database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-28 23:42:10 +03:00
Code Activity

Add partitioned table support to sepgsql

Browse Source 
The new partitioned table capability added a new relkind, namely
RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind
exactly the same way it does RELKIND_RELATION.

In addition, add regression test coverage for partitioned tables.

Issue raised by Stephen Frost and initial patch by Mike Palmiotto.
Review by Tom Lane and Robert Haas, and editorializing by me.

Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
This commit is contained in:
Joe Conway
2017-04-09 14:01:58 -07:00
parent eef8c0069e
commit 25542d77dd
13 changed files with 1154 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

210
contrib/sepgsql/expected/dml.out
View File

@ -21,6 +21,23 @@ SECURITY LABEL ON TABLE t5 IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t5.e IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t5.f IS 'system_u:object_r:sepgsql_ro_table_t:s0';
SECURITY LABEL ON COLUMN t5.g IS 'system_u:object_r:sepgsql_secret_table_t:s0';
---
-- partitioned table parent
CREATE TABLE t1p (o int, p text, q text) PARTITION BY RANGE (o);
SECURITY LABEL ON TABLE t1p IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t1p.o IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t1p.p IS 'system_u:object_r:sepgsql_ro_table_t:s0';
SECURITY LABEL ON COLUMN t1p.q IS 'system_u:object_r:sepgsql_secret_table_t:s0';
-- partitioned table children
CREATE TABLE t1p_ones PARTITION OF t1p FOR VALUES FROM ('0') TO ('10');
SECURITY LABEL ON COLUMN t1p_ones.o IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t1p_ones.p IS 'system_u:object_r:sepgsql_ro_table_t:s0';
SECURITY LABEL ON COLUMN t1p_ones.q IS 'system_u:object_r:sepgsql_secret_table_t:s0';
CREATE TABLE t1p_tens PARTITION OF t1p FOR VALUES FROM ('10') TO ('100');
SECURITY LABEL ON COLUMN t1p_tens.o IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t1p_tens.p IS 'system_u:object_r:sepgsql_ro_table_t:s0';
SECURITY LABEL ON COLUMN t1p_tens.q IS 'system_u:object_r:sepgsql_secret_table_t:s0';
---
CREATE TABLE customer (cid int primary key, cname text, ccredit text);
SECURITY LABEL ON COLUMN customer.ccredit IS 'system_u:object_r:sepgsql_secret_table_t:s0';
INSERT INTO customer VALUES (1, 'Taro', '1111-2222-3333-4444'),
@ -33,24 +50,44 @@ SECURITY LABEL ON FUNCTION customer_credit(int)
SELECT objtype, objname, label FROM pg_seclabels
WHERE provider = 'selinux'
AND objtype in ('table', 'column')
AND objname in ('t1', 't2', 't3', 't4', 't5', 't5.e', 't5.f', 't5.g')
AND objname in ('t1', 't2', 't3', 't4',
't5', 't5.e', 't5.f', 't5.g',
't1p', 't1p.o', 't1p.p', 't1p.q',
't1p_ones', 't1p_ones.o', 't1p_ones.p', 't1p_ones.q',
't1p_tens', 't1p_tens.o', 't1p_tens.p', 't1p_tens.q')
ORDER BY objname;
objtype | objname | label
---------+---------+---------------------------------------------
table | t1 | system_u:object_r:sepgsql_table_t:s0
table | t2 | system_u:object_r:sepgsql_ro_table_t:s0
table | t3 | system_u:object_r:sepgsql_fixed_table_t:s0
table | t4 | system_u:object_r:sepgsql_secret_table_t:s0
table | t5 | system_u:object_r:sepgsql_table_t:s0
column | t5.e | system_u:object_r:sepgsql_table_t:s0
column | t5.f | system_u:object_r:sepgsql_ro_table_t:s0
column | t5.g | system_u:object_r:sepgsql_secret_table_t:s0
(8 rows)
objtype | objname | label
---------+------------+---------------------------------------------
table | t1 | system_u:object_r:sepgsql_table_t:s0
table | t1p | system_u:object_r:sepgsql_table_t:s0
column | t1p.o | system_u:object_r:sepgsql_table_t:s0
table | t1p_ones | unconfined_u:object_r:sepgsql_table_t:s0
column | t1p_ones.o | system_u:object_r:sepgsql_table_t:s0
column | t1p_ones.p | system_u:object_r:sepgsql_ro_table_t:s0
