Remove SECURITY DEFINER from user-defined FDW's

scripts-available/CDB_ForeignTable.sql

@@ -140,7 +140,8 @@ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;
 
 
 -- A function to set up a user-defined foreign data server
--- It does not read from CDB_Conf
+-- It does not read from CDB_Conf.
+-- Only superuser roles can invoke it successfully
 --
 -- Sample call:
 -- SELECT cartodb.CDB_SetUp_User_PG_FDW_Server('amazon', '{
@@ -164,7 +165,7 @@ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;
 --   * Create a schema 'amazon' as a convenience to set up all foreign
 --     tables over there
 --
--- It is the responsibility of the caller to grant that role to either:
+-- It is the responsibility of the superuser to grant that role to either:
 --   * Nobody
 --   * Specific roles: GRANT amazon TO role_name;
 --   * Members of the organization: SELECT cartodb.CDB_Organization_Grant_Role('amazon');
@@ -234,16 +235,14 @@ BEGIN
     -- Give the fdw role ownership over the schema
     EXECUTE FORMAT ('ALTER SCHEMA %I OWNER TO %I', fdw_name, fdw_name);
 
-    -- Grant the fdw role to the caller, and permissions to grant it to others
-    EXECUTE FORMAT ('GRANT %I TO %I WITH ADMIN OPTION', fdw_name, session_user);
-
     -- TODO: Bring here the remote cdb_tablemetadata
 END
-$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;
 
 
 -- A function to drop a user-defined foreign server and all related objects
 -- It does not read from CDB_Conf
+-- It must be executed with a superuser role to succeed
 --
 -- Sample call:
 --   SELECT cartodb.CDB_Drop_User_PG_FDW_Server('amazon')
@@ -258,7 +257,7 @@ BEGIN
     EXECUTE FORMAT ('REVOKE USAGE ON FOREIGN DATA WRAPPER postgres_fdw FROM %I', fdw_name);
     EXECUTE FORMAT ('DROP ROLE %I', fdw_name);
 END
-$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;
 
 
 -- Set up a user foreign table

test/extension/test.sh

@@ -607,7 +607,10 @@ test_extension|public|"local-table-with-dashes"'
    }
 }
 EOF
-    sql cdb_testmember_1 "SELECT cartodb.CDB_SetUp_User_PG_FDW_Server('test_user_fdw', '$ufdw_config');"
+    sql postgres "SELECT cartodb.CDB_SetUp_User_PG_FDW_Server('test_user_fdw', '$ufdw_config');"
+
+    # Grant a user access to that FDW, and to grant to others
+    sql postgres "GRANT test_user_fdw TO cdb_testmember_1 WITH ADMIN OPTION;"
 
     # Set up a user foreign table
     sql cdb_testmember_1 "SELECT cartodb.CDB_SetUp_User_PG_FDW_Table('test_user_fdw', 'test_fdw', 'foo');"
@@ -638,9 +641,9 @@ EOF
     sql cdb_testmember_1 "REVOKE test_user_fdw FROM publicuser;"
 
     # If there are dependent objects, we cannot drop the foreign server
-    sql cdb_testmember_1 "SELECT cartodb.CDB_Drop_User_PG_FDW_Server('test_user_fdw')" fails
+    sql postgres "SELECT cartodb.CDB_Drop_User_PG_FDW_Server('test_user_fdw')" fails
     sql cdb_testmember_1 "DROP FOREIGN TABLE test_user_fdw.foo;"
-    sql cdb_testmember_1 "SELECT cartodb.CDB_Drop_User_PG_FDW_Server('test_user_fdw')"
+    sql postgres "SELECT cartodb.CDB_Drop_User_PG_FDW_Server('test_user_fdw')"
 
 
     # Teardown