babelfish-for-postgresql / babelfish_extensions / 10958645688
75%
BABEL_5_X_DEV: 75%

LAST BUILD BRANCH: supporting_views_ddl_logins
DEFAULT BRANCH: BABEL_5_X_DEV
Ran
Jobs 1
Files 115
Run time 10min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 74.442% (-0.001%) from 74.443%
10958645688

push

github

web-flow 
Support Cross-database references in views (#2899)

Support execution of views which references objects (tables/views/functions) from
across the databases. Here we are talking about Babelfish logical database (T-SQL database)
which is different from a physical Postgres database.
To support this, perform permission checks for cross database objects using session user (login)
instead of current_user (user of current T-SQL database). The reason login can be used for
permission check is since login is member of all it’s users, so it inherits all their permissions so it
will be able execute any cross database objects owned by its users.

This commit handles functions and tables/views separately for cross database permission
checks. For functions/procedures, a new hook `ExecFuncProc_AclCheck_hook` and for tables/views
existing `ExecutorStart_hook` will be used to decide whether to use session user or current_user
for permission check depending upon whether the object is from same or different database.
We will be using `is_schema_from_db` function to identify if the object is from different database
which performs a lookup into `babelfish_namespace_ext` catalog table which can be expensive as will
be doing it pretty frequently. So, added this table into SYSCACHE for better performance.
Tables/views permissions are handled slightly different than functions as we do not blindly want to check
the permissions against session user (current login) since permissions of RTEs inside a view are checked
against that view's owner which can very well be a user of some different database. So if we blindly check
permission against session user instead of view's owner then it would break view's ownership chaining.
Instead, we will replace `checkAsUser` with it's corresponding mapped login if present and only in cases
where `checkAsUser` is not set, we will replace it with session user (login). We are using login to allow cross
database queries since lo... (continued)

76 of 79 new or added lines in 2 files covered. (96.2%)

5 existing lines in 3 files now uncovered.

44886 of 60297 relevant lines covered (74.44%)

152456.03 hits per line

New Missed Lines in Diff

Lines Coverage File
1
87.18
 -0.1% contrib/babelfishpg_tsql/src/catalog.c
2
84.2
 0.15% contrib/babelfishpg_tsql/src/hooks.c

Uncovered Existing Lines

Lines Coverage File
1
75.15
 -0.2% contrib/babelfishpg_tsql/src/dbcmds.c
2
87.18
 -0.1% contrib/babelfishpg_tsql/src/catalog.c
2
76.03
 -0.63% contrib/babelfishpg_tds/src/backend/tds/tdscomm.c
Jobs
ID Job ID Ran Files Coverage
1 10958645688.1 115
74.44
 GitHub Action Run
Source Files on build 10958645688