Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add ability to set sql security option #379

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: Add ability to set sql security option #379

wants to merge 1 commit into from
+31 −3

Conversation

dev-mkc19
Copy link

@dev-mkc19 dev-mkc19 commented Nov 6, 2024
edited
Loading

resolve SQL security and definer logic #359

Summary

Starting from v.24.2 ClickHouse have sql security and definer logic (for view), this changes add ability to use this feature within dbt.

Checklist

Delete items not relevant to your PR:

  • Unit and integration tests covering the common scenarios were added
  • A human-readable description of the changes was provided to include in CHANGELOG
  • For significant changes, documentation in https://github.com/ClickHouse/clickhouse-docs was updated with further explanations or tutorials

feat: Add ability to set sql security option
3eff1ea 
resolve SQL security and definer logic ClickHouse#359
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

Mikhail K seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

@dev-mkc19
Copy link
Author

@genzgd Hi. Could you look at my changes quickly please. I have doubt with the following question:

  1. Is it appropriate implementation? (perhaps there are some hidden/unwritten rules which might block merge)
  2. Where to place tests? I couldn't find existing .py file with the test cases for view. Does the structure of py files fixed or I can create for instance tests/integration/adapter/view/test_base_view.py?
  3. Should I implement this feature for materialized views also or it's not necessary now?

@dev-mkc19
Copy link
Author

@BentsiLeviav @genzgd @3fonov Could you answer questions above?

BentsiLeviav
BentsiLeviav reviewed Dec 15, 2024
View reviewed changes
dbt/include/clickhouse/macros/materializations/view.sql
DEFINER = {{ definer }} SQL SECURITY DEFINER
{%- elif sql_security == 'invoker' %}
SQL SECURITY INVOKER
{%- elif sql_security == 'none' %}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we better keep this option unimplemented, as it is deprecated

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to be clear, I meant the none option, as the documentation indicates the following:

SQL SECURITY NONE is a deprecated option. Any user with the rights to create views with SQL SECURITY NONE will be able to execute any arbitrary query. Thus, it is required to have GRANT ALLOW SQL SECURITY NONE TO in order to create a view with this option.

@BentsiLeviav
Copy link
Contributor

Hi @dev-mkc19
Thank you for your contribution!

Per your questions:

  1. Yes. I left you one small comment.
  2. The path you mentioned is great; you can also add the base view test.
  3. I strongly recommend that, as it is not a heavy lift after what you have already implemented, and it will benefit the entire community (which uses MV extensively).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BentsiLeviav BentsiLeviav BentsiLeviav left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dev-mkc19 @CLAassistant @BentsiLeviav