Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return CATALOG/SCHEMA_NOT_FOUND for SHOW CREATE statements #23197

Closed
wants to merge 1 commit into from
Closed

Return CATALOG/SCHEMA_NOT_FOUND for SHOW CREATE statements #23197

wants to merge 1 commit into from
+60 −1

Conversation

wendigo
Copy link
Contributor

@wendigo wendigo commented Aug 30, 2024
edited
Loading

Fixes #23193

Description

Additional context and related issues

Release notes

( ) This is not user-visible or is docs only, and no release notes are required.
(x) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text:

# Section
* Fix some things. ({issue}`issuenumber`)

@cla-bot cla-bot bot added the cla-signed label Aug 30, 2024
ebyhr
ebyhr reviewed Aug 30, 2024
View reviewed changes
Copy link
Member

@ebyhr ebyhr left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we update TestShowQueries? What about views and materialized views?

@wendigo
Copy link
Contributor Author

wendigo commented Aug 30, 2024

@ebyhr I wanted to see what tests will fail first :)

@wendigo wendigo changed the title Return CATALOG/SCHEMA_NOT_FOUND for SHOW CREATE TABLE [WIP] Return CATALOG/SCHEMA_NOT_FOUND for SHOW CREATE TABLE Aug 30, 2024
@wendigo wendigo force-pushed the serafin/improve-error-message branch from 8f28612 to 4b7a7e0 Compare August 30, 2024 16:42
@wendigo wendigo changed the title [WIP] Return CATALOG/SCHEMA_NOT_FOUND for SHOW CREATE TABLE Return CATALOG/SCHEMA_NOT_FOUND for SHOW CREATE TABLE Aug 30, 2024
@wendigo wendigo changed the title Return CATALOG/SCHEMA_NOT_FOUND for SHOW CREATE TABLE Return CATALOG/SCHEMA_NOT_FOUND for SHOW CREATE statements Aug 30, 2024
@wendigo wendigo requested a review from ebyhr August 30, 2024 16:42
@wendigo wendigo force-pushed the serafin/improve-error-message branch from 4b7a7e0 to bcf873d Compare September 1, 2024 13:29
@wendigo wendigo requested a review from dain September 1, 2024 13:30
@github-actions github-actions bot added the hive Hive connector label Sep 1, 2024
@wendigo wendigo force-pushed the serafin/improve-error-message branch from bcf873d to 82242f6 Compare September 1, 2024 19:32
electrum
electrum approved these changes Sep 2, 2024
View reviewed changes
Copy link
Member

@electrum electrum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See security question, otherwise looks good

core/trino-main/src/main/java/io/trino/sql/rewrite/ShowQueriesRewrite.java
@@ -397,6 +397,10 @@ protected Node visitShowSchemas(ShowSchemas node, Void context)
}

String catalog = node.getCatalog().map(Identifier::getValue).orElseGet(() -> session.getCatalog().orElseThrow());
if (!metadata.catalogExists(session, catalog)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this change the security behavior in the case where io.trino.spi.security.SystemAccessControl#canAccessCatalog returns false?

I see that method is called from every method in AccessControlManager, so the below checkCanShowSchemas() would fail with Cannot access catalog if the user doesn't have access. After this change, would SHOW SCHEMAS start failing with CATALOG_NOT_FOUND instead of ACCESS_DENIED?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right now the code is inconsistent in different SHOW CREATE cases (i.e. SHOW CREATE SCHEMA checks for schema existence. I agree that the SHOW CREATE statements shouldn't reveal whether relation exists (even if the user has access to it) so I think that in both cases - relation does not exist or user has no access to it, we should throw not found exception. WDYT?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dain What do you think is the right behavior?

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 9, 2024

This pull request has gone a while without any activity. Tagging the Trino developer relations team: @bitsondatadev @colebow @mosabua

@github-actions github-actions bot added the stale label Oct 9, 2024
@wendigo wendigo closed this Oct 9, 2024
@mosabua
Copy link
Member

mosabua commented Oct 9, 2024

Accidentally closed ?

@wendigo
Copy link
Contributor Author

wendigo commented Oct 9, 2024

No, there is no consensus what should be the direction

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@electrum electrum electrum approved these changes

@martint martint Awaiting requested review from martint

@ebyhr ebyhr Awaiting requested review from ebyhr

@dain dain Awaiting requested review from dain

Assignees
No one assigned
Labels
cla-signed hive Hive connector stale
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Missing catalog error for show create is not consistent with others catalog missing errors
4 participants
@wendigo @mosabua @electrum @ebyhr