external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix WITH ADMIN FALSE propagation (#7191)

pg16_grant_inherit_set
Naisila Puka 2023-09-11 15:58:24 +03:00 committed by francisjodi
parent fb79166ccc
commit 8de0b4a908
3 changed files with 73 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/backend/distributed/deparser/deparse_role_stmts.c
View File

@ -15,6 +15,7 @@
#include "pg_version_compat.h" #include "pg_version_compat.h"
#include "commands/defrem.h"
#include "distributed/citus_ruleutils.h" #include "distributed/citus_ruleutils.h"
#include "distributed/deparser.h" #include "distributed/deparser.h"
#include "distributed/listutils.h" #include "distributed/listutils.h"
@ -396,47 +397,15 @@ AppendGrantWithAdminOption(StringInfo buf, GrantRoleStmt *stmt)
int opt_count = 0; int opt_count = 0;
foreach_ptr(opt, stmt->opt) foreach_ptr(opt, stmt->opt)
{ {
switch (opt->defname) bool admin_option = false;
{ char *optval = defGetString(opt);
case "admin": if (strcmp(opt->defname, "admin") == 0 &&
appendStringInfo(buf, " WITH ADMIN OPTION"); parse_bool(optval, &admin_option) && admin_option)
opt_count++; {
break; appendStringInfo(buf, " WITH ADMIN OPTION");
break;
case "inherit": }
if (opt->arg && IsA(opt->arg, A_Const) && !((A_Const *) opt->arg)->val.val.ival)
{
appendStringInfo(buf, " INHERIT FALSE");
}
else
{
if (opt_count > 0)
{
appendStringInfo(buf, ", ");
}
appendStringInfo(buf, " INHERIT OPTION");
opt_count++;
}
break;
case "set":
if (opt->arg && IsA(opt->arg, A_Const) && !(( *) opt->arg)->val.val.ival)
{
appendStringInfo(buf, " SET FALSE");
}
else
{
if (opt_count > 0)
{
appendStringInfo(buf, ", ");
}
appendStringInfo(buf, " SET OPTION");
opt_count++;
}
break;
}
} }
}
#else #else
if (stmt->admin_opt) if (stmt->admin_opt)
{ {

38
src/test/regress/expected/pg16.out
View File

@ -971,6 +971,44 @@ LEFT JOIN ref_table ON TRUE;
1.19 1.19
(1 row) (1 row)
--
-- PG16 added WITH ADMIN FALSE option to GRANT ROLE
-- WITH ADMIN FALSE is the default, make sure we propagate correctly in Citus
-- Relevant PG commit: https://github.com/postgres/postgres/commit/e3ce2de
--
CREATE ROLE role1;
CREATE ROLE role2;
SET citus.log_remote_commands TO on;
SET citus.grep_remote_commands = '%GRANT%';
-- default admin option is false
GRANT role1 TO role2;
NOTICE: issuing GRANT role1 TO role2;
DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx
NOTICE: issuing GRANT role1 TO role2;
DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx
REVOKE role1 FROM role2;
-- should behave same as default
GRANT role1 TO role2 WITH ADMIN FALSE;
NOTICE: issuing GRANT role1 TO role2;
DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx
NOTICE: issuing GRANT role1 TO role2;
DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx
REVOKE role1 FROM role2;
-- with admin option and with admin true are the same
GRANT role1 TO role2 WITH ADMIN OPTION;
NOTICE: issuing GRANT role1 TO role2 WITH ADMIN OPTION;
DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx
NOTICE: issuing GRANT role1 TO role2 WITH ADMIN OPTION;
DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx
REVOKE role1 FROM role2;
GRANT role1 TO role2 WITH ADMIN TRUE;
NOTICE: issuing GRANT role1 TO role2 WITH ADMIN OPTION;
DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx
NOTICE: issuing GRANT role1 TO role2 WITH ADMIN OPTION;
DETAIL: on server postgres@localhost:xxxxx connectionId: xxxxxxx
REVOKE role1 FROM role2;
RESET citus.log_remote_commands;
RESET citus.grep_remote_commands;
\set VERBOSITY terse \set VERBOSITY terse
SET client_min_messages TO ERROR; SET client_min_messages TO ERROR;
DROP EXTENSION postgres_fdw CASCADE; DROP EXTENSION postgres_fdw CASCADE;

26
src/test/regress/sql/pg16.sql
View File

@ -565,6 +565,32 @@ SELECT PERCENTILE_DISC((2 > random_normal(stddev => 1, mean => 0))::int::numeric
FROM dist_table FROM dist_table
LEFT JOIN ref_table ON TRUE; LEFT JOIN ref_table ON TRUE;
--
-- PG16 added WITH ADMIN FALSE option to GRANT ROLE
-- WITH ADMIN FALSE is the default, make sure we propagate correctly in Citus
-- Relevant PG commit: https://github.com/postgres/postgres/commit/e3ce2de
--
CREATE ROLE role1;
CREATE ROLE role2;
SET citus.log_remote_commands TO on;
SET citus.grep_remote_commands = '%GRANT%';
-- default admin option is false
GRANT role1 TO role2;
REVOKE role1 FROM role2;
-- should behave same as default
GRANT role1 TO role2 WITH ADMIN FALSE;
REVOKE role1 FROM role2;
-- with admin option and with admin true are the same
GRANT role1 TO role2 WITH ADMIN OPTION;
REVOKE role1 FROM role2;
GRANT role1 TO role2 WITH ADMIN TRUE;
REVOKE role1 FROM role2;
RESET citus.log_remote_commands;
RESET citus.grep_remote_commands;
\set VERBOSITY terse \set VERBOSITY terse
SET client_min_messages TO ERROR; SET client_min_messages TO ERROR;
DROP EXTENSION postgres_fdw CASCADE; DROP EXTENSION postgres_fdw CASCADE;