Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sql: add syntax for supporting security definer #128413

Merged
merged 1 commit into from
Aug 22, 2024
Merged

sql: add syntax for supporting security definer #128413

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/generated/sql/bnf/alter_func_stmt.bnf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
alter_func_stmt ::=
( 'ALTER' 'FUNCTION' function_with_paramtypes ( ( ( 'CALLED' 'ON' 'NULL' 'INPUT' | 'RETURNS' 'NULL' 'ON' 'NULL' 'INPUT' | 'STRICT' | 'IMMUTABLE' | 'STABLE' | 'VOLATILE' | 'LEAKPROOF' | 'NOT' 'LEAKPROOF' ) ) ( ( ( 'CALLED' 'ON' 'NULL' 'INPUT' | 'RETURNS' 'NULL' 'ON' 'NULL' 'INPUT' | 'STRICT' | 'IMMUTABLE' | 'STABLE' | 'VOLATILE' | 'LEAKPROOF' | 'NOT' 'LEAKPROOF' ) ) )* ) ( 'RESTRICT' | ) )
( 'ALTER' 'FUNCTION' function_with_paramtypes ( ( ( 'CALLED' 'ON' 'NULL' 'INPUT' | 'RETURNS' 'NULL' 'ON' 'NULL' 'INPUT' | 'STRICT' | 'IMMUTABLE' | 'STABLE' | 'VOLATILE' | 'EXTERNAL' 'SECURITY' 'DEFINER' | 'EXTERNAL' 'SECURITY' 'INVOKER' | 'SECURITY' 'DEFINER' | 'SECURITY' 'INVOKER' | 'LEAKPROOF' | 'NOT' 'LEAKPROOF' ) ) ( ( ( 'CALLED' 'ON' 'NULL' 'INPUT' | 'RETURNS' 'NULL' 'ON' 'NULL' 'INPUT' | 'STRICT' | 'IMMUTABLE' | 'STABLE' | 'VOLATILE' | 'EXTERNAL' 'SECURITY' 'DEFINER' | 'EXTERNAL' 'SECURITY' 'INVOKER' | 'SECURITY' 'DEFINER' | 'SECURITY' 'INVOKER' | 'LEAKPROOF' | 'NOT' 'LEAKPROOF' ) ) )* ) ( 'RESTRICT' | ) )
| ( 'ALTER' 'FUNCTION' function_with_paramtypes 'RENAME' 'TO' function_new_name )
| ( 'ALTER' 'FUNCTION' function_with_paramtypes 'OWNER' 'TO' role_spec )
| ( 'ALTER' 'FUNCTION' function_with_paramtypes 'SET' 'SCHEMA' schema_name )
Expand Down
4 changes: 2 additions & 2 deletions docs/generated/sql/bnf/create_func.bnf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
create_func_stmt ::=
'CREATE' ( 'OR' 'REPLACE' | ) 'FUNCTION' routine_create_name '(' ( ( ( ( routine_param | routine_param | routine_param ) ) ( ( ',' ( routine_param | routine_param | routine_param ) ) )* ) | ) ')' 'RETURNS' ( 'SETOF' | ) routine_return_type ( ( ( ( 'AS' routine_body_str | 'LANGUAGE' ('SQL' | 'PLPGSQL') | ( 'CALLED' 'ON' 'NULL' 'INPUT' | 'RETURNS' 'NULL' 'ON' 'NULL' 'INPUT' | 'STRICT' | 'IMMUTABLE' | 'STABLE' | 'VOLATILE' | 'LEAKPROOF' | 'NOT' 'LEAKPROOF' ) ) ) ( ( ( 'AS' routine_body_str | 'LANGUAGE' ('SQL' | 'PLPGSQL') | ( 'CALLED' 'ON' 'NULL' 'INPUT' | 'RETURNS' 'NULL' 'ON' 'NULL' 'INPUT' | 'STRICT' | 'IMMUTABLE' | 'STABLE' | 'VOLATILE' | 'LEAKPROOF' | 'NOT' 'LEAKPROOF' ) ) ) )* ) | )
| 'CREATE' ( 'OR' 'REPLACE' | ) 'FUNCTION' routine_create_name '(' ( ( ( ( routine_param | routine_param | routine_param ) ) ( ( ',' ( routine_param | routine_param | routine_param ) ) )* ) | ) ')' ( ( ( ( 'AS' routine_body_str | 'LANGUAGE' ('SQL' | 'PLPGSQL') | ( 'CALLED' 'ON' 'NULL' 'INPUT' | 'RETURNS' 'NULL' 'ON' 'NULL' 'INPUT' | 'STRICT' | 'IMMUTABLE' | 'STABLE' | 'VOLATILE' | 'LEAKPROOF' | 'NOT' 'LEAKPROOF' ) ) ) ( ( ( 'AS' routine_body_str | 'LANGUAGE' ('SQL' | 'PLPGSQL') | ( 'CALLED' 'ON' 'NULL' 'INPUT' | 'RETURNS' 'NULL' 'ON' 'NULL' 'INPUT' | 'STRICT' | 'IMMUTABLE' | 'STABLE' | 'VOLATILE' | 'LEAKPROOF' | 'NOT' 'LEAKPROOF' ) ) ) )* ) | )
