Merge pull request #2068 from dolthub/elian/7628c

Fix Doltgres and Dolt authentication and system table compatibility

Author: elianddb

.github/workflows/ci-postgres-client-tests.yaml

@@ -11,9 +11,20 @@ jobs:
     timeout-minutes: 45
     name: Run tests
     steps:
+      - name: Free disk space
+        run: |
+          NAME="DISK-CLEANUP"
+          echo "[${NAME}] Starting background cleanup..."
+          [ -d "$AGENT_TOOLSDIRECTORY" ] && sudo rm -rf "$AGENT_TOOLSDIRECTORY" &
+          [ -d /usr/share/dotnet ] && sudo rm -rf /usr/share/dotnet &
+          [ -d /usr/local/lib/android ] && sudo rm -rf /usr/local/lib/android &
+          [ -d /opt/ghc ] && sudo rm -rf /opt/ghc &
+          [ -d /usr/local/share/boost ] && sudo rm -rf /usr/local/share/boost &
       - name: Checkout
         uses: actions/checkout@v4
-      - name: Build docker image
+      - name: Set up Docker
+        uses: docker/setup-docker-action@v4
+      - name: Build Docker image
         run: docker build -t postgres-client-tests --file testing/PostgresDockerfile .
       - name: Run tests
         run: docker run --detach=false postgres-client-tests

go.mod

@@ -6,12 +6,12 @@ require (
 	github.com/PuerkitoBio/goquery v1.8.1
 	github.com/cockroachdb/apd/v2 v2.0.3-0.20200518165714-d020e156310a
 	github.com/cockroachdb/errors v1.7.5
-	github.com/dolthub/dolt/go v0.40.5-0.20251121014835-d565cf29551c
+	github.com/dolthub/dolt/go v0.40.5-0.20251209113019-d956afb08a95
 	github.com/dolthub/eventsapi_schema v0.0.0-20250915094920-eadfd39051ca
 	github.com/dolthub/flatbuffers/v23 v23.3.3-dh.2
-	github.com/dolthub/go-mysql-server v0.20.1-0.20251119215901-006ebc8e42ce
+	github.com/dolthub/go-mysql-server v0.20.1-0.20251202232204-0b1008f3c7d9
 	github.com/dolthub/sqllogictest/go v0.0.0-20240618184124-ca47f9354216
-	github.com/dolthub/vitess v0.0.0-20251107003339-843d10a6a8d4
+	github.com/dolthub/vitess v0.0.0-20251124192614-8039a9881a64
 	github.com/fatih/color v1.13.0
 	github.com/goccy/go-json v0.10.2
 	github.com/gogo/protobuf v1.3.2

