Skip to content

Commit c5c7faa

Browse files
craig[bot]bghaljeffswenson
committed
151790: sql: introduce INSPECT privilege r=bghal a=bghal The planned `INSPECT` command demands an associated privilege. This change adds the privilege at the table and database level. Fixes: #148925 Epic: CRDB-30356 Release note: None. 152118: logical: shard logical test package r=jeffswenson a=jeffswenson We are seeing occasional package timeouts on CI. On my mac, sharding the package cuts the runtime from 110s to 44s which should eliminate the risk of bumping into the 5 minute timeouts on CI. Fixes: #151634 Fixes: #151170 Fixes: #151571 Fixes: #151468 Fixes: #151623 Fixes: #150903 Fixes: #150116 Release note: none Co-authored-by: Brendan Gerrity <[email protected]> Co-authored-by: Jeff Swenson <[email protected]>
3 parents 431cd74 + f45c0b8 + 5bbb11e commit c5c7faa

File tree

12 files changed

+55
-14
lines changed

12 files changed

+55
-14
lines changed

pkg/crosscluster/logical/BUILD.bazel

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -143,6 +143,7 @@ go_test(
143143
],
144144
embed = [":logical"],
145145
exec_properties = {"test.Pool": "large"},
146+
shard_count = 5,
146147
deps = [
147148
"//pkg/base",
148149
"//pkg/ccl",

pkg/sql/catalog/catpb/privilege_test.go

Lines changed: 10 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,7 @@ func TestPrivilege(t *testing.T) {
8787
{Kind: privilege.CREATE},
8888
{Kind: privilege.DELETE},
8989
{Kind: privilege.DROP},
90+
{Kind: privilege.INSPECT},
9091
{Kind: privilege.REPLICATIONDEST},
9192
{Kind: privilege.REPLICATIONSOURCE},
9293
{Kind: privilege.TRIGGER},
@@ -127,23 +128,21 @@ func TestPrivilege(t *testing.T) {
127128
},
128129
privilege.Type,
129130
},
130-
// Ensure revoking BACKUP, CHANGEFEED, CREATE, DROP, SELECT, INSERT, DELETE, UPDATE, ZONECONFIG
131-
// from a user with ALL privilege on a table leaves the user with no privileges.
131+
// Ensure revoking table privileges from a user with ALL
132+
// privilege on a table leaves the user with no privileges.
132133
{testUser,
133134
privilege.List{privilege.ALL},
134-
privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.CREATE, privilege.DROP, privilege.SELECT, privilege.INSERT,
135-
privilege.DELETE, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
135+
privilege.TablePrivileges,
136136
[]catpb.UserPrivilege{
137137
{User: username.AdminRoleName(), Privileges: []privilege.Privilege{{Kind: privilege.ALL, GrantOption: true}}},
138138
},
139139
privilege.Table,
140140
},
141-
// Ensure revoking BACKUP, CONNECT, CREATE, DROP, SELECT, INSERT, DELETE, UPDATE, ZONECONFIG, RESTORE, CHANGEFEED
142-
// from a user with ALL privilege on a database leaves the user with no privileges.
141+
// Ensure revoking database privileges from a user with ALL privilege on
142+
// a database leaves the user with no privileges.
143143
{testUser,
144144
privilege.List{privilege.ALL},
145-
privilege.List{privilege.BACKUP, privilege.CONNECT, privilege.CREATE, privilege.DROP, privilege.SELECT,
146-
privilege.INSERT, privilege.DELETE, privilege.UPDATE, privilege.ZONECONFIG, privilege.RESTORE, privilege.CHANGEFEED},
145+
privilege.DBPrivileges,
147146
[]catpb.UserPrivilege{
148147
{User: username.AdminRoleName(), Privileges: []privilege.Privilege{{Kind: privilege.ALL, GrantOption: true}}},
149148
},
@@ -617,7 +616,7 @@ func TestRevokeWithGrantOption(t *testing.T) {
617616
true,
618617
privilege.List{privilege.CREATE},
619618
privilege.List{privilege.ALL},
620-
privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.DROP, privilege.SELECT, privilege.INSERT, privilege.DELETE, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
619+
privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.DELETE, privilege.DROP, privilege.INSERT, privilege.INSPECT, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.SELECT, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
621620
false},
622621
{catpb.NewPrivilegeDescriptor(testUser, privilege.List{privilege.ALL}, privilege.List{privilege.ALL}, username.AdminRoleName()),
623622
testUser, privilege.Table,
@@ -651,8 +650,8 @@ func TestRevokeWithGrantOption(t *testing.T) {
651650
testUser, privilege.Table,
652651
false,
653652
privilege.List{privilege.CREATE},
654-
privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.DROP, privilege.SELECT, privilege.INSERT, privilege.DELETE, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
655-
privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.DROP, privilege.SELECT, privilege.INSERT, privilege.DELETE, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
653+
privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.DELETE, privilege.DROP, privilege.INSERT, privilege.INSPECT, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.SELECT, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
654+
privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.DELETE, privilege.DROP, privilege.INSERT, privilege.INSPECT, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.SELECT, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
656655
false},
657656
{catpb.NewPrivilegeDescriptor(testUser, privilege.List{privilege.SELECT, privilege.INSERT}, privilege.List{privilege.INSERT}, username.AdminRoleName()),
658657
testUser, privilege.Table,

