From a66ed00a0ed3d5b9db64558887dd379fd877089c Mon Sep 17 00:00:00 2001 From: eaydingol Date: Wed, 19 Feb 2025 00:33:03 +0300 Subject: [PATCH] Remove disabled files --- .../12.2-1.sql | 7 - .../latest.sql | 7 - .../udfs/mark_object_distributed/12.2-1.sql | 7 - .../udfs/mark_object_distributed/latest.sql | 7 - .../start_management_transaction/12.2-1.sql | 7 - .../start_management_transaction/latest.sql | 7 - .../test/_test_maintenancedeamon.py | 74 ------ .../citus_tests/test/_test_other_databases.py | 198 -------------- src/test/regress/non_maindb_schedule | 4 - .../regress/sql/failure_non_main_db_2pc.sql | 75 ------ ...n_database_propagation_from_non_maindb.sql | 246 ------------------ .../sql/grant_role_from_non_maindb.sql | 147 ----------- .../sql/metadata_sync_from_non_maindb.sql | 188 ------------- src/test/regress/sql/other_databases.sql | 182 ------------- .../sql/role_operations_from_non_maindb.sql | 106 -------- src/test/regress/sql/seclabel_non_maindb.sql | 71 ----- 16 files changed, 1333 deletions(-) delete mode 100644 src/backend/distributed/sql/udfs/execute_command_on_remote_nodes_as_user/12.2-1.sql delete mode 100644 src/backend/distributed/sql/udfs/execute_command_on_remote_nodes_as_user/latest.sql delete mode 100644 src/backend/distributed/sql/udfs/mark_object_distributed/12.2-1.sql delete mode 100644 src/backend/distributed/sql/udfs/mark_object_distributed/latest.sql delete mode 100644 src/backend/distributed/sql/udfs/start_management_transaction/12.2-1.sql delete mode 100644 src/backend/distributed/sql/udfs/start_management_transaction/latest.sql delete mode 100644 src/test/regress/citus_tests/test/_test_maintenancedeamon.py delete mode 100644 src/test/regress/citus_tests/test/_test_other_databases.py delete mode 100644 src/test/regress/non_maindb_schedule delete mode 100644 src/test/regress/sql/failure_non_main_db_2pc.sql delete mode 100644 src/test/regress/sql/grant_on_database_propagation_from_non_maindb.sql delete mode 100644 src/test/regress/sql/grant_role_from_non_maindb.sql delete mode 100644 src/test/regress/sql/metadata_sync_from_non_maindb.sql delete mode 100644 src/test/regress/sql/other_databases.sql delete mode 100644 src/test/regress/sql/role_operations_from_non_maindb.sql delete mode 100644 src/test/regress/sql/seclabel_non_maindb.sql diff --git a/src/backend/distributed/sql/udfs/execute_command_on_remote_nodes_as_user/12.2-1.sql b/src/backend/distributed/sql/udfs/execute_command_on_remote_nodes_as_user/12.2-1.sql deleted file mode 100644 index fc1076e9c0a..00000000000 --- a/src/backend/distributed/sql/udfs/execute_command_on_remote_nodes_as_user/12.2-1.sql +++ /dev/null @@ -1,7 +0,0 @@ -CREATE OR REPLACE FUNCTION citus_internal.execute_command_on_remote_nodes_as_user(query text, username text) - RETURNS VOID - LANGUAGE C -AS 'MODULE_PATHNAME', $$execute_command_on_remote_nodes_as_user$$; - -COMMENT ON FUNCTION citus_internal.execute_command_on_remote_nodes_as_user(query text, username text) - IS 'executes a query on the nodes other than the current one'; diff --git a/src/backend/distributed/sql/udfs/execute_command_on_remote_nodes_as_user/latest.sql b/src/backend/distributed/sql/udfs/execute_command_on_remote_nodes_as_user/latest.sql deleted file mode 100644 index fc1076e9c0a..00000000000 --- a/src/backend/distributed/sql/udfs/execute_command_on_remote_nodes_as_user/latest.sql +++ /dev/null @@ -1,7 +0,0 @@ -CREATE OR REPLACE FUNCTION citus_internal.execute_command_on_remote_nodes_as_user(query text, username text) - RETURNS VOID - LANGUAGE C -AS 'MODULE_PATHNAME', $$execute_command_on_remote_nodes_as_user$$; - -COMMENT ON FUNCTION citus_internal.execute_command_on_remote_nodes_as_user(query text, username text) - IS 'executes a query on the nodes other than the current one'; diff --git a/src/backend/distributed/sql/udfs/mark_object_distributed/12.2-1.sql b/src/backend/distributed/sql/udfs/mark_object_distributed/12.2-1.sql deleted file mode 100644 index 25d35c028a3..00000000000 --- a/src/backend/distributed/sql/udfs/mark_object_distributed/12.2-1.sql +++ /dev/null @@ -1,7 +0,0 @@ -CREATE OR REPLACE FUNCTION citus_internal.mark_object_distributed(classId Oid, objectName text, objectId Oid, connectionUser text) - RETURNS VOID - LANGUAGE C -AS 'MODULE_PATHNAME', $$mark_object_distributed$$; - -COMMENT ON FUNCTION citus_internal.mark_object_distributed(classId Oid, objectName text, objectId Oid, connectionUser text) - IS 'adds an object to pg_dist_object on all nodes'; diff --git a/src/backend/distributed/sql/udfs/mark_object_distributed/latest.sql b/src/backend/distributed/sql/udfs/mark_object_distributed/latest.sql deleted file mode 100644 index 25d35c028a3..00000000000 --- a/src/backend/distributed/sql/udfs/mark_object_distributed/latest.sql +++ /dev/null @@ -1,7 +0,0 @@ -CREATE OR REPLACE FUNCTION citus_internal.mark_object_distributed(classId Oid, objectName text, objectId Oid, connectionUser text) - RETURNS VOID - LANGUAGE C -AS 'MODULE_PATHNAME', $$mark_object_distributed$$; - -COMMENT ON FUNCTION citus_internal.mark_object_distributed(classId Oid, objectName text, objectId Oid, connectionUser text) - IS 'adds an object to pg_dist_object on all nodes'; diff --git a/src/backend/distributed/sql/udfs/start_management_transaction/12.2-1.sql b/src/backend/distributed/sql/udfs/start_management_transaction/12.2-1.sql deleted file mode 100644 index ec1f416d0e6..00000000000 --- a/src/backend/distributed/sql/udfs/start_management_transaction/12.2-1.sql +++ /dev/null @@ -1,7 +0,0 @@ -CREATE OR REPLACE FUNCTION citus_internal.start_management_transaction(outer_xid xid8) - RETURNS VOID - LANGUAGE C -AS 'MODULE_PATHNAME', $$start_management_transaction$$; - -COMMENT ON FUNCTION citus_internal.start_management_transaction(outer_xid xid8) - IS 'internal Citus function that starts a management transaction in the main database'; diff --git a/src/backend/distributed/sql/udfs/start_management_transaction/latest.sql b/src/backend/distributed/sql/udfs/start_management_transaction/latest.sql deleted file mode 100644 index ec1f416d0e6..00000000000 --- a/src/backend/distributed/sql/udfs/start_management_transaction/latest.sql +++ /dev/null @@ -1,7 +0,0 @@ -CREATE OR REPLACE FUNCTION citus_internal.start_management_transaction(outer_xid xid8) - RETURNS VOID - LANGUAGE C -AS 'MODULE_PATHNAME', $$start_management_transaction$$; - -COMMENT ON FUNCTION citus_internal.start_management_transaction(outer_xid xid8) - IS 'internal Citus function that starts a management transaction in the main database'; diff --git a/src/test/regress/citus_tests/test/_test_maintenancedeamon.py b/src/test/regress/citus_tests/test/_test_maintenancedeamon.py deleted file mode 100644 