Permission tests and fixes for CDB_FederatedServerListRemote
This commit is contained in:
Raul Marin
@@ -6,9 +6,24 @@ SET client_min_messages TO error;
|
||||
\set VERBOSITY terse
|
||||
SET SESSION AUTHORIZATION postgres;
|
||||
CREATE EXTENSION postgres_fdw;
|
||||
CREATE ROLE cdb_fs_tester SUPERUSER LOGIN PASSWORD 'cdb_fs_passwd';
|
||||
|
||||
-- We create a username following the same steps as organization members
|
||||
CREATE ROLE cdb_fs_tester LOGIN PASSWORD 'cdb_fs_passwd';
|
||||
GRANT CONNECT ON DATABASE contrib_regression TO cdb_fs_tester;
|
||||
CREATE SCHEMA cdb_fs_tester AUTHORIZATION cdb_fs_tester;
|
||||
SELECT cartodb.CDB_Organization_Create_Member('cdb_fs_tester');
|
||||
ALTER ROLE cdb_fs_tester SET search_path TO cdb_fs_tester,cartodb,public;
|
||||
|
||||
CREATE ROLE cdb_fs_tester2 LOGIN PASSWORD 'cdb_fs_passwd2';
|
||||
GRANT CONNECT ON DATABASE contrib_regression TO cdb_fs_tester2;
|
||||
CREATE SCHEMA cdb_fs_tester2 AUTHORIZATION cdb_fs_tester2;
|
||||
SELECT cartodb.CDB_Organization_Create_Member('cdb_fs_tester2');
|
||||
ALTER ROLE cdb_fs_tester2 SET search_path TO cdb_fs_tester2,cartodb,public;
|
||||
|
||||
-- Create database to be used as remote
|
||||
CREATE DATABASE cdb_fs_tester OWNER cdb_fs_tester;
|
||||
|
||||
|
||||
SELECT 'C1', cartodb.CDB_Federated_Server_Register_PG(server := 'loopback'::text, config := '{
|
||||
"server": {
|
||||
"host": "localhost",
|
||||
@@ -80,33 +95,139 @@ SET client_min_messages TO notice;
|
||||
|
||||
|
||||
-- ===================================================================
|
||||
-- Test the listing functions
|
||||
-- Test listing remote schemas
|
||||
-- ===================================================================
|
||||
\echo 'Test listing of remote schemas (sunny day)'
|
||||
\echo '## Test listing of remote schemas without permissions before the first instantiation (rainy day)'
|
||||
\c contrib_regression cdb_fs_tester
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Schemas(server => 'loopback');
|
||||
\c contrib_regression postgres
|
||||
|
||||
\echo '## Test listing of remote schemas (sunny day)'
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Schemas(server => 'loopback');
|
||||
|
||||
\echo 'Test listing of remote schemas (rainy day): Server does not exist'
|
||||
\echo '## Test listing of remote schemas without permissions after the first instantiation (rainy day)'
|
||||
\c contrib_regression cdb_fs_tester
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Schemas(server => 'loopback');
|
||||
\c contrib_regression postgres
|
||||
|
||||
\echo '## Test listing of remote schemas with permissions (sunny day)'
|
||||
SELECT cartodb.CDB_Federated_Server_Grant_Access(server := 'loopback', usernames := ARRAY['cdb_fs_tester']);
|
||||
\c contrib_regression cdb_fs_tester
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Schemas(server => 'loopback');
|
||||
\c contrib_regression postgres
|
||||
|
||||
\echo '## Test listing of remote schemas without permissions after revoking access (rainy day)'
|
||||
SELECT cartodb.CDB_Federated_Server_Revoke_Access(server := 'loopback', usernames := ARRAY['cdb_fs_tester']);
|
||||
\c contrib_regression cdb_fs_tester
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Schemas(server => 'loopback');
|
||||
\c contrib_regression postgres
|
||||
|
||||
\echo '## Test listing of remote schemas (rainy day): Server does not exist'
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Schemas(server => 'Does Not Exist');
|
||||
|
||||
\echo 'Test listing of remote tables (sunny day)'
|
||||
|
||||
-- ===================================================================
|
||||
-- Test listing remote tables
|
||||
-- ===================================================================
|
||||
|
||||
\echo '## Test listing of remote tables without permissions before the first instantiation (rainy day)'
|
||||
\c contrib_regression cdb_fs_tester
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Tables(server => 'loopback', remote_schema => 'S 1');
|
||||
