MDEV-39993 Use CREATE OR REPLACE in sys schema to preserve grants dur…#5244
MDEV-39993 Use CREATE OR REPLACE in sys schema to preserve grants dur…#5244akshatnehra wants to merge 1 commit into
Conversation
…ing upgrade mariadb-upgrade re-installs sys schema routines using DROP IF EXISTS followed by CREATE. This destroys any EXECUTE grants previously granted on those routines in mysql.procs_priv, requiring DBAs to re-grant after every upgrade. Fix: replace DROP IF EXISTS + CREATE with CREATE OR REPLACE for all 53 sys schema stored functions and procedures. CREATE OR REPLACE atomically replaces the routine body while preserving existing grants, matching the pattern already used by sys schema views. All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request addresses MDEV-39993 by replacing the DROP and CREATE pattern with CREATE OR REPLACE for GIS and sys schema stored routines, which prevents existing EXECUTE grants from being dropped during a mariadb-upgrade. A new test case is also introduced to verify this behavior. The review feedback highlights that logging the full verbose output of mariadb-upgrade in the test makes it highly fragile to future schema changes or environmental differences. It is recommended to suppress this output using --disable_result_log and --enable_result_log around the upgrade executions.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| SHOW GRANTS FOR testuser@localhost; | ||
|
|
||
| --echo # Run mariadb-upgrade (re-installs sys schema) | ||
| --exec $MYSQL_UPGRADE --force 2>&1 |
There was a problem hiding this comment.
Logging the entire verbose output of mariadb-upgrade makes the test highly fragile and prone to failure. Any future changes to the mysql or sys schemas (such as adding, removing, or renaming tables/views), or running the test in environments with different storage engine configurations (e.g., with or without InnoDB enabled), will cause result mismatches and test failures.
It is highly recommended to wrap the $MYSQL_UPGRADE execution with --disable_result_log and --enable_result_log to suppress this output. The test's correctness is already verified by checking the grants and routine functionality before and after the upgrade.
--disable_result_log
--exec $MYSQL_UPGRADE --force 2>&1
--enable_result_log
There was a problem hiding this comment.
I have to agree here. it's a good suggestion.
|
|
||
| --echo # Verify CREATE OR REPLACE works for fresh routine (simulate new install) | ||
| DROP FUNCTION IF EXISTS sys.quote_identifier; | ||
| --exec $MYSQL_UPGRADE --force 2>&1 |
There was a problem hiding this comment.
Similarly, suppress the verbose output of the second mariadb-upgrade execution to prevent test fragility due to schema or environment differences.
--disable_result_log
--exec $MYSQL_UPGRADE --force 2>&1
--enable_result_log
|
I disagree with the Gemini bot's suggestion here. Other mysql_upgrade tests use the same pattern of logging the full $MYSQL_UPGRADE --force 2>&1 output without --disable_result_log. Keeping it consistent with existing conventions. |
gkodinov
added
the
External Contribution
gkodinov
left a comment
gkodinov
left a comment
There was a problem hiding this comment.
Thank you for your contribution! This is a preliminary review.
Please rebase to 10.11 : this is a bug fix and it needs to go to the lowest affected version.
Also, please watch the buildbot tests so they complete without errors that look related.
| SHOW GRANTS FOR testuser@localhost; | ||
|
|
||
| --echo # Run mariadb-upgrade (re-installs sys schema) | ||
| --exec $MYSQL_UPGRADE --force 2>&1 |
There was a problem hiding this comment.
I have to agree here. it's a good suggestion.
|
|
||
| --echo # Verify CREATE OR REPLACE works for fresh routine (simulate new install) | ||
| DROP FUNCTION IF EXISTS sys.quote_identifier; | ||
| --exec $MYSQL_UPGRADE --force 2>&1 |
| SHOW GRANTS FOR testuser@localhost; | ||
|
|
||
| --echo # Verify routines still work after replacement | ||
| SELECT sys.quote_identifier('test') AS quoted; |
There was a problem hiding this comment.
this is not a valid test IMHO: I'd test it with the actual user that is being created for the test.
| --exec $MYSQL_UPGRADE --force 2>&1 | ||
|
|
||
| --echo # Routine recreated successfully | ||
| SELECT sys.quote_identifier('test') AS quoted; |
There was a problem hiding this comment.
This is also not what should be tested. Of course the procedure will be recreated. And this is probably tested someplace else already. I'd suggest dropping the whole test part: it doesn't contribute to more coverage IMHO.
Instead you should be testing all of the affected procedures and functions in SYS: there's quite a number of them and you're just testing the one.
I'd add grants to all of the procedures to the test user and verify if all of these survive the upgrade.
2 participants
Description
This PR fixes MDEV-39993 where
mariadb-upgradedrops existingEXECUTEgrants on sys schema stored routines during upgrade because the installation scripts useDROP IF EXISTS+CREATEinstead ofCREATE OR REPLACE.When a DBA grants
EXECUTEon a sys schema routine (e.g.,GRANT EXECUTE ON FUNCTION sys.quote_identifier TO appuser@host), the grant is stored inmysql.procs_priv. During upgrade,DROP IF EXISTSremoves the routine and cascades to delete its grants. The subsequentCREATErecreates the routine but the grants are lost.The fix involves:
DROP FUNCTION/PROCEDURE IF EXISTS+CREATEwithCREATE OR REPLACEin all 55 sys schema stored routine scripts (28 functions + 25 procedures + 2 GIS procedures inmaria_add_gis_sp.sql.in)templates/function.sql,templates/procedure.sql) so future routines follow the same patternCREATE OR REPLACEatomically replaces the routine body while preserving existing grants — matching the pattern already used by sys schema viewsHow can this PR be tested?
Run the MTR test:
Or manually:
Results from my testing
Grants on
sys.quote_identifierandsys.table_existsare gone after upgrade.Grants preserved, routines functional.
Basing the PR against the correct MariaDB version
PR quality check
CODING_STANDARDS.mdfile and my PR conforms to this where appropriate.