Skip to content

Commit

Permalink
feat: Add ability to set sql security option
Browse files Browse the repository at this point in the history 
resolve SQL security and definer logic ClickHouse#359
  • Loading branch information
Mikhail K committed Nov 6, 2024
1 parent 065f3a7 commit 3eff1ea
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 3 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
### Release [1.8.5]
#### New Features
* Added abillity to set [SQL Security](https://clickhouse.com/docs/en/sql-reference/statements/create/view#sql_security) for normal views, referenced by [issue 359](https://github.com/ClickHouse/dbt-clickhouse/issues/359).

### Unreleased
### Improvement
* Added support for [range_hashed](https://clickhouse.com/docs/en/sql-reference/dictionaries#range_hashed) and [complex_key_range_hashed](https://clickhouse.com/docs/en/sql-reference/dictionaries#complex_key_range_hashed) layouts to the dictionary materialization. ([#361](https://github.com/ClickHouse/dbt-clickhouse/pull/361))
Expand Down
5 changes: 4 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ your_profile_name:
## Model Configuration

| Option | Description | Default if any |
|------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|
| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- |
| engine | The table engine (type of table) to use when creating tables | `MergeTree()` |
| order_by | A tuple of column names or arbitrary expressions. This allows you to create a small sparse index that helps find data faster. | `tuple()` |
| partition_by | A partition is a logical combination of records in a table by a specified criterion. The partition key can be any expression from the table columns. | |
Expand All @@ -111,6 +111,9 @@ your_profile_name:
| settings | A map/dictionary of "TABLE" settings to be used to DDL statements like 'CREATE TABLE' with this model | |
| query_settings | A map/dictionary of ClickHouse user level settings to be used with `INSERT` or `DELETE` statements in conjunction with this model | |
| ttl | A TTL expression to be used with the table. The TTL expression is a string that can be used to specify the TTL for the table. | |
| sql_security | Allow you to specify which ClickHouse user to use when executing the view's underlying query. `SQL SECURITY` has three legal values: `DEFINER``INVOKER`, or `NONE`. | |
| definer | If `sql_security` was set to `DEFINER`, you have to specify any existing user or `CURRENT_USER` in the `DEFINER` clause. | |
| | | |


## Column Configuration
Expand Down
2 changes: 1 addition & 1 deletion dbt/adapters/clickhouse/__version__.py
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
version = '1.8.4'
version = '1.8.5'
23 changes: 22 additions & 1 deletion dbt/include/clickhouse/macros/materializations/view.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,11 +67,32 @@
{%- endmaterialization -%}


{% macro get_sql_security_clause(relation) %}
{% set sql_security = config.get('sql_security') %}
{% if sql_security -%}
{% if sql_security == 'definer' -%}
{%- set definer = config.require('definer') -%}
{% if not definer -%}
{{ exceptions.raise_compiler_error("Invalid config parameter `definer`. No value was provided.") }}
{%- endif %}
DEFINER = {{ definer }} SQL SECURITY DEFINER
{%- elif sql_security == 'invoker' %}
SQL SECURITY INVOKER
{%- elif sql_security == 'none' %}
SQL SECURITY NONE
{%- else %}
{{ exceptions.raise_compiler_error("Invalid config parameter `sql_security`. Got: `" + sql_security + "`, but only definer | invoker | none allowed.") }}
{%- endif %}
{%- endif %}
{%- endmacro -%}


{% macro clickhouse__create_view_as(relation, sql) -%}
{%- set sql_header = config.get('sql_header', none) -%}
{{ sql_header if sql_header is not none }}

create view {{ relation.include(database=False) }} {{ on_cluster_clause(relation)}}
create view {{ relation.include(database=False) }} {{ on_cluster_clause(relation) }}
{{ get_sql_security_clause(relation) }}
{% set contract_config = config.get('contract') %}
{% if contract_config.enforced %}
{{ get_assert_columns_equivalent(sql) }}
Expand Down

0 comments on commit 3eff1ea

Please sign in to comment.