-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CT-3173] [Bug] Postgres + Grants + Username-With-Dashes does not work #55
Comments
As an update and workaround to this issue - I have been able to leverage the post-hook feature of models to apply the grants myself - where I just make sure I properly quote my db role name. |
Thanks for reporting this @tomans-spirent ! Could you try this workaround and see if it also works for you? |
Seems like a similar issue - but no such luck if I add that revoke macro to my project. Some extra context from my dbt run log output:
With the following in my dbt_project.yml models:
my_group:
+grants:
select: ["grantee-with-dash"] |
Ah, sorry I only gave you the revoke-side of the story @tomans-spirent ! 😅 Related issuesIt looks to me like there are two different (but very related) things going on:
See below for two different approaches you can try. Option 1: Add more quotesDoes it work if you add double quotes within your configuration? For example, like this for models:
my_group:
+grants:
select: ['"grantee-with-dash"'] If this does work for you, I think you'll still need to that macro you just added to handle the revoke side of things. Option 2: Add a grant-related macrodbt-labs/dbt-redshift#282 has a proposed solution for both of those issues listed above (which is converted from being {%- macro default__get_grant_sql(relation, privilege, grantees) -%}
grant {{ privilege }} on {{ relation }} to
{% for grantee in grantees %}
{{ adapter.quote(grantee) }}
{% if not loop.last %},{% endif %}
{% endfor %}
{%- endmacro -%}
{%- macro default__get_revoke_sql(relation, privilege, grantees) -%}
revoke {{ privilege }} on {{ relation }} from
{% for grantee in grantees %}
{{ adapter.quote(grantee) }}
{% if not loop.last %},{% endif %}
{% endfor %}
{%- endmacro -%} Trade-offsI didn't try these out myself, but I'm assuming it requires all grants to be case-sensitive when they are written in YAML and config for dbt models. So that trade-off would probably work for you, but might break others if we were to just roll these macros out everywhere as-is. Wanna give one or both of these ideas a try and let us know how it goes and what you think? |
First option: Second option: I have added a file: With the contents from your comment and it patches the issue for me locally Interesting point re: the case sensitivity and existing backwards compatibility. So: I can verify the second workaround works with the caveats you expected. |
Thanks for trying out both of those options with a host of types (view, table, & incremental) @tomans-spirent ! 🏆 I'm going to label this as |
Hi there! |
Is this a new bug in dbt-core?
Current Behavior
When I configure grants in dbt for a postgres database and a db role like 'foo-bar' I get postgres syntax errors because the name is not quoted.
If I try to quote it like "\"foo-bar\"" it works for the grants part but breaks in the incremental grants part. Looks like some places do not strip and some places do strip those extra quotes I added to my db role name.
Expected Behavior
I should not have to put in extra quotes - dbt should be able to create the appropriate database syntax for supported role names.
Steps To Reproduce
Create a postgres role with dashes in the name.
Try to have dbt assign grants to that user - it will break.
Add manual quotes - it will work.
Try to make a incremental model with those same grants - it will break.
Relevant log output
No response
Environment
Which database adapter are you using with dbt?
postgres
Additional Context
No response
The text was updated successfully, but these errors were encountered: