Make citus_internal schema public, but revoke permissions of the existing functions from public.

2024-01-23 12:27:48 +00:00 · 2024-01-23 12:27:48 +00:00 · ed967a9c6d
parent 1cb2e1e4e8
commit ed967a9c6d
5 changed files with 30 additions and 2 deletions
--- a/src/backend/distributed/sql/citus--12.1-1--12.2-1.sql
+++ b/src/backend/distributed/sql/citus--12.1-1--12.2-1.sql
@ -12,3 +12,16 @@
 ALTER TABLE pg_catalog.pg_dist_transaction ADD COLUMN outer_xid xid8;

 #include "udfs/citus_internal_acquire_citus_advisory_object_class_lock/12.2-1.sql"
+
+GRANT USAGE ON SCHEMA citus_internal TO PUBLIC;
+REVOKE ALL ON FUNCTION citus_internal.commit_management_command_2pc FROM PUBLIC;
+REVOKE ALL ON FUNCTION citus_internal.execute_command_on_remote_nodes_as_user FROM PUBLIC;
+REVOKE ALL ON FUNCTION citus_internal.find_groupid_for_node FROM PUBLIC;
+REVOKE ALL ON FUNCTION citus_internal.mark_object_distributed FROM PUBLIC;
+REVOKE ALL ON FUNCTION citus_internal.pg_dist_node_trigger_func FROM PUBLIC;
+REVOKE ALL ON FUNCTION citus_internal.pg_dist_rebalance_strategy_trigger_func FROM PUBLIC;
+REVOKE ALL ON FUNCTION citus_internal.pg_dist_shard_placement_trigger_func FROM PUBLIC;
+REVOKE ALL ON FUNCTION citus_internal.refresh_isolation_tester_prepared_statement FROM PUBLIC;
+REVOKE ALL ON FUNCTION citus_internal.replace_isolation_tester_func FROM PUBLIC;
+REVOKE ALL ON FUNCTION citus_internal.restore_isolation_tester_func FROM PUBLIC;
+REVOKE ALL ON FUNCTION citus_internal.start_management_transaction FROM PUBLIC;
--- a/src/test/regress/expected/citus_internal_access.out
+++ b/src/test/regress/expected/citus_internal_access.out
@ -0,0 +1,8 @@
+--- Create a non-superuser role and check if it can access citus_internal schema functions
+CREATE USER nonsuperuser CREATEROLE;
+SET ROLE nonsuperuser;
+--- The non-superuser role should not be able to access citus_internal functions
+SELECT citus_internal.commit_management_command_2pc();
+ERROR:  permission denied for function commit_management_command_2pc
+select citus_internal.replace_isolation_tester_func();
+ERROR:  permission denied for function replace_isolation_tester_func
--- a/src/test/regress/expected/other_databases.out
+++ b/src/test/regress/expected/other_databases.out
@ -68,8 +68,7 @@ CREATE USER nonsuperuser CREATEROLE;
 GRANT ALL ON SCHEMA citus_internal TO nonsuperuser;
 SET ROLE nonsuperuser;
 SELECT citus_internal.execute_command_on_remote_nodes_as_user($$SELECT 'dangerous query'$$, 'postgres');
-ERROR:  operation is not allowed
-HINT:  Run the command with a superuser.
+ERROR:  permission denied for function execute_command_on_remote_nodes_as_user
 \c other_db1
 SET ROLE nonsuperuser;
 CREATE USER other_db_user9;
--- a/src/test/regress/multi_schedule
+++ b/src/test/regress/multi_schedule
@ -109,6 +109,7 @@ test: undistribute_table
 test: run_command_on_all_nodes
 test: background_task_queue_monitor
 test: other_databases
+test: citus_internal_access

 # Causal clock test
 test: clock
--- a/src/test/regress/sql/citus_internal_access.sql
+++ b/src/test/regress/sql/citus_internal_access.sql
@ -0,0 +1,7 @@
+--- Create a non-superuser role and check if it can access citus_internal schema functions
+CREATE USER nonsuperuser CREATEROLE;
+
+SET ROLE nonsuperuser;
+--- The non-superuser role should not be able to access citus_internal functions
+SELECT citus_internal.commit_management_command_2pc();
+select citus_internal.replace_isolation_tester_func();