Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

builtins: improve performance of has_table_privilege and has_column_privilege #65766

Merged
merged 5 commits into from
Jun 7, 2021
Merged

builtins: improve performance of has_table_privilege and has_column_privilege #65766

merged 5 commits into from
Jun 7, 2021

Conversation

otan
Copy link
Contributor

@otan otan commented May 27, 2021

See individual commits for details

Resolves #65551

@otan otan requested review from rafiss, RichardJCai, a team and dt and removed request for a team May 27, 2021 04:57
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@otan otan force-pushed the has_table_privilege branch 2 times, most recently from d5beb86 to e24485f Compare May 27, 2021 06:29
otan added 2 commits May 27, 2021 22:00
@otan
builtins: improve performance of has_table_privilege
f489f09 
* Eliminate the OID lookup internal query by realising that OID maps to
  descpb.ID directly.
* Eliminate the information_schema.table_privileges internal lookup query
  by consulting the table descriptor directly.

Release note (performance improvement): Improve the performance of
has_table_privilege by using an internal cache for performing privilege
lookups.
@otan
builtins: improve has_any_column_privilege performance
ff36a80 
Release note (performance improvement): Improved the performance of
has_any_column_privilege by removing some internal queries.
RichardJCai
RichardJCai approved these changes Jun 1, 2021
View reviewed changes
Copy link
Contributor

@RichardJCai RichardJCai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM mod nits

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @dt, @otan, and @rafiss)

pkg/sql/resolver.go, line 336 at r2 (raw file):

	hasPrivilege := func(priv privilege.Kind) bool {
		for _, role := range allRoles {
			for _, pu := range privilegeDesc.Users {

I think we can call privilegeDesc.CheckPrivilege here

pkg/sql/sem/builtins/pg_builtins.go, line 1333 at r4 (raw file):

				return nil, err
			}
			colArg := tree.UnwrapDatum(ctx, args[1])

Can we leave a similar comment to before stating that the column arg is only checked to see if the column exists in the table?
Makes it more clear that we're still only checking the table for privileges.

@otan
builtins: improve performance of has_column_privilege
8cf6e13 
Use the same tricks as has_table_privilege, but insert specifiers in
HasPrivilegeSpecifier to also check the column's existence.

Release note (performance improvement): Improve the performance of
has_column_privilege by removing excessive queries.
otan
otan commented Jun 1, 2021
View reviewed changes
Copy link
Contributor Author

@otan otan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @dt, @otan, @rafiss, and @RichardJCai)

pkg/sql/resolver.go, line 336 at r2 (raw file):

Previously, RichardJCai (Richard Cai) wrote…

I think we can call privilegeDesc.CheckPrivilege here

i changed it, but it revealed (what i think is a) bug. can you re-check the last commit?

otan
otan commented Jun 1, 2021
View reviewed changes
Copy link
Contributor Author

@otan otan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @dt, @rafiss, and @RichardJCai)

pkg/sql/sem/builtins/pg_builtins.go, line 1333 at r4 (raw file):

Previously, RichardJCai (Richard Cai) wrote…

Can we leave a similar comment to before stating that the column arg is only checked to see if the column exists in the table?
Makes it more clear that we're still only checking the table for privileges.

Done.

otan added 2 commits June 2, 2021 09:39
@otan
sql: use CheckPrivileges for HasPrivilegeCheck instead
a4c4206 
Release note (bug fix): Fixed a bug where owners of a table has
privileges to SELECT from it, but would return false on has_*_privilege
related functions.
@otan
ddl_analysis: add benchmarks for has_table_privilege/has_column_privi…
2025fdb 
…lege

Release note: None
@otan
Copy link
Contributor Author

otan commented Jun 7, 2021

bors r=richardjcai

@craig
Copy link
Contributor

craig bot commented Jun 7, 2021

Build succeeded:

@craig craig bot merged commit d775083 into cockroachdb:master Jun 7, 2021
@otan otan mentioned this pull request Jun 8, 2021
Closed
This was referenced Sep 8, 2021
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RichardJCai RichardJCai RichardJCai approved these changes

@rafiss rafiss Awaiting requested review from rafiss

@dt dt Awaiting requested review from dt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

sql: has_column_privilege makes graphile introspection query slow
3 participants
@otan @cockroach-teamcity @RichardJCai