROM run_command_on_all_nodes($$ SELECT array_to_json(array_agg(row_to_json(t))) FROM ( - SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option - FROM pg_auth_members m - JOIN pg_roles r ON r.oid = m.roleid - JOIN pg_roles g ON g.oid = m.member - JOIN pg_roles a ON a.oid = m.grantor - WHERE g.rolname in ('grant_role2pc_user2','grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') - order by g.rolname + SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option + FROM pg_auth_members + WHERE member::regrole::text in + ('grant_role2pc_user2','grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') + order by member::regrole::text ) t $$); - result + result --------------------------------------------------------------------- - [{"role":"grant_role2pc_user1","group":"grant_role2pc_user2","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false}] - [{"role":"grant_role2pc_user1","group":"grant_role2pc_user2","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false}] - [{"role":"grant_role2pc_user1","group":"grant_role2pc_user2","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user5","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user6","grantor":"postgres","admin_option":false},{"role":"grant_role2pc_user2","group":"grant_role2pc_user7","grantor":"postgres","admin_option":false}] + [{"member":"grant_role2pc_user2","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user3","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user3","role":"grant_role2pc_user2","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user4","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user7","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user7","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false}] + [{"member":"grant_role2pc_user2","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user3","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user3","role":"grant_role2pc_user2","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user4","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user7","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user7","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false}] + [{"member":"grant_role2pc_user2","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user3","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user3","role":"grant_role2pc_user2","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user4","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user7","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user7","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false}] (3 rows) +\c - - - :worker_1_port +BEGIN; +grant grant_role2pc_user1 to grant_role2pc_user5 WITH ADMIN OPTION; +grant grant_role2pc_user1 to grant_role2pc_user6; +COMMIT; +\c - - - :master_port +select result FROM run_command_on_all_nodes($$ +SELECT array_to_json(array_agg(row_to_json(t))) +FROM ( + SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option + FROM pg_auth_members + WHERE member::regrole::text in + ('grant_role2pc_user5','grant_role2pc_user6') + order by member::regrole::text +) t +$$); + result +--------------------------------------------------------------------- + [{"member":"grant_role2pc_user5","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user6","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user1","grantor":"postgres","admin_option":false}] + [{"member":"grant_role2pc_user5","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user6","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user1","grantor":"postgres","admin_option":false}] + [{"member":"grant_role2pc_user5","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user5","role":"grant_role2pc_user1","grantor":"postgres","admin_option":true},{"member":"grant_role2pc_user6","role":"grant_role2pc_user1","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user2","grantor":"grant_role2pc_user3","admin_option":false},{"member":"grant_role2pc_user6","role":"grant_role2pc_user1","grantor":"postgres","admin_option":false}] +(3 rows) + +revoke grant_role2pc_user1 from grant_role2pc_user5,grant_role2pc_user6; +--clean resources DROP SCHEMA grant_role2pc; set citus.enable_create_database_propagation to on; DROP DATABASE grant_role2pc_db; diff --git a/src/test/regress/sql/grant_role_2pc.sql b/src/test/regress/sql/grant_role_2pc.sql index a3ce5a85d..ea2d17d7b 100644 --- a/src/test/regress/sql/grant_role_2pc.sql +++ b/src/test/regress/sql/grant_role_2pc.sql @@ -14,10 +14,8 @@ revoke connect,temp,temporary,create on database grant_role2pc_db from public; \c grant_role2pc_db SHOW citus.main_db; --- check that empty citus.superuser gives error -SET citus.superuser TO ''; -SET citus.superuser TO 'postgres'; +SET citus.superuser TO 'postgres'; CREATE USER grant_role2pc_user1; CREATE