-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sql: support {GRANT|REVOKE} PRIVILEGES ... ON {SEQUENCE | ALL SEQUENCES IN SCHEMA} #79862
sql: support {GRANT|REVOKE} PRIVILEGES ... ON {SEQUENCE | ALL SEQUENCES IN SCHEMA} #79862
Conversation
063c796
to
cdfdcb6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this looks quite nice! i just had a question
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @shermanCRL and @ZhouXing19)
pkg/sql/privilege/privilege.go, line 86 at r3 (raw file):
SchemaPrivileges = List{ALL, GRANT, CREATE, USAGE} TypePrivileges = List{ALL, GRANT, USAGE} SequencePrivileges = List{ALL, USAGE, SELECT, UPDATE}
should we include all the TablePrivileges in the list for sequences? (since we are treating sequences as a special type of table)
otherwise, i'm a bit worried about the catpb.IsValidPrivilegesForObjectType
and privilege.ValidatePrivileges
functions
pkg/sql/logictest/testdata/logic_test/grant_sequence, line 59 at r3 (raw file):
statement ok GRANT ALL ON ALL SEQUENCES IN SCHEMA test.public TO readwrite;
could you add another test to see that GRANT USAGE ON SEQUENCE
works? I'm a bit worried that since we still treat sequences the same as tables, then something somewhere will end up looking at TablePrivileges
, which doesn't include USAGE
if USAGE doesn't work then i think it means we need to update the descriptor validation logic to be aware of sequence privileges.
43938d7
to
e2b6035
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @rafiss and @shermanCRL)
pkg/sql/privilege/privilege.go, line 86 at r3 (raw file):
Previously, rafiss (Rafi Shamim) wrote…
should we include all the TablePrivileges in the list for sequences? (since we are treating sequences as a special type of table)
otherwise, i'm a bit worried about the
catpb.IsValidPrivilegesForObjectType
andprivilege.ValidatePrivileges
functions
I don't think we need to, because both of these 2 funcs call privilge.GetValidPrivilegesForObject(objectType)
to return the allowed priv list here, and we refactored that function too, so that it always return this SequencePrivileges
list when objectType = priviledge.Sequence
.
pkg/sql/logictest/testdata/logic_test/grant_sequence, line 59 at r3 (raw file):
Previously, rafiss (Rafi Shamim) wrote…
could you add another test to see that
GRANT USAGE ON SEQUENCE
works? I'm a bit worried that since we still treat sequences the same as tables, then something somewhere will end up looking atTablePrivileges
, which doesn't includeUSAGE
if USAGE doesn't work then i think it means we need to update the descriptor validation logic to be aware of sequence privileges.
Yes good point, it didn't work because the USAGE
privilege was not stored in the descriptor (UserPrivileges.Privileges
). I changed how we call catprivilege.MaybeFixPrivileges
in pkg/sql/catalog/tabledesc/table_desc_builder.go
and it's working now. See added tests above.
a6e50b6
to
f20ae1b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some small nits
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @rafiss, @shermanCRL, and @ZhouXing19)
pkg/sql/sequence.go, line 102 at r9 (raw file):
ctx context.Context, p *planner, descriptor catalog.TableDescriptor, ) (int64, error) { var err error
nit: don't think we need the error declared here
pkg/sql/sequence.go, line 105 at r9 (raw file):
requiredPrivileges := []privilege.Kind{privilege.USAGE, privilege.UPDATE} HasRequiredPriviledge := false
nit: should be lowercase h
pkg/sql/sequence.go, line 115 at r9 (raw file):
} if !HasRequiredPriviledge { return 0, errors.AssertionFailedf(
nit: assertion error should only be used for programming errors. they cause reports to be sent to us and automatically create github issues when it happens
so the error should match closer to what the CheckPrivilege
function was returning:
return pgerror.Newf(pgcode.InsufficientPrivilege,
"user %s does not have %s privilege on %s %s",
user, privilege, descriptor.DescriptorType(), descriptor.GetName())
pkg/sql/catalog/tabledesc/table_desc_builder.go, line 246 at r9 (raw file):
} fixedPrivileges := catprivilege.MaybeFixPrivileges(
i think the call to MaybeFixPrivileges will cause us to clear out any privileges that are now invalid for sequences (e.g. DELETE). i'm pretty sure that's fine, but just wanted to confirm. do you think we should call runPostDeserializationChangesOnAllDescriptors
during the upgrade migration to v22.2? perhaps the schema team has thoughts
also, right now the comment on MaybeFixPrivileges
says it can be removed after 21.2, but it seems like we should change that to say 22.2 now.
