From 3eff1ea792ef9a56e68832c1e01c392d8e0b362c Mon Sep 17 00:00:00 2001 From: Mikhail K Date: Wed, 6 Nov 2024 13:27:17 +0300 Subject: [PATCH] feat: Add ability to set sql security option resolve SQL security and definer logic #359 --- CHANGELOG.md | 4 ++++ README.md | 5 +++- dbt/adapters/clickhouse/__version__.py | 2 +- .../macros/materializations/view.sql | 23 ++++++++++++++++++- 4 files changed, 31 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09ae63d4..b6fdcaab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +### Release [1.8.5] +#### New Features +* Added abillity to set [SQL Security](https://clickhouse.com/docs/en/sql-reference/statements/create/view#sql_security) for normal views, referenced by [issue 359](https://github.com/ClickHouse/dbt-clickhouse/issues/359). + ### Unreleased ### Improvement * Added support for [range_hashed](https://clickhouse.com/docs/en/sql-reference/dictionaries#range_hashed) and [complex_key_range_hashed](https://clickhouse.com/docs/en/sql-reference/dictionaries#complex_key_range_hashed) layouts to the dictionary materialization. ([#361](https://github.com/ClickHouse/dbt-clickhouse/pull/361)) diff --git a/README.md b/README.md index 99da7ff6..4c4183a2 100644 --- a/README.md +++ b/README.md @@ -98,7 +98,7 @@ your_profile_name: ## Model Configuration | Option | Description | Default if any | -|------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------| +| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | | engine | The table engine (type of table) to use when creating tables | `MergeTree()` | | order_by | A tuple of column names or arbitrary expressions. This allows you to create a small sparse index that helps find data faster. | `tuple()` | | partition_by | A partition is a logical combination of records in a table by a specified criterion. The partition key can be any expression from the table columns. | | @@ -111,6 +111,9 @@ your_profile_name: | settings | A map/dictionary of "TABLE" settings to be used to DDL statements like 'CREATE TABLE' with this model | | | query_settings | A map/dictionary of ClickHouse user level settings to be used with `INSERT` or `DELETE` statements in conjunction with this model | | | ttl | A TTL expression to be used with the table. The TTL expression is a string that can be used to specify the TTL for the table. | | +| sql_security | Allow you to specify which ClickHouse user to use when executing the view's underlying query. `SQL SECURITY` has three legal values: `DEFINER`, `INVOKER`, or `NONE`. | | +| definer | If `sql_security` was set to `DEFINER`, you have to specify any existing user or `CURRENT_USER` in the `DEFINER` clause. | | +| | | | ## Column Configuration diff --git a/dbt/adapters/clickhouse/__version__.py b/dbt/adapters/clickhouse/__version__.py index be6c9703..61aaff6b 100644 --- a/dbt/adapters/clickhouse/__version__.py +++ b/dbt/adapters/clickhouse/__version__.py @@ -1 +1 @@ -version = '1.8.4' +version = '1.8.5' diff --git a/dbt/include/clickhouse/macros/materializations/view.sql b/dbt/include/clickhouse/macros/materializations/view.sql index 09063fd4..c9b8cd3d 100644 --- a/dbt/include/clickhouse/macros/materializations/view.sql +++ b/dbt/include/clickhouse/macros/materializations/view.sql @@ -67,11 +67,32 @@ {%- endmaterialization -%} +{% macro get_sql_security_clause(relation) %} + {% set sql_security = config.get('sql_security') %} + {% if sql_security -%} + {% if sql_security == 'definer' -%} + {%- set definer = config.require('definer') -%} + {% if not definer -%} + {{ exceptions.raise_compiler_error("Invalid config parameter `definer`. No value was provided.") }} + {%- endif %} + DEFINER = {{ definer }} SQL SECURITY DEFINER + {%- elif sql_security == 'invoker' %} + SQL SECURITY INVOKER + {%- elif sql_security == 'none' %} + SQL SECURITY NONE + {%- else %} + {{ exceptions.raise_compiler_error("Invalid config parameter `sql_security`. Got: `" + sql_security + "`, but only definer | invoker | none allowed.") }} + {%- endif %} + {%- endif %} +{%- endmacro -%} + + {% macro clickhouse__create_view_as(relation, sql) -%} {%- set sql_header = config.get('sql_header', none) -%} {{ sql_header if sql_header is not none }} - create view {{ relation.include(database=False) }} {{ on_cluster_clause(relation)}} + create view {{ relation.include(database=False) }} {{ on_cluster_clause(relation) }} + {{ get_sql_security_clause(relation) }} {% set contract_config = config.get('contract') %} {% if contract_config.enforced %} {{ get_assert_columns_equivalent(sql) }}