diff --git a/.github/gh_matrix_builder.py b/.github/gh_matrix_builder.py index fa70c42a1..30f7ebe18 100644 --- a/.github/gh_matrix_builder.py +++ b/.github/gh_matrix_builder.py @@ -123,15 +123,15 @@ m["include"].append(build_without_telemetry({"pg":PG14_LATEST})) m["include"].append(build_debug_config({"pg":15,"snapshot":"snapshot", "tsdb_build_args":"-DASSERTIONS=ON -DREQUIRE_ALL_TESTS=ON -DEXPERIMENTAL=ON -DCODECOVERAGE=ON", # below tests are tracked as part of #4838 - "installcheck_args": "SKIPS='003_connections_privs 001_simple_multinode 004_multinode_rdwr_1pc data_node_bootstrap dist_hypertable-15' " + "installcheck_args": "SKIPS='003_connections_privs 001_simple_multinode 004_multinode_rdwr_1pc data_node_bootstrap dist_hypertable-15 bgw_custom' " # below tests are tracked as part of #4832 "IGNORES='pg_dump_unprivileged cagg_dump metadata pg_dump compression_hypertable " # below tests are tracked as part of #4833 - "cagg_ddl_dist_ht telemetry_stats cagg_migrate_integer_dist_ht cagg_migrate_timestamp_dist_ht cagg_bgw_dist_ht chunk_api compression_bgw data_node dist_api_calls dist_commands dist_compression dist_copy_format_long dist_copy_long dist_ddl dist_move_chunk dist_partial_agg dist_policy dist_query exp_cagg_monthly exp_cagg_origin exp_cagg_timezone cagg_concurrent_refresh_dist_ht cagg_drop_chunks cagg_multi_dist_ht continuous_aggs continuous_aggs_deprecated cagg_invalidation_dist_ht-15 dist_grant-15 remote_copy-15 partitionwise-15 " + "telemetry_stats dist_commands dist_ddl dist_query dist_partial_agg continuous_aggs continuous_aggs_deprecated " # below tests are tracked as part of #4834 "compression compression_dml modify_exclusion rowsecurity-15 " # below tests are tracked as part of #4835 - "parallel plan_hashagg query partialize_finalize dist_util dist_distinct dist_distinct_pushdown dist_fetcher_type dist_gapfill dist_parallel_agg dist_queries dist_remote_error jit-15 debug_notice dist_chunk " + "parallel plan_hashagg query partialize_finalize dist_distinct dist_fetcher_type dist_remote_error jit-15 " # below tests are tracked as part of #4837 "remote_txn'"})) diff --git a/tsl/test/expected/cagg_bgw.out b/tsl/test/expected/cagg_bgw.out index 4f182e478..986277d7c 100644 --- a/tsl/test/expected/cagg_bgw.out +++ b/tsl/test/expected/cagg_bgw.out @@ -72,6 +72,9 @@ SELECT * FROM _timescaledb_catalog.continuous_agg; -------------------+-------------------+------------------+----------------+---------------------+-------------------+--------------+--------------------+------------------+-------------------+----------- (0 rows) +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; +psql:include/cagg_bgw_common.sql:72: WARNING: no privileges were granted for "public" \c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER CREATE TABLE test_continuous_agg_table(time int, data int); \if :IS_DISTRIBUTED diff --git a/tsl/test/expected/cagg_bgw_dist_ht.out b/tsl/test/expected/cagg_bgw_dist_ht.out index 268557da0..986ccf403 100644 --- a/tsl/test/expected/cagg_bgw_dist_ht.out +++ b/tsl/test/expected/cagg_bgw_dist_ht.out @@ -36,6 +36,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; \set IS_DISTRIBUTED TRUE \ir include/cagg_bgw_common.sql -- This file and its contents are licensed under the Timescale License. @@ -107,6 +109,9 @@ SELECT * FROM _timescaledb_catalog.continuous_agg; -------------------+-------------------+------------------+----------------+---------------------+-------------------+--------------+--------------------+------------------+-------------------+----------- (0 rows) +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; +psql:include/cagg_bgw_common.sql:72: WARNING: no privileges were granted for "public" \c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER CREATE TABLE test_continuous_agg_table(time int, data int); \if :IS_DISTRIBUTED diff --git a/tsl/test/expected/cagg_ddl_dist_ht.out b/tsl/test/expected/cagg_ddl_dist_ht.out index