sql: remove enable_row_level_security feature gate

Row-level security (RLS) was initially introduced behind a feature gate
in v25.1 to enable incremental development. With the feature nearing
completion—pending only #141998—this commit removes the
enable_row_level_security feature gate. This change makes RLS generally
available without requiring the feature to be explicitly enabled.

Informs: #137122
Epic: CRDB-11724

Release note: None

Author: spilchen

pkg/ccl/changefeedccl/changefeed_test.go

@@ -393,7 +393,6 @@ func TestRLSBlocking(t *testing.T) {
 	testFn := func(t *testing.T, s TestServer, f cdctest.TestFeedFactory) {
 		sqlDB := sqlutils.MakeSQLRunner(s.DB)
 		sqlDB.Exec(t, `CREATE TABLE rls (a INT PRIMARY KEY, b STRING)`)
-		sqlDB.Exec(t, `SET enable_row_level_security = on`)
 		sqlDB.Exec(t, `INSERT INTO rls VALUES (0, 'initial')`)
 		sqlDB.Exec(t, `INSERT INTO rls VALUES (1, 'second')`)
 

pkg/ccl/logictestccl/testdata/logic_test/partitioning

@@ -413,9 +413,6 @@ ok1  CREATE TABLE public.ok1 (
 
 subtest partition_with_rls
 
-statement ok
-set enable_row_level_security=on;
-
 statement ok
 ALTER TABLE ok1 ENABLE ROW LEVEL SECURITY;
 
@@ -446,9 +443,6 @@ DROP POLICY test_policy ON ok1;
 statement ok
 ALTER TABLE ok1 DISABLE ROW LEVEL SECURITY;
 
-statement ok
-set enable_row_level_security=off;
-
 subtest end
 
 query T

pkg/cmd/roachtest/testdata/pg_regress/equivclass.diffs

@@ -658,7 +658,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/equivclass.out --
  explain (costs off)
    select * from ec1,
      (select ff + 1 as x from
-@@ -362,92 +525,110 @@
+@@ -362,92 +525,108 @@
       union all
       select ff + 4 as x from ec1) as ss1
    where ss1.x = ec1.f1 and ec1.ff = 42::int8;
@@ -714,9 +714,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/equivclass.out --
  alter table ec1 enable row level security;
 +ERROR:  relation "ec1" does not exist
  create policy p1 on ec1 using (f1 < '5'::int8alias1);
-+ERROR:  unimplemented: row-level security is not yet implemented
-+HINT:  You have attempted to use a feature that is not yet implemented.
-+See: https://go.crdb.dev/issue-v/73596/_version_
++ERROR:  relation "ec1" does not exist
  create user regress_user_ectest;
  grant select on ec0 to regress_user_ectest;
  grant select on ec1 to regress_user_ectest;