'CREATE' ( 'OR' 'REPLACE' | ) 'FUNCTION' routine_create_name '(' ( ( ( ( routine_param | routine_param | routine_param ) ) ( ( ',' ( routine_param | routine_param | routine_param ) ) )* ) | ) ')' 'RETURNS' ( 'SETOF' | ) routine_return_type ( ( ( ( 'AS' routine_body_str | 'LANGUAGE' ('SQL' | 'PLPGSQL') | ( 'CALLED' 'ON' 'NULL' 'INPUT' | 'RETURNS' 'NULL' 'ON' 'NULL' 'INPUT' | 'STRICT' | 'IMMUTABLE' | 'STABLE' | 'VOLATILE' | 'EXTERNAL' 'SECURITY' 'DEFINER' | 'EXTERNAL' 'SECURITY' 'INVOKER' | 'SECURITY' 'DEFINER' | 'SECURITY' 'INVOKER' | 'LEAKPROOF' | 'NOT' 'LEAKPROOF' ) ) ) ( ( ( 'AS' routine_body_str | 'LANGUAGE' ('SQL' | 'PLPGSQL') | ( 'CALLED' 'ON' 'NULL' 'INPUT' | 'RETURNS' 'NULL' 'ON' 'NULL' 'INPUT' | 'STRICT' | 'IMMUTABLE' | 'STABLE' | 'VOLATILE' | 'EXTERNAL' 'SECURITY' 'DEFINER' | 'EXTERNAL' 'SECURITY' 'INVOKER' | 'SECURITY' 'DEFINER' | 'SECURITY' 'INVOKER' | 'LEAKPROOF' | 'NOT' 'LEAKPROOF' ) ) ) )* ) | )
| 'CREATE' ( 'OR' 'REPLACE' | ) 'FUNCTION' routine_create_name '(' ( ( ( ( routine_param | routine_param | routine_param ) ) ( ( ',' ( routine_param | routine_param | routine_param ) ) )* ) | ) ')' ( ( ( ( 'AS' routine_body_str | 'LANGUAGE' ('SQL' | 'PLPGSQL') | ( 'CALLED' 'ON' 'NULL' 'INPUT' | 'RETURNS' 'NULL' 'ON' 'NULL' 'INPUT' | 'STRICT' | 'IMMUTABLE' | 'STABLE' | 'VOLATILE' | 'EXTERNAL' 'SECURITY' 'DEFINER' | 'EXTERNAL' 'SECURITY' 'INVOKER' | 'SECURITY' 'DEFINER' | 'SECURITY' 'INVOKER' | 'LEAKPROOF' | 'NOT' 'LEAKPROOF' ) ) ) ( ( ( 'AS' routine_body_str | 'LANGUAGE' ('SQL' | 'PLPGSQL') | ( 'CALLED' 'ON' 'NULL' 'INPUT' | 'RETURNS' 'NULL' 'ON' 'NULL' 'INPUT' | 'STRICT' | 'IMMUTABLE' | 'STABLE' | 'VOLATILE' | 'EXTERNAL' 'SECURITY' 'DEFINER' | 'EXTERNAL' 'SECURITY' 'INVOKER' | 'SECURITY' 'DEFINER' | 'SECURITY' 'INVOKER' | 'LEAKPROOF' | 'NOT' 'LEAKPROOF' ) ) ) )* ) | )
4 changes: 4 additions & 0 deletions docs/generated/sql/bnf/stmt_block.bnf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3552,6 +3552,10 @@ common_routine_opt_item ::=
| 'IMMUTABLE'
| 'STABLE'
| 'VOLATILE'
| 'EXTERNAL' 'SECURITY' 'DEFINER'
| 'EXTERNAL' 'SECURITY' 'INVOKER'
| 'SECURITY' 'DEFINER'
| 'SECURITY' 'INVOKER'
| 'LEAKPROOF'
| 'NOT' 'LEAKPROOF'

Expand Down
4 changes: 4 additions & 0 deletions pkg/ccl/backupccl/testdata/backup-restore/plpgsql_procedures
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ SELECT create_statement FROM [SHOW CREATE PROCEDURE sc1.p1]
----
CREATE PROCEDURE sc1.p1(a sc1.enum1)
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
DECLARE
foobar sc1.enum1;
Expand Down Expand Up @@ -134,6 +135,7 @@ SELECT create_statement FROM [SHOW CREATE PROCEDURE sc1.p1]
----
CREATE PROCEDURE sc1.p1(a sc1.enum1)
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
DECLARE
foobar sc1.enum1;
Expand Down Expand Up @@ -300,6 +302,7 @@ SELECT create_statement FROM [SHOW CREATE PROCEDURE sc1.p1]
----
CREATE PROCEDURE sc1.p1(a sc1.enum1)
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
DECLARE
foobar sc1.enum1;
Expand Down Expand Up @@ -341,6 +344,7 @@ SELECT create_statement FROM [SHOW CREATE PROCEDURE sc1.p1]
----
CREATE PROCEDURE sc1.p1(a sc1.enum1)
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
DECLARE
foobar sc1.enum1;
Expand Down
6 changes: 6 additions & 0 deletions pkg/ccl/backupccl/testdata/backup-restore/plpgsql_user_defined_functions
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ CREATE FUNCTION sc1.f1(a sc1.enum1)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
DECLARE
x INT8 := 0;
Expand All @@ -140,6 +141,7 @@ CREATE FUNCTION sc2.f2()
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
DECLARE
x INT8;
Expand Down Expand Up @@ -176,6 +178,7 @@ CREATE FUNCTION sc1.f1(a sc1.enum1)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
DECLARE
x INT8 := 0;
Expand All @@ -196,6 +199,7 @@ CREATE FUNCTION sc2.f2()
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
