catalog: index most of pg_authid

pgbouncer by default queries `pg_authid` to authenticate users. This
query is slow because it reads from unindexed sources and computes an
expensive dataflow. Ideally we would fix this by indexing it, but that's
not possible because two columns are computed using unmaterializable
functions. So instead we introduce a new `pg_authid_core` view that
excludes these columns and can be indexed. `pg_authid` is then defined
on top of this view.

Author: teskje

doc/user/content/sql/system-catalog/mz_internal.md

@@ -1374,10 +1374,10 @@ The `mz_webhook_sources` table contains a row for each webhook source in the sys
 <!-- RELATION_SPEC_UNDOCUMENTED mz_internal.mz_objects_id_namespace_types -->
 <!-- RELATION_SPEC_UNDOCUMENTED mz_internal.mz_console_cluster_utilization_overview -->
 
-
-<!-- RELATION_SPEC_UNDOCUMENTED mz_internal.pg_class_all_databases -->
-<!-- RELATION_SPEC_UNDOCUMENTED mz_internal.pg_type_all_databases -->
-<!-- RELATION_SPEC_UNDOCUMENTED mz_internal.pg_namespace_all_databases -->
-<!-- RELATION_SPEC_UNDOCUMENTED mz_internal.pg_description_all_databases -->
 <!-- RELATION_SPEC_UNDOCUMENTED mz_internal.pg_attrdef_all_databases -->
 <!-- RELATION_SPEC_UNDOCUMENTED mz_internal.pg_attribute_all_databases -->
+<!-- RELATION_SPEC_UNDOCUMENTED mz_internal.pg_authid_core -->
+<!-- RELATION_SPEC_UNDOCUMENTED mz_internal.pg_class_all_databases -->
+<!-- RELATION_SPEC_UNDOCUMENTED mz_internal.pg_description_all_databases -->
+<!-- RELATION_SPEC_UNDOCUMENTED mz_internal.pg_namespace_all_databases -->
+<!-- RELATION_SPEC_UNDOCUMENTED mz_internal.pg_type_all_databases -->

src/catalog/src/builtin.rs

@@ -10564,17 +10564,17 @@ WHERE false",
     access: vec![PUBLIC_SELECT],
 });
 
-pub static PG_AUTHID: LazyLock<BuiltinView> = LazyLock::new(|| BuiltinView {
-    name: "pg_authid",
-    schema: PG_CATALOG_SCHEMA,
-    oid: oid::VIEW_PG_AUTHID_OID,
+/// Peeled version of `PG_AUTHID`: Excludes the columns rolcreaterole and rolcreatedb, to make this
+/// view indexable.
+pub static PG_AUTHID_CORE: LazyLock<BuiltinView> = LazyLock::new(|| BuiltinView {
+    name: "pg_authid_core",
+    schema: MZ_INTERNAL_SCHEMA,
+    oid: oid::VIEW_PG_AUTHID_CORE_OID,
     desc: RelationDesc::builder()
         .with_column("oid", SqlScalarType::Oid.nullable(false))
         .with_column("rolname", SqlScalarType::String.nullable(false))
         .with_column("rolsuper", SqlScalarType::Bool.nullable(true))
         .with_column("rolinherit", SqlScalarType::Bool.nullable(false))
-        .with_column("rolcreaterole", SqlScalarType::Bool.nullable(true))
-        .with_column("rolcreatedb", SqlScalarType::Bool.nullable(true))
         .with_column("rolcanlogin", SqlScalarType::Bool.nullable(false))
         .with_column("rolreplication", SqlScalarType::Bool.nullable(false))
         .with_column("rolbypassrls", SqlScalarType::Bool.nullable(false))
@@ -10592,8 +10592,6 @@ SELECT
     r.name AS rolname,
     rolsuper,
     inherit AS rolinherit,
-    mz_catalog.has_system_privilege(r.oid, 'CREATEROLE') AS rolcreaterole,
-    mz_catalog.has_system_privilege(r.oid, 'CREATEDB') AS rolcreatedb,
     COALESCE(r.rolcanlogin, false) AS rolcanlogin,
     -- MZ doesn't support replication in the same way Postgres does
     false AS rolreplication,
@@ -10608,6 +10606,64 @@ LEFT JOIN mz_catalog.mz_role_auth a ON r.oid = a.role_oid"#,
     access: vec![rbac::owner_privilege(ObjectType::Table, MZ_SYSTEM_ROLE_ID)],
 });
 
