Allow avnadmin creating database using sql [DDB-1557] #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mkmkme
approved these changes
Jan 17, 2025
| @@ -469,6 +475,54 @@ BlockIO InterpreterGrantQuery::execute() | |||
| if (need_check_grantees_are_allowed) | |||
| current_user_access->checkGranteesAreAllowed(grantees); | |||
|
|
|||
| if (query.default_replicated_db_privileges) { | |||
| auto context = getContext(); | |||
| auto username = context->getUserName(); | |||
There was a problem hiding this comment.
I rely on linters which I did not setup there too much(
| "TRUNCATE " | ||
| "ON " + escapeString(db_name) + ".* TO " + escapeString(grantee) + " WITH GRANT OPTION"; | ||
|
|
||
| auto exec_result = executeQuery(default_grant_query, getContext(), QueryFlags{ .internal = true }); |
There was a problem hiding this comment.
you have context variable above. Maybe it'd be better to use it instead of getContext() here?
|
|
||
| void InterpreterCreateQuery::checkDatabaseNameAllowed() { | ||
| auto & create = query_ptr->as<ASTCreateQuery &>(); | ||
| if (!create.database || internal) |
There was a problem hiding this comment.
Check for !create.database is superfluous here, since this function is called only when is_create_database is true which means create.database is always true at this point.
There was a problem hiding this comment.
Ok, probably unnecessary safety measure...
| create_interpreter->setIsRestoreFromBackup(flags.distributed_backup_restore); | ||
| // create_interpreter->setInternal(flags.internal); |
There are 2 main changes: 1. Allow `avnadmin` calling `CREATE DATABASE`, which overrides during execution phase, ensuring correct parameters are passed and running it with `aiven` privileges. 2. Introduce `GRANT DEFAULT REPLICATED DATABASE PRIVILEGES` statement, which will give a user a default set of privileges for a database. This is necessary to maintain a common source of truth while creating databases from different environments.
Khatskevich
force-pushed
the
khatskevich/create-db
branch
from
8dec864 to
0390b75
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There are 2 main changes:
avnadmincallingCREATE DATABASE, which overrides during execution phase, ensuring correct parameters are passed and running it withaivenprivileges.GRANT DEFAULT REPLICATED DATABASE PRIVILEGESstatement, which will give a user a default set of privileges for a database. This is necessary to maintain a common source of truth while creating databases from different environments.Changelog category (leave one):
Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):
...
Documentation entry for user-facing changes
CI Settings (Only check the boxes if you know what you are doing):