Add COMMENT and SECURITY LABEL support for publications and subscriptions

2025-05-01 01:04:50 +03:00 · 2017-03-24 23:25:24 -04:00 · 2017-03-24 23:25:24 -04:00 · 87dee41f3e
commit 87dee41f3e
parent 7678fe1c6d
11 changed files with 100 additions and 12 deletions
--- a/doc/src/sgml/ref/comment.sgml
+++ b/doc/src/sgml/ref/comment.sgml
@ -46,12 +46,14 @@ COMMENT ON
  OPERATOR FAMILY <replaceable class="PARAMETER">object_name</replaceable> USING <replaceable class="parameter">index_method</replaceable> |
  POLICY <replaceable class="PARAMETER">policy_name</replaceable> ON <replaceable class="PARAMETER">table_name</replaceable> |
  [ PROCEDURAL ] LANGUAGE <replaceable class="PARAMETER">object_name</replaceable> |
  PUBLICATION <replaceable class="PARAMETER">object_name</replaceable> |
  ROLE <replaceable class="PARAMETER">object_name</replaceable> |
  RULE <replaceable class="PARAMETER">rule_name</replaceable> ON <replaceable class="PARAMETER">table_name</replaceable> |
  SCHEMA <replaceable class="PARAMETER">object_name</replaceable> |
  SEQUENCE <replaceable class="PARAMETER">object_name</replaceable> |
  SERVER <replaceable class="PARAMETER">object_name</replaceable> |
  STATISTICS <replaceable class="PARAMETER">object_name</replaceable> |
  SUBSCRIPTION <replaceable class="PARAMETER">object_name</replaceable> |
  TABLE <replaceable class="PARAMETER">object_name</replaceable> |
  TABLESPACE <replaceable class="PARAMETER">object_name</replaceable> |
  TEXT SEARCH CONFIGURATION <replaceable class="PARAMETER">object_name</replaceable> |
--- a/doc/src/sgml/ref/security_label.sgml
+++ b/doc/src/sgml/ref/security_label.sgml
@ -34,9 +34,11 @@ SECURITY LABEL [ FOR <replaceable class="PARAMETER">provider</replaceable> ] ON
  LARGE OBJECT <replaceable class="PARAMETER">large_object_oid</replaceable> |
  MATERIALIZED VIEW <replaceable class="PARAMETER">object_name</replaceable> |
  [ PROCEDURAL ] LANGUAGE <replaceable class="PARAMETER">object_name</replaceable> |
  PUBLICATION <replaceable class="PARAMETER">object_name</replaceable> |
  ROLE <replaceable class="PARAMETER">object_name</replaceable> |
  SCHEMA <replaceable class="PARAMETER">object_name</replaceable> |
  SEQUENCE <replaceable class="PARAMETER">object_name</replaceable> |
  SUBSCRIPTION <replaceable class="PARAMETER">object_name</replaceable> |
  TABLESPACE <replaceable class="PARAMETER">object_name</replaceable> |
  TYPE <replaceable class="PARAMETER">object_name</replaceable> |
  VIEW <replaceable class="PARAMETER">object_name</replaceable>
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@ -424,6 +424,28 @@ FROM
 WHERE
 	l.objsubid = 0
 UNION ALL
 SELECT
 	l.objoid, l.classoid, l.objsubid,
 	'publication'::text AS objtype,
 	NULL::oid AS objnamespace,
 	quote_ident(p.pubname) AS objname,
 	l.provider, l.label
 FROM
 	pg_seclabel l
 	JOIN pg_publication p ON l.classoid = p.tableoid AND l.objoid = p.oid
 WHERE
 	l.objsubid = 0
 UNION ALL
 SELECT
 	l.objoid, l.classoid, 0::int4 AS objsubid,
 	'subscription'::text AS objtype,
 	NULL::oid AS objnamespace,
 	quote_ident(s.subname) AS objname,
 	l.provider, l.label
 FROM
 	pg_shseclabel l
 	JOIN pg_subscription s ON l.classoid = s.tableoid AND l.objoid = s.oid
 UNION ALL
 SELECT
 	l.objoid, l.classoid, 0::int4 AS objsubid,
 	'database'::text AS objtype,
--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@ -6340,9 +6340,11 @@ comment_type_name:
 			| EXTENSION							{ $$ = OBJECT_EXTENSION; }
 			| FOREIGN DATA_P WRAPPER			{ $$ = OBJECT_FDW; }
 			| opt_procedural LANGUAGE			{ $$ = OBJECT_LANGUAGE; }
 			| PUBLICATION						{ $$ = OBJECT_PUBLICATION; }
