disable nonmaindb interface

2025-02-18 16:12:09 +03:00 · 2025-02-18 16:12:09 +03:00 · b9c5f6be76
parent 711aec80fa
commit b9c5f6be76
12 changed files with 2 additions and 60 deletions
--- a/src/backend/distributed/shared_library_init.c
+++ b/src/backend/distributed/shared_library_init.c
@ -1834,16 +1834,6 @@ RegisterCitusConfigVariables(void)
 		GUC_NO_SHOW_ALL | GUC_NOT_IN_SAMPLE | GUC_UNIT_MS,
 		NULL, NULL, NULL);
 	DefineCustomStringVariable(
 		"citus.main_db",
 		gettext_noop("Which database is designated as the main_db"),
 		NULL,
 		&MainDb,
 		"",
 		PGC_POSTMASTER,
 		GUC_STANDARD,
 		NULL, NULL, NULL);
 	DefineCustomIntVariable(
 		"citus.max_adaptive_executor_pool_size",
 		gettext_noop("Sets the maximum number of connections per worker node used by "
--- a/src/backend/distributed/sql/citus--12.1-1--12.2-1.sql
+++ b/src/backend/distributed/sql/citus--12.1-1--12.2-1.sql
@ -4,29 +4,21 @@
 #include "udfs/citus_internal_database_command/12.2-1.sql"
 #include "udfs/citus_add_rebalance_strategy/12.2-1.sql"
 #include "udfs/start_management_transaction/12.2-1.sql"
 #include "udfs/execute_command_on_remote_nodes_as_user/12.2-1.sql"
 #include "udfs/mark_object_distributed/12.2-1.sql"
 DROP FUNCTION pg_catalog.citus_unmark_object_distributed(oid, oid, int);
 #include "udfs/citus_unmark_object_distributed/12.2-1.sql"
 #include "udfs/commit_management_command_2pc/12.2-1.sql"
 ALTER TABLE pg_catalog.pg_dist_transaction ADD COLUMN outer_xid xid8;
 #include "udfs/citus_internal_acquire_citus_advisory_object_class_lock/12.2-1.sql"
 GRANT USAGE ON SCHEMA citus_internal TO PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.commit_management_command_2pc FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.execute_command_on_remote_nodes_as_user FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.find_groupid_for_node FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.mark_object_distributed FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.pg_dist_node_trigger_func FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.pg_dist_rebalance_strategy_trigger_func FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.pg_dist_shard_placement_trigger_func FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.refresh_isolation_tester_prepared_statement FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.replace_isolation_tester_func FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.restore_isolation_tester_func FROM PUBLIC;
 REVOKE ALL ON FUNCTION citus_internal.start_management_transaction FROM PUBLIC;
 #include "udfs/citus_internal_add_colocation_metadata/12.2-1.sql"
 #include "udfs/citus_internal_add_object_metadata/12.2-1.sql"
--- a/src/backend/distributed/sql/downgrades/citus--12.2-1--12.1-1.sql
+++ b/src/backend/distributed/sql/downgrades/citus--12.2-1--12.1-1.sql
@ -5,24 +5,9 @@ DROP FUNCTION citus_internal.acquire_citus_advisory_object_class_lock(int, cstri
 #include "../udfs/citus_add_rebalance_strategy/10.1-1.sql"
 DROP FUNCTION citus_internal.start_management_transaction(
    outer_xid xid8
 );
 DROP FUNCTION citus_internal.execute_command_on_remote_nodes_as_user(
    query text,
    username text
 );
 DROP FUNCTION citus_internal.mark_object_distributed(
    classId Oid, objectName text, objectId Oid, connectionUser text
 );
 DROP FUNCTION pg_catalog.citus_unmark_object_distributed(oid,oid,int,boolean);
 #include "../udfs/citus_unmark_object_distributed/10.0-1.sql"
 DROP FUNCTION citus_internal.commit_management_command_2pc();
 ALTER TABLE pg_catalog.pg_dist_transaction DROP COLUMN outer_xid;
 REVOKE USAGE ON SCHEMA citus_internal FROM PUBLIC;
--- a/src/test/regress/expected/citus_internal_access.out
+++ b/src/test/regress/expected/citus_internal_access.out
@ -2,8 +2,6 @@
 CREATE USER nonsuperuser CREATEROLE;
 SET ROLE nonsuperuser;
 --- The non-superuser role should not be able to access citus_internal functions
 SELECT citus_internal.commit_management_command_2pc();
 ERROR:  permission denied for function commit_management_command_2pc
 SELECT citus_internal.replace_isolation_tester_func();
 ERROR:  permission denied for function replace_isolation_tester_func
 RESET ROLE;
--- a/src/test/regress/expected/create_drop_database_propagation_pg15.out
+++ b/src/test/regress/expected/create_drop_database_propagation_pg15.out
@ -78,11 +78,5 @@ SELECT * FROM public.check_database_on_all_nodes('test_locale_provider') ORDER B
 worker node (remote) | {"database_properties": {"datacl": null, "datname": "test_locale_provider", "datctype": "C", "encoding": "UTF8", "datcollate": "C", "tablespace": "pg_default", "daticurules": null, "datallowconn": true, "datconnlimit": -1, "daticulocale": null, "datistemplate": false, "database_owner": "postgres", "datcollversion": null, "datlocprovider": "c"}, "pg_dist_object_record_for_db_exists": true, "stale_pg_dist_object_record_for_a_db_exists": false}
 (3 rows)
 \c test_locale_provider - - :worker_2_port
 set citus.enable_create_database_propagation to on;
 create database unsupported_option_from_non_main_db with oid = 12345;
 ERROR:  CREATE DATABASE option "oid" is not supported
 \c regression - - :master_port
 set citus.enable_create_database_propagation to on;
 drop database test_locale_provider;
 \c - - - :master_port
--- a/src/test/regress/expected/multi_extension.out
+++ b/src/test/regress/expected/multi_extension.out
@ -1431,20 +1431,16 @@ SELECT * FROM multi_extension.print_extension_changes();
                                                                | function citus_internal.add_shard_metadata(regclass,bigint,"char",text,text) void
                                                                | function citus_internal.add_tenant_schema(oid,integer) void
                                                                | function citus_internal.adjust_local_clock_to_remote(cluster_clock) void
