From faff914db7d1aaf5f35584755353b966f82a9877 Mon Sep 17 00:00:00 2001 From: Ricky Stewart Date: Wed, 15 Nov 2023 10:02:59 -0500 Subject: [PATCH 1/4] github-pull-request-make: use longer test timeout, test fewer tests Try choosing only 4 tests to test instead of 5. Also increase the individual per-test timeout from 75% of duration to 90%. Epic: none Release note: None --- pkg/cmd/github-pull-request-make/main.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/cmd/github-pull-request-make/main.go b/pkg/cmd/github-pull-request-make/main.go index bca5df68eda7..1889a342f61f 100644 --- a/pkg/cmd/github-pull-request-make/main.go +++ b/pkg/cmd/github-pull-request-make/main.go @@ -173,8 +173,8 @@ func chooseFiveTestsPerPackage(pkgs map[string]pkg) map[string]pkg { croppedPkgs := make(map[string]pkg) for pkgName, tests := range pkgs { randomOrderTests := scrambleTestOrder(tests) - cropIdx := 5 - if len(randomOrderTests) < 5 { + cropIdx := 4 + if len(randomOrderTests) < cropIdx { cropIdx = len(randomOrderTests) } croppedPkgs[pkgName] = makePkg(randomOrderTests[:cropIdx]) @@ -289,7 +289,7 @@ func main() { } // Use a timeout shorter than the duration so that hanging tests don't // get a free pass. - timeout := (3 * duration) / 4 + timeout := (9 * duration) / 10 // The stress -p flag defaults to the number of CPUs, which is too // aggressive on big machines and can cause tests to fail. Under nightly From 8802beba3d7e0ab495e67e86b94d6bff4850c741 Mon Sep 17 00:00:00 2001 From: Xin Hao Zhang Date: Tue, 14 Nov 2023 22:15:25 -0500 Subject: [PATCH 2/4] ui: fix sql activity app filter on internal queries This commit fixes a bug when using the app filter on the statements sql activity page. Previously when the internal app name prefix, '$ internal' was selected from the dropdown, internal queries would not show up because we were performing an exact match on the application name and selected applications. This patch fixes this by matching on the prefix of the app name with the internal app name prefix when it is selected. In addition, internal queries are now only shown when the internal app name prefix is selected from the app filter dropdown. This reduces noise from internal queries and also matches the behaviour in the transactions page. Epic: none Fixes: #114461 --- .../cluster-ui/src/sqlActivity/util.spec.tsx | 62 ++++++++++++++++++- .../cluster-ui/src/sqlActivity/util.tsx | 21 ++++--- 2 files changed, 73 insertions(+), 10 deletions(-) diff --git a/pkg/ui/workspaces/cluster-ui/src/sqlActivity/util.spec.tsx b/pkg/ui/workspaces/cluster-ui/src/sqlActivity/util.spec.tsx index 6a0ca2478c79..bbc996096947 100644 --- a/pkg/ui/workspaces/cluster-ui/src/sqlActivity/util.spec.tsx +++ b/pkg/ui/workspaces/cluster-ui/src/sqlActivity/util.spec.tsx @@ -17,7 +17,7 @@ import { mockStmtStats, Stmt } from "src/api/testUtils"; import { Filters } from "src/queryFilter/filter"; import Long from "long"; import { cockroach } from "@cockroachlabs/crdb-protobuf-client"; -import { unset } from "../util"; +import { INTERNAL_APP_NAME_PREFIX, unset } from "../util"; describe("filterStatementsData", () => { function filterAndCheckStmts( @@ -71,6 +71,25 @@ describe("filterStatementsData", () => { filterAndCheckStmts(stmtsRaw, {}, "giraffe", expectedIDs); }); + it("should show non-internal statements when no app filters are applied", () => { + const stmtsRaw = [ + { id: 1, app: "hello" }, + { id: 2, app: "$ internal hello" }, + { id: 3, app: "$ internal app" }, + { id: 4, app: "world" }, + { id: 5, app: "great" }, + ].map(stmt => + mockStmtStats({ + id: Long.fromInt(stmt.id), + key: { key_data: { app: stmt.app } }, + }), + ); + + const filters: Filters = {}; + const expected = [1, 4, 5]; + filterAndCheckStmts(stmtsRaw, filters, null, expected); + }); + it.each([ { stmts: [ @@ -188,10 +207,40 @@ describe("filterStatementsData", () => { id: 7, app: "elephants cannot jump", // Should not match. }, + { + id: 8, + app: "$ internal-my-app", // Should not match. + }, ], appName: "aaaaaaaaaaaaaaaaaaaaaaaa", expectedIDs: [], }, + { + stmts: [ + { + id: 1, + // Should match because it starts with INTERNAL_APP_NAME_PREFIX. + app: INTERNAL_APP_NAME_PREFIX + "-my-app", + }, + { + id: 2, + // Should match because it starts with INTERNAL_APP_NAME_PREFIX. + app: INTERNAL_APP_NAME_PREFIX, + }, + { + id: 3, + // Should not match. + app: "myApp" + INTERNAL_APP_NAME_PREFIX, + }, + { + id: 4, + // Should match because it starts with INTERNAL_APP_NAME_PREFIX. + app: INTERNAL_APP_NAME_PREFIX + "myApp", + }, + ], + appName: INTERNAL_APP_NAME_PREFIX + ",aaaaaaaaaaaaa", + expectedIDs: [1, 2, 4], + }, ])("should filter out statements not matching filter apps", tc => { const stmtsRaw = tc.stmts.map(stmt => mockStmtStats({ @@ -321,7 +370,7 @@ describe("filterStatementsData", () => { it("should filter out statements not matching ALL filters", () => { const filters: Filters = { database: "coolestDB", - app: "coolestApp", + app: "coolestApp, " + INTERNAL_APP_NAME_PREFIX, timeNumber: "1", timeUnit: "seconds", }; @@ -364,6 +413,13 @@ describe("filterStatementsData", () => { svcLatSecs: 1, query: `select ${searchTerm}`, }, + { + id: 6, + db: "coolestDB", + app: INTERNAL_APP_NAME_PREFIX + "-cool-app", + svcLatSecs: 1, + query: `select * from ${searchTerm} where a = 1`, + }, ].map(stmt => mockStmtStats({ id: Long.fromInt(stmt.id), @@ -379,7 +435,7 @@ describe("filterStatementsData", () => { }), ); - const expectedIDs = [5]; + const expectedIDs = [5, 6]; filterAndCheckStmts(stmtsRaw, filters, searchTerm, expectedIDs); }); diff --git a/pkg/ui/workspaces/cluster-ui/src/sqlActivity/util.tsx b/pkg/ui/workspaces/cluster-ui/src/sqlActivity/util.tsx index 823d9404c4ca..dea09898f749 100644 --- a/pkg/ui/workspaces/cluster-ui/src/sqlActivity/util.tsx +++ b/pkg/ui/workspaces/cluster-ui/src/sqlActivity/util.tsx @@ -14,7 +14,7 @@ import { flattenStatementStats, } from "src/util/appStats/appStats"; import { FixFingerprintHexValue } from "src/util/format"; -import { unset } from "src/util/constants"; +import { INTERNAL_APP_NAME_PREFIX, unset } from "src/util/constants"; import { createSelector } from "@reduxjs/toolkit"; import { SqlStatsResponse } from "src/api/statementsApi"; import { Filters, getTimeValueInSeconds } from "src/queryFilter"; @@ -72,6 +72,8 @@ export function filterStatementsData( .map(app => app.trim()) .filter(appName => !!appName); + const includeInternalApps = !!appNames?.includes(INTERNAL_APP_NAME_PREFIX); + // Return statements filtered by the values selected on the filter and // the search text. A statement must match all selected filters to be // displayed on the table. @@ -90,13 +92,18 @@ export function filterStatementsData( return databases.length === 0 || databases.includes(statement.database); } }) - .filter( - statement => - !appNames?.length || - appNames.includes( + .filter(statement => { + const isInternal = statement.applicationName?.startsWith( + INTERNAL_APP_NAME_PREFIX, + ); + return ( + (!appNames?.length && !isInternal) || + (includeInternalApps && isInternal) || + appNames?.includes( statement.applicationName ? statement.applicationName : unset, - ), - ) + ) + ); + }) .filter(statement => (filters.fullScan ? statement.fullScan : true)) .filter( statement => From 6a052b042891e612468ef7eef5f5a6679b2e2564 Mon Sep 17 00:00:00 2001 From: Marcus Gartner Date: Tue, 14 Nov 2023 17:31:42 -0500 Subject: [PATCH 3/4] opt: fix minor bug in optsteps[web] and exploretrace This commit fixes a minor bug in the `optsteps`, `optstepsweb`, and `exploretrace` commands that prevented some transformations from being displayed. For example, the bug hid the problematic transformation that was fixed by #114394. See the code comment for more details. Release note: None --- pkg/sql/opt/norm/testdata/rules/combo | 28 ++++++++++++++++++- .../opt/testutils/opttester/forcing_opt.go | 15 ++++++++-- 2 files changed, 40 insertions(+), 3 deletions(-) diff --git a/pkg/sql/opt/norm/testdata/rules/combo b/pkg/sql/opt/norm/testdata/rules/combo index 40daf9848844..c57b57a213a4 100644 --- a/pkg/sql/opt/norm/testdata/rules/combo +++ b/pkg/sql/opt/norm/testdata/rules/combo @@ -1021,8 +1021,34 @@ GenerateLookupJoins (no changes) GenerateStreamingGroupBy (no changes) -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -ReorderJoins (no changes) +ReorderJoins (higher cost) -------------------------------------------------------------------------------- + project + ├── columns: k:1!null i:2 f:3 s:4 j:5 + ├── key: (1) + ├── fd: (1)-->(2-5), (3,4)~~>(1,2,5) + └── inner-join (hash) + ├── columns: k:1!null i:2!null f:3 s:4 j:5 y:9!null + - ├── multiplicity: left-rows(zero-or-one), right-rows(zero-or-more) + + ├── multiplicity: left-rows(zero-or-more), right-rows(zero-or-one) + ├── key: (1) + ├── fd: (1)-->(2-5), (3,4)~~>(1,2,5), (2)==(9), (9)==(2) + - ├── scan a + - │ ├── columns: k:1!null i:2 f:3 s:4 j:5 + - │ ├── key: (1) + - │ └── fd: (1)-->(2-5), (3,4)~~>(1,2,5) + ├── distinct-on + │ ├── columns: y:9 + │ ├── grouping columns: y:9 + │ ├── key: (9) + │ └── scan xy + │ └── columns: y:9 + + ├── scan a + + │ ├── columns: k:1!null i:2 f:3 s:4 j:5 + + │ ├── key: (1) + + │ └── fd: (1)-->(2-5), (3,4)~~>(1,2,5) + └── filters + └── y:9 = i:2 [outer=(2,9), constraints=(/2: (/NULL - ]; /9: (/NULL - ]), fd=(2)==(9), (9)==(2)] -------------------------------------------------------------------------------- GenerateMergeJoins (no changes) -------------------------------------------------------------------------------- diff --git a/pkg/sql/opt/testutils/opttester/forcing_opt.go b/pkg/sql/opt/testutils/opttester/forcing_opt.go index 1e591093d4ff..647ba7be41d3 100644 --- a/pkg/sql/opt/testutils/opttester/forcing_opt.go +++ b/pkg/sql/opt/testutils/opttester/forcing_opt.go @@ -180,14 +180,25 @@ func (fc *forcingCoster) RestrictGroupToMember(loc memoLoc) { // ComputeCost is part of the xform.Coster interface. func (fc *forcingCoster) ComputeCost(e memo.RelExpr, required *physical.Required) memo.Cost { + // Always compute the cost even in the case that memo.MaxCost is returned + // below. This ensures that Memoize[Expr] functions in the statistics + // builder are still invoked even when a particular expression path is + // required via fc.restricted. Because groupIDs are assigned in + // Memoize[Expr] functions, invoking these functions in the same order and + // number is critical for expressions to be assigned the same groupID for + // each step of the forcing optimizer, and thus, allowing the restricted + // path mechanism to function properly. If some Memoize[Expr] functions are + // not called, then the groupIDs in the restricted path will not match the + // groupIDs of the expressions in the memo to restrict to. + cost := fc.inner.ComputeCost(e, required) if fc.restricted != nil { loc := fc.groups.MemoLoc(e) if mIdx, ok := fc.restricted[loc.group]; ok && loc.member != mIdx { - return memo.MaxCost + cost = memo.MaxCost } } - return fc.inner.ComputeCost(e, required) + return cost } // MaybeGetBestCostRelation is part of the xform.Coster interface. From d6d10da2df63ae123d8888f28e6283a6cacaddb0 Mon Sep 17 00:00:00 2001 From: Rafi Shamim Date: Wed, 15 Nov 2023 00:45:56 -0500 Subject: [PATCH 4/4] sql: use role membership cache to check for role existence Previously, the logic to check if a role existed would only cache that result for the duration of the current transaction. This behavior was chosen so that if a different session concurrently dropped that role, we the next time the current session started a transaction, it would check again if the role still existed. This was correct, but came at the cost of system table lookups at least once per-transaction. Now the existence of a role is cached by making use of the role membership cache. The role membership cache similarly needs to be aware of changes made to role memberships that are performed by other sessions. Rather than looking up the memberships in each transaction, it has logic that causes the cache to be invalidated any time role memberships change (i.e., DROP ROLE, GRANT ROLE, or REVOKE ROLE). Now we check for the existence of a role before loading role memberships into the cache. As long as the cache does not get invalidated, we know that the role still exists. No release note since this performance problem only appeared in alpha builds. Release note: None --- .../testdata/benchmark_expectations | 136 ++-- .../replication_manager_test.go | 7 +- pkg/server/application_api/sql_stats_test.go | 4 +- pkg/sql/authorization.go | 21 +- pkg/sql/conn_executor.go | 7 - pkg/sql/create_role.go | 5 + pkg/sql/delegate/BUILD.bazel | 1 - pkg/sql/delegate/show_grants.go | 7 +- pkg/sql/drop_role.go | 22 +- pkg/sql/internal.go | 3 - .../testdata/logic_test/crdb_internal_catalog | 2 +- .../testdata/logic_test/drop_database | 3 +- .../logictest/testdata/logic_test/drop_table | 7 +- .../testdata/logic_test/information_schema | 743 +++++++++--------- pkg/sql/logictest/testdata/logic_test/jobs | 4 + pkg/sql/opt/cat/catalog.go | 4 +- pkg/sql/opt/testutils/testcat/test_catalog.go | 6 +- pkg/sql/opt_catalog.go | 6 +- pkg/sql/planner.go | 1 - pkg/sql/reassign_owned_by.go | 13 +- pkg/sql/sem/eval/context.go | 7 - pkg/sql/sqlstats/sslocal/sql_stats_test.go | 4 +- pkg/sql/user.go | 41 +- 23 files changed, 515 insertions(+), 539 deletions(-) diff --git a/pkg/bench/rttanalysis/testdata/benchmark_expectations b/pkg/bench/rttanalysis/testdata/benchmark_expectations index 10d303fd496a..217853001a54 100644 --- a/pkg/bench/rttanalysis/testdata/benchmark_expectations +++ b/pkg/bench/rttanalysis/testdata/benchmark_expectations @@ -1,7 +1,7 @@ exp,benchmark -14,AlterRole/alter_role_with_1_option -17,AlterRole/alter_role_with_2_options -25,AlterRole/alter_role_with_3_options +18,AlterRole/alter_role_with_1_option +21,AlterRole/alter_role_with_2_options +29,AlterRole/alter_role_with_3_options 15,AlterTableAddCheckConstraint/alter_table_add_1_check_constraint 15,AlterTableAddCheckConstraint/alter_table_add_2_check_constraints 15,AlterTableAddCheckConstraint/alter_table_add_3_check_constraints @@ -21,17 +21,17 @@ exp,benchmark 15,AlterTableDropConstraint/alter_table_drop_1_check_constraint 15,AlterTableDropConstraint/alter_table_drop_2_check_constraints 15,AlterTableDropConstraint/alter_table_drop_3_check_constraints -9,AlterTableSplit/alter_table_split_at_1_value -12,AlterTableSplit/alter_table_split_at_2_values -15,AlterTableSplit/alter_table_split_at_3_values -8,AlterTableUnsplit/alter_table_unsplit_at_1_value -10,AlterTableUnsplit/alter_table_unsplit_at_2_values -12,AlterTableUnsplit/alter_table_unsplit_at_3_values -6,Audit/select_from_an_audit_table -20,CreateRole/create_role_with_1_option -23,CreateRole/create_role_with_2_options -26,CreateRole/create_role_with_3_options -21,CreateRole/create_role_with_no_options +8,AlterTableSplit/alter_table_split_at_1_value +11,AlterTableSplit/alter_table_split_at_2_values +14,AlterTableSplit/alter_table_split_at_3_values +7,AlterTableUnsplit/alter_table_unsplit_at_1_value +9,AlterTableUnsplit/alter_table_unsplit_at_2_values +11,AlterTableUnsplit/alter_table_unsplit_at_3_values +5,Audit/select_from_an_audit_table +26,CreateRole/create_role_with_1_option +29,CreateRole/create_role_with_2_options +32,CreateRole/create_role_with_3_options +27,CreateRole/create_role_with_no_options 16,"Discard/DISCARD_ALL,_1_tables_in_1_db" 23,"Discard/DISCARD_ALL,_2_tables_in_2_dbs" 0,"Discard/DISCARD_ALL,_no_tables" @@ -39,9 +39,9 @@ exp,benchmark 18,DropDatabase/drop_database_1_table 18,DropDatabase/drop_database_2_tables 18,DropDatabase/drop_database_3_tables -27,DropRole/drop_1_role -36,DropRole/drop_2_roles -43-46,DropRole/drop_3_roles +34,DropRole/drop_1_role +43,DropRole/drop_2_roles +50-53,DropRole/drop_3_roles 15,DropSequence/drop_1_sequence 17,DropSequence/drop_2_sequences 19,DropSequence/drop_3_sequences @@ -52,65 +52,65 @@ exp,benchmark 17,DropView/drop_2_views 17,DropView/drop_3_views 5,GenerateObjects/generate_1000_tables_-_this_test_should_use_the_same_number_of_RTTs_as_for_10_tables -12,GenerateObjects/generate_100_tables_from_template +11,GenerateObjects/generate_100_tables_from_template 5,GenerateObjects/generate_10_tables 16,GenerateObjects/generate_10x10_schemas_and_tables_in_existing_db 5,GenerateObjects/generate_50000_tables -13,Grant/grant_all_on_1_table -17,Grant/grant_all_on_2_tables -21,Grant/grant_all_on_3_tables -16,GrantRole/grant_1_role -21,GrantRole/grant_2_roles -4,ORMQueries/activerecord_type_introspection_query -1,ORMQueries/asyncpg_types -1,ORMQueries/column_descriptions_json_agg -5,ORMQueries/django_column_introspection_1_table -5,ORMQueries/django_column_introspection_4_tables -5,ORMQueries/django_column_introspection_8_tables -7,ORMQueries/django_comment_introspection_with_comments -7,ORMQueries/django_table_introspection_1_table -7,ORMQueries/django_table_introspection_8_tables +15,Grant/grant_all_on_1_table +19,Grant/grant_all_on_2_tables +23,Grant/grant_all_on_3_tables +19,GrantRole/grant_1_role +25,GrantRole/grant_2_roles +3,ORMQueries/activerecord_type_introspection_query +0,ORMQueries/asyncpg_types +0,ORMQueries/column_descriptions_json_agg +4,ORMQueries/django_column_introspection_1_table +4,ORMQueries/django_column_introspection_4_tables +4,ORMQueries/django_column_introspection_8_tables +6,ORMQueries/django_comment_introspection_with_comments +6,ORMQueries/django_table_introspection_1_table +6,ORMQueries/django_table_introspection_8_tables 0,ORMQueries/has_column_privilege_using_attnum 0,ORMQueries/has_column_privilege_using_column_name 0,ORMQueries/has_schema_privilege 0,ORMQueries/has_sequence_privilege 0,ORMQueries/has_table_privilege -6,ORMQueries/hasura_column_descriptions -13,ORMQueries/hasura_column_descriptions_8_tables -6,ORMQueries/hasura_column_descriptions_modified -5,ORMQueries/information_schema._pg_index_position -5,ORMQueries/introspection_description_join -6,ORMQueries/npgsql_fields -6,ORMQueries/npgsql_types -5,ORMQueries/pg_attribute -5,ORMQueries/pg_class -7,ORMQueries/pg_is_other_temp_schema -7,ORMQueries/pg_is_other_temp_schema_multiple_times -5,ORMQueries/pg_my_temp_schema -5,ORMQueries/pg_my_temp_schema_multiple_times -4,ORMQueries/pg_namespace -5,ORMQueries/pg_type -132,ORMQueries/prisma_column_descriptions -4,ORMQueries/prisma_column_descriptions_updated -13,Revoke/revoke_all_on_1_table -17,Revoke/revoke_all_on_2_tables -21,Revoke/revoke_all_on_3_tables -15,RevokeRole/revoke_1_role -18,RevokeRole/revoke_2_roles -12,ShowGrants/grant_2_roles -13,ShowGrants/grant_3_roles -14,ShowGrants/grant_4_roles +5,ORMQueries/hasura_column_descriptions +12,ORMQueries/hasura_column_descriptions_8_tables +5,ORMQueries/hasura_column_descriptions_modified +4,ORMQueries/information_schema._pg_index_position +4,ORMQueries/introspection_description_join +5,ORMQueries/npgsql_fields +5,ORMQueries/npgsql_types +4,ORMQueries/pg_attribute +4,ORMQueries/pg_class +6,ORMQueries/pg_is_other_temp_schema +6,ORMQueries/pg_is_other_temp_schema_multiple_times +3,ORMQueries/pg_my_temp_schema +3,ORMQueries/pg_my_temp_schema_multiple_times +3,ORMQueries/pg_namespace +4,ORMQueries/pg_type +133,ORMQueries/prisma_column_descriptions +3,ORMQueries/prisma_column_descriptions_updated +15,Revoke/revoke_all_on_1_table +19,Revoke/revoke_all_on_2_tables +23,Revoke/revoke_all_on_3_tables +17,RevokeRole/revoke_1_role +21,RevokeRole/revoke_2_roles +14,ShowGrants/grant_2_roles +16,ShowGrants/grant_3_roles +18,ShowGrants/grant_4_roles 1,SystemDatabaseQueries/select_system.users_with_empty_database_Name 1,SystemDatabaseQueries/select_system.users_with_schema_Name 1,SystemDatabaseQueries/select_system.users_without_schema_Name -21,Truncate/truncate_1_column_0_rows -21,Truncate/truncate_1_column_1_row -21,Truncate/truncate_1_column_2_rows -21,Truncate/truncate_2_column_0_rows -21,Truncate/truncate_2_column_1_rows -21,Truncate/truncate_2_column_2_rows -4,UDFResolution/select_from_udf -2,VirtualTableQueries/select_crdb_internal.invalid_objects_with_1_fk -2,VirtualTableQueries/select_crdb_internal.tables_with_1_fk -10,VirtualTableQueries/virtual_table_cache_with_point_lookups -16,VirtualTableQueries/virtual_table_cache_with_schema_change +20,Truncate/truncate_1_column_0_rows +20,Truncate/truncate_1_column_1_row +20,Truncate/truncate_1_column_2_rows +20,Truncate/truncate_2_column_0_rows +20,Truncate/truncate_2_column_1_rows +20,Truncate/truncate_2_column_2_rows +3,UDFResolution/select_from_udf +1,VirtualTableQueries/select_crdb_internal.invalid_objects_with_1_fk +1,VirtualTableQueries/select_crdb_internal.tables_with_1_fk +9,VirtualTableQueries/virtual_table_cache_with_point_lookups +15,VirtualTableQueries/virtual_table_cache_with_schema_change diff --git a/pkg/ccl/streamingccl/streamproducer/replication_manager_test.go b/pkg/ccl/streamingccl/streamproducer/replication_manager_test.go index 5481cc9d8040..efb766250572 100644 --- a/pkg/ccl/streamingccl/streamproducer/replication_manager_test.go +++ b/pkg/ccl/streamingccl/streamproducer/replication_manager_test.go @@ -70,6 +70,7 @@ func TestReplicationManagerRequiresReplicationPrivilege(t *testing.T) { tDB.Exec(t, "CREATE ROLE somebody") tDB.Exec(t, "GRANT SYSTEM REPLICATION TO somebody") + tDB.Exec(t, "CREATE ROLE anybody") for _, tc := range []struct { user string @@ -79,12 +80,14 @@ func TestReplicationManagerRequiresReplicationPrivilege(t *testing.T) { {user: "admin", expErr: "", isEnterprise: true}, {user: "root", expErr: "", isEnterprise: true}, {user: "somebody", expErr: "", isEnterprise: true}, - {user: "nobody", expErr: "user nobody does not have REPLICATION system privilege", isEnterprise: true}, + {user: "anybody", expErr: "user anybody does not have REPLICATION system privilege", isEnterprise: true}, + {user: "nobody", expErr: `role/user "nobody" does not exist`, isEnterprise: true}, {user: "admin", expErr: "use of REPLICATION requires an enterprise license", isEnterprise: false}, {user: "root", expErr: " use of REPLICATION requires an enterprise license", isEnterprise: false}, {user: "somebody", expErr: "use of REPLICATION requires an enterprise license", isEnterprise: false}, - {user: "nobody", expErr: "user nobody does not have REPLICATION system privilege", isEnterprise: false}, + {user: "anybody", expErr: "user anybody does not have REPLICATION system privilege", isEnterprise: false}, + {user: "nobody", expErr: `role/user "nobody" does not exist`, isEnterprise: false}, } { t.Run(fmt.Sprintf("%s/ent=%t", tc.user, tc.isEnterprise), func(t *testing.T) { if tc.isEnterprise { diff --git a/pkg/server/application_api/sql_stats_test.go b/pkg/server/application_api/sql_stats_test.go index e9598c7df340..15ae30b5ccb9 100644 --- a/pkg/server/application_api/sql_stats_test.go +++ b/pkg/server/application_api/sql_stats_test.go @@ -1117,7 +1117,7 @@ func TestUnprivilegedUserResetIndexUsageStats(t *testing.T) { defer s.Stopper().Stop(ctx) sqlConn := sqlutils.MakeSQLRunner(conn) - sqlConn.Exec(t, "CREATE USER nonAdminUser") + sqlConn.Exec(t, "CREATE USER non_admin_user") ie := s.InternalExecutor().(*sql.InternalExecutor) @@ -1126,7 +1126,7 @@ func TestUnprivilegedUserResetIndexUsageStats(t *testing.T) { "test-reset-index-usage-stats-as-non-admin-user", nil, /* txn */ sessiondata.InternalExecutorOverride{ - User: username.MakeSQLUsernameFromPreNormalizedString("nonAdminUser"), + User: username.MakeSQLUsernameFromPreNormalizedString("non_admin_user"), }, "SELECT crdb_internal.reset_index_usage_stats()", ) diff --git a/pkg/sql/authorization.go b/pkg/sql/authorization.go index ce6776847e6f..9bac3f568bfd 100644 --- a/pkg/sql/authorization.go +++ b/pkg/sql/authorization.go @@ -188,10 +188,8 @@ func (p *planner) HasPrivilege( // lookup in common cases (e.g., internal executor usages). return true, nil } - if exists, err := p.RoleExists(ctx, user); err != nil { - return false, err - } else if !exists { - return false, pgerror.Newf(pgcode.UndefinedObject, "role %s was concurrently dropped", user) + if err := p.CheckRoleExists(ctx, user); err != nil { + return false, pgerror.Wrapf(err, pgcode.UndefinedObject, "role %s was concurrently dropped", user) } return true, nil } @@ -482,6 +480,9 @@ func (p *planner) UserHasAdminRole(ctx context.Context, user username.SQLUsernam if user.IsAdminRole() || user.IsRootUser() || user.IsNodeUser() { return true, nil } + if user.IsPublicRole() { + return false, nil + } // Expand role memberships. memberOf, err := p.MemberOfWithAdminOption(ctx, user) @@ -666,6 +667,12 @@ var useSingleQueryForRoleMembershipCache = settings.RegisterBoolSetting( func resolveMemberOfWithAdminOption( ctx context.Context, member username.SQLUsername, txn isql.Txn, singleQuery bool, ) (map[username.SQLUsername]bool, error) { + roleExists, err := RoleExists(ctx, txn, member) + if err != nil { + return nil, err + } else if !roleExists { + return nil, sqlerrors.NewUndefinedUserError(member) + } ret := map[username.SQLUsername]bool{} if singleQuery { type membership struct { @@ -908,13 +915,9 @@ func (p *planner) checkCanAlterToNewOwner( ctx context.Context, desc catalog.MutableDescriptor, newOwner username.SQLUsername, ) error { // Make sure the newOwner exists. - roleExists, err := p.RoleExists(ctx, newOwner) - if err != nil { + if err := p.CheckRoleExists(ctx, newOwner); err != nil { return err } - if !roleExists { - return sqlerrors.NewUndefinedUserError(newOwner) - } // If the user is a