ab2bff3a7..6b4df4b8e 100644 --- a/tsl/test/expected/cagg_ddl_dist_ht.out +++ b/tsl/test/expected/cagg_ddl_dist_ht.out @@ -36,6 +36,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; \set IS_DISTRIBUTED TRUE \ir include/cagg_ddl_common.sql -- This file and its contents are licensed under the Timescale License. diff --git a/tsl/test/expected/chunk_api.out b/tsl/test/expected/chunk_api.out index 6d41f2b70..7d4561c54 100644 --- a/tsl/test/expected/chunk_api.out +++ b/tsl/test/expected/chunk_api.out @@ -286,6 +286,8 @@ FROM ( GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2 TO :ROLE_1, :ROLE_DEFAULT_PERM_USER; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; CREATE TABLE disttable (time timestamptz, device int, temp float, color text); SELECT * FROM create_distributed_hypertable('disttable', 'time', 'device'); diff --git a/tsl/test/expected/compression_bgw.out b/tsl/test/expected/compression_bgw.out index f6a2f4f77..da35b2ee7 100644 --- a/tsl/test/expected/compression_bgw.out +++ b/tsl/test/expected/compression_bgw.out @@ -3,6 +3,8 @@ -- LICENSE-TIMESCALE for a copy of the license. \c :TEST_DBNAME :ROLE_SUPERUSER CREATE ROLE NOLOGIN_ROLE WITH nologin noinherit; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO NOLOGIN_ROLE; GRANT NOLOGIN_ROLE TO :ROLE_DEFAULT_PERM_USER WITH ADMIN OPTION; \c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER CREATE TABLE conditions ( diff --git a/tsl/test/expected/data_node.out b/tsl/test/expected/data_node.out index f941793b9..bd4add077 100644 --- a/tsl/test/expected/data_node.out +++ b/tsl/test/expected/data_node.out @@ -200,6 +200,8 @@ SELECT node_name, database, node_created, database_created, extension_created FR data_node_3 | db_data_node_3 | t | t | t (1 row) +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; -- Create a distributed hypertable where no nodes can be selected -- because there are no data nodes with the right permissions. @@ -222,6 +224,8 @@ RESET ROLE; GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SELECT node_name FROM timescaledb_information.data_nodes ORDER BY node_name; @@ -297,6 +301,8 @@ RESET ROLE; GRANT USAGE ON FOREIGN SERVER data_node_3 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; -- Now specify less slices than there are data nodes to generate a -- warning @@ -744,6 +750,8 @@ SELECT node_name, database, node_created, database_created, extension_created FR GRANT USAGE ON FOREIGN SERVER data_node_4 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SELECT * FROM attach_data_node('data_node_4', 'disttable'); NOTICE: the number of partitions in dimension "device" was increased to 2 hypertable_id | node_hypertable_id | node_name @@ -868,6 +876,8 @@ SELECT node_name, database, node_created, database_created, extension_created FR (1 row) GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2, data_node_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; DROP TABLE disttable; CREATE TABLE disttable(time timestamptz, device int, temp float); @@ -1334,6 +1344,8 @@ SELECT node_name, database, node_created, database_created, extension_created FR (1 row) GRANT ALL ON FOREIGN SERVER data_node_4, data_node_5 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; -- Create table as super user SET ROLE :ROLE_SUPERUSER; CREATE TABLE disttable_3(time timestamptz, device int, temp float); diff --git a/tsl/test/expected/dist_api_calls.out b/tsl/test/expected/dist_api_calls.out index 3be2a825c..3c7b1e9e6 100644 --- a/tsl/test/expected/dist_api_calls.out +++ b/tsl/test/expected/dist_api_calls.out @@ -24,6 +24,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; -- Create a distributed hypertable with data SET ROLE :ROLE_1; CREATE TABLE disttable( diff --git a/tsl/test/expected/dist_compression.out b/tsl/test/expected/dist_compression.out index 29eaee981..974c52fe1 100644 --- a/tsl/test/expected/dist_compression.out +++ b/tsl/test/expected/dist_compression.out @@ -41,6 +41,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; CREATE TABLE compressed(time timestamptz, device int, temp float); -- Replicate twice to see that compress_chunk compresses all replica chunks diff --git a/tsl/test/expected/dist_copy_format_long.out b/tsl/test/expected/dist_copy_format_long.out index 12be237ff..4fbfbc2d4 100644 --- a/tsl/test/expected/dist_copy_format_long.out +++ b/tsl/test/expected/dist_copy_format_long.out @@ -29,6 +29,8 @@ SELECT 1 FROM add_data_node('data_node_3', host => 'localhost', (1 row) GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2, data_node_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; -- Aim to about 100 partitions, the data is from 1995 to 2022. create table uk_price_paid(price integer, "date" date, postcode1 text, postcode2 text, type smallint, is_new bool, duration smallint, addr1 text, addr2 text, street text, locality text, town text, district text, country text, category smallint); diff --git a/tsl/test/expected/dist_copy_long.out b/tsl/test/expected/dist_copy_long.out index 7df654776..bda05abba 100644 --- a/tsl/test/expected/dist_copy_long.out +++ b/tsl/test/expected/dist_copy_long.out @@ -28,6 +28,8 @@ SELECT 1 FROM add_data_node('data_node_3', host => 'localhost', (1 row) GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2, data_node_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; create table uk_price_paid(price integer, "date" date, postcode1 text, postcode2 text, type smallint, is_new bool, duration smallint, addr1 text, addr2 text, street text, locality text, town text, district text, country text, category smallint); -- Aim to about 100 partitions, the data is from 1995 to 2022. diff --git a/tsl/test/expected/dist_move_chunk.out b/tsl/test/expected/dist_move_chunk.out index 1e0251800..18eed56ce 100644 --- a/tsl/test/expected/dist_move_chunk.out +++ b/tsl/test/expected/dist_move_chunk.out @@ -20,6 +20,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; CREATE TABLE dist_test(time timestamp NOT NULL, device int, temp float); SELECT create_distributed_hypertable('dist_test', 'time', 'device', 3); diff --git a/tsl/test/expected/dist_policy.out b/tsl/test/expected/dist_policy.out index 5d1e08131..985ac954d 100644 --- a/tsl/test/expected/dist_policy.out +++ b/tsl/test/expected/dist_policy.out @@ -21,6 +21,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; -- Create a fake clock that we can use below and make sure that it is -- defined on the data nodes as well. CREATE TABLE time_table (time BIGINT); diff --git a/tsl/test/expected/exp_cagg_monthly.out b/tsl/test/expected/exp_cagg_monthly.out index 2c9fb97b7..d1df7fea7 100644 --- a/tsl/test/expected/exp_cagg_monthly.out +++ b/tsl/test/expected/exp_cagg_monthly.out @@ -1044,6 +1044,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; SET ROLE :ROLE_DEFAULT_PERM_USER; CREATE TABLE conditions_dist( day DATE NOT NULL, diff --git a/tsl/test/expected/exp_cagg_origin.out b/tsl/test/expected/exp_cagg_origin.out index 1172b46c6..c20697aea 100644 --- a/tsl/test/expected/exp_cagg_origin.out +++ b/tsl/test/expected/exp_cagg_origin.out @@ -484,6 +484,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; SET ROLE :ROLE_DEFAULT_PERM_USER; CREATE TABLE conditions_dist( day date NOT NULL, diff --git a/tsl/test/expected/exp_cagg_timezone.out b/tsl/test/expected/exp_cagg_timezone.out index 22d517155..f4e624ebf 100644 --- a/tsl/test/expected/exp_cagg_timezone.out +++ b/tsl/test/expected/exp_cagg_timezone.out @@ -667,6 +667,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; SET ROLE :ROLE_DEFAULT_PERM_USER; CREATE TABLE conditions_dist( day timestamptz NOT NULL, diff --git a/tsl/test/sql/cagg_bgw_dist_ht.sql b/tsl/test/sql/cagg_bgw_dist_ht.sql index 1c9774d7a..2d5f36279 100644 --- a/tsl/test/sql/cagg_bgw_dist_ht.sql +++ b/tsl/test/sql/cagg_bgw_dist_ht.sql @@ -20,6 +20,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; \set IS_DISTRIBUTED TRUE diff --git