Fix drop database issue after MVU to PG17 #474
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Sumit Jaiswal <[email protected]>
HarshLunagariya
suggested changes
Nov 14, 2024
src/backend/catalog/aclchk.c
Outdated
Comment on lines
5015
to
5020
| if (bbf_get_sysadmin_oid_hook && | ||
| classid == DatabaseRelationId && | ||
| is_member_of_role(GetUserId(), sysadminOid = (*bbf_get_sysadmin_oid_hook)())) | ||
| { | ||
| grantorId = sysadminOid; | ||
| } |
There was a problem hiding this comment.
- Will Grantor always be sysadmin in case of Babelfish? At the time of inserting the init_privs, how are we deciding the grantor? If we see possibility that grantor being diff. from sysadmin then we should utilise
select_best_grantor() - Will it by triggered for other physical databases? Ideally it shouldn't. If it is then, I would suggest add check for babelfish physical db oid comparison if possible.
- We should check whether it is babelfish role or not as well.
There was a problem hiding this comment.
Discussed it offline and added check for babelfish database.
Signed-off-by: Sumit Jaiswal <[email protected]>
HarshLunagariya
suggested changes
Nov 14, 2024
src/backend/catalog/aclchk.c
Outdated
| */ | ||
| if (bbf_get_sysadmin_oid_hook && | ||
| classid == DatabaseRelationId && | ||
| objid == get_database_oid(GetConfigOption("babelfishpg_tsql.database_name", true, false), true) && |
There was a problem hiding this comment.
What if GetConfigOption("babelfishpg_tsql.database_name", true, false) returns NULL?
Can you please include some manual testing from PG endpoint in the description which makes sure that it is not interfering when hitting this code path from different physical database?
There was a problem hiding this comment.
added check for that as well.
Signed-off-by: Sumit Jaiswal <[email protected]>
HarshLunagariya
approved these changes
Nov 14, 2024
shardgupta
approved these changes
Nov 14, 2024
shardgupta
merged commit f9e9557
into
babelfish-for-postgresql:BABEL_5_X_DEV__PG_17_X
2 checks passed
HarshLunagariya
added a commit
to amazon-aurora/postgresql_modified_for_babelfish
that referenced
this pull request
Nov 21, 2024
…gresql#474)" This reverts commit f9e9557.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
After performing MVU to PG17, we weren't able to drop the existing database because a new dependency was getting added between the
dbosystem role and physical babelfish database. This dependency is getting introduced when running the TSQL upgrade script babelfishpg_tsql--3.4.0--4.0.0.sql, which grants permissions to the bbf_role_admin role. The new dependency is expected and is a result of a community change 514a3de. However, even though there is a function RemoveRoleFromInitPriv() to clean up these dependencies when executing DROP OWNED BY commands, it is not working correctly for system roles. This is because the function assumes the grantor of rights is always the same as the owner, which is not the case for system roles, where the grantor should be sysadmin.This commit made changes to use sysadmin as grantor when generating ACLs for physical babelfish database while removing role from initial privileges.
Signed-off-by: Sumit Jaiswal [email protected]
Related Task: BABEL-5410
Check List
By submitting this pull request, I confirm that my contribution is under the terms of the PostgreSQL license, and grant any person obtaining a copy of the contribution permission to relicense all or a portion of my contribution to the PostgreSQL License solely to contribute all or a portion of my contribution to the PostgreSQL open source project.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.