superuser, skip privilege checks. hasAdmin, err := p.HasAdminRole(ctx) diff --git a/pkg/sql/conn_executor.go b/pkg/sql/conn_executor.go index 523b9548f12b..5d0b201791cd 100644 --- a/pkg/sql/conn_executor.go +++ b/pkg/sql/conn_executor.go @@ -1560,11 +1560,6 @@ type connExecutor struct { // in a transaction. hasAdminRoleCache HasAdminRoleCache - // roleExistsCache is a cache of role existence checks. This is used because - // role existence checks are made when checking privileges. Only positive - // values are cached. - roleExistsCache map[username.SQLUsername]struct{} - // createdSequences keeps track of sequences created in the current transaction. // The map key is the sequence descpb.ID. createdSequences map[descpb.ID]struct{} @@ -1976,7 +1971,6 @@ func (ex *connExecutor) resetExtraTxnState(ctx context.Context, ev txnEvent, pay ex.extraTxnState.numDDL = 0 ex.extraTxnState.firstStmtExecuted = false ex.extraTxnState.hasAdminRoleCache = HasAdminRoleCache{} - ex.extraTxnState.roleExistsCache = make(map[username.SQLUsername]struct{}) ex.extraTxnState.createdSequences = nil if ex.extraTxnState.fromOuterTxn { @@ -3623,7 +3617,6 @@ func (ex *connExecutor) resetEvalCtx(evalCtx *extendedEvalContext, txn *kv.Txn, evalCtx.SkipNormalize = false evalCtx.SchemaChangerState = ex.extraTxnState.schemaChangerState evalCtx.DescIDGenerator = ex.getDescIDGenerator() - evalCtx.RoleExistsCache = ex.extraTxnState.roleExistsCache // See resetPlanner for more context on setting the maximum timestamp for // AOST read retries. diff --git a/pkg/sql/create_role.go b/pkg/sql/create_role.go index 46d8e85288bb..9a034a27d8f9 100644 --- a/pkg/sql/create_role.go +++ b/pkg/sql/create_role.go @@ -189,6 +189,11 @@ func (n *CreateRoleNode) startExec(params runParams) error { return err } } + // Bump role membership table version to force a refresh of role membership + // cache. + if err := params.p.BumpRoleMembershipTableVersion(params.ctx); err != nil { + return err + } return params.p.logEvent(params.ctx, 0, /* no target */ diff --git a/pkg/sql/delegate/BUILD.bazel b/pkg/sql/delegate/BUILD.bazel index d354fd28b5ab..9d24e080f6e7 100644 --- a/pkg/sql/delegate/BUILD.bazel +++ b/pkg/sql/delegate/BUILD.bazel @@ -62,7 +62,6 @@ go_library( "//pkg/sql/sem/eval", "//pkg/sql/sem/tree", "//pkg/sql/sessiondatapb", - "//pkg/sql/sqlerrors", "//pkg/sql/sqltelemetry", "//pkg/sql/syntheticprivilege", "//pkg/util/errorutil/unimplemented", diff --git a/pkg/sql/delegate/show_grants.go b/pkg/sql/delegate/show_grants.go index 6077fadd99d5..b6d2eae0f71d 100644 --- a/pkg/sql/delegate/show_grants.go +++ b/pkg/sql/delegate/show_grants.go @@ -23,7 +23,6 @@ import ( "github.com/cockroachdb/cockroach/pkg/sql/opt/cat" "github.com/cockroachdb/cockroach/pkg/sql/sem/catconstants" "github.com/cockroachdb/cockroach/pkg/sql/sem/tree" - "github.com/cockroachdb/cockroach/pkg/sql/sqlerrors" "github.com/cockroachdb/cockroach/pkg/util/intsets" ) @@ -410,14 +409,10 @@ ORDER BY // are used with `public`. userExists := user.IsPublicRole() if !userExists { - userExists, err = d.catalog.RoleExists(d.ctx, user) - if err != nil { + if err := d.catalog.CheckRoleExists(d.ctx, user); err != nil { return nil, err } } - if !userExists { - return nil, sqlerrors.NewUndefinedUserError(user) - } } return d.parse(query) diff --git a/pkg/sql/drop_role.go b/pkg/sql/drop_role.go index 3a3347232072..0618f42052b1 100644 --- a/pkg/sql/drop_role.go +++ b/pkg/sql/drop_role.go @@ -354,7 +354,7 @@ func (n *DropRoleNode) startExec(params runParams) error { } // All safe - do the work. - var numRoleMembershipsDeleted, numRoleSettingsRowsDeleted int + var numRoleSettingsRowsDeleted int for normalizedUsername := range userNames { // Specifically reject special users and roles. Some (root, admin) would fail with // "privileges still exist" first. @@ -406,18 +406,16 @@ func (n *DropRoleNode) startExec(params runParams) error { } // Drop all role memberships involving the user/role. - rowsDeleted, err := params.p.InternalSQLTxn().ExecEx( + if _, err = params.p.InternalSQLTxn().ExecEx( params.ctx, "drop-role-membership", params.p.txn, sessiondata.NodeUserSessionDataOverride, `DELETE FROM system.role_members WHERE "role" = $1 OR "member" = $1`, normalizedUsername, - ) - if err != nil { + ); err != nil { return err } - numRoleMembershipsDeleted += rowsDeleted _, err = params.p.InternalSQLTxn().ExecEx( params.ctx, @@ -434,7 +432,7 @@ func (n *DropRoleNode) startExec(params runParams) error { return err } - rowsDeleted, err = params.p.InternalSQLTxn().ExecEx( + if rowsDeleted, err := params.p.InternalSQLTxn().ExecEx( params.ctx, opName, params.p.txn, @@ -444,11 +442,11 @@ func (n *DropRoleNode) startExec(params runParams) error { sessioninit.DatabaseRoleSettingsTableName, ), normalizedUsername, - ) - if err != nil { + ); err != nil { return err + } else { + numRoleSettingsRowsDeleted += rowsDeleted } - numRoleSettingsRowsDeleted += rowsDeleted _, err = params.p.InternalSQLTxn().ExecEx( params.ctx, @@ -478,10 +476,8 @@ func (n *DropRoleNode) startExec(params runParams) error { } } } - if numRoleMembershipsDeleted > 0 { - if err := params.p.BumpRoleMembershipTableVersion(params.ctx); err != nil { - return err - } + if err := params.p.BumpRoleMembershipTableVersion(params.ctx); err != nil { + return err } normalizedNames := make([]string, len(n.roleNames)) diff --git a/pkg/sql/internal.go b/pkg/sql/internal.go index 743a50c582b5..8306bc6c5e9e 100644 --- a/pkg/sql/internal.go +++ b/pkg/sql/internal.go @@ -359,7 +359,6 @@ func (ie *InternalExecutor) newConnExecutorWithTxn( ex.extraTxnState.jobs = ie.extraTxnState.jobs ex.extraTxnState.schemaChangerState = ie.extraTxnState.schemaChangerState ex.extraTxnState.shouldResetSyntheticDescriptors = shouldResetSyntheticDescriptors - ex.extraTxnState.roleExistsCache = ie.extraTxnState.roleExistsCache ex.initPlanner(ctx, &ex.planner) } } @@ -1496,7 +1495,6 @@ type extraTxnState struct { descCollection *descs.Collection jobs *txnJobsCollection schemaChangerState *SchemaChangerState - roleExistsCache map[username.SQLUsername]struct{} // regionsProvider is populated lazily. regionsProvider *regions.Provider @@ -1638,7 +1636,6 @@ func (ief *InternalDB) newInternalExecutorWithTxn( descCollection: descCol, jobs: newTxnJobsCollection(), schemaChangerState: schemaChangerState, - roleExistsCache: make(map[username.SQLUsername]struct{}), }, } populateMinimalSessionData(sd) diff --git a/pkg/sql/logictest/testdata/logic_test/crdb_internal_catalog b/pkg/sql/logictest/testdata/logic_test/crdb_internal_catalog index dadf31a53cb8..fedf82833784 100644 --- a/pkg/sql/logictest/testdata/logic_test/crdb_internal_catalog +++ b/pkg/sql/logictest/testdata/logic_test/crdb_internal_catalog @@ -120,7 +120,7 @@ SELECT id, strip_volatile(descriptor) FROM crdb_internal.kv_catalog_descriptor O 19 {"table": {"columns": [{"defaultExpr": "unique_rowid()", "id": 1, "name": "id", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 2, "name": "hashedSecret", "type": {"family": "BytesFamily", "oid": 17}}, {"id": 3, "name": "username", "type": {"family": "StringFamily", "oid": 25}}, {"defaultExpr": "now():::TIMESTAMP", "id": 4, "name": "createdAt", "type": {"family": "TimestampFamily", "oid": 1114}}, {"id": 5, "name": "expiresAt", "type": {"family": "TimestampFamily", "oid": 1114}}, {"id": 6, "name": "revokedAt", "nullable": true, "type": {"family": "TimestampFamily", "oid": 1114}}, {"defaultExpr": "now():::TIMESTAMP", "id": 7, "name": "lastUsedAt", "type": {"family": "TimestampFamily", "oid": 1114}}, {"id": 8, "name": "auditInfo", "nullable": true, "type": {"family": "StringFamily", "oid": 25}}, {"id": 9, "name": "user_id", "type": {"family": "OidFamily", "oid": 26}}], "formatVersion": 3, "id": 19, "indexes": [{"foreignKey": {}, "geoConfig": {}, "id": 2, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [5], "keyColumnNames": ["expiresAt"], "keySuffixColumnIds": [1], "name": "web_sessions_expiresAt_idx", "partitioning": {}, "sharded": {}, "version": 3}, {"foreignKey": {}, "geoConfig": {}, "id": 3, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [4], "keyColumnNames": ["createdAt"], "keySuffixColumnIds": [1], "name": "web_sessions_createdAt_idx", "partitioning": {}, "sharded": {}, "version": 3}, {"foreignKey": {}, "geoConfig": {}, "id": 4, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [6], "keyColumnNames": ["revokedAt"], "keySuffixColumnIds": [1], "name": "web_sessions_revokedAt_idx", "partitioning": {}, "sharded": {}, "version": 3}, {"foreignKey": {}, "geoConfig": {}, "id": 5, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [7], "keyColumnNames": ["lastUsedAt"], "keySuffixColumnIds": [1], "name": "web_sessions_lastUsedAt_idx", "partitioning": {}, "sharded": {}, "version": 3}], "name": "web_sessions", "nextColumnId": 10, "nextConstraintId": 2, "nextIndexId": 6, "nextMutationId": 1, "parentId": 1, "primaryIndex": {"constraintId": 1, "encodingType": 1, "foreignKey": {}, "geoConfig": {}, "id": 1, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [1], "keyColumnNames": ["id"], "name": "primary", "partitioning": {}, "sharded": {}, "storeColumnIds": [2, 3, 4, 5, 6, 7, 8, 9], "storeColumnNames": ["hashedSecret", "username", "createdAt", "expiresAt", "revokedAt", "lastUsedAt", "auditInfo", "user_id"], "unique": true, "version": 4}, "privileges": {"ownerProto": "node", "users": [{"privileges": "480", "userProto": "admin", "withGrantOption": "480"}, {"privileges": "480", "userProto": "root", "withGrantOption": "480"}], "version": 2}, "replacementOf": {"time": {}}, "unexposedParentSchemaId": 29, "version": "1"}} 20 {"table": {"columns": [{"id": 1, "name": "tableID", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"defaultExpr": "unique_rowid()", "id": 2, "name": "statisticID", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 3, "name": "name", "nullable": true, "type": {"family": "StringFamily", "oid": 25}}, {"id": 4, "name": "columnIDs", "type": {"arrayContents": {"family": "IntFamily", "oid": 20, "width": 64}, "arrayElemType": "IntFamily", "family": "ArrayFamily", "oid": 1016, "width": 64}}, {"defaultExpr": "now():::TIMESTAMP", "id": 5, "name": "createdAt", "type": {"family": "TimestampFamily", "oid": 1114}}, {"id": 6, "name": "rowCount", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 7, "name": "distinctCount", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 8, "name": "nullCount", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 9, "name": "histogram", "nullable": true, "type": {"family": "BytesFamily", "oid": 17}}, {"defaultExpr": "0:::INT8", "id": 10, "name": "avgSize", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 11, "name": "partialPredicate", "nullable": true, "type": {"family": "StringFamily", "oid": 25}}, {"id": 12, "name": "fullStatisticID", "nullable": true, "type": {"family": "IntFamily", "oid": 20, "width": 64}}], "formatVersion": 3, "id": 20, "name": "table_statistics", "nextColumnId": 13, "nextConstraintId": 2, "nextIndexId": 2, "nextMutationId": 1, "parentId": 1, "primaryIndex": {"constraintId": 1, "encodingType": 1, "foreignKey": {}, "geoConfig": {}, "id": 1, "interleave": {}, "keyColumnDirections": ["ASC", "ASC"], "keyColumnIds": [1, 2], "keyColumnNames": ["tableID", "statisticID"], "name": "primary", "partitioning": {}, "sharded": {}, "storeColumnIds": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12], "storeColumnNames": ["name", "columnIDs", "createdAt", "rowCount", "distinctCount", "nullCount", "histogram", "avgSize", "partialPredicate", "fullStatisticID"], "unique": true, "version": 4}, "privileges": {"ownerProto": "node", "users": [{"privileges": "480", "userProto": "admin", "withGrantOption": "480"}, {"privileges": "480", "userProto": "root", "withGrantOption": "480"}], "version": 2}, "replacementOf": {"time": {}}, "unexposedParentSchemaId": 29, "version": "1"}} 21 {"table": {"columns": [{"id": 1, "name": "localityKey", "type": {"family": "StringFamily", "oid": 25}}, {"id": 2, "name": "localityValue", "type": {"family": "StringFamily", "oid": 25}}, {"id": 3, "name": "latitude", "type": {"family": "DecimalFamily", "oid": 1700, "precision": 18, "width": 15}}, {"id": 4, "name": "longitude", "type": {"family": "DecimalFamily", "oid": 1700, "precision": 18, "width": 15}}], "formatVersion": 3, "id": 21, "name": "locations", "nextColumnId": 5, "nextConstraintId": 2, "nextIndexId": 2, "nextMutationId": 1, "parentId": 1, "primaryIndex": {"constraintId": 1, "encodingType": 1, "foreignKey": {}, "geoConfig": {}, "id": 1, "interleave": {}, "keyColumnDirections": ["ASC", "ASC"], "keyColumnIds": [1, 2], "keyColumnNames": ["localityKey", "localityValue"], "name": "primary", "partitioning": {}, "sharded": {}, "storeColumnIds": [3, 