go.sum

@@ -228,8 +228,8 @@ github.com/dolthub/aws-sdk-go-ini-parser v0.0.0-20250305001723-2821c37f6c12 h1:I
 github.com/dolthub/aws-sdk-go-ini-parser v0.0.0-20250305001723-2821c37f6c12/go.mod h1:rN7X8BHwkjPcfMQQ2QTAq/xM3leUSGLfb+1Js7Y6TVo=
 github.com/dolthub/dolt-mcp v0.2.2 h1:bpROmam74n95uU4EA3BpOIVlTDT0pzeFMBwe/YRq2mI=
 github.com/dolthub/dolt-mcp v0.2.2/go.mod h1:S++DJ4QWTAXq+0TNzFa7Oq3IhoT456DJHwAINFAHgDQ=
-github.com/dolthub/dolt/go v0.40.5-0.20251121014835-d565cf29551c h1:PNP5m1xY6UpasP8+5OpB3uemIg8paXDWd/NhHksP1sY=
-github.com/dolthub/dolt/go v0.40.5-0.20251121014835-d565cf29551c/go.mod h1:xQXjH8tvqvSozkiCMSigudpPnNHVA9cHIRmWTXX2hDo=
+github.com/dolthub/dolt/go v0.40.5-0.20251209113019-d956afb08a95 h1:Mw0uCDss/B9cfqCQ7rGq6pv6hSg3N0BToqaS59wW9z0=
+github.com/dolthub/dolt/go v0.40.5-0.20251209113019-d956afb08a95/go.mod h1:m1iGy0r1OfkYJ0JibA6yIuz2lKhmZauzN4rIlAyMGog=
 github.com/dolthub/eventsapi_schema v0.0.0-20250915094920-eadfd39051ca h1:BGFz/0OlKIuC6qHIZQbvPapFvdAJkeEyGXWVgL5clmE=
 github.com/dolthub/eventsapi_schema v0.0.0-20250915094920-eadfd39051ca/go.mod h1:CoDLfgPqHyBtth0Cp+fi/CmC4R81zJNX4wPjShdZ+Bw=
 github.com/dolthub/flatbuffers/v23 v23.3.3-dh.2 h1:u3PMzfF8RkKd3lB9pZ2bfn0qEG+1Gms9599cr0REMww=
@@ -238,8 +238,8 @@ github.com/dolthub/fslock v0.0.3 h1:iLMpUIvJKMKm92+N1fmHVdxJP5NdyDK5bK7z7Ba2s2U=
 github.com/dolthub/fslock v0.0.3/go.mod h1:QWql+P17oAAMLnL4HGB5tiovtDuAjdDTPbuqx7bYfa0=
 github.com/dolthub/go-icu-regex v0.0.0-20250916051405-78a38d478790 h1:zxMsH7RLiG+dlZ/y0LgJHTV26XoiSJcuWq+em6t6VVc=
 github.com/dolthub/go-icu-regex v0.0.0-20250916051405-78a38d478790/go.mod h1:F3cnm+vMRK1HaU6+rNqQrOCyR03HHhR1GWG2gnPOqaE=
-github.com/dolthub/go-mysql-server v0.20.1-0.20251119215901-006ebc8e42ce h1:qX7/WqsatVUMhULZxad8hNYUDE/gXlZrpBQDi3PBe5k=
-github.com/dolthub/go-mysql-server v0.20.1-0.20251119215901-006ebc8e42ce/go.mod h1:HTOKSMPJWcbSgCe1DksDgNPlZyZP1usV+EoA7Utax+A=
+github.com/dolthub/go-mysql-server v0.20.1-0.20251202232204-0b1008f3c7d9 h1:jw7LJ/UUyH6ptW5c6pPeKMMquOtZpwyjyQgMCCB4FIA=
+github.com/dolthub/go-mysql-server v0.20.1-0.20251202232204-0b1008f3c7d9/go.mod h1:pD0T+xZWBDO5yxHAY9FUqArKvhvw6KYqxRmEk3NfQNw=
 github.com/dolthub/gozstd v0.0.0-20240423170813-23a2903bca63 h1:OAsXLAPL4du6tfbBgK0xXHZkOlos63RdKYS3Sgw/dfI=
 github.com/dolthub/gozstd v0.0.0-20240423170813-23a2903bca63/go.mod h1:lV7lUeuDhH5thVGDCKXbatwKy2KW80L4rMT46n+Y2/Q=
 github.com/dolthub/ishell v0.0.0-20240701202509-2b217167d718 h1:lT7hE5k+0nkBdj/1UOSFwjWpNxf+LCApbRHgnCA17XE=
@@ -250,8 +250,8 @@ github.com/dolthub/pg_query_go/v6 v6.0.0-20250702135351-29eb6bfc4ea6 h1:UEX3FGaC
 github.com/dolthub/pg_query_go/v6 v6.0.0-20250702135351-29eb6bfc4ea6/go.mod h1:nvTHIuoud6e1SfrUaFwHqT0i4b5Nr+1rPWVds3B5+50=
 github.com/dolthub/sqllogictest/go v0.0.0-20240618184124-ca47f9354216 h1:JWkKRE4EHUcEVQCMRBej8DYxjYjRz/9MdF/NNQh0o70=
 github.com/dolthub/sqllogictest/go v0.0.0-20240618184124-ca47f9354216/go.mod h1:e/FIZVvT2IR53HBCAo41NjqgtEnjMJGKca3Y/dAmZaA=
-github.com/dolthub/vitess v0.0.0-20251107003339-843d10a6a8d4 h1:vOF5qPLC0Yd4BN/FKJlRLNELIZZlev40TrckORQqzhA=
-github.com/dolthub/vitess v0.0.0-20251107003339-843d10a6a8d4/go.mod h1:FLWqdXsAeeBQyFwDjmBVu0GnbjI2MKeRf3tRVdJEKlI=
+github.com/dolthub/vitess v0.0.0-20251124192614-8039a9881a64 h1:E3IfAYxrZ+dXgBHXN9L1ucotg3J8YDCeDr47u78tUI4=
+github.com/dolthub/vitess v0.0.0-20251124192614-8039a9881a64/go.mod h1:FLWqdXsAeeBQyFwDjmBVu0GnbjI2MKeRf3tRVdJEKlI=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=

server/functions/dolt_procedures.go

@@ -27,10 +27,16 @@ import (
 	"github.com/dolthub/go-mysql-server/sql/plan"
 	"github.com/dolthub/go-mysql-server/sql/types"
 