index 3f6cb501ece..00000000000 --- a/src/test/regress/citus_tests/test/_test_maintenancedeamon.py +++ /dev/null @@ -1,74 +0,0 @@ -# This test checks that once citus.main_db is set and the -# server is restarted. A Citus Maintenance Daemon for the main_db -# is launched. This should happen even if there is no query run -# in main_db yet. -import time - - -def wait_until_maintenance_deamons_start(deamoncount, cluster): - i = 0 - n = 0 - - while i < 10: - i += 1 - n = cluster.coordinator.sql_value( - "SELECT count(*) FROM pg_stat_activity WHERE application_name = 'Citus Maintenance Daemon';" - ) - - if n == deamoncount: - break - - time.sleep(0.1) - - assert n == deamoncount - - -def test_set_maindb(cluster_factory): - cluster = cluster_factory(0) - - # Test that once citus.main_db is set to a database name - # there are two maintenance deamons running upon restart. - # One maintenance deamon for the database of the current connection - # and one for the citus.main_db. - cluster.coordinator.create_database("mymaindb") - cluster.coordinator.configure("citus.main_db='mymaindb'") - cluster.coordinator.restart() - - assert cluster.coordinator.sql_value("SHOW citus.main_db;") == "mymaindb" - - wait_until_maintenance_deamons_start(2, cluster) - - assert ( - cluster.coordinator.sql_value( - "SELECT count(*) FROM pg_stat_activity WHERE application_name = 'Citus Maintenance Daemon' AND datname='mymaindb';" - ) - == 1 - ) - - # Test that once citus.main_db is set to empty string - # there is only one maintenance deamon for the database - # of the current connection. - cluster.coordinator.configure("citus.main_db=''") - cluster.coordinator.restart() - assert cluster.coordinator.sql_value("SHOW citus.main_db;") == "" - - wait_until_maintenance_deamons_start(1, cluster) - - # Test that after citus.main_db is dropped. The maintenance - # deamon for this database is terminated. - cluster.coordinator.configure("citus.main_db='mymaindb'") - cluster.coordinator.restart() - assert cluster.coordinator.sql_value("SHOW citus.main_db;") == "mymaindb" - - wait_until_maintenance_deamons_start(2, cluster) - - cluster.coordinator.sql("DROP DATABASE mymaindb;") - - wait_until_maintenance_deamons_start(1, cluster) - - assert ( - cluster.coordinator.sql_value( - "SELECT count(*) FROM pg_stat_activity WHERE application_name = 'Citus Maintenance Daemon' AND datname='mymaindb';" - ) - == 0 - ) diff --git a/src/test/regress/citus_tests/test/_test_other_databases.py b/src/test/regress/citus_tests/test/_test_other_databases.py deleted file mode 100644 index 4943016928f..00000000000 --- a/src/test/regress/citus_tests/test/_test_other_databases.py +++ /dev/null @@ -1,198 +0,0 @@ -def test_main_commited_outer_not_yet(cluster): - c = cluster.coordinator - w0 = cluster.workers[0] - - # create a non-main database - c.sql("CREATE DATABASE db1") - - # we will use cur1 to simulate non-main database user and - # cur2 to manually do the steps we would do in the main database - with c.cur(dbname="db1") as cur1, c.cur() as cur2: - # let's start a transaction and find its transaction id - cur1.execute("BEGIN") - cur1.execute("SELECT txid_current()") - txid = cur1.fetchall() - - # using the transaction id of the cur1 simulate the main database commands manually - cur2.execute("BEGIN") - cur2.execute( - "SELECT citus_internal.start_management_transaction(%s)", (str(txid[0][0]),) - ) - cur2.execute( - "SELECT citus_internal.execute_command_on_remote_nodes_as_user('CREATE USER u1;', 'postgres')" - ) - cur2.execute( - "SELECT citus_internal.mark_object_distributed(1260, 'u1', 123123, 'postgres')" - ) - cur2.execute("COMMIT") - - # run the transaction recovery - c.sql("SELECT recover_prepared_transactions()") - - # user should not be created on the worker because outer transaction is not committed yet - role_before_commit = w0.sql_value( - "SELECT count(*) FROM pg_roles WHERE rolname = 'u1'" - ) - - assert ( - int(role_before_commit) == 0 - ), "role is in pg_dist_object despite not committing" - - # user should not be in pg_dist_object on the coordinator because outer transaction is not committed yet - pdo_coordinator_before_commit = c.sql_value( - "SELECT count(*) FROM pg_dist_object WHERE objid = 123123" - ) - - assert ( - int(pdo_coordinator_before_commit) == 0 - ), "role is in pg_dist_object on coordinator despite not committing" - - # user should not be in pg_dist_object on the worker because outer transaction is not committed yet - pdo_worker_before_commit = w0.sql_value( - "SELECT count(*) FROM pg_dist_object WHERE objid::regrole::text = 'u1'" - ) - - assert ( - int(pdo_worker_before_commit) == 0 - ), "role is in pg_dist_object on worker despite not committing" - - # commit in cur1 so the transaction recovery thinks this is a successful transaction - cur1.execute("COMMIT") - - # run the transaction recovery again after committing - c.sql("SELECT recover_prepared_transactions()") - - # check that the user is created by the transaction recovery on the worker - role_after_commit = w0.sql_value( - "SELECT count(*) FROM pg_roles WHERE rolname = 'u1'" - ) - - assert ( - int(role_after_commit) == 1 - ), "role is not created during recovery despite committing" - - # check that the user is in pg_dist_object on the coordinator after transaction recovery - pdo_coordinator_after_commit = c.sql_value( - "SELECT count(*) FROM pg_dist_object WHERE objid = 123123" - ) - - assert ( - int(pdo_coordinator_after_commit) == 1 - ), "role is not in pg_dist_object on coordinator after recovery despite committing" - - # check that the user is in pg_dist_object on the worker after transaction recovery - pdo_worker_after_commit = w0.sql_value( - "SELECT count(*) FROM pg_dist_object WHERE objid::regrole::text = 'u1'" - ) - - assert ( - int(pdo_worker_after_commit) == 1 - ), "role is not in pg_dist_object on worker after recovery despite committing" - - c.sql("DROP DATABASE db1") - c.sql( - "SELECT citus_internal.execute_command_on_remote_nodes_as_user('DROP USER u1', 'postgres')" - ) - c.sql( - """ - SELECT run_command_on_workers($$ - DELETE FROM pg_dist_object - WHERE objid::regrole::text = 'u1' - $$) - """ - ) - c.sql( - """ - DELETE FROM pg_dist_object - WHERE objid = 123123 - """ - ) - - -def test_main_commited_outer_aborted(cluster): - c = cluster.coordinator - w0 = cluster.workers[0] - - # create a non-main database - c.sql("CREATE DATABASE db2") - - # we will use cur1 to simulate non-main database user and - # cur2 to manually do the steps we would do in the main database - with c.cur(dbname="db2") as cur1, c.cur() as cur2: - # let's start a transaction and find its transaction id - cur1.execute("BEGIN") - cur1.execute("SELECT txid_current()") - txid = cur1.fetchall() - - # using the transaction id of the cur1 simulate the main database commands manually - cur2.execute("BEGIN") - cur2.execute( - "SELECT citus_internal.start_management_transaction(%s)", (str(txid[0][0]),) - ) - cur2.execute( - "SELECT citus_internal.execute_command_on_remote_nodes_as_user('CREATE USER u2;', 'postgres')" - ) - cur2.execute( - "SELECT citus_internal.mark_object_distributed(1260, 'u2', 321321, 'postgres')" - ) - cur2.execute("COMMIT") - - # abort cur1 so the transaction recovery thinks this is an aborted transaction - cur1.execute("ABORT") - - # check that the user is not yet created on the worker - role_before_recovery = w0.sql_value( - "SELECT count(*) FROM pg_roles WHERE rolname = 'u2'" - ) - - assert int(role_before_recovery) == 0, "role is already created before recovery" - - # check that the user is not in pg_dist_object on the coordinator - pdo_coordinator_before_recovery = c.sql_value( - "SELECT count(*) FROM pg_dist_object WHERE objid = 321321" - ) - - assert ( - int(pdo_coordinator_before_recovery) == 0 - ), "role is already in pg_dist_object on coordinator before recovery" - - # check that the user is not in pg_dist_object on the worker - pdo_worker_before_recovery = w0.sql_value( - "SELECT count(*) FROM pg_dist_object WHERE objid::regrole::text = 'u2'" - ) - - assert ( - int(pdo_worker_before_recovery) == 0 - ), "role is already in pg_dist_object on worker before recovery" - - # run the transaction recovery - c.sql("SELECT recover_prepared_transactions()") - - # check that the user is not created by the transaction recovery on the worker - role_after_recovery = w0.sql_value( - "SELECT count(*) FROM pg_roles WHERE rolname = 'u2'" - ) - - assert ( - int(role_after_recovery) == 0 - ), "role is created during recovery despite aborting" - - # check that the user is not in pg_dist_object on the coordinator after transaction recovery - pdo_coordinator_after_recovery = c.sql_value( - "SELECT count(*) FROM pg_dist_object WHERE objid = 321321" - ) - - assert ( - int(pdo_coordinator_after_recovery) == 0 - ), "role is in pg_dist_object on coordinator after recovery despite aborting" - - # check that the user is not in pg_dist_object on the worker after transaction recovery - pdo_worker_after_recovery = w0.sql_value( - "SELECT count(*) FROM pg_dist_object WHERE objid::regrole::text = 'u2'" - ) - - assert ( - int(pdo_worker_after_recovery) == 0 - ), "role is in pg_dist_object on worker after recovery despite aborting" - - c.sql("DROP DATABASE db2") diff --git a/src/test/regress/non_maindb_schedule b/src/test/regress/non_maindb_schedule deleted file mode 100644 index 7e226c0f6ea..00000000000 --- a/src/test/regress/non_maindb_schedule +++ /dev/null @@ -1,4 +0,0 @@ -test: failure_non_main_db_2pc -test: metadata_sync_from_non_maindb -test: grant_on_database_propagation_from_non_maindb -test: other_databases grant_role_from_non_maindb role_operations_from_non_maindb seclabel_non_maindb diff --git a/src/test/regress/sql/failure_non_main_db_2pc.sql b/src/test/regress/sql/failure_non_main_db_2pc.sql deleted file mode 100644 index 74061ae3488..00000000000 --- a/src/test/regress/sql/failure_non_main_db_2pc.sql +++ /dev/null @@ -1,75 +0,0 @@ -SELECT citus.mitmproxy('conn.allow()'); - -CREATE SCHEMA failure_non_main_db_2pc; -SET SEARCH_PATH TO 'failure_non_main_db_2pc'; - -CREATE DATABASE other_db1; - -SELECT citus.mitmproxy('conn.onQuery(query="COMMIT PREPARED").kill()'); - -\c other_db1 - -CREATE USER user_1; - -\c regression - -SELECT citus.mitmproxy('conn.allow()'); - -SELECT nodeid, result FROM run_command_on_all_nodes($$SELECT rolname FROM pg_roles WHERE rolname::TEXT = 'user_1'$$) ORDER BY 1; - -SELECT recover_prepared_transactions(); - -SELECT nodeid, result FROM run_command_on_all_nodes($$SELECT rolname FROM pg_roles WHERE rolname::TEXT = 'user_1'$$) ORDER BY 1; - - -SELECT citus.mitmproxy('conn.onQuery(query="CREATE USER user_2").kill()'); - -\c other_db1 - -CREATE USER user_2; - -\c regression - -SELECT citus.mitmproxy('conn.allow()'); - -SELECT nodeid, result FROM run_command_on_all_nodes($$SELECT rolname FROM pg_roles WHERE rolname::TEXT = 'user_2'$$) ORDER BY 1; - -SELECT recover_prepared_transactions(); - -SELECT nodeid, result FROM run_command_on_all_nodes($$SELECT rolname FROM pg_roles WHERE rolname::TEXT = 'user_2'$$) ORDER BY 1; - -DROP DATABASE other_db1; --- user_2 should not exist because the query to create it will fail --- but let's make sure we try to drop it just in case -DROP USER IF EXISTS user_1, user_2; - -SELECT citus_set_coordinator_host('localhost'); - -\c - - - :worker_1_port - -CREATE DATABASE other_db2; - -SELECT citus.mitmproxy('conn.onQuery(query="COMMIT PREPARED").kill()'); - -\c other_db2 - -CREATE USER user_3; - -\c regression - -SELECT citus.mitmproxy('conn.allow()'); - -SELECT result FROM run_command_on_all_nodes($$SELECT rolname FROM pg_roles WHERE rolname::TEXT = 'user_3'$$) ORDER BY 1; - -SELECT recover_prepared_transactions(); - -SELECT result FROM run_command_on_all_nodes($$SELECT rolname FROM pg_roles WHERE rolname::TEXT = 'user_3'$$) ORDER BY 1; - -DROP DATABASE other_db2; -DROP USER user_3; - -\c - - - :master_port - -SELECT result FROM run_command_on_all_nodes($$DELETE FROM pg_dist_node WHERE groupid = 0$$); - -DROP SCHEMA failure_non_main_db_2pc; diff --git a/src/test/regress/sql/grant_on_database_propagation_from_non_maindb.sql b/src/test/regress/sql/grant_on_database_propagation_from_non_maindb.sql deleted file mode 100644 index f83472b3655..00000000000 --- a/src/test/regress/sql/grant_on_database_propagation_from_non_maindb.sql +++ /dev/null @@ -1,246 +0,0 @@ --- Public role has connect,temp,temporary privileges on database --- To test these scenarios, we need to revoke these privileges from public role --- since public role privileges are inherited by new roles/users -set citus.enable_create_database_propagation to on; -create database test_2pc_db; -show citus.main_db; -revoke connect,temp,temporary on database test_2pc_db from public; - -CREATE SCHEMA grant_on_database_propagation_non_maindb; -SET search_path TO grant_on_database_propagation_non_maindb; - --- test grant/revoke CREATE privilege propagation on database -create user "myuser'_test"; - -\c test_2pc_db - - :master_port -grant create on database test_2pc_db to "myuser'_test"; - -\c regression - - :master_port; -select check_database_privileges('myuser''_test','test_2pc_db',ARRAY['CREATE']); - -\c test_2pc_db - - :master_port -revoke create on database test_2pc_db from "myuser'_test"; - -\c regression - - :master_port; -select check_database_privileges('myuser''_test','test_2pc_db',ARRAY['CREATE']); - -drop