4], "storeColumnNames": ["latitude", "longitude"], "unique": true, "version": 4}, "privileges": {"ownerProto": "node", "users": [{"privileges": "480", "userProto": "admin", "withGrantOption": "480"}, {"privileges": "480", "userProto": "root", "withGrantOption": "480"}], "version": 2}, "replacementOf": {"time": {}}, "unexposedParentSchemaId": 29, "version": "1"}} -23 {"table": {"columns": [{"id": 1, "name": "role", "type": {"family": "StringFamily", "oid": 25}}, {"id": 2, "name": "member", "type": {"family": "StringFamily", "oid": 25}}, {"id": 3, "name": "isAdmin", "type": {"oid": 16}}, {"id": 4, "name": "role_id", "type": {"family": "OidFamily", "oid": 26}}, {"id": 5, "name": "member_id", "type": {"family": "OidFamily", "oid": 26}}], "formatVersion": 3, "id": 23, "indexes": [{"foreignKey": {}, "geoConfig": {}, "id": 2, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [1], "keyColumnNames": ["role"], "keySuffixColumnIds": [2], "name": "role_members_role_idx", "partitioning": {}, "sharded": {}, "version": 3}, {"foreignKey": {}, "geoConfig": {}, "id": 3, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [2], "keyColumnNames": ["member"], "keySuffixColumnIds": [1], "name": "role_members_member_idx", "partitioning": {}, "sharded": {}, "version": 3}, {"foreignKey": {}, "geoConfig": {}, "id": 4, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [4], "keyColumnNames": ["role_id"], "keySuffixColumnIds": [1, 2], "name": "role_members_role_id_idx", "partitioning": {}, "sharded": {}, "version": 3}, {"foreignKey": {}, "geoConfig": {}, "id": 5, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [5], "keyColumnNames": ["member_id"], "keySuffixColumnIds": [1, 2], "name": "role_members_member_id_idx", "partitioning": {}, "sharded": {}, "version": 3}, {"constraintId": 1, "foreignKey": {}, "geoConfig": {}, "id": 6, "interleave": {}, "keyColumnDirections": ["ASC", "ASC"], "keyColumnIds": [4, 5], "keyColumnNames": ["role_id", "member_id"], "keySuffixColumnIds": [1, 2], "name": "role_members_role_id_member_id_key", "partitioning": {}, "sharded": {}, "unique": true, "version": 3}], "name": "role_members", "nextColumnId": 6, "nextConstraintId": 3, "nextIndexId": 7, "nextMutationId": 1, "parentId": 1, "primaryIndex": {"constraintId": 2, "encodingType": 1, "foreignKey": {}, "geoConfig": {}, "id": 1, "interleave": {}, "keyColumnDirections": ["ASC", "ASC"], "keyColumnIds": [1, 2], "keyColumnNames": ["role", "member"], "name": "primary", "partitioning": {}, "sharded": {}, "storeColumnIds": [3, 4, 5], "storeColumnNames": ["isAdmin", "role_id", "member_id"], "unique": true, "version": 4}, "privileges": {"ownerProto": "node", "users": [{"privileges": "480", "userProto": "admin", "withGrantOption": "480"}, {"privileges": "480", "userProto": "root", "withGrantOption": "480"}], "version": 2}, "replacementOf": {"time": {}}, "unexposedParentSchemaId": 29, "version": "1"}} +23 {"table": {"columns": [{"id": 1, "name": "role", "type": {"family": "StringFamily", "oid": 25}}, {"id": 2, "name": "member", "type": {"family": "StringFamily", "oid": 25}}, {"id": 3, "name": "isAdmin", "type": {"oid": 16}}, {"id": 4, "name": "role_id", "type": {"family": "OidFamily", "oid": 26}}, {"id": 5, "name": "member_id", "type": {"family": "OidFamily", "oid": 26}}], "formatVersion": 3, "id": 23, "indexes": [{"foreignKey": {}, "geoConfig": {}, "id": 2, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [1], "keyColumnNames": ["role"], "keySuffixColumnIds": [2], "name": "role_members_role_idx", "partitioning": {}, "sharded": {}, "version": 3}, {"foreignKey": {}, "geoConfig": {}, "id": 3, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [2], "keyColumnNames": ["member"], "keySuffixColumnIds": [1], "name": "role_members_member_idx", "partitioning": {}, "sharded": {}, "version": 3}, {"foreignKey": {}, "geoConfig": {}, "id": 4, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [4], "keyColumnNames": ["role_id"], "keySuffixColumnIds": [1, 2], "name": "role_members_role_id_idx", "partitioning": {}, "sharded": {}, "version": 3}, {"foreignKey": {}, "geoConfig": {}, "id": 5, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [5], "keyColumnNames": ["member_id"], "keySuffixColumnIds": [1, 2], "name": "role_members_member_id_idx", "partitioning": {}, "sharded": {}, "version": 3}, {"constraintId": 1, "foreignKey": {}, "geoConfig": {}, "id": 6, "interleave": {}, "keyColumnDirections": ["ASC", "ASC"], "keyColumnIds": [4, 5], "keyColumnNames": ["role_id", "member_id"], "keySuffixColumnIds": [1, 2], "name": "role_members_role_id_member_id_key", "partitioning": {}, "sharded": {}, "unique": true, "version": 3}], "name": "role_members", "nextColumnId": 6, "nextConstraintId": 3, "nextIndexId": 7, "nextMutationId": 1, "parentId": 1, "primaryIndex": {"constraintId": 2, "encodingType": 1, "foreignKey": {}, "geoConfig": {}, "id": 1, "interleave": {}, "keyColumnDirections": ["ASC", "ASC"], "keyColumnIds": [1, 2], "keyColumnNames": ["role", "member"], "name": "primary", "partitioning": {}, "sharded": {}, "storeColumnIds": [3, 4, 5], "storeColumnNames": ["isAdmin", "role_id", "member_id"], "unique": true, "version": 4}, "privileges": {"ownerProto": "node", "users": [{"privileges": "480", "userProto": "admin", "withGrantOption": "480"}, {"privileges": "480", "userProto": "root", "withGrantOption": "480"}], "version": 2}, "replacementOf": {"time": {}}, "unexposedParentSchemaId": 29, "version": "2"}} 24 {"table": {"columns": [{"id": 1, "name": "type", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 2, "name": "object_id", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 3, "name": "sub_id", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 4, "name": "comment", "type": {"family": "StringFamily", "oid": 25}}], "formatVersion": 3, "id": 24, "name": "comments", "nextColumnId": 5, "nextConstraintId": 2, "nextIndexId": 2, "nextMutationId": 1, "parentId": 1, "primaryIndex": {"constraintId": 1, "encodingType": 1, "foreignKey": {}, "geoConfig": {}, "id": 1, "interleave": {}, "keyColumnDirections": ["ASC", "ASC", "ASC"], "keyColumnIds": [1, 2, 3], "keyColumnNames": ["type", "object_id", "sub_id"], "name": "primary", "partitioning": {}, "sharded": {}, "storeColumnIds": [4], "storeColumnNames": ["comment"], "unique": true, "version": 4}, "privileges": {"ownerProto": "node", "users": [{"privileges": "480", "userProto": "admin", "withGrantOption": "480"}, {"privileges": "32", "userProto": "public"}, {"privileges": "480", "userProto": "root", "withGrantOption": "480"}], "version": 2}, "replacementOf": {"time": {}}, "unexposedParentSchemaId": 29, "version": "1"}} 25 {"table": {"columns": [{"id": 1, "name": "zone_id", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 2, "name": "subzone_id", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 3, "name": "type", "type": {"family": "StringFamily", "oid": 25}}, {"id": 4, "name": "config", "type": {"family": "StringFamily", "oid": 25}}, {"id": 5, "name": "report_id", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 6, "name": "violation_start", "nullable": true, "type": {"family": "TimestampTZFamily", "oid": 1184}}, {"id": 7, "name": "violating_ranges", "type": {"family": "IntFamily", "oid": 20, "width": 64}}], "formatVersion": 3, "id": 25, "name": "replication_constraint_stats", "nextColumnId": 8, "nextConstraintId": 2, "nextIndexId": 2, "nextMutationId": 1, "parentId": 1, "primaryIndex": {"constraintId": 1, "encodingType": 1, "foreignKey": {}, "geoConfig": {}, "id": 1, "interleave": {}, "keyColumnDirections": ["ASC", "ASC", "ASC", "ASC"], "keyColumnIds": [1, 2, 3, 4], "keyColumnNames": ["zone_id", "subzone_id", "type", "config"], "name": "primary", "partitioning": {}, "sharded": {}, "storeColumnIds": [5, 6, 7], "storeColumnNames": ["report_id", "violation_start", "violating_ranges"], "unique": true, "version": 4}, "privileges": {"ownerProto": "node", "users": [{"privileges": "480", "userProto": "admin", "withGrantOption": "480"}, {"privileges": "480", "userProto": "root", "withGrantOption": "480"}], "version": 2}, "replacementOf": {"time": {}}, "unexposedParentSchemaId": 29, "version": "1"}} 26 {"table": {"columns": [{"id": 1, "name": "zone_id", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 2, "name": "subzone_id", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 3, "name": "locality", "type": {"family": "StringFamily", "oid": 25}}, {"id": 4, "name": "report_id", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 5, "name": "at_risk_ranges", "type": {"family": "IntFamily", "oid": 20, "width": 64}}], "formatVersion": 3, "id": 26, "name": "replication_critical_localities", "nextColumnId": 6, "nextConstraintId": 2, "nextIndexId": 2, "nextMutationId": 1, "parentId": 1, "primaryIndex": {"constraintId": 1, "encodingType": 1, "foreignKey": {}, "geoConfig": {}, "id": 1, "interleave": {}, "keyColumnDirections": ["ASC", "ASC", "ASC"], "keyColumnIds": [1, 2, 3], "keyColumnNames": ["zone_id", "subzone_id", "locality"], "name": "primary", "partitioning": {}, "sharded": {}, "storeColumnIds": [4, 5], "storeColumnNames": ["report_id", "at_risk_ranges"], "unique": true, "version": 4}, "privileges": {"ownerProto": "node", "users": [{"privileges": "480", "userProto": "admin", "withGrantOption": "480"}, {"privileges": "480", "userProto": "root", "withGrantOption": "480"}], "version": 2}, "replacementOf": {"time": {}}, "unexposedParentSchemaId": 29, "version": "1"}} diff --git a/pkg/sql/logictest/testdata/logic_test/drop_database b/pkg/sql/logictest/testdata/logic_test/drop_database index b831e9a6e49b..7225d61824d2 100644 --- a/pkg/sql/logictest/testdata/logic_test/drop_database +++ b/pkg/sql/logictest/testdata/logic_test/drop_database @@ -43,10 +43,9 @@ query TT SELECT job_type, status FROM [SHOW JOBS] WHERE user_name = 'root' AND job_type != 'MIGRATION' + AND description NOT LIKE 'updating version%' ORDER BY job_type DESC ---- -SCHEMA CHANGE succeeded -SCHEMA CHANGE succeeded NEW SCHEMA CHANGE succeeded statement ok diff --git a/pkg/sql/logictest/testdata/logic_test/drop_table b/pkg/sql/logictest/testdata/logic_test/drop_table index 37dbdfcfb7f2..c6b4534ab1f6 100644 --- a/pkg/sql/logictest/testdata/logic_test/drop_table +++ b/pkg/sql/logictest/testdata/logic_test/drop_table @@ -28,8 +28,8 @@ DROP TABLE a # The "updating privileges" clause in the SELECT statement is for excluding jobs # run by an unrelated startup migration. -# TODO (lucy): Update this if/when we decide to change how these jobs queued by -# the startup migration are handled. +# The "updating version" clause is for excluding schema change jobs that +# are caused by role creation/modification. query TT SELECT replace(job_type, 'NEW SCHEMA CHANGE', 'SCHEMA CHANGE'), status FROM [SHOW JOBS] @@ -40,12 +40,11 @@ SELECT replace(job_type, 'NEW SCHEMA CHANGE', 'SCHEMA CHANGE'), status OR ( job_type = 'SCHEMA CHANGE' AND description != 'updating privileges' + AND description NOT LIKE 'updating version%' ) ) ORDER BY 1, 2; ---- SCHEMA CHANGE succeeded -SCHEMA CHANGE succeeded -SCHEMA CHANGE succeeded SCHEMA CHANGE GC running query TTTTIT diff --git a/pkg/sql/logictest/testdata/logic_test/information_schema b/pkg/sql/logictest/testdata/logic_test/information_schema index aa31154f66e9..ed5efe2ebf2c 100644 --- a/pkg/sql/logictest/testdata/logic_test/information_schema +++ b/pkg/sql/logictest/testdata/logic_test/information_schema @@ -1136,378 +1136,379 @@ table_columns # Check that the metadata is reported properly. skipif config local-mixed-23.1 -query TTTTTI colnames -SELECT * FROM system.information_schema.tables ORDER BY table_name, table_schema +query TTTTT colnames +SELECT table_catalog, table_schema, table_name, table_type, is_insertable_into +FROM system.information_schema.tables ORDER BY table_name, table_schema ---- -table_catalog table_schema table_name table_type is_insertable_into version -system crdb_internal active_range_feeds SYSTEM VIEW NO 1 -system information_schema administrable_role_authorizations SYSTEM VIEW NO 1 -system information_schema applicable_roles SYSTEM VIEW NO 1 -system information_schema attributes SYSTEM VIEW NO 1 -system crdb_internal backward_dependencies SYSTEM VIEW NO 1 -system crdb_internal builtin_functions SYSTEM VIEW NO 1 -system information_schema character_sets SYSTEM VIEW NO 1 -system information_schema check_constraint_routine_usage SYSTEM VIEW NO 1 -system information_schema check_constraints SYSTEM VIEW NO 1 -system crdb_internal cluster_contended_indexes SYSTEM VIEW NO 1 -system crdb_internal cluster_contended_keys SYSTEM VIEW NO 1 -system crdb_internal cluster_contended_tables SYSTEM VIEW NO 1 -system crdb_internal