DECLARE
x INT8;
Expand Down Expand Up @@ -366,6 +370,7 @@ CREATE FUNCTION sc1.f1(a sc1.enum1)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
DECLARE
x INT8;
Expand Down Expand Up @@ -409,6 +414,7 @@ CREATE FUNCTION sc1.f1(a sc1.enum1)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
DECLARE
x INT8;
Expand Down
4 changes: 4 additions & 0 deletions pkg/ccl/backupccl/testdata/backup-restore/procedures
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ SELECT create_statement FROM [SHOW CREATE PROCEDURE sc1.p1]
----
CREATE PROCEDURE sc1.p1(a sc1.enum1)
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT a FROM db1.sc1.tbl1;
SELECT 'Good':::sc1.enum1;
Expand Down Expand Up @@ -124,6 +125,7 @@ SELECT create_statement FROM [SHOW CREATE PROCEDURE sc1.p1]
----
CREATE PROCEDURE sc1.p1(a sc1.enum1)
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT a FROM db1_new.sc1.tbl1;
SELECT 'Good':::sc1.enum1;
Expand Down Expand Up @@ -280,6 +282,7 @@ SELECT create_statement FROM [SHOW CREATE PROCEDURE sc1.p1]
----
CREATE PROCEDURE sc1.p1(a sc1.enum1)
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT a FROM db1.sc1.tbl1;
SELECT 'Good':::sc1.enum1;
Expand Down Expand Up @@ -317,6 +320,7 @@ SELECT create_statement FROM [SHOW CREATE PROCEDURE sc1.p1]
----
CREATE PROCEDURE sc1.p1(a sc1.enum1)
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT a FROM db1.sc1.tbl1;
SELECT 'Good':::sc1.enum1;
Expand Down
4 changes: 4 additions & 0 deletions pkg/ccl/backupccl/testdata/backup-restore/user-defined-functions
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ CREATE FUNCTION sc1.f1(a sc1.enum1)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT a FROM db1.sc1.tbl1;
SELECT 'Good':::sc1.enum1;
Expand Down Expand Up @@ -127,6 +128,7 @@ CREATE FUNCTION sc1.f1(a sc1.enum1)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT a FROM db1_new.sc1.tbl1;
SELECT 'Good':::sc1.enum1;
Expand Down Expand Up @@ -275,6 +277,7 @@ CREATE FUNCTION sc1.f1(a sc1.enum1)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT a FROM db1.sc1.tbl1;
SELECT 'Good':::sc1.enum1;
Expand Down Expand Up @@ -312,6 +315,7 @@ CREATE FUNCTION sc1.f1(a sc1.enum1)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT a FROM db1.sc1.tbl1;
SELECT 'Good':::sc1.enum1;
Expand Down
5 changes: 5 additions & 0 deletions pkg/ccl/logictestccl/testdata/logic_test/procedure_params
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,6 +347,7 @@ SELECT create_statement FROM [SHOW CREATE PROCEDURE p_param_types];
----
CREATE PROCEDURE public.p_param_types(IN p1 INT8, INOUT p2 INT8, INOUT p3 INT8, OUT p4 INT8)
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
SELECT p2, p3, p1;
Expand All @@ -368,6 +369,7 @@ SELECT create_statement FROM [SHOW CREATE PROCEDURE p_param_types];
----
CREATE PROCEDURE public.p_param_types(OUT param INT8)
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
SELECT 1;
Expand Down Expand Up @@ -480,6 +482,7 @@ SELECT create_statement FROM [SHOW CREATE PROCEDURE p_default_names];
----
CREATE PROCEDURE public.p_default_names(OUT INT8, OUT param2 INT8, IN INT8, OUT column3 INT8)
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
SELECT 3 INTO column3;
Expand All @@ -505,6 +508,7 @@ SELECT create_statement FROM [SHOW CREATE PROCEDURE p_default_names];
----
CREATE PROCEDURE public.p_default_names(OUT INT8, OUT param2 INT8, IN INT8, OUT INT8)
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
param2 := 2;