user "myuser'_test"; ------------------------------------------------------------------------ - --- test grant/revoke CONNECT privilege propagation on database -\c regression - - :master_port -create user myuser2; - -\c test_2pc_db - - :master_port -grant CONNECT on database test_2pc_db to myuser2; - -\c regression - - :master_port; -select check_database_privileges('myuser2','test_2pc_db',ARRAY['CONNECT']); - -\c test_2pc_db - - :master_port -revoke connect on database test_2pc_db from myuser2; - -\c regression - - :master_port -select check_database_privileges('myuser2','test_2pc_db',ARRAY['CONNECT']); - -drop user myuser2; - ------------------------------------------------------------------------ - --- test grant/revoke TEMP privilege propagation on database -\c regression - - :master_port -create user myuser3; - --- test grant/revoke temp on database -\c test_2pc_db - - :master_port -grant TEMP on database test_2pc_db to myuser3; - -\c regression - - :master_port; -select check_database_privileges('myuser3','test_2pc_db',ARRAY['TEMP']); - - -\c test_2pc_db - - :worker_1_port -revoke TEMP on database test_2pc_db from myuser3; - -\c regression - - :master_port; -select check_database_privileges('myuser3','test_2pc_db',ARRAY['TEMP']); - -drop user myuser3; - ------------------------------------------------------------------------ - -\c regression - - :master_port --- test temporary privilege on database -create user myuser4; - --- test grant/revoke temporary on database -\c test_2pc_db - - :worker_1_port -grant TEMPORARY on database test_2pc_db to myuser4; - -\c regression - - :master_port -select check_database_privileges('myuser4','test_2pc_db',ARRAY['TEMPORARY']); - -\c test_2pc_db - - :master_port -revoke TEMPORARY on database test_2pc_db from myuser4; - -\c regression - - :master_port; -select check_database_privileges('myuser4','test_2pc_db',ARRAY['TEMPORARY']); - -drop user myuser4; ------------------------------------------------------------------------ - --- test ALL privileges with ALL statement on database -create user myuser5; - -grant ALL on database test_2pc_db to myuser5; - -\c regression - - :master_port -select check_database_privileges('myuser5','test_2pc_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); - - -\c test_2pc_db - - :master_port -revoke ALL on database test_2pc_db from myuser5; - -\c regression - - :master_port -select check_database_privileges('myuser5','test_2pc_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); - -drop user myuser5; ------------------------------------------------------------------------ - --- test CREATE,CONNECT,TEMP,TEMPORARY privileges one by one on database -create user myuser6; - -\c test_2pc_db - - :master_port -grant CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db to myuser6; - -\c regression - - :master_port -select check_database_privileges('myuser6','test_2pc_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); - -\c test_2pc_db - - :master_port -revoke CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db from myuser6; - -\c regression - - :master_port -select check_database_privileges('myuser6','test_2pc_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); - - -drop user myuser6; ------------------------------------------------------------------------ - --- test CREATE,CONNECT,TEMP,TEMPORARY privileges one by one on database with grant option -create user myuser7; -create user myuser_1; - -\c test_2pc_db - - :master_port -grant CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db to myuser7; - -set role myuser7; ---here since myuser7 does not have grant option, it should fail -grant CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db to myuser_1; - -\c regression - - :master_port -select check_database_privileges('myuser_1','test_2pc_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); - -\c test_2pc_db - - :master_port - -RESET ROLE; - -grant CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db to myuser7 with grant option; -set role myuser7; - ---here since myuser have grant option, it should succeed -grant CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db to myuser_1 granted by myuser7; - -\c regression - - :master_port -select check_database_privileges('myuser_1','test_2pc_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); - -\c test_2pc_db - - :master_port - -RESET ROLE; - ---below test should fail and should throw an error since myuser_1 still have the dependent privileges -revoke CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db from myuser7 restrict; ---below test should fail and should throw an error since myuser_1 still have the dependent privileges -revoke grant option for CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db from myuser7 restrict ; - ---below test should succeed and should not throw any error since myuser_1 privileges are revoked with cascade -revoke grant option for CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db from myuser7 cascade ; - ---here we test if myuser7 still have the privileges after revoke grant option for - -\c regression - - :master_port -select check_database_privileges('myuser7','test_2pc_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); - - -\c test_2pc_db - - :master_port - -reset role; - -revoke CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db from myuser7; -revoke CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db from myuser_1; - -\c regression - - :master_port -drop user myuser_1; -drop user myuser7; - ------------------------------------------------------------------------ - --- test CREATE,CONNECT,TEMP,TEMPORARY privileges one by one on database multi database --- and multi user -\c regression - - :master_port -create user myuser8; -create user myuser_2; - -set citus.enable_create_database_propagation to on; -create database test_db; - -revoke connect,temp,temporary on database test_db from public; - -\c test_2pc_db - - :master_port -grant CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db,test_db to myuser8,myuser_2; - -\c regression - - :master_port -select check_database_privileges('myuser8','test_2pc_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); -select check_database_privileges('myuser8','test_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); -select check_database_privileges('myuser_2','test_2pc_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); -select check_database_privileges('myuser_2','test_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); - - -\c test_2pc_db - - :master_port - -RESET ROLE; -revoke CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db,test_db from myuser8 ; - ---below test should succeed