Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql: fix excess privileges being created from default privileges. #72323

Merged
merged 1 commit into from
Nov 3, 2021
Merged

sql: fix excess privileges being created from default privileges. #72323

merged 1 commit into from
Nov 3, 2021

Conversation

RichardJCai
Copy link
Contributor

Release note (bug fix): Previously, when creating an object
default privileges from users that were not the user creating
the object would be added to the privileges of the object.
This fix ensures only the relevant default privileges are applied.

Resolves #72322

@RichardJCai RichardJCai requested review from rafiss and a team November 2, 2021 16:09
@cockroach-teamcity
Copy link
Member

This change is Reviewable

rafiss
rafiss reviewed Nov 2, 2021
View reviewed changes
pkg/sql/catalog/catprivilege/default_privilege.go
@@ -148,28 +148,35 @@ func (d *immutable) CreatePrivilegesFromDefaultPrivileges(
// If default privileges are not defined for the creator role, we handle
// it as the default case where the user has all privileges.
role := descpb.DefaultPrivilegesRole{Role: user}
if _, found := d.GetDefaultPrivilegesForRole(role); !found {
if defaultPrivilegesForRole, found := d.GetDefaultPrivilegesForRole(role); !found {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does the comment above need adjusting?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No this is still accurate but it might be more fitting to put this into the if !found clause? Thoughts?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah i'm in favor of putting it inside of if !found and then one more comment inside of the else

rafiss
rafiss approved these changes Nov 2, 2021
View reviewed changes
Copy link
Collaborator

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm after commenting

@RichardJCai RichardJCai force-pushed the fix_creating_excess_privileges_from_default_privileges_11022021 branch from 5d1a574 to 110f641 Compare November 2, 2021 17:14
@RichardJCai
sql: fix excess privileges being created from default privileges.
aeb60d0 
Release note (bug fix): Previously, when creating an object
default privileges from users that were not the user creating
the object would be added to the privileges of the object.
This fix ensures only the relevant default privileges are applied.
@RichardJCai RichardJCai force-pushed the fix_creating_excess_privileges_from_default_privileges_11022021 branch from 110f641 to aeb60d0 Compare November 2, 2021 17:15
ajwerner
ajwerner approved these changes Nov 2, 2021
View reviewed changes
Copy link
Contributor

@ajwerner ajwerner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Part of me wonders if the thing we were missing here was table-driven unit testing of the functions in catprivilege.

Reviewed 1 of 2 files at r1.
Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained (waiting on @ajwerner, @rafiss, and @RichardJCai)

@RichardJCai
Copy link
Contributor Author

TFTR!
bors r+

@RichardJCai
Copy link
Contributor Author

:lgtm:

Part of me wonders if the thing we were missing here was table-driven unit testing of the functions in catprivilege.

Reviewed 1 of 2 files at r1.
Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained (waiting on @ajwerner, @rafiss, and @RichardJCai)

Yeah we're definitely missing some unit tests here. I'll add some in, this isn't good

@craig
Copy link
Contributor

craig bot commented Nov 2, 2021

Build failed (retrying...):

@craig
Copy link
Contributor

craig bot commented Nov 2, 2021

Build failed (retrying...):

@craig
Copy link
Contributor

craig bot commented Nov 3, 2021

Build failed:

@RichardJCai
Copy link
Contributor Author

Looks like the test failure is a flake.
bors r+

@craig
Copy link
Contributor

craig bot commented Nov 3, 2021

Build failed (retrying...):

@craig
Copy link
Contributor

craig bot commented Nov 3, 2021

Build failed (retrying...):

@craig craig bot merged commit 3bc13c2 into cockroachdb:master Nov 3, 2021
@craig
Copy link
Contributor

craig bot commented Nov 3, 2021

Build succeeded:

@blathers-crl blathers-crl bot mentioned this pull request Nov 3, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajwerner ajwerner ajwerner approved these changes

@rafiss rafiss rafiss approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

sql: default privileges, granting excess privileges when creating an object
4 participants
@RichardJCai @cockroach-teamcity @rafiss @ajwerner