cluster_contention_events SYSTEM VIEW NO 1 -system crdb_internal cluster_database_privileges SYSTEM VIEW NO 1 -system crdb_internal cluster_distsql_flows SYSTEM VIEW NO 1 -system crdb_internal cluster_execution_insights SYSTEM VIEW NO 1 -system crdb_internal cluster_inflight_traces SYSTEM VIEW NO 1 -system crdb_internal cluster_locks SYSTEM VIEW NO 1 -system crdb_internal cluster_queries SYSTEM VIEW NO 1 -system crdb_internal cluster_sessions SYSTEM VIEW NO 1 -system crdb_internal cluster_settings SYSTEM VIEW NO 1 -system crdb_internal cluster_statement_statistics SYSTEM VIEW NO 1 -system crdb_internal cluster_transaction_statistics SYSTEM VIEW NO 1 -system crdb_internal cluster_transactions SYSTEM VIEW NO 1 -system crdb_internal cluster_txn_execution_insights SYSTEM VIEW NO 1 -system information_schema collation_character_set_applicability SYSTEM VIEW NO 1 -system information_schema collations SYSTEM VIEW NO 1 -system information_schema column_column_usage SYSTEM VIEW NO 1 -system information_schema column_domain_usage SYSTEM VIEW NO 1 -system information_schema column_options SYSTEM VIEW NO 1 -system information_schema column_privileges SYSTEM VIEW NO 1 -system information_schema column_statistics SYSTEM VIEW NO 1 -system information_schema column_udt_usage SYSTEM VIEW NO 1 -system information_schema columns SYSTEM VIEW NO 1 -system information_schema columns_extensions SYSTEM VIEW NO 1 -system public comments BASE TABLE YES 1 -system information_schema constraint_column_usage SYSTEM VIEW NO 1 -system information_schema constraint_table_usage SYSTEM VIEW NO 1 -system crdb_internal create_function_statements SYSTEM VIEW NO 1 -system crdb_internal create_procedure_statements SYSTEM VIEW NO 1 -system crdb_internal create_schema_statements SYSTEM VIEW NO 1 -system crdb_internal create_statements SYSTEM VIEW NO 1 -system crdb_internal create_type_statements SYSTEM VIEW NO 1 -system crdb_internal cross_db_references SYSTEM VIEW NO 1 -system information_schema data_type_privileges SYSTEM VIEW NO 1 -system public database_role_settings BASE TABLE YES 1 -system crdb_internal databases SYSTEM VIEW NO 1 -system crdb_internal default_privileges SYSTEM VIEW NO 1 -system public descriptor BASE TABLE YES 1 -system information_schema domain_constraints SYSTEM VIEW NO 1 -system information_schema domain_udt_usage SYSTEM VIEW NO 1 -system information_schema domains SYSTEM VIEW NO 1 -system information_schema element_types SYSTEM VIEW NO 1 -system information_schema enabled_roles SYSTEM VIEW NO 1 -system information_schema engines SYSTEM VIEW NO 1 -system public eventlog BASE TABLE YES 1 -system information_schema events SYSTEM VIEW NO 1 -system public external_connections BASE TABLE YES 1 -system crdb_internal feature_usage SYSTEM VIEW NO 1 -system information_schema files SYSTEM VIEW NO 1 -system information_schema foreign_data_wrapper_options SYSTEM VIEW NO 1 -system information_schema foreign_data_wrappers SYSTEM VIEW NO 1 -system information_schema foreign_server_options SYSTEM VIEW NO 1 -system information_schema foreign_servers SYSTEM VIEW NO 1 -system information_schema foreign_table_options SYSTEM VIEW NO 1 -system information_schema foreign_tables SYSTEM VIEW NO 1 -system crdb_internal forward_dependencies SYSTEM VIEW NO 1 -system pg_extension geography_columns SYSTEM VIEW NO 1 -system pg_extension geometry_columns SYSTEM VIEW NO 1 -system crdb_internal gossip_alerts SYSTEM VIEW NO 1 -system crdb_internal gossip_liveness SYSTEM VIEW NO 1 -system crdb_internal gossip_network SYSTEM VIEW NO 1 -system crdb_internal gossip_nodes SYSTEM VIEW NO 1 -system crdb_internal index_columns SYSTEM VIEW NO 1 -system crdb_internal index_spans SYSTEM VIEW NO 1 -system crdb_internal index_usage_statistics SYSTEM VIEW NO 1 -system information_schema information_schema_catalog_name SYSTEM VIEW NO 1 -system crdb_internal invalid_objects SYSTEM VIEW NO 1 -system public job_info BASE TABLE YES 1 -system crdb_internal jobs SYSTEM VIEW NO 1 -system public jobs BASE TABLE YES 1 -system public join_tokens BASE TABLE YES 1 -system information_schema key_column_usage SYSTEM VIEW NO 1 -system information_schema keywords SYSTEM VIEW NO 1 -system crdb_internal kv_builtin_function_comments SYSTEM VIEW NO 1 -system crdb_internal kv_catalog_comments SYSTEM VIEW NO 1 -system crdb_internal kv_catalog_descriptor SYSTEM VIEW NO 1 -system crdb_internal kv_catalog_namespace SYSTEM VIEW NO 1 -system crdb_internal kv_catalog_zones SYSTEM VIEW NO 1 -system crdb_internal kv_dropped_relations SYSTEM VIEW NO 1 -system crdb_internal kv_flow_control_handles SYSTEM VIEW NO 1 -system crdb_internal kv_flow_controller SYSTEM VIEW NO 1 -system crdb_internal kv_flow_token_deductions SYSTEM VIEW NO 1 -system crdb_internal kv_inherited_role_members SYSTEM VIEW NO 1 -system crdb_internal kv_node_liveness SYSTEM VIEW NO 1 -system crdb_internal kv_node_status SYSTEM VIEW NO 1 -system crdb_internal kv_protected_ts_records SYSTEM VIEW NO 1 -system crdb_internal kv_repairable_catalog_corruptions SYSTEM VIEW NO 1 -system crdb_internal kv_store_status SYSTEM VIEW NO 1 -system crdb_internal kv_system_privileges SYSTEM VIEW NO 1 -system public lease BASE TABLE YES 1 -system crdb_internal leases SYSTEM VIEW NO 1 -system public locations BASE TABLE YES 1 -system crdb_internal lost_descriptors_with_data SYSTEM VIEW NO 1 -system public migrations BASE TABLE YES 1 -system public mvcc_statistics BASE TABLE YES 1 -system public namespace BASE TABLE YES 1 -system crdb_internal node_build_info SYSTEM VIEW NO 1 -system crdb_internal node_contention_events SYSTEM VIEW NO 1 -system crdb_internal node_distsql_flows SYSTEM VIEW NO 1 -system crdb_internal node_execution_insights SYSTEM VIEW NO 1 -system crdb_internal node_inflight_trace_spans SYSTEM VIEW NO 1 -system crdb_internal node_memory_monitors SYSTEM VIEW NO 1 -system crdb_internal node_metrics SYSTEM VIEW NO 1 -system crdb_internal node_queries SYSTEM VIEW NO 1 -system crdb_internal node_runtime_info SYSTEM VIEW NO 1 -system crdb_internal node_sessions SYSTEM VIEW NO 1 -system crdb_internal node_statement_statistics SYSTEM VIEW NO 1 -system crdb_internal node_tenant_capabilities_cache SYSTEM VIEW NO 1 -system crdb_internal node_transaction_statistics SYSTEM VIEW NO 1 -system crdb_internal node_transactions SYSTEM VIEW NO 1 -system crdb_internal node_txn_execution_insights SYSTEM VIEW NO 1 -system crdb_internal node_txn_stats SYSTEM VIEW NO 1 -system information_schema optimizer_trace SYSTEM VIEW NO 1 -system information_schema parameters SYSTEM VIEW NO 1 -system crdb_internal partitions SYSTEM VIEW NO 1 -system information_schema partitions SYSTEM VIEW NO 1 -system pg_catalog pg_aggregate SYSTEM VIEW NO 1 -system pg_catalog pg_am SYSTEM VIEW NO 1 -system pg_catalog pg_amop SYSTEM VIEW NO 1 -system pg_catalog pg_amproc SYSTEM VIEW NO 1 -system pg_catalog pg_attrdef SYSTEM VIEW NO 1 -system pg_catalog pg_attribute SYSTEM VIEW NO 1 -system pg_catalog pg_auth_members SYSTEM VIEW NO 1 -system pg_catalog pg_authid SYSTEM VIEW NO 1 -system pg_catalog pg_available_extension_versions SYSTEM VIEW NO 1 -system pg_catalog pg_available_extensions SYSTEM VIEW NO 1 -system pg_catalog pg_cast SYSTEM VIEW NO 1 -system crdb_internal pg_catalog_table_is_implemented SYSTEM VIEW NO 1 -system pg_catalog pg_class SYSTEM VIEW NO 1 -system pg_catalog pg_collation SYSTEM VIEW NO 1 -system pg_catalog pg_config SYSTEM VIEW NO 1 -system pg_catalog pg_constraint SYSTEM VIEW NO 1 -system pg_catalog pg_conversion SYSTEM VIEW NO 1 -system pg_catalog pg_cursors SYSTEM VIEW NO 1 -system pg_catalog pg_database SYSTEM VIEW NO 1 -system pg_catalog pg_db_role_setting SYSTEM VIEW NO 1 -system pg_catalog pg_default_acl SYSTEM VIEW NO 1 -system pg_catalog pg_depend SYSTEM VIEW NO 1 -system pg_catalog pg_description SYSTEM VIEW NO 1 -system pg_catalog pg_enum SYSTEM VIEW NO 1 -system pg_catalog pg_event_trigger SYSTEM VIEW NO 1 -system pg_catalog pg_extension SYSTEM VIEW NO 1 -system pg_catalog pg_file_settings SYSTEM VIEW NO 1 -system pg_catalog pg_foreign_data_wrapper SYSTEM VIEW NO 1 -system pg_catalog pg_foreign_server SYSTEM VIEW NO 1 -system pg_catalog pg_foreign_table SYSTEM VIEW NO 1 -system pg_catalog pg_group SYSTEM VIEW NO 1 -system pg_catalog pg_hba_file_rules SYSTEM VIEW NO 1 -system pg_catalog pg_index SYSTEM VIEW NO 1 -system pg_catalog pg_indexes SYSTEM VIEW NO 1 -system pg_catalog pg_inherits SYSTEM VIEW NO 1 -system pg_catalog pg_init_privs SYSTEM VIEW NO 1 -system pg_catalog pg_language SYSTEM VIEW NO 1 -system pg_catalog pg_largeobject SYSTEM VIEW NO 1 -system pg_catalog pg_largeobject_metadata SYSTEM VIEW NO 1 -system pg_catalog pg_locks SYSTEM VIEW NO 1 -system pg_catalog pg_matviews SYSTEM VIEW NO 1 -system pg_catalog pg_namespace SYSTEM VIEW NO 1 -system pg_catalog pg_opclass SYSTEM VIEW NO 1 -system pg_catalog pg_operator SYSTEM VIEW NO 1 -system pg_catalog pg_opfamily SYSTEM VIEW NO 1 -system pg_catalog pg_partitioned_table SYSTEM VIEW NO 1 -system pg_catalog pg_policies SYSTEM VIEW NO 1 -system pg_catalog pg_policy SYSTEM VIEW NO 1 -system pg_catalog pg_prepared_statements SYSTEM VIEW NO 1 -system pg_catalog pg_prepared_xacts SYSTEM VIEW NO 1 -system pg_catalog pg_proc SYSTEM VIEW NO 1 -system pg_catalog pg_publication SYSTEM VIEW NO 1 -system pg_catalog pg_publication_rel SYSTEM VIEW NO 1 -system pg_catalog pg_publication_tables SYSTEM VIEW NO 1 -system pg_catalog pg_range SYSTEM VIEW NO 1 -system pg_catalog pg_replication_origin SYSTEM VIEW NO 1 -system pg_catalog pg_replication_origin_status SYSTEM VIEW NO 1 -system pg_catalog pg_replication_slots SYSTEM VIEW NO 1 -system pg_catalog pg_rewrite SYSTEM VIEW NO 1 -system pg_catalog pg_roles SYSTEM VIEW NO 1 -system pg_catalog pg_rules SYSTEM VIEW NO 1 -system pg_catalog pg_seclabel SYSTEM VIEW NO 1 -system pg_catalog pg_seclabels SYSTEM VIEW NO 1 -system pg_catalog pg_sequence SYSTEM VIEW NO 1 -system pg_catalog pg_sequences SYSTEM VIEW NO 1 -system pg_catalog pg_settings SYSTEM VIEW NO 1 -system pg_catalog pg_shadow SYSTEM VIEW NO 1 -system pg_catalog pg_shdepend SYSTEM VIEW NO 1 -system pg_catalog pg_shdescription SYSTEM VIEW NO 1 -system pg_catalog pg_shmem_allocations SYSTEM VIEW NO 1 -system pg_catalog pg_shseclabel SYSTEM VIEW NO 1 -system pg_catalog pg_stat_activity SYSTEM VIEW NO 1 -system pg_catalog pg_stat_all_indexes SYSTEM VIEW NO 1 -system pg_catalog pg_stat_all_tables SYSTEM VIEW NO 1 -system pg_catalog pg_stat_archiver SYSTEM VIEW NO 1 -system pg_catalog pg_stat_bgwriter SYSTEM VIEW NO 1 -system pg_catalog pg_stat_database SYSTEM VIEW NO 1 -system pg_catalog pg_stat_database_conflicts SYSTEM VIEW NO 1 -system pg_catalog pg_stat_gssapi SYSTEM VIEW NO 1 -system pg_catalog pg_stat_progress_analyze SYSTEM VIEW NO 1 -system pg_catalog pg_stat_progress_basebackup SYSTEM VIEW NO 1 -system pg_catalog pg_stat_progress_cluster SYSTEM VIEW NO 1 -system pg_catalog pg_stat_progress_create_index SYSTEM VIEW NO 1 -system pg_catalog pg_stat_progress_vacuum SYSTEM VIEW NO 1 -system pg_catalog pg_stat_replication SYSTEM VIEW NO 1 -system pg_catalog pg_stat_slru SYSTEM VIEW NO 1 -system pg_catalog pg_stat_ssl SYSTEM VIEW NO 1 -system pg_catalog pg_stat_subscription SYSTEM VIEW NO 1 -system pg_catalog pg_stat_sys_indexes SYSTEM VIEW NO 1 -system pg_catalog pg_stat_sys_tables SYSTEM VIEW NO 1 -system pg_catalog pg_stat_user_functions SYSTEM VIEW NO 1 -system pg_catalog pg_stat_user_indexes SYSTEM VIEW NO 1 -system pg_catalog pg_stat_user_tables SYSTEM VIEW NO 1 -system pg_catalog pg_stat_wal_receiver SYSTEM VIEW NO 1 -system pg_catalog pg_stat_xact_all_tables SYSTEM VIEW NO 1 -system pg_catalog pg_stat_xact_sys_tables SYSTEM VIEW NO 1 -system pg_catalog pg_stat_xact_user_functions SYSTEM VIEW NO 1 -system pg_catalog pg_stat_xact_user_tables SYSTEM VIEW NO 1 -system pg_catalog pg_statio_all_indexes SYSTEM VIEW NO 1 -system pg_catalog pg_statio_all_sequences SYSTEM VIEW NO 1 -system pg_catalog pg_statio_all_tables SYSTEM VIEW NO 1 -system pg_catalog pg_statio_sys_indexes SYSTEM VIEW NO 1 -system pg_catalog pg_statio_sys_sequences SYSTEM VIEW NO 1 -system pg_catalog pg_statio_sys_tables SYSTEM VIEW NO 1 -system pg_catalog pg_statio_user_indexes SYSTEM VIEW NO 1 -system pg_catalog pg_statio_user_sequences SYSTEM VIEW NO 1 -system pg_catalog pg_statio_user_tables SYSTEM VIEW NO 1 -system pg_catalog pg_statistic SYSTEM VIEW NO 1 -system pg_catalog pg_statistic_ext SYSTEM VIEW NO 1 -system pg_catalog pg_statistic_ext_data SYSTEM VIEW NO 1 -system pg_catalog pg_stats SYSTEM VIEW NO 1 -system pg_catalog pg_stats_ext SYSTEM VIEW NO 1 -system pg_catalog pg_subscription SYSTEM VIEW NO 1 -system pg_catalog pg_subscription_rel SYSTEM VIEW NO 1 -system