Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature request: add SECURITY DEFINER to the postgresql Function #59

Closed
veledzimovich-iTechArt opened this issue May 21, 2024 · 3 comments · Fixed by #62
Closed

feature request: add SECURITY DEFINER to the postgresql Function #59

veledzimovich-iTechArt opened this issue May 21, 2024 · 3 comments · Fixed by #62

Comments

@veledzimovich-iTechArt
Copy link

veledzimovich-iTechArt commented May 21, 2024
edited
Loading

It would be nice to have the possibility to provide the SECURITY DEFINER directive as a field to the sqlalchemy_declarative_extensions.dialects.postgresql.Function, along with language or returns fields.

Because right now, we have to add it manually in our migration scripts.

op.execute(
        """
        CREATE FUNCTION my_view()
        RETURNS void
        SECURITY DEFINER  -- execute with the privileges of the owner [MANUALLY ADDED DIRECTIVE]
        LANGUAGE plpgsql AS $$
        BEGIN
            REFRESH MATERIALIZED VIEW my_view WITH DATA;
        END
        $$;
        """
)
@DanCardin
Copy link
Owner

language and returns are both already available, unless i'm missing a particular aspect of your question.

security definer at least seems straightforward to add. almost certainly security=FunctionSecurity.defineer and/or function.security_definer()

@DanCardin DanCardin mentioned this issue May 21, 2024
Merged
@DanCardin
Copy link
Owner

I'd appreciate it if you could test the PR out ahead of my merging it, to make sure it does what you're anticipating it do.

@veledzimovich-iTechArt
Copy link
Author

Thank you.

Everything generated correctly.

  1. I checked the case when the function was created for the first time.
def upgrade() -> None:
    # ### commands auto generated by Alembic - please adjust! ###
    op.execute(
        """CREATE FUNCTION refresh_my_view() RETURNS void SECURITY DEFINER LANGUAGE plpgsql AS $$
    BEGIN
        REFRESH MATERIALIZED VIEW my_view WITH DATA;
    END
    $$;"""
    )
    # ### end Alembic commands ###


def downgrade() -> None:
    # ### commands auto generated by Alembic - please adjust! ###
    op.execute("""DROP FUNCTION refresh_my_view();""")
    # ### end Alembic commands ###
  1. I checked the case when I had the function 'refresh_my_view' without SECURITY DEFINER. I added FunctionSecurity.definer to the existing function and ran alembic revision --autogenerate
def upgrade() -> None:
    # ### commands auto generated by Alembic - please adjust! ###
    op.execute(
        """CREATE OR REPLACE FUNCTION refresh_my_view() RETURNS void SECURITY DEFINER LANGUAGE plpgsql AS $$
    BEGIN
        REFRESH MATERIALIZED VIEW my_view WITH DATA;
    END
    $$;"""
    )
    # ### end Alembic commands ###


def downgrade() -> None:
    # ### commands auto generated by Alembic - please adjust! ###
    op.execute(
        """CREATE OR REPLACE FUNCTION refresh_my_view() RETURNS void LANGUAGE plpgsql AS $$
    BEGIN
        REFRESH MATERIALIZED VIEW my_view WITH DATA;
    END
    $$;"""
    )
    # ### end Alembic commands ###
  1. I checked the case when I had the function 'refresh_my_view' with SECURITY DEFINER. I removed FunctionSecurity.definer from the existing function and ran alembic revision check.
    As expected, I received an error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add function security option to postgres function. DanCardin/sqlalchemy-declarative-extensions
2 participants
@DanCardin @veledzimovich-iTechArt