Skip to content

Commit a15a92c

Browse files
robertmurobertmu
committed
fix: apply owner mapping consistently to all privilege statements
1 parent 7b86a6b commit a15a92c

File tree

1 file changed

+15
-14
lines changed

1 file changed

+15
-14
lines changed

meta/builtin/predata_acl.go

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -321,14 +321,14 @@ func (obj ObjectMetadata) GetPrivilegesStatements(objectName string, objectType
321321
if len(obj.Privileges) != 0 {
322322
statements = append(statements, fmt.Sprintf("REVOKE ALL %sON %s%s FROM PUBLIC;", columnStr, typeStr, objectName))
323323
if obj.Owner != "" {
324-
statements = append(statements, fmt.Sprintf("REVOKE ALL %sON %s%s FROM %s;", columnStr, typeStr, objectName, obj.Owner))
324+
statements = append(statements, fmt.Sprintf("REVOKE ALL %sON %s%s FROM %s;", columnStr, typeStr, objectName, getMappedRole(obj.Owner)))
325325
}
326326
for _, acl := range obj.Privileges {
327327
grantee := ""
328328
if acl.Grantee == "" {
329329
grantee = "PUBLIC"
330330
} else {
331-
grantee = acl.Grantee
331+
grantee = getMappedRole(acl.Grantee)
332332
}
333333
privStr, privWithGrantStr := createPrivilegeStrings(acl, objectType)
334334
if privStr != "" {
@@ -494,15 +494,7 @@ func (obj ObjectMetadata) GetOwnerStatement(objectName string, objectType string
494494
}
495495
ownerStr := ""
496496
if obj.Owner != "" {
497-
newOwner := obj.Owner
498-
if len(ownerMap) > 0 {
499-
o, ok := ownerMap[obj.Owner]
500-
if ok {
501-
newOwner = o
502-
}
503-
}
504-
505-
ownerStr = fmt.Sprintf("ALTER %s %s OWNER TO %s;", typeStr, objectName, newOwner)
497+
ownerStr = fmt.Sprintf("ALTER %s %s OWNER TO %s;", typeStr, objectName, getMappedRole(obj.Owner))
506498
}
507499
return ownerStr
508500
}
@@ -534,7 +526,7 @@ func PrintDefaultPrivilegesStatements(metadataFile *utils.FileWithByteCount, toc
534526
statements := make([]string, 0)
535527
roleStr := ""
536528
if priv.Owner != "" {
537-
roleStr = fmt.Sprintf(" FOR ROLE %s", priv.Owner)
529+
roleStr = fmt.Sprintf(" FOR ROLE %s", getMappedRole(priv.Owner))
538530
}
539531
schemaStr := ""
540532
if priv.Schema != "" {
@@ -555,14 +547,14 @@ func PrintDefaultPrivilegesStatements(metadataFile *utils.FileWithByteCount, toc
555547
alterPrefix := fmt.Sprintf("ALTER DEFAULT PRIVILEGES%s%s", roleStr, schemaStr)
556548
statements = append(statements, fmt.Sprintf("%s REVOKE ALL ON %sS FROM PUBLIC;", alterPrefix, objectType))
557549
if priv.Owner != "" {
558-
statements = append(statements, fmt.Sprintf("%s REVOKE ALL ON %sS FROM %s;", alterPrefix, objectType, priv.Owner))
550+
statements = append(statements, fmt.Sprintf("%s REVOKE ALL ON %sS FROM %s;", alterPrefix, objectType, getMappedRole(priv.Owner)))
559551
}
560552
for _, acl := range priv.Privileges {
561553
grantee := ""
562554
if acl.Grantee == "" {
563555
grantee = "PUBLIC"
564556
} else {
565-
grantee = acl.Grantee
557+
grantee = getMappedRole(acl.Grantee)
566558
}
567559
privStr, privWithGrantStr := createPrivilegeStrings(acl, objectType)
568560
if privStr != "" {
@@ -616,3 +608,12 @@ func ConstructDefaultPrivileges(results []DefaultPrivilegesQueryStruct) []Defaul
616608

617609
return defaultPrivileges
618610
}
611+
612+
func getMappedRole(role string) string {
613+
if len(ownerMap) > 0 {
614+
if o, ok := ownerMap[role]; ok {
615+
return o
616+
}
617+
}
618+
return role
619+
}

0 commit comments

Comments
 (0)