Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow TAM chunk creation as non-owner #7913

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Allow TAM chunk creation as non-owner #7913

wants to merge 1 commit into from
+140 −2

Conversation

erimatnor
Copy link
Contributor

When using Hypercore TAM on the hypertable, new chunks are created as hypercore chunks, including the compressed relation. This means that the compressed relation is created as the inserting user. However, if the inserting user is not the table owner, this operation failed.

The reason it failed was because some toast settings were changed on the compressed chunk during its creation without switching to a role with proper permissions. This is easily fixed by extending the section of code that is executed under the permissive role.

@erimatnor erimatnor requested a review from mkindahl April 4, 2025 11:46
@erimatnor erimatnor added this to the v2.19.2 milestone Apr 4, 2025
@erimatnor erimatnor force-pushed the hypercore-fix-create-chunk-as-non-owner branch 3 times, most recently from 47545fd to f4f6474 Compare April 4, 2025 13:02
@codecov Codecov
Copy link

codecov bot commented Apr 4, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.92%. Comparing base (59f50f2) to head (b41204d).
Report is 867 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7913      +/-   ##
==========================================
+ Coverage   80.06%   81.92%   +1.85%     
==========================================
  Files         190      249      +59     
  Lines       37181    46147    +8966     
  Branches     9450    11569    +2119     
==========================================
+ Hits        29770    37806    +8036     
- Misses       2997     3784     +787     
- Partials     4414     4557     +143

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@erimatnor erimatnor force-pushed the hypercore-fix-create-chunk-as-non-owner branch from f4f6474 to 5fb5bef Compare April 4, 2025 13:13
@erimatnor
Allow TAM chunk creation as non-owner
b41204d 
When using Hypercore TAM on the hypertable, new chunks are created as
hypercore chunks, including the compressed relation. This means that
the compressed relation is created as the inserting user. However, if
the inserting user is not the table owner, this operation failed.

The reason it failed was because some toast settings were changed on
the compressed chunk during its creation without switching to a role
with proper permissions. This is easily fixed by extending the section
of code that is executed under the permissive role.
@erimatnor erimatnor force-pushed the hypercore-fix-create-chunk-as-non-owner branch from 5fb5bef to b41204d Compare April 4, 2025 13:45
@erimatnor erimatnor marked this pull request as ready for review April 4, 2025 13:45
@philkra philkra modified the milestones: v2.19.2, v2.19.3 Apr 7, 2025
mkindahl
mkindahl reviewed Apr 7, 2025
View reviewed changes
test/runner.sh
@@ -82,6 +82,7 @@ if mkdir ${TEST_OUTPUT_DIR}/.pg_init 2>/dev/null; then
ALTER USER ${TEST_ROLE_SUPERUSER} WITH SUPERUSER;
ALTER USER ${TEST_ROLE_CLUSTER_SUPERUSER} WITH SUPERUSER;
ALTER USER ${TEST_ROLE_DEFAULT_PERM_USER} WITH CREATEROLE;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AFAICT, the idea with the "default permissions user" is to have something that cannot do to much and test with that. If you allow it to create new roles, it is not a "default permission user". Can't you use a role with superuser privileges to create new roles?

tsl/test/expected/hypercore_create.out
Comment on lines +1143 to +1153
-- An insert should create a new hypercore chunk, including the compressed chunk
insert into conditions values ('2024-01-02', 'school', 99.5);
select chunk, amname, cs.compress_relid
from show_chunks('conditions') as chunk
join pg_class on (pg_class.oid = chunk)
join pg_am on (relam = pg_am.oid)
join _timescaledb_catalog.compression_settings cs on (cs.relid = chunk);
chunk | amname | compress_relid
------------------------------------------+-----------+--------------------------------------------------
_timescaledb_internal._hyper_12_49_chunk | hypercore | _timescaledb_internal.compress_hyper_13_50_chunk
(1 row)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you also show the owner in result set (for both the compressed and non-compressed chunk)? I can imagine situations where you by mistake change the code so that inserts work well but the owner is not correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkindahl mkindahl mkindahl left review comments

@fabriziomello fabriziomello fabriziomello approved these changes

@melihmutlu melihmutlu Awaiting requested review from melihmutlu

Assignees

@erimatnor erimatnor

Labels
None yet
Projects
None yet
Milestone
v2.19.3
Development

Successfully merging this pull request may close these issues.
4 participants
@erimatnor @fabriziomello @mkindahl @philkra