external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create CIMV related internal things in cimv_internal 

When we create internal tables in citus_internal, a regular user cannot
really do that because they can't access citus_internal. Even if we
switch to extension owner, we will need to switch while also dropping
tables etc, which is not trivial and clear.

Hence cimv_internal schema is created and the owner of the CIMV will own
the tables in this schema, hence only they can access those tables.
cimv
Sait Talha Nisanci 2021-01-10 19:44:57 +03:00
parent a35ac7c7d9
commit aa4c44b495
5 changed files with 7 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/backend/distributed/cimv/create.c
View File

@ -150,14 +150,6 @@ CreateCimv(CimvCreate *cimvCreate)
elog(ERROR, "SPI_connect failed"); elog(ERROR, "SPI_connect failed");
} }
Oid savedUserId = InvalidOid;
int savedSecurityContext = 0;
char* currentUserName = CurrentUserName();
GetUserIdAndSecContext(&savedUserId, &savedSecurityContext);
SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE);
CreateMatTable(cimvCreate, false); CreateMatTable(cimvCreate, false);
if (cimvCreate->createOptions->schedule != NULL) if (cimvCreate->createOptions->schedule != NULL)
@ -172,14 +164,6 @@ CreateCimv(CimvCreate *cimvCreate)
CreateDataChangeTriggers(cimvCreate); CreateDataChangeTriggers(cimvCreate);
InsertIntoPgCimv(cimvCreate->formCimv); InsertIntoPgCimv(cimvCreate->formCimv);
AlterTableOwner(cimvCreate->matTableName, currentUserName);
AlterTableOwner(cimvCreate->refreshViewName, currentUserName);
AlterTableOwner(cimvCreate->userViewName, currentUserName);
SetUserIdAndSecContext(savedUserId, savedSecurityContext);
if (SPI_finish() != SPI_OK_FINISH) if (SPI_finish() != SPI_OK_FINISH)
{ {
elog(ERROR, "SPI_finish failed"); elog(ERROR, "SPI_finish failed");
@ -921,7 +905,7 @@ InitializeCimvCreate(const CreateTableAsStmt *stmt, MatViewCreateOptions *create
cimvCreate->prefixId = UniqueId(); cimvCreate->prefixId = UniqueId();
cimvCreate->prefix = CIMVInternalPrefix(cimvCreate->baseTableName, cimvCreate->prefixId); cimvCreate->prefix = CIMVInternalPrefix(cimvCreate->baseTableName, cimvCreate->prefixId);
namestrcpy(&cimvCreate->formCimv->triggerfnnamespace, CITUS_INTERNAL_SCHEMA); namestrcpy(&cimvCreate->formCimv->triggerfnnamespace, CIMV_INTERNAL_SCHEMA);
char* funcName = CIMVTriggerFuncName(cimvCreate->prefixId, stmt->into->rel->relname); char* funcName = CIMVTriggerFuncName(cimvCreate->prefixId, stmt->into->rel->relname);
namestrcpy(&cimvCreate->formCimv->triggerfnname, funcName); namestrcpy(&cimvCreate->formCimv->triggerfnname, funcName);
StringInfo mat = makeStringInfo(); StringInfo mat = makeStringInfo();
@ -933,10 +917,10 @@ InitializeCimvCreate(const CreateTableAsStmt *stmt, MatViewCreateOptions *create
StringInfo ld = makeStringInfo(); StringInfo ld = makeStringInfo();
appendStringInfo(ld, "%s_cimv_%s", cimvCreate->prefix, LANDING_TABLE_SUFFIX); appendStringInfo(ld, "%s_cimv_%s", cimvCreate->prefix, LANDING_TABLE_SUFFIX);
cimvCreate->matTableName = makeRangeVar(CITUS_INTERNAL_SCHEMA, mat->data, -1); cimvCreate->matTableName = makeRangeVar(CIMV_INTERNAL_SCHEMA, mat->data, -1);
cimvCreate->userViewName = stmt->into->rel; cimvCreate->userViewName = stmt->into->rel;
cimvCreate->refreshViewName = makeRangeVar(CITUS_INTERNAL_SCHEMA, rv->data, -1); cimvCreate->refreshViewName = makeRangeVar(CIMV_INTERNAL_SCHEMA, rv->data, -1);
cimvCreate->landingTableName = makeRangeVar(CITUS_INTERNAL_SCHEMA, ld->data, -1); cimvCreate->landingTableName = makeRangeVar(CIMV_INTERNAL_SCHEMA, ld->data, -1);
cimvCreate->targetListEntries = NIL; cimvCreate->targetListEntries = NIL;
cimvCreate->groupTargetListEntries = NIL; cimvCreate->groupTargetListEntries = NIL;
cimvCreate->aggTargetListEntries = NIL; cimvCreate->aggTargetListEntries = NIL;

