rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add COMMENT and SECURITY LABEL support for publications and subscriptions

This commit is contained in:
Peter Eisentraut 2017-03-24 23:25:24 -04:00
parent 7678fe1c6d
commit 87dee41f3e
11 changed files with 100 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/src/sgml/ref/comment.sgml
View File

@ -46,12 +46,14 @@ COMMENT ON
OPERATOR FAMILY <replaceable class="PARAMETER">object_name</replaceable> USING <replaceable class="parameter">index_method</replaceable> |
POLICY <replaceable class="PARAMETER">policy_name</replaceable> ON <replaceable class="PARAMETER">table_name</replaceable> |
[ PROCEDURAL ] LANGUAGE <replaceable class="PARAMETER">object_name</replaceable> |
PUBLICATION <replaceable class="PARAMETER">object_name</replaceable> |
ROLE <replaceable class="PARAMETER">object_name</replaceable> |
RULE <replaceable class="PARAMETER">rule_name</replaceable> ON <replaceable class="PARAMETER">table_name</replaceable> |
SCHEMA <replaceable class="PARAMETER">object_name</replaceable> |
SEQUENCE <replaceable class="PARAMETER">object_name</replaceable> |
SERVER <replaceable class="PARAMETER">object_name</replaceable> |
STATISTICS <replaceable class="PARAMETER">object_name</replaceable> |
SUBSCRIPTION <replaceable class="PARAMETER">object_name</replaceable> |
TABLE <replaceable class="PARAMETER">object_name</replaceable> |
TABLESPACE <replaceable class="PARAMETER">object_name</replaceable> |
TEXT SEARCH CONFIGURATION <replaceable class="PARAMETER">object_name</replaceable> |

2
doc/src/sgml/ref/security_label.sgml
View File

@ -34,9 +34,11 @@ SECURITY LABEL [ FOR <replaceable class="PARAMETER">provider</replaceable> ] ON
LARGE OBJECT <replaceable class="PARAMETER">large_object_oid</replaceable> |
MATERIALIZED VIEW <replaceable class="PARAMETER">object_name</replaceable> |
[ PROCEDURAL ] LANGUAGE <replaceable class="PARAMETER">object_name</replaceable> |
PUBLICATION <replaceable class="PARAMETER">object_name</replaceable> |
ROLE <replaceable class="PARAMETER">object_name</replaceable> |
SCHEMA <replaceable class="PARAMETER">object_name</replaceable> |
SEQUENCE <replaceable class="PARAMETER">object_name</replaceable> |
SUBSCRIPTION <replaceable class="PARAMETER">object_name</replaceable> |
TABLESPACE <replaceable class="PARAMETER">object_name</replaceable> |
TYPE <replaceable class="PARAMETER">object_name</replaceable> |
VIEW <replaceable class="PARAMETER">object_name</replaceable>

22
src/backend/catalog/system_views.sql
View File

@ -424,6 +424,28 @@ FROM
WHERE
l.objsubid = 0
UNION ALL
SELECT
l.objoid, l.classoid, l.objsubid,
'publication'::text AS objtype,
NULL::oid AS objnamespace,
quote_ident(p.pubname) AS objname,
l.provider, l.label
FROM
pg_seclabel l
JOIN pg_publication p ON l.classoid = p.tableoid AND l.objoid = p.oid
WHERE
l.objsubid = 0
UNION ALL
SELECT
l.objoid, l.classoid, 0::int4 AS objsubid,
'subscription'::text AS objtype,
NULL::oid AS objnamespace,
quote_ident(s.subname) AS objname,
l.provider, l.label
FROM
pg_shseclabel l
JOIN pg_subscription s ON l.classoid = s.tableoid AND l.objoid = s.oid
UNION ALL
SELECT
l.objoid, l.classoid, 0::int4 AS objsubid,
'database'::text AS objtype,

