首页 项目目录 关于我们
Sign In
rust
/
Materialize
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
Materialize
/
misc
/
dbt-materialize
/
dbt
/
include
/
materialize
/
macros
/
deploy
/
deploy_init.sql

deploy_init.sql 10 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282 
  1. -- Copyright Materialize, Inc. and contributors. All rights reserved.
    2. 

  2. --
    3. 

  3. -- Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. -- you may not use this file except in compliance with the License.
    5. 

  5. -- You may obtain a copy of the License in the LICENSE file at the
    6. 

  6. -- root of this repository, or online at
    7. 

  7. --
    8. 

  8. --     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. --
    10. 

  10. -- Unless required by applicable law or agreed to in writing, software
    11. 

  11. -- distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. -- See the License for the specific language governing permissions and
    14. 

  14. -- limitations under the License.
    15. 

  15. 

  16. {% macro deploy_init(ignore_existing_objects=False) %}
    17. 

  17. 

  18. {% set current_target_name = target.name %}
    19. 

  19. {% set deployment = var('deployment') %}
    20. 

  20. {% set target_config = deployment[current_target_name] %}
    21. 

  21. 

  22. -- Check if the target-specific configuration exists
    23. 

  23. {% if not target_config %}
    24. 

  24.     {{ exceptions.raise_compiler_error("No deployment configuration found for target " ~ current_target_name) }}
    25. 

  25. {% endif %}
    26. 

  26. 

  27. {{ log("Creating deployment environment for target " ~ current_target_name, info=True) }}
    28. 

  28. 

  29. {% set clusters = target_config.get('clusters', []) %}
    30. 

  30. {% set schemas = target_config.get('schemas', []) %}
    31. 

  31. 

  32. -- Check that all production schemas
    33. 

  33. -- and clusters already exist
    34. 

  34. {% for schema in schemas %}
    35. 

  35.     {% if not schema_exists(schema) %}
    36. 

  36.         {{ exceptions.raise_compiler_error("Production schema " ~ schema ~ " does not exist") }}
    37. 

  37.     {% endif %}
    38. 

  38.     {% if schema_contains_sinks(schema) %}
    39. 

  39.         {{ exceptions.raise_compiler_error("""
    40. 

  40.         Production schema " ~ schema ~ " contains sinks.
    41. 

  41.         Blue/green deployments require sinks to be in a dedicated schema.
    42. 

  42.         """) }}
    43. 

  43.     {% endif %}
    44. 

  44. {% endfor %}
    45. 

  45. 

  46. {% for cluster in clusters %}
    47. 

  47.     {% set origin_cluster = adapter.generate_final_cluster_name(cluster, force_deploy_suffix=False) %}
    48. 

  48.     {% if not cluster_exists(origin_cluster) %}
    49. 

  49.         {{ exceptions.raise_compiler_error("Production cluster " ~ origin_cluster ~ " does not exist") }}
    50. 

  50.     {% endif %}
    51. 

  51.     {% if cluster_contains_sinks(origin_cluster) %}
    52. 

  52.         {{ exceptions.raise_compiler_error("""
    53. 

  53.         Production cluster " ~ origin_cluster ~ " contains sinks.
    54. 

  54.         Blue/green deployments require sinks to be in a dedicated cluster.
    55. 

  55.         """) }}
    56. 

  56.     {% endif %}
    57. 

  57. {% endfor %}
    58. 

  58. 

  59. {{ deploy_validate_permissions(clusters, schemas) }}
    60. 

  60. 

  61. {% for schema in schemas %}
    62. 

  62.     {% set deploy_schema = schema ~ "_dbt_deploy" %}
    63. 

  63.     {% if schema_exists(deploy_schema) %}
    64. 

  64.         {{ log("Deployment schema " ~ deploy_schema ~ " already exists", info=True)}}
    65. 

  65.         {% set schema_empty %}
    66. 

  66.             SELECT count(*)
    67. 

  67.             FROM mz_objects
    68. 

  68.             JOIN mz_schemas ON mz_objects.schema_id = mz_schemas.id
    69. 

  69.             JOIN mz_databases ON mz_databases.id = mz_schemas.database_id
    70. 

  70.             WHERE mz_schemas.name = {{ dbt.string_literal(deploy_schema) }}
    71. 

  71.                 AND mz_objects.id LIKE 'u%'
    72. 

  72.                 AND mz_databases.name = current_database()
    73. 

  73.         {% endset %}
    74. 