 			| ROLE								{ $$ = OBJECT_ROLE; }
 			| SCHEMA							{ $$ = OBJECT_SCHEMA; }
 			| SERVER							{ $$ = OBJECT_FOREIGN_SERVER; }
 			| SUBSCRIPTION						{ $$ = OBJECT_SUBSCRIPTION; }
 			| TABLESPACE						{ $$ = OBJECT_TABLESPACE; }
 		;
@ -6453,8 +6455,10 @@ security_label_type_name:
 			DATABASE							{ $$ = OBJECT_DATABASE; }
 			| EVENT TRIGGER						{ $$ = OBJECT_EVENT_TRIGGER; }
 			| opt_procedural LANGUAGE			{ $$ = OBJECT_LANGUAGE; }
 			| PUBLICATION						{ $$ = OBJECT_PUBLICATION; }
 			| ROLE								{ $$ = OBJECT_ROLE; }
 			| SCHEMA							{ $$ = OBJECT_SCHEMA; }
 			| SUBSCRIPTION						{ $$ = OBJECT_SUBSCRIPTION; }
 			| TABLESPACE						{ $$ = OBJECT_TABLESPACE; }
 		;
--- a/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out
+++ b/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out
@ -67,20 +67,28 @@ SECURITY LABEL ON FUNCTION dummy_seclabel_four() IS 'classified';		-- OK
 SECURITY LABEL ON DOMAIN dummy_seclabel_domain IS 'classified';		-- OK
 CREATE SCHEMA dummy_seclabel_test;
 SECURITY LABEL ON SCHEMA dummy_seclabel_test IS 'unclassified';		-- OK
 SET client_min_messages = error;
 CREATE PUBLICATION dummy_pub;
 CREATE SUBSCRIPTION dummy_sub CONNECTION '' PUBLICATION foo WITH (NOCONNECT);
 RESET client_min_messages;
 SECURITY LABEL ON PUBLICATION dummy_pub IS 'classified';
 SECURITY LABEL ON SUBSCRIPTION dummy_sub IS 'classified';
 SELECT objtype, objname, provider, label FROM pg_seclabels
 	ORDER BY objtype, objname;
- objtype  |           objname            | provider |    label     
+   objtype    |           objname            | provider |    label     
----------+------------------------------+----------+--------------
+--------------+------------------------------+----------+--------------
- column   | dummy_seclabel_tbl1.a        | dummy    | unclassified
+ column       | dummy_seclabel_tbl1.a        | dummy    | unclassified
- domain   | dummy_seclabel_domain        | dummy    | classified
+ domain       | dummy_seclabel_domain        | dummy    | classified
- function | dummy_seclabel_four()        | dummy    | classified
+ function     | dummy_seclabel_four()        | dummy    | classified
- role     | regress_dummy_seclabel_user1 | dummy    | classified
+ publication  | dummy_pub                    | dummy    | classified
- role     | regress_dummy_seclabel_user2 | dummy    | unclassified
+ role         | regress_dummy_seclabel_user1 | dummy    | classified
- schema   | dummy_seclabel_test          | dummy    | unclassified
+ role         | regress_dummy_seclabel_user2 | dummy    | unclassified
- table    | dummy_seclabel_tbl1          | dummy    | top secret
+ schema       | dummy_seclabel_test          | dummy    | unclassified
- table    | dummy_seclabel_tbl2          | dummy    | classified
+ subscription | dummy_sub                    | dummy    | classified
- view     | dummy_seclabel_view1         | dummy    | classified
+ table        | dummy_seclabel_tbl1          | dummy    | top secret
-(9 rows)
+ table        | dummy_seclabel_tbl2          | dummy    | classified
 view         | dummy_seclabel_view1         | dummy    | classified
 (11 rows)
 -- check for event trigger
 CREATE FUNCTION event_trigger_test()
--- a/src/test/modules/dummy_seclabel/sql/dummy_seclabel.sql
+++ b/src/test/modules/dummy_seclabel/sql/dummy_seclabel.sql
@ -71,6 +71,13 @@ SECURITY LABEL ON DOMAIN dummy_seclabel_domain IS 'classified';		-- OK
 CREATE SCHEMA dummy_seclabel_test;
 SECURITY LABEL ON SCHEMA dummy_seclabel_test IS 'unclassified';		-- OK
 SET client_min_messages = error;
 CREATE PUBLICATION dummy_pub;
 CREATE SUBSCRIPTION dummy_sub CONNECTION '' PUBLICATION foo WITH (NOCONNECT);