4
src/backend/parser/gram.y
View File

@ -6340,9 +6340,11 @@ comment_type_name:
| EXTENSION { $$ = OBJECT_EXTENSION; }
| FOREIGN DATA_P WRAPPER { $$ = OBJECT_FDW; }
| opt_procedural LANGUAGE { $$ = OBJECT_LANGUAGE; }
| PUBLICATION { $$ = OBJECT_PUBLICATION; }
| ROLE { $$ = OBJECT_ROLE; }
| SCHEMA { $$ = OBJECT_SCHEMA; }
| SERVER { $$ = OBJECT_FOREIGN_SERVER; }
| SUBSCRIPTION { $$ = OBJECT_SUBSCRIPTION; }
| TABLESPACE { $$ = OBJECT_TABLESPACE; }
;
@ -6453,8 +6455,10 @@ security_label_type_name:
DATABASE { $$ = OBJECT_DATABASE; }
| EVENT TRIGGER { $$ = OBJECT_EVENT_TRIGGER; }
| opt_procedural LANGUAGE { $$ = OBJECT_LANGUAGE; }
| PUBLICATION { $$ = OBJECT_PUBLICATION; }
| ROLE { $$ = OBJECT_ROLE; }
| SCHEMA { $$ = OBJECT_SCHEMA; }
| SUBSCRIPTION { $$ = OBJECT_SUBSCRIPTION; }
| TABLESPACE { $$ = OBJECT_TABLESPACE; }
;

32
src/test/modules/dummy_seclabel/expected/dummy_seclabel.out
View File

@ -67,20 +67,28 @@ SECURITY LABEL ON FUNCTION dummy_seclabel_four() IS 'classified'; -- OK
SECURITY LABEL ON DOMAIN dummy_seclabel_domain IS 'classified'; -- OK
CREATE SCHEMA dummy_seclabel_test;
SECURITY LABEL ON SCHEMA dummy_seclabel_test IS 'unclassified'; -- OK
SET client_min_messages = error;
CREATE PUBLICATION dummy_pub;
CREATE SUBSCRIPTION dummy_sub CONNECTION '' PUBLICATION foo WITH (NOCONNECT);
RESET client_min_messages;
SECURITY LABEL ON PUBLICATION dummy_pub IS 'classified';
SECURITY LABEL ON SUBSCRIPTION dummy_sub IS 'classified';
SELECT objtype, objname, provider, label FROM pg_seclabels
ORDER BY objtype, objname;
objtype | objname | provider | label
----------+------------------------------+----------+--------------
column | dummy_seclabel_tbl1.a | dummy | unclassified
domain | dummy_seclabel_domain | dummy | classified
function | dummy_seclabel_four() | dummy | classified
role | regress_dummy_seclabel_user1 | dummy | classified
role | regress_dummy_seclabel_user2 | dummy | unclassified
schema | dummy_seclabel_test | dummy | unclassified
table | dummy_seclabel_tbl1 | dummy | top secret
table | dummy_seclabel_tbl2 | dummy | classified
view | dummy_seclabel_view1 | dummy | classified
(9 rows)
objtype | objname | provider | label
--------------+------------------------------+----------+--------------
column | dummy_seclabel_tbl1.a | dummy | unclassified
domain | dummy_seclabel_domain | dummy | classified
function | dummy_seclabel_four() | dummy | classified
publication | dummy_pub | dummy | classified
role | regress_dummy_seclabel_user1 | dummy | classified
role | regress_dummy_seclabel_user2 | dummy | unclassified
schema | dummy_seclabel_test | dummy | unclassified
subscription | dummy_sub | dummy | classified
table | dummy_seclabel_tbl1 | dummy | top secret
table | dummy_seclabel_tbl2 | dummy | classified
view | dummy_seclabel_view1 | dummy | classified
(11 rows)
-- check for event trigger
CREATE FUNCTION event_trigger_test()

