[JBoss JIRA] (TEIID-5844) Dynamic into issues
by Steven Hawkins (Jira)
[ https://issues.redhat.com/browse/TEIID-5844?page=com.atlassian.jira.plugi... ]
Steven Hawkins resolved TEIID-5844.
-----------------------------------
Resolution: Done
Corrected the insert handling to use the into target columns, rather than the dynamic command columns - as this is how it's being validated. Opted against adding a hard validation that the table must be temp - it makes very little difference in the logic whether it's an existing temp or an actual table. Added a doc note about the positional insert as well.
> Dynamic into issues
> -------------------
>
> Key: TEIID-5844
> URL: https://issues.redhat.com/browse/TEIID-5844
> Project: Teiid
> Issue Type: Quality Risk
> Components: Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 14.0
>
>
> The documentation states that a temp table must be the target of a dynamic execute into, but there is nothing preventing that. There is also the assumption that the insert must supply all columns and is positional - but that generally only makes sense if the temp table has not yet been defined. If it already exists, then one could expect that the insert would happen based upon matching the column names - but it does not. That needs to be clear in the code/docs.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 7 months
[JBoss JIRA] (TEIIDSB-198) Align with 2.2.6 spring boot
by Steven Hawkins (Jira)
[ https://issues.redhat.com/browse/TEIIDSB-198?focusedWorklogId=12451025&pa... ]
Steven Hawkins logged work on TEIIDSB-198:
------------------------------------------
Author: Steven Hawkins
Created on: 13/May/20 8:55 AM
Start Date: 13/May/20 8:55 AM
Worklog Time Spent: 1 hour
Work Description: Additional changes related to hibernate in teiid and teiidsb
Issue Time Tracking
-------------------
Time Spent: 1 day (was: 7 hours)
Worklog Id: (was: 12451025)
> Align with 2.2.6 spring boot
> -----------------------------
>
> Key: TEIIDSB-198
> URL: https://issues.redhat.com/browse/TEIIDSB-198
> Project: Teiid Spring Boot
> Issue Type: Task
> Components: core
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 1.5.0
>
> Original Estimate: 4 hours
> Time Spent: 1 day
> Remaining Estimate: 0 minutes
>
> Due to the wildfly updates of TEIID-5859 that pull in a newer cxf and related dependencies, we end up with version conflicts. The best fix seems to be bumping Teiid Spring Boot to a later version. The only downside is that later version of spring boot have switched to jakarta javax dependencies, so we get a lot of duplicate / different class warnings. We can ignore the errors/warning, try to exclude incoming dependencies from Teiid, or switch Teiid to use jakarta instead...
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 7 months
[JBoss JIRA] (TEIID-5780) Support certificate based authentication into Teiid pg
by Steven Hawkins (Jira)
[ https://issues.redhat.com/browse/TEIID-5780?page=com.atlassian.jira.plugi... ]
Steven Hawkins updated TEIID-5780:
----------------------------------
Fix Version/s: 14.1
(was: 14.0)
> Support certificate based authentication into Teiid pg
> ------------------------------------------------------
>
> Key: TEIID-5780
> URL: https://issues.redhat.com/browse/TEIID-5780
> Project: Teiid
> Issue Type: Sub-task
> Components: ODBC
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 14.1
>
> Original Estimate: 2 days
> Time Spent: 6 hours
> Remaining Estimate: 1 day, 2 hours
>
> To support the pg connection into Teiid we will do something like:
> - require a pg secure port using the service signing certificate: TEIIDSB-90 TEIIDSB-92
> -- one clarification is that we must document how to make the pg cert dominant if both pg and jdbc secure are used
> TODO:
> - configure the pg instance to have a service signing certificate and trust the Teiid service signing certificate. If that trust seems too difficult we can just configure the connection to trust all.
> - configure the pg connection to Teiid to use the pg service signing certificate as the client certificate
> - trust the pg service signing certificate at the teiid service - we need hostname validation to be enabled and the Teiid server to map the service host name to an authenticated user (this could possibly be generalized via keycloak support to more users).