pkg/cmd/roachtest/testdata/pg_regress/event_trigger.diffs

@@ -914,7 +914,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/event_trigger.out
  CREATE TABLE event_trigger_test (a integer, b text);
  CREATE OR REPLACE FUNCTION start_command()
  RETURNS event_trigger AS $$
-@@ -563,37 +780,58 @@
+@@ -563,37 +780,46 @@
  RAISE NOTICE '% - ddl_command_start', tg_tag;
  END;
  $$ LANGUAGE plpgsql;
@@ -957,32 +957,20 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/event_trigger.out
  CREATE POLICY p1 ON event_trigger_test USING (FALSE);
 -NOTICE:  CREATE POLICY - ddl_command_start
 -NOTICE:  CREATE POLICY - ddl_command_end
-+ERROR:  unimplemented: row-level security is not yet implemented
-+HINT:  You have attempted to use a feature that is not yet implemented.
-+See: https://go.crdb.dev/issue-v/73596/_version_
  ALTER POLICY p1 ON event_trigger_test USING (TRUE);
 -NOTICE:  ALTER POLICY - ddl_command_start
 -NOTICE:  ALTER POLICY - ddl_command_end
-+ERROR:  unimplemented: ALTER POLICY is not yet implemented
-+HINT:  You have attempted to use a feature that is not yet implemented.
-+See: https://go.crdb.dev/issue-v/136997/_version_
  ALTER POLICY p1 ON event_trigger_test RENAME TO p2;
 -NOTICE:  ALTER POLICY - ddl_command_start
 -NOTICE:  ALTER POLICY - ddl_command_end
-+ERROR:  unimplemented: ALTER POLICY is not yet implemented
-+HINT:  You have attempted to use a feature that is not yet implemented.
-+See: https://go.crdb.dev/issue-v/136996/_version_
  DROP POLICY p2 ON event_trigger_test;
 -NOTICE:  DROP POLICY - ddl_command_start
 -NOTICE:  DROP POLICY - sql_drop
 -NOTICE:  DROP POLICY - ddl_command_end
-+ERROR:  unimplemented: row-level security is not yet implemented
-+HINT:  You have attempted to use a feature that is not yet implemented.
-+See: https://go.crdb.dev/issue-v/73596/_version_
  -- Check the object addresses of all the event triggers.
  SELECT
      e.evtname,
-@@ -604,13 +842,22 @@
+@@ -604,13 +830,22 @@
      LATERAL pg_identify_object_as_address('pg_event_trigger'::regclass, e.oid, 0) as b,
      LATERAL pg_get_object_address(b.type, b.object_names, b.object_args) as a
    ORDER BY e.evtname;

pkg/cmd/roachtest/testdata/pg_regress/merge.diffs

@@ -2008,7 +2008,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
  ROLLBACK;
  -- try updating the partition key column
  BEGIN;
-@@ -1732,64 +1690,102 @@
+@@ -1732,64 +1690,100 @@
      UPDATE SET tid = tid + 1, balance = balance + delta, val = val || ' updated by merge'
    WHEN NOT MATCHED THEN
      INSERT VALUES (sid, delta, 'inserted by merge');
@@ -2045,9 +2045,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
  ALTER TABLE pa_target FORCE ROW LEVEL SECURITY;
 +ERROR:  relation "pa_target" does not exist
  CREATE POLICY pa_target_pol ON pa_target USING (tid != 0);
-+ERROR:  unimplemented: row-level security is not yet implemented
-+HINT:  You have attempted to use a feature that is not yet implemented.
-+See: https://go.crdb.dev/issue-v/73596/_version_
++ERROR:  relation "pa_target" does not exist
  MERGE INTO pa_target t
    USING pa_source s
    ON t.tid = s.sid AND t.tid IN (1,2,3,4)
@@ -2130,7 +2128,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
  -- try simple MERGE
  BEGIN;
  MERGE INTO pa_target t
-@@ -1799,91 +1795,78 @@
+@@ -1799,91 +1793,78 @@
      UPDATE SET balance = balance + delta, val = val || ' updated by merge'
    WHEN NOT MATCHED THEN
      INSERT VALUES (slogts::timestamp, sid, delta, 'inserted by merge');
@@ -2262,7 +2260,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
  INSERT INTO cj_source1 VALUES (1, 10, 100);
  INSERT INTO cj_source1 VALUES (1, 20, 200);
  INSERT INTO cj_source1 VALUES (2, 20, 300);
-@@ -1898,6 +1881,10 @@
+@@ -1898,6 +1879,10 @@
  ON t.tid = sid1
  WHEN NOT MATCHED THEN
  	INSERT VALUES (sid1, delta, sval);
@@ -2273,7 +2271,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
  -- try accessing columns from either side of the source join
  MERGE INTO cj_target t
  USING cj_source2 s2
-@@ -1907,6 +1894,10 @@
+@@ -1907,6 +1892,10 @@
  	INSERT VALUES (sid2, delta, sval)
  WHEN MATCHED THEN
  	DELETE;
@@ -2284,7 +2282,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
  -- some simple expressions in INSERT targetlist
  MERGE INTO cj_target t
  USING cj_source2 s2
-@@ -1916,20 +1907,24 @@
+@@ -1916,20 +1905,24 @@
  	INSERT VALUES (sid2, delta + scat, sval)
  WHEN MATCHED THEN
  	UPDATE SET val = val || ' updated by merge';
@@ -2316,7 +2314,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
 
  -- try it with an outer join and PlaceHolderVar
  MERGE INTO cj_target t
-@@ -1938,19 +1933,14 @@
+@@ -1938,19 +1931,14 @@
  ON t.tid = fj.scat
  WHEN NOT MATCHED THEN
  	INSERT (tid, balance, val) VALUES (fj.scat, fj.delta, fj.phv);
@@ -2343,7 +2341,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
 
  ALTER TABLE cj_source1 RENAME COLUMN sid1 TO sid;
  ALTER TABLE cj_source2 RENAME COLUMN sid2 TO sid;
-@@ -1961,10 +1951,15 @@
+@@ -1961,10 +1949,15 @@
  ON t.tid = s1.sid
  WHEN NOT MATCHED THEN
  	INSERT VALUES (s2.sid, delta, sval);
@@ -2359,7 +2357,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
  MERGE INTO fs_target t
  USING generate_series(1,100,1) AS id
  ON t.a = id
-@@ -1972,6 +1967,10 @@
+@@ -1972,6 +1965,10 @@
  	UPDATE SET b = b + id
  WHEN NOT MATCHED THEN
  	INSERT VALUES (id, -1);
@@ -2370,7 +2368,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
  MERGE INTO fs_target t
  USING generate_series(1,100,2) AS id
  ON t.a = id
-@@ -1979,10 +1978,14 @@
+@@ -1979,10 +1976,14 @@
  	UPDATE SET b = b + id, c = 'updated '|| id.*::text
  WHEN NOT MATCHED THEN
  	INSERT VALUES (id, -1, 'inserted ' || id.*::text);
@@ -2386,7 +2384,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
  (1 row)
 
  DROP TABLE fs_target;
-@@ -1995,12 +1998,29 @@
+@@ -1995,12 +1996,29 @@
      peaktemp        int,
      unitsales       int
  ) WITH (autovacuum_enabled=off);
@@ -2416,7 +2414,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
  CREATE TABLE measurement_y2007m01 (
      filler          text,
      peaktemp        int,
-@@ -2009,8 +2029,14 @@
+@@ -2009,8 +2027,14 @@
      unitsales       int
      CHECK ( logdate >= DATE '2007-01-01' AND logdate < DATE '2007-02-01')
  ) WITH (autovacuum_enabled=off);
@@ -2431,15 +2429,15 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
  INSERT INTO measurement VALUES (0, '2005-07-21', 5, 15);
  CREATE OR REPLACE FUNCTION measurement_insert_trigger()
  RETURNS TRIGGER AS $$
-@@ -2034,6 +2060,7 @@
+@@ -2034,6 +2058,7 @@
  CREATE TRIGGER insert_measurement_trigger
      BEFORE INSERT ON measurement
      FOR EACH ROW EXECUTE PROCEDURE measurement_insert_trigger();
 +ERROR:  relation "measurement_y2006m02" does not exist
  INSERT INTO measurement VALUES (1, '2006-02-10', 35, 10);
  INSERT INTO measurement VALUES (1, '2006-02-16', 45, 20);
  INSERT INTO measurement VALUES (1, '2006-03-17', 25, 10);
-@@ -2041,18 +2068,19 @@
+@@ -2041,18 +2066,19 @@
  INSERT INTO measurement VALUES (1, '2007-01-15', 10, 10);
  INSERT INTO measurement VALUES (1, '2007-01-17', 10, 10);
  SELECT tableoid::regclass, * FROM measurement ORDER BY city_id, logdate;
@@ -2468,7 +2466,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
  INSERT INTO new_measurement VALUES (0, '2005-07-21', 25, 20);
  INSERT INTO new_measurement VALUES (1, '2006-03-01', 20, 10);
  INSERT INTO new_measurement VALUES (1, '2006-02-16', 50, 10);
-@@ -2072,25 +2100,12 @@
+@@ -2072,25 +2098,12 @@
  WHEN NOT MATCHED THEN INSERT
       (city_id, logdate, peaktemp, unitsales)
     VALUES (city_id, logdate, peaktemp, unitsales);
@@ -2499,7 +2497,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/merge.out --label
  ROLLBACK;
  MERGE into measurement m
   USING new_measurement nm ON
-@@ -2102,56 +2117,64 @@
+@@ -2102,56 +2115,64 @@
  WHEN NOT MATCHED THEN INSERT
       (city_id, logdate, peaktemp, unitsales)
     VALUES (city_id, logdate, peaktemp, unitsales);

