From d218715d5c064c88f0e8d56070d762a95c3b65ab Mon Sep 17 00:00:00 2001 From: Bharathy Date: Wed, 19 Oct 2022 17:35:02 +0530 Subject: [PATCH] Fix tests which fail on PG15 When TimescaleDB 2.9.0 compiled against PG15, many tests fail due to permissions on default public schema not getting propagated to data nodes, although connected user has required GRANTS on access nodes. This patch fixes failing tests by explicitly granting required permissions for connected user or role after data nodes are added. --- .github/gh_matrix_builder.py | 6 +++--- tsl/test/expected/cagg_bgw.out | 3 +++ tsl/test/expected/cagg_bgw_dist_ht.out | 5 +++++ tsl/test/expected/cagg_ddl_dist_ht.out | 2 ++ tsl/test/expected/chunk_api.out | 2 ++ tsl/test/expected/compression_bgw.out | 2 ++ tsl/test/expected/data_node.out | 12 ++++++++++++ tsl/test/expected/dist_api_calls.out | 2 ++ tsl/test/expected/dist_compression.out | 2 ++ tsl/test/expected/dist_copy_format_long.out | 2 ++ tsl/test/expected/dist_copy_long.out | 2 ++ tsl/test/expected/dist_move_chunk.out | 2 ++ tsl/test/expected/dist_policy.out | 2 ++ tsl/test/expected/exp_cagg_monthly.out | 2 ++ tsl/test/expected/exp_cagg_origin.out | 2 ++ tsl/test/expected/exp_cagg_timezone.out | 2 ++ tsl/test/sql/cagg_bgw_dist_ht.sql | 2 ++ tsl/test/sql/cagg_ddl_dist_ht.sql | 3 ++- tsl/test/sql/chunk_api.sql | 2 ++ tsl/test/sql/compression_bgw.sql | 2 ++ tsl/test/sql/data_node.sql | 14 ++++++++++++-- tsl/test/sql/dist_api_calls.sql | 3 ++- tsl/test/sql/dist_compression.sql | 2 ++ tsl/test/sql/dist_copy_format_long.sql | 3 ++- tsl/test/sql/dist_copy_long.sql | 3 ++- tsl/test/sql/dist_move_chunk.sql | 3 ++- tsl/test/sql/dist_policy.sql | 2 ++ tsl/test/sql/exp_cagg_monthly.sql | 3 ++- tsl/test/sql/exp_cagg_origin.sql | 3 ++- tsl/test/sql/exp_cagg_timezone.sql | 3 ++- tsl/test/sql/include/cagg_bgw_common.sql | 4 ++-- 31 files changed, 87 insertions(+), 15 deletions(-) diff --git a/.github/gh_matrix_builder.py b/.github/gh_matrix_builder.py index fa70c42a1..30f7ebe18 100644 --- a/.github/gh_matrix_builder.py +++ b/.github/gh_matrix_builder.py @@ -123,15 +123,15 @@ m["include"].append(build_without_telemetry({"pg":PG14_LATEST})) m["include"].append(build_debug_config({"pg":15,"snapshot":"snapshot", "tsdb_build_args":"-DASSERTIONS=ON -DREQUIRE_ALL_TESTS=ON -DEXPERIMENTAL=ON -DCODECOVERAGE=ON", # below tests are tracked as part of #4838 - "installcheck_args": "SKIPS='003_connections_privs 001_simple_multinode 004_multinode_rdwr_1pc data_node_bootstrap dist_hypertable-15' " + "installcheck_args": "SKIPS='003_connections_privs 001_simple_multinode 004_multinode_rdwr_1pc data_node_bootstrap dist_hypertable-15 bgw_custom' " # below tests are tracked as part of #4832 "IGNORES='pg_dump_unprivileged cagg_dump metadata pg_dump compression_hypertable " # below tests are tracked as part of #4833 - "cagg_ddl_dist_ht telemetry_stats cagg_migrate_integer_dist_ht cagg_migrate_timestamp_dist_ht cagg_bgw_dist_ht chunk_api compression_bgw data_node dist_api_calls dist_commands dist_compression dist_copy_format_long dist_copy_long dist_ddl dist_move_chunk dist_partial_agg dist_policy dist_query exp_cagg_monthly exp_cagg_origin exp_cagg_timezone cagg_concurrent_refresh_dist_ht cagg_drop_chunks cagg_multi_dist_ht continuous_aggs continuous_aggs_deprecated cagg_invalidation_dist_ht-15 dist_grant-15 remote_copy-15 partitionwise-15 " + "telemetry_stats dist_commands dist_ddl dist_query dist_partial_agg continuous_aggs continuous_aggs_deprecated " # below tests are tracked as part of #4834 "compression compression_dml modify_exclusion rowsecurity-15 " # below tests are tracked as part of #4835 - "parallel plan_hashagg query