Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql: support SHOW GRANTS for functions #88773

Merged
merged 1 commit into from
Sep 27, 2022
Merged

sql: support SHOW GRANTS for functions #88773

merged 1 commit into from
Sep 27, 2022

Conversation

chengxiong-ruan
Copy link
Contributor

@chengxiong-ruan chengxiong-ruan commented Sep 26, 2022
edited
Loading

Backport resolves #88495

Release note (sql change): Previously SHOW GRANTS only supports
db, schema, table and types. This commit add supports for UDFs,
so that SHOW GRANTS returns UDFs privileges infos, and statements
like SHOW GRANTS ON FUNCTION <udf name/signatures> are now supported
Full function signature must be provided if the function name is
not unique.
Release justification: low risk GA blocker.

@chengxiong-ruan chengxiong-ruan requested review from rafiss and a team September 26, 2022 22:01
@cockroach-teamcity
Copy link
Member

This change is Reviewable

chengxiong-ruan
chengxiong-ruan commented Sep 27, 2022
View reviewed changes
pkg/sql/delegate/show_grants.go Outdated
privilege_type,
is_grantable::boolean
FROM "".information_schema.role_routine_grants
WHERE reverse(split_part(reverse(specific_name), '_', 1))::INT > 100000
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not including any builtin functions cause thinking it would just explode the SHOW GRANTS output without adding much user experience value since anyone can execute a builtin.

@rafiss rafiss mentioned this pull request Sep 27, 2022
Closed
rafiss
rafiss requested changes Sep 27, 2022
View reviewed changes
Copy link
Collaborator

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

look pretty good! just some small comments

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @chengxiong-ruan and @rafiss)

pkg/sql/delegate/show_grants.go line 105 at r1 (raw file):

       )
`
	//

missing comment?

pkg/sql/delegate/show_grants.go line 116 at r1 (raw file):

         is_grantable::boolean
  FROM "".information_schema.role_routine_grants
  WHERE reverse(split_part(reverse(specific_name), '_', 1))::INT > 100000

could you make the 100000 reference CockroachPredefinedOIDMax just in case that constant ever changes?

pkg/sql/logictest/testdata/logic_test/udf line 627 at r1 (raw file):


query TTTTTTTTTT colnames
SELECT * FROM information_schema.role_routine_grants

is it useful to still keep the test on infromation_schema to make sure that metadata is correct too?

pkg/sql/logictest/testdata/logic_test/udf line 634 at r1 (raw file):


query TTTTTTB colnames
SHOW GRANTS ON FUNCTION test_priv_f1, test_priv_f2, test_priv_f3

hm, i am a bit confused. how did this work without any change to sql.y to support ON FUNCTION?

chengxiong-ruan
chengxiong-ruan commented Sep 27, 2022
View reviewed changes
Copy link
Contributor Author

@chengxiong-ruan chengxiong-ruan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @rafiss)

pkg/sql/delegate/show_grants.go line 105 at r1 (raw file):

Previously, rafiss (Rafi Shamim) wrote…

missing comment?

fixed. good eyes.

pkg/sql/delegate/show_grants.go line 116 at r1 (raw file):

Previously, rafiss (Rafi Shamim) wrote…

could you make the 100000 reference CockroachPredefinedOIDMax just in case that constant ever changes?

fixed, use CRDB_MAX_PREDEFINED_OID as a pattern in the query string to replace with and added a helper function to get the actual query.

pkg/sql/logictest/testdata/logic_test/udf line 627 at r1 (raw file):

Previously, rafiss (Rafi Shamim) wrote…

is it useful to still keep the test on infromation_schema to make sure that metadata is correct too?

good point, I added them back.

pkg/sql/logictest/testdata/logic_test/udf line 634 at r1 (raw file):

Previously, rafiss (Rafi Shamim) wrote…

hm, i am a bit confused. how did this work without any change to sql.y to support ON FUNCTION?

yeah, FUNCTION is one of object types in the grant_targets list :

cockroach/pkg/sql/parser/sql.y

Line 7812 in ae38d90

| FUNCTION function_with_argtypes_list

rafiss
rafiss approved these changes Sep 27, 2022
View reviewed changes
Copy link
Collaborator

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @chengxiong-ruan and @rafiss)

pkg/sql/delegate/show_grants.go line 116 at r1 (raw file):

Previously, chengxiong-ruan (Chengxiong Ruan) wrote…

fixed, use CRDB_MAX_PREDEFINED_OID as a pattern in the query string to replace with and added a helper function to get the actual query.

i'll leave it up to you, but did you find that more readable than

var udfQuery = fmt.Sprintf(..., oidext.CockroachPredefinedOIDMax)

just want to make sure you considered that

pkg/sql/logictest/testdata/logic_test/udf line 634 at r1 (raw file):

Previously, chengxiong-ruan (Chengxiong Ruan) wrote…

yeah, FUNCTION is one of object types in the grant_targets list :

cockroach/pkg/sql/parser/sql.y

Line 7812 in ae38d90

| FUNCTION function_with_argtypes_list

ah thanks for explaining

@chengxiong-ruan
Copy link
Contributor Author

pkg/sql/delegate/show_grants.go line 116 at r1 (raw file):

Previously, rafiss (Rafi Shamim) wrote…

i'll leave it up to you, but did you find that more readable than

var udfQuery = fmt.Sprintf(..., oidext.CockroachPredefinedOIDMax)

just want to make sure you considered that

yeah, for some reason part of me wanted to be consistent with the other query strings being constants, but I guess that's not important. I'll change it to formatting. Thanks.

@chengxiong-ruan
sql: support SHOW GRANTS for user-defined functions
588d477 
Backport resolves cockroachdb#88495

Release note (sql change): Previously `SHOW GRANTS` only supports
db, schema, table and types. This commit add supports for UDFs,
so that `SHOW GRANTS` returns UDFs privileges infos, and statements
like `SHOW GRANTS ON FUNCTION <udf name/signatures>` are now supported
Full function signature must be provided if the function name is
not unique.
Release justification: low risk GA blocker.
@chengxiong-ruan
Copy link
Contributor Author

TFTR!
bors r+

@craig
Copy link
Contributor

craig bot commented Sep 27, 2022

Build succeeded:

@craig craig bot merged commit 471f9b6 into cockroachdb:master Sep 27, 2022
@blathers-crl blathers-crl bot mentioned this pull request Sep 27, 2022
Merged
@cockroach-teamcity cockroach-teamcity mentioned this pull request Sep 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafiss rafiss rafiss approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

sql: support UDF in SHOW GRANTS
3 participants
@chengxiong-ruan @cockroach-teamcity @rafiss