pkg/sql/logictest/testdata/logic_test/alter_default_privileges_for_table

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -266,6 +266,7 @@ d public t8 testuser CREATE false
266266
d public t8 testuser DELETE false
267267
d public t8 testuser DROP false
268268
d public t8 testuser INSERT false
269+
d public t8 testuser INSPECT false
269270
d public t8 testuser REPLICATIONDEST false
270271
d public t8 testuser REPLICATIONSOURCE false
271272
d public t8 testuser TRIGGER false
@@ -277,6 +278,7 @@ d public t8 testuser2 CREATE false
277278
d public t8 testuser2 DELETE false
278279
d public t8 testuser2 DROP false
279280
d public t8 testuser2 INSERT false
281+
d public t8 testuser2 INSPECT false
280282
d public t8 testuser2 REPLICATIONDEST false
281283
d public t8 testuser2 REPLICATIONSOURCE false
282284
d public t8 testuser2 TRIGGER false

pkg/sql/logictest/testdata/logic_test/crdb_internal_default_privileges

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -554,6 +554,7 @@ test NULL root false tables bar ZONE
554554
test NULL root false tables bar TRIGGER false
555555
test NULL root false tables bar REPLICATIONDEST false
556556
test NULL root false tables bar REPLICATIONSOURCE false
557+
test NULL root false tables bar INSPECT false
557558
test NULL root false tables foo BACKUP false
558559
test NULL root false tables foo CHANGEFEED false
559560
test NULL root false tables foo CREATE false
@@ -565,6 +566,7 @@ test NULL root false tables foo ZONE
565566
test NULL root false tables foo TRIGGER false
566567
test NULL root false tables foo REPLICATIONDEST false
567568
test NULL root false tables foo REPLICATIONSOURCE false
569+
test NULL root false tables foo INSPECT false
568570
test NULL root false tables root ALL true
569571
test NULL root false sequences root ALL true
570572
test NULL root false types root ALL true

pkg/sql/logictest/testdata/logic_test/grant_database

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,13 +61,15 @@ a readwrite BACKUP true
6161
a readwrite CHANGEFEED true
6262
a readwrite CREATE true
6363
a readwrite DROP true
64+
a readwrite INSPECT true
6465
a readwrite RESTORE true
6566
a readwrite ZONECONFIG true
6667
a root ALL true
6768
a test-user BACKUP true
6869
a test-user CHANGEFEED true
6970
a test-user CREATE true
7071
a test-user DROP true
72+
a test-user INSPECT true
7173
a test-user RESTORE true
7274
a test-user ZONECONFIG true
7375