Expand All @@ -526,6 +530,7 @@ SELECT create_statement FROM [SHOW CREATE PROCEDURE p_default_names];
----
CREATE PROCEDURE public.p_default_names(OUT INT8, OUT param2 INT8, IN in_param INT8, OUT INT8)
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
SELECT in_param INTO param2;
Expand Down
7 changes: 7 additions & 0 deletions pkg/ccl/logictestccl/testdata/logic_test/show_create
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ r1 CREATE FUNCTION public.r1()
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT 1;
$$
Expand All @@ -85,6 +86,7 @@ r1 CREATE FUNCTION public.r1(i INT8)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT 1;
$$
Expand All @@ -95,11 +97,13 @@ SELECT * FROM [SHOW CREATE PROCEDURE r1] ORDER BY 2
----
r1 CREATE PROCEDURE public.r1(s STRING)
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT 1;
$$
r1 CREATE PROCEDURE public.r1(s STRING, i INT8)
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT 1;
$$
Expand Down Expand Up @@ -131,6 +135,7 @@ r2 CREATE FUNCTION sc.r2()
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT 1;
$$
Expand All @@ -140,6 +145,7 @@ SHOW CREATE PROCEDURE r2
----
r2 CREATE PROCEDURE sc.r2(s STRING)
LANGUAGE SQL
SECURITY INVOKER
AS $$
SELECT 1;
$$
Expand Down Expand Up @@ -169,6 +175,7 @@ f112134 CREATE FUNCTION sc.f112134()
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
DECLARE
x INT8 := 0;
Expand Down
11 changes: 11 additions & 0 deletions pkg/ccl/logictestccl/testdata/logic_test/udf_params
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,7 @@ CREATE FUNCTION public.f_param_types(IN p1 INT8, INOUT p2 INT8, INOUT p3 INT8, O
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
SELECT p2, p3, p1;
Expand All @@ -249,6 +250,7 @@ CREATE FUNCTION public.f_param_types(OUT param INT8)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
SELECT 1;
Expand Down Expand Up @@ -323,6 +325,7 @@ CREATE FUNCTION public.f_out_int(OUT param_new INT8)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
param_new := 2;
Expand Down Expand Up @@ -378,6 +381,7 @@ CREATE FUNCTION public.f_int(INOUT param INT8)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
param := 2;
Expand Down Expand Up @@ -408,6 +412,7 @@ CREATE FUNCTION public.f_int(IN param INT8, OUT param_out INT8)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
SELECT param INTO param_out;
Expand All @@ -432,6 +437,7 @@ CREATE FUNCTION public.f_int(OUT param_out INT8, IN param INT8)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
SELECT param INTO param_out;
Expand All @@ -456,6 +462,7 @@ CREATE FUNCTION public.f_int(INOUT param INT8)
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
param := param;
Expand Down Expand Up @@ -488,6 +495,7 @@ CREATE FUNCTION public.f_default_names(OUT INT8, OUT param2 INT8, IN INT8, OUT I
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
param2 := 2;
Expand Down Expand Up @@ -546,6 +554,7 @@ CREATE FUNCTION public.f_default_names(OUT INT8, OUT param2 INT8, IN INT8, OUT c
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
SELECT 3 INTO column3;
Expand Down Expand Up @@ -575,6 +584,7 @@ CREATE FUNCTION public.f_default_names(OUT INT8, OUT param2 INT8, IN INT8, OUT I
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
param2 := 2;
Expand All @@ -594,6 +604,7 @@ CREATE FUNCTION public.f_default_names(OUT INT8, OUT param2 INT8, IN in_param IN
NOT LEAKPROOF
CALLED ON NULL INPUT
LANGUAGE plpgsql
SECURITY INVOKER
AS $$
BEGIN
SELECT in_param INTO param2;
Expand Down
Loading
Loading