and should not throw any error -revoke CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db,test_db from myuser_2; - ---below test should succeed and should not throw any error -revoke CREATE,CONNECT,TEMP,TEMPORARY on database test_2pc_db,test_db from myuser8 cascade; - -\c regression - - :master_port -select check_database_privileges('myuser8','test_2pc_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); -select check_database_privileges('myuser8','test_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); -select check_database_privileges('myuser_2','test_2pc_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); -select check_database_privileges('myuser_2','test_db',ARRAY['CREATE', 'CONNECT', 'TEMP', 'TEMPORARY']); - - -\c test_2pc_db - - :master_port - -reset role; - -\c regression - - :master_port -drop user myuser_2; -drop user myuser8; - -set citus.enable_create_database_propagation to on; -drop database test_db; - ---------------------------------------------------------------------------- --- rollbacks public role database privileges to original state -grant connect,temp,temporary on database test_2pc_db to public; -drop database test_2pc_db; -set citus.enable_create_database_propagation to off; -DROP SCHEMA grant_on_database_propagation_non_maindb CASCADE; - -reset citus.enable_create_database_propagation; -reset search_path; ---------------------------------------------------------------------------- diff --git a/src/test/regress/sql/grant_role_from_non_maindb.sql b/src/test/regress/sql/grant_role_from_non_maindb.sql deleted file mode 100644 index b74b5092d20..00000000000 --- a/src/test/regress/sql/grant_role_from_non_maindb.sql +++ /dev/null @@ -1,147 +0,0 @@ -CREATE SCHEMA grant_role2pc; -SET search_path TO grant_role2pc; -set citus.enable_create_database_propagation to on; - -CREATE DATABASE grant_role2pc_db; - -\c grant_role2pc_db -SHOW citus.main_db; - -SET citus.superuser TO 'postgres'; -CREATE USER grant_role2pc_user1; -CREATE USER grant_role2pc_user2; -CREATE USER grant_role2pc_user3; -CREATE USER grant_role2pc_user4; -CREATE USER grant_role2pc_user5; -CREATE USER grant_role2pc_user6; -CREATE USER grant_role2pc_user7; - -\c grant_role2pc_db - ---test with empty superuser -SET citus.superuser TO ''; -grant grant_role2pc_user1 to grant_role2pc_user2; - -SET citus.superuser TO 'postgres'; -grant grant_role2pc_user1 to grant_role2pc_user2 with admin option granted by CURRENT_USER; - -\c regression - -select result FROM run_command_on_all_nodes( - $$ - SELECT array_to_json(array_agg(row_to_json(t))) - FROM ( - SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option - FROM pg_auth_members - WHERE member::regrole::text = 'grant_role2pc_user2' - order by member::regrole::text, roleid::regrole::text - ) t - $$ -); - -\c grant_role2pc_db ---test grant under transactional context with multiple operations -BEGIN; -grant grant_role2pc_user1,grant_role2pc_user2 to grant_role2pc_user3 WITH ADMIN OPTION; -grant grant_role2pc_user1 to grant_role2pc_user4 granted by grant_role2pc_user3 ; -COMMIT; - -BEGIN; -grant grant_role2pc_user1 to grant_role2pc_user5 WITH ADMIN OPTION granted by grant_role2pc_user3; -grant grant_role2pc_user1 to grant_role2pc_user6; -ROLLBACK; - - - -BEGIN; -grant grant_role2pc_user1 to grant_role2pc_user7; -SELECT 1/0; -commit; - - -\c regression - -select result FROM run_command_on_all_nodes($$ -SELECT array_to_json(array_agg(row_to_json(t))) -FROM ( - SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option - FROM pg_auth_members - WHERE member::regrole::text in - ('grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') - order by member::regrole::text, roleid::regrole::text -) t -$$); - - -\c grant_role2pc_db - -grant grant_role2pc_user1,grant_role2pc_user2 to grant_role2pc_user5,grant_role2pc_user6,grant_role2pc_user7 granted by grant_role2pc_user3; - -\c regression - -select result FROM run_command_on_all_nodes($$ -SELECT array_to_json(array_agg(row_to_json(t))) -FROM ( - SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option - FROM pg_auth_members - WHERE member::regrole::text in - ('grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') - order by member::regrole::text, roleid::regrole::text -) t -$$); - -\c grant_role2pc_db -revoke admin option for grant_role2pc_user1 from grant_role2pc_user5 granted by grant_role2pc_user3; - ---test revoke under transactional context with multiple operations -BEGIN; -revoke grant_role2pc_user1 from grant_role2pc_user5 granted by grant_role2pc_user3 ; -revoke grant_role2pc_user1 from grant_role2pc_user4 granted by grant_role2pc_user3; -COMMIT; -\c grant_role2pc_db - - :worker_1_port -BEGIN; -revoke grant_role2pc_user1 from grant_role2pc_user6,grant_role2pc_user7 granted by grant_role2pc_user3; -revoke grant_role2pc_user1 from grant_role2pc_user3 cascade; -COMMIT; - -\c regression - -select result FROM run_command_on_all_nodes($$ -SELECT array_to_json(array_agg(row_to_json(t))) -FROM ( - SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option - FROM pg_auth_members - WHERE member::regrole::text in - ('grant_role2pc_user2','grant_role2pc_user3','grant_role2pc_user4','grant_role2pc_user5','grant_role2pc_user6','grant_role2pc_user7') - order by member::regrole::text, roleid::regrole::text -) t -$$); - -\c grant_role2pc_db - - :worker_1_port -BEGIN; -grant grant_role2pc_user1 to grant_role2pc_user5 WITH ADMIN OPTION; -grant grant_role2pc_user1 to grant_role2pc_user6; -COMMIT; - -\c regression - - :master_port - -select result FROM run_command_on_all_nodes($$ -SELECT array_to_json(array_agg(row_to_json(t))) -FROM ( - SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option - FROM pg_auth_members - WHERE member::regrole::text in - ('grant_role2pc_user5','grant_role2pc_user6') - order by member::regrole::text, roleid::regrole::text -) t -$$); - -revoke grant_role2pc_user1 from grant_role2pc_user5,grant_role2pc_user6; - ---clean resources -DROP SCHEMA grant_role2pc; -set citus.enable_create_database_propagation to on; -DROP DATABASE grant_role2pc_db; -drop user grant_role2pc_user2,grant_role2pc_user3,grant_role2pc_user4,grant_role2pc_user5,grant_role2pc_user6,grant_role2pc_user7; -drop user grant_role2pc_user1; -reset citus.enable_create_database_propagation; diff --git a/src/test/regress/sql/metadata_sync_from_non_maindb.sql b/src/test/regress/sql/metadata_sync_from_non_maindb.sql deleted file mode 100644 index 62760c6cc41..00000000000 --- a/src/test/regress/sql/metadata_sync_from_non_maindb.sql +++ /dev/null @@ -1,188 +0,0 @@ -CREATE SCHEMA metadata_sync_2pc_schema; -SET search_path TO metadata_sync_2pc_schema; -set citus.enable_create_database_propagation to