Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DDL Support #4812

Open
23 of 57 tasks
marcocitus opened this issue Mar 11, 2021 · 1 comment
Open
23 of 57 tasks

DDL Support #4812

marcocitus opened this issue Mar 11, 2021 · 1 comment
Labels

Comments

@marcocitus
Copy link
Member

marcocitus commented Mar 11, 2021

The following DDL/utility commands are currently not propagated to worker nodes by Citus:

Database-level statements:

Schema-level statements:

ALTER SCHEMA .. OWNER TO ..
create schema my_schema;
create role non_super_user_role;
alter schema my_schema owner to non_super_user_role ;

SELECT pg_get_userbyid(nspowner) AS schema_owner
FROM pg_namespace
WHERE nspname = 'my_schema';
┌─────────────────────┐
│    schema_owner     │
├─────────────────────┤
│ non_super_user_role │
└─────────────────────┘

select result from run_command_on_workers ($$
  SELECT pg_get_userbyid(nspowner) AS schema_owner
  FROM pg_namespace
  WHERE nspname = 'my_schema'
$$);
┌─────────────┐
│   result    │
├─────────────┤
│ onurctirtir │
│ onurctirtir │
└─────────────┘
(2 rows)

Table-level statements:

Session-level statements:

System-level statements (may be outside of Citus scope):

Statements that are typically only used by extensions (which are already propagated):

  • ALTER/CREATE/DROP ACCESS METHOD
  • ALTER/CREATE/DROP CONVERSION
  • ALTER/CREATE/DROP EVENT TRIGGER
  • ALTER/CREATE/DROP FOREIGN DATA WRAPPER
  • ALTER/CREATE/DROP LANGUAGE
  • ALTER/CREATE/DROP OPERATOR
  • ALTER/CREATE/DROP OPERATOR CLASS
  • ALTER/CREATE/DROP OPERATOR FAMILY
  • ALTER/CREATE/DROP TEXT SEARCH CONFIGURATION
  • ALTER/CREATE/DROP TEXT SEARCH DICTIONARY
  • ALTER/CREATE/DROP TEXT SEARCH PARSER
  • ALTER/CREATE/DROP TEXT SEARCH TEMPLATE
  • CREATE/DROP TRANSFORM
  • CREATE/DROP CAST

Statements work as intended, but could have a distributed implementation:

  • ALTER/CREATE/DROP FOREIGN TABLE / FOREIGN DATA WRAPPER / SERVER / USER MAPPING
  • ALTER/CREATE/DROP MATERIALIZED VIEW
  • ALTER/CREATE/DROP PUBLICATION
  • ALTER/CREATE/DROP RULE
  • ALTER/CREATE/DROP SUBSCRIPTION
  • ALTER/CREATE/DROP TABLE -- could automatically have Citus manage new tables
  • ALTER/CREATE/DROP VIEW
@jnels124
Copy link

jnels124 commented Dec 13, 2023

There also appears to be an issue with table ownership on distributed tables. (readonly and readwrite already exist)
as the postgres user:

create role schemaadmin;
    grant readwrite to schemaadmin;
    grant schemaadmin to a;
    grant schemaadmin to b;
    create schema if not exists temporary authorization schemaadmin;
    grant usage on schema temporary to public;
    revoke create on schema temporary from public;
    grant select on all tables in schema temporary to readonly;
    grant select on all sequences in schema temporary to readonly;
    grant usage on schema temporary to readonly;
    alter default privileges in schema temporary grant select on tables to readonly;
    alter default privileges in schema temporary grant select on sequences to readonly;

    grant select on all tables in schema temporary to readonly;
    grant select on all sequences in schema temporary to readonly;
    grant usage on schema temporary to readonly;
    alter default privileges in schema temporary grant select on tables to readonly;
    alter default privileges in schema temporary grant select on sequences to readonly;

    grant insert, update, delete on all tables in schema temporary to readwrite;
    grant usage on all sequences in schema temporary to readwrite;
    alter default privileges in schema temporary grant insert, update, delete on tables to readwrite;
    alter default privileges in schema temporary grant usage on sequences to readwrite;

Then when logging in as user a and executing:

create unlogged table if not exists temporary.token_temp as table token limit 0;
alter table if exists temporary.token_temp owner to schemaadmin;
select create_distributed_table('temporary.token_temp', 'token_id', colocate_with => 'token');

I am able to successfully

truncate temporary.token_temp

as user a but when i attempt to login with user b I get the following error on the coordinator:

ERROR:  failure on connection marked as essential: 10.224.0.6:7433```

and on the worker i see

ERROR:  permission denied for table nft_temp
STATEMENT:  SET citus.enable_ddl_propagation TO 'off';
	LOCK temporary.nft_temp IN ACCESS EXCLUSIVE MODE;
	SET citus.enable_ddl_propagation TO 'on'

This only happens for distributed tables.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants