Add --skip-privileges flag to skip table privilege diffing#275
Open
kjanoudi wants to merge 1 commit intostripe:mainfrom
Open
Add --skip-privileges flag to skip table privilege diffing#275kjanoudi wants to merge 1 commit intostripe:mainfrom
kjanoudi wants to merge 1 commit intostripe:mainfrom
Conversation
Add WithSkipTablePrivileges() plan option and --skip-privileges CLI flag that strips table privileges from both schemas before diffing. This allows plan generation to succeed when partitioned tables have privileges, which otherwise fails with "privileges on partitions: not implemented". Fixes stripe#269
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a
WithSkipTablePrivileges()plan option and corresponding--skip-privilegesCLI flag that strips table privileges from both the source and target schemas before diffing. This allows plan generation to succeed when partitioned tables have privileges, which otherwise fails with:Motivation
After #264 introduced table privilege support, databases with partitioned tables that have privileges assigned (e.g., via
GRANT) cannot generate migration plans. The privilege diff logic does not yet support partitions, so any privilege present on a partition causes plan generation to fail.This flag provides a workaround: users who don't need privilege diffing can skip it entirely, unblocking plan generation for schemas with partitioned tables.
Fixes #269
Changes
pkg/diff/plan_generator.go: AddedskipTablePrivilegesfield toplanOptionsandWithSkipTablePrivileges()exported option function. When enabled, calls the existingclearTablePrivileges()helper on both schemas before generating migration statements.cmd/pg-schema-diff/plan_cmd.go: Added--skip-privilegesboolean CLI flag wired to the new plan option.Test plan
go build ./...passesgo vet ./...passes--helpoutput shows the new flag with descriptionclearTablePrivileges()function (already used in plan validation) so the privilege-stripping behavior is well-established