                                                                | function citus_internal.commit_management_command_2pc() void
                                                                | function citus_internal.database_command(text) void
                                                                | function citus_internal.delete_colocation_metadata(integer) void
                                                                | function citus_internal.delete_partition_metadata(regclass) void
                                                                | function citus_internal.delete_placement_metadata(bigint) void
                                                                | function citus_internal.delete_shard_metadata(bigint) void
                                                                | function citus_internal.delete_tenant_schema(oid) void
                                                                | function citus_internal.execute_command_on_remote_nodes_as_user(text,text) void
                                                                | function citus_internal.global_blocked_processes() SETOF record
                                                                | function citus_internal.is_replication_origin_tracking_active() boolean
                                                                | function citus_internal.local_blocked_processes() SETOF record
                                                                | function citus_internal.mark_node_not_synced(integer,integer) void
                                                                | function citus_internal.mark_object_distributed(oid,text,oid,text) void
                                                                | function citus_internal.start_management_transaction(xid8) void
                                                                | function citus_internal.start_replication_origin_tracking() void
                                                                | function citus_internal.stop_replication_origin_tracking() void
                                                                | function citus_internal.unregister_tenant_schema_globally(oid,text) void
@ -1452,7 +1448,7 @@ SELECT * FROM multi_extension.print_extension_changes();
                                                                | function citus_internal.update_placement_metadata(bigint,integer,integer) void
                                                                | function citus_internal.update_relation_colocation(oid,integer) void
                                                                | function citus_unmark_object_distributed(oid,oid,integer,boolean) void
-(30 rows)
+(26 rows)
 DROP TABLE multi_extension.prev_objects, multi_extension.extension_diff;
 -- show running version
--- a/src/test/regress/failure_schedule
+++ b/src/test/regress/failure_schedule
@ -34,7 +34,6 @@ test: failure_multi_row_insert
 test: failure_mx_metadata_sync
 test: failure_mx_metadata_sync_multi_trans
 test: failure_connection_establishment
 test: failure_non_main_db_2pc
 test: failure_create_database
 # this test syncs metadata to the workers
--- a/src/test/regress/multi_1_schedule
+++ b/src/test/regress/multi_1_schedule
@ -40,7 +40,6 @@ test: create_drop_database_propagation_pg15
 test: create_drop_database_propagation_pg16
 test: comment_on_database
 test: comment_on_role
 test: metadata_sync_from_non_maindb
 # don't parallelize single_shard_table_udfs to make sure colocation ids are sequential
 test: single_shard_table_udfs
 test: schema_based_sharding
@ -58,7 +57,7 @@ test: multi_metadata_attributes
 test: multi_read_from_secondaries
-test: grant_on_database_propagation grant_on_database_propagation_from_non_maindb
+test: grant_on_database_propagation
 test: alter_database_propagation
 test: citus_shards
--- a/src/test/regress/multi_schedule
+++ b/src/test/regress/multi_schedule
@ -108,7 +108,6 @@ test: object_propagation_debug
 test: undistribute_table
 test: run_command_on_all_nodes
 test: background_task_queue_monitor
 test: other_databases grant_role_from_non_maindb role_operations_from_non_maindb seclabel_non_maindb
 test: citus_internal_access
 test: function_with_case_when
--- a/src/test/regress/pg_regress_multi.pl
+++ b/src/test/regress/pg_regress_multi.pl
@ -492,7 +492,6 @@ push(@pgOptions, "citus.stat_statements_track = 'all'");
 push(@pgOptions, "citus.enable_change_data_capture=on");
 push(@pgOptions, "citus.stat_tenants_limit = 2");
 push(@pgOptions, "citus.stat_tenants_track = 'ALL'");
 push(@pgOptions, "citus.main_db = 'regression'");
 push(@pgOptions, "citus.superuser = 'postgres'");
 # Some tests look at shards in pg_class, make sure we can usually see them:
--- a/src/test/regress/sql/citus_internal_access.sql
+++ b/src/test/regress/sql/citus_internal_access.sql
@ -3,7 +3,6 @@ CREATE USER nonsuperuser CREATEROLE;
 SET ROLE nonsuperuser;
 --- The non-superuser role should not be able to access citus_internal functions
 SELECT citus_internal.commit_management_command_2pc();
 SELECT citus_internal.replace_isolation_tester_func();
 RESET ROLE;
--- a/src/test/regress/sql/create_drop_database_propagation_pg15.sql
+++ b/src/test/regress/sql/create_drop_database_propagation_pg15.sql
@ -60,14 +60,6 @@ CREATE DATABASE test_locale_provider
 SELECT * FROM public.check_database_on_all_nodes('test_locale_provider') ORDER BY node_type;
 \c test_locale_provider - - :worker_2_port
 set citus.enable_create_database_propagation to on;
 create database unsupported_option_from_non_main_db with oid = 12345;
 \c regression - - :master_port
 set citus.enable_create_database_propagation to on;
 drop database test_locale_provider;
 \c - - - :master_port