Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql: update SHOW GRANTS ON TABLE to include grant options #75226

Merged
merged 1 commit into from
Jan 27, 2022
Merged

sql: update SHOW GRANTS ON TABLE to include grant options #75226

merged 1 commit into from
Jan 27, 2022

Conversation

ecwall
Copy link
Contributor

@ecwall ecwall commented Jan 20, 2022
edited
Loading

ref #73394

Release note: SHOW GRANTS ON TABLE includes is_grantable column

@ecwall ecwall requested review from rafiss, otan, RichardJCai and a team January 20, 2022 17:21
@cockroach-teamcity
Copy link
Member

This change is Reviewable

ecwall
ecwall commented Jan 20, 2022
View reviewed changes
Copy link
Contributor Author

@ecwall ecwall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Splitting the SHOW GRANTS change into multiple PRs because of how many lines are changed (mostly tests).

pkg/sql/catalog/descpb/privilege_test.go
@@ -157,7 +158,7 @@ func TestPrivilege(t *testing.T) {
tcNum, descriptor, show, tc.show)
}
for i := 0; i < len(show); i++ {
if show[i].User != tc.show[i].User || show[i].PrivilegeString() != tc.show[i].PrivilegeString() {
if !reflect.DeepEqual(show[i], tc.show[i]) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PrivilegeString() was only being used by this test.

Instead of coming up with a string representation for the struct, I changed the test to use DeepEqual.

@ecwall ecwall requested review from a team and dt and removed request for a team January 20, 2022 19:37
@dt dt removed their request for review January 20, 2022 19:42
@ecwall ecwall changed the title sql: update SHOW GRANTS ON table to include grant options sql: update SHOW GRANTS ON TABLE to include grant options Jan 21, 2022
rafiss
rafiss requested changes Jan 22, 2022
View reviewed changes
Copy link
Collaborator

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is looking good! i had an idea for an additional test to add, which will probably end up requiring a small tweak to the logic that populates the table

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @ecwall, @otan, and @RichardJCai)

pkg/sql/logictest/testdata/logic_test/grant_table, line 2012 at r2 (raw file):

database_name  schema_name  table_name  grantee  privilege_type  is_grantable
c              public       t           admin    ALL             false
c              public       t           millie   ALL             true

we should introduce a new test case for non-admin user who has ALL privileges, and does not have grant option on ALL, and does have the grant option on something else (like SELECT). this should lead to the privs that do have grant option being broken out into separate rows.

for example, a small snippet from the original issue description:
the output should be:

root@:26257/defaultdb> grant all on t to u3;
GRANT

root@:26257/defaultdb> grant select on t to u3 with grant option;
GRANT

root@:26257/defaultdb> grant insert on t to u3 with grant option;
GRANT

root@:26257/defaultdb> show grants on table t;
  database_name | schema_name | table_name | grantee | privilege_type | is_grantable
----------------+-------------+------------+---------+----------------+------------------
  defaultdb     | public      | t          | admin   | ALL            | True
  defaultdb     | public      | t          | root    | ALL            | True
  defaultdb     | public      | t          | u3      | ALL            | False
  defaultdb     | public      | t          | u3      | INSERT         | True
  defaultdb     | public      | t          | u3      | SELECT         | True

@ecwall ecwall requested a review from a team as a code owner January 22, 2022 23:05
rafiss
rafiss approved these changes Jan 24, 2022
View reviewed changes
Copy link
Collaborator

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @ecwall, @otan, and @RichardJCai)

pkg/sql/logictest/testdata/logic_test/grant_table, line 2012 at r2 (raw file):

Previously, rafiss (Rafi Shamim) wrote…

we should introduce a new test case for non-admin user who has ALL privileges, and does not have grant option on ALL, and does have the grant option on something else (like SELECT). this should lead to the privs that do have grant option being broken out into separate rows.

for example, a small snippet from the original issue description:
the output should be:

root@:26257/defaultdb> grant all on t to u3;
GRANT

root@:26257/defaultdb> grant select on t to u3 with grant option;
GRANT

root@:26257/defaultdb> grant insert on t to u3 with grant option;
GRANT

root@:26257/defaultdb> show grants on table t;
  database_name | schema_name | table_name | grantee | privilege_type | is_grantable
----------------+-------------+------------+---------+----------------+------------------
  defaultdb     | public      | t          | admin   | ALL            | True
  defaultdb     | public      | t          | root    | ALL            | True
  defaultdb     | public      | t          | u3      | ALL            | False
  defaultdb     | public      | t          | u3      | INSERT         | True
  defaultdb     | public      | t          | u3      | SELECT         | True

discussed offline; will add this test in a future PR

ajwerner
ajwerner approved these changes Jan 24, 2022
View reviewed changes
Copy link
Contributor

@ajwerner ajwerner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pkg/sql/privilege/privilege.go Outdated
Comment on lines 234 to 224
mask := kind.Mask()
if kindBits&mask != 0 {
grantOption := grantOptionBits&mask != 0
ret = append(ret, Privilege{
Kind: kind,
GrantOption: grantOption,
})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

uber-nit: you can use fewer lines

		if mask := kind.Mask(); kindBits&mask != 0 {
			ret = append(ret, Privilege{
				Kind:        kind,
				GrantOption: grantOptionBits&mask != 0,
			})

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call, still getting used to this.

@craig
Copy link
Contributor

craig bot commented Jan 25, 2022

🕐 Waiting for PR status (Github check) to be set, probably by CI. Bors will automatically try to run when all required PR statuses are set.

@craig
Copy link
Contributor

craig bot commented Jan 25, 2022

GitHub status checks took too long to complete, so bors is giving up. You can adjust bors configuration to have it wait longer if you like.

@craig
Copy link
Contributor

craig bot commented Jan 25, 2022

Canceled.

@craig
Copy link
Contributor

craig bot commented Jan 25, 2022

Canceled.

@craig
Copy link
Contributor

craig bot commented Jan 26, 2022

Build failed (retrying...):

@craig
Copy link
Contributor

craig bot commented Jan 26, 2022

Build failed (retrying...):

craig bot pushed a commit that referenced this pull request Jan 26, 2022
@ecwall
Merge #75226
a2dabbd 
75226: sql: update SHOW GRANTS ON TABLE to include grant options r=rafiss,ajwerner a=ecwall

ref #73394

Release note: SHOW GRANTS ON TABLE includes is_grantable column

Co-authored-by: Evan Wall <wall@cockroachlabs.com>
@craig
Copy link
Contributor

craig bot commented Jan 26, 2022

Build failed:

@ecwall
sql: update SHOW GRANTS ON TABLE to include grant options
df77141 
ref #73394

Release note (sql):  SHOW GRANTS ON TABLE includes is_grantable column
@ecwall
Copy link
Contributor Author

ecwall commented Jan 26, 2022

bors r=rafiss,ajwerner

@craig
Copy link
Contributor

craig bot commented Jan 26, 2022

Build failed (retrying...):

@craig
Copy link
Contributor

craig bot commented Jan 27, 2022

Build succeeded:

@craig craig bot merged commit ce6d32a into cockroachdb:master Jan 27, 2022
@cockroach-teamcity cockroach-teamcity mentioned this pull request Jan 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafiss rafiss rafiss approved these changes

@ajwerner ajwerner ajwerner approved these changes

@otan otan Awaiting requested review from otan

@RichardJCai RichardJCai Awaiting requested review from RichardJCai

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ecwall @cockroach-teamcity @rafiss @ajwerner