7
src/test/modules/dummy_seclabel/sql/dummy_seclabel.sql
View File

@ -71,6 +71,13 @@ SECURITY LABEL ON DOMAIN dummy_seclabel_domain IS 'classified'; -- OK
CREATE SCHEMA dummy_seclabel_test;
SECURITY LABEL ON SCHEMA dummy_seclabel_test IS 'unclassified'; -- OK
SET client_min_messages = error;
CREATE PUBLICATION dummy_pub;
CREATE SUBSCRIPTION dummy_sub CONNECTION '' PUBLICATION foo WITH (NOCONNECT);
RESET client_min_messages;
SECURITY LABEL ON PUBLICATION dummy_pub IS 'classified';
SECURITY LABEL ON SUBSCRIPTION dummy_sub IS 'classified';
SELECT objtype, objname, provider, label FROM pg_seclabels
ORDER BY objtype, objname;

7
src/test/regress/expected/publication.out
View File

@ -6,6 +6,13 @@ CREATE ROLE regress_publication_user2;
CREATE ROLE regress_publication_user_dummy LOGIN NOSUPERUSER;
SET SESSION AUTHORIZATION 'regress_publication_user';
CREATE PUBLICATION testpub_default;
COMMENT ON PUBLICATION testpub_default IS 'test publication';
SELECT obj_description(p.oid, 'pg_publication') FROM pg_publication p;
obj_description
------------------
test publication
(1 row)
CREATE PUBLICATION testpib_ins_trunct WITH (nopublish delete, nopublish update);
ALTER PUBLICATION testpub_default WITH (nopublish insert, nopublish delete);
\dRp

23
src/test/regress/expected/rules.out
View File

@ -1605,6 +1605,29 @@ UNION ALL
FROM (pg_seclabel l
JOIN pg_event_trigger evt ON (((l.classoid = evt.tableoid) AND (l.objoid = evt.oid))))
WHERE (l.objsubid = 0)
UNION ALL
SELECT l.objoid,
l.classoid,
l.objsubid,
'publication'::text AS objtype,
NULL::oid AS objnamespace,
quote_ident((p.pubname)::text) AS objname,
l.provider,
l.label
FROM (pg_seclabel l
JOIN pg_publication p ON (((l.classoid = p.tableoid) AND (l.objoid = p.oid))))
WHERE (l.objsubid = 0)
UNION ALL
SELECT l.objoid,
l.classoid,
0 AS objsubid,
'subscription'::text AS objtype,
NULL::oid AS objnamespace,
quote_ident((s.subname)::text) AS objname,
l.provider,
l.label
FROM (pg_shseclabel l
JOIN pg_subscription s ON (((l.classoid = s.tableoid) AND (l.objoid = s.oid))))
UNION ALL
SELECT l.objoid,
l.classoid,

7
src/test/regress/expected/subscription.out
View File

@ -30,6 +30,13 @@ ERROR: publication name "foo" used more than once
-- ok
CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION testpub WITH (NOCONNECT);
WARNING: tables were not subscribed, you will have to run ALTER SUBSCRIPTION ... REFRESH PUBLICATION to subscribe the tables
COMMENT ON SUBSCRIPTION testsub IS 'test subscription';
SELECT obj_description(s.oid, 'pg_subscription') FROM pg_subscription s;
obj_description
-------------------
test subscription
(1 row)
-- fail - name already exists
CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION testpub WITH (NOCONNECT);
ERROR: subscription "testsub" already exists

3
src/test/regress/sql/publication.sql
View File

@ -8,6 +8,9 @@ SET SESSION AUTHORIZATION 'regress_publication_user';
CREATE PUBLICATION testpub_default;
COMMENT ON PUBLICATION testpub_default IS 'test publication';
SELECT obj_description(p.oid, 'pg_publication') FROM pg_publication p;
CREATE PUBLICATION testpib_ins_trunct WITH (nopublish delete, nopublish update);
ALTER PUBLICATION testpub_default WITH (nopublish insert, nopublish delete);

3
src/test/regress/sql/subscription.sql
View File

@ -27,6 +27,9 @@ CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION foo, te
-- ok
CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION testpub WITH (NOCONNECT);
COMMENT ON SUBSCRIPTION testsub IS 'test subscription';
SELECT obj_description(s.oid, 'pg_subscription') FROM pg_subscription s;
-- fail - name already exists
CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION testpub WITH (NOCONNECT);