on; -CREATE DATABASE metadata_sync_2pc_db; - -revoke connect,temp,temporary on database metadata_sync_2pc_db from public; - -\c metadata_sync_2pc_db -SHOW citus.main_db; - -CREATE USER "grant_role2pc'_user1"; -CREATE USER "grant_role2pc'_user2"; -CREATE USER "grant_role2pc'_user3"; -CREATE USER grant_role2pc_user4; -CREATE USER grant_role2pc_user5; - -\c regression -select 1 from citus_remove_node('localhost', :worker_2_port); - -\c metadata_sync_2pc_db -grant "grant_role2pc'_user1","grant_role2pc'_user2" to "grant_role2pc'_user3" WITH ADMIN OPTION; --- This section was originally testing a scenario where a user with the 'admin option' grants the same role to another user, also with the 'admin option'. --- However, we encountered inconsistent errors because the 'admin option' grant is executed after the grant below. --- Once we establish the correct order of granting, we will reintroduce the 'granted by' clause. --- For now, we are commenting out the grant below that includes 'granted by', and instead, we are adding a grant without the 'granted by' clause. --- grant "grant_role2pc'_user1","grant_role2pc'_user2" to grant_role2pc_user4,grant_role2pc_user5 granted by "grant_role2pc'_user3"; -grant "grant_role2pc'_user1","grant_role2pc'_user2" to grant_role2pc_user4,grant_role2pc_user5; - ---test for grant on database -\c metadata_sync_2pc_db - - :master_port -grant create on database metadata_sync_2pc_db to "grant_role2pc'_user1"; -grant connect on database metadata_sync_2pc_db to "grant_role2pc'_user2"; -grant ALL on database metadata_sync_2pc_db to "grant_role2pc'_user3"; - -\c regression -select check_database_privileges('grant_role2pc''_user1','metadata_sync_2pc_db',ARRAY['CREATE']); -select check_database_privileges('grant_role2pc''_user2','metadata_sync_2pc_db',ARRAY['CONNECT']); -select check_database_privileges('grant_role2pc''_user3','metadata_sync_2pc_db',ARRAY['CREATE','CONNECT','TEMP','TEMPORARY']); - --- test for security label on role -\c metadata_sync_2pc_db - - :master_port -SECURITY LABEL FOR "citus '!tests_label_provider" ON ROLE grant_role2pc_user4 IS 'citus_unclassified'; -SECURITY LABEL FOR "citus '!tests_label_provider" ON ROLE "grant_role2pc'_user1" IS 'citus_classified'; - -\c regression -SELECT node_type, result FROM get_citus_tests_label_provider_labels('grant_role2pc_user4') ORDER BY node_type; -SELECT node_type, result FROM get_citus_tests_label_provider_labels($$"grant_role2pc''_user1"$$) ORDER BY node_type; - -set citus.enable_create_database_propagation to on; -select 1 from citus_add_node('localhost', :worker_2_port); - -select result FROM run_command_on_all_nodes($$ -SELECT array_to_json(array_agg(row_to_json(t))) -FROM ( - SELECT member::regrole, roleid::regrole as role, grantor::regrole, admin_option - FROM pg_auth_members - WHERE member::regrole::text in - ('"grant_role2pc''_user2"','"grant_role2pc''_user3"','grant_role2pc_user4','grant_role2pc_user5') - order by member::regrole::text -) t -$$); - -select check_database_privileges('grant_role2pc''_user1','metadata_sync_2pc_db',ARRAY['CREATE']); -select check_database_privileges('grant_role2pc''_user2','metadata_sync_2pc_db',ARRAY['CONNECT']); -select check_database_privileges('grant_role2pc''_user3','metadata_sync_2pc_db',ARRAY['CREATE','CONNECT','TEMP','TEMPORARY']); - -SELECT node_type, result FROM get_citus_tests_label_provider_labels('grant_role2pc_user4') ORDER BY node_type; -SELECT node_type, result FROM get_citus_tests_label_provider_labels($$"grant_role2pc''_user1"$$) ORDER BY node_type; - -\c metadata_sync_2pc_db -revoke "grant_role2pc'_user1","grant_role2pc'_user2" from grant_role2pc_user4,grant_role2pc_user5 ; - -revoke admin option for "grant_role2pc'_user1","grant_role2pc'_user2" from "grant_role2pc'_user3"; - -revoke "grant_role2pc'_user1","grant_role2pc'_user2" from "grant_role2pc'_user3"; -revoke ALL on database metadata_sync_2pc_db from "grant_role2pc'_user3"; -revoke CONNECT on database metadata_sync_2pc_db from "grant_role2pc'_user2"; -revoke CREATE on database metadata_sync_2pc_db from "grant_role2pc'_user1"; - -\c regression - -drop user "grant_role2pc'_user1","grant_role2pc'_user2","grant_role2pc'_user3",grant_role2pc_user4,grant_role2pc_user5; ---test for user operations - ---test for create user -\c regression - - :master_port -select 1 from citus_remove_node('localhost', :worker_2_port); - -\c metadata_sync_2pc_db - - :master_port -CREATE ROLE test_role1 WITH LOGIN PASSWORD 'password1'; - -\c metadata_sync_2pc_db - - :worker_1_port -CREATE USER "test_role2-needs\!escape" -WITH - SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN REPLICATION BYPASSRLS CONNECTION -LIMIT 10 VALID UNTIL '2023-01-01' IN ROLE test_role1; - -create role test_role3; - -\c regression - - :master_port -select 1 from citus_add_node('localhost', :worker_2_port); - -select result FROM run_command_on_all_nodes($$ - SELECT array_to_json(array_agg(row_to_json(t))) - FROM ( - SELECT rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb, - rolcanlogin, rolreplication, rolbypassrls, rolconnlimit, - (rolpassword != '') as pass_not_empty, DATE(rolvaliduntil) - FROM pg_authid - WHERE rolname in ('test_role1', 'test_role2-needs\!escape','test_role3') - ORDER BY rolname - ) t -$$); - ---test for alter user -select 1 from citus_remove_node('localhost', :worker_2_port); -\c metadata_sync_2pc_db - - :master_port --- Test ALTER ROLE with various options -ALTER ROLE test_role1 WITH PASSWORD 'new_password1'; - -\c metadata_sync_2pc_db - - :worker_1_port -ALTER USER "test_role2-needs\!escape" -WITH - NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOLOGIN NOREPLICATION NOBYPASSRLS CONNECTION -LIMIT 5 VALID UNTIL '2024-01-01'; - -\c regression - - :master_port -select 1 from citus_add_node('localhost', :worker_2_port); - -select result FROM run_command_on_all_nodes($$ - SELECT array_to_json(array_agg(row_to_json(t))) - FROM ( - SELECT rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb, - rolcanlogin, rolreplication, rolbypassrls, rolconnlimit, - (rolpassword != '') as pass_not_empty, DATE(rolvaliduntil) - FROM pg_authid - WHERE rolname in ('test_role1', 'test_role2-needs\!escape','test_role3') - ORDER BY rolname - ) t -$$); - ---test for drop user -select 1 from citus_remove_node('localhost', :worker_2_port); - -\c metadata_sync_2pc_db - - :worker_1_port -DROP ROLE test_role1, "test_role2-needs\!escape"; - -\c metadata_sync_2pc_db - - :master_port -DROP ROLE test_role3; - -\c regression - - :master_port -select 1 from citus_add_node('localhost', :worker_2_port); - -select result FROM run_command_on_all_nodes($$ - SELECT array_to_json(array_agg(row_to_json(t))) - FROM ( - SELECT rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb, - rolcanlogin, rolreplication, rolbypassrls, rolconnlimit, - (rolpassword != '') as pass_not_empty, DATE(rolvaliduntil) - FROM pg_authid - WHERE rolname in ('test_role1', 'test_role2-needs\!escape','test_role3') - ORDER BY rolname - ) t -$$); - --- Clean up: drop the database on worker node 2 -\c regression - - :worker_2_port -DROP ROLE if exists test_role1, "test_role2-needs\!escape", test_role3; - -\c regression - - :master_port - -select result FROM run_command_on_all_nodes($$ - SELECT array_to_json(array_agg(row_to_json(t))) - FROM ( - SELECT rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb, - rolcanlogin, rolreplication, rolbypassrls, rolconnlimit, - (rolpassword != '') as pass_not_empty, DATE(rolvaliduntil) - FROM pg_authid - WHERE rolname in ('test_role1', 'test_role2-needs\!escape','test_role3') - ORDER BY rolname - ) t -$$); - -set citus.enable_create_database_propagation to on; -drop database metadata_sync_2pc_db; -drop schema metadata_sync_2pc_schema; -reset citus.enable_create_database_propagation; -reset search_path; diff --git a/src/test/regress/sql/other_databases.sql b/src/test/regress/sql/other_databases.sql deleted file mode 100644 index aa936e50753..00000000000 --- a/src/test/regress/sql/other_databases.sql +++ /dev/null @@ -1,182 +0,0 @@ -CREATE SCHEMA other_databases; -SET search_path TO other_databases; - -SET citus.next_shard_id TO 10231023; - -CREATE DATABASE other_db1; - -\c other_db1 -SHOW citus.main_db; - --- check that empty citus.superuser gives error -SET citus.superuser TO ''; -CREATE USER empty_superuser; -SET citus.superuser TO 'postgres'; - -CREATE USER other_db_user1; -CREATE USER other_db_user2; - -BEGIN; -CREATE USER other_db_user3; -CREATE USER other_db_user4; -COMMIT; - -BEGIN; -CREATE USER other_db_user5; -CREATE USER other_db_user6; -ROLLBACK; - -BEGIN; -CREATE USER other_db_user7; -SELECT 1/0; -COMMIT; - -CREATE USER other_db_user8; - -\c regression -SELECT usename FROM pg_user WHERE usename LIKE 'other\_db\_user%' ORDER BY 1; - -\c - - - :worker_1_port -SELECT usename FROM pg_user WHERE usename LIKE 'other\_db\_user%' ORDER BY 1; - -\c - - - :master_port --- some user creation commands will fail but let's make sure we try to drop them just in case -DROP USER IF EXISTS other_db_user1, other_db_user2, other_db_user3, other_db_user4, other_db_user5, other_db_user6, other_db_user7, other_db_user8; - --- Make sure non-superuser roles cannot use internal GUCs --- but they can still create a role -CREATE USER nonsuperuser CREATEROLE; -GRANT ALL ON SCHEMA citus_internal TO nonsuperuser; -SET ROLE nonsuperuser; -SELECT citus_internal.execute_command_on_remote_nodes_as_user($$SELECT 'dangerous query'$$, 'postgres'); - -\c other_db1 -SET citus.local_hostname TO '127.0.0.1'; -SET ROLE nonsuperuser; - --- Make sure that we don't try to access pg_dist_node. --- Otherwise, we would get the following error: --- ERROR: cache lookup failed for pg_dist_node, called too early? -CREATE USER other_db_user9; - -RESET ROLE; -RESET citus.local_hostname; -RESET ROLE; -\c regression -SELECT usename FROM pg_user WHERE usename LIKE 'other\_db\_user%' ORDER BY 1; - -\c - - - :worker_1_port -SELECT usename FROM pg_user WHERE usename LIKE 'other\_db\_user%' ORDER BY 1; - -\c - - - :master_port -REVOKE ALL ON SCHEMA citus_internal FROM nonsuperuser; -DROP USER other_db_user9, nonsuperuser; - --- test from a worker -\c - - - :worker_1_port - -CREATE DATABASE worker_other_db; - -\c worker_other_db - -CREATE USER worker_user1; - -BEGIN; -CREATE USER worker_user2; -COMMIT; - -BEGIN; -CREATE USER worker_user3; -ROLLBACK; - -\c regression -SELECT usename FROM pg_user WHERE usename LIKE 'worker\_user%' ORDER BY 1; - -\c - - - :master_port -SELECT usename FROM pg_user WHERE usename LIKE 'worker\_user%' ORDER BY 1; - --- some user creation commands will fail but let's make sure we try to drop them just in case -DROP USER IF EXISTS worker_user1, worker_user2, worker_user3; - --- test creating and dropping a database from a Citus non-main database -SELECT result FROM run_command_on_all_nodes($$ALTER SYSTEM SET citus.enable_create_database_propagation TO true$$); -SELECT result FROM run_command_on_all_nodes($$SELECT pg_reload_conf()$$); -SELECT pg_sleep(0.1); -\c other_db1 -CREATE DATABASE other_db3; - -\c regression -SELECT * FROM public.check_database_on_all_nodes('other_db3') ORDER BY node_type; - -\c other_db1 -DROP DATABASE other_db3; - -\c regression -SELECT * FROM public.check_database_on_all_nodes('other_db3') ORDER BY node_type; - -\c worker_other_db - - :worker_1_port -CREATE DATABASE other_db4; - -\c regression -SELECT * FROM public.check_database_on_all_nodes('other_db4') ORDER BY node_type; - -\c worker_other_db -DROP DATABASE other_db4; - -\c regression -SELECT * FROM public.check_database_on_all_nodes('other_db4') ORDER BY node_type; - -DROP DATABASE worker_other_db; - -CREATE DATABASE other_db5; - --- disable create database propagation for the next test -SELECT result FROM run_command_on_all_nodes($$ALTER SYSTEM SET citus.enable_create_database_propagation TO false$$); -SELECT result FROM run_command_on_all_nodes($$SELECT pg_reload_conf()$$); -SELECT pg_sleep(0.1); - -\c other_db5 - - :worker_2_port - --- locally create a database -CREATE DATABASE local_db; - -\c regression - - - - --- re-enable create database propagation -SELECT result FROM run_command_on_all_nodes($$ALTER SYSTEM SET citus.enable_create_database_propagation TO true$$); -SELECT result FROM run_command_on_all_nodes($$SELECT pg_reload_conf()$$); -SELECT pg_sleep(0.1); - -\c other_db5 - - :master_port - --- Test a scenario where create database fails because the database --- already exists on another node and we don't crash etc. -CREATE DATABASE local_db; - -\c regression - - - - -SELECT * FROM public.check_database_on_all_nodes('local_db') ORDER BY node_type, result; - -\c - - - :worker_2_port - --- locally drop the database for cleanup purposes -SELECT result FROM run_command_on_all_nodes($$ALTER SYSTEM SET citus.enable_create_database_propagation TO false$$); -SELECT result FROM run_command_on_all_nodes($$SELECT pg_reload_conf()$$); -SELECT pg_sleep(0.1); - -DROP DATABASE local_db; - -SELECT result FROM run_command_on_all_nodes($$ALTER SYSTEM SET citus.enable_create_database_propagation TO true$$); -SELECT result FROM run_command_on_all_nodes($$SELECT pg_reload_conf()$$); -SELECT pg_sleep(0.1); - -\c - - - :master_port - -DROP DATABASE other_db5; - -SELECT result FROM run_command_on_all_nodes($$ALTER SYSTEM SET citus.enable_create_database_propagation TO false$$); -SELECT result FROM run_command_on_all_nodes($$SELECT