catalog: index most of pg_authid

pgbouncer by default queries `pg_authid` to authenticate users. This
query is slow because it reads from unindexed sources and computes an
expensive dataflow. Ideally we would fix this by indexing it, but that's
not possible because two columns are computed using unmaterializable
functions. So instead we introduce a new `pg_authid_core` view that
excludes these columns and can be indexed. `pg_authid` is then defined
on top of this view.

Author: teskje

src/catalog/src/builtin.rs

@@ -10564,17 +10564,17 @@ WHERE false",
     access: vec![PUBLIC_SELECT],
 });
 
-pub static PG_AUTHID: LazyLock<BuiltinView> = LazyLock::new(|| BuiltinView {
-    name: "pg_authid",
-    schema: PG_CATALOG_SCHEMA,
-    oid: oid::VIEW_PG_AUTHID_OID,
+/// Peeled version of `PG_AUTHID`: Excludes the columns rolcreaterole and rolcreatedb, to make this
+/// view indexable.
+pub static PG_AUTHID_CORE: LazyLock<BuiltinView> = LazyLock::new(|| BuiltinView {
+    name: "pg_authid_core",
+    schema: MZ_INTERNAL_SCHEMA,
+    oid: oid::VIEW_PG_AUTHID_CORE_OID,
     desc: RelationDesc::builder()
         .with_column("oid", SqlScalarType::Oid.nullable(false))
         .with_column("rolname", SqlScalarType::String.nullable(false))
         .with_column("rolsuper", SqlScalarType::Bool.nullable(true))
         .with_column("rolinherit", SqlScalarType::Bool.nullable(false))
-        .with_column("rolcreaterole", SqlScalarType::Bool.nullable(true))
-        .with_column("rolcreatedb", SqlScalarType::Bool.nullable(true))
         .with_column("rolcanlogin", SqlScalarType::Bool.nullable(false))
         .with_column("rolreplication", SqlScalarType::Bool.nullable(false))
         .with_column("rolbypassrls", SqlScalarType::Bool.nullable(false))
@@ -10592,8 +10592,6 @@ SELECT
     r.name AS rolname,
     rolsuper,
     inherit AS rolinherit,
-    mz_catalog.has_system_privilege(r.oid, 'CREATEROLE') AS rolcreaterole,
-    mz_catalog.has_system_privilege(r.oid, 'CREATEDB') AS rolcreatedb,
     COALESCE(r.rolcanlogin, false) AS rolcanlogin,
     -- MZ doesn't support replication in the same way Postgres does
     false AS rolreplication,
@@ -10608,6 +10606,55 @@ LEFT JOIN mz_catalog.mz_role_auth a ON r.oid = a.role_oid"#,
     access: vec![rbac::owner_privilege(ObjectType::Table, MZ_SYSTEM_ROLE_ID)],
 });
 
+pub const PG_AUTHID_CORE_IND: BuiltinIndex = BuiltinIndex {
+    name: "pg_authid_core_ind",
+    schema: MZ_INTERNAL_SCHEMA,
+    oid: oid::INDEX_PG_AUTHID_CORE_IND_OID,
+    sql: "IN CLUSTER mz_catalog_server
+ON mz_internal.pg_authid_core (rolname)",
+    is_retained_metrics_object: false,
+};
+
+pub static PG_AUTHID: LazyLock<BuiltinView> = LazyLock::new(|| BuiltinView {
+    name: "pg_authid",
+    schema: PG_CATALOG_SCHEMA,
+    oid: oid::VIEW_PG_AUTHID_OID,
+    desc: RelationDesc::builder()
+        .with_column("oid", SqlScalarType::Oid.nullable(false))
+        .with_column("rolname", SqlScalarType::String.nullable(false))
+        .with_column("rolsuper", SqlScalarType::Bool.nullable(true))
+        .with_column("rolinherit", SqlScalarType::Bool.nullable(false))
+        .with_column("rolcreaterole", SqlScalarType::Bool.nullable(true))
+        .with_column("rolcreatedb", SqlScalarType::Bool.nullable(true))
+        .with_column("rolcanlogin", SqlScalarType::Bool.nullable(false))
+        .with_column("rolreplication", SqlScalarType::Bool.nullable(false))
+        .with_column("rolbypassrls", SqlScalarType::Bool.nullable(false))
+        .with_column("rolconnlimit", SqlScalarType::Int32.nullable(false))
+        .with_column("rolpassword", SqlScalarType::String.nullable(true))
+        .with_column(
+            "rolvaliduntil",
+            SqlScalarType::TimestampTz { precision: None }.nullable(true),
+        )
+        .finish(),
+    column_comments: BTreeMap::new(),
+    sql: r#"
+SELECT
+    oid,
+    rolname,
+    rolsuper,
+    rolinherit,
+    mz_catalog.has_system_privilege(oid, 'CREATEROLE') AS rolcreaterole,
+    mz_catalog.has_system_privilege(oid, 'CREATEDB') AS rolcreatedb,
+    rolcanlogin,
+    rolreplication,
+    rolbypassrls,
+    rolconnlimit,
+    rolpassword,
+    rolvaliduntil
+FROM mz_internal.pg_authid_core"#,
+    access: vec![rbac::owner_privilege(ObjectType::Table, MZ_SYSTEM_ROLE_ID)],
+});
+
 pub static PG_AGGREGATE: LazyLock<BuiltinView> = LazyLock::new(|| BuiltinView {
     name: "pg_aggregate",
     schema: PG_CATALOG_SCHEMA,
@@ -13967,6 +14014,8 @@ pub static BUILTINS_STATIC: LazyLock<Vec<Builtin<NameReference>>> = LazyLock::ne
         Builtin::View(&PG_TABLESPACE),
         Builtin::View(&PG_ACCESS_METHODS),
         Builtin::View(&PG_LOCKS),
+        Builtin::View(&PG_AUTHID_CORE),
+        Builtin::Index(&PG_AUTHID_CORE_IND),
         Builtin::View(&PG_AUTHID),
         Builtin::View(&PG_ROLES),
         Builtin::View(&PG_USER),

src/pgrepr-consts/src/oid.rs

@@ -783,3 +783,5 @@ pub const TABLE_MZ_ROLE_AUTH_OID: u32 = 17059;
 pub const TABLE_MZ_ICEBERG_SINKS_OID: u32 = 17060;
 pub const VIEW_MZ_OBJECT_GLOBAL_IDS_OID: u32 = 17061;
 pub const TABLE_MZ_REPLACEMENTS_OID: u32 = 17062;
+pub const VIEW_PG_AUTHID_CORE_OID: u32 = 17063;
+pub const INDEX_PG_AUTHID_CORE_IND_OID: u32 = 17064;