@@ -79,12 +81,14 @@ a readwrite BACKUP true
7981
a readwrite CHANGEFEED true
8082
a readwrite CREATE true
8183
a readwrite DROP true
84+
a readwrite INSPECT true
8285
a readwrite RESTORE true
8386
a readwrite ZONECONFIG true
8487
a test-user BACKUP true
8588
a test-user CHANGEFEED true
8689
a test-user CREATE true
8790
a test-user DROP true
91+
a test-user INSPECT true
8892
a test-user RESTORE true
8993
a test-user ZONECONFIG true
9094

@@ -100,12 +104,14 @@ a readwrite BACKUP true
100104
a readwrite CHANGEFEED true
101105
a readwrite CREATE true
102106
a readwrite DROP true
107+
a readwrite INSPECT true
103108
a readwrite RESTORE true
104109
a readwrite ZONECONFIG true
105110
a root ALL true
106111
a test-user BACKUP true
107112
a test-user CHANGEFEED true
108113
a test-user DROP true
114+
a test-user INSPECT true
109115
a test-user RESTORE true
110116
a test-user ZONECONFIG true
111117

@@ -120,6 +126,7 @@ a readwrite BACKUP true
120126
a readwrite CHANGEFEED true
121127
a readwrite CREATE true
122128
a readwrite DROP true
129+
a readwrite INSPECT true
123130
a readwrite RESTORE true
124131
a readwrite ZONECONFIG true
125132

pkg/sql/logictest/testdata/logic_test/grant_on_all_tables_in_schema

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,7 @@ test s t table testuser CREATE
7474
test s t table testuser DELETE false
7575
test s t table testuser DROP false
7676
test s t table testuser INSERT false
77+
test s t table testuser INSPECT false
7778
test s t table testuser REPLICATIONDEST false
7879
test s t table testuser REPLICATIONSOURCE false
7980
test s t table testuser TRIGGER false
@@ -85,6 +86,7 @@ test s t table testuser2 CREATE
8586
test s t table testuser2 DELETE false
8687
test s t table testuser2 DROP false
8788
test s t table testuser2 INSERT false
89+
test s t table testuser2 INSPECT false
8890
test s t table testuser2 REPLICATIONDEST false
8991
test s t table testuser2 REPLICATIONSOURCE false
9092
test s t table testuser2 TRIGGER false
@@ -96,6 +98,7 @@ test s2 t table testuser CREATE
9698
test s2 t table testuser DELETE false
9799
test s2 t table testuser DROP false
98100
test s2 t table testuser INSERT false
101+
test s2 t table testuser INSPECT false
99102
test s2 t table testuser REPLICATIONDEST false
100103
test s2 t table testuser REPLICATIONSOURCE false
101104
test s2 t table testuser TRIGGER false
@@ -107,6 +110,7 @@ test s2 t table testuser2 CREATE
107110
test s2 t table testuser2 DELETE false
108111
test s2 t table testuser2 DROP false
109112
test s2 t table testuser2 INSERT false
113+
test s2 t table testuser2 INSPECT false
110114
test s2 t table testuser2 REPLICATIONDEST false
111115
test s2 t table testuser2 REPLICATIONSOURCE false
112116
test s2 t table testuser2 TRIGGER false

pkg/sql/logictest/testdata/logic_test/grant_revoke_with_grant_option

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -307,6 +307,7 @@ test public t table testuser CHANGEFEED
307307
test public t table testuser CREATE true
308308
test public t table testuser DROP true
309309
test public t table testuser INSERT true
310+
test public t table testuser INSPECT true
310311
test public t table testuser REPLICATIONDEST true
311312
test public t table testuser REPLICATIONSOURCE true
312313
test public t table testuser SELECT true

0 commit comments

Comments
 (0)