8
src/backend/distributed/cimv/drop.c
View File

@ -124,12 +124,6 @@ static void
DropCimv(Form_pg_cimv formCimv, DropBehavior behavior) DropCimv(Form_pg_cimv formCimv, DropBehavior behavior)
{ {
Oid savedUserId = InvalidOid;
int savedSecurityContext = 0;
// GetUserIdAndSecContext(&savedUserId, &savedSecurityContext);
// SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE);
ObjectAddress matTableAddress; ObjectAddress matTableAddress;
matTableAddress.classId = RelationRelationId; matTableAddress.classId = RelationRelationId;
matTableAddress.objectId = formCimv->mattable; matTableAddress.objectId = formCimv->mattable;
@ -199,8 +193,6 @@ DropCimv(Form_pg_cimv formCimv, DropBehavior behavior)
DeletePgCimvRow(userViewAddress.objectId); DeletePgCimvRow(userViewAddress.objectId);
// SetUserIdAndSecContext(savedUserId, savedSecurityContext);
/* Close SPI context. */ /* Close SPI context. */
if (SPI_finish() != SPI_OK_FINISH) if (SPI_finish() != SPI_OK_FINISH)
{ {

12
src/backend/distributed/cimv/refresh.c
View File

@ -57,9 +57,6 @@ RefreshCimv(Form_pg_cimv formCimv, bool skipData, bool isCreate)
matTableSchemaName = quote_identifier(matTableSchemaName); matTableSchemaName = quote_identifier(matTableSchemaName);
matTableName = quote_identifier(matTableName); matTableName = quote_identifier(matTableName);
Oid savedUserId = InvalidOid;
int savedSecurityContext = 0;
const char *landingTableSchemaName = NULL; const char *landingTableSchemaName = NULL;
const char *landingTableName = NULL; const char *landingTableName = NULL;
@ -74,8 +71,6 @@ RefreshCimv(Form_pg_cimv formCimv, bool skipData, bool isCreate)
if (skipData) if (skipData)
{ {
// GetUserIdAndSecContext(&savedUserId, &savedSecurityContext);
// SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE);
if (formCimv->landingtable) if (formCimv->landingtable)
{ {
appendStringInfo(&querybuf, appendStringInfo(&querybuf,
@ -108,9 +103,6 @@ RefreshCimv(Form_pg_cimv formCimv, bool skipData, bool isCreate)
SPI_commit(); SPI_commit();
SPI_start_transaction(); SPI_start_transaction();
// GetUserIdAndSecContext(&savedUserId, &savedSecurityContext);
// SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE);
/* TODO: cleanup if this fails */ /* TODO: cleanup if this fails */
appendStringInfo(&querybuf, appendStringInfo(&querybuf,
"INSERT INTO %s.%s " "INSERT INTO %s.%s "
@ -129,8 +121,6 @@ RefreshCimv(Form_pg_cimv formCimv, bool skipData, bool isCreate)
{ {
Snapshot snapshot = GetLatestSnapshot(); Snapshot snapshot = GetLatestSnapshot();
// GetUserIdAndSecContext(&savedUserId, &savedSecurityContext);
// SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE);
/* TODO: DELETE only if !isCreate */ /* TODO: DELETE only if !isCreate */
appendStringInfo(&querybuf, appendStringInfo(&querybuf,
"DELETE FROM %s.%s", "DELETE FROM %s.%s",
@ -162,8 +152,6 @@ RefreshCimv(Form_pg_cimv formCimv, bool skipData, bool isCreate)
} }
} }
// SetUserIdAndSecContext(savedUserId, savedSecurityContext);
/* Close SPI context. */ /* Close SPI context. */
if (SPI_finish() != SPI_OK_FINISH) if (SPI_finish() != SPI_OK_FINISH)
{ {

3
src/backend/distributed/sql/citus--9.5-1--10.0-1.sql
View File

@ -10,4 +10,5 @@ DROP FUNCTION IF EXISTS pg_catalog.citus_total_relation_size(regclass);
#include "../../columnar/sql/columnar--9.5-1--10.0-1.sql" #include "../../columnar/sql/columnar--9.5-1--10.0-1.sql"
GRANT USAGE ON SCHEMA citus_internal TO public; CREATE SCHEMA cimv_internal;
GRANT ALL ON SCHEMA cimv_internal to public;

2
src/include/distributed/cimv.h
View File

@ -4,7 +4,7 @@
#include "postgres.h" #include "postgres.h"
#include "nodes/plannodes.h" #include "nodes/plannodes.h"
#define CITUS_INTERNAL_SCHEMA "citus_internal" #define CIMV_INTERNAL_SCHEMA "cimv_internal"
#define CITUS_NAMESPACE "citus" #define CITUS_NAMESPACE "citus"
#define MATERIALIZATION_TABLE_SUFFIX "mt" #define MATERIALIZATION_TABLE_SUFFIX "mt"
#define LANDING_TABLE_SUFFIX "ld" #define LANDING_TABLE_SUFFIX "ld"