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 7 months
[JBoss JIRA] (TEIID-5844) Dynamic into issues
by Steven Hawkins (Jira)
[ https://issues.redhat.com/browse/TEIID-5844?page=com.atlassian.jira.plugi... ]
Steven Hawkins updated TEIID-5844:
----------------------------------
Description: The documentation states that a temp table must be the target of a dynamic execute into, but there is nothing preventing that. There is also the assumption that the insert must supply all columns and is positional - but that generally only makes sense if the temp table has not yet been defined. If it already exists, then one could expect that the insert would happen based upon matching the column names - but it does not. That needs to be clear in the code/docs. (was: Anyone with the permission to create a temporary table can create a foreign temporary table. From there we'll check the permissions on operations against the schema. It would be nice to error out on the create temporary table if the user is not going to be sufficient permissioned to use it. It's currently not the case, but if we ever have source level side effects from create foreign temp, then it becomes important to prevent the create as well. )
Story Points: 0.5
Sprint: DV Sprint 63
Summary: Dynamic into issues (was: Schema level permissions are not checked proactively for foreign temporary tables)
Priority: Major (was: Minor)
In looking at the original issue, I saw a problem with the authorization check on dynamic into. The original issue is probably too low of a priority to worry about - we'll add addition auth checks if/when there are create side effects.
> Dynamic into issues
> -------------------
>
> Key: TEIID-5844
> URL: https://issues.redhat.com/browse/TEIID-5844
> Project: Teiid
> Issue Type: Quality Risk
> Components: Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 14.0
>
>
> The documentation states that a temp table must be the target of a dynamic execute into, but there is nothing preventing that. There is also the assumption that the insert must supply all columns and is positional - but that generally only makes sense if the temp table has not yet been defined. If it already exists, then one could expect that the insert would happen based upon matching the column names - but it does not. That needs to be clear in the code/docs.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 7 months
[JBoss JIRA] (TEIIDSB-199) Teiid logging level env vars are not supported
by Ramesh Reddy (Jira)
[ https://issues.redhat.com/browse/TEIIDSB-199?page=com.atlassian.jira.plug... ]
Ramesh Reddy moved TEIIDTOOLS-999 to TEIIDSB-199:
-------------------------------------------------
Project: Teiid Spring Boot (was: Teiid Tools)
Key: TEIIDSB-199 (was: TEIIDTOOLS-999)
Component/s: core
(was: operator)
Fix Version/s: 1.5.0
(was: Q220)
> Teiid logging level env vars are not supported
> ----------------------------------------------
>
> Key: TEIIDSB-199
> URL: https://issues.redhat.com/browse/TEIIDSB-199
> Project: Teiid Spring Boot
> Issue Type: Bug
> Components: core
> Reporter: Ramesh Reddy
> Assignee: Ramesh Reddy
> Priority: Major
> Fix For: 1.5.0
>
>
> There are two undocumented env vars to enable source query logging, {{LOGGING_LEVEL_ORG_TEIID_COMMAND_LOG}} and {{LOGGING_LEVEL_ORG_TEIID_COMMAND_LOG_SOURCE}} . These should be documented to allow debugging of query-level issues.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 7 months
[JBoss JIRA] (TEIID-5844) Schema level permissions are not checked proactively for foreign temporary tables
by Steven Hawkins (Jira)
[ https://issues.redhat.com/browse/TEIID-5844?page=com.atlassian.jira.plugi... ]
Work on TEIID-5844 started by Steven Hawkins.
---------------------------------------------
> Schema level permissions are not checked proactively for foreign temporary tables
> ---------------------------------------------------------------------------------
>
> Key: TEIID-5844
> URL: https://issues.redhat.com/browse/TEIID-5844
> Project: Teiid
> Issue Type: Quality Risk
> Components: Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Minor
> Fix For: 14.0
>
>
> Anyone with the permission to create a temporary table can create a foreign temporary table. From there we'll check the permissions on operations against the schema. It would be nice to error out on the create temporary table if the user is not going to be sufficient permissioned to use it. It's currently not the case, but if we ever have source level side effects from create foreign temp, then it becomes important to prevent the create as well.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 7 months