-
Notifications
You must be signed in to change notification settings - Fork 640
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds support for granted by propagation for grant statements #7538
base: main
Are you sure you want to change the base?
Conversation
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #7538 +/- ##
==========================================
- Coverage 89.69% 89.67% -0.02%
==========================================
Files 282 282
Lines 60462 60549 +87
Branches 7530 7542 +12
==========================================
+ Hits 54233 54300 +67
- Misses 4078 4088 +10
- Partials 2151 2161 +10 |
There is a typo in the pr description. Why is this change needed? |
Rather than adjusting the tests to fix the flakyness, we should come up with a better mechanism that would handle the implicit dependency graphs imposed by For example, |
It is work in progress. Converted it into draft I actually opened it just to see the test status |
* Adds a sync filter for metadata sync
DESCRIPTION:Improving Support for Granted By Propagation in Grant Statements
In previous pull requests (#7451 and #7517), we introduced support for the "granted by" statement. However, a subsequent issue, #7519, emerged regarding the metadata synchronization of "granted by" statements. Consequently, we needed to remove tests related to "granted by" statements in PR #7526.
The primary objective of this pull request is to enhance the overall support for "granted by" statements. Initially aimed at resolving metadata synchronization issues, further testing uncovered additional problems, all of which are addressed in this pull request.
Example SQL Statement:
sql grant granted_role1, non_dist_granted_role1 to grantee_role1, non_dist_grantee_role1 with admin option granted by non_dist_grantor;
Issues Addressed:
Exclusion of Non-Distributed Grantor and Granted Statements:
Previous behavior: Non-distributed grantor and granted roles were propagated, even if they were non-distributed.
Current behavior: This PR filters out non-distributed roles, ensuring that non-distributed grantor and granted roles are not propagated, aligning with the behavior of grantee roles.
Currently, grant statements with non-distributed roles are being filtered and not propagated for granted and grantor roles, similar to grantee roles.
Elimination of Grant Statement Propagation for Non-Distributed Roles:
citus_add_node
/citus_activate_node
.Grant Ordering in Metadata Sync:
Note: A meeting with @onurctirtir led to the consideration of using a method from PR #7549 for item 3. However, an error was encountered: "Citus cannot handle circular dependencies between distributed objects," creating unintended dependencies related to the grantor.