a/tsl/test/sql/cagg_ddl_dist_ht.sql b/tsl/test/sql/cagg_ddl_dist_ht.sql index 352b1a0a0..b5ae514a0 100644 --- a/tsl/test/sql/cagg_ddl_dist_ht.sql +++ b/tsl/test/sql/cagg_ddl_dist_ht.sql @@ -20,7 +20,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; \set IS_DISTRIBUTED TRUE \ir include/cagg_ddl_common.sql diff --git a/tsl/test/sql/chunk_api.sql b/tsl/test/sql/chunk_api.sql index f03d49015..3b612f651 100644 --- a/tsl/test/sql/chunk_api.sql +++ b/tsl/test/sql/chunk_api.sql @@ -149,6 +149,8 @@ FROM ( GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2 TO :ROLE_1, :ROLE_DEFAULT_PERM_USER; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; CREATE TABLE disttable (time timestamptz, device int, temp float, color text); diff --git a/tsl/test/sql/compression_bgw.sql b/tsl/test/sql/compression_bgw.sql index 0bfa5fe51..ce7b0c6f1 100644 --- a/tsl/test/sql/compression_bgw.sql +++ b/tsl/test/sql/compression_bgw.sql @@ -5,6 +5,8 @@ \c :TEST_DBNAME :ROLE_SUPERUSER CREATE ROLE NOLOGIN_ROLE WITH nologin noinherit; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO NOLOGIN_ROLE; GRANT NOLOGIN_ROLE TO :ROLE_DEFAULT_PERM_USER WITH ADMIN OPTION; \c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER diff --git a/tsl/test/sql/data_node.sql b/tsl/test/sql/data_node.sql index 97a9703c9..5b7c4e10a 100644 --- a/tsl/test/sql/data_node.sql +++ b/tsl/test/sql/data_node.sql @@ -120,7 +120,8 @@ SET client_min_messages TO INFO; SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_1', host => 'localhost', database => :'DN_DBNAME_1'); SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_2', host => 'localhost', database => :'DN_DBNAME_2'); SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_3', host => 'localhost', database => :'DN_DBNAME_3'); - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; -- Create a distributed hypertable where no nodes can be selected @@ -141,6 +142,8 @@ RESET ROLE; GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SELECT node_name FROM timescaledb_information.data_nodes @@ -186,6 +189,8 @@ RESET ROLE; GRANT USAGE ON FOREIGN SERVER data_node_3 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; -- Now specify less slices than there are data nodes to generate a @@ -390,6 +395,8 @@ SELECT node_name, database, node_created, database_created, extension_created FR GRANT USAGE ON FOREIGN SERVER data_node_4 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SELECT * FROM attach_data_node('data_node_4', 'disttable'); -- Recheck that ownership on data_node_4 is proper SELECT * FROM test.remote_exec(NULL, $$ SELECT tablename, tableowner from pg_catalog.pg_tables where tablename = 'disttable'; $$); @@ -441,7 +448,8 @@ SELECT node_name, database, node_created, database_created, extension_created FR SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_2', host => 'localhost', database => :'DN_DBNAME_2'); SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_3', host => 'localhost', database => :'DN_DBNAME_3'); GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2, data_node_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; DROP TABLE disttable; @@ -603,6 +611,8 @@ SET ROLE :ROLE_CLUSTER_SUPERUSER; SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_4', host => 'localhost', database => :'DN_DBNAME_4'); SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_5', host => 'localhost', database => :'DN_DBNAME_5'); GRANT ALL ON FOREIGN SERVER data_node_4, data_node_5 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; -- Create table as super user SET ROLE :ROLE_SUPERUSER; CREATE TABLE disttable_3(time timestamptz, device int, temp float); diff --git a/tsl/test/sql/dist_api_calls.sql b/tsl/test/sql/dist_api_calls.sql index 01cd7f43a..b7624f92d 100644 --- a/tsl/test/sql/dist_api_calls.sql +++ b/tsl/test/sql/dist_api_calls.sql @@ -25,7 +25,8 @@ FROM ( FROM (VALUES (:'DATA_NODE_1'), (:'DATA_NODE_2'), (:'DATA_NODE_3')) v(name) ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; -- Create