Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add ability to set sql security option #379

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dev-mkc19
Copy link

@dev-mkc19 dev-mkc19 commented Nov 6, 2024

resolve SQL security and definer logic #359

Summary

Starting from v.24.2 ClickHouse have sql security and definer logic (for view), this changes add ability to use this feature within dbt.

Checklist

Delete items not relevant to your PR:

  • Unit and integration tests covering the common scenarios were added
  • A human-readable description of the changes was provided to include in CHANGELOG
  • For significant changes, documentation in https://github.com/ClickHouse/clickhouse-docs was updated with further explanations or tutorials

resolve SQL security and definer logic ClickHouse#359
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.


Mikhail K seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

@dev-mkc19
Copy link
Author

@genzgd Hi. Could you look at my changes quickly please. I have doubt with the following question:

  1. Is it appropriate implementation? (perhaps there are some hidden/unwritten rules which might block merge)
  2. Where to place tests? I couldn't find existing .py file with the test cases for view. Does the structure of py files fixed or I can create for instance tests/integration/adapter/view/test_base_view.py?
  3. Should I implement this feature for materialized views also or it's not necessary now?

@dev-mkc19
Copy link
Author

@BentsiLeviav @genzgd @3fonov Could you answer questions above?

DEFINER = {{ definer }} SQL SECURITY DEFINER
{%- elif sql_security == 'invoker' %}
SQL SECURITY INVOKER
{%- elif sql_security == 'none' %}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we better keep this option unimplemented, as it is deprecated

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to be clear, I meant the none option, as the documentation indicates the following:

SQL SECURITY NONE is a deprecated option. Any user with the rights to create views with SQL SECURITY NONE will be able to execute any arbitrary query. Thus, it is required to have GRANT ALLOW SQL SECURITY NONE TO in order to create a view with this option.

@BentsiLeviav
Copy link
Contributor

Hi @dev-mkc19
Thank you for your contribution!

Per your questions:

  1. Yes. I left you one small comment.
  2. The path you mentioned is great; you can also add the base view test.
  3. I strongly recommend that, as it is not a heavy lift after what you have already implemented, and it will benefit the entire community (which uses MV extensively).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants