Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql: refactor pg_has_role to remove privilege.GRANT usage #75726

Merged
merged 1 commit into from
Feb 2, 2022
Merged

sql: refactor pg_has_role to remove privilege.GRANT usage #75726

merged 1 commit into from
Feb 2, 2022

Conversation

ecwall
Copy link
Contributor

@ecwall ecwall commented Jan 31, 2022
edited
Loading

refs #73129

Also combines some layers of privilege checking code.

Release note: None

@ecwall ecwall requested review from a team and shermanCRL and removed request for a team January 31, 2022 13:31
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@shermanCRL shermanCRL requested review from adityamaru and removed request for shermanCRL January 31, 2022 13:34
ecwall
ecwall commented Jan 31, 2022
View reviewed changes
pkg/sql/resolver.go
ctx context.Context,
specifier tree.HasPrivilegeSpecifier,
user security.SQLUsername,
priv privilege.Privilege,
) (bool, error) {
privs []privilege.Privilege,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checks multiple privileges now to avoid multiple calls to ResolveDescriptorForPrivilegeSpecifier.

Returns tree.HasAnyPrivilegeResult to avoid needing to unwrap and inspect error pg codes at call sites.

pkg/sql/resolver.go
// and https://www.postgresql.org/docs/release/8.2.0/.
return false, nil
}
hasPrivilege, err := hasPrivilegeFunc(privilege.Privilege{Kind: privilege.ALL})
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

privilege.ALL does not need special handling here because CheckPrivilegeForUser and CheckGrantOptionsForUser handle that case internally.

@ecwall ecwall requested a review from a team January 31, 2022 13:38
@adityamaru
Copy link
Contributor

import file change LGTM, but the majority of the changes here are for SQL Experience to review!

@adityamaru adityamaru removed their request for review January 31, 2022 14:28
RichardJCai
RichardJCai suggested changes Feb 1, 2022
View reviewed changes
Copy link
Contributor

@RichardJCai RichardJCai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 5 files at r1, 1 of 2 files at r2.
Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @ecwall and @RichardJCai)

pkg/sql/resolver.go, line 412 at r2 (raw file):

			_, table, err = p.Descriptors().GetImmutableTableByName(
				ctx, p.txn, tn, tree.ObjectLookupFlags{
					CommonLookupFlags: tree.CommonLookupFlags{

Why do we no longer require the table to be found?
Can't this result in calling IsSequence on a nil pointer below?

pkg/sql/sem/tree/eval.go, line 3084 at r2 (raw file):

const (
	// At least one of the specified privileges is granted
	HasPrivilege HasAnyPrivilegeResult = 1

I think these constants make more sense to be defined in the privilege package.

Also I'm not entirely convinced we need this, looking at the usages of ObjectNotFound seem to be mostly in the builtins. I think we can continue to require the builtins to check if the object exist before checking for privileges and we should probably leave the privilege check itself to return true or false. Or at least I don't think we need HasAnyPrivilege itself to return ObjectNotFound

ecwall
ecwall commented Feb 1, 2022
View reviewed changes
Copy link
Contributor Author

@ecwall ecwall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @RichardJCai)

pkg/sql/resolver.go, line 412 at r2 (raw file):

Previously, RichardJCai (Richard Cai) wrote…

Why do we no longer require the table to be found?
Can't this result in calling IsSequence on a nil pointer below?

This code is confusing because the case of it being "required" is handled above by

			if _, err = p.ResolveTableName(ctx, tn); err != nil {
				return nil, err
			}

GetImmutableTableByName requires that ResolveTableName be called first to populate fields inside tn so passing Required: true doesn't do anything.

pkg/sql/sem/tree/eval.go, line 3084 at r2 (raw file):

I think these constants make more sense to be defined in the privilege package.

I defined HasAnyPrivilegeResult in the same package as the function that returns it.

Also I'm not entirely convinced we need this, looking at the usages of ObjectNotFound seem to be mostly in the builtins.

HasAnyPrivilege is only used by builtins so HasAnyPrivilegeResult is only used there.

I think we can continue to require the builtins to check if the object exist before checking for privileges and we should probably leave the privilege check itself to return true or false.

It should probably be split into different functions for each of the different object types (database, schema, table, etc) being checked, but I would do that in a separate PR. There we can also look at separating the check for if an object exists vs. its privileges.

Or at least I don't think we need HasAnyPrivilege itself to return ObjectNotFound

I think making ObjectNotFound a return value is more obvious to the caller than unwrapping specific errors that are created multiple layers down then looking for them in handlers like these https://github.com/cockroachdb/cockroach/pull/75726/files#diff-58a8869993736aa2fc4a2e10f1c9ca93190d71b6fc673988d1d92ce9e0fc00efL2316

RichardJCai
RichardJCai approved these changes Feb 1, 2022
View reviewed changes
Copy link
Contributor

@RichardJCai RichardJCai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @ecwall and @RichardJCai)

pkg/sql/sem/tree/eval.go, line 3084 at r2 (raw file):

HasAnyPrivilege is only used by builtins so HasAnyPrivilegeResult is only used there.

Ah missed this part, makes sense to me.

pkg/sql/sem/tree/eval.go, line 3084 at r2 (raw file):

const (
	// At least one of the specified privileges is granted
	HasPrivilege HasAnyPrivilegeResult = 1

super nit, end sentences for this the two below with periods.

ecwall
ecwall commented Feb 1, 2022
View reviewed changes
Copy link
Contributor Author

@ecwall ecwall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @ecwall and @RichardJCai)

pkg/sql/sem/tree/eval.go, line 3084 at r2 (raw file):

Previously, RichardJCai (Richard Cai) wrote…

super nit, end sentences for this the two below with periods.

Done.

@ecwall
sql: refactor pg_has_role to remove privilege.GRANT usage
5fef566 
refs #73129

Also combines some layers of privilege checking code.

Release note: None
@ecwall
Copy link
Contributor Author

ecwall commented Feb 2, 2022

bors r=RichardJCai

@craig craig bot merged commit 63988a4 into cockroachdb:master Feb 2, 2022
@craig
Copy link
Contributor

craig bot commented Feb 2, 2022

Build succeeded:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RichardJCai RichardJCai RichardJCai approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ecwall @cockroach-teamcity @adityamaru @RichardJCai