pg_catalog pg_tables SYSTEM VIEW NO 1 -system pg_catalog pg_tablespace SYSTEM VIEW NO 1 -system pg_catalog pg_timezone_abbrevs SYSTEM VIEW NO 1 -system pg_catalog pg_timezone_names SYSTEM VIEW NO 1 -system pg_catalog pg_transform SYSTEM VIEW NO 1 -system pg_catalog pg_trigger SYSTEM VIEW NO 1 -system pg_catalog pg_ts_config SYSTEM VIEW NO 1 -system pg_catalog pg_ts_config_map SYSTEM VIEW NO 1 -system pg_catalog pg_ts_dict SYSTEM VIEW NO 1 -system pg_catalog pg_ts_parser SYSTEM VIEW NO 1 -system pg_catalog pg_ts_template SYSTEM VIEW NO 1 -system pg_catalog pg_type SYSTEM VIEW NO 1 -system pg_catalog pg_user SYSTEM VIEW NO 1 -system pg_catalog pg_user_mapping SYSTEM VIEW NO 1 -system pg_catalog pg_user_mappings SYSTEM VIEW NO 1 -system pg_catalog pg_views SYSTEM VIEW NO 1 -system information_schema plugins SYSTEM VIEW NO 1 -system public privileges BASE TABLE YES 1 -system information_schema processlist SYSTEM VIEW NO 1 -system information_schema profiling SYSTEM VIEW NO 1 -system public protected_ts_meta BASE TABLE YES 1 -system public protected_ts_records BASE TABLE YES 1 -system public rangelog BASE TABLE YES 1 -system crdb_internal ranges SYSTEM VIEW NO 1 -system crdb_internal ranges_no_leases SYSTEM VIEW NO 1 -system information_schema referential_constraints SYSTEM VIEW NO 1 -system public region_liveness BASE TABLE YES 1 -system crdb_internal regions SYSTEM VIEW NO 1 -system public replication_constraint_stats BASE TABLE YES 1 -system public replication_critical_localities BASE TABLE YES 1 -system public replication_stats BASE TABLE YES 1 -system public reports_meta BASE TABLE YES 1 -system information_schema resource_groups SYSTEM VIEW NO 1 -system information_schema role_column_grants SYSTEM VIEW NO 1 -system public role_members BASE TABLE YES 1 -system public role_options BASE TABLE YES 2 -system information_schema role_routine_grants SYSTEM VIEW NO 1 -system information_schema role_table_grants SYSTEM VIEW NO 1 -system information_schema role_udt_grants SYSTEM VIEW NO 1 -system information_schema role_usage_grants SYSTEM VIEW NO 1 -system information_schema routine_privileges SYSTEM VIEW NO 1 -system information_schema routines SYSTEM VIEW NO 1 -system public scheduled_jobs BASE TABLE YES 1 -system crdb_internal schema_changes SYSTEM VIEW NO 1 -system information_schema schema_privileges SYSTEM VIEW NO 1 -system information_schema schemata SYSTEM VIEW NO 1 -system information_schema schemata_extensions SYSTEM VIEW NO 1 -system information_schema sequences SYSTEM VIEW NO 1 -system crdb_internal session_trace SYSTEM VIEW NO 1 -system crdb_internal session_variables SYSTEM VIEW NO 1 -system information_schema session_variables SYSTEM VIEW NO 1 -system public settings BASE TABLE YES 1 -system public span_configurations BASE TABLE YES 1 -system public span_stats_buckets BASE TABLE YES 1 -system public span_stats_samples BASE TABLE YES 1 -system public span_stats_tenant_boundaries BASE TABLE YES 1 -system public span_stats_unique_keys BASE TABLE YES 1 -system pg_extension spatial_ref_sys SYSTEM VIEW NO 1 -system information_schema sql_features SYSTEM VIEW NO 1 -system information_schema sql_implementation_info SYSTEM VIEW NO 1 -system public sql_instances BASE TABLE YES 1 -system information_schema sql_parts SYSTEM VIEW NO 1 -system information_schema sql_sizing SYSTEM VIEW NO 1 -system public sqlliveness BASE TABLE YES 1 -system information_schema st_geometry_columns SYSTEM VIEW NO 1 -system information_schema st_spatial_reference_systems SYSTEM VIEW NO 1 -system information_schema st_units_of_measure SYSTEM VIEW NO 1 -system crdb_internal statement_activity SYSTEM VIEW NO 1 -system public statement_activity BASE TABLE YES 1 -system public statement_bundle_chunks BASE TABLE YES 1 -system public statement_diagnostics BASE TABLE YES 1 -system public statement_diagnostics_requests BASE TABLE YES 1 -system public statement_execution_insights BASE TABLE YES 1 -system crdb_internal statement_statistics SYSTEM VIEW NO 1 -system public statement_statistics BASE TABLE YES 1 -system crdb_internal statement_statistics_persisted SYSTEM VIEW NO 1 -system crdb_internal statement_statistics_persisted_v22_2 SYSTEM VIEW NO 1 -system information_schema statistics SYSTEM VIEW NO 1 -system crdb_internal super_regions SYSTEM VIEW NO 1 -system crdb_internal system_jobs SYSTEM VIEW NO 1 -system crdb_internal table_columns SYSTEM VIEW NO 1 -system information_schema table_constraints SYSTEM VIEW NO 1 -system information_schema table_constraints_extensions SYSTEM VIEW NO 1 -system crdb_internal table_indexes SYSTEM VIEW NO 1 -system information_schema table_privileges SYSTEM VIEW NO 1 -system crdb_internal table_row_statistics SYSTEM VIEW NO 1 -system crdb_internal table_spans SYSTEM VIEW NO 1 -system public table_statistics BASE TABLE YES 1 -system crdb_internal tables SYSTEM VIEW NO 1 -system information_schema tables SYSTEM VIEW NO 1 -system information_schema tables_extensions SYSTEM VIEW NO 1 -system information_schema tablespaces SYSTEM VIEW NO 1 -system information_schema tablespaces_extensions SYSTEM VIEW NO 1 -system public task_payloads BASE TABLE YES 1 -system public tenant_settings BASE TABLE YES 1 -system public tenant_tasks BASE TABLE YES 1 -system public tenant_usage BASE TABLE YES 1 -system crdb_internal tenant_usage_details SYSTEM VIEW NO 1 -system public tenants BASE TABLE YES 1 -system crdb_internal transaction_activity SYSTEM VIEW NO 1 -system public transaction_activity BASE TABLE YES 1 -system crdb_internal transaction_contention_events SYSTEM VIEW NO 1 -system public transaction_execution_insights BASE TABLE YES 1 -system crdb_internal transaction_statistics SYSTEM VIEW NO 1 -system public transaction_statistics BASE TABLE YES 1 -system crdb_internal transaction_statistics_persisted SYSTEM VIEW NO 1 -system crdb_internal transaction_statistics_persisted_v22_2 SYSTEM VIEW NO 1 -system information_schema transforms SYSTEM VIEW NO 1 -system information_schema triggered_update_columns SYSTEM VIEW NO 1 -system information_schema triggers SYSTEM VIEW NO 1 -system information_schema type_privileges SYSTEM VIEW NO 1 -system information_schema udt_privileges SYSTEM VIEW NO 1 -system public ui BASE TABLE YES 1 -system information_schema usage_privileges SYSTEM VIEW NO 1 -system information_schema user_attributes SYSTEM VIEW NO 1 -system information_schema user_defined_types SYSTEM VIEW NO 1 -system information_schema user_mapping_options SYSTEM VIEW NO 1 -system information_schema user_mappings SYSTEM VIEW NO 1 -system information_schema user_privileges SYSTEM VIEW NO 1 -system public users BASE TABLE YES 2 -system information_schema view_column_usage SYSTEM VIEW NO 1 -system information_schema view_routine_usage SYSTEM VIEW NO 1 -system information_schema view_table_usage SYSTEM VIEW NO 1 -system information_schema views SYSTEM VIEW NO 1 -system public web_sessions BASE TABLE YES 1 -system crdb_internal zones SYSTEM VIEW NO 1 -system public zones BASE TABLE YES 1 +table_catalog table_schema table_name table_type is_insertable_into +system crdb_internal active_range_feeds SYSTEM VIEW NO +system information_schema administrable_role_authorizations SYSTEM VIEW NO +system information_schema applicable_roles SYSTEM VIEW NO +system information_schema attributes SYSTEM VIEW NO +system crdb_internal backward_dependencies SYSTEM VIEW NO +system crdb_internal builtin_functions SYSTEM VIEW NO +system information_schema character_sets SYSTEM VIEW NO +system information_schema check_constraint_routine_usage SYSTEM VIEW NO +system information_schema check_constraints SYSTEM VIEW NO +system crdb_internal cluster_contended_indexes SYSTEM VIEW NO +system crdb_internal cluster_contended_keys SYSTEM VIEW NO +system crdb_internal cluster_contended_tables SYSTEM VIEW NO +system crdb_internal cluster_contention_events SYSTEM VIEW NO +system crdb_internal cluster_database_privileges SYSTEM VIEW NO +system crdb_internal cluster_distsql_flows SYSTEM VIEW NO +system crdb_internal cluster_execution_insights SYSTEM VIEW NO +system crdb_internal cluster_inflight_traces SYSTEM VIEW NO +system crdb_internal cluster_locks SYSTEM VIEW NO +system crdb_internal cluster_queries SYSTEM VIEW NO +system crdb_internal cluster_sessions SYSTEM VIEW NO +system crdb_internal cluster_settings SYSTEM VIEW NO +system crdb_internal cluster_statement_statistics SYSTEM VIEW NO +system crdb_internal cluster_transaction_statistics SYSTEM VIEW NO +system crdb_internal cluster_transactions SYSTEM VIEW NO +system crdb_internal cluster_txn_execution_insights SYSTEM VIEW NO +system information_schema collation_character_set_applicability SYSTEM VIEW NO +system information_schema collations SYSTEM VIEW NO +system information_schema column_column_usage SYSTEM VIEW NO +system information_schema column_domain_usage SYSTEM VIEW NO +system information_schema column_options SYSTEM VIEW NO +system information_schema column_privileges SYSTEM VIEW NO +system information_schema column_statistics SYSTEM VIEW NO +system information_schema column_udt_usage SYSTEM VIEW NO +system information_schema columns SYSTEM VIEW NO +system information_schema columns_extensions SYSTEM VIEW NO +system public comments BASE TABLE YES +system information_schema constraint_column_usage SYSTEM VIEW NO +system information_schema constraint_table_usage SYSTEM VIEW NO +system crdb_internal create_function_statements SYSTEM VIEW NO +system crdb_internal create_procedure_statements SYSTEM VIEW NO +system crdb_internal create_schema_statements SYSTEM VIEW NO +system crdb_internal create_statements SYSTEM VIEW NO +system crdb_internal create_type_statements SYSTEM VIEW NO +system crdb_internal cross_db_references SYSTEM VIEW NO +system information_schema data_type_privileges SYSTEM VIEW NO +system public database_role_settings BASE TABLE YES +system crdb_internal databases SYSTEM VIEW NO +system crdb_internal default_privileges SYSTEM VIEW NO +system public descriptor BASE TABLE YES +system information_schema domain_constraints SYSTEM VIEW NO +system information_schema domain_udt_usage SYSTEM VIEW NO +system information_schema domains SYSTEM VIEW NO +system information_schema element_types SYSTEM VIEW NO +system information_schema enabled_roles SYSTEM VIEW NO +system information_schema engines SYSTEM VIEW NO +system public eventlog BASE TABLE YES +system information_schema events SYSTEM VIEW NO +system public external_connections BASE TABLE YES +system crdb_internal feature_usage SYSTEM VIEW NO +system information_schema files SYSTEM VIEW NO +system information_schema foreign_data_wrapper_options SYSTEM VIEW NO +system information_schema foreign_data_wrappers SYSTEM VIEW NO +system information_schema foreign_server_options SYSTEM VIEW NO +system information_schema foreign_servers SYSTEM VIEW NO +system information_schema foreign_table_options SYSTEM VIEW NO +system information_schema foreign_tables SYSTEM VIEW NO +system crdb_internal forward_dependencies SYSTEM VIEW NO +system pg_extension geography_columns SYSTEM VIEW NO +system pg_extension geometry_columns SYSTEM VIEW NO +system crdb_internal gossip_alerts SYSTEM VIEW NO +system crdb_internal gossip_liveness SYSTEM VIEW NO +system crdb_internal gossip_network SYSTEM VIEW NO +system crdb_internal gossip_nodes SYSTEM VIEW NO +system crdb_internal index_columns SYSTEM VIEW NO +system crdb_internal index_spans SYSTEM VIEW NO +system crdb_internal index_usage_statistics SYSTEM VIEW NO +system information_schema information_schema_catalog_name SYSTEM VIEW NO +system crdb_internal invalid_objects SYSTEM VIEW NO +system public job_info BASE TABLE YES +system crdb_internal jobs SYSTEM VIEW NO +system public jobs BASE TABLE YES +system public join_tokens BASE TABLE YES +system information_schema key_column_usage SYSTEM VIEW NO +system information_schema keywords SYSTEM VIEW NO +system crdb_internal kv_builtin_function_comments SYSTEM VIEW NO +system crdb_internal kv_catalog_comments SYSTEM VIEW NO +system crdb_internal kv_catalog_descriptor SYSTEM VIEW NO +system crdb_internal kv_catalog_namespace SYSTEM VIEW NO +system crdb_internal kv_catalog_zones SYSTEM VIEW NO +system crdb_internal kv_dropped_relations SYSTEM VIEW NO +system crdb_internal kv_flow_control_handles SYSTEM VIEW NO +system crdb_internal kv_flow_controller SYSTEM VIEW NO +system crdb_internal kv_flow_token_deductions SYSTEM VIEW NO +system crdb_internal kv_inherited_role_members SYSTEM VIEW NO +system crdb_internal kv_node_liveness SYSTEM VIEW NO +system crdb_internal kv_node_status SYSTEM VIEW NO +system crdb_internal kv_protected_ts_records SYSTEM VIEW NO +system crdb_internal kv_repairable_catalog_corruptions SYSTEM VIEW NO +system crdb_internal kv_store_status SYSTEM VIEW NO +system crdb_internal kv_system_privileges SYSTEM VIEW NO +system public lease BASE TABLE YES +system crdb_internal leases SYSTEM VIEW NO +system public locations BASE TABLE YES +system crdb_internal lost_descriptors_with_data SYSTEM VIEW NO +system public migrations BASE TABLE YES +system public mvcc_statistics BASE TABLE YES +system public namespace BASE TABLE YES +system crdb_internal node_build_info SYSTEM VIEW NO +system crdb_internal node_contention_events SYSTEM VIEW NO +system crdb_internal node_distsql_flows SYSTEM VIEW NO +system crdb_internal node_execution_insights SYSTEM VIEW NO +system crdb_internal node_inflight_trace_spans SYSTEM VIEW NO +system crdb_internal node_memory_monitors SYSTEM VIEW NO +system crdb_internal node_metrics SYSTEM VIEW NO +system crdb_internal node_queries SYSTEM VIEW NO +system crdb_internal node_runtime_info SYSTEM VIEW NO +system crdb_internal node_sessions SYSTEM VIEW NO +system crdb_internal node_statement_statistics SYSTEM VIEW NO +system crdb_internal node_tenant_capabilities_cache SYSTEM VIEW NO +system crdb_internal node_transaction_statistics SYSTEM VIEW NO +system crdb_internal node_transactions SYSTEM VIEW NO +system crdb_internal node_txn_execution_insights SYSTEM VIEW NO +system crdb_internal node_txn_stats SYSTEM VIEW NO +system information_schema optimizer_trace SYSTEM VIEW NO +system information_schema parameters SYSTEM VIEW NO +system crdb_internal partitions SYSTEM VIEW NO +system information_schema partitions SYSTEM VIEW NO +system pg_catalog pg_aggregate SYSTEM VIEW NO +system pg_catalog pg_am SYSTEM VIEW NO +system pg_catalog pg_amop SYSTEM VIEW NO +system pg_catalog pg_amproc SYSTEM VIEW NO +system pg_catalog pg_attrdef SYSTEM VIEW NO +system pg_catalog pg_attribute SYSTEM VIEW NO +system pg_catalog pg_auth_members SYSTEM VIEW NO +system pg_catalog pg_authid SYSTEM VIEW NO +system pg_catalog pg_available_extension_versions SYSTEM VIEW NO +system pg_catalog pg_available_extensions SYSTEM VIEW NO +system pg_catalog pg_cast SYSTEM VIEW NO +system crdb_internal pg_catalog_table_is_implemented SYSTEM VIEW NO +system pg_catalog pg_class SYSTEM VIEW NO +system pg_catalog pg_collation SYSTEM VIEW NO +system pg_catalog pg_config SYSTEM VIEW NO +system pg_catalog pg_constraint SYSTEM VIEW NO +system pg_catalog pg_conversion SYSTEM VIEW NO +system pg_catalog pg_cursors SYSTEM VIEW NO +system pg_catalog pg_database SYSTEM VIEW NO +system pg_catalog pg_db_role_setting SYSTEM VIEW NO +system pg_catalog pg_default_acl SYSTEM VIEW NO +system pg_catalog pg_depend SYSTEM VIEW NO +system pg_catalog pg_description SYSTEM VIEW NO +system pg_catalog pg_enum SYSTEM VIEW NO +system pg_catalog pg_event_trigger SYSTEM VIEW NO +system pg_catalog pg_extension SYSTEM VIEW NO +system pg_catalog pg_file_settings SYSTEM VIEW NO +system pg_catalog pg_foreign_data_wrapper SYSTEM VIEW NO +system pg_catalog pg_foreign_server SYSTEM VIEW NO +system pg_catalog pg_foreign_table SYSTEM VIEW NO +system pg_catalog pg_group SYSTEM VIEW NO +system pg_catalog pg_hba_file_rules SYSTEM VIEW NO +system pg_catalog pg_index SYSTEM VIEW NO +system pg_catalog pg_indexes SYSTEM VIEW NO +system pg_catalog pg_inherits SYSTEM VIEW NO +system pg_catalog pg_init_privs SYSTEM VIEW NO +system pg_catalog pg_language SYSTEM VIEW NO +system pg_catalog pg_largeobject SYSTEM VIEW NO +system pg_catalog pg_largeobject_metadata SYSTEM VIEW NO +system pg_catalog pg_locks SYSTEM VIEW NO +system pg_catalog pg_matviews SYSTEM VIEW NO +system pg_catalog pg_namespace SYSTEM VIEW NO +system pg_catalog pg_opclass SYSTEM VIEW NO +system pg_catalog pg_operator SYSTEM VIEW NO +system pg_catalog pg_opfamily SYSTEM VIEW NO +system pg_catalog pg_partitioned_table SYSTEM VIEW NO +system pg_catalog pg_policies SYSTEM VIEW NO +system pg_catalog pg_policy SYSTEM VIEW NO +system pg_catalog pg_prepared_statements SYSTEM VIEW NO +system pg_catalog pg_prepared_xacts SYSTEM VIEW NO +system pg_catalog pg_proc SYSTEM VIEW NO +system pg_catalog pg_publication SYSTEM VIEW NO +system pg_catalog pg_publication_rel SYSTEM VIEW NO +system pg_catalog pg_publication_tables SYSTEM VIEW NO +system pg_catalog pg_range SYSTEM VIEW NO +system pg_catalog pg_replication_origin SYSTEM VIEW NO +system pg_catalog pg_replication_origin_status SYSTEM VIEW NO +system pg_catalog pg_replication_slots SYSTEM VIEW NO +system pg_catalog pg_rewrite SYSTEM VIEW NO +system pg_catalog pg_roles SYSTEM VIEW NO +system pg_catalog pg_rules SYSTEM VIEW NO +system pg_catalog pg_seclabel SYSTEM VIEW NO +system pg_catalog pg_seclabels SYSTEM VIEW NO +system pg_catalog pg_sequence SYSTEM VIEW NO +system pg_catalog pg_sequences SYSTEM VIEW NO +system pg_catalog pg_settings SYSTEM VIEW NO +system pg_catalog pg_shadow SYSTEM VIEW NO +system pg_catalog pg_shdepend SYSTEM VIEW NO +system pg_catalog pg_shdescription SYSTEM VIEW NO +system pg_catalog pg_shmem_allocations SYSTEM VIEW NO +system pg_catalog pg_shseclabel SYSTEM VIEW NO +system pg_catalog pg_stat_activity SYSTEM VIEW NO +system pg_catalog pg_stat_all_indexes SYSTEM VIEW NO +system pg_catalog pg_stat_all_tables SYSTEM VIEW NO +system pg_catalog pg_stat_archiver SYSTEM VIEW NO +system pg_catalog pg_stat_bgwriter SYSTEM VIEW NO +system pg_catalog pg_stat_database SYSTEM VIEW NO +system pg_catalog pg_stat_database_conflicts SYSTEM VIEW NO +system pg_catalog pg_stat_gssapi SYSTEM VIEW NO +system pg_catalog pg_stat_progress_analyze SYSTEM VIEW NO +system pg_catalog pg_stat_progress_basebackup SYSTEM VIEW NO +system pg_catalog pg_stat_progress_cluster SYSTEM VIEW NO +system pg_catalog pg_stat_progress_create_index SYSTEM VIEW NO +system pg_catalog pg_stat_progress_vacuum SYSTEM VIEW NO +system pg_catalog pg_stat_replication SYSTEM VIEW NO +system pg_catalog pg_stat_slru SYSTEM VIEW NO +system pg_catalog pg_stat_ssl SYSTEM VIEW NO +system pg_catalog pg_stat_subscription SYSTEM VIEW NO +system pg_catalog pg_stat_sys_indexes SYSTEM VIEW NO +system pg_catalog pg_stat_sys_tables SYSTEM VIEW NO +system pg_catalog pg_stat_user_functions SYSTEM VIEW NO +system pg_catalog pg_stat_user_indexes SYSTEM VIEW NO +system pg_catalog pg_stat_user_tables SYSTEM VIEW NO +system pg_catalog pg_stat_wal_receiver SYSTEM VIEW NO +system pg_catalog pg_stat_xact_all_tables SYSTEM VIEW NO +system pg_catalog pg_stat_xact_sys_tables SYSTEM VIEW NO +system pg_catalog pg_stat_xact_user_functions SYSTEM VIEW NO +system pg_catalog pg_stat_xact_user_tables SYSTEM VIEW NO +system pg_catalog pg_statio_all_indexes SYSTEM VIEW NO +system pg_catalog pg_statio_all_sequences SYSTEM VIEW NO +system pg_catalog pg_statio_all_tables SYSTEM VIEW NO +system pg_catalog pg_statio_sys_indexes SYSTEM VIEW NO +system pg_catalog pg_statio_sys_sequences SYSTEM VIEW NO +system pg_catalog pg_statio_sys_tables SYSTEM VIEW NO +system pg_catalog pg_statio_user_indexes SYSTEM VIEW NO +system pg_catalog pg_statio_user_sequences SYSTEM VIEW NO +system pg_catalog pg_statio_user_tables SYSTEM VIEW NO +system pg_catalog pg_statistic SYSTEM VIEW NO +system pg_catalog pg_statistic_ext SYSTEM VIEW NO +system pg_catalog pg_statistic_ext_data SYSTEM VIEW NO +system pg_catalog pg_stats SYSTEM VIEW NO +system pg_catalog pg_stats_ext SYSTEM VIEW NO +system pg_catalog pg_subscription SYSTEM VIEW NO +system pg_catalog pg_subscription_rel SYSTEM VIEW NO +system pg_catalog pg_tables SYSTEM VIEW NO +system pg_catalog pg_tablespace SYSTEM VIEW NO +system pg_catalog pg_timezone_abbrevs SYSTEM VIEW NO +system pg_catalog pg_timezone_names SYSTEM VIEW NO +system pg_catalog pg_transform SYSTEM VIEW NO +system pg_catalog pg_trigger SYSTEM VIEW NO +system pg_catalog pg_ts_config SYSTEM VIEW NO +system pg_catalog pg_ts_config_map SYSTEM VIEW NO +system pg_catalog pg_ts_dict SYSTEM VIEW NO +system pg_catalog pg_ts_parser SYSTEM VIEW NO +system pg_catalog pg_ts_template SYSTEM VIEW NO +system pg_catalog pg_type SYSTEM VIEW NO +system pg_catalog pg_user SYSTEM VIEW NO +system pg_catalog pg_user_mapping SYSTEM VIEW NO +system pg_catalog pg_user_mappings SYSTEM VIEW NO +system pg_catalog pg_views SYSTEM VIEW NO +system information_schema plugins SYSTEM VIEW NO +system public privileges BASE TABLE YES +system information_schema processlist SYSTEM VIEW NO +system information_schema profiling SYSTEM VIEW NO +system public protected_ts_meta BASE TABLE YES +system public protected_ts_records BASE TABLE YES +system public rangelog BASE TABLE YES +system crdb_internal ranges SYSTEM VIEW NO +system crdb_internal ranges_no_leases SYSTEM VIEW NO +system information_schema referential_constraints SYSTEM VIEW NO +system public region_liveness BASE TABLE YES +system crdb_internal regions SYSTEM VIEW NO +system public replication_constraint_stats BASE TABLE YES +system public replication_critical_localities BASE TABLE YES +system public replication_stats BASE TABLE YES +system public reports_meta BASE TABLE YES +system information_schema resource_groups SYSTEM VIEW NO +system information_schema role_column_grants SYSTEM VIEW NO +system public role_members BASE TABLE YES +system public role_options BASE TABLE YES +system information_schema role_routine_grants SYSTEM VIEW NO +system information_schema role_table_grants SYSTEM VIEW NO +system information_schema role_udt_grants SYSTEM VIEW NO +system information_schema role_usage_grants SYSTEM VIEW NO +system information_schema routine_privileges SYSTEM VIEW NO +system information_schema routines SYSTEM VIEW NO +system public scheduled_jobs BASE TABLE YES +system crdb_internal schema_changes SYSTEM VIEW NO +system information_schema schema_privileges SYSTEM VIEW NO +system information_schema schemata SYSTEM VIEW NO +system information_schema schemata_extensions SYSTEM VIEW NO +system information_schema sequences SYSTEM VIEW NO +system crdb_internal session_trace SYSTEM VIEW NO +system crdb_internal session_variables SYSTEM VIEW NO +system information_schema session_variables SYSTEM VIEW NO +system public settings BASE TABLE YES +system public span_configurations BASE TABLE YES +system public span_stats_buckets BASE TABLE YES +system public span_stats_samples BASE TABLE YES +system public span_stats_tenant_boundaries BASE TABLE YES +system public span_stats_unique_keys BASE TABLE YES +system pg_extension spatial_ref_sys SYSTEM VIEW NO +system information_schema sql_features SYSTEM VIEW NO +system information_schema sql_implementation_info SYSTEM VIEW NO +system public sql_instances BASE TABLE YES +system information_schema sql_parts SYSTEM VIEW NO +system information_schema sql_sizing SYSTEM VIEW NO +system public sqlliveness BASE TABLE YES +system information_schema st_geometry_columns SYSTEM VIEW NO +system information_schema st_spatial_reference_systems SYSTEM VIEW NO +system information_schema st_units_of_measure SYSTEM VIEW NO +system crdb_internal statement_activity SYSTEM VIEW NO +system public statement_activity BASE TABLE YES +system public statement_bundle_chunks BASE TABLE YES +system public statement_diagnostics BASE TABLE YES +system public statement_diagnostics_requests BASE TABLE YES +system public statement_execution_insights BASE TABLE YES +system crdb_internal statement_statistics SYSTEM VIEW NO +system public statement_statistics BASE TABLE YES +system crdb_internal statement_statistics_persisted SYSTEM VIEW NO +system crdb_internal statement_statistics_persisted_v22_2 SYSTEM VIEW NO +system information_schema statistics SYSTEM VIEW NO +system crdb_internal super_regions SYSTEM VIEW NO +system crdb_internal system_jobs SYSTEM VIEW NO +system crdb_internal table_columns SYSTEM VIEW NO +system information_schema table_constraints SYSTEM VIEW NO +system information_schema table_constraints_extensions SYSTEM VIEW NO +system crdb_internal table_indexes SYSTEM VIEW NO +system information_schema table_privileges SYSTEM VIEW NO +system crdb_internal table_row_statistics SYSTEM VIEW NO +system crdb_internal table_spans SYSTEM VIEW NO +system public table_statistics BASE TABLE YES +system crdb_internal tables SYSTEM VIEW NO +system information_schema tables SYSTEM VIEW NO +system information_schema tables_extensions SYSTEM VIEW NO +system information_schema tablespaces SYSTEM VIEW NO +system information_schema tablespaces_extensions SYSTEM VIEW NO +system public task_payloads BASE TABLE YES +system public tenant_settings BASE TABLE YES +system public tenant_tasks BASE TABLE YES +system public tenant_usage BASE TABLE YES +system crdb_internal tenant_usage_details SYSTEM VIEW NO +system public tenants BASE TABLE YES +system crdb_internal transaction_activity SYSTEM VIEW NO +system public transaction_activity BASE TABLE YES +system crdb_internal