a distributed hypertable with data SET ROLE :ROLE_1; CREATE TABLE disttable( diff --git a/tsl/test/sql/dist_compression.sql b/tsl/test/sql/dist_compression.sql index 3d99c2eea..7c3c927e6 100644 --- a/tsl/test/sql/dist_compression.sql +++ b/tsl/test/sql/dist_compression.sql @@ -21,6 +21,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; CREATE TABLE compressed(time timestamptz, device int, temp float); diff --git a/tsl/test/sql/dist_copy_format_long.sql b/tsl/test/sql/dist_copy_format_long.sql index 217a3383c..1a5d232b8 100644 --- a/tsl/test/sql/dist_copy_format_long.sql +++ b/tsl/test/sql/dist_copy_format_long.sql @@ -18,7 +18,8 @@ SELECT 1 FROM add_data_node('data_node_2', host => 'localhost', SELECT 1 FROM add_data_node('data_node_3', host => 'localhost', database => :'DN_DBNAME_3'); GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2, data_node_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; diff --git a/tsl/test/sql/dist_copy_long.sql b/tsl/test/sql/dist_copy_long.sql index 4b89ab6b2..841fbd647 100644 --- a/tsl/test/sql/dist_copy_long.sql +++ b/tsl/test/sql/dist_copy_long.sql @@ -17,7 +17,8 @@ SELECT 1 FROM add_data_node('data_node_2', host => 'localhost', SELECT 1 FROM add_data_node('data_node_3', host => 'localhost', database => :'DN_DBNAME_3'); GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2, data_node_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; diff --git a/tsl/test/sql/dist_move_chunk.sql b/tsl/test/sql/dist_move_chunk.sql index f8f6db301..30af0b900 100644 --- a/tsl/test/sql/dist_move_chunk.sql +++ b/tsl/test/sql/dist_move_chunk.sql @@ -20,7 +20,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; CREATE TABLE dist_test(time timestamp NOT NULL, device int, temp float); diff --git a/tsl/test/sql/dist_policy.sql b/tsl/test/sql/dist_policy.sql index 42b41db24..83bea9422 100644 --- a/tsl/test/sql/dist_policy.sql +++ b/tsl/test/sql/dist_policy.sql @@ -21,6 +21,8 @@ FROM ( FROM (VALUES (:'DATA_NODE_1'), (:'DATA_NODE_2'), (:'DATA_NODE_3')) v(name) ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; -- Create a fake clock that we can use below and make sure that it is -- defined on the data nodes as well. diff --git a/tsl/test/sql/exp_cagg_monthly.sql b/tsl/test/sql/exp_cagg_monthly.sql index fbf9ba97d..1d439917f 100644 --- a/tsl/test/sql/exp_cagg_monthly.sql +++ b/tsl/test/sql/exp_cagg_monthly.sql @@ -420,7 +420,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; SET ROLE :ROLE_DEFAULT_PERM_USER; CREATE TABLE conditions_dist( diff --git a/tsl/test/sql/exp_cagg_origin.sql b/tsl/test/sql/exp_cagg_origin.sql index bb6e72f26..54d2ac410 100644 --- a/tsl/test/sql/exp_cagg_origin.sql +++ b/tsl/test/sql/exp_cagg_origin.sql @@ -267,7 +267,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; SET ROLE :ROLE_DEFAULT_PERM_USER; CREATE TABLE conditions_dist( diff --git a/tsl/test/sql/exp_cagg_timezone.sql b/tsl/test/sql/exp_cagg_timezone.sql index 61b18f6d3..28baa50a6 100644 --- a/tsl/test/sql/exp_cagg_timezone.sql +++ b/tsl/test/sql/exp_cagg_timezone.sql @@ -429,7 +429,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; SET ROLE :ROLE_DEFAULT_PERM_USER; CREATE TABLE conditions_dist( diff --git a/tsl/test/sql/include/cagg_bgw_common.sql b/tsl/test/sql/include/cagg_bgw_common.sql index c3b774fc1..5ebe3fcd8 100644 --- a/tsl/test/sql/include/cagg_bgw_common.sql +++ b/tsl/test/sql/include/cagg_bgw_common.sql @@ -68,9 +68,9 @@ SELECT ts_bgw_params_create(); SELECT * FROM _timescaledb_config.bgw_job; SELECT * FROM timescaledb_information.job_stats; SELECT * FROM _timescaledb_catalog.continuous_agg; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; \c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER - CREATE TABLE test_continuous_agg_table(time int, data int); \if :IS_DISTRIBUTED SELECT create_distributed_hypertable('test_continuous_agg_table', 'time', chunk_time_interval => 10, replication_factor => 2);