partialize_finalize dist_util dist_distinct dist_distinct_pushdown dist_fetcher_type dist_gapfill dist_parallel_agg dist_queries dist_remote_error jit-15 debug_notice dist_chunk " + "parallel plan_hashagg query partialize_finalize dist_distinct dist_fetcher_type dist_remote_error jit-15 " # below tests are tracked as part of #4837 "remote_txn'"})) diff --git a/tsl/test/expected/cagg_bgw.out b/tsl/test/expected/cagg_bgw.out index 4f182e478..986277d7c 100644 --- a/tsl/test/expected/cagg_bgw.out +++ b/tsl/test/expected/cagg_bgw.out @@ -72,6 +72,9 @@ SELECT * FROM _timescaledb_catalog.continuous_agg; -------------------+-------------------+------------------+----------------+---------------------+-------------------+--------------+--------------------+------------------+-------------------+----------- (0 rows) +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; +psql:include/cagg_bgw_common.sql:72: WARNING: no privileges were granted for "public" \c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER CREATE TABLE test_continuous_agg_table(time int, data int); \if :IS_DISTRIBUTED diff --git a/tsl/test/expected/cagg_bgw_dist_ht.out b/tsl/test/expected/cagg_bgw_dist_ht.out index 268557da0..986ccf403 100644 --- a/tsl/test/expected/cagg_bgw_dist_ht.out +++ b/tsl/test/expected/cagg_bgw_dist_ht.out @@ -36,6 +36,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; \set IS_DISTRIBUTED TRUE \ir include/cagg_bgw_common.sql -- This file and its contents are licensed under the Timescale License. @@ -107,6 +109,9 @@ SELECT * FROM _timescaledb_catalog.continuous_agg; -------------------+-------------------+------------------+----------------+---------------------+-------------------+--------------+--------------------+------------------+-------------------+----------- (0 rows) +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; +psql:include/cagg_bgw_common.sql:72: WARNING: no privileges were granted for "public" \c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER CREATE TABLE test_continuous_agg_table(time int, data int); \if :IS_DISTRIBUTED diff --git a/tsl/test/expected/cagg_ddl_dist_ht.out b/tsl/test/expected/cagg_ddl_dist_ht.out index ab2bff3a7..6b4df4b8e 100644 --- a/tsl/test/expected/cagg_ddl_dist_ht.out +++ b/tsl/test/expected/cagg_ddl_dist_ht.out @@ -36,6 +36,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; \set IS_DISTRIBUTED TRUE \ir include/cagg_ddl_common.sql -- This file and its contents are licensed under the Timescale License. diff --git a/tsl/test/expected/chunk_api.out b/tsl/test/expected/chunk_api.out index 6d41f2b70..7d4561c54 100644 --- a/tsl/test/expected/chunk_api.out +++ b/tsl/test/expected/chunk_api.out @@ -286,6 +286,8 @@ FROM ( GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2 TO :ROLE_1, :ROLE_DEFAULT_PERM_USER; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; CREATE TABLE disttable (time timestamptz, device int, temp float, color text); SELECT * FROM create_distributed_hypertable('disttable', 'time', 'device'); diff --git a/tsl/test/expected/compression_bgw.out b/tsl/test/expected/compression_bgw.out index f6a2f4f77..da35b2ee7 100644 --- a/tsl/test/expected/compression_bgw.out +++ b/tsl/test/expected/compression_bgw.out @@ -3,6 +3,8 @@ -- LICENSE-TIMESCALE for a copy of the license. \c :TEST_DBNAME :ROLE_SUPERUSER CREATE ROLE NOLOGIN_ROLE WITH nologin noinherit; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO NOLOGIN_ROLE; GRANT NOLOGIN_ROLE TO :ROLE_DEFAULT_PERM_USER WITH ADMIN OPTION; \c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER CREATE TABLE conditions ( diff --git a/tsl/test/expected/data_node.out b/tsl/test/expected/data_node.out