USER grant_role2pc_user2; CREATE USER grant_role2pc_user3; @@ -41,13 +39,10 @@ select result FROM run_command_on_all_nodes( $$ SELECT array_to_json(array_agg(row_to_json(t))) FROM ( - SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option - FROM pg_auth_members m - JOIN pg_roles r ON r.oid = m.roleid - JOIN pg_roles g ON g.oid = m.member - JOIN pg_roles a ON a.oid = m.grantor - WHERE g.rolname = 'grant_role2pc_user2' - order by g.rolname + SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option + FROM pg_auth_members + WHERE member::regrole::text = 'grant_role2pc_user2' + order by member::regrole::text ) t $$ ); @@ -55,12 +50,12 @@ select result FROM run_command_on_all_nodes( \c grant_role2pc_db --test grant under transactional context with multiple operations BEGIN; -grant grant_role2pc_user1 to grant_role2pc_user3; -grant grant_role2pc_user1 to grant_role2pc_user4; +grant grant_role2pc_user1,grant_role2pc_user2 to grant_role2pc_user3 WITH ADMIN OPTION; +grant grant_role2pc_user1 to grant_role2pc_user4 granted by grant_role2pc_user3 ; COMMIT; BEGIN; -grant grant_role2pc_user1 to grant_role2pc_user5; +grant grant_role2pc_user1 to grant_role2pc_user5 WITH ADMIN OPTION; grant grant_role2pc_user1 to grant_role2pc_user6; ROLLBACK; @@ -77,38 +72,36 @@ commit; select result FROM run_command_on_all_nodes($$ SELECT array_to_json(array_agg(row_to_json(t))) FROM ( - SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option - FROM pg_auth_members m - JOIN pg_roles r ON r.oid = m.roleid - JOIN pg_roles g ON g.oid = m.member - JOIN pg_roles a ON a.oid = m.grantor - WHERE g.rolname in ('grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') - order by g.rolname + SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option + FROM pg_auth_members + WHERE member::regrole::text in + ('grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') + order by member::regrole::text ) t $$); \c grant_role2pc_db -grant grant_role2pc_user1,grant_role2pc_user2 to grant_role2pc_user5,grant_role2pc_user6,grant_role2pc_user7; +grant grant_role2pc_user1,grant_role2pc_user2 to grant_role2pc_user5,grant_role2pc_user6,grant_role2pc_user7 granted by grant_role2pc_user3; \c regression select result FROM run_command_on_all_nodes($$ SELECT array_to_json(array_agg(row_to_json(t))) FROM ( - SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option - FROM pg_auth_members m - JOIN pg_roles r ON r.oid = m.roleid - JOIN pg_roles g ON g.oid = m.member - JOIN pg_roles a ON a.oid = m.grantor - WHERE g.rolname in ('grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') - order by g.rolname + SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option + FROM pg_auth_members + WHERE member::regrole::text in + ('grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') + order by member::regrole::text ) t $$); + + \c grant_role2pc_db -revoke admin option for grant_role2pc_user1 from grant_role2pc_user2 granted by CURRENT_USER; +revoke admin option for grant_role2pc_user1 from grant_role2pc_user2 granted by grant_role2pc_user3; --test revoke under transactional context with multiple operations BEGIN; @@ -126,26 +119,41 @@ COMMIT; select result FROM run_command_on_all_nodes($$ SELECT array_to_json(array_agg(row_to_json(t))) FROM ( - SELECT r.rolname AS role, g.rolname AS group, a.rolname AS grantor, m.admin_option - FROM pg_auth_members m - JOIN pg_roles r ON r.oid = m.roleid - JOIN pg_roles g ON g.oid = m.member - JOIN pg_roles a ON a.oid = m.grantor - WHERE g.rolname in ('grant_role2pc_user2','grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') - order by g.rolname + SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option + FROM pg_auth_members + WHERE member::regrole::text in + ('grant_role2pc_user2','grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') + order by member::regrole::text ) t $$); +\c - - - :worker_1_port +BEGIN; +grant grant_role2pc_user1 to grant_role2pc_user5 WITH ADMIN OPTION; +grant grant_role2pc_user1 to grant_role2pc_user6; +COMMIT; + +\c - - - :master_port + +select result FROM run_command_on_all_nodes($$ +SELECT array_to_json(array_agg(row_to_json(t))) +FROM ( + SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option + FROM pg_auth_members + WHERE member::regrole::text in + ('grant_role2pc_user5','grant_role2pc_user6') + order by member::regrole::text +) t +$$); + +revoke grant_role2pc_user1 from grant_role2pc_user5,grant_role2pc_user6; + +--clean resources DROP SCHEMA grant_role2pc; - - - set citus.enable_create_database_propagation to on; DROP DATABASE grant_role2pc_db; drop user grant_role2pc_user2,grant_role2pc_user3,grant_role2pc_user4,grant_role2pc_user5,grant_role2pc_user6,grant_role2pc_user7; - - drop user grant_role2pc_user1; grant connect,temp,temporary on database regression to public;