pkg/cmd/roachtest/testdata/pg_regress/object_address.diffs

@@ -1,7 +1,7 @@
 diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/object_address.out --label=/mnt/data1/postgres/src/test/regress/results/object_address.out /mnt/data1/postgres/src/test/regress/expected/object_address.out /mnt/data1/postgres/src/test/regress/results/object_address.out
 --- /mnt/data1/postgres/src/test/regress/expected/object_address.out
 +++ /mnt/data1/postgres/src/test/regress/results/object_address.out
-@@ -10,32 +10,144 @@
+@@ -10,32 +10,141 @@
  CREATE SCHEMA addr_nsp;
  SET search_path TO 'addr_nsp';
  CREATE FOREIGN DATA WRAPPER addr_fdw;
@@ -117,9 +117,6 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/object_address.ou
  CREATE FUNCTION addr_nsp.trig() RETURNS TRIGGER LANGUAGE plpgsql AS $$ BEGIN END; $$;
  CREATE TRIGGER t BEFORE INSERT ON addr_nsp.gentable FOR EACH ROW EXECUTE PROCEDURE addr_nsp.trig();
  CREATE POLICY genpol ON addr_nsp.gentable;
-+ERROR:  unimplemented: row-level security is not yet implemented
-+HINT:  You have attempted to use a feature that is not yet implemented.
-+See: https://go.crdb.dev/issue-v/73596/_version_
  CREATE PROCEDURE addr_nsp.proc(int4) LANGUAGE SQL AS $$ $$;
  CREATE SERVER "integer" FOREIGN DATA WRAPPER addr_fdw;
 +ERROR:  at or near "integer": syntax error: unimplemented: this syntax
@@ -146,7 +143,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/object_address.ou
  ALTER DEFAULT PRIVILEGES FOR ROLE regress_addr_user IN SCHEMA public GRANT ALL ON TABLES TO regress_addr_user;
  ALTER DEFAULT PRIVILEGES FOR ROLE regress_addr_user REVOKE DELETE ON TABLES FROM regress_addr_user;
  -- this transform would be quite unsafe to leave lying around,
-@@ -43,22 +155,75 @@
+@@ -43,22 +152,75 @@
  CREATE TRANSFORM FOR int LANGUAGE SQL (
      FROM SQL WITH FUNCTION prsd_lextype(internal),
      TO SQL WITH FUNCTION int4recv(internal));
@@ -227,7 +224,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/object_address.ou
  -- unrecognized object types
  DO $$
  DECLARE
-@@ -75,21 +240,33 @@
+@@ -75,21 +237,33 @@
      END LOOP;
  END;
  $$;
@@ -271,7 +268,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/object_address.ou
  DO $$
  DECLARE
      objtype text;
-@@ -123,265 +300,81 @@
+@@ -123,265 +297,81 @@
      END LOOP;
  END;
  $$;
@@ -584,7 +581,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/object_address.ou
  -- Make sure that NULL handling is correct.
  \pset null 'NULL'
  -- Temporarily disable fancy output, so as future additions never create
-@@ -455,86 +448,86 @@
+@@ -455,86 +445,86 @@
       pg_identify_object_as_address(classid, objid, objsubid) AS ioa (typ, nms, args),
       pg_get_object_address(typ, nms, ioa.args) AS addr2
  ORDER BY addr1.classid, addr1.objid, addr1.objsubid;
@@ -741,7 +738,7 @@ diff -U3 --label=/mnt/data1/postgres/src/test/regress/expected/object_address.ou
  --
  -- Checks for invalid objects
  --
-@@ -592,47 +585,6 @@
+@@ -592,47 +582,6 @@
           AS descr
  FROM objects
  ORDER BY objects.classid, objects.objid, objects.objsubid;