\c contrib_regression postgres
|
||||
|
||||
\echo '## Test listing of remote tables (sunny day)'
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Tables(server => 'loopback', remote_schema => 'S 1');
|
||||
|
||||
\echo 'Test listing of remote tables (rainy day): Server does not exist'
|
||||
\echo '## Test listing of remote tables without permissions after the first instantiation (rainy day)'
|
||||
\c contrib_regression cdb_fs_tester
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Tables(server => 'loopback', remote_schema => 'S 1');
|
||||
\c contrib_regression postgres
|
||||
|
||||
\echo '## Test listing of remote tables with permissions (sunny day)'
|
||||
SELECT cartodb.CDB_Federated_Server_Grant_Access(server := 'loopback', usernames := ARRAY['cdb_fs_tester']);
|
||||
\c contrib_regression cdb_fs_tester
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Tables(server => 'loopback', remote_schema => 'S 1');
|
||||
\c contrib_regression postgres
|
||||
|
||||
\echo '## Test listing of remote tables without permissions after revoking access (rainy day)'
|
||||
SELECT cartodb.CDB_Federated_Server_Revoke_Access(server := 'loopback', usernames := ARRAY['cdb_fs_tester']);
|
||||
\c contrib_regression cdb_fs_tester
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Tables(server => 'loopback', remote_schema => 'S 1');
|
||||
\c contrib_regression postgres
|
||||
|
||||
\echo '## Test listing of remote tables (rainy day): Server does not exist'
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Tables(server => 'Does Not Exist', remote_schema => 'S 1');
|
||||
\echo 'Test listing of remote tables (rainy day): Remote schema does not exist'
|
||||
|
||||
\echo '## Test listing of remote tables (rainy day): Remote schema does not exist'
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Tables(server => 'loopback', remote_schema => 'Does Not Exist');
|
||||
|
||||
\echo 'Test listing of remote columns (sunny day)'
|
||||
|
||||
-- ===================================================================
|
||||
-- Test listing remote columns
|
||||
-- ===================================================================
|
||||
|
||||
\echo '## Test listing of remote columns without permissions before the first instantiation (rainy day)'
|
||||
\c contrib_regression cdb_fs_tester
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Columns(server => 'loopback', remote_schema => 'S 1', remote_table => 'T 1');
|
||||
\c contrib_regression postgres
|
||||
|
||||
\echo '## Test listing of remote columns (sunny day)'
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Columns(server => 'loopback', remote_schema => 'S 1', remote_table => 'T 1');
|
||||
|
||||
\echo 'Test listing of remote columns (rainy day): Server does not exist'
|
||||
\echo '## Test listing of remote columns without permissions after the first instantiation (rainy day)'
|
||||
\c contrib_regression cdb_fs_tester
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Columns(server => 'loopback', remote_schema => 'S 1', remote_table => 'T 1');
|
||||
\c contrib_regression postgres
|
||||
|
||||
\echo '## Test listing of remote columns with permissions (sunny day)'
|
||||
SELECT cartodb.CDB_Federated_Server_Grant_Access(server := 'loopback', usernames := ARRAY['cdb_fs_tester']);
|
||||
\c contrib_regression cdb_fs_tester
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Columns(server => 'loopback', remote_schema => 'S 1', remote_table => 'T 1');
|
||||
\c contrib_regression postgres
|
||||
|
||||
\echo '## Test listing of remote columns without permissions after revoking access (rainy day)'
|
||||
SELECT cartodb.CDB_Federated_Server_Revoke_Access(server := 'loopback', usernames := ARRAY['cdb_fs_tester']);
|
||||
\c contrib_regression cdb_fs_tester
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Columns(server => 'loopback', remote_schema => 'S 1', remote_table => 'T 1');
|
||||
\c contrib_regression postgres
|
||||
|
||||
\echo '## Test listing of remote columns (rainy day): Server does not exist'