From the CI, it seems that the current changes are breaking default privilege tests. Looking into it. |
13e993d
to
2b3d1ad
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @rafiss and @shermanCRL)
pkg/sql/sequence.go
line 102 at r9 (raw file):
Previously, rafiss (Rafi Shamim) wrote…
nit: don't think we need the error declared here
Done.
pkg/sql/sequence.go
line 105 at r9 (raw file):
Previously, rafiss (Rafi Shamim) wrote…
nit: should be lowercase
h
Done.
pkg/sql/sequence.go
line 115 at r9 (raw file):
Previously, rafiss (Rafi Shamim) wrote…
nit: assertion error should only be used for programming errors. they cause reports to be sent to us and automatically create github issues when it happens
so the error should match closer to what the
CheckPrivilege
function was returning:return pgerror.Newf(pgcode.InsufficientPrivilege, "user %s does not have %s privilege on %s %s", user, privilege, descriptor.DescriptorType(), descriptor.GetName())
Done, thanks!
pkg/sql/catalog/tabledesc/table_desc_builder.go
line 246 at r9 (raw file):
clear out any privileges that are now invalid for sequences (e.g. DELETE)
Yes that's the expected behavior.
do you think we should call
runPostDeserializationChangesOnAllDescriptors
during the upgrade migration to v22.2?
Ah in this case I agree that we may want to include all the TablePrivileges in the list for sequences, so that we can avoid making existing privileges unavailable during upgrade migration.
But I'm not sure we need to call runPostDeserializationChangesOnAllDescriptors
since we're just expanding the set of allowed privileges for sequences.
also, right now the comment on MaybeFixPrivileges says it can be removed after 21.2, but it seems like we should change that to say 22.2 now.
Made the changes.
Could you say more? I thought you were saying that the privileges that were being removed are not used for sequences anywhere? |
They (e.g. cockroach/pkg/sql/logictest/testdata/logic_test/alter_default_privileges_with_grant_option Lines 554 to 560 in c676689
|
13506c7
to
c73fae7
Compare
Added notice if the granted privilege on sequence is not in PG14's list (i.e. |
@rafiss re-pinging for review. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
all the code lgtm! i just have one comment about the notice.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @rafiss, @shermanCRL, and @ZhouXing19)
pkg/sql/grant_revoke.go
line 256 at r13 (raw file):
errors.WithHint( pgnotice.Newf("%s", sequencePrivilegesNotInPg.SortedNames()), "the above privileges may be incompatible with PostgreSQL",
i think we can use a bit of a softer message, so user's don't worry too much. also, i think we should only show a notice for the privileges that are essentially no-ops in CRDB. for example, even though DROP is not allowed in PG for sequences, it still is useful in CRDB. so i think the only privileges we need to show the notice for are: CREATE, INSERT, DELETE, and ZONECONFIG (but perhaps you could confirm that these all have no effect for sequences)
also, nit: no need to use WithHint
on this one.
so, to summarize the above, i think we can use something like:
params.p.BufferClientNotice(
ctx,
pgnotice.Newf("some privileges have no effect on sequences: %s", sequencePrivilegesNotInPg.SortedNames(),
)
List{ALL, USAGE, SELECT, UPDATE, CREATE, DROP, GRANT, INSERT, DELETE, ZONECONFIG}
…UENCES IN SCHEMA} This commit 1. Refactored the `Tables` field from a `TablePatterns` struct to a new struct, `TableAttrs`, which contains a `IsSequence` field to check if the table patterns are expected to be sequences. 2. Added syntax support for {GRANT|REVOKE} ... ON {SEQUENCE | ALL SEQUENCES IN SCHEMA} Release note (sql): Add syntax support for `{GRANT|REVOKE} ... ON {SEQUENCE | ALL SEQUENCES IN SCHEMA}`
…ES IN SCHEMA}` Release note: None
c73fae7
to
d4b8c1f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @adityamaru and @rafiss)
pkg/sql/grant_revoke.go
line 256 at r13 (raw file):
Previously, rafiss (Rafi Shamim) wrote…
i think we can use a bit of a softer message, so user's don't worry too much. also, i think we should only show a notice for the privileges that are essentially no-ops in CRDB. for example, even though DROP is not allowed in PG for sequences, it still is useful in CRDB. so i think the only privileges we need to show the notice for are: CREATE, INSERT, DELETE, and ZONECONFIG (but perhaps you could confirm that these all have no effect for sequences)
also, nit: no need to use
WithHint
on this one.so, to summarize the above, i think we can use something like:
params.p.BufferClientNotice( ctx, pgnotice.Newf("some privileges have no effect on sequences: %s", sequencePrivilegesNotInPg.SortedNames(), )
List{ALL, USAGE, SELECT, UPDATE, CREATE, DROP, GRANT, INSERT, DELETE, ZONECONFIG}
Thanks! This makes lots of sense.
