Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not allow predefined server roles to be members of each other #3292

Merged
merged 2 commits into from
Dec 20, 2024
Merged

Do not allow predefined server roles to be members of each other #3292

merged 2 commits into from
Dec 20, 2024

Conversation

anju15bharti
Copy link
Contributor

Description

Earlier fixed server-level roles could made members of each other.

With this commit, we blocked making predefined server-level roles members of each other.

Issues Resolved

BABEL-5484

@coveralls
Copy link
Collaborator

coveralls commented Dec 20, 2024
edited
Loading

Pull Request Test Coverage Report for Build 12427825146

Details

  • 2 of 2 (100.0%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.004%) to 74.864%
Totals Coverage Status
Change from base Build 12425559759: 0.004%
Covered Lines: 46567
Relevant Lines: 62202
💛 - Coveralls

HarshLunagariya
HarshLunagariya suggested changes Dec 20, 2024
View reviewed changes
contrib/babelfishpg_tsql/src/rolecmds.c Outdated
@@ -1946,6 +1946,12 @@ check_alter_server_stmt(GrantRoleStmt *stmt)
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
errmsg("'sysadmin' role cannot be granted to login: a user is already created in database '%s'", db_name)));

/* Forbidden the use of fixed server principals as grantee*/
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems grammatically incorrect.

test/JDBC/expected/dbcreator_role-vu-verify.out
Comment on lines +597 to +608
Alter server role dbcreator add member securityadmin
go
~~ERROR (Code: 33557097)~~

~~ERROR (Message: Cannot use the special principal 'securityadmin')~~


Alter server role dbcreator add member dbcreator
go
~~ERROR (Code: 33557097)~~

~~ERROR (Message: Cannot use the special principal 'dbcreator')~~
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Please add dbcreator/secadmin <-> sysadmin combination.
  2. Are there existing testcases for PG endpoint?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Added more testcases.
  2. no it's the behaviour from BBF endpoint and for PG we have already blocked operations on BBF created objects.

@HarshLunagariya HarshLunagariya self-requested a review December 20, 2024 08:01
Add more testcases
c125588 
Signed-off-by: ANJU BHARTI <[email protected]>
@shardgupta shardgupta merged commit 3cba022 into babelfish-for-postgresql:BABEL_5_X_DEV Dec 20, 2024
44 checks passed
@shardgupta shardgupta deleted the fixed_serv-role branch December 20, 2024 09:17
anju15bharti added a commit to amazon-aurora/babelfish_extensions that referenced this pull request Dec 20, 2024
@anju15bharti
Do not allow predefined server roles to be members of each other (bab…
864a314 
…elfish-for-postgresql#3292)

Earlier fixed server-level roles could made members of each other. With this commit, we blocked making predefined server-level roles members of each other.

Task: BABEL-5484

Signed-off-by: ANJU BHARTI <[email protected]>
shardgupta pushed a commit that referenced this pull request Dec 20, 2024
@anju15bharti
Do not allow predefined server roles to be members of each other (#3292
1624094 
…) (#3294)

Earlier fixed server-level roles could made members of each other. With this commit, we blocked making predefined server-level roles members of each other.

Task: BABEL-5484

Signed-off-by: ANJU BHARTI <[email protected]>
pranavJ23 pushed a commit to pranavJ23/babelfish_extensions that referenced this pull request Jan 6, 2025
@anju15bharti @pranavJ23
Do not allow predefined server roles to be members of each other (bab…
4c15d46 
…elfish-for-postgresql#3292)

Earlier fixed server-level roles could made members of each other. With this commit, we blocked making predefined server-level roles members of each other.

Task: BABEL-5484

Signed-off-by: ANJU BHARTI <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shardgupta shardgupta shardgupta approved these changes

@HarshLunagariya HarshLunagariya HarshLunagariya approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@anju15bharti @coveralls @HarshLunagariya @shardgupta