pg_reload_conf()$$); -SELECT pg_sleep(0.1); - -DROP SCHEMA other_databases; -DROP DATABASE other_db1; diff --git a/src/test/regress/sql/role_operations_from_non_maindb.sql b/src/test/regress/sql/role_operations_from_non_maindb.sql deleted file mode 100644 index 5f569208b29..00000000000 --- a/src/test/regress/sql/role_operations_from_non_maindb.sql +++ /dev/null @@ -1,106 +0,0 @@ --- Create a new database -set citus.enable_create_database_propagation to on; -CREATE DATABASE role_operations_test_db; -SET citus.superuser TO 'postgres'; --- Connect to the new database -\c role_operations_test_db --- Test CREATE ROLE with various options -CREATE ROLE test_role1 WITH LOGIN PASSWORD 'password1'; - -\c role_operations_test_db - - :worker_1_port -CREATE USER "test_role2-needs\!escape" -WITH - SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN REPLICATION BYPASSRLS CONNECTION -LIMIT 10 VALID UNTIL '2023-01-01' IN ROLE test_role1; - -\c regression - - :master_port - -select result FROM run_command_on_all_nodes($$ - SELECT array_to_json(array_agg(row_to_json(t))) - FROM ( - SELECT rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb, - rolcanlogin, rolreplication, rolbypassrls, rolconnlimit, - (rolpassword != '') as pass_not_empty, DATE(rolvaliduntil) - FROM pg_authid - WHERE rolname in ('test_role1', 'test_role2-needs\!escape') - ORDER BY rolname - ) t -$$); - -select result FROM run_command_on_all_nodes($$ - SELECT array_to_json(array_agg(row_to_json(t))) - FROM ( - SELECT r.rolname - FROM pg_dist_object d - JOIN pg_roles r ON d.objid = r.oid - WHERE r.rolname IN ('test_role1', 'test_role2-needs\!escape') - order by r.rolname - ) t -$$); - -\c role_operations_test_db - - :master_port --- Test ALTER ROLE with various options -ALTER ROLE test_role1 WITH PASSWORD 'new_password1'; - -\c role_operations_test_db - - :worker_1_port -ALTER USER "test_role2-needs\!escape" -WITH - NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOLOGIN NOREPLICATION NOBYPASSRLS CONNECTION -LIMIT 5 VALID UNTIL '2024-01-01'; - -\c regression - - :master_port -select result FROM run_command_on_all_nodes($$ - SELECT array_to_json(array_agg(row_to_json(t))) - FROM ( - SELECT rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb, - rolcanlogin, rolreplication, rolbypassrls, rolconnlimit, - (rolpassword != '') as pass_not_empty, DATE(rolvaliduntil) - FROM pg_authid - WHERE rolname in ('test_role1', 'test_role2-needs\!escape') - ORDER BY rolname - ) t -$$); - -\c role_operations_test_db - - :master_port --- Test DROP ROLE -DROP ROLE no_such_role; -- fails nicely -DROP ROLE IF EXISTS no_such_role; -- doesn't fail - -CREATE ROLE new_role; -DROP ROLE IF EXISTS no_such_role, new_role; -- doesn't fail -DROP ROLE IF EXISTS test_role1, "test_role2-needs\!escape"; - -\c regression - - :master_port ---verify that roles and dist_object are dropped -select result FROM run_command_on_all_nodes($$ - SELECT array_to_json(array_agg(row_to_json(t))) - FROM ( - SELECT rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb, - rolcanlogin, rolreplication, rolbypassrls, rolconnlimit, - (rolpassword != '') as pass_not_empty, DATE(rolvaliduntil) - FROM pg_authid - WHERE rolname in ('test_role1', 'test_role2-needs\!escape','new_role','no_such_role') - ORDER BY rolname - ) t -$$); - -select result FROM run_command_on_all_nodes($$ - SELECT array_to_json(array_agg(row_to_json(t))) - FROM ( - SELECT r.rolname - FROM pg_roles r - WHERE r.rolname IN ('test_role1', 'test_role2-needs\!escape','new_role','no_such_role') - order by r.rolname - ) t -$$); - -SELECT result FROM run_command_on_all_nodes($$ - SELECT count(*) leaked_pg_dist_object_records_for_roles - FROM pg_dist_object LEFT JOIN pg_authid ON (objid = oid) - WHERE classid = 1260 AND oid IS NULL -$$); - --- Clean up: drop the database -set citus.enable_create_database_propagation to on; -DROP DATABASE role_operations_test_db; -reset citus.enable_create_database_propagation; diff --git a/src/test/regress/sql/seclabel_non_maindb.sql b/src/test/regress/sql/seclabel_non_maindb.sql deleted file mode 100644 index 1833d419363..00000000000 --- a/src/test/regress/sql/seclabel_non_maindb.sql +++ /dev/null @@ -1,71 +0,0 @@ --- SECLABEL --- --- Test suite for running SECURITY LABEL ON ROLE statements from non-main databases - -SET citus.enable_create_database_propagation to ON; - -CREATE DATABASE database1; -CREATE DATABASE database2; - -\c - - - :worker_1_port -SET citus.enable_create_database_propagation to ON; -CREATE DATABASE database_w1; - - -\c - - - :master_port -CREATE ROLE user1; -\c database1 -SHOW citus.main_db; -SHOW citus.superuser; - -CREATE ROLE "user 2"; - --- Set a SECURITY LABEL on a role from a non-main database -SECURITY LABEL FOR "citus '!tests_label_provider" ON ROLE user1 IS 'citus_classified'; -SECURITY LABEL FOR "citus '!tests_label_provider" ON ROLE "user 2" IS 'citus_unclassified'; - --- Check the result -\c regression -SELECT node_type, result FROM get_citus_tests_label_provider_labels('user1') ORDER BY node_type; -SELECT node_type, result FROM get_citus_tests_label_provider_labels('"user 2"') ORDER BY node_type; - -\c database1 --- Set a SECURITY LABEL on database, it should not be propagated -SECURITY LABEL FOR "citus '!tests_label_provider" ON DATABASE database1 IS 'citus_classified'; - --- Set a SECURITY LABEL on a table, it should not be propagated -CREATE TABLE a (i int); -SECURITY LABEL ON TABLE a IS 'citus_classified'; - -\c regression -SELECT node_type, result FROM get_citus_tests_label_provider_labels('database1') ORDER BY node_type; - --- Check that only the SECURITY LABEL for ROLES is propagated to the non-main databases on other nodes -\c database_w1 - - :worker_1_port -SELECT provider, objtype, label, objname FROM pg_seclabels ORDER BY objname; - - --- Check the result after a transaction -BEGIN; -SECURITY LABEL FOR "citus '!tests_label_provider" ON ROLE user1 IS 'citus_unclassified'; -SECURITY LABEL FOR "citus '!tests_label_provider" ON DATABASE database_w1 IS 'citus_classified'; -COMMIT; - -\c regression -SELECT node_type, result FROM get_citus_tests_label_provider_labels('database_w1') ORDER BY node_type; -SELECT node_type, result FROM get_citus_tests_label_provider_labels('user1') ORDER BY node_type; - -BEGIN; -SECURITY LABEL FOR "citus '!tests_label_provider" ON ROLE "user 2" IS 'citus_classified'; -ROLLBACK; - -SELECT node_type, result FROM get_citus_tests_label_provider_labels('"user 2"') ORDER BY node_type; - --- clean up -SET citus.enable_create_database_propagation to ON; -DROP DATABASE database1; -DROP DATABASE database2; -DROP DATABASE database_w1; -DROP ROLE user1; -DROP ROLE "user 2"; -RESET citus.enable_create_database_propagation;