I renamed the list to sequencePrivilegesNoOp
, and note that this excludes DROP
and GRANT
, which are not in PG's privileges for sequences but correspond to actual operations in CRDB. Test cases for DROP
and GRANT
on sequences are also added in pkg/sql/logictest/testdata/logic_test/grant_sequence
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this looks great! feel free to merge after fixing the comment
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @adityamaru, @rafiss, and @ZhouXing19)
pkg/sql/privilege/privilege.go
line 89 at r16 (raw file):
// before v22.2 we treated Sequences the same as Tables. This is to avoid making // certain privileges unavailable after upgrade migration. // Note that "UPDATE, CREATE, GRANT, "
nit: unfinished comment
Previously, ZhouXing19 (Jane Xing) wrote…
And yes I've confirmed that |
… SCHEMA} In this commit, sequences are treated as a subset of tables. I.e. to get the descriptors for sequences from target lists, we still check if the current descriptor is of table type, and then check if it is ALSO a sequence. The allowed privileges on sequences are the current privileges for tables plus `Usage`. This is to be compatible with PG14's privileges[1] for sequences, and also avoid unabling the existing privileges. Note as in PG14[1], for sequences, the `USAGE` privilege allows the use of `currval` and `nextval` functions. [[1]](https://www.postgresql.org/docs/current/sql-grant.html) Release note (sql): add logic for `{GRANT|REVOKE} ... ON {SEQUENCE | ALL SEQUENCES IN SCHEMA}`
d4b8c1f
to
4547541
Compare
TFTR! |
Build failed (retrying...): |
Build succeeded: |
From cockroachdb#79862 on we support the `USAGE` privilege on sequence. This commit is to fix the `has_sequence_privilege()` builtin function on checking the `USAGE` privilege on sequences. fixes cockroachdb#82465 Release note (sql change): fix `has_sequence_privilege()` on `USAGE` privilege
From cockroachdb#79862 on we support the `USAGE` privilege on sequence. This commit is to fix the `has_sequence_privilege()` builtin function on checking the `USAGE` privilege on sequences. fixes cockroachdb#82465 Release note (sql change): fix `has_sequence_privilege()` on `USAGE` privilege
From cockroachdb#79862 on we support the `USAGE` privilege on sequence. This commit is to fix the `has_sequence_privilege()` builtin function on checking the `USAGE` privilege on sequences. fixes cockroachdb#82465 Release note (sql change): fix `has_sequence_privilege()` on `USAGE` privilege
From cockroachdb#79862 on we support the `USAGE` privilege on sequence. This commit is to fix the `has_sequence_privilege()` builtin function on checking the `USAGE` privilege on sequences. fixes cockroachdb#82465 Release note (sql change): fix `has_sequence_privilege()` on `USAGE` privilege
Add support for
{GRANT|REVOKE} PRIVILEGES ... ON {SEQUENCE | ALL SEQUENCES IN SCHEMA}
syntax.Fixes #74780
Fixes #69584
Release Note(sql): Add support for
{GRANT|REVOKE} PRIVILEGES ... ON {SEQUENCE | ALL SEQUENCES IN SCHEMA}
syntax.The privileges allowed for sequences will be those in
Postgres14
(
ALL, USAGE, SELECT, UPDATE
) in addition to the existing CRBDtable privileges
(
ALL, CREATE, DROP, GRANT, SELECT, INSERT, DELETE, UPDATE, ZONECONFIG
).This is because before 22.2 we allow granting table privileges to sequences
via
ALTER DEFAULT PRIVILEGES ... ON SEQUENCE
.Note that now sequences are still treated as a subset of tables,
which means
{GRANT|REVOKE} ... ON TABLE sequence_name
works,and
GRANT ... ON ALL TABLES IN SCHEMA
also grant privileges on all sequences in the schema to the target user.