+	"github.com/dolthub/doltgresql/server/auth"
 	"github.com/dolthub/doltgresql/server/functions/framework"
 	pgtypes "github.com/dolthub/doltgresql/server/types"
 )
 
+var (
+	ErrDoltProcedurePermissionDenied = errors.New("permission denied for Dolt procedure")
+	ErrDoltProcedureSelectOnly       = errors.New("Dolt stored procedure may only be invoked using SELECT")
+)
+
 func initDoltProcedures() {
 	for _, procDef := range dprocedures.DoltProcedures {
 		p, err := resolveExternalStoredProcedure(nil, procDef)
@@ -40,8 +46,7 @@ func initDoltProcedures() {
 
 		funcVal := reflect.ValueOf(procDef.Function)
 		varArgCallable := varArgCallableForDoltProcedure(p, funcVal)
-		noArgCallable := noArgCallableForDoltProcedure(funcVal)
-
+		noArgCallable := noArgCallableForDoltProcedure(p, funcVal)
 		framework.RegisterFunction(framework.Function1{
 			Name:       procDef.Name,
 			Return:     pgtypes.TextArray,
@@ -63,6 +68,11 @@ func varArgCallableForDoltProcedure(p *plan.ExternalProcedure, funcVal reflect.V
 	funcType := funcVal.Type()
 
 	return func(ctx *sql.Context, paramsAndReturn [2]*pgtypes.DoltgresType, val1 any) (any, error) {
+		err := checkDoltProcedureAccess(ctx, p)
+		if err != nil {
+			return nil, err
+		}
+
 		values, ok := val1.([]any)
 		if !ok {
 			return nil, sql.ErrExternalProcedureInvalidParamType.New(reflect.TypeOf(val1).String())
@@ -111,8 +121,13 @@ func varArgCallableForDoltProcedure(p *plan.ExternalProcedure, funcVal reflect.V
 
 // noArgCallableForDoltProcedure creates a callable function that does not take any parameters. This is equivalent to
 // calling "DOLT_PROC_NAME()".
-func noArgCallableForDoltProcedure(funcVal reflect.Value) func(ctx *sql.Context) (any, error) {
+func noArgCallableForDoltProcedure(p *plan.ExternalProcedure, funcVal reflect.Value) func(ctx *sql.Context) (any, error) {
 	return func(ctx *sql.Context) (any, error) {
+		err := checkDoltProcedureAccess(ctx, p)
+		if err != nil {
+			return nil, err
+		}
+
 		funcParams := []reflect.Value{reflect.ValueOf(ctx)}
 		out := funcVal.Call(funcParams)
 		if err, ok := out[1].Interface().(error); ok { // Only evaluates to true when error is not nil
@@ -129,6 +144,25 @@ func noArgCallableForDoltProcedure(funcVal reflect.Value) func(ctx *sql.Context)
 	}
 }
 
+// checkDoltProcedureAccess ensures the current user is authorized as a SUPERUSER if the given |procedure| requires
+// admin.
+func checkDoltProcedureAccess(ctx *sql.Context, procedure *plan.ExternalProcedure) error {
+	if !procedure.AdminOnly {
+		return nil
+	}
+
+	var userRole auth.Role
+	auth.LockRead(func() {
+		userRole = auth.GetRole(ctx.Client().User)
+	})
+
+	if !userRole.IsValid() || !userRole.IsSuperUser {
+		return ErrDoltProcedurePermissionDenied
+	}
+
+	return nil
+}
+
 func drainRowIter(ctx *sql.Context, rowIter sql.RowIter) (any, error) {
 	defer rowIter.Close(ctx)
 

server/initialization/initialization.go

@@ -34,7 +34,6 @@ import (
 	"github.com/dolthub/doltgresql/server/functions/framework"
 	"github.com/dolthub/doltgresql/server/functions/unary"
 	"github.com/dolthub/doltgresql/server/tables"
-	"github.com/dolthub/doltgresql/server/tables/dprocedures"
 	"github.com/dolthub/doltgresql/server/tables/dtables"
 	"github.com/dolthub/doltgresql/server/tables/information_schema"
 	"github.com/dolthub/doltgresql/server/tables/pgcatalog"
@@ -64,6 +63,5 @@ func Initialize(dEnv *env.DoltEnv) {
 		pgcatalog.Init()
 		information_schema.Init()
 		dtables.Init()
-		dprocedures.Init()
 	})
 }