column | t1p_ones.q | system_u:object_r:sepgsql_secret_table_t:s0
column | t1p.p | system_u:object_r:sepgsql_ro_table_t:s0
column | t1p.q | system_u:object_r:sepgsql_secret_table_t:s0
table | t1p_tens | unconfined_u:object_r:sepgsql_table_t:s0
column | t1p_tens.o | system_u:object_r:sepgsql_table_t:s0
column | t1p_tens.p | system_u:object_r:sepgsql_ro_table_t:s0
column | t1p_tens.q | system_u:object_r:sepgsql_secret_table_t:s0
table | t2 | system_u:object_r:sepgsql_ro_table_t:s0
table | t3 | system_u:object_r:sepgsql_fixed_table_t:s0
table | t4 | system_u:object_r:sepgsql_secret_table_t:s0
table | t5 | system_u:object_r:sepgsql_table_t:s0
column | t5.e | system_u:object_r:sepgsql_table_t:s0
column | t5.f | system_u:object_r:sepgsql_ro_table_t:s0
column | t5.g | system_u:object_r:sepgsql_secret_table_t:s0
(20 rows)
CREATE SCHEMA my_schema_1;
CREATE TABLE my_schema_1.ts1 (a int, b text);
CREATE TABLE my_schema_1.pts1 (o int, p text) PARTITION BY RANGE (o);
CREATE TABLE my_schema_1.pts1_ones PARTITION OF my_schema_1.pts1 FOR VALUES FROM ('0') to ('10');
CREATE SCHEMA my_schema_2;
CREATE TABLE my_schema_2.ts2 (x int, y text);
CREATE TABLE my_schema_2.pts2 (o int, p text) PARTITION BY RANGE (o);
CREATE TABLE my_schema_2.pts2_tens PARTITION OF my_schema_2.pts2 FOR VALUES FROM ('10') to ('100');
SECURITY LABEL ON SCHEMA my_schema_2
IS 'system_u:object_r:sepgsql_regtest_invisible_schema_t:s0';
-- Hardwired Rules
@ -99,7 +136,42 @@ SELECT e,f FROM t5; -- ok
---+---
(0 rows)
SELECT * FROM customer; -- failed
---
-- partitioned table parent
SELECT * FROM t1p; -- failed
ERROR: SELinux: security policy violation
SELECT o,p FROM t1p; -- ok
o | p
---+---
(0 rows)
--partitioned table children
SELECT * FROM t1p_ones; -- failed
ERROR: SELinux: security policy violation
SELECT o FROM t1p_ones; -- ok
o
---
(0 rows)
SELECT o,p FROM t1p_ones; -- ok
o | p
---+---
(0 rows)
SELECT * FROM t1p_tens; -- failed
ERROR: SELinux: security policy violation
SELECT o FROM t1p_tens; -- ok
o
---
(0 rows)
SELECT o,p FROM t1p_tens; -- ok
o | p
---+---
(0 rows)
---
SELECT * FROM customer; -- failed
ERROR: SELinux: security policy violation
SELECT cid, cname, customer_credit(cid) FROM customer; -- ok
cid | cname | customer_credit
@ -108,7 +180,7 @@ SELECT cid, cname, customer_credit(cid) FROM customer; -- ok
2 | Hanako | 5555-6666-7777-????
(2 rows)
SELECT count(*) FROM t5; -- ok
SELECT count(*) FROM t5; -- ok
count
-------
0
@ -116,6 +188,34 @@ SELECT count(*) FROM t5; -- ok
SELECT count(*) FROM t5 WHERE g IS NULL; -- failed
ERROR: SELinux: security policy violation
---
-- partitioned table parent
SELECT count(*) FROM t1p; -- ok
count
-------
0
(1 row)
SELECT count(*) FROM t1p WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
-- partitioned table children
SELECT count(*) FROM t1p_ones; -- ok
count
-------
0
(1 row)
SELECT count(*) FROM t1p_ones WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
SELECT count(*) FROM t1p_tens; -- ok
count
-------
0
(1 row)
SELECT count(*) FROM t1p_tens WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
---
INSERT INTO t1 VALUES (4, 'abc'); -- ok
INSERT INTO t2 VALUES (4, 'xyz'); -- failed
ERROR: SELinux: security policy violation
@ -127,6 +227,22 @@ ERROR: SELinux: security policy violation
INSERT INTO t5 (e,f) VALUES ('abc', 'def'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t5 (e) VALUES ('abc'); -- ok
---
-- partitioned table parent
INSERT INTO t1p (o,p) VALUES (9, 'mno'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t1p (o) VALUES (9); -- ok
INSERT INTO t1p (o,p) VALUES (99, 'pqr'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t1p (o) VALUES (99); -- ok
-- partitioned table children
INSERT INTO t1p_ones (o,p) VALUES (9, 'mno'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t1p_ones (o) VALUES (9); -- ok
INSERT INTO t1p_tens (o,p) VALUES (99, 'pqr'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t1p_tens (o) VALUES (99); -- ok
---
UPDATE t1 SET b = b || '_upd'; -- ok
UPDATE t2 SET y = y || '_upd'; -- failed
ERROR: SELinux: security policy violation
@ -138,6 +254,23 @@ UPDATE t5 SET e = 'xyz'; -- ok
UPDATE t5 SET e = f || '_upd'; -- ok
UPDATE t5 SET e = g || '_upd'; -- failed
ERROR: SELinux: security policy violation
---
-- partitioned table parent
UPDATE t1p SET o = 9 WHERE o < 10; -- ok
UPDATE t1p SET o = 99 WHERE o >= 10; -- ok
UPDATE t1p SET o = ascii(COALESCE(p,'upd'))%10 WHERE o < 10; -- ok
UPDATE t1p SET o = ascii(COALESCE(q,'upd'))%100 WHERE o >= 10; -- failed
ERROR: SELinux: security policy violation
-- partitioned table children
UPDATE t1p_ones SET o = 9; -- ok
UPDATE t1p_ones SET o = ascii(COALESCE(p,'upd'))%10; -- ok
UPDATE t1p_ones SET o = ascii(COALESCE(q,'upd'))%10; -- failed
ERROR: SELinux: security policy violation
UPDATE t1p_tens SET o = 99; -- ok
UPDATE t1p_tens SET o = ascii(COALESCE(p,'upd'))%100; -- ok
UPDATE t1p_tens SET o = ascii(COALESCE(q,'upd'))%100; -- failed
ERROR: SELinux: security policy violation
---
DELETE FROM t1; -- ok
DELETE FROM t2; -- failed
ERROR: SELinux: security policy violation
@ -149,6 +282,20 @@ DELETE FROM t5; -- ok
DELETE FROM t5 WHERE f IS NULL; -- ok
DELETE FROM t5 WHERE g IS NULL; -- failed
ERROR: SELinux: security policy violation
---
-- partitioned table parent
DELETE FROM t1p; -- ok
DELETE FROM t1p WHERE p IS NULL; -- ok
DELETE FROM t1p WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
-- partitioned table children
DELETE FROM t1p_ones WHERE p IS NULL; -- ok
DELETE FROM t1p_ones WHERE q IS NULL; -- failed;
ERROR: SELinux: security policy violation
DELETE FROM t1p_tens WHERE p IS NULL; -- ok
DELETE FROM t1p_tens WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
---
--
-- COPY TO/FROM statements
--
@ -160,6 +307,19 @@ ERROR: SELinux: security policy violation
COPY t5 TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5(e,f) TO '/dev/null'; -- ok
---
-- partitioned table parent
COPY (SELECT * FROM t1p) TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY (SELECT (o,p) FROM t1p) TO '/dev/null'; -- ok
-- partitioned table children
COPY t1p_ones TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p_ones(o,p) TO '/dev/null'; -- ok
COPY t1p_tens TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p_tens(o,p) TO '/dev/null'; -- ok
---
COPY t1 FROM '/dev/null'; -- ok
COPY t2 FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
@ -171,6 +331,19 @@ ERROR: SELinux: security policy violation
COPY t5 (e,f) FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5 (e) FROM '/dev/null'; -- ok
---
-- partitioned table parent
COPY t1p FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p (o) FROM '/dev/null'; -- ok
-- partitioned table children
COPY t1p_ones FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p_ones (o) FROM '/dev/null'; -- ok
COPY t1p_tens FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p_tens (o) FROM '/dev/null'; -- ok
---
--
-- Schema search path
--
@ -202,8 +375,13 @@ DROP TABLE IF EXISTS t2 CASCADE;
DROP TABLE IF EXISTS t3 CASCADE;
DROP TABLE IF EXISTS t4 CASCADE;
DROP TABLE IF EXISTS t5 CASCADE;
DROP TABLE IF EXISTS t1p CASCADE;
DROP TABLE IF EXISTS customer CASCADE;
DROP SCHEMA IF EXISTS my_schema_1 CASCADE;
NOTICE: drop cascades to table my_schema_1.ts1
NOTICE: drop cascades to 2 other objects
DETAIL: drop cascades to table my_schema_1.ts1
drop cascades to table my_schema_1.pts1
DROP SCHEMA IF EXISTS my_schema_2 CASCADE;
NOTICE: drop cascades to table my_schema_2.ts2
NOTICE: drop cascades to 2 other objects
DETAIL: drop cascades to table my_schema_2.ts2
drop cascades to table my_schema_2.pts2