transaction_contention_events SYSTEM VIEW NO +system public transaction_execution_insights BASE TABLE YES +system crdb_internal transaction_statistics SYSTEM VIEW NO +system public transaction_statistics BASE TABLE YES +system crdb_internal transaction_statistics_persisted SYSTEM VIEW NO +system crdb_internal transaction_statistics_persisted_v22_2 SYSTEM VIEW NO +system information_schema transforms SYSTEM VIEW NO +system information_schema triggered_update_columns SYSTEM VIEW NO +system information_schema triggers SYSTEM VIEW NO +system information_schema type_privileges SYSTEM VIEW NO +system information_schema udt_privileges SYSTEM VIEW NO +system public ui BASE TABLE YES +system information_schema usage_privileges SYSTEM VIEW NO +system information_schema user_attributes SYSTEM VIEW NO +system information_schema user_defined_types SYSTEM VIEW NO +system information_schema user_mapping_options SYSTEM VIEW NO +system information_schema user_mappings SYSTEM VIEW NO +system information_schema user_privileges SYSTEM VIEW NO +system public users BASE TABLE YES +system information_schema view_column_usage SYSTEM VIEW NO +system information_schema view_routine_usage SYSTEM VIEW NO +system information_schema view_table_usage SYSTEM VIEW NO +system information_schema views SYSTEM VIEW NO +system public web_sessions BASE TABLE YES +system crdb_internal zones SYSTEM VIEW NO +system public zones BASE TABLE YES statement ok ALTER TABLE other_db.xyz ADD COLUMN j INT diff --git a/pkg/sql/logictest/testdata/logic_test/jobs b/pkg/sql/logictest/testdata/logic_test/jobs index f285c5237d91..4755f4cc13b9 100644 --- a/pkg/sql/logictest/testdata/logic_test/jobs +++ b/pkg/sql/logictest/testdata/logic_test/jobs @@ -28,6 +28,7 @@ AND job_type LIKE 'SCHEMA CHANGE%' ORDER BY 1, 2, 3 ---- SCHEMA CHANGE CREATE INDEX ON test.public.t (x) root SCHEMA CHANGE updating privileges for database 104 root +SCHEMA CHANGE updating version for role membership table root SCHEMA CHANGE updating version for role options table root SCHEMA CHANGE updating version for users table root SCHEMA CHANGE GC GC for temporary index used during index backfill root @@ -38,6 +39,7 @@ AND job_type LIKE 'SCHEMA CHANGE%' ORDER BY 1, 2, 3 ---- SCHEMA CHANGE CREATE INDEX ON test.public.t (x) root SCHEMA CHANGE updating privileges for database 104 root +SCHEMA CHANGE updating version for role membership table root SCHEMA CHANGE updating version for role options table root SCHEMA CHANGE updating version for users table root SCHEMA CHANGE GC GC for temporary index used during index backfill root @@ -92,6 +94,7 @@ AND job_type LIKE 'SCHEMA CHANGE%' ORDER BY 1, 2, 3 SCHEMA CHANGE CREATE INDEX ON test.public.t (x) root SCHEMA CHANGE CREATE INDEX ON test.public.u (x) testuser SCHEMA CHANGE updating privileges for database 104 root +SCHEMA CHANGE updating version for role membership table root SCHEMA CHANGE updating version for role options table root SCHEMA CHANGE updating version for users table root SCHEMA CHANGE GC GC for temporary index used during index backfill root @@ -105,6 +108,7 @@ AUTO SPAN CONFIG RECONCILIATION reconciling span configurations SCHEMA CHANGE CREATE INDEX ON test.public.t (x) root SCHEMA CHANGE CREATE INDEX ON test.public.u (x) testuser SCHEMA CHANGE updating privileges for database 104 root +SCHEMA CHANGE updating version for role membership table root SCHEMA CHANGE updating version for role options table root SCHEMA CHANGE updating version for users table root SCHEMA CHANGE GC GC for temporary index used during index backfill root diff --git a/pkg/sql/opt/cat/catalog.go b/pkg/sql/opt/cat/catalog.go index 878dbbc88581..4fa7cf8f63ee 100644 --- a/pkg/sql/opt/cat/catalog.go +++ b/pkg/sql/opt/cat/catalog.go @@ -199,8 +199,8 @@ type Catalog interface { // object itself changing (e.g. when a database is renamed). FullyQualifiedName(ctx context.Context, ds DataSource) (DataSourceName, error) - // RoleExists returns true if the role exists. - RoleExists(ctx context.Context, role username.SQLUsername) (bool, error) + // CheckRoleExists returns an error if the role does not exist. + CheckRoleExists(ctx context.Context, role username.SQLUsername) error // Optimizer returns the query Optimizer used to optimize SQL statements // referencing objects in this catalog, if any. diff --git a/pkg/sql/opt/testutils/testcat/test_catalog.go b/pkg/sql/opt/testutils/testcat/test_catalog.go index b7de27b8c504..53d17f0da648 100644 --- a/pkg/sql/opt/testutils/testcat/test_catalog.go +++ b/pkg/sql/opt/testutils/testcat/test_catalog.go @@ -321,9 +321,9 @@ func (tc *Catalog) FullyQualifiedName( return ds.(dataSource).fqName(), nil } -// RoleExists is part of the cat.Catalog interface. -func (tc *Catalog) RoleExists(ctx context.Context, role username.SQLUsername) (bool, error) { - return true, nil +// CheckRoleExists is part of the cat.Catalog interface. +func (tc *Catalog) CheckRoleExists(ctx context.Context, role username.SQLUsername) error { + return nil } // Optimizer is part of the cat.Catalog interface. diff --git a/pkg/sql/opt_catalog.go b/pkg/sql/opt_catalog.go index 2bc0b397e26b..4d0c6d040b2a 100644 --- a/pkg/sql/opt_catalog.go +++ b/pkg/sql/opt_catalog.go @@ -496,9 +496,9 @@ func (oc *optCatalog) fullyQualifiedNameWithTxn( nil } -// RoleExists is part of the cat.Catalog interface. -func (oc *optCatalog) RoleExists(ctx context.Context, role username.SQLUsername) (bool, error) { - return oc.planner.RoleExists(ctx, role) +// CheckRoleExists is part of the cat.Catalog interface. +func (oc *optCatalog) CheckRoleExists(ctx context.Context, role username.SQLUsername) error { + return oc.planner.CheckRoleExists(ctx, role) } // Optimizer is part of the cat.Catalog interface. diff --git a/pkg/sql/planner.go b/pkg/sql/planner.go index a429c4541e44..9589366fd5d4 100644 --- a/pkg/sql/planner.go +++ b/pkg/sql/planner.go @@ -651,7 +651,6 @@ func (p *planner) InternalSQLTxn() descs.Txn { descCollection: p.Descriptors(), jobs: p.extendedEvalCtx.jobs, schemaChangerState: p.extendedEvalCtx.SchemaChangerState, - roleExistsCache: p.extendedEvalCtx.RoleExistsCache, } p.internalSQLTxn.init(p.txn, ie) } diff --git a/pkg/sql/reassign_owned_by.go b/pkg/sql/reassign_owned_by.go index 8c8dca497335..cf967c29391b 100644 --- a/pkg/sql/reassign_owned_by.go +++ b/pkg/sql/reassign_owned_by.go @@ -26,7 +26,6 @@ import ( "github.com/cockroachdb/cockroach/pkg/sql/pgwire/pgerror" "github.com/cockroachdb/cockroach/pkg/sql/sem/catconstants" "github.com/cockroachdb/cockroach/pkg/sql/sem/tree" - "github.com/cockroachdb/cockroach/pkg/sql/sqlerrors" "github.com/cockroachdb/cockroach/pkg/sql/sqltelemetry" "github.com/cockroachdb/errors" ) @@ -56,13 +55,9 @@ func (p *planner) ReassignOwnedBy(ctx context.Context, n *tree.ReassignOwnedBy) // is a member of old roles and new roles and has CREATE privilege. // Postgres first checks if the role exists before checking privileges. for _, oldRole := range normalizedOldRoles { - roleExists, err := p.RoleExists(ctx, oldRole) - if err != nil { + if err := p.CheckRoleExists(ctx, oldRole); err != nil { return nil, err } - if !roleExists { - return nil, sqlerrors.NewUndefinedUserError(oldRole) - } } newRole, err := decodeusername.FromRoleSpec( p.SessionData(), username.PurposeValidation, n.NewRole, @@ -70,11 +65,7 @@ func (p *planner) ReassignOwnedBy(ctx context.Context, n *tree.ReassignOwnedBy) if err != nil { return nil, err } - roleExists, err := p.RoleExists(ctx, newRole) - if !roleExists { - return nil, sqlerrors.NewUndefinedUserError(newRole) - } - if err != nil { + if err := p.CheckRoleExists(ctx, newRole); err != nil { return nil, err } diff --git a/pkg/sql/sem/eval/context.go b/pkg/sql/sem/eval/context.go index 49a2c4f8f5d6..5a5db9266e80 100644 --- a/pkg/sql/sem/eval/context.go +++ b/pkg/sql/sem/eval/context.go @@ -26,7 +26,6 @@ import ( "github.com/cockroachdb/cockroach/pkg/kv/kvserver/kvserverbase" "github.com/cockroachdb/cockroach/pkg/repstream/streampb" "github.com/cockroachdb/cockroach/pkg/roachpb" - "github.com/cockroachdb/cockroach/pkg/security/username" "github.com/cockroachdb/cockroach/pkg/settings/cluster" "github.com/cockroachdb/cockroach/pkg/sql/catalog/catpb" "github.com/cockroachdb/cockroach/pkg/sql/pgwire/pgcode" @@ -287,12 +286,6 @@ type Context struct { // execution until control returns to the parent routine. It is only valid // during local execution. It may be unset. RoutineSender DeferredRoutineSender - - // RoleExistsCache is a cache of role existence checks. This is used because - // role existence checks are made when checking privileges, which can happen - // multiple times during the execution of a single query. Only positive - // values are cached. This cache is populated from the extraTxnState. - RoleExistsCache map[username.SQLUsername]struct{} } // JobsProfiler is the interface used to fetch job specific execution details diff --git a/pkg/sql/sqlstats/sslocal/sql_stats_test.go b/pkg/sql/sqlstats/sslocal/sql_stats_test.go index ab961d4b9a5e..73150632a9ba 100644 --- a/pkg/sql/sqlstats/sslocal/sql_stats_test.go +++ b/pkg/sql/sqlstats/sslocal/sql_stats_test.go @@ -688,7 +688,7 @@ func TestUnprivilegedUserReset(t *testing.T) { defer s.Stopper().Stop(ctx) sqlConn := sqlutils.MakeSQLRunner(conn) - sqlConn.Exec(t, "CREATE USER nonAdminUser") + sqlConn.Exec(t, "CREATE USER non_admin_user") ie := s.InternalExecutor().(*sql.InternalExecutor) @@ -697,7 +697,7 @@ func TestUnprivilegedUserReset(t *testing.T) { "test-reset-sql-stats-as-non-admin-user", nil, /* txn */ sessiondata.InternalExecutorOverride{ - User: username.MakeSQLUsernameFromPreNormalizedString("nonAdminUser"), + User: username.MakeSQLUsernameFromPreNormalizedString("non_admin_user"), }, "SELECT crdb_internal.reset_sql_stats()", ) diff --git a/pkg/sql/user.go b/pkg/sql/user.go index c50109561c93..f627d03faa23 100644 --- a/pkg/sql/user.go +++ b/pkg/sql/user.go @@ -125,6 +125,9 @@ func GetUserSessionInitInfo( if err != nil { return err } + if !authInfo.UserExists { + return nil + } // Find whether the user is an admin and has the NOSQLLOGIN or REPLICATION // global privilege. These calls have their own caches, so it's OK to make @@ -187,8 +190,7 @@ func GetUserSessionInitInfo( } return nil - }, - ) + }) }); err != nil { log.Warningf(ctx, "user membership lookup for %q failed: %v", user, err) err = errors.Wrap(errors.Handled(err), "internal error while retrieving user account memberships") @@ -473,24 +475,21 @@ func (p *planner) GetAllRoles(ctx context.Context) (map[username.SQLUsername]boo return users, nil } -// RoleExists returns true if the role exists. If a role is found to exist, -// the existence will be cached for the duration of the transaction. -func (p *planner) RoleExists(ctx context.Context, role username.SQLUsername) (bool, error) { - cache := p.EvalContext().RoleExistsCache - if cache != nil { - if _, exists := cache[role]; exists { - return true, nil - } - } - exists, err := RoleExists(ctx, p.InternalSQLTxn(), role) - if cache != nil && exists { - cache[role] = struct{}{} +// CheckRoleExists returns an error if the role does not exist. It uses the +// role membership cache to avoid performing system table lookups in a hot path. +func (p *planner) CheckRoleExists(ctx context.Context, role username.SQLUsername) error { + if _, err := p.MemberOfWithAdminOption(ctx, role); err != nil { + return err } - return exists, err + return nil } -// RoleExists returns true if the role exists. +// RoleExists returns true if the role exists. This function does not use +// any cache. func RoleExists(ctx context.Context, txn isql.Txn, role username.SQLUsername) (bool, error) { + if role.IsNodeUser() || role.IsRootUser() || role.IsAdminRole() || role.IsPublicRole() { + return true, nil + } query := `SELECT username FROM system.users WHERE username = $1` row, err := txn.QueryRowEx( ctx, "read-users", txn.KV(), @@ -578,13 +577,9 @@ func (p *planner) setRole(ctx context.Context, local bool, s username.SQLUsernam if !s.IsNoneRole() && s != sessionUser { becomeUser = s - exists, err := p.RoleExists(ctx, becomeUser) - if err != nil { + if err := p.CheckRoleExists(ctx, becomeUser); err != nil { return err } - if !exists { - return sqlerrors.NewUndefinedUserError(becomeUser) - } } if err := p.checkCanBecomeUser(ctx, becomeUser); err != nil { @@ -644,6 +639,10 @@ func (p *planner) checkCanBecomeUser(ctx context.Context, becomeUser username.SQ if becomeUser.IsNoneRole() { return nil } + // No one, not even root, can become the public or node role. + if becomeUser.IsPublicRole() || becomeUser.IsNodeUser() { + return sqlerrors.NewUndefinedUserError(becomeUser) + } // Root users are able to become anyone. if sessionUser.IsRootUser() { return nil