server/node/call.go

@@ -15,6 +15,8 @@
 package node
 
 import (
+	"strings"
+
 	"github.com/cockroachdb/errors"
 	"github.com/dolthub/go-mysql-server/sql"
 	"github.com/dolthub/go-mysql-server/sql/plan"
@@ -24,6 +26,7 @@ import (
 	"github.com/dolthub/doltgresql/core/extensions"
 	"github.com/dolthub/doltgresql/core/id"
 	pgexprs "github.com/dolthub/doltgresql/server/expression"
+	"github.com/dolthub/doltgresql/server/functions"
 	"github.com/dolthub/doltgresql/server/functions/framework"
 	pgtypes "github.com/dolthub/doltgresql/server/types"
 )
@@ -98,16 +101,10 @@ func (c *Call) RowIter(ctx *sql.Context, r sql.Row) (sql.RowIter, error) {
 		return nil, err
 	}
 	if len(overloads) == 0 {
-		// We're going to assume that this is calling one of the few remaining Dolt stored procedures
-		sch, rowIter, _, err := c.Runner.Runner.QueryWithBindings(ctx, "", &vitess.Call{
-			ProcName: vitess.ProcedureName{
-				Name:      vitess.NewColIdent(c.ProcedureName),
-				Qualifier: vitess.NewTableIdent(c.SchemaName),
-			},
-			Params: c.originalExprs,
-		}, nil, nil)
-		c.cachedSch = sch
-		return rowIter, err
+		if strings.HasPrefix(c.ProcedureName, "dolt_") {
+			return nil, functions.ErrDoltProcedureSelectOnly
+		}
+		return nil, sql.ErrStoredProcedureDoesNotExist.New(c.ProcedureName)
 	}
 
 	overloadTree := framework.NewOverloads()

server/tables/dprocedures/init.go

@@ -18,12 +18,15 @@ import (
 	"github.com/dolthub/dolt/go/libraries/doltcore/doltdb"
 	"github.com/dolthub/dolt/go/libraries/doltcore/merge"
 	"github.com/dolthub/dolt/go/libraries/doltcore/sqle"
+	"github.com/dolthub/dolt/go/libraries/doltcore/sqle/adapters"
 	"github.com/dolthub/dolt/go/libraries/doltcore/sqle/dprocedures"
 	"github.com/dolthub/dolt/go/libraries/doltcore/sqle/dtables"
 )
 
 // Init handles initialization of all Postgres-specific and Doltgres-specific Dolt system tables.
 func Init() {
+	adapters.DoltTableAdapterRegistry.AddAdapter(doltdb.StatusTableName, DoltgresDoltStatusTableAdapter{}, DoltgresDoltStatusTableName)
+
 	// Table names
 	doltdb.GetBranchesTableName = getBranchesTableName
 	doltdb.GetDocTableName = getDocTableName
@@ -37,7 +40,6 @@ func Init() {
 	doltdb.GetRemoteBranchesTableName = getRemoteBranchesTableName
 	doltdb.GetRemotesTableName = getRemotesTableName
 	doltdb.GetSchemaConflictsTableName = getSchemaConflictsTableName
-	doltdb.GetStatusTableName = getStatusTableName
 	doltdb.GetTableOfTablesInConflictName = getTableOfTablesInConflictName
 	doltdb.GetTableOfTablesWithViolationsName = getTableOfTablesWithViolationsName
 	doltdb.GetTagsTableName = getTagsTableName
@@ -48,7 +50,6 @@ func Init() {
 	dtables.GetDoltIgnoreSchema = getDoltIgnoreSchema
 	dtables.GetDoltMergeStatusSchema = getDoltMergeStatusSchema
 	dprocedures.GetDoltRebaseSystemTableSchema = getRebaseSchema
-	dtables.GetDoltStatusSchema = getDoltStatusSchema
 	dtables.GetUnscopedDoltDiffSchema = getUnscopedDoltDiffSchema
 	dtables.GetDoltWorkspaceBaseSqlSchema = getDoltWorkspaceBaseSqlSchema