  74. 

  75.         {% set schema_object_count = run_query(schema_empty) %}
    76. 

  76.         {% if execute %}
    77. 

  77.             {% if schema_object_count and schema_object_count.columns[0] and schema_object_count.rows[0][0] > 0 %}
    78. 

  78.                 {% if check_schema_ci_tag(deploy_schema) %}
    79. 

  79.                     {{ log("Schema " ~ deploy_schema ~ " was already created for this pull request", info=True) }}
    80. 

  80.                 {% elif ignore_existing_objects %}
    81. 

  81.                     {{ log("[Warning] Deployment schema " ~ deploy_schema ~ " is not empty", info=True) }}
    82. 

  82.                     {{ log("[Warning] Confirm the objects it contains are expected before deployment", info=True) }}
    83. 

  83.                 {% else %}
    84. 

  84.                     {{ exceptions.raise_compiler_error("""
    85. 

  85.                         Deployment schema """ ~ deploy_schema ~ """ already exists and is not empty.
    86. 

  86.                         This is potentially dangerous as you may end up deploying objects to production you
    87. 

  87.                         do not intend.
    88. 

  88. 

  89.                         If you are certain the objects in this schema are supposed to exist, you can ignore this
    90. 

  90.                         error by setting ignore_existing_objects to True.
    91. 

  91. 

  92.                         dbt run-operation create_deployment_environment --args '{ignore_existing_objects: True}'
    93. 

  93.                     """) }}
    94. 

  94.                 {% endif %}
    95. 

  95.             {% endif %}
    96. 

  96.         {% endif %}
    97. 

  97. 

  98.     {% else %}
    99. 

  99.         {{ log("Creating deployment schema " ~ deploy_schema, info=True)}}
    100. 

  100.         {% set create_schema %}
    101. 

  101.         CREATE SCHEMA {{ deploy_schema }};
    102. 

  102.         {% endset %}
    103. 

  103.         {{ run_query(create_schema) }}
    104. 

  104.         {{ set_schema_ci_tag() }}
    105. 

  105.         {{ internal_copy_schema_default_privs(schema, deploy_schema) }}
    106. 

  106.         {{ internal_copy_schema_grants(schema, deploy_schema) }}
    107. 

  107.     {% endif %}
    108. 

  108. {% endfor %}
    109. 

  109. 

  110. {% for cluster in clusters %}
    111. 

  111.     {% set origin_cluster = adapter.generate_final_cluster_name(cluster, force_deploy_suffix=False) %}
    112. 

  112.     {% set cluster_configuration %}
    113. 

  113.         SELECT
    114. 

  114.             c.managed,
    115. 

  115.             c.size,
    116. 

  116.             c.replication_factor,
    117. 

  117.             c.id AS cluster_id,
    118. 

  118.             c.name AS cluster_name,
    119. 

  119.             cs.type AS schedule_type,
    120. 

  120.             cs.refresh_hydration_time_estimate
    121. 

  121.         FROM mz_clusters c
    122. 

  122.         LEFT JOIN mz_internal.mz_cluster_schedules cs ON cs.cluster_id = c.id
    123. 

  123.         WHERE c.name = {{ dbt.string_literal(origin_cluster) }}
    124. 

  124.     {% endset %}
    125. 

  125. 

  126.     {% set cluster_config_results = run_query(cluster_configuration) %}
    127. 

  127. 

  128.     {% if execute %}
    129. 

  129.         {% set results = cluster_config_results.rows[0] %}
    130. 

  130. 

  131.         {% set managed = results[0] %}
    132. 

  132.         {% set size = results[1] %}
    133. 

  133.         {% set replication_factor = results[2] %}
    134. 

  134.         {% set schedule_type = results[5] %}
    135. 

  135.         {% set refresh_hydration_time_estimate = results[6] %}
    136. 

  136. 

  137.         {% if not managed %}
    138. 