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Columns(server => 'Does Not Exist', remote_schema => 'S 1', remote_table => 'T 1');
|
||||
\echo 'Test listing of remote columns (rainy day): Remote schema does not exist'
|
||||
|
||||
\echo '## Test listing of remote columns (rainy day): Remote schema does not exist'
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Columns(server => 'loopback', remote_schema => 'Does Not Exist', remote_table => 'T 1');
|
||||
\echo 'Test listing of remote columns (rainy day): Remote table does not exist'
|
||||
|
||||
\echo '## Test listing of remote columns (rainy day): Remote table does not exist'
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Columns(server => 'loopback', remote_schema => 'S 1', remote_table => 'Does Not Exist');
|
||||
|
||||
|
||||
-- ===================================================================
|
||||
-- Test that using a different user to list tables and dropping it
|
||||
-- does not break the server: We use loopback2 as it's in a clean state
|
||||
-- ===================================================================
|
||||
|
||||
|
||||
\echo '## Test listing of remote objects with permissions (sunny day)'
|
||||
SELECT cartodb.CDB_Federated_Server_Grant_Access(server := 'loopback2', usernames := ARRAY['cdb_fs_tester2']);
|
||||
\c contrib_regression cdb_fs_tester2
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Schemas(server => 'loopback2');
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Tables(server => 'loopback2', remote_schema => 'S 1');
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Columns(server => 'loopback2', remote_schema => 'S 1', remote_table => 'T 1');
|
||||
|
||||
\c contrib_regression postgres
|
||||
\echo '## Test that dropping the granted user works fine (sunny day)'
|
||||
DROP SCHEMA cdb_fs_tester2 CASCADE;
|
||||
REVOKE CONNECT ON DATABASE contrib_regression FROM cdb_fs_tester2;
|
||||
DROP ROLE cdb_fs_tester2;
|
||||
|
||||
\echo '## Test listing of remote objects with other user still works (sunny day)'
|
||||
SELECT cartodb.CDB_Federated_Server_Grant_Access(server := 'loopback2', usernames := ARRAY['cdb_fs_tester']);
|
||||
\c contrib_regression cdb_fs_tester
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Schemas(server => 'loopback2');
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Tables(server => 'loopback2', remote_schema => 'S 1');
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Columns(server => 'loopback2', remote_schema => 'S 1', remote_table => 'T 1');
|
||||
|
||||
|
||||
-- ===================================================================
|
||||
-- Cleanup 1
|
||||
-- ===================================================================
|
||||
@@ -150,9 +271,9 @@ SET client_min_messages TO notice;
|
||||
-- Test the listing functions
|
||||
-- ===================================================================
|
||||
|
||||
\echo 'Test listing of remote geometry columns (sunny day)'
|
||||
\echo '## Test listing of remote geometry columns (sunny day)'
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Columns(server => 'loopback', remote_schema => 'S 1', remote_table => 'T 5');
|
||||
\echo 'Test listing of remote geometry columns (sunny day) - Rerun'
|
||||
\echo '## Test listing of remote geometry columns (sunny day) - Rerun'
|
||||
-- Rerun should be ok
|
||||
SELECT * FROM cartodb.CDB_Federated_Server_List_Remote_Columns(server => 'loopback', remote_schema => 'S 1', remote_table => 'T 5');
|
||||
|
||||
@@ -175,6 +296,12 @@ SELECT 'D1', cartodb.CDB_Federated_Server_Unregister(server := 'loopback'::text)
|
||||
SELECT 'D2', cartodb.CDB_Federated_Server_Unregister(server := 'loopback2'::text);
|
||||
|
||||
DROP DATABASE cdb_fs_tester;
|
||||
|
||||
-- Drop role
|
||||
DROP SCHEMA cdb_fs_tester CASCADE;
|
||||
REVOKE CONNECT ON DATABASE contrib_regression FROM cdb_fs_tester;
|
||||
DROP ROLE cdb_fs_tester;
|
||||
|
||||
DROP EXTENSION postgres_fdw;
|
||||
|
||||
\set QUIET off
|
||||
|
||||
Reference in New Issue
Block a user