 RESET client_min_messages;
 SECURITY LABEL ON PUBLICATION dummy_pub IS 'classified';
 SECURITY LABEL ON SUBSCRIPTION dummy_sub IS 'classified';
 SELECT objtype, objname, provider, label FROM pg_seclabels
 	ORDER BY objtype, objname;
--- a/src/test/regress/expected/publication.out
+++ b/src/test/regress/expected/publication.out
@ -6,6 +6,13 @@ CREATE ROLE regress_publication_user2;
 CREATE ROLE regress_publication_user_dummy LOGIN NOSUPERUSER;
 SET SESSION AUTHORIZATION 'regress_publication_user';
 CREATE PUBLICATION testpub_default;
 COMMENT ON PUBLICATION testpub_default IS 'test publication';
 SELECT obj_description(p.oid, 'pg_publication') FROM pg_publication p;
 obj_description  
 ------------------
 test publication
 (1 row)
 CREATE PUBLICATION testpib_ins_trunct WITH (nopublish delete, nopublish update);
 ALTER PUBLICATION testpub_default WITH (nopublish insert, nopublish delete);
 \dRp
--- a/src/test/regress/expected/rules.out
+++ b/src/test/regress/expected/rules.out
@ -1605,6 +1605,29 @@ UNION ALL
   FROM (pg_seclabel l
     JOIN pg_event_trigger evt ON (((l.classoid = evt.tableoid) AND (l.objoid = evt.oid))))
  WHERE (l.objsubid = 0)
 UNION ALL
 SELECT l.objoid,
    l.classoid,
    l.objsubid,
    'publication'::text AS objtype,
    NULL::oid AS objnamespace,
    quote_ident((p.pubname)::text) AS objname,
    l.provider,
    l.label
   FROM (pg_seclabel l
     JOIN pg_publication p ON (((l.classoid = p.tableoid) AND (l.objoid = p.oid))))
  WHERE (l.objsubid = 0)
 UNION ALL
 SELECT l.objoid,
    l.classoid,
    0 AS objsubid,
    'subscription'::text AS objtype,
    NULL::oid AS objnamespace,
    quote_ident((s.subname)::text) AS objname,
    l.provider,
    l.label
   FROM (pg_shseclabel l
     JOIN pg_subscription s ON (((l.classoid = s.tableoid) AND (l.objoid = s.oid))))
 UNION ALL
 SELECT l.objoid,
    l.classoid,
--- a/src/test/regress/expected/subscription.out
+++ b/src/test/regress/expected/subscription.out
@ -30,6 +30,13 @@ ERROR:  publication name "foo" used more than once
 -- ok
 CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION testpub WITH (NOCONNECT);
 WARNING:  tables were not subscribed, you will have to run ALTER SUBSCRIPTION ... REFRESH PUBLICATION to subscribe the tables
 COMMENT ON SUBSCRIPTION testsub IS 'test subscription';
 SELECT obj_description(s.oid, 'pg_subscription') FROM pg_subscription s;
  obj_description  
 -------------------
 test subscription
 (1 row)
 -- fail - name already exists
 CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION testpub WITH (NOCONNECT);
 ERROR:  subscription "testsub" already exists
--- a/src/test/regress/sql/publication.sql
+++ b/src/test/regress/sql/publication.sql
@ -8,6 +8,9 @@ SET SESSION AUTHORIZATION 'regress_publication_user';
 CREATE PUBLICATION testpub_default;
 COMMENT ON PUBLICATION testpub_default IS 'test publication';
 SELECT obj_description(p.oid, 'pg_publication') FROM pg_publication p;
 CREATE PUBLICATION testpib_ins_trunct WITH (nopublish delete, nopublish update);
 ALTER PUBLICATION testpub_default WITH (nopublish insert, nopublish delete);
--- a/src/test/regress/sql/subscription.sql
+++ b/src/test/regress/sql/subscription.sql
@ -27,6 +27,9 @@ CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION foo, te
 -- ok
 CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION testpub WITH (NOCONNECT);
 COMMENT ON SUBSCRIPTION testsub IS 'test subscription';
 SELECT obj_description(s.oid, 'pg_subscription') FROM pg_subscription s;
 -- fail - name already exists
 CREATE SUBSCRIPTION testsub CONNECTION 'dbname=doesnotexist' PUBLICATION testpub WITH (NOCONNECT);