  138.             {{ exceptions.raise_compiler_error("Production cluster " ~ origin_cluster ~ " is not managed") }}
    139. 

  139.         {% endif %}
    140. 

  140. 

  141.         {% set deploy_cluster = create_cluster(
    142. 

  142.             cluster_name=cluster,
    143. 

  143.             size=size,
    144. 

  144.             replication_factor=replication_factor,
    145. 

  145.             schedule_type=schedule_type,
    146. 

  146.             refresh_hydration_time_estimate=refresh_hydration_time_estimate,
    147. 

  147.             ignore_existing_objects=ignore_existing_objects,
    148. 

  148.             force_deploy_suffix=True
    149. 

  149.         ) %}
    150. 

  150. 

  151.         {{ internal_copy_cluster_grants(cluster, deploy_cluster) }}
    152. 

  152.     {% endif %}
    153. 

  153. {% endfor %}
    154. 

  154. {% endmacro %}
    155. 

  155. 

  156. {% macro internal_copy_schema_default_privs(from, to) %}
    157. 

  157. 

  158. {% set find_default_privs %}
    159. 

  159. SELECT
    160. 

  160.   'ALTER DEFAULT PRIVILEGES ' ||
    161. 

  161.   CASE
    162. 

  162.     WHEN object_owner = 'PUBLIC' THEN 'FOR ALL ROLES '
    163. 

  163.     ELSE 'FOR ROLE ' || quote_ident(object_owner) || ' '
    164. 

  164.   END ||
    165. 

  165.   'IN SCHEMA {{ to }} '         ||
    166. 

  166.   'GRANT '  || privilege_type   || ' ' ||
    167. 

  167.   'ON '     || object_type      || 's ' ||
    168. 

  168.   CASE
    169. 

  169.     WHEN grantee = 'PUBLIC' THEN 'TO PUBLIC'
    170. 

  170.     ELSE 'TO '     || quote_ident(grantee)
    171. 

  171.   END
    172. 

  172. FROM mz_internal.mz_show_default_privileges
    173. 

  173. WHERE database = current_database() AND schema = {{ dbt.string_literal(from) }}
    174. 

  174.     AND object_owner <> 'none' AND grantee <> 'none'
    175. 

  175. {% endset %}
    176. 

  176. 

  177. {% set alter_defaults = run_query(find_default_privs) %}
    178. 

  178. {% if execute %}
    179. 

  179.     {% for alter in alter_defaults.rows %}
    180. 

  180.         {{ run_query(alter[0]) }}
    181. 

  181.     {% endfor %}
    182. 

  182. {% endif %}
    183. 

  183. {% endmacro %}
    184. 

  184. 

  185. {% macro internal_copy_schema_grants(from, to) %}
    186. 

  186. {% set find_revokes %}
    187. 

  187. WITH schema_privilege AS (
    188. 

  188.     SELECT mz_internal.mz_aclexplode(s.privileges).*
    189. 

  189.     FROM mz_schemas s
    190. 

  190.     JOIN mz_databases d ON s.database_id = d.id
    191. 

  191.     WHERE d.name = current_database()
    192. 

  192.         AND s.name = {{ dbt.string_literal(to) }}
    193. 

  193. )
    194. 

  194. 

  195. SELECT 'REVOKE '    || s.privilege_type || ' ' ||
    196. 

  196.        'ON SCHEMA ' || quote_ident({{ dbt.string_literal(to) }}) || ' ' ||
    197. 

  197.        'FROM '      || quote_ident(grantee.name)
    198. 

  198. FROM schema_privilege AS s
    199. 

  199. JOIN mz_roles AS grantee ON s.grantee = grantee.id
    200. 

  200. WHERE grantee.name NOT IN ('none', 'mz_system', 'mz_support', current_role)
    201. 

  201. {% endset %}
    202. 

  202. 

  203. {% set revokes = run_query(find_revokes) %}
    204. 

  204. {% if execute %}
    205. 

  205.     {% for revoke in revokes.rows %}
    206. 

  206.         {{ run_query(revoke[0]) }}
    207. 

  207.     {% endfor %}
    208. 

  208. {% endif %}
    209. 

  209. 

