From 771a447b691b946f510def15199c32110cb54171 Mon Sep 17 00:00:00 2001
From: Anju Bharti <66729219+anju15bharti@users.noreply.github.com>
Date: Thu, 17 Oct 2024 17:48:11 +0530
Subject: [PATCH 1/2] [Babelfish] Do not dump securityadmin from BBF catalog
 (#95)

Description
Babel: Do not dump securityadmin from BBF catalog

Extension PR https://github.com/amazon-aurora/babelfish_extensions/pull/67

Task: BABEL-5040
Signed-off-by: ANJU BHARTI <abanju@amazon.com>
---
 src/bin/pg_dump/dump_babel_utils.c    | 3 ++-
 src/bin/pg_dump/dumpall_babel_utils.c | 5 +++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/bin/pg_dump/dump_babel_utils.c b/src/bin/pg_dump/dump_babel_utils.c
index 4341e4aa7ef..d24d4e50106 100644
--- a/src/bin/pg_dump/dump_babel_utils.c
+++ b/src/bin/pg_dump/dump_babel_utils.c
@@ -1177,7 +1177,8 @@ addFromClauseForPhysicalDatabaseDump(PQExpBuffer buf, TableInfo *tbinfo)
 	}
 	else if(strcmp(tbinfo->dobj.name, "babelfish_authid_login_ext") == 0)
 		appendPQExpBuffer(buf, " FROM ONLY %s a "
-						"WHERE a.rolname NOT IN ('sysadmin', 'bbf_role_admin', '%s')", /* Do not dump sysadmin, bbf_role_admin and Babelfish initialize user */
+						"WHERE a.rolname NOT IN ('sysadmin', 'bbf_role_admin', "
+						"'securityadmin', '%s')", /* Do not dump sysadmin, bbf_role_admin, securityadmin and Babelfish initialize user */
 						fmtQualifiedDumpable(tbinfo), babel_init_user);
 	else if(strcmp(tbinfo->dobj.name, "babelfish_domain_mapping") == 0 ||
 			strcmp(tbinfo->dobj.name, "babelfish_function_ext") == 0 ||
diff --git a/src/bin/pg_dump/dumpall_babel_utils.c b/src/bin/pg_dump/dumpall_babel_utils.c
index 845867ad111..77865961492 100644
--- a/src/bin/pg_dump/dumpall_babel_utils.c
+++ b/src/bin/pg_dump/dumpall_babel_utils.c
@@ -35,7 +35,7 @@ typedef enum {
 
 static babelfish_status bbf_status = NONE;
 
-static char default_bbf_roles[] = "('sysadmin', 'bbf_role_admin', "
+static char default_bbf_roles[] = "('sysadmin', 'bbf_role_admin', 'securityadmin', "
 								  "'master_dbo', 'master_db_owner', 'master_guest', "
 								  "'msdb_dbo', 'msdb_db_owner', 'msdb_guest', "
 								  "'tempdb_dbo', 'tempdb_db_owner', 'tempdb_guest')";
@@ -300,7 +300,8 @@ getBabelfishRoleMembershipQuery(PGconn *conn, PQExpBuffer buf,
 	else
 		appendPQExpBufferStr(buf,
 							 "SELECT 'sysadmin' AS rolname UNION "
-							 "SELECT 'bbf_role_admin' AS rolname UNION ");
+							 "SELECT 'bbf_role_admin' AS rolname UNION "
+							 "SELECT 'securityadmin' AS rolname UNION ");
 	appendPQExpBuffer(buf,
 					  "SELECT rolname FROM sys.babelfish_authid_user_ext ");
 	/* Only dump users of the specific logical database we are currently dumping. */

From f572c250efdf75b2b8592ca95da1021fe0df0082 Mon Sep 17 00:00:00 2001
From: Tanzeel Khan <140405735+tanscorpio7@users.noreply.github.com>
Date: Fri, 18 Oct 2024 14:35:34 +0530
Subject: [PATCH 2/2] Support fixed database role db_accessadmin #447 (#96)

### Description

See https://github.com/babelfish-for-postgresql/postgresql_modified_for_babelfish/pull/447

Handle bbf dump restore changes for babelfish db_accessadmin fixed database role.

#### Engine PR: https://github.com/babelfish-for-postgresql/postgresql_modified_for_babelfish/pull/447
#### Extension PR: https://github.com/babelfish-for-postgresql/babelfish_extensions/pull/2970

### Issues Resolved

[List any issues this PR will resolve]

### Check List

- [x] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is under the terms of the PostgreSQL license, and grant any person obtaining a copy of the contribution permission to relicense all or a portion of my contribution to the PostgreSQL License solely to contribute all or a portion of my contribution to the PostgreSQL open source project.