+pub const PG_AUTHID_CORE_IND: BuiltinIndex = BuiltinIndex {
+    name: "pg_authid_core_ind",
+    schema: MZ_INTERNAL_SCHEMA,
+    oid: oid::INDEX_PG_AUTHID_CORE_IND_OID,
+    sql: "IN CLUSTER mz_catalog_server
+ON mz_internal.pg_authid_core (rolname)",
+    is_retained_metrics_object: false,
+};
+
+pub static PG_AUTHID: LazyLock<BuiltinView> = LazyLock::new(|| BuiltinView {
+    name: "pg_authid",
+    schema: PG_CATALOG_SCHEMA,
+    oid: oid::VIEW_PG_AUTHID_OID,
+    desc: RelationDesc::builder()
+        .with_column("oid", SqlScalarType::Oid.nullable(false))
+        .with_column("rolname", SqlScalarType::String.nullable(false))
+        .with_column("rolsuper", SqlScalarType::Bool.nullable(true))
+        .with_column("rolinherit", SqlScalarType::Bool.nullable(false))
+        .with_column("rolcreaterole", SqlScalarType::Bool.nullable(true))
+        .with_column("rolcreatedb", SqlScalarType::Bool.nullable(true))
+        .with_column("rolcanlogin", SqlScalarType::Bool.nullable(false))
+        .with_column("rolreplication", SqlScalarType::Bool.nullable(false))
+        .with_column("rolbypassrls", SqlScalarType::Bool.nullable(false))
+        .with_column("rolconnlimit", SqlScalarType::Int32.nullable(false))
+        .with_column("rolpassword", SqlScalarType::String.nullable(true))
+        .with_column(
+            "rolvaliduntil",
+            SqlScalarType::TimestampTz { precision: None }.nullable(true),
+        )
+        .finish(),
+    column_comments: BTreeMap::new(),
+    sql: r#"
+WITH extra AS (
+    SELECT
+        DISTINCT ON (oid)
+        oid,
+        mz_catalog.has_system_privilege(oid, 'CREATEROLE') AS rolcreaterole,
+        mz_catalog.has_system_privilege(oid, 'CREATEDB') AS rolcreatedb
+    FROM mz_internal.pg_authid_core
+)
+SELECT
+    oid,
+    rolname,
+    rolsuper,
+    rolinherit,
+    extra.rolcreaterole,
+    extra.rolcreatedb,
+    rolcanlogin,
+    rolreplication,
+    rolbypassrls,
+    rolconnlimit,
+    rolpassword,
+    rolvaliduntil
+FROM mz_internal.pg_authid_core
+LEFT JOIN extra USING (oid)"#,
+    access: vec![rbac::owner_privilege(ObjectType::Table, MZ_SYSTEM_ROLE_ID)],
+});
+
 pub static PG_AGGREGATE: LazyLock<BuiltinView> = LazyLock::new(|| BuiltinView {
     name: "pg_aggregate",
     schema: PG_CATALOG_SCHEMA,
@@ -13967,6 +14023,8 @@ pub static BUILTINS_STATIC: LazyLock<Vec<Builtin<NameReference>>> = LazyLock::ne
         Builtin::View(&PG_TABLESPACE),
         Builtin::View(&PG_ACCESS_METHODS),
         Builtin::View(&PG_LOCKS),
+        Builtin::View(&PG_AUTHID_CORE),
+        Builtin::Index(&PG_AUTHID_CORE_IND),
         Builtin::View(&PG_AUTHID),
         Builtin::View(&PG_ROLES),
         Builtin::View(&PG_USER),

src/environmentd/tests/testdata/http/ws

@@ -783,3 +783,5 @@ pub const TABLE_MZ_ROLE_AUTH_OID: u32 = 17059;
 pub const TABLE_MZ_ICEBERG_SINKS_OID: u32 = 17060;
 pub const VIEW_MZ_OBJECT_GLOBAL_IDS_OID: u32 = 17061;
 pub const TABLE_MZ_REPLACEMENTS_OID: u32 = 17062;
+pub const VIEW_PG_AUTHID_CORE_OID: u32 = 17063;
+pub const INDEX_PG_AUTHID_CORE_IND_OID: u32 = 17064;

src/pgrepr-consts/src/oid.rs

@@ -825,6 +825,7 @@ mz_wallclock_lag_history
 mz_webhook_sources
 pg_attrdef_all_databases
 pg_attribute_all_databases
+pg_authid_core
 pg_class_all_databases
 pg_description_all_databases
 pg_namespace_all_databases

test/sqllogictest/autogenerated/mz_internal.slt

@@ -417,15 +417,15 @@ CREATE CLUSTER test REPLICAS (foo (SIZE 'scale=1,workers=1'));
 query I
 SELECT COUNT(name) FROM mz_indexes;
 ----
-295
+296
 
 statement ok
 DROP CLUSTER test CASCADE
 
 query T
 SELECT COUNT(name) FROM mz_indexes;
 ----
-263
+264
 
 simple conn=mz_system,user=mz_system
 ALTER CLUSTER quickstart OWNER TO materialize

test/sqllogictest/cluster.slt

@@ -769,6 +769,10 @@ pg_attribute_all_databases
 VIEW
 materialize
 mz_internal
+pg_authid_core
+VIEW
+materialize
+mz_internal
 pg_class_all_databases
 VIEW
 materialize