Skip to content

Commit bb7a6f7

Browse files
dev-mkc19dev-mkc19
committed
feat: Add ability to set sql security option
resolve SQL security and definer logic #359
1 parent 8897ecb commit bb7a6f7

File tree

4 files changed

+32
-3
lines changed

4 files changed

+32
-3
lines changed

CHANGELOG.md

+4
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
### Release [1.8.10]
2+
#### New Features
3+
* Added abillity to set [SQL Security](https://clickhouse.com/docs/en/sql-reference/statements/create/view#sql_security) for normal views, referenced by [issue 359](https://github.com/ClickHouse/dbt-clickhouse/issues/359).
4+
15
### Release [1.8.9], 2025-02-16
26

37
#### Improvements

README.md

+5-1
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ your_profile_name:
106106
## Model Configuration
107107

108108
| Option | Description | Default if any |
109-
|------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|
109+
| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- |
110110
| engine | The table engine (type of table) to use when creating tables | `MergeTree()` |
111111
| order_by | A tuple of column names or arbitrary expressions. This allows you to create a small sparse index that helps find data faster. | `tuple()` |
112112
| partition_by | A partition is a logical combination of records in a table by a specified criterion. The partition key can be any expression from the table columns. | |
@@ -120,6 +120,10 @@ your_profile_name:
120120
| query_settings | A map/dictionary of ClickHouse user level settings to be used with `INSERT` or `DELETE` statements in conjunction with this model | |
121121
| ttl | A TTL expression to be used with the table. The TTL expression is a string that can be used to specify the TTL for the table. | |
122122
| indexes | A list of indexes to create, available only for `table` materialization. For examples look at ([#397](https://github.com/ClickHouse/dbt-clickhouse/pull/397)) | |
123+
| sql_security | Allow you to specify which ClickHouse user to use when executing the view's underlying query. `SQL SECURITY` has three legal values: `DEFINER``INVOKER`, or `NONE`. | |
124+
| definer | If `sql_security` was set to `DEFINER`, you have to specify any existing user or `CURRENT_USER` in the `DEFINER` clause. | |
125+
| | | |
126+
123127

124128
## Column Configuration
125129

dbt/adapters/clickhouse/__version__.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
version = '1.8.9'
1+
version = '1.8.10'

dbt/include/clickhouse/macros/materializations/view.sql

+22-1
Original file line numberDiff line numberDiff line change
@@ -37,11 +37,32 @@
3737
{%- endmaterialization -%}
3838

3939

40+
{% macro get_sql_security_clause(relation) %}
41+
{% set sql_security = config.get('sql_security') %}
42+
{% if sql_security -%}
43+
{% if sql_security == 'definer' -%}
44+
{%- set definer = config.require('definer') -%}
45+
{% if not definer -%}
46+
{{ exceptions.raise_compiler_error("Invalid config parameter `definer`. No value was provided.") }}
47+
{%- endif %}
48+
DEFINER = {{ definer }} SQL SECURITY DEFINER
49+
{%- elif sql_security == 'invoker' %}
50+
SQL SECURITY INVOKER
51+
{%- elif sql_security == 'none' %}
52+
SQL SECURITY NONE
53+
{%- else %}
54+
{{ exceptions.raise_compiler_error("Invalid config parameter `sql_security`. Got: `" + sql_security + "`, but only definer | invoker | none allowed.") }}
55+
{%- endif %}
56+
{%- endif %}
57+
{%- endmacro -%}
58+
59+
4060
{% macro clickhouse__create_view_as(relation, sql) -%}
4161
{%- set sql_header = config.get('sql_header', none) -%}
4262
{{ sql_header if sql_header is not none }}
4363

44-
create or replace view {{ relation.include(database=False) }} {{ on_cluster_clause(relation)}}
64+
create or replace view {{ relation.include(database=False) }} {{ on_cluster_clause(relation) }}
65+
{{ get_sql_security_clause(relation) }}
4566
{% set contract_config = config.get('contract') %}
4667
{% if contract_config.enforced %}
4768
{{ get_assert_columns_equivalent(sql) }}

0 commit comments

Comments
 (0)