  210. {% set find_grants %}
    211. 

  211. WITH schema_privilege AS (
    212. 

  212.     SELECT mz_internal.mz_aclexplode(s.privileges).*
    213. 

  213.     FROM mz_schemas s
    214. 

  214.     JOIN mz_databases d ON s.database_id = d.id
    215. 

  215.     WHERE d.name = current_database()
    216. 

  216.         AND s.name = {{ dbt.string_literal(from) }}
    217. 

  217. )
    218. 

  218. 

  219. SELECT 'GRANT '     || s.privilege_type || ' ' ||
    220. 

  220.        'ON SCHEMA ' || quote_ident({{ dbt.string_literal(to) }}) || ' ' ||
    221. 

  221.        'TO '        || quote_ident(grantee.name)
    222. 

  222. FROM schema_privilege AS s
    223. 

  223. JOIN mz_roles AS grantee ON s.grantee = grantee.id
    224. 

  224. WHERE grantee.name NOT IN ('none', 'mz_system', 'mz_support', current_role)
    225. 

  225. {% endset %}
    226. 

  226. 

  227. {% set grants = run_query(find_grants) %}
    228. 

  228. {% if execute %}
    229. 

  229.     {% for grant in grants.rows %}
    230. 

  230.         {{ run_query(grant[0]) }}
    231. 

  231.     {% endfor %}
    232. 

  232. {% endif %}
    233. 

  233. 

  234. {% endmacro %}
    235. 

  235. 

  236. {% macro internal_copy_cluster_grants(from, to) %}
    237. 

  237. {% set find_revokes %}
    238. 

  238. WITH cluster_privilege AS (
    239. 

  239.     SELECT mz_internal.mz_aclexplode(privileges).*
    240. 

  240.     FROM mz_clusters
    241. 

  241.     WHERE name = {{ dbt.string_literal(to) }}
    242. 

  242. )
    243. 

  243. 

  244. SELECT 'REVOKE '     || c.privilege_type || ' ' ||
    245. 

  245.        'ON CLUSTER ' || quote_ident({{ dbt.string_literal(to) }}) || ' ' ||
    246. 

  246.        'FROM '       || quote_ident(grantee.name)
    247. 

  247. FROM cluster_privilege AS c
    248. 

  248. JOIN mz_roles AS grantee ON c.grantee = grantee.id
    249. 

  249. WHERE grantee.name NOT IN ('none', 'mz_system', 'mz_support')
    250. 

  250.     AND grantee.name <> current_role
    251. 

  251. {% endset %}
    252. 

  252. 

  253. {% set revokes = run_query(find_revokes) %}
    254. 

  254. {% if execute %}
    255. 

  255.     {% for revoke in revokes.rows %}
    256. 

  256.         {{ run_query(revoke[0]) }}
    257. 

  257.     {% endfor %}
    258. 

  258. {% endif %}
    259. 

  259. 

  260. {% set find_grants %}
    261. 

  261. WITH cluster_privilege AS (
    262. 

  262.     SELECT mz_internal.mz_aclexplode(privileges).*
    263. 

  263.     FROM mz_clusters
    264. 

  264.     WHERE name = {{ dbt.string_literal(from) }}
    265. 

  265. )
    266. 

  266. 

  267. SELECT 'GRANT '      || c.privilege_type || ' ' ||
    268. 

  268.        'ON CLUSTER ' || quote_ident({{ dbt.string_literal(to) }}) || ' ' ||
    269. 

  269.        'TO '         || quote_ident(grantee.name)
    270. 

  270. FROM cluster_privilege AS c
    271. 

  271. JOIN mz_roles AS grantee ON c.grantee = grantee.id
    272. 

  272. WHERE grantee.name NOT IN ('none', 'mz_system', 'mz_support')
    273. 

  273. {% endset %}
    274. 

  274. 

  275. {% set grants = run_query(find_grants) %}
    276. 

  276. {% if execute %}
    277. 

  277.     {% for grant in grants.rows %}
    278. 

  278.         {{ run_query(grant[0]) }}
    279. 

  279.     {% endfor %}
    280. 

  280. {% endif %}
    281. 

  281. 

  282. {% endmacro %}
    283.