index f941793b9..bd4add077 100644 --- a/tsl/test/expected/data_node.out +++ b/tsl/test/expected/data_node.out @@ -200,6 +200,8 @@ SELECT node_name, database, node_created, database_created, extension_created FR data_node_3 | db_data_node_3 | t | t | t (1 row) +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; -- Create a distributed hypertable where no nodes can be selected -- because there are no data nodes with the right permissions. @@ -222,6 +224,8 @@ RESET ROLE; GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SELECT node_name FROM timescaledb_information.data_nodes ORDER BY node_name; @@ -297,6 +301,8 @@ RESET ROLE; GRANT USAGE ON FOREIGN SERVER data_node_3 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; -- Now specify less slices than there are data nodes to generate a -- warning @@ -744,6 +750,8 @@ SELECT node_name, database, node_created, database_created, extension_created FR GRANT USAGE ON FOREIGN SERVER data_node_4 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SELECT * FROM attach_data_node('data_node_4', 'disttable'); NOTICE: the number of partitions in dimension "device" was increased to 2 hypertable_id | node_hypertable_id | node_name @@ -868,6 +876,8 @@ SELECT node_name, database, node_created, database_created, extension_created FR (1 row) GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2, data_node_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; DROP TABLE disttable; CREATE TABLE disttable(time timestamptz, device int, temp float); @@ -1334,6 +1344,8 @@ SELECT node_name, database, node_created, database_created, extension_created FR (1 row) GRANT ALL ON FOREIGN SERVER data_node_4, data_node_5 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; -- Create table as super user SET ROLE :ROLE_SUPERUSER; CREATE TABLE disttable_3(time timestamptz, device int, temp float); diff --git a/tsl/test/expected/dist_api_calls.out b/tsl/test/expected/dist_api_calls.out index 3be2a825c..3c7b1e9e6 100644 --- a/tsl/test/expected/dist_api_calls.out +++ b/tsl/test/expected/dist_api_calls.out @@ -24,6 +24,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; -- Create a distributed hypertable with data SET ROLE :ROLE_1; CREATE TABLE disttable( diff --git a/tsl/test/expected/dist_compression.out b/tsl/test/expected/dist_compression.out index 29eaee981..974c52fe1 100644 --- a/tsl/test/expected/dist_compression.out +++ b/tsl/test/expected/dist_compression.out @@ -41,6 +41,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; CREATE TABLE compressed(time timestamptz, device int, temp float); -- Replicate twice to see that compress_chunk compresses all replica chunks diff --git a/tsl/test/expected/dist_copy_format_long.out b/tsl/test/expected/dist_copy_format_long.out index 12be237ff..4fbfbc2d4 100644 --- a/tsl/test/expected/dist_copy_format_long.out +++ b/tsl/test/expected/dist_copy_format_long.out @@ -29,6 +29,8 @@ SELECT 1 FROM add_data_node('data_node_3', host => 'localhost', (1 row) GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2, data_node_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; -- Aim to about 100 partitions, the data is from 1995 to 2022. create table uk_price_paid(price integer, "date" date, postcode1 text, postcode2 text, type smallint, is_new bool, duration smallint, addr1 text, addr2 text, street text, locality text, town text, district text, country text, category smallint); diff --git a/tsl/test/expected/dist_copy_long.out b/tsl/test/expected/dist_copy_long.out index 7df654776..bda05abba 100644 --- a/tsl/test/expected/dist_copy_long.out +++ b/tsl/test/expected/dist_copy_long.out @@ -28,6 +28,8 @@ SELECT 1 FROM add_data_node('data_node_3', host => 'localhost', (1 row) GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2, data_node_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; create table uk_price_paid(price integer, "date" date, postcode1 text, postcode2 text, type smallint, is_new bool, duration smallint, addr1 text, addr2 text, street text, locality text, town text, district text, country text, category smallint); -- Aim to about 100 partitions, the data is from 1995 to 2022. diff --git a/tsl/test/expected/dist_move_chunk.out b/tsl/test/expected/dist_move_chunk.out index 1e0251800..18eed56ce 100644 --- a/tsl/test/expected/dist_move_chunk.out +++ b/tsl/test/expected/dist_move_chunk.out @@ -20,6 +20,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; CREATE TABLE dist_test(time timestamp NOT NULL, device int, temp float); SELECT create_distributed_hypertable('dist_test', 'time', 'device', 3); diff --git a/tsl/test/expected/dist_policy.out b/tsl/test/expected/dist_policy.out index 5d1e08131..985ac954d 100644 --- a/tsl/test/expected/dist_policy.out +++ b/tsl/test/expected/dist_policy.out @@ -21,6 +21,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; -- Create a fake clock that we can use below and make sure that it is -- defined on the data nodes as well. CREATE TABLE time_table (time BIGINT); diff --git a/tsl/test/expected/exp_cagg_monthly.out b/tsl/test/expected/exp_cagg_monthly.out index 2c9fb97b7..d1df7fea7 100644 --- a/tsl/test/expected/exp_cagg_monthly.out +++ b/tsl/test/expected/exp_cagg_monthly.out @@ -1044,6 +1044,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; SET ROLE :ROLE_DEFAULT_PERM_USER; CREATE TABLE conditions_dist( day DATE NOT NULL, diff --git a/tsl/test/expected/exp_cagg_origin.out b/tsl/test/expected/exp_cagg_origin.out index 1172b46c6..c20697aea 100644 --- a/tsl/test/expected/exp_cagg_origin.out +++ b/tsl/test/expected/exp_cagg_origin.out @@ -484,6 +484,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; SET ROLE :ROLE_DEFAULT_PERM_USER; CREATE TABLE conditions_dist( day date NOT NULL, diff --git a/tsl/test/expected/exp_cagg_timezone.out b/tsl/test/expected/exp_cagg_timezone.out index 22d517155..f4e624ebf 100644 --- a/tsl/test/expected/exp_cagg_timezone.out +++ b/tsl/test/expected/exp_cagg_timezone.out @@ -667,6 +667,8 @@ FROM ( (3 rows) GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; SET ROLE :ROLE_DEFAULT_PERM_USER; CREATE TABLE conditions_dist( day timestamptz NOT NULL, diff --git a/tsl/test/sql/cagg_bgw_dist_ht.sql b/tsl/test/sql/cagg_bgw_dist_ht.sql index 1c9774d7a..2d5f36279 100644 --- a/tsl/test/sql/cagg_bgw_dist_ht.sql +++ b/tsl/test/sql/cagg_bgw_dist_ht.sql @@ -20,6 +20,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; \set IS_DISTRIBUTED TRUE diff --git a/tsl/test/sql/cagg_ddl_dist_ht.sql b/tsl/test/sql/cagg_ddl_dist_ht.sql index 352b1a0a0..b5ae514a0 100644 --- a/tsl/test/sql/cagg_ddl_dist_ht.sql +++ b/tsl/test/sql/cagg_ddl_dist_ht.sql @@ -20,7 +20,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; \set IS_DISTRIBUTED TRUE \ir include/cagg_ddl_common.sql diff --git a/tsl/test/sql/chunk_api.sql b/tsl/test/sql/chunk_api.sql index f03d49015..3b612f651 100644 --- a/tsl/test/sql/chunk_api.sql +++ b/tsl/test/sql/chunk_api.sql @@ -149,6 +149,8 @@ FROM ( GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2 TO :ROLE_1, :ROLE_DEFAULT_PERM_USER; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; CREATE TABLE disttable (time timestamptz, device int, temp float, color text); diff --git a/tsl/test/sql/compression_bgw.sql b/tsl/test/sql/compression_bgw.sql index 0bfa5fe51..ce7b0c6f1 100644 --- a/tsl/test/sql/compression_bgw.sql +++ b/tsl/test/sql/compression_bgw.sql @@ -5,6 +5,8 @@ \c :TEST_DBNAME :ROLE_SUPERUSER CREATE ROLE NOLOGIN_ROLE WITH nologin noinherit; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO NOLOGIN_ROLE; GRANT NOLOGIN_ROLE TO :ROLE_DEFAULT_PERM_USER WITH ADMIN OPTION; \c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER diff --git a/tsl/test/sql/data_node.sql b/tsl/test/sql/data_node.sql index 97a9703c9..5b7c4e10a 100644 --- a/tsl/test/sql/data_node.sql +++ b/tsl/test/sql/data_node.sql @@ -120,7 +120,8 @@ SET client_min_messages TO INFO; SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_1', host => 'localhost', database => :'DN_DBNAME_1'); SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_2', host => 'localhost', database => :'DN_DBNAME_2'); SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_3', host => 'localhost', database => :'DN_DBNAME_3'); - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; -- Create a distributed hypertable where no nodes can be selected @@ -141,6 +142,8 @@ RESET ROLE; GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SELECT node_name FROM timescaledb_information.data_nodes @@ -186,6 +189,8 @@ RESET ROLE; GRANT USAGE ON FOREIGN SERVER data_node_3 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; -- Now specify less slices than there are data nodes to generate a @@ -390,6 +395,8 @@ SELECT node_name, database, node_created, database_created, extension_created FR GRANT USAGE ON FOREIGN SERVER data_node_4 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SELECT * FROM attach_data_node('data_node_4', 'disttable'); -- Recheck that ownership on data_node_4 is proper SELECT * FROM test.remote_exec(NULL, $$ SELECT tablename, tableowner from pg_catalog.pg_tables where tablename = 'disttable'; $$); @@ -441,7 +448,8 @@ SELECT node_name, database, node_created, database_created, extension_created FR SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_2', host => 'localhost', database => :'DN_DBNAME_2'); SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_3', host => 'localhost', database => :'DN_DBNAME_3'); GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2, data_node_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; DROP TABLE disttable; @@ -603,6 +611,8 @@ SET ROLE :ROLE_CLUSTER_SUPERUSER; SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_4', host => 'localhost', database => :'DN_DBNAME_4'); SELECT node_name, database, node_created, database_created, extension_created FROM add_data_node('data_node_5', host => 'localhost', database => :'DN_DBNAME_5'); GRANT ALL ON FOREIGN SERVER data_node_4, data_node_5 TO PUBLIC; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; -- Create table as super user SET ROLE :ROLE_SUPERUSER; CREATE TABLE disttable_3(time timestamptz, device int, temp float); diff --git a/tsl/test/sql/dist_api_calls.sql b/tsl/test/sql/dist_api_calls.sql index 01cd7f43a..b7624f92d 100644 --- a/tsl/test/sql/dist_api_calls.sql +++ b/tsl/test/sql/dist_api_calls.sql @@ -25,7 +25,8 @@ FROM ( FROM (VALUES (:'DATA_NODE_1'), (:'DATA_NODE_2'), (:'DATA_NODE_3')) v(name) ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; -- Create a distributed hypertable with data SET ROLE :ROLE_1; CREATE TABLE disttable( diff --git a/tsl/test/sql/dist_compression.sql b/tsl/test/sql/dist_compression.sql index 3d99c2eea..7c3c927e6 100644 --- a/tsl/test/sql/dist_compression.sql +++ b/tsl/test/sql/dist_compression.sql @@ -21,6 +21,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; CREATE TABLE compressed(time timestamptz, device int, temp float); diff --git a/tsl/test/sql/dist_copy_format_long.sql b/tsl/test/sql/dist_copy_format_long.sql index 217a3383c..1a5d232b8 100644 --- a/tsl/test/sql/dist_copy_format_long.sql +++ b/tsl/test/sql/dist_copy_format_long.sql @@ -18,7 +18,8 @@ SELECT 1 FROM add_data_node('data_node_2', host => 'localhost', SELECT 1 FROM add_data_node('data_node_3', host => 'localhost', database => :'DN_DBNAME_3'); GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2, data_node_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; diff --git a/tsl/test/sql/dist_copy_long.sql b/tsl/test/sql/dist_copy_long.sql index 4b89ab6b2..841fbd647 100644 --- a/tsl/test/sql/dist_copy_long.sql +++ b/tsl/test/sql/dist_copy_long.sql @@ -17,7 +17,8 @@ SELECT 1 FROM add_data_node('data_node_2', host => 'localhost', SELECT 1 FROM add_data_node('data_node_3', host => 'localhost', database => :'DN_DBNAME_3'); GRANT USAGE ON FOREIGN SERVER data_node_1, data_node_2, data_node_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; diff --git a/tsl/test/sql/dist_move_chunk.sql b/tsl/test/sql/dist_move_chunk.sql index f8f6db301..30af0b900 100644 --- a/tsl/test/sql/dist_move_chunk.sql +++ b/tsl/test/sql/dist_move_chunk.sql @@ -20,7 +20,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; SET ROLE :ROLE_1; CREATE TABLE dist_test(time timestamp NOT NULL, device int, temp float); diff --git a/tsl/test/sql/dist_policy.sql b/tsl/test/sql/dist_policy.sql index 42b41db24..83bea9422 100644 --- a/tsl/test/sql/dist_policy.sql +++ b/tsl/test/sql/dist_policy.sql @@ -21,6 +21,8 @@ FROM ( FROM (VALUES (:'DATA_NODE_1'), (:'DATA_NODE_2'), (:'DATA_NODE_3')) v(name) ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO :ROLE_1; +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_1; -- Create a fake clock that we can use below and make sure that it is -- defined on the data nodes as well. diff --git a/tsl/test/sql/exp_cagg_monthly.sql b/tsl/test/sql/exp_cagg_monthly.sql index fbf9ba97d..1d439917f 100644 --- a/tsl/test/sql/exp_cagg_monthly.sql +++ b/tsl/test/sql/exp_cagg_monthly.sql @@ -420,7 +420,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; SET ROLE :ROLE_DEFAULT_PERM_USER; CREATE TABLE conditions_dist( diff --git a/tsl/test/sql/exp_cagg_origin.sql b/tsl/test/sql/exp_cagg_origin.sql index bb6e72f26..54d2ac410 100644 --- a/tsl/test/sql/exp_cagg_origin.sql +++ b/tsl/test/sql/exp_cagg_origin.sql @@ -267,7 +267,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; SET ROLE :ROLE_DEFAULT_PERM_USER; CREATE TABLE conditions_dist( diff --git a/tsl/test/sql/exp_cagg_timezone.sql b/tsl/test/sql/exp_cagg_timezone.sql index 61b18f6d3..28baa50a6 100644 --- a/tsl/test/sql/exp_cagg_timezone.sql +++ b/tsl/test/sql/exp_cagg_timezone.sql @@ -429,7 +429,8 @@ FROM ( ) a; GRANT USAGE ON FOREIGN SERVER :DATA_NODE_1, :DATA_NODE_2, :DATA_NODE_3 TO PUBLIC; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; SET ROLE :ROLE_DEFAULT_PERM_USER; CREATE TABLE conditions_dist( diff --git a/tsl/test/sql/include/cagg_bgw_common.sql b/tsl/test/sql/include/cagg_bgw_common.sql index c3b774fc1..5ebe3fcd8 100644 --- a/tsl/test/sql/include/cagg_bgw_common.sql +++ b/tsl/test/sql/include/cagg_bgw_common.sql @@ -68,9 +68,9 @@ SELECT ts_bgw_params_create(); SELECT * FROM _timescaledb_config.bgw_job; SELECT * FROM timescaledb_information.job_stats; SELECT * FROM _timescaledb_catalog.continuous_agg; - +-- though user on access node has required GRANTS, this will propagate GRANTS to the connected data nodes +GRANT CREATE ON SCHEMA public TO :ROLE_DEFAULT_PERM_USER; \c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER - CREATE TABLE test_continuous_agg_table(time int, data int); \if :IS_DISTRIBUTED SELECT create_distributed_hypertable('test_continuous_agg_table', 'time', chunk_time_interval => 10, replication_factor => 2);