Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql: avoid role existence check in DROP ROLE when it's not necessary #134979

Merged
merged 1 commit into from
Nov 12, 2024
Merged

sql: avoid role existence check in DROP ROLE when it's not necessary #134979

merged 1 commit into from
Nov 12, 2024

Conversation

rafiss
Copy link
Collaborator

@rafiss rafiss commented Nov 12, 2024

We only need to make the RoleExists call when the IF EXISTS clause is used.

This check was recently added in 696869a.

informs: #134538
Release note: None

@rafiss
sql: avoid role existence check in DROP ROLE when it's not necessary
a1cc877 
We only need to make the RoleExists call when the `IF EXISTS` clause is
used.

This check was recently added in 696869a.

Release note: None
@rafiss rafiss requested a review from a team as a code owner November 12, 2024 16:57
@blathers-crl blathers[crl]
Copy link

blathers-crl bot commented Nov 12, 2024

It looks like your PR touches production code but doesn't add or edit any test code. Did you consider adding tests to your PR?

🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.

@cockroach-teamcity
Copy link
Member

This change is Reviewable

@rafiss
Copy link
Collaborator Author

rafiss commented Nov 12, 2024

I cherry-picked this commit into these backports: #134967, #134968, #134969, #134970

spilchen
spilchen approved these changes Nov 12, 2024
View reviewed changes
Copy link
Contributor

@spilchen spilchen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm: Good catch. I missed this in my review.

Reviewed 1 of 1 files at r1, all commit messages.
Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained (waiting on @Dedej-Bergin)

@Dedej-Bergin
Copy link
Contributor

pkg/sql/drop_role.go line 113 at r1 (raw file):

				// If `IF EXISTS` was specified, then a non-existing role should be
				// skipped without causing any error.
				roleExists, err := RoleExists(params.ctx, params.p.InternalSQLTxn(), name)

Maybe we can combine these here?

			if roleExists, err := RoleExists(params.ctx, params.p.InternalSQLTxn(), name); err != nil {
				return err
			} else if !roleExists {
				// If the role does not exist, we can skip the check for targetIsAdmin.
				continue
			}

Dedej-Bergin
Dedej-Bergin approved these changes Nov 12, 2024
View reviewed changes
Copy link
Contributor

@Dedej-Bergin Dedej-Bergin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewable status: :shipit: complete! 2 of 0 LGTMs obtained (waiting on @rafiss)

rafiss
rafiss commented Nov 12, 2024
View reviewed changes
Copy link
Collaborator Author

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 2 of 0 LGTMs obtained (waiting on @Dedej-Bergin)

pkg/sql/drop_role.go line 113 at r1 (raw file):

Previously, Dedej-Bergin (Bergin Dedej) wrote…

Maybe we can combine these here?

			if roleExists, err := RoleExists(params.ctx, params.p.InternalSQLTxn(), name); err != nil {
				return err
			} else if !roleExists {
				// If the role does not exist, we can skip the check for targetIsAdmin.
				continue
			}

that is possible, but it does make the if statement a bit longer and hard to read. it also only saves 2 lines of code, so i don't feel that it's needed

@Dedej-Bergin
Copy link
Contributor

pkg/sql/drop_role.go line 113 at r1 (raw file):

Previously, rafiss (Rafi Shamim) wrote…

that is possible, but it does make the if statement a bit longer and hard to read. it also only saves 2 lines of code, so i don't feel that it's needed

What about this to reduce nesting?

		if hasAdmin {
			continue
		}

		if n.ifExists {
			// If `IF EXISTS` was specified, then a non-existing role should be
			// skipped without causing any error.
roleExists, err := RoleExists(params.ctx, params.p.InternalSQLTxn(), name)
			if err != nil {
				return err
			}
			if !roleExists {
				// If the role does not exist, we can skip the check for targetIsAdmin.
				continue
                        }
		}

		// Non-admin users cannot drop admins.
		targetIsAdmin, err := params.p.UserHasAdminRole(params.ctx, name)
		if err != nil {
			return err
		}
		if targetIsAdmin {
			return pgerror.New(pgcode.InsufficientPrivilege, "must be superuser to drop superusers")
		}

@rafiss rafiss mentioned this pull request Nov 12, 2024
Merged
@rafiss
Copy link
Collaborator Author

rafiss commented Nov 12, 2024

tftr

bors r+

@craig
Copy link
Contributor

craig bot commented Nov 12, 2024

Build succeeded:

@craig craig bot merged commit 2cbed34 into cockroachdb:master Nov 12, 2024
23 checks passed
@rafiss rafiss deleted the check-drop-role-exists branch November 14, 2024 15:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Dedej-Bergin Dedej-Bergin Dedej-Bergin approved these changes

@spilchen spilchen spilchen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rafiss @cockroach-teamcity @Dedej-Bergin @spilchen