For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/babelfish-for-postgresql/postgresql_modified_for_babelfish/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).
---
 src/bin/pg_dump/dump_babel_utils.c    | 24 +++++++++++++-----------
 src/bin/pg_dump/dumpall_babel_utils.c |  6 +++---
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/src/bin/pg_dump/dump_babel_utils.c b/src/bin/pg_dump/dump_babel_utils.c
index d24d4e50106..30496438e7d 100644
--- a/src/bin/pg_dump/dump_babel_utils.c
+++ b/src/bin/pg_dump/dump_babel_utils.c
@@ -52,6 +52,12 @@ typedef enum {
 
 static babelfish_status bbf_status = NONE;
 
+static char *default_bbf_db_principals =
+			"('master_dbo', 'master_db_owner', 'master_guest', 'master_db_accessadmin', "
+			"'msdb_dbo', 'msdb_db_owner', 'msdb_guest', 'msdb_db_accessadmin', "
+			"'tempdb_dbo', 'tempdb_db_owner', 'tempdb_guest', 'tempdb_db_accessadmin') ";
+
+
 
 static char *
 getMinOid(Archive *fout)
@@ -1123,11 +1129,8 @@ addFromClauseForLogicalDatabaseDump(PQExpBuffer buf, TableInfo *tbinfo)
 						  "INNER JOIN sys.babelfish_sysdatabases b "
 						  "ON a.database_name = b.name COLLATE \"C\" "
 						  "WHERE b.dbid = %d "
-						  "AND a.rolname NOT IN "
-						  "('master_dbo', 'master_db_owner', 'master_guest', "
-						  "'msdb_dbo', 'msdb_db_owner', 'msdb_guest', "
-						  "'tempdb_dbo', 'tempdb_db_owner', 'tempdb_guest') ",
-						  fmtQualifiedDumpable(tbinfo), bbf_db_id);
+						  "AND a.rolname NOT IN %s",
+						  fmtQualifiedDumpable(tbinfo), bbf_db_id, default_bbf_db_principals);
 	}
 	else
 	{
@@ -1169,11 +1172,8 @@ addFromClauseForPhysicalDatabaseDump(PQExpBuffer buf, TableInfo *tbinfo)
 	else if(strcmp(tbinfo->dobj.name, "babelfish_authid_user_ext") == 0)
 	{
 		appendPQExpBuffer(buf, " FROM ONLY %s a "
-						  "WHERE a.rolname NOT IN "
-						  "('master_dbo', 'master_db_owner', 'master_guest', "
-						  "'tempdb_dbo', 'tempdb_db_owner', 'tempdb_guest', "
-						  "'msdb_dbo', 'msdb_db_owner', 'msdb_guest')",
-						  fmtQualifiedDumpable(tbinfo));
+						  "WHERE a.rolname NOT IN %s",
+						  fmtQualifiedDumpable(tbinfo), default_bbf_db_principals);
 	}
 	else if(strcmp(tbinfo->dobj.name, "babelfish_authid_login_ext") == 0)
 		appendPQExpBuffer(buf, " FROM ONLY %s a "
@@ -1992,7 +1992,7 @@ dumpBabelPhysicalDatabaseACLs(Archive *fout)
 					"\n	SET LOCAL ROLE sysadmin;"
 					"\n	FOR rolname, original_name IN ("
 					"\n		SELECT a.rolname, a.orig_username FROM sys.babelfish_authid_user_ext a"
-					"\n			WHERE orig_username IN ('dbo') AND"
+					"\n			WHERE orig_username IN ('dbo','db_accessadmin') AND"
 					"\n			database_name NOT IN ('master', 'tempdb', 'msdb')");
 
 	if (bbf_db_name)
@@ -2003,6 +2003,8 @@ dumpBabelPhysicalDatabaseACLs(Archive *fout)
 					"\n	) LOOP"
 					"\n		CASE WHEN original_name = 'dbo' THEN"
 					"\n			EXECUTE format('GRANT CREATE, CONNECT, TEMPORARY ON DATABASE \"%%s\" TO \"%%s\"; ', CURRENT_DATABASE(), rolname);"
+					"\n		WHEN original_name = 'db_accessadmin' THEN"
+					"\n			EXECUTE format('GRANT CREATE ON DATABASE \"%%s\" TO \"%%s\"; ', CURRENT_DATABASE(), rolname);"
 					"\n		END CASE;"
 					"\n	END LOOP;"
 					"\n	RESET ROLE;"
diff --git a/src/bin/pg_dump/dumpall_babel_utils.c b/src/bin/pg_dump/dumpall_babel_utils.c
index 77865961492..835a1f84886 100644
--- a/src/bin/pg_dump/dumpall_babel_utils.c
+++ b/src/bin/pg_dump/dumpall_babel_utils.c
@@ -36,9 +36,9 @@ typedef enum {
 static babelfish_status bbf_status = NONE;
 
 static char default_bbf_roles[] = "('sysadmin', 'bbf_role_admin', 'securityadmin', "
-								  "'master_dbo', 'master_db_owner', 'master_guest', "
-								  "'msdb_dbo', 'msdb_db_owner', 'msdb_guest', "
-								  "'tempdb_dbo', 'tempdb_db_owner', 'tempdb_guest')";
+								  "'master_dbo', 'master_db_owner', 'master_guest', 'master_db_accessadmin', "
+								  "'msdb_dbo', 'msdb_db_owner', 'msdb_guest', 'msdb_db_accessadmin', "
+								  "'tempdb_dbo', 'tempdb_db_owner', 'tempdb_guest', 'tempdb_db_accessadmin')";
 
 /*
  * Run a query, return the results, exit program on failure.